????????
Is anyone having trouble finding the app for free download on App Store?
Privacy bods can snub Cupertino's iMessage and instead encrypt their Apple iTexts using Moxie Marlinspike's Signal 2.0, released for iOS today. The latest version from the dreadlocked crypto fancier and Co will slap end-to-end encryption on text messages using the TextSecure protocol sent between Signal 2.0 clients. Encrypted …
I already had Signal installed, so I got the update first thing this morning. Its full title in the App Store is "Signal - Private Messenger" - look for a sky-blue icon with a speech-bubble inside. (ISTR some updated apps take a few hours to percolate through the system, so you may want to wait a little, just to make sure.)
The software is published, so there will be plenty of scrutiny of the security.
This is an assumption lots of people make but more than occasionally turns out to be incorrect.
The option is there for everyone or anyone to scrutinise it - however people being people tend to assume someone else will do it.........
(And before I get berated, I dont have the skills to do it myself anyway)
If end to end message encryption is enough to make you convert to iOS, you should convert. iMessage encrypts everything end to end using a key generated independently by the two devices. Apple cannot read the messages, and would have to redesign iMessage to do so.
A few cavets, however... Obviously iMessage only works for communication with other iOS users, you would need some sort of app like this to communicate with Android/WP users and they would have to use the same app. Messages you send to iOS users that fall back to SMS for whatever reason are sent in the clear across the cell network. Pretty sure there's a way to disable SMS fallback though. Finally, if you sync your messages to iCloud I believe Apple could read them off the server, they aren't encrypted specific to your device/account so while they're encrypted in transit and on disk in iCloud, it is using keys Apple controls. If you backup using iTunes you can encrypt the backup on your local disk with a password you select, a bit less convenient but more secure.
"iMessage encrypts everything end to end using a key generated independently by the two devices. Apple cannot read the messages, and would have to redesign iMessage to do so."
That's what you think. But in the absence for iMessage's source code, you must trust Apple that it doesn't leak the key to a third party or deliberately weakens it. And of course Apple has the option of slipping in a future upgrade with those features, personalized to a few persons of interest.
If Signal is open source, you can (in theory) review the (current) code that it does not leak. Then they need a trusted build infrastructure so that everybody can (in theory) validate that the app that you download from the store is built from the source code that you've seen, and you can check (in theory) that each time you run the app, it hasn't been tampered with.
As you can see, there's lot's of caveats. It's good to see that someone's trying.
The only value this brings to iOS users is the ability to end to end encryption when communicating with other users of this app who aren't iOS users.
The "catch" with iMessage encryption is if you sync your Messages with iCloud, while they are encrypted in flight and at rest, as I understand it Apple could read the there because that process doesn't use your device key. I've remained an iCloud refusenik because I want the data stored on iCloud to be encrypted with a key I control and so far as I know that's still not the case. So I do my backups via iTunes as it is encrypted on disk with a key I control.