« Scott Nonnenberg

Starting on Signal

2017 May 17

I’ve decided to put away my consultant hat for a while, because I’ve joined Open Whisper Systems to work on their Signal Desktop application! I’m really excited to contribute to such an important mission.

“I am regularly impressed with the thought and care put into both the security and the usability of this app. It’s my first choice for an encrypted conversation.” - Bruce Schneier

What is Signal?

If you’re not already one of the millions of people using Signal Private Messenger for iOS or for Android, you should start! Unlike text messages or email, it is encrypted so that nobody can snoop on your conversations.

You might be thinking that you don’t have that problem, since messages sent via Facebook Messenger or Twitter DMs are encrypted when sent across the internet. That’s true, but those messages are not encrypted when archived on Facebook or Twitter servers. That’s how your historical messages reappear when you log into the website and when you set up a new device.

Signal isn’t built like that. Its core server component knows next to nothing about its users. Moreover, it cannot understand the messages being passed from one user to another, since it doesn’t have the keys to decrypt those messages. Yes, the messages are saved in the client applications themselves, but even those can be eliminated by enabling disappearing messages.

On top of all that, the four Signal software projects (server, iOS, Android, Desktop) are free and open source, released under GPLv3. You can go look at the code now, and verify that your privacy is respected. Or rely on the third parties who have done that for you.

“Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.” - Laura Poitras

Why the change?

You might be a little confused by this change. After all I did enjoy the independence and variety I had as a free agent! Why would I leave the illustrious world of software consulting?

First, it’s not really that illustrious!

Second, It’s all about the mission. I’ve said before that “I wanted the goal of my efforts to be a worthy cause, and I wanted my actions to have a clear effect on that cause.” I think I’ve found that with Signal. It is something I want to exist in the world, and I’m honored to be able to focus on it full time.

Those of you with an eagle eye may have noticed that the application is using Backbone.js, not my focus of late, React.js. It’s not a concern. I have no problem working with older technologies like this. In fact, I’ve done it recently. It’s still JavaScript and HTML and CSS, all adding up to the desired user experience. Of course, I will certainly be itching to use at least a few of my currently-favored development techniques.

“Use anything by Open Whisper Systems.” - Edward Snowden

I’m excited!

It’s very cool to be part of the team behind Signal. Because it’s small, I’ll be responsible for a wider set of tasks than I would otherwise - all packaging and release management, for example. You can watch my progress as I make changes in the Signal-Desktop project on GitHub! Or file bugs you discover as you use it!

Now, you’re probably wondering - what will happen to this blog? My plan is to continue to post here, but I probably won’t include massive learning logs quite as often. I suspect that I’ll talk about the things I’m doing with Signal, since I can link directly to pull requests and commits.

Stay tuned!

A little bit more:

The underlying encryption protocol: https://en.wikipedia.org/wiki/Signal_Protocol
The original announcement about open-sourcing Signal technology: https://web.archive.org/web/20120731143138/http://www.whispersys.com/updates.html
Key Open Whisper Systems blog posts:
- Original iPhone app release announcement https://whispersystems.org/blog/signal/
- iPhone app gets text messaging capabilities https://whispersystems.org/blog/the-new-signal/
- Original apps on Android are combined into one https://whispersystems.org/blog/just-signal/
- Initial Beta announcement of Desktop application https://whispersystems.org/blog/signal-desktop/
- WhatApp is using Signal protocol https://whispersystems.org/blog/whatsapp/
- Google’s Allo has option to use Signal protocol https://whispersystems.org/blog/allo/
- Facebook’s Messenger has option to use Signal protocol https://whispersystems.org/blog/facebook-messenger/
EFF talks about how to install and use Signal https://ssd.eff.org/en/module/how-use-signal-ios
EFF has a secure messaging scorecard, version one: https://www.eff.org/node/82654
A comprehensive how-to on Signal: https://theintercept.com/2017/05/01/cybersecurity-for-the-people-how-to-keep-your-chats-truly-private-with-signal/

Posted: 2017 May 17

Tags: career, software, business, javascript

On GitHub: posts/2017-05-17-starting-on-signal.md

A holistic health checkin 2017 May 31

It’s been a while since I last talked about nutrition, fitness or health. I think it’s time. Where before my articles about this have been focused on one aspect of health, this article will cover... Read more »

What's a Monad? Digging into Haskell 2017 May 03

My functional journey started with Javascript techniques, grew as I briefly explored a few functional languages, then bloomed as I got comfortable with Elixir. Going further has finally defined... Read more »

Hi, I'm Scott. I've written both server and client code in many languages for many employers and clients. I've also got a bit of an unusual perspective, since I've spent time in roles outside the pure 'software developer.' You can find me on Mastodon.