Text Messaging

Why Signal | How to Make the Switch | Best Practices for Secure Messaging | Additional Articles

Why Worry About Encryption

One of the cornerstones of online privacy is how you choose to communicate. Beyond email, the next communication behemoth is text messaging. What application you use to send your messages through may be something you've never considered.

Why not just open your default text app and shoot off a quick message using SMS (this stands for "short message service" and is the traditional technology that most telephone, internet, and mobile-device systems use)? Because "identity theft can happen to anyone."^[1] All it would take for a hacker to get started is your name and mobile number. While Google’s Rich Communication Services (RCS) offers some improvements over SMS, such as read receipts and typing indicators, it still lacks end-to-end encryption in many cases. This makes it less secure than encrypted apps like Signal.

Geek Tip: There is an "increasingly common trick called phone account hijacking."^[2] Once a wannabee hackers gains access to your phone account, this can then lead to a SIM swap. All the hacker needs to do is call your mobile carrier, convince them they are you, cancel your SIM card (a piece of technology inserted into your phone that contains unique identification), and issue a new one to them, thereby allowing SMS interception. That is, the hacker can send and receive SMS text messages as if they were you. SIM-swapping attacks have become increasingly common in recent years, targeting individuals with valuable online accounts. To protect yourself, contact your mobile carrier and request additional security measures like a PIN or password for account changes.

Okay, so no SMS. How about iMessage? Snapchat? Skype? Instagram Messaging? X? Facebook Messenger?

The answer hinges on end-to-end encryption (or lack thereof). "Today, end-to-end encryption is part of your daily digital life. It is actually the ultimate security mechanism that protects your sensitive and private data online, like your credit card number during a transaction, or your phone call which is being wiretapped."^[3] But what is it? "Encryption involves turning your data into a scrambled form such that it is impossible for any party intercepting it to read, understand and make any sense of it, except the recipient to whom it is intended. When it reaches this rightful recipient, the scrambled data is changed back to its original form and becomes perfectly readable and understandable again."^[4] Whenever possible, you should always send your personal communications in an encrypted form. You may be shocked to know that most messaging apps (1) do not offer end-to-end encryption, (2) if available, do not turn end-to-end encryption on by default, and/or (3) do not encrypt backups.

So, why not use WhatsApp? After all, WhatsApp uses Signal's encryption and has over "1.2 billion active users."^[5] "There are many things to criticize Facebook for; running a product that deployed end-to-end encryption by default for over a billion people is not one of them."^[6] WhatsApp is certainly a better option than, for example, SMS. However, the answer is simple: it's owned by Facebook. "Facebook will have data indicating who WhatsApp users communicate with and how frequently, and connecting WhatsApp users with their social media accounts and broader online activity, associations, political affiliations, and more."^[7] Additionally, WhatsApp encryption only comes into play when sending messages. "Once messages are on your phone, they rely on your phone's built-in encryption to keep them safe (which is why it's important to use a strong passcode). If you choose to back up your phone to the cloud -- such as to your Google account if you're an Android user or your iCloud account if you're an iPhone user -- then you're handing the content of your messages to your backup service provider."^[8] That is one of many reasons why I recommend using Signal. "Signal doesn't include any of your messages in this backup."^[9]

If you are intent on sticking with old school SMS, than at a minimum limit the sensitive information that is sent through it. If you tend to communicate with your friends and family across multiple websites and applications, "rather than just chugging along with a dozen chat apps, letting your notifications pile up, it's time to pick one messaging app and get all of your friends on board."^[10]

Why Signal

Stay private: It's simple: Signal protects your chats. "Signal messages and calls are always end-to-end encrypted and painstakingly engineered to keep your communication safe. We can't read your messages or see your calls, and no one else can either."^[11] But why Signal over other messaging apps? "The thing that actually makes Signal superior is that it's easy to ensure that the contents of every chat remain private and unable to be read by anyone else."^[12]

