PostHole
Compose
Login
Why Signal won’t compromise on encryption, with president Meredith Whittaker
Today we're sharing an episode of Decoder with Nilay Patel featuring an interview with Meredith Whittaker, president of Signal.
Signal is the popular messaging app that offers encrypted communication. You might recognize Meredith’s name from 2018 when she was an AI researcher at Google and one of the organizers of the Google walkout. Now she’s at Signal, which is a little different than the usual tech company: it’s operated by a nonprofit foundation and prides itself on collecting as little data as possible.
Listen to more of Decoder with Nilay Patel anywhere you get your podcasts.
Learn more about your ad choices. Visit podcastchoices.com/adchoices
Why Signal won’t compromise on encryption, with president Meredith Whittaker
Signal messages are more private than iMessage and WhatsApp. Here’s how.
by Nilay Patel
Oct 18, 2022, 2:50 PM UTC
[Signal president Meredith Whittaker faces the camera.]
[Signal president Meredith Whittaker faces the camera.]
Photo illustration by William Joel / The Verge, photo by Florian Hetz / Getty Images
Why Signal won’t compromise on encryption, with president Meredith Whittaker
Signal messages are more private than iMessage and WhatsApp. Here’s how.
by Nilay Patel
Oct 18, 2022, 2:50 PM UTC
Nilay Patel is editor-in-chief of The Verge, host of the Decoder podcast, and co-host of The Vergecast.
Meredith Whittaker is the president of Signal, the popular messaging app that offers encrypted communication. You might recognize Meredith’s name from a different context: in 2018, she was an AI researcher at Google and one of the organizers of the Google walkout, during which 20,000 employees protested the company’s handling of sexual misconduct. Meredith also protested the company’s work on military contracts before leaving in 2019.
Now she’s at Signal, which is a little different than the usual tech company: it’s operated by a nonprofit foundation and prides itself on collecting as little data as possible. For that reason, it’s popular with journalists, activists, and people who care about their privacy — Signal even popped up in the Elon vs. Twitter trial because Elon was using it.
But messaging apps — especially encrypted messaging apps — are a complicated business. Governments around the world really dislike encrypted messaging and often push companies to put in backdoors for surveillance and law enforcement because, yeah, criminals use encrypted messaging for all sorts of deeply evil things. But there’s no half step to breaking encryption, so companies like Signal often find themselves in the difficult position of refusing to help governments. You might recall that Apple has often refused to help the government break into iPhones, for example. I wanted to know how that tradeoff plays out at Signal’s much smaller and more idealistic scale.
This is a good one, with lots of Decoder themes in the mix. Okay, Meredith Whittaker, president of Signal. Here we go.
Meredith Whittaker is the president of Signal. Welcome to Decoder.
Thank you. It is wonderful to be here.
There is quite a lot to talk about. The messaging market is pretty ferocious, and the encrypted messaging market has lots of complication with it. Signal is an interesting company structured in an interesting way. One of your jobs as president is to hire a CEO, which is in itself interesting and a pretty fascinating Decoder question. Let’s start with the very basics. Explain what Signal is and where it fits into the messaging universe.
Absolutely. Signal is the most widely used, truly private messaging app on the market. It’s used by millions and millions of people globally, and for people who use Signal, it may feel similar to other messaging apps. You open it, you send a meme, you get party directions, and you close it when you’re done talking to your friends.
But below the surface, Signal is very different. It is truly private. We go to great lengths not only to keep the contents of your messages and who you are talking to private, but to collect as little data as possible while providing a functional service. We differ from our competitors in that our mission is to provide a private app and in that we are not in any way connected to the surveillance business model. We have a very different model and a very different mission.
Signal is really interesting because it has this nonprofit foundation that sits over top of it. One of the reasons the surveillance business model exists is because that is an easy way to make a lot of money. Signal is obviously not doing that, there is this nonprofit. How is it structured? How does it all work?
The Signal Foundation is a nonprofit. The Signal Messenger LLC is under that nonprofit umbrella and the foundation exists solely to support the messaging app. So in more colloquial terms, we can think of Signal as a nonprofit. This means we don’t have shareholders and we don’t have equity, so we are not being structurally incentivized to prioritize profit and growth over our core mission. And you are not going to see a billion-dollar exit coming — we are not just biding our time until we can get rich and move to a superyacht. So it is a different structure, and a different model.
That doesn’t mean it’s any cheaper to develop Signal than it is to develop a high-availability surveillance messaging service. We are counting on a sustainability model that relies on donations and a nonprofit model, rather than secretly monetizing data in the background or participating in the surveillance business model, which is the dominant paradigm across the tech industry.
**It is across the tech industry, but not so much in messaging specifically. I actually want to push on that a little bit. There are obviously messaging services that look at everything that you send across their service and then aggressively try to monetize you based on what you are saying. I’m specifically thinking of dating apps, which really read all of your messages to figure out when they should nudge you into going on a date. Every time I hear about that it just strikes me as completely bonkers, but that is their universe.**
**Your head up competitors though, like iMessage and WhatsApp, are fully encrypted. Obviously, WhatsApp is owned by Facebook and there is a lot of controversy there. There is also a connection to Signal with Brian Acton, who was a co-founder of WhatsApp and is now on the Signal board. Those services are inherently encrypted. They are not reading your messages in the same way that the surveillance business model is predicated on collecting a lot of data. What is the difference in your mind between the two things?**
Listen to Decoder, a show hosted by The Verge’s Nilay Patel about big ideas — and other problems. Subscribe here!
Well, let’s take WhatsApp as a specific example. Again, WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day — and big props to them for doing that. But you can’t just look at that and then stop at message protection. WhatsApp does not protect metadata the way that Signal does. Signal knows nothing about who you are. It doesn’t have your profile information and it has introduced group encryption protections. We don’t know who you are talking to or who is in the membership of a group. It has gone above and beyond to minimize the collection of metadata.
WhatsApp, on the other hand, collects the information about your profile, your profile photo, who is talking to whom, who is a group member. That is powerful metadata. It is particularly powerful — and this is where we have to back out into a structural argument — for a company to collect the data that is also owned by Meta/Facebook. Facebook has a huge amount, just unspeakable volumes, of intimate information about billions of people across the globe.
It is not trivial to point out that WhatsApp metadata could easily be joined with Facebook data, and that it could easily reveal extremely intimate information about people. The choice to remove or enhance the encryption protocols is still in the hands of Facebook. We have to look structurally at what that organization is, who actually has control over these decisions, and at some of these details that often do not get discussed when we talk about message encryption overall.
[...]