 So I wanted to take a minute to talk about secure messaging now things like email not secure the way the transport layers work and things like that email once again like so many protocols on the Internet were not designed to be secure so Moxie Marlin spike is a security researcher a very talented security researcher who spent a lot of time looking at how messages are passed back and forth in general and also cracking the methodologies for how those protocols work that being said that gave him a lot of insight to create the protocol that is the system that became signal so there's a whole iteration of this and I'm going to leave links you can read the entire progress the software the history of red phone and tech secure which were the two projects that now merge together now called signal and open whisper systems which is Moxie's company it it's really interesting if you're into that field but we're going to talk about just functional usage of the software and how it works I also have links to the source code that I'll throw in here and one of the things it's important to know about this is signal is based all on open source so you may get all of the pieces of it if you wanted to roll your own and build it out that's something important about any security tool if they don't release the source code they're using for it how do you know it's secure if they are a third party company that has all kinds of transit servers in the middle how do you know it's secure that they aren't decrypting it well a lot of those problems are solved in a very interesting way with signal one by being open source to buy himself being in a security community he has lots of quotes on the page from the vetting it has gone through by other security researchers who understand mathematics including Bush Nair the famous security technologist researcher who's also taking a look at it so it is not like they just oh yeah it's great I like it no they went and are able to see the code you're able to see the code whether or not your skill set is in reading code it has been thoroughly vetted the one thing we're going to start with is it does require a phone to start with either an Android or iOS phone with an working phone number to get it going that being said the way that works is it uses your phone number as a registration and you receive a text message on that phone and that text message you'll put back in as the verification code to authorize that phone they do have a desktop app they do have a kind of like a browser based app for chrome which is kind of cool I like the desktop app but you do those when you want to add other machines onto it like my laptop and my desktop I do so by starting with my phone you scan a QR code and I'll actually drag over here give you an idea what it looks like I put this where I put QR code this is where the QR code goes so when you open up the desktop app whether you're on windows mac or linux yes it's got full support for all of them you actually point your phones camera at this scan QR code and that's how you get the devices linked together which is nice because I don't really want to type on my phone all the time and it's a really convenient way to do this now things you can't do from the phone or can't do from the desktop that you can do from the phone is going to be some of the phone calls which is cool that it has that but that does have to be done from the phone itself that being said let's move a little further about some of the features on this so say anything send high quality group text chat video document picture messages it's not it's similar to SMS it can integrate with your SMS but the protocols actually using to use is standard internet protocol so you do need an internet enabled internet connected phone to get this rolling and to do the communication and the way it works on your desktop of course is over the internet as well the phone call I have tested it works quite well and once again it's not using standard to telephony protocol is not it's using data protocols over the internet that being said it creates a secure and encryption there as well stay private signal message calls collected and encrypted paints taking the engineer to keep your communication safe we can not read your messages or see your calls no one else can either this is a really important feature like I said all of this is an encryption and they solve a lot of these problems of being subpoenaed to find out who's who by simply not having the data they only can't essentially as a proxy between you and the person you're connecting to and the way you connect other people is having their phone number so by adding someone in your contacts list that also has signal they will show up on your list and it's kind of fun because I have so many security friends as soon as I loaded it all their names showed up on there that they're using signal and then you can do a verification with them to make sure it's actually them more on that in a second keep your chat history tidy messages you can set to disappear yes self-destructing messages are a thing and what that does is I know someone could do a screenshot that's really not what this is a protection against let's say I wanted to send you something and I have decided you're not an adversary or a friend and I want to send it this allows me to send you a screenshot and say you know whatever I want to send you a message but that message expired maybe it would be a password a temporary one but you don't want that in a message histories so if I send it and I set the timer that go ahead and do this and you get the timer to one minute five seconds whichever you choose when you set the timer the message disappears I know they could screenshot it you're wanting to give them the message anyways it's more of a historical thing if someone ever got a hold of their phone later those messages would be wiped from their phone so that's where that comes into play free for everyone this is another thing yes signal does not cost anything signals made for you is an open source project supported by grants and donations signal puts users first no ads no affiliate marketers no creepy tracking just open technology for fast and simple secure message experience the way it should be this is really important because they have gotten some major donations from large companies and Maxi himself is a security researcher making money in the field for doing his day job supporting this project so in it being open source if something were to happen to Maxi hopefully nothing does but it is an open source project and could be picked up by someone just that's one of the nice things about it now a little bit more on what they're doing there's Maxi, they're actually using and I think they've got it pulled up in here in the encryption protocols signal message encrypted with the tech secure protocol is what they used to call it the protocol combines a double ratchet algorithm pre-keys and a 3dh handshake using elliptic curve 2519 AES 256 now a lot of words here and like I said you can click these but this is really cool because this supports forward secrecy so first you have the encryption method between you and the proxy then inside of there is a temporary encryption key which is your perfect forward secrecy key which means that someone were able to see it in between essentially double encrypted then it's landed on the other person and those are ephemeral keys and what ephemeral means is it just goes away so doing all those steps right here and they're using all standard well documented protocols this is important because some companies have chose to roll their own security that's a scary thought unvetted security is a crapshoot it may be good it may be bad but until it's really been poked at nobody knows because they're using well documented security great it's been proven it's really good ciphers they didn't invent the wheel again when it comes to the encryption protocols they used it's really really simple now the other clever thing they do and this is where this is helped out in places that have tried to block it this is an example I think Egypt was one of the last places that made some attempts to block different things and one of the ways to get around is actually they use Google's cloud front system and it's called domain fronting so and I'll leave this link in article from wired in here as well so you can read through here to understand better what domain fronting does you can look it up as well the short of it is it's using content delivery networks and in particular they're using Google's CDN technology now the only way you can block signal so if someone's using it inside your building for example and you want to even block them there the only way you can do is block Google in its entirety you have to stop Google because that's very difficult in a lot of these other countries because Google as we know is kind of the default go-to using Google's content delivery network as a proxy system to get the signal across to other people means it's really really hard to block and the fact that once again as I've repeated here they don't keep your data you also can't subpoena them go I want to know what messages Tom sent so the only way they can get it is to actually get a hold of your phone hopefully using encryption on the phone but if you're using disappearing messages on a regular basis maybe even 24 hours they would only be able to get as far back as those disappearing messages were sent to and of course you can always purge out your messages on your own time and schedule as you see fit but this is just a really great tool it's really easy to use the signal app itself is I'm not going to show you screenshots of mine because for I kind of wish there was a way to fix this maybe I'll suggest a feature request it always puts the person's phone number right there and I guess it's not I don't know if it's I just want to be able to hide it but it's probably not real relevant because I only want to hide it for doing the video I didn't feel like trying to blur it out because it's got all my friends names in it and things like that but signal's been great I use it for anytime I got to send a secure message or just in general for messaging for any time you don't want things I mean everyone does like Facebook Messenger yeah it's really convenient but to the other side of that is you know they are the convenience they are offering because they are a business pushed by shareholders at Facebook they are slurping up all your messages so is Skype so are all these other companies so you just have to you know weigh the risks on there but for generally speaking using Signal Messenger as a secure messaging app because you want to have a discussion that you don't think should be between any more than you and the person that you want to speak with Signal is a great tool for that and I did notice that Telegram popped up over here there I'm not going to get in depth on Telegram they've had some issues they kind of rolled their own security they don't have security on by default unless they change something I really looked at them a while ago and I've decided to stay away from them and I don't think people some of the other people in the security industry including Bruce Schneier who did not have nice things to say about Telegram they have not changed their stance on it they are a lot smarter than me on this stuff so I'll trust their judgment on there and I'll keep using Signal but it's been a popular tool between me and a lot of my other friends that work in computer security and I use it to even talk to my wife you know this is if these are private messages I do not think Facebook needs to be in the middle of it or any other messaging company and Signal is a company that you know they're not keeping it so they're a good one to keep in there so hopefully you found this interesting it's like I said a great tool it's free so you don't really have an excuse for not trying it out unless you just don't like privacy or security but I can trust you can do some digging reading I'll leave all these links in here so you can you know read on your own about who Maxim Aron Spike is so you understand that because it's good to understand the people sometimes involved in these projects and what their intentions are and like I said this guy has got some really great security research that led him to discover this way you got a guy who spent a lot of time taking the internet apart to figure out how these things happen and is very aware of surroundings and then coming up with things that allowed people to bypass governments because he thinks private messaging is a right you do have a right to privacy and he's been fighting censorship with it which is just outstanding I really you know I really applaud the efforts that he's had here that's why even on his home page here and people who've endorsed him has been Edward Stoden as well it's like I said it's a really solid secure messaging app it's super easy to use you can just replace your current messaging app with it like your MMS and SMS and then in addition to your MMS and SMS use it for signal messaging so okay if you find this interesting you'd like to come in here like and subscribe if you have questions for me or thoughts on signal leave them below but yeah it's an easy tool to use it's got a desktop app it supports all the major platforms yeah give it a go and open source if you say man I think the protocol is amazing I don't even trust using your proxy servers go grab all the open source and write your own server that's I love companies that leave us all the code because that's the way we vet and understand this alright thanks