Signal Messenger tests feature to encrypt sender identity along with message

Signal says it's beta testing a feature to encrypt the "envelope" as well as the letter it contains.
(Emma Whitehead/Getty/Open Whisper Systems)

Signal, the encrypted messaging app, is testing a new “sealed sender” feature that aims to limit even further the amount of information it transmits, the company announced on Monday.

By the nature of the app, messages sent via Signal are end-to-end encrypted, meaning only the sender and recipient have the key to view the contents of the message. In the newest beta, the app will allow users to encrypt the identity of the sender

In a blog post, the company explains that Signal traditionally uses the Transport Layer Security (TLS) protocol to validate the sender’s identity and inform the recipient who that is. That means that, while the contents are encrypted, the sender’s and receiver’s identity can be intercepted. With the new feature, the app can also encrypt the sender certificate. The recipient’s client then decrypts the “envelope” containing the sender information with their own identity key.

“While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is. It would be better if the service could handle packages where only the destination is written on the outside, with a blank space where the ‘from’ address used to be,” Signal developer Joshua Lund wrote.


Users who want to go a step further can enable a feature that lets them field “sealed sender” messages from anyone, including non-contacts.

“This comes at the increased risk of abuse, but allows for every incoming message to be sent with ‘sealed sender,’ without requiring any normal message traffic to first discover a profile key,” Lund wrote.

Signal says this is part of an effort to collect, store and transmit as little information as possible about Signal users.

“These protocol changes are an incremental step, and we are continuing to work on improvements to Signal’s metadata resistance. In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development,” Lund writes. “We do not collect or store any sensitive information about our users, and that won’t ever change.”

Signal is developed by Open Whisper Systems, a donation- and grant-funded organization with the express purpose of providing a secure communication protocol. The Signal Protocol is used in Signal as well as Facebook-owned WhatsApp.

Latest Podcasts