How Signal is playing with fire
A push into untraceable payments could put end-to-end encryption at risk
Today, let’s talk about a little-discussed story that I worry could someday have big implications: the encrypted messaging app Signal’s introduction of anonymous cryptocurrency payments, and the opportunity it could create for regulators around the world who have been looking for an excuse to eliminate end-to-end encryption altogether.
A year ago, Platformer was the first to report that Signal was considering adding cryptocurrency payments to the platform. Signal CEO Moxie Marlinspike has served as an adviser to a currency called MobileCoin, which is built on the Stellar blockchain and is designed to make payments as anonymous as cash. As Wired described it in 2017, “the idea of MobileCoin is to build a system that hides everything from everyone.”
Last year, Marlinskpike told me Signal had merely begun some “design explorations” around a MobileCoin integration. “If we did decide we wanted to put payments into Signal, we would try to think really carefully about how we did that,” Marlinspike told me. “It’s hard to be totally hypothetical.”
In fact, work to integrate MobileCoin was already well under way — just as nervous employees had told me at the time. Signal announced a test of the integration in the United Kingdom in the spring, and it quietly rolled out to the rest of the world in mid-November. (The company’s typically chatty blog had nothing to say about it.) Here’s Andy Greenberg in Wired:
MobileCoin founder Josh Goldbard confirmed the timing of the rollout, and says that it spurred massive adoption of the cryptocurrency, which now sees thousands of daily transactions versus just dozens before the global beta release. “There are over a hundred million devices on planet Earth right now that have the ability to turn on MobileCoin and send an end-to-end encrypted payment in five seconds or less,” Goldbard says, referencing reports of Signal's total download numbers. […]
Signal itself didn't respond to Wired’s requests for comment on the global rollout of the payments feature. But last April, Signal creator Moxie Marlinspike explained to WIRED that he wanted to add payments to the encrypted video-calling and texting app to match features from rivals like WhatsApp and Facebook Messenger—while also bringing Signal's lauded privacy protections to monetary transactions. “I would like to get to a world where not only can you feel [a sense of privacy] when you talk to your therapist over Signal, but also when you pay your therapist for the session over Signal,” Marlinspike said at the time.
There’s nothing sinister about putting payments into a messaging app, and Signal is not alone in adding crypto payments to messaging: the company formerly known as Facebook has undertaken a multi-year effort to create a new currency and integrate it with WhatsApp and Messenger. What sets Signal’s effort apart is the combination of end-to-end encryption in messaging and a cryptocurrency with privacy features designed to make any transactions anonymous.
Last year, current and former Signal employees told me they were worried about what that combination would bring to the app. Anonymous transactions would likely attract criminals, they told me, and that in turn would attract regulatory scrutiny. Given that end-to-end encryption already faces legal challenges around the globe, they said, Signal’s addition of anonymous payments was a needless provocation. And it could give more ammunition to lawmakers who want to end encryption as we know it.
To make my own feelings clear: I’m in favor of end-to-end encryption, because in a world of ubiquitous surveillance and rising authoritarianism I think it’s important that truly private communication systems are widely available. But I also support anti-money-laundering and Know Your Customer (KYC) laws, which are useful in combating terrorists, murder-for-hire plotters, and other harms. If messaging apps are going to add crypto payments, it seems to me they at least ought to do so in a way that is consistent with those laws.
Other supporters of end-to-end encryption have privately lobbied Signal to be more cautious about its payment plans, I’m told. But Signal, which is funded by a nonprofit organization and relies on donations, has forged ahead anyway.
The question is how regulators might respond. India is already trying to implement rules that would require any messages sent on the internet to be “traceable,” effectively breaking encryption. Meta-owned WhatsApp sued the Indian government last year to prevent the rules from taking effect; the case is still pending.
The European Union is also considering ways to limit or break encryption outright, if somewhat less aggressively than India is. In the United States, the encryption debate has essentially reached a stalemate: there are occasional calls for companies to introduce backdoors for law enforcement, particularly after high-profile crimes, but lawmakers have not pursued legislation on the matter.
But the United States does have anti-money-laundering and KYC laws. At the moment, you can’t buy MobileCoin from a US-based IP address. But the risk is that prosecutors could still use existing laws to put pressure on encryption — first on Signal, and perhaps later around the web.
“Signal and WhatsApp have effectively protected end-to-end encryption from multiple legal attacks at the state and federal level,” said Alex Stamos, who worked on encryption issues while serving as Facebook’s chief security officer. “But the addition of pseudo-anonymous money transfer functions greatly increases their legal attack surface, while creating the possibility of real-life harms (extortion, drug sales, CSAM sales) that will harm them in court, legislatures and public opinion.”
Stamos predicted that a new attack on encryption could from a state regulator, such as New York’s Department of Financial Services, using existing regulations.
“In the US, the addition of payment functionality probably gives anti-encryption forces their best chance, as the First Amendment has never protected the anonymity of the movement of money, and payment processors have very serious federal and state laws they must comply with,” Stamos said.
Signal did not respond to a request for comment. As for MobileCoin, a FAQ page on its website says this:
People and entities misuse all types of financial platforms and instruments. Outside the US, MobileCoin can be purchased at www.buymobilecoin.com, which applies best practices of financial institutions around the world to prevent bad actors from obtaining MobileCoin. Any third-party entities that buy, sell, or trade MobileCoin apply their own standards and practices to vet persons or entities trying to purchase MobileCoin.
