Latest in Gear

Image credit:

Signal test uses DRM to keep your contacts private

It's trialling Intel's SGX tech to keep your info completely hidden on its servers.
Saqib Shah, @eightiethmnt
September 27, 2017
Share
Tweet
Share

Sponsored Links

Signal

Signal is generally viewed as the most secure encrypted communications app. So secure, that even the US Senate has approved it for staff use. And, to keep privacy experts on its side, Open Whisper Systems (the non-profit behind the app) has kept Signal open source and peer-reviewed. But, the developer is having to juggle robust privacy with all the popular features a chat app is expected to provide in this day and age. It's proven a tricky balancing act -- particularly in regards to access to user contacts. Just like its (now encrypted) rivals, Signal asks to import your phone contacts in order to tell you who's using the app. For the stricter privacy advocates, that's always been a niggling issue. But, Signal claims it has a fix. With its latest test, the app is trialling a completely private contact discovery service.

In other words, no one (whether nefarious actors, or even Signal itself) will be able to access that data, at least theoretically. To accomplish this task, it's utilizing an Intel processor feature known as Software Guard Extensions, or SGX. Originally designed for DRM, the tech essentially allocates a "secure enclave" in a processor that is kept isolated from the rest of a computer's operating system. The code running in that enclave is designated a unique key that only Intel can control.

In the case of the app, SGX will be fitted to Signal's servers. That way, when your contacts pass through them, they'll also be kept in this secure enclave for processing, and will vanish afterwards. If the test feature works as it should, Signal will basically be kept out of your information -- as will everyone else. The feature is expected to roll out over the next few months, once the test run is out of the way.

Although the new option sticks to Open Whisper System's privacy commitments, it is still in its early stages. And, as Wired reports, the server-side use of SGX is relatively untested. To ease concerns, OWS is making the private contact discovery service open source, allowing the security community to nitpick it for possible exploits. All the crypto heads out there can get the low-down on the tech by reading Signal's blog post.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

View
Facebook will not ban Oculus owners with multiple VR headsets (updated)

Facebook will not ban Oculus owners with multiple VR headsets (updated)

View
LG unveils the first Tone Free wireless earphones with ANC

LG unveils the first Tone Free wireless earphones with ANC

View
Garmin smartwatches are on sale at all-time low prices at Amazon

Garmin smartwatches are on sale at all-time low prices at Amazon

View
GitHub takes down YouTube video download tools after an RIAA notice

GitHub takes down YouTube video download tools after an RIAA notice

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr