Archiv für den Monat April 2021

A Guide to Apple’s New App-Tracking Controls (ATT) in IOS 14.5

It’s the biggest lie of our time: “I have read the terms and conditions and privacy policy.”Read a bajillion words of legalese before hitting “agree” to use an app? Surrre.Yet I have one request for you when iOS 14.5 arrives on your iPhone and privacy pop-upalooza begins: Read them. Lucky for you, they’re short and crucial to understanding how your most personal info is used.

As for how you choose to answer these prompts, I have some advice on that, too.

On Monday, after many months of anticipation, Apple AAPL -0.24% released iOS 14.5. The update isn’t as big as the full-digit release that typically arrives each September, but it does have a few useful upgrades.Siri has some new, more realistic voices. If you’re setting up a new device, the virtual assistant no longer defaults to a female voice —something I’ve long advocated for. Then, there’s the new mask-unlock trick. If you’re wearing a mask and want to unlock your iPhone without punching in a passcode, you can use your Apple Watch to confirm it’s you. Oh, and there’s a redesigned syringe emoji. No sore arm included.But the most important and most controversial update? App Tracking Transparency—abbreviated to ATT. The privacy feature requires any app that wants to track your activity and share it with other apps or websites to ask for permission.“We really just want to give users a choice,” Craig Federighi, Apple’s senior vice president of software engineering, told me in an exclusive video interview. “These devices are so intimately a part of our lives and contain so much of what we’re thinking and where we’ve been and who we’ve been with that users deserve and need control of that information.” He added, “The abuses can range from creepy to dangerous.”

Many apps on your phone will begin showing pop-ups like these.

PHOTO: JOANNA STERN/THE WALL STREET JOURNAL

App developers, advertisers and social networks dependent on ad revenue don’t see it as such a humanitarian decision. For years, they’ve relied on this sort of tracking and sharing your info with data brokers to build a dossier on your digital habits to serve you highly personalized ads. Facebook has been vocal about Apple’s move, calling it “harmful to small businesses,” “anticompetitive” and “hypocritical.”“It’s people opting out without understanding the impact,” said Graham Mudd, Facebook’s vice president of Ads & Business Product Marketing. “If you look at Apple’s language and the lack of explanation, we’re concerned that people will opt out because of this discouraging prompt, and we will find ourselves in a world where the internet has more paywalls and where far fewer small businesses are able to reach their customers.”

“It wasn’t surprising to us to hear that some people were going to push back on this, but at the same time, we were completely confident that it’s the right thing,” Mr. Federighi said. While the feature’s rollout has been delayed, Mr. Federighi said that was caused not by backlash but because Apple had to make sure app developers could comply when a user opted out of tracking. Mr. Federighi said Apple worked hard on the clarity of the prompts and has created privacy-respecting ad tools for developers.After years of writing about the need for more privacy control, I’m grateful for the choice. But this is much more than just some eeny-meeny-miny-moe decision. This is a choice about who you think deserves your personal information, and how targeted you want the marketing in your feeds to be. When presented with a pop-up, here’s what to consider.

Option 1: Ask App Not to Track

This is your hands-off-my-data choice.Tapping this tells the system not to share something you probably never knew you were sharing, called an IDFA—Identifier for Advertisers. For years all iPhones have had this invisible string of numbers used for tracking and identifying you and your activity in and across apps. (Android has something similar.)Here’s an example of how it works: You download a free, ad-supported sleep app. A few hours later you start seeing ads for adult onesies in your Facebook feed. You also start seeing ads in the sleep app pertaining to other interests of yours—potentially as innocent as dish soap or as personal as fertility treatments.Behind the scenes the sleep app and Facebook were communicating about you using that identifier. And since most apps use it, the data attached to yours can include the apps you’ve downloaded, your search history, your purchase history, your recent locations and more.Tapping this option will restrict the app from accessing that tracking number (which your device no longer shares by default), but it also tells that app you don’t want to be tracked using sneakier means. That’s why it says “Ask App Not to Track” rather than “Do Not Track,” Mr. Federighi explained.Apps that might ignore the policy and continue to track through other means could be punished in the App Store, he added. “They might not be able to provide updates or their app could even be removed from the store.” Translation: Follow the rules or get out.The appeal of this option doesn’t need my explanation: Stop the tracking and the “surveillance capitalism,” as some call it, that’s been happening behind the scenes all these years.Those who prioritize privacy—or just don’t like pop-ups—can opt out of tracking altogether with a universal setting that tells all apps, “No.” On your iPhone go to Settings > Privacy > Tracking. You’ll see “Allow Apps to Request to Track.” Turn it off and apps won’t ask—and they won’t have access to your identifier.

