Security and Whistleblowing with Signal and Moxie Marlinspike

Ideas and Issues
Facebooktwitterredditlinkedin
Signal

New Orleans   Not long ago in the Edinburgh office of ACORN, I got a crash course in some simple things about basic email and text protection from spying and other weirdness thanks to one of our leader/organizers, Jon Black, who has done a deep dive on some of this stuff, so now that everyone is looking over our shoulders, maybe it’s time to share some tips.

I had fooled Black and masked my basic techno-peasantness because I knew about the legendary Moxie Marlinspike who is seen by many as the world’s expert on encryption. Of course I only really knew about Marlinspike because I had read a number of articles by him, thought the name was fantastic, and liked the fact that he was not your standard issue Silicon Valley greed grubber. Jon has actually read all of the terms and conditions so he was able to explain to me exactly why Moxie’s Signal was better than WhatsApp, which Marlinspike also developed and is now owned by Facebook. There was an important difference involving setting specific controls on WhatsApp for the user to be notified if someone was creeping up on their account, which are automatic for Signal. At least I think that’s what he told me.

But, anyway, Signal is actually owned and run by Marlinspike, so that should just be enough. Importantly, when WikiLeaks dropped the dime on the CIA at first I shouted out for Jon that they had managed to break through the encryption at Signal, but that was wrong. I heard the Moxie-man on the radio and he made it very clear, and it’s been confirmed elsewhere since, that they cracked the smartphones, not the apps. Of course one thing is still important to remember. To really encrypt your phone calls, video calls, and texts on Signal, the other party also needs to be on Signal. It’s an easy switch, and I’d recommend it as a “why not be safe rather than sorry” move.

Another recommendation for moving in this direction were some tips I saw recently in the magazine, “Wired,” for being a leaker or whistleblower and hoping to protect your anonymity. When it came to doing so with a phone they made the following suggestions, which many would have known form any close viewing of the great HBO series, “The Wire:”

“Buy a burner – a cheap, prepaid Android phone – with cash from a nonchain store in an area you’ve never been to before. Don’t carry your regular phone and the burner at the same time, and never turn on the burner at home or work. Create a Gmail and Google Play account from the burner, then install the encrypted calling and texting app Signal. When you’re done, destroy the burner and ditch its corpse far from home.”

They never say the words GPS, cell tower triangulation, or Stringer Bell, but almost all of these cautions underscore the fact that when you’re rolling with your phone – especially if it’s switched on – anyone and everyone can track you anywhere and anytime. Regardless, I would call those instructions a huge product endorsement for Signal as top of the line, best in class now especially for the price. Heck, it’s free, so you get more security for nothing. What’s to lose?

Facebooktwitterredditlinkedin