Say anything: Do you have friends or family who are overseas and could potentially incur significant international SMS fees? "Send high-quality group, text, voice, video, document, and picture messages anywhere in the world without SMS or MMS fees."^[13]

Speak freely: How about long-distance phone charges? "Make crystal-clear voice and video calls to people who live across town, or across the ocean, with no long-distance charges."^[14]

Control time: "Keep your chat history tidy with messages that you can set to disappear. Choose different disappearing message intervals for each conversation. Everyone in the thread shares the same setting."^[15] Signal has also introduced features like 'Blur Faces' in shared photos to protect identities and 'Note to Self,' which allows you to send encrypted reminders or notes to yourself without needing another contact.

Free for everyone: It's open source. Open source means that Signal’s code is publicly available for review by security experts worldwide. This transparency ensures that there are no hidden vulnerabilities or backdoors, making it one of the most trusted messaging platforms available. The "app's code is freely available for experts to inspect for flaws or back doors in its security."^[16] "Signal is made for you. As an Open Source project supported by grants and donations, Signal can put users first. There are no ads, no affiliate marketers, no creepy tracking. Just open technology for a fast, simple, and secure messaging experience. The way it should be."^[17]

"Even Edward Snowden recommends it--and he should know which apps are the best for stopping unwanted snooping."^[18]

How to Make the Switch

Install Signal on your smart phone and/or desktop (iOS | Android | Desktop). It uses your mobile number to identify you to your contacts, so there is no username or password to remember. If you’re installing Signal on your desktop, ensure you link it to your mobile app during setup. This allows you to sync your messages securely across devices while maintaining end-to-end encryption.
Get your friends, family, and colleagues on board by texting them the download link (signal.org/download) and encouraging them to make the switch .
Start chatting.

Yogi Tip: Don’t worry about all the technical details of encryption. Just start by downloading Signal and using it for your everyday messages. It’s free, easy to use, and automatically protects your chats without you needing to do anything extra.

Best Practices for Secure Messaging

Using an encrypted messaging app like Signal is an excellent step toward protecting your privacy. Here are some additional tips to maximize your security:

Enable disappearing messages for sensitive conversations.
Lock Signal with a passcode or biometric authentication (e.g., fingerprint or face ID).
Avoid sharing sensitive information over any unencrypted platform.
Regularly update the app to ensure you have the latest security features.
Encourage others in your network to use Signal for secure communication.

Additional Articles

Lily Hay Newman, "Signal Keeps Adding Features—and Its Users Keep Growing," Wired, January 2025.
Proton Team, "Secure Messaging Guide: Why Encryption Matters," Proton Blog, December 2024.
PCMag Editors, "The Best Encrypted Messaging Apps," PCMag, November 2024.

Footnotes

^[1] Brian Barrett, "How Even the FTC's Lead Technologist Can Get Hacked," Wired, June 9, 2016.
^[2] See footnote 1.
^[3] Nadeem Unuth, "What is End-to-End Encryption?," Lifewire, September 5, 2018.
^[4] See footnote 3.
^[5] Daniel Sparks, "How Many Users Does WhatsApp Have?," The Motley Fool, April 6, 2017.
^[6] moxie0, "There is no WhatsApp 'backdoor'," Signal, January 13, 2017.
^[7] Brian Barrett, "WhatsApp's Privacy Cred Just Took a Big Hit," Wired, August 25, 2016.
^[8] Micah Lee, "Battle of the Secure Messaging Apps: How Signal Beats WhatsApp," The Intercept_, June 22, 2016.
^[9] See footnote 8.
^[10] Jordan McMahon, "Ditch All Those Other Messaging Apps: Here's Why You Should Use Signal," Wired, November 5, 2017.
^[11] "signal.org," Signal.
^[12] See footnote 10.
^[13] See footnote 11.
^[14] See footnote 11.
^[15] See footnote 11.
^[16] See footnote 8.
^[17] See footnote 11.
^[18] David Nield, "What Is Signal Private Messenger - How to Use the Signal App," Popular Mechanics, March 28, 2017.