If you want to stop tracking across all apps, and prevent future pop-ups, go to Settings and turn off ‚Allow Apps to Request to Track.‘

PHOTO: JOANNA STERN/THE WALL STREET JOURNAL

If an app doesn’t have a pop-up, it doesn’t have your identifier and it shouldn’t be tracking and sharing your info with other apps. Apple’s own apps won’t have pop-ups, Mr. Federighi said. Google has also announced that many of its iOS apps will no longer use the IDFA.

Option 2: Allow Tracking

Tap this option and your data flows like the Mississippi—at least among the apps that get your consent. App makers have two opportunities to explain how they will use the data and convince you they’re worthy.When you get the pop-up, under the question “Allow [app] to track your activity across other companies’ apps and websites?” you’ll see a message from the app maker in small text. Most are short and tend to explain the need to track for “relevant” or “personalized” ads. Still, read them—you may be surprised by what’s said.Others go a step further. Before you get to that official pop-up, some will show a full screen explaining the benefits of advertising and how they use personal data.Merriam-Webster sure got my attention: “The Collegiate Dictionary and Thesaurus with hundreds of thousands of entries are free, but we couldn’t do that without ads.” That’s one way to pull at the heartstrings of a professional writer. The McDonald’s app offering more ads for “food you love”? Not as compelling.

Before you see the official iOS prompt, apps may show a full screen encouraging you to opt into tracking.

PHOTO: JOANNA STERN/THE WALL STREET JOURNAL

When I asked business owners and execs in the ad industry and social media to explain why people should tap “Allow,” their answers boiled down to the following:

  • You want relevant ads. Many tracking pleas mentioned the days when our social-media feeds were full of pointless ads. “I don’t have a baby. I don’t even like babies! Why are you trying to sell me diapers?” But remember tapping this won’t make all ads—and not even all relevant ads—go away. There are still ways to deliver targeted ads without this sort of tracking.
  • You want to support small businesses. “As a consumer and mother, I get it. As a business owner, this sucks,” Erin LaCkore, a 35-year-old owner of LaCkore Couture, a small jewelry brand, told me. “There are so many more people I would be able to reach.” Facebook’s ad tools allow her and many other small businesses to carefully target people who would be interested in their products.

“When people go to make this decision, I want them to A) think of their safety but B) what you might have missed out on that you might have loved as a consumer,” she added. (My colleague Christopher Mims explored the impact on small businesses in a recent column.)

  • You want the internet to remain free. Facebook argues this move threatens the ability for apps to remain free and ad-supported. Mr. Federighi said that there was a similar response years back when Apple introduced privacy features in Safari, yet ads still appear on websites viewed in Safari.

Unsurprisingly, the vast majority of people will likely say no to tracking. AppsFlyer is a measurement firm that helps businesses evaluate ad-campaign performance. According to the company’s data, based on the early use of ATT in iOS, the opt-in rate was an average of 26% per app across nearly 550 apps. People are more likely to allow tracking with nongaming apps and brands that they trust.Whatever you decide, you can always change your mind. In that Tracking section of your Privacy settings, you can adjust your choice for each app.“People have their own sense of privacy and how important it is to them,” Mr. Federighi said. “So we will all make our personal decisions.”His personal decision? Oh, he’ll be opting out. I plan to do the same for many apps—especially ones that handle my most personal information—but I will consider it case by case, and read each pop-up with care.

Apple vs. Facebook: Why iOS 14.5 Started a Big Tech Fight
YOU MAY ALSO LIKE
UP NEXT
0:00 / 8:51
0:00
Apple vs. Facebook: Why iOS 14.5 Started a Big Tech Fight
Apple vs. Facebook: Why iOS 14.5 Started a Big Tech Fight
A new privacy feature in Apple’s iOS 14.5 requires apps to request permission to track you. And Facebook isn’t happy about it. WSJ’s Joanna Stern put Facebook CEO Mark Zuckerberg and Apple CEO Tim Cook into the ring to explain why this software update has kicked off a tech slugfest. Photo illustration: Preston Jessee for The Wall Street Journal

How This Apple IOS Feature Will Change Your iPhone Forever

Apple’s biggest mid cycle operating system update ever, iOS 14.5, is due to launch over the next few days, the iPhone maker has confirmed. The iOS 14.5 ugrade includes a barrage of cool new features, but the most outstanding by far is App Tracking Transparency (ATT)—and it will change your iPhone forever.

ATT has ruffled many feathers across the advertising industry because it effectively spells the end of the IDFA (identifier for advertisers), a unique device code that companies use to track your activity across iPhone apps and services. The iOS 14.5 privacy change hurts companies such as Facebook the most, and the social network has been protesting against ATT for months.

What exactly is ATT?

ATT is a feature that requires app makers to ask for your permission to track you across iPhone apps and services. In reality, that means after upgrading to iOS 14.5, you will see a pop-up box (see picture below), which reads: “Allow X to track your activity across other companies’ apps and websites?”You can then choose “Ask App not to Track” or “Allow.”

In iOS 14.5, if you ask the app not to track, it will lose access to the IDFA, the unique device code I mentioned earlier. Apple has also stipulated that app makers must not track iPhone users in other ways using data such as email addresses.

Why has Facebook kicked up such a fuss about ATT?

Facebook has been very vocal in its opposition to ATT since the feature was delayed from the initial launch of iOS 14.5 last year. The social network even took out full page newspaper ads to criticize Apple’s privacy move, saying it would hurt small businesses the most.It’s true the iOS 14.5 privacy change will impact small advertisers, but it is the likes of Facebook who will be impacted the most. Unlike Apple, whose business model is based around the hardware and services it sells, Facebook’s is based around advertising. Access to the IDFA has helped data-hungry Facebook to demonstrate the effectiveness of ad campaigns. You might see an ad on Facebook, then Google the company’s website and make a purchase. If you allow iPhone IDFA tracking, this data can be collected and used to measure the success of ad campaigns to improve personalized ads.Facebook says iOS 14.5’s ATT is being used by Apple to push its own business model for profit, at the expense of Facebook’s and others. Indeed, a recent Financial Times report detailed how the iPhone maker is due to dip its own toes back into mobile ads, via an expansion of its App Store ads business. There is also the argument that Apple is trying to force app developers to charge more for things such as in app purchases and subscriptions, and the iPhone maker of course takes a cut.

What does ATT mean for me and my iPhone? 

In reality, ATT is good for you and privacy on your iPhone. The reason? Transparency. Even if you choose to allow tracking, at least you have done so with the full knowledge that it is happening. Apple’s iOS 14.5 is game-changing for mobile advertising more widely too. It’s thought Google’s Android will bring in something similar, which ultimately would see internet advertising changed, for the better, forever. So the implications of ATT are great for the privacy of iPhone users, and internet and smartphone users more broadly too. Privacy experts approve of Apple’s iOS 14.5 move. Sean Wright, SME application security lead at Immersive Labs says ATT’s “a good move by Apple.”As well as making things more transparent to users, he hopes it will force app developers “to seriously consider all the data they are attempting to collect, and if they really require it.”

How do I use ATT?

Once you’ve downloaded iOS 14.5, which is coming at some point during the next week, using ATT is easy. You simply wait for the pop up to appear in each app you use and allow, or don’t allow, tracking on a per app basis.Another cool tip that you might find useful is, you can also go to your settings in iOS 14.5 and turn off tracking altogether. Just go to Settings > Privacy > Tracking > Allow Apps to Request to Track.This will be automatically toggled to “on,” but you can toggle off the ability to track altogether here. That will stop a potentially annoying pop up appearing in each iOS app you open. You can also control the apps you have allowed to track here, if you want to turn them off, or enable them to track you.

Is there anything else I need to know?

