Rejoice, O lovers of privacy! For Open WhisperSystems has released Signal for iPhone, which gives any and every iPhone wielder the power to fully encrypt their calls against prying ears — and is completely compatible with OWS’s time-tested and well-liked RedPhone for Android.
Under the hood, Signal uses push notifications to initiate calls, Amazon Web Services to route the data, and the ZRTP protocol, developed by Phil Zimmerman, to encrypt conversations end-to-end. You don’t need a new password or a new number; it’s built to Just WorkTM. Oh, and your call’s metadata is protected/discarded as well.
The Open WhisperSystems iOS team — security researcher Frederic Jacobs and astrophysicist / hacker / engineer Christine Corbett (disclaimer/disclosure; Christine’s a friend) — are also working on encrypted text communications compatible with OWS’s TextSecure for Android, and expect to release that as part of a new version of Signal later this summer. At that point, on the Android side, RedPhone and TextSecure will similarly be rolled into a unified Signal app for Android. Development is also under way on browser extensions so you can make secure calls from your computer.
One quirk of ZRTP’s anti-surveillance arsenal: to protect against Man-in-the-Middle attacks, it generates a random pair of words for each conversation — “hockey publisher” in the screenshot above. Users can ensure their word pairs match by simply reciting them to one another. If they don’t match, it’s a sign of a Man in the Middle.
It’s been a busy summer for Open WhisperSystems. A month ago they won a $416,000 grant from the Knight Foundation, and last week they also released Flock, a private — and, of course, highly secure — cloud-sync service for Android calendars and contacts.