The Signal encrypted messaging application on Tuesday added disappearing messages to its array of privacy features. Disappearing messages gives users the ability to designate how long conversations live on respective devices. And while developer Moxie Marlinspike said the feature won’t necessarily offer additional protection against adversaries conducting surveillance, it is a security enhancement that delivers security in case a device is lost or stolen.
The feature was added to Signal’s iOS, Android and desktop versions; a timer can be set that will clear messages any time between five seconds to one week once a message is opened. Marlinspike said the timer values give users a range of options for ephemeral message history. “Disappearing messages are a way for you and your friends to keep your message history tidy,” Marlinspike said. “They are a collaborative feature for conversations where all participants want to automate minimalist data hygiene, not for situations where your contact is your adversary — after all, if someone who receives a disappearing message really wants a record of it, they can always use another camera to take a photo of the screen before the message disappears.” Messages sent through the application are end-to-end encrypted, and Marlinspike said messages—even encrypted versions—are not stored on Signal servers after they’ve been delivered. “Disappearing messages gives users the additional option to automate the clean up of message history on their own devices as well,” Marlinspike said. The release also included support for the Signal Protocol’s numeric fingerprint called safety numbers. The numbers of 15 sets of five-digit codes that can be used to verify the security of an end-to-end encrypted conversation. Users can verify the safety numbers by either scanning a QR code or reading the strings aloud to their contact. Open Whisper Systems, the group behind the development of Signal, said last week that it was served with a subpoena for users’ data earlier this year, but was unable to fulfill much of the court order since it keeps relatively little information on users. The American Civil Liberties Union last week shared transcripts and court documents that included a gag order that was lifted recently related to the case. Via the subpoena, the government asked for user’s names, addresses, telephone numbers, any information the company might have about their toll records, upstream and downstream providers—any accounts Signal may have acquired through cookie data. Open Whisper Systems complied with the order but was only able to provide limited information, including the time the account was created and the date the user last connected to Signal’s servers. The addition of disappearing messages comes two weeks after the introduction of the desktop version of Signal for iPhone users. The desktop app is a Chrome application that works with Signal 2.5.1 and higher. 1
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.