My buddy Aamir Lakhani wrote a great post on Open Whisper used for secure messaging. The original post can be found HERE. Here is the post from Aamir.
I have been waiting for almost a year for Open Whisper systems to release an iOS Apple compatible application for secure messaging. This is free, it’s open source, its easy to use. Download it now.
Android users should see the application being ported over to their platforms. In the meantime they can use RedPhone and TexeSecure to securely communicate. These apps should also be able to communicate to Apple iOS devices running Signal.
Open Whisper Systems is both a large community of Open Source contributors, as well as a small team of dedicated developers. Together, they are working to advance the state of the art for secure communication, while simultaneously making it easy for everyone to use.
Information security rock stars such as Moxie Marlinspike and Jake McGinty who are both extremely well respected members of the cyber security community founded it.
Over the past year, the team and Open Whisper Systems have been working to bring the privacy software they had already developed for Android to the iPhone, and the fruits of those labor are now a reality with the release of the iOS application, Signal.
It is now possible to send end-to-end encrypted group, text, picture, and video messages between Signal on iPhone and TextSecure on Android, all without SMS and MMS fees.
Signal 2.0 blends private phone calls and private messaging into a single frictionless interface, allowing you to focus on what’s important by quickly organizing your conversations using an inbox/archive work flow.
Privacy is possible, Signal makes it easy
Signal uses your existing phone number and address book. There are no separate logins, usernames, passwords, or PINs to manage or lose.
Signal uses the Trust No One (TNO) methodology, which means no one can see the data. Everything in Signal is always end-to-end encrypted, and painstakingly engineered in order to keep your communication safe.
Signal uses your existing number, doesn’t require a password, and leverages privacy-preserving contact discovery to immediately display which of your contacts are reachable with Signal. Under the hood, it uses ZRTP, a well-tested protocol for secure voice communication.
Signal was designed specifically for mobile devices, using a jitter buffer tuned to the characteristics of mobile networks, and using push notifications to preserve battery life while still remaining responsive. Signal is also Free and Open Source Software, allowing anyone to audit the code for correctness or help contribute improvements. The project even pays out a percentage of donated Bitcoin for every merged pull request.
Signal has been designed for the mobile environment from the ground up. Messages and incoming calls are fully asynchronous; push notifications let you know when new messages have arrived, so they’ll be waiting for you if the app is in the background, your battery dies, or you temporarily lose service.
I had some minor issues with push notifications being delayed or not working, but it seemed to be a rare occurrence. I also had a very clear voice conversation over a stable WiFi connection.
Although I trust Signal, I do not know if the application as been audited by a third party. It is open source so I expect that to happen shortly, and no doubt if there any issues it will most likely be fixed.
I am a fan of the other secure messaging platforms, and miss that some of them have built in message destruction (think of it has Snapchat for adults). Unfortunately, Signal does not have similar features. However, anything it lacks, it certainly makes up for it in its open source nature, and strong backing of its founders.