Criticism of the messaging app Signal? Does it even exist, and if so, what is being criticized? And how does Signal respond to these criticisms? In this blog post, we address these questions.

Signal is now the most popular secure messaging app in many countries worldwide. Most users are aware of the many advantages of Signal over comparable messaging apps like WhatsApp or Telegram (more privacy, higher security, open source, non-profit foundation, modern features). This is also the reason why Signal is recommended by many security experts and privacy advocates. But of course, there are also criticisms that are repeatedly raised about Signal. We discuss the most important ones here, explain the background, and show what Signal says about this criticism.

Criticism 1: I need a valid phone number to register with Signal.

To register with Signal, new users need a valid phone number (similar to WhatsApp). This number is then confirmed during registration with a verification code and linked to the Signal account. Details on the registration process can be found on this official support page.

Many users who value anonymity criticize this aspect, as a phone number can potentially be traced back to a specific person. Using Signal is therefore not 100% anonymous.

But of course there is a counterargument for this: Of course, Signal knows that this phone number is registered with Signal (and on what date it was registered). But that’s all. Otherwise, Signal knows nothing. Not the content of your messages, not your contacts, not your profile information, not who you communicate with, not which groups you are in. Nothing.

Therefore, if a law enforcement agency contacts Signal with a phone number to obtain information about an account, the only information they will receive from Signal, if successful, is this: Yes, this phone number is registered with Signal. It was registered on this date, and this is the time it last connected to our servers. Signal also documents this neatly at https://signal.org/bigbrother, where these requests and Signal’s responses are listed as PDFs.

We therefore consider this problem very minor, especially because the benefits of using a phone number for registration outweigh the disadvantages (see our blog post Why a phone number is necessary to register at Signal for more details). In short: Using the phone number for registration helps new Signal users to easily establish contacts in Signal. This is a major reason why Signal is so widely used – especially when compared to many other secure messengers that, unfortunately, are hardly used by anyone.

How Signal responds:

The president of Signal, Meredith Whittaker, has addressed this issue in numerous interviews. Her key message: “Phone numbers allow people to ‘import’ their social graph into Signal and, more importantly, take it with them if they decide to stop using Signal.” Therefore, the phone number is required to register with Signal. Requiring a phone number also reduces spam since it makes it harder for spammers to register.

Criticism 2: All contacts I message can see my phone number

This criticism sounds very similar to the previous one. However, the issue here isn’t that you need a phone number (mobile or landline) for a one-time registration. Rather, it’s that all contacts on Signal can see your phone number.

This criticism is outdated and no longer applies. Signal introduced the “Phone Number Privacy” feature in February 2024. By default your phone numbers is now hidden from users (or other group members)who don’t have it saved in their phone’s contact list. Additionally you can instead establish contacts with other users via a username.

You can read more about this feature at Signal’s Support page.

How Signal responds:

Signal has addressed this criticism and addressed it with the introduction of usernames in February 2024. This criticism therefore is outdated.

Criticism 3: Doesn’t Signal know all my contacts and creates backups of my phone book?

This criticism is false. Signal doesn’t know your contacts. While contacts are saved for account recovery, they are doubly encrypted, so only you and no one else has access to them.

This fundamentally distinguishes Signal from many other messengers that simply store your contact list (and much other data) on their servers. Sure, that’s convenient, but it’s also very insecure.

As usual Signal tries to strike a balance here, combining both: user convenience and the highest security standards.

But back to the criticism that Signal allegedly knows your contacts. Let’s look at this false accusation in more detail. There are basically two ways Signal could learn about your contacts (warning: it gets a bit technical):

1. Finding Signal Contacts

When you install Signal, you’ll probably want to know which of your contacts also uses Signal so you can message them via Signal right away. Signal enables this process through a very innovative feature called Private Contact Discovery. It was specially developed by Signal for this purpose and has two layers of security to prevent Signal from learning about your contacts. First, your contacts’ phone numbers are encrypted as a so-called “hash.” However, this encryption alone does not provide sufficient protection, as the number of possible phone numbers is very limited. Therefore, Signal processes this encrypted data exclusively in a separate and specially secured area of ​​Intel processors (a so-called SGX enclave) to verify that your contacts are also on Signal.

