Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Signal Working on Improving Anti-Spam Capabilities

Privacy-focused communication platforms Signal is sharing information on the improvements it has made to its spam-prevention capabilities.

The task of keeping spam out of user’s inboxes, Signal says, is more difficult compared to other messaging services, because the company does not have access to the contents of messages, and has to fight spam without social graphs.

Privacy-focused communication platforms Signal is sharing information on the improvements it has made to its spam-prevention capabilities.

The task of keeping spam out of user’s inboxes, Signal says, is more difficult compared to other messaging services, because the company does not have access to the contents of messages, and has to fight spam without social graphs.

Unlike Signal’s underlying code, which is open-source, the code for fighting spam is kept secret, to prevent bad actors from finding bypasses.

One of the ways in which Signal fights spam is message requests, which ensures that users have access to more contextual information regarding a message that comes from someone who is not in their address book, before accepting, deleting, or blocking that message.

[ READ: Signal Adds Face Blurring Tool to Protect User Privacy ]

To prevent spammers from luring users with the help of provocative profile photos, Signal is blurring profile photos initiated by senders outside of the recipient’s address book. Conversations and profile information (including photos) are end-to-end encrypted.

In another attempt to fight spam, Signal said it decided to no longer hyperlink URLs that are rendered on the message request screen.

In addition to these minor tweaks, which lower the effectiveness of individual spam messages, Signal also added recourse for recipients for unwanted inbound messages. Users can now report a message as spam when blocking someone from the message request screen.

Advertisement. Scroll to continue reading.

[ READ: Signal Provides Only Two Timestamps as Response to Grand Jury Subpoena ]

Because Signal is designed in such a manner that clients do not trust the server even when it delivers end-to-end encrypted content, server-side inspection of message content is not possible, and the platform relies on message behavior to identify spam and enforce limits.

“When a user clicks “Report Spam and Block”, their device sends only the phone number that initiated the conversation and a one-time anonymous message ID to the server,” Signal said.

For accounts repeatedly reported for spam and network traffic that seems automated, the platform can issue checks to senders, thus preventing them from sending more messages until they have completed a challenge.

Signal is also building “spam-battling logic in a separate server component” and plans to make the interfaces to the code public, while keeping the implementation private.

Related: Signal Provides Only Two Timestamps as Response to Grand Jury Subpoena

Related: Signal Adds Face Blurring Tool to Protect User Privacy

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.