Add to Chrome
Add to Edge
Add to Firefox
Add to Opera
Add to Brave
Add to SafariWhen comparing Signal vs Online encryption tools, the Slant community recommends Signal for most people. In the question“What are the best ways to send secure, encrypted messages?” Signal is ranked 1st while Online encryption tools is ranked 8th. The most important reason people chose Signal is:
Signal uses an advanced end to end encryption protocol that provides privacy for every message every time.
Specs
Question Ranking
Pros
Pro Provides security and privacy
Signal uses an advanced end to end encryption protocol that provides privacy for every message every time.
Pro Free and open source
Signal is free and open source software, enabling anyone to verify its security by auditing the code. It's the only private messenger that uses open source, peer-reviewed cryptographic protocols to keep your messages safe.
Pro Supports encrypted group chats
Pro Has a desktop app
Signal Desktop can be used on multiple devices and has most features of the Android version, although it still requires you to register with your phone.
Pro Supports sharing of various different media types
Signal supports: emoji, pictures, videos, audio, contacts, any location and GIF.
Pro Note to Self feature
Allows you to "send: messages to yourself and sync to desktop so you can use Signal as a kind of encrypted Pushbullet alternative
Pro You can easily view all media exchanged
You can easily view all media shared in the chat without scrolling back to when it was shared.
Pro Annonymous Sender (Encrypted)
The sender credentials can be encrypted with the rest of the message, leaving only the recipient address readable by the Signal server. Even if Signal wanted they couldn't see who is talking with who by this mean.
Pro Works everywhere in every country
Unlike most messenger apps, Signal works reliably in all countries by securely circumventing internet censorship.
Pro Recommended by Edward Snowden
Edward Snowden uses this messenger and recommends it to everyone who is concerned about his privacy.
Cons
Con Needs access to your phone number and contacts to work
Con Single device
Signal can only be registered to one mobile device at a time. But you can link Signal to Signal Desktop.
Con Servers hosted in the US
A security risk due to National Security letters, which require giving up data to the US state, and making it illegal to disclose that.
Con Unreliable notifications
Sometimes messages won't be received if the Signal app has been closed for a long time or hasn't been opened after booting the device.
Con Shared passwords have many flaws compared to other approaches to encrypted messaging
Passwords invite crackability, since the user might not opt to generate them randomly. Password compromise means the compromise of every message encrypted with the same password, past and future. Symmetric encryption means you need a different password for each group. If there are more than two people passing shared messages together, the encryption scheme doesn’t add proof of a message’s origin, unlike other options.
Con Not open-source
(applies only to infoencrypt.com)
The JavaScript is minified and no original source is provided.
Con Weak use of encryption primitives
- Both services currently listed derive keys from passwords with 1,000 iterations of PBKDF2. The NIST-recommended minimum is 10,000.
- infoencrypt.com uses a fixed, public secret key for its HMAC, meaning the message can be tampered with undetectably without knowing the password:
Secret key is simply
infoencrypt.com,AES,128bin binary representation ([0x69, 0x6e, 0x66, 0x6f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x41, 0x45, 0x53, 0x2c, 0x31, 0x32, 0x38, 0x62])
Con In-browser encryption is hard to audit
With local open-source tools, you can read the source before running; with reproducible builds, you can also confirm that any precompiled packages are genuine. In a browser, it’s much harder to make sure that the source you’re looking at is what’s actually running, and that nothing else from the same origin is interfering with it. And your recipient has to do the same!
