Latest in Gear

Image credit: Signal

Signal test uses DRM to keep your contacts private

It's trialling Intel's SGX tech to keep your info completely hidden on its servers.
327 Shares
Share
Tweet
Share

Sponsored Links

Signal

Signal is generally viewed as the most secure encrypted communications app. So secure, that even the US Senate has approved it for staff use. And, to keep privacy experts on its side, Open Whisper Systems (the non-profit behind the app) has kept Signal open source and peer-reviewed. But, the developer is having to juggle robust privacy with all the popular features a chat app is expected to provide in this day and age. It's proven a tricky balancing act -- particularly in regards to access to user contacts. Just like its (now encrypted) rivals, Signal asks to import your phone contacts in order to tell you who's using the app. For the stricter privacy advocates, that's always been a niggling issue. But, Signal claims it has a fix. With its latest test, the app is trialling a completely private contact discovery service.

In other words, no one (whether nefarious actors, or even Signal itself) will be able to access that data, at least theoretically. To accomplish this task, it's utilizing an Intel processor feature known as Software Guard Extensions, or SGX. Originally designed for DRM, the tech essentially allocates a "secure enclave" in a processor that is kept isolated from the rest of a computer's operating system. The code running in that enclave is designated a unique key that only Intel can control.

In the case of the app, SGX will be fitted to Signal's servers. That way, when your contacts pass through them, they'll also be kept in this secure enclave for processing, and will vanish afterwards. If the test feature works as it should, Signal will basically be kept out of your information -- as will everyone else. The feature is expected to roll out over the next few months, once the test run is out of the way.

Although the new option sticks to Open Whisper System's privacy commitments, it is still in its early stages. And, as Wired reports, the server-side use of SGX is relatively untested. To ease concerns, OWS is making the private contact discovery service open source, allowing the security community to nitpick it for possible exploits. All the crypto heads out there can get the low-down on the tech by reading Signal's blog post.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
327 Shares
Share
Tweet
Share

Popular on Engadget

AT&T hikes TV Now prices by as much as $15 per month

AT&T hikes TV Now prices by as much as $15 per month

View
Samsung won't support Linux on DeX once Android 10 arrives

Samsung won't support Linux on DeX once Android 10 arrives

View
Twitch 'Watch Parties' let streamers watch Prime Video with viewers

Twitch 'Watch Parties' let streamers watch Prime Video with viewers

View
Recommended Reading: The Google Stadia controller prototypes

Recommended Reading: The Google Stadia controller prototypes

View
These $259 Bluetooth headphones are only $79 today

These $259 Bluetooth headphones are only $79 today

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr