iMessage vs signal

Which is more secure imessage with iCloud turned off or signal?

“Which messenger is the most secure?”

1 Like

Signal, period.

Why? they encrypt everything even metadata, snowden recommends it and it’s non profit company and on top of that, its open source and many more features

1 Like

Signal has a stronger encryption than iMessage which is 128 bits “only”. Signal is open-source and iMessage is not so you can’t be sure Apple is not reading everything as well as the NSA, the martians who are planning to invade New-York etc… Also with Signal you can visually verify the key of your other contacts if you meet them in person. Not with iMessage, meaning “man in the middle” attack is possible. iMessage saves all the history linked with your AppleID … so 1 password. Meaning if someone get your AppleID password they could, in theory, restore your iMessage since the beginning of time (In practice it would restore since your phone started to automatically backup on iCloud and nowadays there is the “iMessagen on iCloud” sync feature which is convenient but in terms of privacy it may not be the best option when compared with Signal). Other thing to consider is the fact if someone you’re talking with on iMessage buy a new iPhone and continue messaging you from this new iPhone you won’t notice that change… so it means you can’t be sure of the person you’re talking to : if someone with necessary technical knowledge performed a key insertion attack you can’t know that. Signal uses a better encryption method ( Diffie Helman if I’m not mistaken, vs RSA for iMessage) and because Signal is open source you don’t have to trust a business to download it : you can build your own Signal. And with Signal when you have an active conversation with someone it gives you a warning if the other person has changed something which modifies the encryption key (for example is now texting from a new phone etc…). So Signal is better hands down.

Now if your comparison would have been : normal texting vs iMessage then iMessage is way better than dumb texting. Normal texting is not encrypted at all, your phone provider reads everything and keeps everything for God know how long and in the U.S phone providers have NSA black boxes in some of their data centers where they “read” all text messages for keywords (some other countries are known to do similar thing too) and then do… whatever they want with it. With iMessage there is at least encryption, even if it’s not the best, and iMessages do not go to phone provider data centers and, officially, would be seen by no one else than the 2 people in the conversation…which is impossible to prove because not open source but since the Apple vs FBI headlines some years ago we can say it should be way less worse using iMessage than normal texting. I would also consider iMessage less worse than things belonging to Facebook (WhatsApp and this kind of crap) but if you can try to switch to Signal and to convince your friends and family to do the same.

Yeah iMessage uses public/private keys with RSA 1280-bit keypairs for encryption. Anything under 2048bit isn’t recommended these days. The public key is shared to the Apple directory service (IDS), but the private key is held on the device.

1 Like

We actually have an article on how to chose the right messenger, hope this helps.

1 Like

one comment heree, i think the key thing here is that signal doesnt even collect metadata (meaning who with who is talking when and where, as whatsapp does) so there’s no need to encrypt those metadata as they do not store it (assuming you mean encryption at rest), I assume encrypting data in transit is obvious and a must for a reasonable communicator,
to be even more precise some time ago signal introduced sth called as PIN in order to be able to switch signal account easily to another phone, that’s needed espcially for iphone version, after many users complain they gave an option to turn it off, BUT here i’m not sure fully sure but some claim that even if you turn it off they STILL keep some basic information about your profile on their servers (e2e encrypted of coursee) but still they keep it, some basic info about signal profile, previously they used to store only phone number, date/time of registering and last connection to the server

well, i was not aware about that so i don’t have sources to face it to you and say yes or no but from my sense that their team care about our privacy i would assume good about it like i would say sort of a bug and now fixed

Signal By Far
iMessage is bad for privacy in general