Last month, cryptographer and coder known as Moxie Marlinspike was settling down on an airplane when his fellow passenger, a man in his 60s in the Midwest, asked for help. He couldn’t figure out how to enable airplane mode on his outdated Android phone. But when Marlinspike saw the screen, he briefly wondered if he was being trolled: Among only a handful of apps installed on the phone was Signal.
Marlinspike launched Signal, widely regarded as the world’s most secure end-to-end encrypted messaging app, nearly five years ago, and now heads the non-profit Signal Foundation that maintains it. But the man on the plane knew nothing about it. In fact, he wasn’t trolling Marlinspike, who politely showed him how to turn on airplane mode and return the phone.
“I try to remember moments like that when building Signal,” Marlinspike told Wired in an interview via a Signal-enabled phone call the day after that flight. “The choices we make, the app we try to make, it has to be for people who don’t know how to enable airplane mode on their phone,” Marlinspike says.
Marlinspike has always talked about making encrypted communications easy enough for anyone to use. The difference today is that Signal is finally reaching that mass audience it was always intended to — not just the privacy diehards, activists, and cybersecurity geeks who for years have been its main user base — thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream.
That new phase in Signal’s evolution began two years ago this month. At the time, WhatsApp co-founder Brian Acton, a few months away from leaving the app he’d built amid clashes with Facebook after the acquisition, injected $50 million into Marlinspike’s end-to-end encrypted messaging project. Acton also joined the newly established Signal Foundation as its executive chairman. The pairing made sense; WhatsApp had used Signal’s open-source protocol to encrypt all WhatsApp communications end-to-end by default, and Acton was dissatisfied with what he saw as Facebook’s attempts to erode WhatsApp’s privacy.
Since then, the Marlinspike nonprofit has put Acton’s millions — and his experience building an app with billions of users — to work. After years of working with just three overworked full-time staffers, the Signal Foundation now has 20 employees. Signal has been a simple texting and calling app for years and has increasingly become a full featured, mainstream communications platform. With its new encoding power, it’s been rolling out features at a breakneck pace: In just the last three months, Signal has added support for iPad, ephemeral images and video designed to disappear after a single view, downloadable customizable “stickers” and emoji reactions. Most importantly, it announced plans to roll out a new group messaging system and an experimental method of storing encrypted contacts in the cloud.
“Signal’s major transition has been from a small effort of three people to something that is now a serious project with the capacity to do whatever it takes to build software in today’s world,” said Marlinspike.
Many of those features may sound trivial. They’re certainly not the kind that appealed to Signal’s early core users. Instead, they are what Acton calls “enrichment functions.” They are designed to attract normal people who want a messaging app as multi-purpose as WhatsApp, iMessage or Facebook Messenger, yet value Signal’s widely trusted security and the fact that it collects virtually no user data. “This is not just for hyperparanoid security researchers, but for the masses,” Acton says. “This is something for everyone in the world.”
Even before those crowd pullers, Signal was growing at a rate most startups would envy. When Wired profiled Marlinspike in 2016, he would only confirm that Signal had at least two million users. Today, he has no idea what Signal’s total user base is, but according to the Google Play Store tally, it has had over 10 million downloads on Android alone. Acton adds that another 40 percent of the app’s users use iOS.
Its adoption has spread from Black Lives Matters and pro-choice activists in Latin America to politicians and political aides—even technically incompetent ones like Rudy Giuliani—to NBA and NFL players. In 2017 it appeared in the hacker show mr. Robot and political thriller House of cards† Last year, as a sign of its changing audience, it appeared in the teen drama Euphoria†
Identifying the features that the general public wants is not that difficult. But building even simple-sounding improvements within Signal’s privacy constraints — including a lack of metadata that even WhatsApp doesn’t promise — can require significant feats of security engineering, and in some cases even new cryptography research.
Take stickers, one of the easier recent Signal upgrades. On a less secure platform, that kind of integration is fairly straightforward. For Signal it was necessary to design a system where each sticker “pack” is encrypted with a “pack key”. That key is itself encrypted and shared from one user to another whenever someone wants to install new stickers on their phone, so Signal’s server can never see decrypted stickers or even identify the Signal user who created or sent them.
Anonymous login details
Signal’s new group messaging, which allows administrators to add and remove people from groups without a Signal server ever knowing about the members of that group, had to go even further. Signal teamed up with Microsoft Research to invent a new form of “anonymous credentials” that allowed a server to be the gatekeepers of a group, but without ever learning the identities of its members. “It required coming up with some innovations in the world of cryptography,” says Marlinspike. “And in the end it’s just invisible. They’re just groups, and it works the way we expect groups to work.”
Signal is rethinking how it tracks its users’ social charts too. Another new feature it is testing, called “secure value recovery”, would allow you to create an address book of your Signal contacts and store them on a Signal server, instead of simply depending from your phone’s contact list. That contact list stored on the server is kept even if you switch to a new phone. To prevent Signal’s servers from seeing those contacts, it would encrypt them with a key stored in the secure SGX enclave that aims to hide certain data, even from the rest of the server’s operating system.
That feature could one day even allow Signal to ditch its current system of identifying users based on their phone numbers — a feature that many privacy advocates have criticized for forcing anyone who wants to be contacted through Signal to have a hand out mobile numbers, often to strangers. Instead, it could securely store persistent identities for users on its servers. “I’m just saying this is something we think about,” Marlinspike says. Secure value recovery, he says, “would be the first step in solving that.”
New features add complexity, making it more likely that security vulnerabilities end up in Signal’s engineering, warns Matthew Green, a cryptographer at Johns Hopkins University. For example, depending on Intel’s SGX feature, hackers could steal secrets the next time security researchers expose a vulnerability in Intel hardware. For that reason, he says some of Signal’s new features should ideally have an opt-out switch. “I hope this isn’t all or nothing, that Moxie gives me the option not to use this,” says Green.
But overall, Green says he’s impressed with the engineering Signal has put into its evolution. And making Signal friendlier to normal people will only become more important as Silicon Valley companies come under increasing pressure from governments to create encryption backdoors for law enforcement, and as Facebook hints that its own ambitious end-to-end encryption plans are yet to come. years away from blooming.
“Signal is thinking hard about how we can give people the functionality they want without compromising privacy too much, and that’s very important,” Green added. “If you think Signal is important for secure communication in the future – and you may not see Facebook or WhatsApp as reliable – then you definitely need Signal to be usable by a larger group of people. That means you have these features.”
Brian Acton doesn’t hide his ambition that Signal could grow into a service the size of WhatsApp. After all, Acton not only founded WhatsApp and helped it gain billions of users, but before that, Yahoo joined in the early, explosive growth days of the mid-1990s. He thinks he can do it again. “I’d like Signal to reach billions of users. I know what it takes to do that. I did that,” Acton says. “I’d like it to happen in five years or less.”
That wild ambition, to install Signal on a significant portion of all phones on the planet, represents a shift — if not for Acton, then for Marlinspike. Just three years ago, Signal’s creator mused in an interview with Wired that he hoped Signal could “disappear” one day, ideally after the encryption was widely implemented in other multi-billion-user networks like WhatsApp. Now it seems that Signal hopes not only to influence the giants of technology, but also to become one.
But Marlinspike argues that Signal’s fundamental goals haven’t changed, just strategy and resources. “This has always been the goal: to create something that people can use for anything,” says Marlinspike. “I said we wanted to make private communications simple and make end-to-end encryption ubiquitous, and push the boundaries of privacy-protecting technology. This is what I meant.”
This story originally appeared on wired.com.