“The major transition Signal has undergone is from a three-person small effort to something that is now a serious project with the capacity to do what is required to build software in the world today,” Marlinspike says.
Many of those features might sound trivial. They certainly aren’t the sort that appealed to Signal’s earliest core users. Instead, they’re what Acton calls “enrichment features.” They’re designed to attract normal people who want a messaging app as multifunctional as WhatsApp, iMessage, or Facebook Messenger but still value Signal’s widely trusted security and the fact that it collects virtually no user data. “This is not just for hyperparanoid security researchers, but for the masses,” says Acton. “This is something for everyone in the world.”
Even before those crowdpleaser features, Signal was growing at a rate most startups would envy. When WIRED profiled Marlinspike in 2016, he would confirm only that Signal had at least two million users. Today, he remains tightlipped about Signal’s total user base, but it’s had more than 10 million downloads on Android alone according to the Google Play Store’s count. Acton adds that another 40 percent of the app’s users are on iOS.
“Id like for Signal to reach billions of users. I know what it takes to do that.”
Brian Acton, Signal Foundation
Its adoption has spread from Black Lives Matters and pro-choice activists in Latin America to politicians and political aideseven noted technically incompetent ones like Rudy Giulianito NBA and NFL players. In 2017, it appeared in the hacker show Mr. Robot and political thriller House of Cards. Last year, in a sign of its changing audience, it showed up in the teen drama Euphoria.
Identifying the features mass audiences want isn’t so hard. But building even simple-sounding enhancements within Signal’s privacy constraintsincluding a lack of metadata that even WhatsApp doesn’t promisecan require significant feats of security engineering, and in some cases actual new research in cryptography.
Take stickers, one of the simpler recent Signal upgrades. On a less secure platform, that sort of integration is fairly straightforward. For Signal, it required designing a system where every sticker “pack” is encrypted with a “pack key.” That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal’s server can never see decrypted stickers or even identify the Signal user who created or sent them.
Signal’s new group messaging, which will allow administrators to add and remove people from groups without a Signal server ever being aware of that group’s members, required going further still. Signal partnered with Microsoft Research to invent a novel form of “anonymous credentials” that let a server gatekeep who belongs in a group, but without ever learning the members’ identities. “It required coming up with some innovations in the world of cryptography,” Marlinspike says. “And in the end, its just invisible. Its just groups, and it works like we expect groups to work.”
Signal is rethinking how it keeps track of its users’ social graphs, too. Another new feature it’s testing, called “secure value recovery,” would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone. That server-stored contact list would be preserved even when you switch to a new phone. To prevent Signal’s servers from seeing those contacts, it would encrypt them with a key stored in the SGX secure enclave that’s meant to hide certain data even from the rest of the server’s operating system.
That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbersa feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. “Ill just say, this is something were thinking about,” says Marlinspike. Secure value recovery, he says, “would be the first step in resolving that.”