Signal, WhatsApp Co-Founder Launch 'Open Source Privacy Technology' Nonprofit

An anonymous reader quotes The Next Web:One of the first messaging services to offer end-to-end encryption for truly private conversations, Signal has largely been developed by a team that's never grown larger than three full-time developers over the years it's been around. Now, it's getting a shot in the arm from the co-founder of a rival app. Brian Acton, who built WhatsApp with Jan Koum into a $19 billion business and sold it to Facebook, is pouring $50 million into an initiative to support the ongoing development of Signal. Having left WhatsApp last fall, he's now free to explore projects whose ideals he agrees with, and that includes creating truly private online services.
"Starting with an initial $50,000,000 in funding, we can now increase the size of our team, our capacity, and our ambitions," wrote Signal founder Moxie Marlinspike (a former Twitter executive).

Acton will now also serve as the executive chairman of the newly-formed Signal Foundation, which according to its web site will "develop open source privacy technology that protects free expression and enables secure global communication."

Re:

[jimbo]

WhatsApp created 2009, started introducing encryption in 2014 after competition had done so. Took a while, eh.

Re:

[SeaFox]

It makes sense that Koum didn't change his worldview just because of that.

Cool story, bro. But if you RTFS, you'll see it's Acton they're talking about.

Outstanding!

[jenningsthecat]

Reading stuff like this makes me very happy, and restores some of the hope that I've been losing as I age.

Signal is only partially private

[carlhaagen]

Since you are requested to confirm an account with an SMS, and the mobile phone number used (which is associated with an actual person) is permanently stored and associated with every Signal account, you only have partial privacy with Signal. What you say cannot be read by anyone, but who you are, when you talk, and who you talk to is divulged. This is highly valuable (and sensitive) meta data, and a serious privacy breach.

There is no valid technical reason for requiring the revelation of a mobile phone number for enabling an account instead of f.e. using e-mail, and since the application is not monetized in any way - no ads, no end-user costs what so ever - people should ask themselves what the true gain is from pouring millions of dollars into SMS costs etc. to keep Signal running without a single end-user dollar going back to the operation.

Re:Signal is only partially private

[angel'o'sphere]

That is why you use a prepaid SIM card and toss it after registration, if you are really concerned about such things.

Re: Signal is only partially private

[Anonymous Coward]

The problem is that in many countries, getting a prepaid SIM is hard. In e.g. South Korea it was impossible for me to buy a SIM card without showing my passport, due to government regulation. And that's one of the civilized countries, then think about more oppressive regimes.

Re:

[DNS-and-BIND]

Yeah, that's the smart thing to do if you have something to hide. Chuck Schumer agrees. Here he is sitting down with a burner phone and meeting with the son of George Soros. [imgur.com] Isn't that intent to circumvent FOIA? Either that, or intent to circumvent Records Management by Federal Agencies (44 U.S.C. Chapter 31). Either way, it stinks.

Nothing done on a phone is private

[DogDude]

You're kidding yourself if you think that you can do anything on a smart phone with any level of privacy. Between the cell providers and the OS providers, you're owned as soon as you turn it on.

Signal should make a FOSS mobile OS

[Anonymous Coward]

Everyone else who has tried to do so has failed, but the market needs it, and with tens of millions of dollars and a reputable brand, maybe Signal can make it work. We need something with Apple-like security, the flexibility of Android, and FOSS.

I don't think the Purism Librem 5 is going to succeed. The hardware specs are too old and the direction they're going is too niche and non-functional to work for the typical user.

CopperheadOS's secure, FOSS fork of Android is a good place to start, though it's a ver

You are wildly mistaken

[Anonymous Coward]

First, Signal doesn't run over SMS at all; it routes over IP and calls are VOIP.

Second, call metadata is already retrievable by any mass surveillance operation. Signal does offer an option to relay all calls through their server, obscuring the metadata. Because it runs over IP, you can also route Signal through a VPN or even Tor (though probably not reliably).

Third, and perhaps most importantly, the mission of Signal is make encryption and privacy easily available to the MASSES. 99% of the global population

Re:

[Anonymous Coward]

Since you are requested to confirm an account with an SMS, and the mobile phone number used

Yes, I was going to post the same thing you just did, but you beat me to it. (All for the better; it would have languished at score:0).

I never had to give anyone my phone number to chat via IRC back in the day.

I never had to give anyone my phone number to chat via XMPP.

I won't do it now for Signal or whatever else. There's no reason to turn the internet into a platform where all social graphs are tracked by somebody, even if that somebody pinky-swears not to sell that data.

Re:

[Anonymous Coward]

> ...but who you are, when you talk, and who you talk to is divulged.

Unless you want to set up, maintain, and continually vet the operators of an onion router network, there's really no way to hide this information from everyone but your conversation partner.

However, you are already putting a very large amount of trust in the devs of and operators of Signal. If they are malicious, then they can release an evil client that fails to correctly encrypt your data.

So, given that you have to trust the Signal de

Re:Signal is only partially private

[Teun]

True.
You need to register on a central server using your unique mobile number.

According to this Wikipedia article they've so far only once had to hand over data.
Interestingly this data is limited to the time the registration was done and the last time you accessed the service.
https://en.wikipedia.org/wiki/... [wikipedia.org]

Their privacy policy:
https://signal.org/signal/priv... [signal.org]

Reading material for the rightfully paranoid:
https://medium.com/@thegrugq/s... [medium.com]

Re:

[Teun]

Oh yeah, as @the grugq states, Signal is can not offer privacy but it does give confidentiality.

Re:

[Teun]

It's for free, download, install, register and use at zero expense.
Yes in some lawless* places it would be illegal.
* Lawless as in no constitutional or in law enshrined right to privacy.

Acton is no Signal co-founder

[Herve5]

I say the title of this post is seriously misleading.
Brian Acton is only co-founder of WhatsApp, in other words, a direct competitor of the FOSS Signal application.

That he (only now) consider Signal as better than WhatsApp is good ; that he now donates to Signal is even better (as long as he doesn't take control, e. g. through new hired friends) -but definitely Acton never was a 'Signal, WhatsApp Co-Founder'.

And now the message diffused by /. title to the general crowd is : 'so, after all, WhatsApp and Signal are roughly the same kind of cool, no need to change'...

From a guy that spent years explaining to his management that they should switch from WhatsApp to Signal...

Re:

[Anonymous Coward]

I think the issue is "(Signal, WhatsApp) Co-Founder" vs "Signal, (WhatsApp Co-Founder)"