Signal — What this app is and why we should use it

In a world of always-online, marketing, and advertising, what data of yours *isn’t* being tracked anymore? With Signal, you can take your text messages, group messages, and phone calls out of the equation and start taking back your privacy for free.

You may have heard of Signal, or seen the Signal icon in your phone’s respective App Store. But what is it? This well-built, open-source, and peer-reviewed app for your phone and computer can send and receive text messages and multimedia messages, group texts, handle phone calls for you, and more!

But this isn’t your grandma’s messaging app. There is something specific about it that makes the free app worthy of mention, and recommendation:

Privacy.

Ah, privacy. It used to be something we all had. However, with the rapid growth of a connected and online world, most people enjoy significantly less privacy than they previously did. Websites track you, apps send data about you to their developers, your purchase history, search history, web browsing history, and so much more is bought and sold by businesses around the world in an effort to better advertise to you — or accomplish more nefarious objectives. So…Signal?

Signal offers privacy that other messaging applications do not. Any phone calls or messages sent from a Signal user to another Signal user are end-to-end encrypted, making them very difficult for unwanted listeners/viewers to access. Beyond that, you can rest assured your data isn’t being collected and sold to the highest bidder since the only data Signal retains about its users is:

  • Unix timestamps for when each account was created
  • the date that each account last connected to the Signal service

You can read more about the data they store, and also examples of data they have provided when previously subpoenaed in this article.

Photo from CNBC

Signal provides a variety of optional features that we’ve seen claim popularity on other platforms (that are definitely tracking you and selling your data) such as:

  • Group messaging
  • Stickers, emojis, GIFs, and other animated graphics
  • Disappearing messages
  • Typing icon/notifications and other chat-like features
  • Customizable conversations and notifications per-conversation
  • Voice and video calls — including group video calls
  • Registering with your phone number instead of creating a complicated account
  • No cellular service required when sending between Signal users as long as you have WiFi (think like iMessage or Facebook Messenger, both of which may invade your privacy, especially given their companies’ history with data and privacy issues)

…and all of it can be encrypted and completely private. If all your contacts aren’t on Signal yet, that’s okay; it won’t get in the way of communicating with them. Signal handles regular unencrypted text, multimedia, and group messages just a quickly and elegantly as Signal messages.

Funded by grants and donations, open-source, peer-reviewed and audited, Signal is a best bet in maintaining your privacy while communicating.

You can get Signal for your device at these links as of date this article was published:

Android | iOS | Windows | macOS | Debian-based Linux Distributions

Give it a try! Getting started and using Signal is fast, simple, and secure. A best of all, it’s both private and free. Join me on Signal today! If you’re already a Signal user, or decide to try it, leave a comment below with your thoughts on the encrypted messaging service, what you like or don’t like, as well as any thoughts you have on the privacy issues surrounding our online world.


This article is not sponsored by Signal or any of their affiliates.

Featured image from dnaindia.com.

Launcher Lawlessness

Think back to 2005. You pop your Star Wars Battlefront II–or Age of Empires III, or Medal of Honor, et certa–disc into your PC and start to play. Ah, those were the days of simplicity! But no longer.

Popular Launchers (Source: Google Images)

It is now 2019 and many of the most popular PC games are accessible via game launchers. Some of the most widely-known launchers are:

  • Steam
  • Epic
  • Blizzard (formerly Battle.net)
  • EA Origin
  • GOG

Even Minecraft has its own launcher these days. Steam is the most comprehensive launcher with more than 780 million games available for purchase/download (according to Forbes in 2014). Some launchers host their own developers’ exclusives (such as Blizzard and their World of Warcraft or EA’s Origin and the Battlefield games), while others host a wide variety of games from many developers and studios–GOG and Steam are examples of this.

Overall, these launchers can be helpful because of the easy updates, information, and access they provide. However, launchers come with a dark side, too. With the advent of the internet and big data, information has become a currency; much like actual money, people go through great lengths to protect their information. Online privacy is an increasingly hot-button topic and the intersection of information security and game launchers has the gaming community fired up.