The iOS 14.5 move is massive for iPhone privacy, but you need to be aware that apps do still collect your data. Apple’s privacy labels made that clear—they were a stark reminder that Facebook owned WhatsApp collects vast amounts of information and way more than its rivals. There is a decision you make when you use free apps and services and that’s whether to give them your data. If you are not paying for the product, you are the product, after all. At the same time, Apple does say ATT applies to its own apps, and we will hopefully see this in action in iOS 14.5.Experts have pointed out that like Cookie notices, the pop up to allow tracking may get annoying, so it’s important not to just “Allow” in a bid to speed things up. If you don’t want tracking at all, you can toggle it off in the settings as I described. Jake Moore, cybersecurity specialist at ESET says: “ATT should not be ignored and viewed as yet another pop up which gently forces you to agree and accept it. This is a perfect time to allow people to reflect on their personal data and what the large corporations are doing with it. Companies such as Facebook heavily rely on iPhone users to consent to data sharing and such intrusion shouldn’t be taken lightly.” 

Should I turn iPhone IDFA tracking off for all apps?

IOS.14.5’s ATT really is an outstanding new feature and to track, or not to track, is the key question here. If you care about privacy on your iPhone, and you are uncomfortable about the data being collected about you online, ATT now gives you the means to turn that off. In iOS 14.5, the choice, as they say, is yours—and that’s the truly important thing.

Source: https://www.forbes.com/sites/kateoflahertyuk/2021/04/24/ios-145-how-this-outstanding-new-feature-will-change-your-iphone-forever/

Signal Founder May Have Been More Than a Tech Adviser to MobileCoin

  • Signal founder Moxie Marlinspike, whom MobileCoin previously described as a technical adviser, may have been more deeply involved in the cryptocurrency project.

  • An earlier, nearly identical white paper found online, which MobileCoin CEO Joshua Goldbard called „erroneous,“ lists Marlinspike as the project’s original CTO.

The founder and CEO of encrypted messaging app Signal, Moxie Marlinspike may have been the former CTO of MobileCoin, a cryptocurrency that Signal recently integrated for in-app payments, early versions of MobileCoin technical documents suggest.

MobileCoin CEO Joshua Goldbard told CoinDesk this 2017 white paper is “not something [he] or anyone at MobileCoin wrote,” though it is very nearly a verbatim precursor to MobileCoin’s current white paper. Additionally, snapshots of MobileCoin’s homepage from Dec. 18, 2017, until April 2018, list Marlinspike as one of three members of “The Team,” though his title is not given there. He is not listed as an adviser until May 2018.

The team for the self-described privacy coin has always acknowledged Marlinspike as an adviser to the project, but neither the team nor Marlinspike has ever disclosed direct involvement through an in-house role, much less one so involved as Chief Technical Officer.

If Marlinspike actually was involved as a CTO in MobileCoin’s early days, the recent Signal integration raises questions of MobileCoin’s motivation for associating itself with the renowned cryptographer, along with his own motive for aligning with the project, given the MOB team has historically downplayed this involvement.

“Signal sold out their user base by creating and marketing a cryptocurrency based solely on their ability to sell the future tokens to a captive audience,” said Bitcoin Core developer Matt Corallo, who also used to contribute to Signal’s open-source software.

A screenshot of MobileCoin’s website frontpage on Dec. 18, 2017. Marlinspike is listed as a team member until May 2018.
(Wayback Machine)

Goldbard shared another document dated Nov. 13, 2017, same as the other white paper, which does not list a team for the project. He claimed that this white paper was the authentic one and the other was not.

“Moxie was never CTO. A white paper we never wrote was erroneously linked to in our new book, ‘The Mechanics of MobileCoin.’ That erroneous white paper listed Moxie as CTO and, again, we never wrote that paper and Moxie was never CTO,” Goldbard told CoinDesk.

This book is actually the most recent “comprehensive, conceptual (and technical) exploration of the cryptocurrency MobileCoin” posted on the MobileCoin Foundation GitHub, which Goldbard describes as project’s “source of truth” and serves as the most up-to-date technical documentation for the project.

This ”real” version of the paper is nearly identical to the “erroneous” white paper except there is no mention of team members or MobileCoin’s pre-sale details. (Both white papers and current MobileCoin technical documents are embedded at the end of this article for reference.)

Goldbard said the “erroneous” white paper was accidentally added as a footnote to this latest collection of technical documents compiled by Koe, a pseudonymous cryptographer who recently joined MobileCoin’s team. That footnote also lists Marlinspike as a co-author of the paper along with Goldbard.