For its part, the foundation now running Diem — the oft-rebranded, Facebook-created cryptocurrency — has committed to following anti-money-laundering laws. WhatsApp launched a cryptocurrency payments test last month, though in keeping with the cursed nature of the project, Diem is not yet available there.
There are plenty of ways Signal could still head off any conflict with regulators. MobileCoin could add KYC features, or Signal could replace it with a more compliant currency. But little that the company has said or done over the past year suggests that it intends to do either.
If that’s the case, then backers of encryption can only hope that any fallout from Signal’s choices won’t harm end-to-end encryption more broadly. Given the threats private messaging faces already, a high-profile fight over money laundering is the last thing we need.
Elsewhere in cryptocurrency: “Cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.” (Chainalysis)
Some posts here are paid. For more great jobs in tech policy and trust and safety, or to create a listing, visit here. Nonprofits and academic institutions can post for free using the code NONPROFIT.
⭐ An incredible investigation into Tek Fog, an app built by India’s ruling BJP to hijack Twitter trends, compromise WhatsApp accounts, direct abuse at female journalists, and promote misinformation through prominent Indian social app Sharechat. An absolutely wild, somewhat hard to follow story that nonetheless illustrates once again what an easy time state-level actors generally have manipulating social networks. Here are Ayushman Kaul and Devesh Kumar at The Wire:
The screencasts and screenshots of Tek Fog provided by the source highlighted the various features of the app and helped the team gain further insight into the operational structure of the network of cyber troops using it on a daily basis to manipulate public discourse, harass and intimidate independent voices, and perpetuate a partisan information environment in India.
One of the primary functions of the app is to hijack the 'trending' section of Twitter and 'trend' on Facebook. This process uses the app's in-built automation features to 'auto-retweet' or 'auto-share' the tweets and posts of individuals or groups and spam existing hashtags by accounts controlled by the app operatives.
Google infringed on Sonos’ audio patents and can no longer import its products into the United States, the United States International Trade Commission ruled. Affected devices include Google Home smart speakers, Pixel phones and computers, and the Chromecast streaming stick. (Daisuke Wakabayashi / New York Times)
Despite platform efforts to scrub the Big Lie from their networks, multiple outlets found plenty of extremist content in the run-up to today’s anniversary of the January 6 Capitol attack. There’s more to be done, but it also seems clear that Republicans and Democrats simply live in different realities now. (Mark Scott and Rebecca Kern / Politico)
People are building algorithms in an effort to detect future January 6-style unrest. Do we really need algorithms for that? (Steven Zeitchik / Washington Post)
Right-wing internet forums have shown little enthusiasm for events commemorating the January 6 anniversary. Instead, “the groups have mostly focused on positioning the Jan. 6 rioters as heroes and martyrs and encouraged people to push local political leaders toward a far-right agenda".” (Sheera Frenkel and Ryan Mac / New York Times)
Seattle police issued a series of false radio communications in 2020 warning of a nonexistent group of right-wing extremists as part of an approved “misinformation effort.” The move escalated an already tense situation during that year’s racial justice protests. (Daniel Beekman / Seattle Times)
Kazakhstan appears to have shut off internet access amid protests over recent increases in energy prices. The country has a history of restricting internet access to limit protests. (NetBlocks)
Scammers are putting up QR codes on Houston parking meters asking people to pay for parking. This is terrible, and also genius. (Amanda Cochran and Taisha Walker / Click2Houston)
⭐ LinkedIn, eager to get in on all that hot Clubhouse action from … March 2020, is launching a Clubhouse competitor. Never change, LinkedIn. Here’s Ingrid Lunden at TechCrunch:
When it launches later this month, the new events platform will include tools to run interactive content end-to-end, with no need to use any other third-party software: hosts will be able to record and run the event straight from LinkedIn, and it will feature tools for online attendees and hosts to speak to each other in live conversations and to moderate discussions; and for attendees to communicate to each other both during and after events take place. LinkedIn will also, naturally, list events and help get the word out about them across its platform.
As for who will be hosting these events, the platform initially will be targeting individuals who are already using LinkedIn to connect with wider audiences — its own stable of Creators, as you might get on other social platforms like TikTok, except these are building content aimed at career development, professional topics and other LinkedIn-centric areas of expertise.
An analysis of the state of web3 finds that it has at least 18,000 developers committing code on open-source projects, with Ethereum and Bitcoin the most popular. Other fast-growing projects include Polkadot, Solana, NEAR, BSC, Avalanche, and Terra. (Maria Shen / Electric Capital)
Mozilla said it would stop accepting cryptocurrency donations after backlash. It came after a Mozilla founder tweeted that everyone involved “should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters.” (Jay Peters / The Verge)
Tencent’s WeChat app continues to grow despite China’s crackdown on consumer tech. The app gained 200 million monthly users of its search feature alone. (Zheping Huang and Sarah Ya-Ru Zheng / Bloomberg)
Those good tweets
Talk to me
Send me tips, comments, questions, and untraceable payments: firstname.lastname@example.org.