The nonprofit behind Signal, Open Whisper Systems, is launching a new effort to make the encrypted messaging app even harder to crack.
The organization is testing a feature that will allow users of the app to look through their address books to make encrypted calls and texts, without the app having access to a user’s contacts, reports Wired. Members of the security and cryptography communities have said that Signal accessing users’ address books conflicts with the app’s promise of near-total security.
“When you install many apps today you get this little prompt that asks if you want to give someone access to your contacts. You get an uncomfortable feeling in that moment,” Moxie Marlinspike, the founder of Open Whisper Systems and Signal’s creator, told Wired. “This is an experiment in letting you not have that uncomfortable feeling.”
Open Whisper is developing a new method in which its servers mine users’ contacts to find other Signal users, while deleting the rest of the contact data, before it ever touches the nonprofit’s servers.
The company reportedly plans to rollout the feature to users within the next several months.
The new method makes use of a new Intel processor feature called Software Guard Extensions, which have a “secure enclave” in their processors that run an unalterable code. Open Whisper wants to run users’ address books through this enclave instead of their own servers, meaning that Signal could provide contact information for other users on Signal without ever actually seeing their contacts.
The new method is still just a test, but if it is successful, it could make Signal even more secure.