Signal has published a detailed blog post that transparently describes this process. Here’s a summary of the essential process from this blog post:

1. Run a contact discovery service in a secure SGX enclave.

2. Clients that wish to perform contact discovery negotiate a secure connection over the network all the way through the remote OS to the enclave.

3. Clients perform remote attestation to ensure that the code which is running in the enclave is the same as the expected published open source code.

4. Clients transmit the encrypted identifiers from their address book to the enclave.

5. The enclave looks up a client’s contacts in the set of all registered users and encrypts the results back to the client.

Since the enclave attests to the software that’s running remotely, and since the remote server and OS have no visibility into the enclave, the service learns nothing about the contents of the client request. It’s almost as if the client is executing the query locally on the client device.

2. Restoring Your Own Signal Contacts

For a long time, Signal had no interest in backing up your contact list. After all, Signal solely relied on phone numbers as a contact method in the past so your contacts were always stored in your smartphone’s address book. However, this led to the criticism that your phone number was exposed to other users (see the section “All contacts I message can see my phone number” on this page).

As we have seen Signal responded by introducing phone number privacy and usernames which now allow you to contact contacts based on their username while keeping the phone numbers hidden. This creates a problem however: These username contacts are not saved in your address book so Signal now has to take care of the backup of these contacts (in case your phone is accidentally destroyed and you want to restore your contacts for example).

For this purpose, Signal introduced the principle of Secure Value Recovery. As Signal founder Moxie Marlinspike explained:

The purpose of this work [on Secure Value Recover] is to enable non-phone number based addressing, at which point Signal will have to manage your contacts rather than your address book.

So now the following happens: If I allow it Signal backs up my contacts using Secure Value Recovery and double security so that Signal cannot access this data. Firstly, the data is encrypted with a PIN that the Signal user can choose (of any length, including letters and special characters). Secondly, the encryption takes place in a secure SGX enclave.

This excellent German article on Golem describes the process in detail:

With SVR [Secure Value Recovery] the SGX enclave is used to manage the keys used to encrypt contact lists. For each Signal installation, a random 256-bit key is stored along with a hash of the Signal PIN. The key can be downloaded from the SGX enclave by presenting the hash of the Signal PIN. Together with the Signal PIN, the key used to encrypt the contact list is then generated. This way, contacts are retained even if the smartphone is lost, provided the Signal PIN was entered correctly.

At the same time, the technology offers brute-force protection, since the key cannot be reproduced from the Signal PIN alone because the key portion from the SGX enclave is missing.

Summary

Both possible scenarios where Signal needs access to your contact list are very well secured, so Signal never sees your contacts. In scenario 1 (finding Signal contacts) this is done using Private Contact Discovery with hashes and SGX. In scenario 2 (restoring Signal contacts, including username contacts) this is done using Secure Value Recovery, secured by PIN and SGX. Signal therefore never has access to your contacts.

If you don’t want to allow these secure processes you also have the option to deactivate them in Signal. For scenario 1 you can deny the Signal app access to your contacts on the OS level. For scenario 2 you can deactivate the Signal PIN in: Signal Settings – Account – Advanced PIN Settings – Disable PIN.

However, disabling this also leads to less convenience as mentioned before. You won’t know which of your contacts can be reached via Signal and you won’t be able to restore these contacts if your phone is damaged.

How Signal responds

There’s a clear answer to this question on Signal’s support pages:

The Signal service does not have any knowledge of your contacts. Data is all owned by your phone.

And additionally:

Signal developed a private contact discovery process that enables Signal clients to efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service. Once your phone knows which of your contacts is a Signal user, it can optionally notify you when a new contact has started using Signal.

Signal has put a lot of technical effort into this problem and tries to be user-friendly while protecting your data. Signal has explained the technical details and general considerations in detailed blog posts. If you’re interested in more detail, you can find them here and here (for Private Contact Discovery) and here (for Secure Value Recovery).

Criticism 4: Signal uses cloud services from large tech companies

Signal does not runs its own servers but instead uses the cloud infrastructure of large tech companies such as Amazon, Google, or Microsoft. Signal is not alone in doing this as almost every major tech company now uses this infrastructure. Nevertheless, Signal is faced with the question of whether this use is consistent with its own high privacy commitments. Couldn’t Amazon, Google, or Microsoft gain valuable data from Signal users since services and traffic is managed by their servers?