“He just googled it, like everyone on the internet seems to be doing today, and put [it in] as a footnote. It was an oversight. I did not notice it in my review of the book prior to publishing,” Goldbard told CoinDesk.

A metadata analysis of the papers run by CoinDesk shows that the “erroneous” paper was generated on Dec. 9, 2017, while the “real” paper was generated two days later. 

A meta analysis of MobileCoin’s disputed white paper.
(Colin Harper)
A meta analysis of MobileCoin’s „real“ white paper.
(Colin Harper)

Marlinspike declined to comment on the record about his professional relationship with MobileCoin.

A tale of two papers

In a December 2017 Wired article titled “The Creator of Signal Has a Plan to Fix Cryptocurrency,” Marlinspike went on the record as a “technical adviser,” a title CoinDesk has also used to describe his relationship with MobileCoin in the past.

“There are lots of potential applications for MobileCoin, but Goldbard and Marlinspike envision it first as an integration in chat apps like Signal or WhatsApp,” the article reads. 

It also states that “Marlinspike first experimented with [Software Guard Extensions (SGX)] for Signal.” These special (and expensive) Intel SGX chips create a “secure enclave” within a device to protect software, and MobileCoin validators require them to function (validators, as in other permissioned databases, are chosen by the foundation behind MobileCoin).

In the 2017 white paper that Goldbard disavows, Marlinspike is listed under the “team” section as CTO, with experience including being “the lead developer of Open Whisper Systems, [meaning] Moxie is responsible for the entirety of Signal,” which had just over 10 million users at the time. This same white paper describes MobileCoin’s Goldbard as a “high school dropout who thinks deeply about narratives and information systems.”

Signal’s code has historically been open source, though this changed about a year ago; code for the MobileCoin integration was added in Signal’s last beta. The nonprofit, which has five full-time employees, subsists largely on donations and has no clear revenue model, though Whatsapp co-founder Brian Acton injected $50 million into the app in 2018. A 2018 tax filing shows revenue of just over $600,000 for the fiscal year and over $100,000,000 in assets and $105,000,000 in liabilities.

MobileCoin supply and other details

The disavowed white paper also shows details of MobileCoin’s proposed distribution, which the paper says included selling 37.5 million MOB tokens (out of a 250 million supply) in a private presale at a price of $0.80 each for a total of $30 million. 

Indeed, in the spring of 2018, MOB raised $30 million from crypto exchange Binance and others in such a private presale, TechCrunch’s Taylor Hatmaker reported. Goldbard referred to the TechCrunch article when discussing MobileCoin’s financing with CoinDesk.

In a MobileCoin forum on Jan. 8, one user asked for details about MOB’s circulating supply.

“Supply: 250mill MOB; Circulating supply: impossible to know (‘circulating’ is pretty hard to define anyway),” Koe responded. MobileCoin does not currently have online tools such as a blockchain explorer to search the network for data.

One user chimed in to say that because all 250 million MOB were generated from a “premine,” or creation of maximum supply before launch, there’s no way for users to earn them through staking or mining.

“I suppose you could request donations,” Koe replied. 

Perhaps summing up the sense of betrayal the Signal community feels, one post simply reads, ‚Et tu, Signal?‘

MobileCoin’s consensus model copies Stellar’s, meaning only MobileCoin Foundation-approved nodes, which must run on a machine that uses the aforementioned Intel SGX chips, can partake in consensus. The white paper makes no references to rewards or payouts to validators from MOB supply.

MobileCoin Token Services, an affiliate of the MobileCoin Foundation, is currently selling MOB (presumably the remaining coins that did not sell in the presale) to non-U.S. investors by taking orders over email. 

MOB, for now, trades on FTX  and Bitfinex, two popular crypto exchanges, and a few smaller venues.

When the coin began trading in January, it first listed for around $5. Now, it’s worth about $55 (which, assuming a supply of 250 million MOB, gives the coin roughly the same market cap as Chainlink or Litecoin, the 10th and 9th most value cryptoassets by market cap). The coin clocked over $15 million in volume over the past 24 hours between FTX and Bitfinex, according to exchange data.

Speaking to the coin’s design, the founder of privacy coin monero (XMR, +2.85%), Richard Spagni, claimed that MobileCoin uses the privacy building blocks of his project’s source code for its own design without giving credit.

Who is Moxie Marlinspike?

