Latest in Gear

Image credit: Signal

Signal test uses DRM to keep your contacts private

It's trialling Intel's SGX tech to keep your info completely hidden on its servers.
327 Shares
Share
Tweet
Share

Sponsored Links

Signal

Signal is generally viewed as the most secure encrypted communications app. So secure, that even the US Senate has approved it for staff use. And, to keep privacy experts on its side, Open Whisper Systems (the non-profit behind the app) has kept Signal open source and peer-reviewed. But, the developer is having to juggle robust privacy with all the popular features a chat app is expected to provide in this day and age. It's proven a tricky balancing act -- particularly in regards to access to user contacts. Just like its (now encrypted) rivals, Signal asks to import your phone contacts in order to tell you who's using the app. For the stricter privacy advocates, that's always been a niggling issue. But, Signal claims it has a fix. With its latest test, the app is trialling a completely private contact discovery service.

In other words, no one (whether nefarious actors, or even Signal itself) will be able to access that data, at least theoretically. To accomplish this task, it's utilizing an Intel processor feature known as Software Guard Extensions, or SGX. Originally designed for DRM, the tech essentially allocates a "secure enclave" in a processor that is kept isolated from the rest of a computer's operating system. The code running in that enclave is designated a unique key that only Intel can control.

In the case of the app, SGX will be fitted to Signal's servers. That way, when your contacts pass through them, they'll also be kept in this secure enclave for processing, and will vanish afterwards. If the test feature works as it should, Signal will basically be kept out of your information -- as will everyone else. The feature is expected to roll out over the next few months, once the test run is out of the way.

Although the new option sticks to Open Whisper System's privacy commitments, it is still in its early stages. And, as Wired reports, the server-side use of SGX is relatively untested. To ease concerns, OWS is making the private contact discovery service open source, allowing the security community to nitpick it for possible exploits. All the crypto heads out there can get the low-down on the tech by reading Signal's blog post.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
327 Shares
Share
Tweet
Share

Popular on Engadget

Fujifilm's X-Pro3 can focus in almost complete darkness

Fujifilm's X-Pro3 can focus in almost complete darkness

View
US Air Force gets its first anti-drone laser weapon from Raytheon

US Air Force gets its first anti-drone laser weapon from Raytheon

View
Mazda's first electric car opens up thanks to 'Freestyle' doors

Mazda's first electric car opens up thanks to 'Freestyle' doors

View
SpaceX hopes to offer satellite internet to customers by mid-2020

SpaceX hopes to offer satellite internet to customers by mid-2020

View
Google Home update leaves some speakers unusable

Google Home update leaves some speakers unusable

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr