The encrypted ,essaging and calling app Signal built its reputation on making it simple for anyone to keep their IMs and voice conversations beyond the reach of eavesdroppers. Now it’s also trying to help you keep those conversations safe from anyone who manages to grab your devices—or those of the person you’ve been talking to.
On Tuesday, Signal added a disappearing message feature that allows users to let messages self-destruct in as little as five seconds or as long as a week. “If you want to have a conversation and not have your history laying around forever, this feature allows you to automate that data hygiene,” says Moxie Marlinspike, the cocreator of Signal’s crypto protocol and founder of the Open Whisper Systems nonprofit that maintains the app. “A lot of people are interested in having a fully ephemeral conversation history.”
The addition of the feature is hardly an innovation. It’s long been implemented in other messaging apps, including Snapchat and Wickr. But it’s significant for it to be adopted by Signal, which has a sterling reputation in the privacy and security world. NSA leaker Edward Snowden has said he uses Signal “every day,” and it’s become the go-to private messaging tool for a range of professionals, including lawyers, journalists, and cryptographers. Signal’s reputation was bolstered earlier this month when Open Whisper Systems revealed it had received a grand jury subpoena for information on two Signal users, and—thanks to its end-to-end encryption and lack of logs—possessed virtually no information to hand over.
Marlinspike says he’d resisted adding a disappearing message function for fear it would mislead users: Disappearing messages, he notes, can’t protect your conversation from being revealed by the person you’re communicating with. (The recipient can take a screenshot of the app or even a picture of the screen with another camera.) But as he’s seen how Signal’s been adopted, he says he’s come to see the feature more as a matter of convenience than security. “We’re trying to make it clear this is not a feature that helps you win when your own contact is your adversary,” Marlinspike says. “This is a collaborative feature for when everyone in the conversation wants the message history to be ephemeral.”
In fact, Marlinspike has long recommended that Signal users periodically delete their messages. Signal uses a crypto technique called Perfect Forward Secrecy that encrypts every message with a different key, so that even if an eavesdropper who intercepts and records those messages manages steal a user’s phone, the snoop can’t decrypt old conversations. That feature only works, however, if Signal users continually delete their message logs. The disappearing message feature, Marlinspike says, “is just something that automates that tidying practice.”
Aside from the app itself, the encryption protocol that Signal uses has become a kind of best-practice secrecy system for major tech services over the last year. Whatsapp rolled it out to all of its billion-plus users. Facebook Messenger has made it an opt-in feature for another billion phones on which it’s installed, and Google implemented it in the incognito mode of its new messenger app Allo.
Both Google and Facebook have included a disappearing message feature in their apps. But in Facebook’s case, at least, the app includes a feature to report abusive messages to the company, allowing them to be recovered. As Signal showed a grand jury when it failed to cough up any of its users’ data earlier this year, it’s more committed to erasing any trace of its users’ data. “If you delete a message,” Marlinspike says. “You know it’s really gone.”