Can Any Secure Messenger Hit Mainstream Status In 2020?

In case you have missed it, Signal has declared its ambitions to become the most popular messenger of them all, challenging WhatsApp’s position on top. Do they stand a chance? Is the gap in popularity too big? Is there anything to indicate that this mission is realistic?

The man on a mission is Brian Acton, a WhatsApp cofounder, who left his position after Facebook came into town, and is now playing for the Moxie Marlinspike team. 

Acton is sure that the fit is achievable, because “he made it before”. 

Well, let’s talk about that.

The Curious Case of WhatsApp Invention

At the time of this blog post, WhatsApp boasts an impressive 2 billion audience.

WhatsApp was founded by Jan Koum of Ukrainian origin in April 2009, more than a decade ago. 

The backstory that kickstarted the creation of WhatsApp starts as many others - the idea grew out of the problem experienced daily. As the story goes, Jan kept missing phone calls while working out. As the gym had rules that restricted entry with phones, Jan decided to make an app that informed others about the status of the contact, so that everyone would know if he was at the gym, a meeting, or occupied otherwise.

WhatsApp’s first iteration came out a month later, because Koum saw the potential in a 7-month old App Store at the time. 

The app tended to crash a lot, and almost pushed Jan to quit his project, when his good friend Brian Acton, who he knew starting 1997, told him to wait a couple more months. Acton knew something, as soon enough Apple introduced push notifications. 

Jan added them to his latest app incarnation, so that the “statuses” could be more visible. 

That addition inadvertently pushed WhatsApp to become closer to being a mobile instant messenger, allowing people to move away from expensive text messaging plans.

What Brought WhatsApp To The Dance?

WhatsApp disrupted an established market with a solution that was more affordable and functional. Everything aligned in a perfect moment, and through chance and luck, the app got the attention.

In October 2009 Brian Acton earned himself a prominent position in the company by bringing WhatsApp $250,000 in seed funding. The interest in the app was high, but co-founders didn’t want to hop on the first hype train of venture capitalists, as they felt it would push them to compromises. 

The pair wanted to create an ad-free app to stand out from the rest of the competition, repeating the mantra “No Ads! No Games! No Gimmicks!”, as both have underlined their annoyance in BS so prominent in other messengers, and marketing fluff in general. Also, they stated that no money was spent on user acquisition, relying on the word of the mouth, viral group messaging, and mass coverage.

“Marketing and press kick up dust. It gets in your eye, and then you’re not focusing on the product.”

In April 2011 the founders accepted $8M in venture capital from Sequoia. In February 2014 WhatsApp was acquired by Facebook for $19B. Six years later, Jan Koum is no longer the CEO of WhatsApp, and Brian Acton’s latest tweet states “It is time. #deletefacebook“.

In one of the interviews Brian Acton said the following:
“At the end of the day, I sold my company. I sold my users’ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.”

The Competition Is On, Signal Is The Clear Underdog

So we’ve managed to find out that WhatsApp exploded because it killed SMS, it's easy to use, and of course it is now related to Facebook. We learned that Brian Acton regrets his actions, and is now hoping to redeem himself by making Signal more popular.

So what do people answer when asked the question about WhatsApp’s popularity? Network effect, ease of use, it happened at the right time.

Not a lot of comments about privacy though, people don’t choose WhatsApp for security reasons. Quite often it is picked because it is the most popular one and you don’t have to invite contacts in it, most of the time. 

Security was not a selling point that convinced 2 billion people to use the app. And it probably won’t be enough to persuade the majority to join another app. So Signal’s decision to compete with WhatsApp in their sport of popularity, shifting priority from being a security-first, noise-second app is quite a head-scratcher.

It must be said, now that Moxie Marlinspike’s team looks to expand, and attract a more light-hearted audience, it will be dealing with questions they never got before. Brian Acton will probably have to go against his own beliefs again, having to spend money on user acquisition, marketing everyone in tech despises with passion, and gimmicks in the form of stickers and impressions.

The Personal Reasons For Choosing Instant Messengers

When people use a secure messenger, they are not only choosing the technology behind it, they also choose the people behind it. 

Most Signal users didn’t come to the Signal party for new sticker packs or “impressions”, but looked for a place where they could discuss their business confidentially, with no bells and whistles. 

The same things Acton shied away from in the first place.

Not so long ago WhatsApp, who uses Signal protocol to provide end-to-end encryption of voice and video calls, decided to use the 2 billion user milestone to promote the importance of end-to-end encryption, that often gets questioned by the government.

“For all of human history, people have been able to communicate privately with each other, and we don’t think that should go away in a modern society,” said WhatsApp CEO Will Cathcart. 

By playing the popular “privacy” card WhatsApp hopes to replicate what Signal has done - convince the audience they are secure. And at the end of the day, all we can see is two apps desperately trying to be each other. 

European Commission Chooses Signal For Encrypted Messaging

While government agencies switch to Signal for safer communication, people continue to yell at WhatsApp for making security snafus.

The latest incident of WhatsApp groups indexing, or the possibility to install spyware by making a video call made the public throw their arms in the air and talk about how awful it is. 

And yet when a decorated Google Project Zero researcher Natalie Silvanovich discovered that malicious users could force an answer to their call with no interaction from the recipient in Signal, people didn’t react in the same way. 

This bug turned on the microphone of a targeted device, which enabled remote eavesdropping.

"Using a modified client, it is possible to send the ‘connect’ message to a callee device when an incoming call is in progress but has not yet been accepted by the user.” - shares Silvanovich.

The attacker could send the signal quickly, and the phone didn’t have to ring for too long. Natalie Silvanovich added that this remote attack surface was possible due to the limitations in WebRTC. 

The Signal team urgently patched the vulnerability and released version 4.47.7.

Everybody Has A Weakness, And A Weakness Can Be Leveraged

While Signal’s reputation is good, it's not spotless. 

Nobody is immune to vulnerabilities, and I feel like everyone deserves to be blamed equally for mistakes that could violate user privacy, no matter what the name of the company is.

So, to answer the question, can any truly secure messenger ever reach mainstream status in 2020?

No. 

The gap is too big, the focus of one of the biggest contenders is wrong, people made WhatsApp popular for other reasons, and even people looking for privacy look to dismiss security incidents if they are made by the messenger they like. 

The only thing that could play into Signal’s hands is that ads would actually come to WhatsApp, but now it looks like the #1 messenger decided against it, and realized that bringing ads to the encrypted services comes with challenges. 

The biggest threat to WhatsApp’s popularity is not Signal, its greed.