In 2014, EA’s Origin launcher was accused of snooping around personal files and system processes unrelated to its application. Usman Pirzada wrote an article which summarized the concern adequately (you can find it here). While EA claims to have addressed the concern, and many gamers concur, there are still reddit threads and other question out on the web years later asking “is Origin still snooping?”

More recently, Epic games has come under fire for supposed evidence of their launcher snooping around users’ systems–particularly in personal directories such as your Steam library–where it has no business snooping. u/notte_m_portent on reddit explained the concerns nicely in their post. Several knowledgeable commenters laid several of the concerns to rest, while others remained questioned.

u/SmileyBarry explains:

EGS isn’t trying to access DLLs in Fiddler directly. Fiddler adds its installation folder to your %PATH% variable on-installation (so you could run it by just typing “fiddler”). When you load a DLL by-name and not by-path (which seems to be the case since it looks like an import table entry, which are only by-name), Windows goes through all the folders in your %PATH% looking for the file you named. Fiddler was one of those folders.
As someone else said, “tracking.js” looks like some analytics library like almost everyone uses. The embedded store itself is probably a web frame that uses analytics because their web development department (like all of them) wanted to.
Reading about your root certs, IE COM classes, IE cookie folders, and other IE-related things are all part of WinHTTP. (and ironically why you can even MITM it with Fiddler, since if it used some standalone HTTP library like libcurl it wouldn’t accept your new root CA) That happens automatically when you create a session or connection and isn’t Epic’s doing, nor is it malicious.
The hardware survey bit is a little privacy-invasive but it’s probably the same hardware spec gathering that AAA game devs already do without asking you (it’s in the EULA), Steam is more of an outlier here.
EGS talking to itself is just standard IPC practice: some apps use localhost sockets (a common Linux practice), some apps uses pipes, etc.

https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_game_store_spyware_tracking_and_you/eik0h76?utm_source=share&utm_medium=web2x

While the technical side of the software and its interactions with the operating system and user files can largely be explained, other behaviors are left questioned with no logical explanation, as u/jhartikainen put:

I was looking at this first “oh God not one of these threads again.” A lot of registry access, DLLs, browsers, can be fairly normal because the launcher uses a browser to display stuff, etc. so it might need to load [stuff].
But it actually looks shady now that I looked into it.
I noticed that for some reason it looks up a lot of stuff in my Steam directory. What possible reason does it have for this?
I don’t fully buy the anticheat idea. It does this stuff just when you start the epic games launcher. Why would just that trigger an anticheat?
I looked at the network traffic quickly and at least it doesn’t seem to be doing anything dodgy there… so who knows what’s up with this.

https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_game_store_spyware_tracking_and_you/eihnqjy?utm_source=share&utm_medium=web2x

Daniel Vogel, VP of Engineering at Epic Games made a statement in response to redditors’ concerns just this past month, stating;

The launcher scans your active processes to prevent updating games that are currently running. This information is not sent to Epic.
We only import your Steam friends with your explicit permission. The launcher makes an encrypted local copy of your localconfig.vdf Steam file. However information from this file is only sent to Epic if you choose to import your Steam friends, and then only hashed ids of your friends are sent and no other information from the file.

https://techraptor.net/content/epic-games-responds-to-allegations-of-tracking-steam-data-with-epic-games-launcher

While that sounds comforting and all, some investigation by Madjoki shows that the launcher searches for Steam installs then proceeds to get a list of files in your Steam cloud. The files contain lists of your friends and games that you’ve played (including how long you’ve played them). With a little digging, you can find this data within the Epic launcher files. Strange.

Simply because EA and Epic have been called out for these concerns, does not mean that gamers should not have the same concerns with other launchers–Steam included. With less-than-adequate evidence on each side of the argument and a lot of A-said-B-said, this topic isn’t going away any time soon. It’s in gamers’ best interest to stay up-to-date on the issues, carefully read the End User License Agreement (EULA) and Terms of Service (ToS) for all games and services they use, as well as have an understanding of what data is on their computers and what can access it.

What are your concerns with launcher privacy issues? What are your thoughts on the “if you don’t like it, don’t play” mentality? I look forward to hearing from you. We’ll see each other next time!

Game on,

~ Griff