Encryption is hard. As the NSA leaks create new demand for secure voice and texting apps, it’s a lesson developers have learned over and over. It’s not just writing secure code — although that’s hard too — but ending up with a program that your average user can actually navigate.
When it comes to tackling that problem, Whisper Systems has an unusually strong track record. The company made RedPhone and TextSecure for Android, tackling encrypted calls and texts respectively. Now they're making the leap to iOS, and taking the opportunity to produce one of the company's simplest and most intuitive interfaces yet.
Aiming for the simplest encrypted call you'll ever make
It's called Signal, a free iOS app aiming for the simplest and easiest encrypted call you'll ever make. (No relation to the telecom startup of the same name.) The sign-up is as close to seamless as it gets: Just enter your phone number, put in the confirmation code, and you'll be ready. Your contact list is automatically imported during your first use, so it's just a question of how many of your friends are already on the app. The process will be familiar to RedPhone users, but the interface here is more polished, adopting the flat look of iOS 7 and 8.
Signal uses RedPhone's existing user base to its advantage. The app connects perfectly with its Android equivalent, any RedPhone users in your contact list will pop automatically into the app. It also takes advantage of RedPhone's physical infrastructure, which established a worldwide network of servers to route calls locally. "A big piece of call quality is latency," says developer Moxie Marlinspike. "If you're in Asia and you call someone else in Asia, you don't want the data have to go through Canada." Based on our limited New-York-based calls, the method works. Aside from some minor connection problems, the calls were as clear or clearer than what you’d get from a conventional line.
A worldwide network of servers to route calls locally
In exchange for the unorthodox infrastructure, you’ll get a lot more privacy than the average phone call. According to the team, Signal doesn't leave any metadata, the records phone companies produce of who you called and when. All an observer would see is that you called Signal's servers, and developers say the server doesn't keep any logs that could be pulled after the fact. Encryption is done locally on your phone, so even if the company wanted to decode your messages, it would have a hard time doing so after the fact. And in keeping with their previous apps, Whisper hasn't been shy about opening its code up for public inspection to ensure those promises check out. Signal is open source, meaning the entire codebase is set to be posted on Whisper's GitHub account as part of the launch.
The app is still in development, and the seams are still showing at various points. The team is planning to add text support this summer, but the result leaves some of the menus a little cluttered, with redundant or ambiguous features like the Inbox tab that won't serve a purpose until later. But the end result is still one of the most painless encryption tools out there, offering a much simpler sign-up than open-source projects like Pidgin and stacking up well against paid competitors like Silent Circle.
For the team, that’s the whole point. "Our objective is really to focus on user experience," says Marlinspike. "When it comes to something like secure voice, that's really the hard part."