Bringing Signal to the desktop

The non-profit Open Whisper Systems (OWS) organization is best known for its smartphone apps: first TextSecure and, more recently, Signal. Lately, however, the project started branching out by developing a desktop front-end for Signal, thus allowing users to take advantage of verifiable, end-to-end encryption for instant messages and group chats from the comfort of a full-size keyboard. The desktop version remains linked to the smartphone edition, although opinions certainly may vary as to whether that constitutes a plus or a minus.

TextSecure was released as open-source software in 2011, followed by an encrypted voice-calling app named RedPhone in 2012. OWS then merged the functionality into a single iOS app called Signal in March 2015; the Android version was released in November of the same year. Signal Desktop was announced in December, via a beta program for which potential users had to sign up and wait to receive an invitation. As with all of OWS's projects, of course, the source code for Signal Desktop is available on GitHub.

The desktop client is implemented as a packaged web app for Google Chrome/Chromium. It is distributed through the Chrome Web Store but, as a "pre-release" app, it does not turn up in search results. One must get the link by joining the beta program.

The beta program has its share of peculiarities; when one signs up, the sign-up page reports how many applicants are ahead in the waitlist. I signed up in December (with many thousands of ahead of me in the queue) and only received the sign-up invitation in March. So patience may be advisable. Then there was the invite itself. The accompanying message reported that an OWS employee needed to add me to a private Google Group list before I could participate; the step requires altering one's privacy settings to allow strangers to automatically sign you up for discussion lists, which did not sound appealing from a privacy standpoint.

Evidently others have had that reaction in the past, though. After an inquiry, an OWS spokesperson provided an alternate means of signing up for the list, and all was soon well. As it turns out, the list's sole purpose is to publish the Chrome Web Store link to the Signal Desktop app. A bit convoluted, perhaps, but that process seems to be part of working with the Chrome Web Store ecosystem, rather than being a facet of Signal itself.

Like a lot of packaged web apps, Signal Desktop runs in a small window without any desktop integration (i.e., there are no native menus or buttons apart from the generic window-manager buttons on the title bar). All interaction takes place inside the rendered web view, although Signal Desktop can be configured to pop up transient notifications when a new message arrives (with several privacy levels to choose from, allowing the user to show full messages, just the sender's name, or nothing but a generic new-message notice).

Once installed, it is clear from the start that Signal Desktop is intended to be an extension of the mobile app, and not meant to serve as a stand-alone application. First, the desktop app cannot be set up independently; it can only be activated as a second "device" through a previously configured smartphone Signal account. Second, one can only start conversations with a new person by typing in their phone number (as opposed to the mobile app, where you can type in a contact's name). The other party will continue to be labeled by phone number in the app's recent-conversations list until you use the smartphone app to associate the number to a name.

The smartphone app has access to the device's contacts database, so it may be possible that some future version of the desktop app will support looking up contacts by name as well. Given the need to support iOS and Android (possibly with multiple devices for any single user), though, navigating the contact-data-privacy restrictions of multiple platforms while presenting a single UI might be a tricky task for OWS. In any case, there is no escaping the fact that, in Signal, a "user" is ultimately a phone number.

At present, the desktop app supports only text conversations; sending media attachments was mentioned in the initial announcement and there is an open issue for such a feature. A request for voice-call support, however, was locked and taken private, making it rather unclear what the future of that feature is.

The interface is simple. A list of recent conversations, sorted by date, sits on the left-hand side of the window. Clicking on a contact's name opens up the conversation history on the right. At the top of the conversation pane, the drop-down menus allow the user to delete messages, verify the other user's identity, or reset the conversation (that is, re-perform the Axolotl session-key exchange). The identity verification process is akin to the one used in Zfone and many subsequent ephemeral-Diffie-Hellman–based systems: a hexadecimal key fingerprint is displayed for both users; through some out-of-band means of communication, the users can read the reported keys to each other, thus ensuring that no man-in-the-middle attack is in progress. Group chats are supported, although any groups must (currently) be created in the mobile client.

Conversations, groups, and contacts are all synchronized between the desktop client and all associated smartphone clients. This synchronization takes place immediately for mobile clients, but if one shuts down the desktop client and all other running Chrome/Chromium processes, the data will re-sync at the start of the next session.

Signal Desktop is not a general-purpose desktop chat application; it exists to add convenience for existing users of the smartphone Signal clients. For some people, that may be seen as a drawback. One needs a mobile device to even get started, even apart from the concern that Signal for Android will not run on Android derivatives (such as Replicant) without Google's proprietary Cloud Messaging library.

On the other hand, a "mobile first" approach may attract far more users than a desktop tool ever would. Even if one does not buy the oft-repeated adage that the desktop is dead, smartphone platforms rapidly attract big user bases, and instant messaging is persistently among the most popular app categories. Secure desktop clients like Tor Messenger may be excellent, but that alone will not persuade millions to put down their phones and pull up to a desktop machine to talk to their friends.

As to the security of the system itself, it checks all the right boxes (literally, on the Electronic Frontier Foundation's secure messaging scorecard): encryption is end-to-end with forward secrecy, the source code is available, and the TextSecure protocol has been audited. It is also nice to see such a potentially important end-user tool released under the GPLv3, thus protecting against proprietary forks. The only real hangups to consider are the portions of the system that run through Google services, if one is concerned about that company's wide-scale ability to track user activity.

But the desktop client, once released to the public, will not require using Google Groups, and it may even be ported to work in other browsers. Better yet, if it takes off, then perhaps it will gain additional functionality—at some point, maybe even offering a messaging solution to those users not comfortable or interested in the mobile options. Given the ease of use that OWS has achieved in its products so far, that would be a win for free software indeed.