First of all let’s address the question what kinds of technical resources Signal actually needs? Well, to operate a messenger like Signal you need – simply put – computing power, storage space, and network bandwidth. Because the encrypted data Signal produces must ultimately be processed, (temporarily) stored and sent. In a blog article, Signal has explained this necessity and the associated costs in detail.

The question now arises: What kind of Signal data do Amazon, Google, and Microsoft see? The answer: the same data as Signal itself. Or to put it another way: almost nothing. German IT security and privacy expert Mike Kuketz has taken a closer look at this topic and concludes: Cloud providers only see IP addresses and the size of data packets. However, since all data is encrypted, they see nothing beyond that. Kuketz strongly doubts whether they can do much with just IP addresses and the size of data packets and concludes: “Based on my technical knowledge, I still recommend Signal. […] Apart from the messenger Briar (which pursues a decentralized approach), there is currently no messenger that implements the zero-knowledge principle more consistently and avoids metadata by design.”

How Signal responds

Signal’s president Meredith Whittaker recently spoke extensively on this question. We reproduce her detailed response here, slightly abridged and adding some emphasis:

Unlike almost all other consumer tech offerings, Signal is designed so that nothing, including Signal’s servers, has access to your data. […]

In Signal’s case, we must also recognize that privacy is collective. It doesn’t matter what privacy and strong security look like for me. If my friends, colleagues, partners, and those I want to talk to don’t use a messaging service, it’s useless to me.

Signal’s goal is to provide robust privacy for everyone. To achieve this, we must not be relegated to the category of privacy thought experiments: ironclad privacy in theory, but unused in practice because it doesn’t work according to people’s expectations and desires. To be useful today, a messaging service must be instantly available anytime, anywhere. This is a norm established by messengers that participate in the surveillance business model, which Signal rejects. However, just because we reject the surveillance business model doesn’t mean we can reject the “always available” norm if we want to remain useful, utilized, and relevant.

Meeting these expectations currently requires a highly available global server infrastructure. This infrastructure—which we commonly refer to as “cloud services”—is currently in the hands of a handful of companies. This is because the technology industry has consolidated over the past decade thanks to the surveillance business model and its network effects. It’s not possible to develop high-availability services like Signal without either being one of these “Big Tech” companies or licensing cloud servers from them. This isn’t the world we want. But it is the world we operate in.

This leads us to a discussion about the costs and economics of developing and maintaining high-availability software like Signal. Cost is one of the biggest challenges of running a service like Signal, given the lucrative business model of surveillance. We spend tens of millions of dollars annually to keep Signal running. And servers and bandwidth are two of the largest expenses.

Both servers and bandwidth have significant economies of scale, providing significant advantages for the owners of these cloud resources in terms of flexible resource allocation.

To cite a real-world example, when Signal usage increased 10x in January 2021, we were able to quickly call our cloud providers and expand our hosting capacity and bandwidth within hours. If we had been running and hosting our own infrastructure in January 2021, we would have needed to have large unused reserves to ensure the same resilience in the face of these dynamic conditions. In this scenario, we would also have had to lease data centers and hire teams of engineers and hardware operations personnel around the world to ensure we had staff to build and maintain our infrastructure. This model would likely cost not tens, but hundreds of millions of dollars per year to achieve similarly robust performance.

If we develop or discover options in the future that don’t rely on widespread cloud infrastructure and—importantly—meet people’s “always on” expectations while also being economically viable, we will of course look at them. But no such option exists today. And moving to a distributed architecture without seriously addressing these issues would reduce the utility of Signal for the people who rely on it—and potentially their privacy. We are not ready to do that.

Criticism 5: Signal doesn’t have status updates like WhatsApp

On some sites you can still find information that Signal doesn’t offer status updates like WhatsApp. This information is outdated. Since November 2022 Signal has supported status updates which many users are familiar with from WhatsApp. In Signal the feature is called “Stories” and is implemented in a privacy-friendly manner (end-to-end encrypted, contacts who see the story can be selected). And the best part (compared to WhatsApp): If the feature annoys you, you can simply deactivate it completely.

What Signal says about it

We’ve had this feature for a long time. And here and here we have information for you about it.

Conclusion

Those are all the common criticisms of Signal that we could think of. Even though we’re Signal fans we’ve tried to address the criticisms as comprehensively and neutrally as possible. If you have any others or have more question feel free to contact us.