Something of a legend in cryptography circles, Marlinspike began working on Signal in 2014 after founding Open Whisper Systems in 2013. Before this, he served as Twitter’s head of security after his 2010 startup, Whisper Systems, was acquired by the social network in 2011.

His only on-the-record professional relationship with MobileCoin comes from his technical advisory role, which he took on in late 2017 at the height of bitcoin’s last bull market and its accompanying initial coin offering bubble. 

Reporting on the project in 2019, the New York Times’ Nathaniel Popper and Mike Isaac originally wrote that “Signal … has its own coin in the works” before amending the article to clarify that “MobileCoin will work with Signal, but it is being developed independently of Signal.” The correction seems to typify the shifting narrative of Marlinspike’s and MOB’s relationship across various records. (Wired’s 2017 coverage, for example, says that “The Creator of Signal Has a Plan to Fix Cryptocurrency.”)

“I think usability is the biggest challenge with cryptocurrency today,” Marlinspike told Wired in the December 2017 article. “The innovations I want to see are ones that make cryptocurrency deployable in normal environments, without sacrificing the properties that distinguish cryptocurrency from existing payment mechanisms.”

Signal’s own users are less convinced.

The app’s Reddit page is plastered with submissions complaining about the decision to add MOB, with many confused as to why Signal would integrate a coin in the first place, let alone one that isn’t very well known (and which only went live this year).

“Using your messenger service to sit on the blockchain hype for no good reason, bloat a clean messenger app and introduce privacy concerns was more than unnecessary,” one post reads.

Perhaps summing up the sense of betrayal the Signal community feels, one post simply reads, “Et tu Signal?”

Speaking on Moxie’s involvement and the app’s decision to add MOB, Anderson Kill partner Stephen Palley said, “I can’t speak to the discrepancy between investor materials and what you’re being told, but I don’t necessarily judge them for wanting to make a buck after years of providing great open-source software basically for free.”

Signal first out the gate (but tripping)

Other messaging apps like Telegram and Kik have tried and failed to launch in-app cryptocurrency payments by rolling their own coins. Both attempts were promptly quashed by regulators. Encrypted messaging app Keybase was the first messaging app to add cryptocurrency payments when it integrated Stellar’s XLM (+14.33%) in 2018.

Given Facebook’s ownership of WhatsApp, its involvement in the Libra coin project (now known as Diem) may be seen as a similar attempt.

Oddly, Signal’s addition of MobileCoin is the first instance of a messaging app actually pulling off a crypto integration. 

The question now is how many of Signal’s 50 million users, many of whom aren’t crypto enthusiasts, will use it.

Read the official and disputed MobileCoin white papers below:

https://www.scribd.com/embeds/502074292/content?start_page=undefined&view_mode=undefined&show_recommendations=undefined

https://www.scribd.com/embeds/502074632/content?start_page=undefined&view_mode=undefined&show_recommendations=undefined

https://www.scribd.com/embeds/502244393/content?start_page=undefined&view_mode=undefined&show_recommendations=undefined

Source: https://www.coindesk.com/signal-founder-may-have-been-more-than-tech-adviser-mobilecoin

Marlinspike argues, Signal didn’t enable those criminals, but instead simply made their tools available to more casual, non-criminal users.

Source: https://www.wired.com/story/signal-mobilecoin-payments-messaging-cryptocurrency/

 

Signal Adds a Payments Feature—With a Privacy-Focused CryptocurrencyThe encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals.

Money goes into one phone and out another.MobileCoin will bring payments to Signal, but also added complexity and potential regulation. Illustration: Elena Lacey

To try to tame that volatility problem, Marlinspike and Goldbard say they imagine adding a feature in the future that will automatically exchange users‘ payments in dollars or another more stable currency for MobileCoin only when they make a payment, and then exchange it back on the recipient’s side—though it’s not yet clear if those trades could be made without leaving a trail that might identify the user. „There’s a world where maybe when you receive money, it can optionally just automatically settle into a pegged thing,“ Marlinspike says. „And then when you send money it converts back out.“The mechanics of how MobileCoin works to ensure its transactions‘ privacy and anonymity are—even for the world of cryptocurrency—practically a Rube Goldberg machine in their complexity. Like Monero, MobileCoin uses a protocol called CryptoNote and a technique it integrates known as Ring Confidential Transactions to mix up users‘ transactions, which makes tracing them vastly far more difficult and also hides the amount of transactions. But like Zcash, it also uses a technique called zero-knowledge proofs—specifically a form of those mathematical proofs known as Bulletproofs—that can guarantee a transaction has occurred without revealing its value.On top of all those techniques, MobileCoin takes advantage of the SGX feature of Intel processors, which is designed to allow a server to run code that even the server’s operator can’t alter.

