(Update: All of the following is based on my best understanding of the matter, but I am no technologist and this should not be treated as definitely reliable advice).
As a response to the Snowden revelations, the number of messaging apps that promise security against surveillance has rapidly multiplied. There seems to be an emerging consensus – ranging from Edward Snowden to the New York Times – that Signal is the best choice for those nervous about the privacy of their messages.
Indeed, Signal has a number of advantages that set it apart from many competitors: The encryption algorithm that it uses is well-reviewed and most experts in the field think that it can indeed protect against dragnet surveillance. It also allows experts to inspect the source code of the entire app for back doors which makes it more trustworthy than competitors such as WhatsApp. Finally, OpenWhisperSystems – the company that produces Signal – is known to log only minimal information about its users. As a result, when law enforcement agencies demand information about message “metadata” (who messages when with whom), they cannot supply them with much useful information.
However, the question what the best messaging app is for those who want to resist the surveillance state is not as clear-cut as it might seem. The answer to that question depends very much on why you think surveillance is bad.
One possible answer is that you just want to hide information about yourself (which is very often a completely legitimate wish). In that case, the only feature you will care about is whether the encryption can be cracked or whether the app that you use keeps you from accidentally revealing information.
Another reason to care about surveillance is that surveillance undermines collective, public freedom in a democracy by taking away control over the public sphere from citizens. If that is your main worry, then other criteria will become important as well. You will still care about the quality of encryption, but you will also care about whether the messaging app that you use actually allows ordinary people to take back control over their interactions with others.
It is this aspect where some features of Signal become problematic. The most important concern is that Signal is a silo. That means that, if you use Signal, you can only communicate with people who use Signal as well. This not only means that you also have to use the official Signal app and that alternative implementations of the app are discouraged by OpenWhisperSystems. It also means that you have to connect to OpenWhisperSystems servers to communicate with other users. In contrast to a system like e-mail, you cannot choose a provider out of many competing offers. This effectively creates a dependency on OpenWhisperSystems. As users can only communicate if they use OpenWhisperSystems servers, and can only do so using the OpenWhisperSystems version of Signal, it is not possible for users to change any aspect of Signal that they do not like by switching to a competing app or provider.
This is especially important because, while OpenWhisperSystems does not collect any metadata at the moment, they can start doing so at any time because all communications of Signal users go through their servers. If OpenWhisperSystems adopts any policy that goes against users’ interests in the future, users cannot switch providers without losing all their contacts. Perhaps this is unlikely, but it might be desirable to have a system where no single company has that much power.
An alternative to Signal is Riot. Riot is a messaging app that uses a form of encryption that is very similar to the one used by Signal and also allows anyone to inspect its source code. In these respects, Riot promises to be exactly as secure as Signal (but see below for a few issues that are being resolved at this moment; clarification update: Riot’s encryption is still in Beta. Do not use it for anything important until it is out of Beta and has been thoroughly reviewed).
But Riot has other advantages that make it, in some aspects, superior to Signal. Riot is based on the so-called Matrix protocol which is a federated protocol. That means that anyone who wants can run a Matrix server can do so and Riot users from all these servers can communicate with one another. There is no central instance that controls Matrix or Riot. In addition, people are writing alternative clients to access the Matrix/Riot network, implementing their favorite features and workflows. As users can vote with their feet for their own interests and choose providers and apps of their liking, this means that they really control their communication mode, adding an important element of freedom which distinguishes Matrix/Riot from Signal.
Apart from this fundamental difference, there is a number of further advantages of Riot/Matrix over Signal:
- Signal can run only on one mobile device (your identity is tied to one device). Multiple devices have different identities. Riot allows you to use one single identity on all your devices.
- Signal users are identified by their phone number. You cannot use Signal without transmitting your phone number to OpenWhisperSystems and you have to give your phone number to everyone you wish to communicate with using Signal. Riot users are identified by usernames. You do not need to give anyone your number to get in touch with them via Riot (which might be especially important for people who have reason to fear being stalked).
- The dependence of Signal on phone numbers leads also to another problem: When you install Signal on a mobile device, OpenWhisperSystems verifies that you indeed own the phone number by sending you an authorization code via text message. Many authoritarian states are known to intercept such authorization codes and thereby impersonate users (Signal will send all your contacts a message whenever you change devices, but there is still a risk that they will not understand that your identity might have been stolen). Riot has a simple username/password system and does not rely on text messages (
however, it also does not yet alert other contacts if you – or someone else – add another device to your account Update Jan 2017: this issue is fixed at least on the Riot desktop client now).
Signal only works on Android when your phone has the Google Play Framework installed. This is a piece of software that is installed on most Android devices by default and that gives Google virtually unlimited control over your device. As Android is an open-source system, one can run Android in principle without installing the Play Framework or any other Google apps and without giving Google any access to the phone, but Signal will not work on Google-free tablets or phones. Riot works without any problem on such devices. (Update Feb 2017: This is no longer true)
- Riot has an open programming interface. Everyone can write software interacting with Riot, such as bots. Signal is a closed system that only allows the official client to interact with it.
These features – together with the fact that Riot has a much better desktop client than Signal and additional features such as video calls – make Riot a better, and more sustainable choice.
It must be mentioned, however, that Riot also has some downsides at the moment:
- You can access your encrypted Riot messages via a web app. This is fundamentally insecure (as the web server can send you malicious code that steals your encryption keys) and poses a risk to users. As long as you exclusively use the client apps, you can avoid this problem, though.
- Riot’s encryption is not yet fully stable and, more importantly, it is not yet enabled by default in chats (you have to enable it manually). This will be changed in the future, but makes it more likely for users to make mistakes until then.
Riot has no foolproof way yet to only communicate with those devices from others that you have verified as really belonging to them (until this Github issue is fixed). (Update Jan 2017: Riot has now an option to only send messages to devices you have verified.)
While these are important issues, it must be mentioned that they are only minor in the sense that they can be fixed by the Riot people (or anyone else) by improving the software underlying it. By contrast, the silo nature of Signal is a structural problem that cannot easily be solved.
If you have reason to suspect that you are personally targeted for surveillance, then the fact that Signal has been more extensively reviewed, is a good enough reason to play safe and use Signal. However, if you want to help test a free and sustainable ecosystem for encrypted communication (clarification update: and if you don’t have to rely on the encryption for anything important as it is still in Beta at the moment), then Riot / Matrix is the better alternative.