Is the Signal instant messaging app putting its finger in a gear that may overtake it? This is the opinion of some observers, specialists in computer security, after having read the latest initiative of the service , which is still at an experimental stage. Indeed, in the United Kingdom alone, Signal is exploring a payment service called Signal Payments.
“ We want payments in Signal to be fast, private and work well on mobile devices, ” IM said in an April 6 blog post. And to begin with, the application continues, it is on MobileCoin that it bets. It is a cryptocurrency which, as the name suggests, is thought to be used like digital money on the smartphone.
According to the presentation, MobileCoin includes near instant transactions, in less than ten seconds. It also offers features to easily restore its currencies (MobileCoin currency is called MOB), including in the event of loss of the mobile. Finally, it claims to be eco-responsible: it claims to be much more economical in electricity than other cryptocurrencies, which require energy to operate .
But the specificity that concerns today is its level of confidentiality.
MobileCoin is pleased that » the whole ledger [which allows to keep a trace and to follow the transactions with MOB, note] is opaque, the individual transactions are protected by cryptography and the network uses the persistent confidentiality « . This process prevents the confidentiality of past exchanges from being questioned, even if its cryptography would be compromised.
However, it is precisely the high degree of anonymity that alarms, because in the eyes of some commentators, this could backfire not only against Signal, but also against end-to-end encryption in general. This is what Bruce Schneier, a specialist in computer security and cryptography, argues, in a blog post that was published on April 7. He especially fears the reaction of the authorities.
An unfavorable development for encryption?
“ I think that’s a terribly bad idea. […] The addition of a cryptocurrency to an end-to-end encrypted application blurs the morality of the product, and invites all kinds of government investigations and regulatory interference , ”anticipates Bruce Schneier. He cites haphazardly the FBI, the tax services, the stock market regulator or even anti-money laundering agencies.null
“ I don’t see any good reason to do this. Secure communications and transactions can be separate applications, or even separate applications within the same organization. End-to-end encryption is already at risk. Signal is the best app we have. Combining it with a cryptocurrency means that the whole system dies if one part dies ”.
Bruce Schneier’s fears over end-to-end encryption are not a figment of the imagination. As recalled in early March the Electronic Frontier Foundation , a key organization for the defense of digital freedoms, the boss of the FBI again demanded before American parliamentarians a backdoor on end-to-end encryption services, in the name of the fight against crime and terrorism.Leading cryptographers are concerned about the measure’s effects on end-to-end encryption. // Source: Facebook
The request from the current FBI boss is not new: Similar calls were made in 2017 , 2018 and 2020 , to take just a few examples. And this is not a debate specific to the United States: it also exists in France, as evidenced by the regular comments of the former public prosecutor François Molins, certain parliamentary initiatives and the reflections at the level of the government , or in Europe. .
Supporters of end-to-end encryption are already struggling to resist the assaults of those who wish to reduce it, to legitimately fight against crime, child pornography, terrorism and trafficking of all kinds. The arrival of payments will give another pretext to regulate these messaging services, in the name of the fight against mafia financing and money laundering.
In summary, this is Bruce Schneier’s analysis. And he’s not the only one to think so. In Wired , Matthew Green cryptography professor said equally concerned » signal as encrypted messaging product is really valuable. […] It terrifies me to see them mix up their history with the legislative and regulatory hell of cryptocurrencies and the vulnerabilities that go with it. «
Chance of the calendar, a decree appeared in the French Official Journal on April 4 on a similar theme. It focuses on the fight against the anonymity of virtual assets and anonymous electronic currencies. It provides for a tightening up of the national system for combating money laundering and the financing of terrorism. This decree updates a number of legislative provisions.
Thus, the text “ clarifies the ban on the use of anonymous electronic money for the purchase of digital assets. It also imposes on providers of digital asset services an obligation to identify their customers prior to any occasional transaction ”. In addition, “ it determines the procedures for verifying the identity of customers […] when entering into a business relationship. «
A risk for the moment limited?
Obviously, these issues did not deter Signal from moving in this direction. In any case, the announcement note does not mention it. The mobile app just welcomes explaining that it does not have access to the balance, full transaction history or funds, and that these funds can be transferred at any time to another service or app. .
One thing is certain: the choice of MobileCoin probably owes nothing to chance. Beyond its technical peculiarities, it turns out that the American behind Signal , Moxie Marlinspike – a pseudonym – has served as a technical advisor since the creation of MobileCoin in 2017, and that he was paid for it. He contributed to the technical design of cryptocurrency. However, he assures that he does not have any.Moxie Marlinspike, creator of Signal. // Source: John S. and James L. Knight Foundation
MobileCoin is based on Stellar blockchain technology. This is not based on proof of work – that is, computer calculations to be made – but on a particular type of consensus . This orientation explains why transactions are carried out more quickly, without a heavy energy footprint, by avoiding calling on all the nodes of the network to validate the exchanges, but only a part, some of whom are trusted.
Currently, MobileCoin has been trading on the FTX marketplace since December 2020. The peculiarity of FTX is that it does not allow transactions from US users, which can keep US regulators at bay. But Signal suggests a possible deployment in other marketplaces. And at Wired, a project member suggests arriving in the United States. But it might, in the meantime, frown some eyebrows in others. For example, in the UK, where testing is starting.