MobileCoin uses that feature to ensure that servers in its network are deleting all lingering information about the transactions they carry out after the fact and leave only a kind of cryptographic receipt that proves the transaction occurred. Goldbard compares the entire process of a MobileCoin transaction to depositing a check at a bank, but one in which the check’s amount is obscured and it’s mixed up in a bag with nine other checks before it’s handed to a robotic bank teller. After handing back a deposit slip that proves the check was received, the robot shreds all 10 checks. „As long as SGX is working as promised, you can prove every robot cashier is working the same way and shredding every check,“ Goldbard says. And even if Intel’s SGX fails—security researchers have found numerous vulnerabilities in the feature over the last several years—Goldbard says that MobileCoin’s other privacy features still reduce any ability to identify users‘ transactions to low-probability guesses.If MobileCoin’s privacy promises hold true, Marlinspike says he hopes the cryptocurrency can help Signal reverse a troubling trend toward financial surveillance. If successful, Signal’s use of MobileCoin will also face the same hurdles and critiques that surround all privacy-preserving cryptocurrencies. Any technology that offers a way to anonymously spend money raises the specter of black market uses—from drug sales to money laundering to the evasion of international sanctions—along with the accompanying crush of financial regulations. And that means integrating MobileCoin could expose Signal to new regulatory risks that don’t apply to mere encrypted communications.

„I think it’s phenomenal from a civil liberties perspective,“ says Marta Belcher, a privacy-focused cryptocurrency lawyer who serves at special counsel at the Electronic Frontier Foundation. But Belcher points to a coming wave of regulation to control exactly the sort of anonymous cryptocurrency transactions Signal hopes to enable, including a new „enforcement framework“ the Justice Department published last fall and new regulations from FinCEN that could force more players in the cryptocurrency industry to collect identification details of users. „Anyone who’s dealing with cryptocurrency transactions, especially private cryptocurrency transactions, should be really concerned about all of these proposals and the government pushing financial surveillance to cryptocurrency,“ Belcher says.Matt Green, a cryptographer at Johns Hopkins University, puts it in starker terms.

„I’m terrified for Signal,“ says Green, who helped develop an early version of Zcash and now sits on the Zcash Foundation board as an unpaid member. „Signal as an encrypted messaging product is really valuable. Speaking solely as a person who is really into encrypted messaging, it terrifies me that they’re going to take this really clean story of an encrypted messenger and mix it up with the nightmare of laws and regulations and vulnerability that is cryptocurrency.“But Marlinspike and Goldbard counter that Signal’s new features won’t give it any control of MobileCoin or turn it into a MobileCoin exchange, which might lead to more regulatory scrutiny. Instead, it will merely add support for spending and receiving it. „The regulatory landscape is complicated, but there are ways to do privacy-protecting payments safely,“ says Goldbard. „To be frank, there’s a moral imperative to do so, because Signal has to offer payments in order to remain competitive with the world’s top messaging apps.“As for the possibility of enabling dangerous criminals and money launderers, Marlinspike offers an answer that mirrors one he’s long given for encrypted communications. Just as criminals used encryption for decades before Signal, they’ve used anonymous cryptocurrencies for years before Signal added MobileCoin payments as a feature.

For those criminals, the threat of law enforcement made using even clunky, tough-to-use tools necessary. By making those secure communications and payments easier, Marlinspike argues, Signal didn’t enable those criminals, but instead simply made their tools available to more casual, non-criminal users.“With Signal, we didn’t invent cryptography. We’re just making it accessible to people who didn’t want to cut and paste a lot of gobbledegook every time they sent a message,“ Marlinspike says. „I see a lot of parallels with this. We’re not inventing private payments…Privacy preserving cryptocurrencies have existed for years and will continue to exist. What we’re doing is just, again, a part of trying to make that accessible to ordinary people.“