Udbhav Tiwari, Vice President for Strategy and Global Affairs at Signal Messenger.
Why are encrypted messaging services so crucial – and why are they now at the centre of debate in Sweden and across Europe? At the CyberSweden conference, Udbhav Tiwari, Vice President for Strategy and Global Affairs at Signal Messenger, explained why the organisation sees itself as a counterforce to the growing normalisation of digital surveillance.
Signal is not like other apps. It is a non-profit foundation, with no quarterly reports or venture capitalists pushing for profit through the exploitation of user data. The team is small and focused, united by a clear mission: to make private communication accessible, secure and ubiquitous. That is why Signal is used today by journalists, researchers, human rights defenders – and an increasing number of everyday users.
Open source and the Signal Protocol
What makes Signal technically unique is that it is entirely open source. Its code is available for cybersecurity researchers worldwide, who continuously scrutinise, challenge and improve it. This means users do not have to take Signal’s word for it when the app claims to be secure – the claim is validated by a global community of independent experts.
Another milestone is the Signal Protocol, the cryptographic framework now used by billions of people – not only on Signal but also in WhatsApp, Skype and many other services. By releasing this technology freely, Signal has in many ways set the standard for modern encryption.
More than messages: protecting metadata
But privacy is not only about the content of messages. Equally important is metadata: when, where, and between whom a message is sent. Signal has developed techniques that conceal even these traces, leaving the service able to store extremely little information. In fact, Signal can only provide authorities with three pieces of data:
- when an account was created,
- when it was last active,
- and whether a given phone number is registered.
The Swedish debate on backdoors
Right now, Sweden is debating legislative proposals that could require backdoors to encrypted communication. Signal argues that such solutions are technically impossible to control. For this reason, the organisation has stated it would rather withdraw from the Swedish market than compromise on privacy.
Tiwari emphasised that private communication is not a luxury, but a foundation of free and democratic societies. It underpins journalism, research, activism, business – and everyday conversations between friends. To defend encryption is therefore to defend democracy’s infrastructure.
AI as a new privacy frontier
In his talk, Tiwari also pointed to a new wave of threats: the integration of so-called agentic AI into operating systems. These proactive systems are designed to anticipate user needs and act on their behalf – but the price of convenience is massive, ongoing data collection.
Microsoft Recall as a case study
He used Microsoft Recall as an example. The function captures screenshots of a user’s screen every few seconds, stores them locally and uses AI to make the content searchable. While marketed as a tool for productivity, the privacy risks are enormous. Sensitive information such as banking details, private messages or health data could end up in a vast “honeypot” – highly attractive to malicious actors.
Signal’s countermeasure: screenshot protection
Signal’s response was to introduce screenshot protection on Windows 11, employing digital rights management (DRM) techniques normally used to protect copyrighted content. By default, screenshots taken inside the Signal app now appear blank, preventing Recall from silently storing them.
“This is not an ideal solution,” Tiwari noted, “but until regulators act, we cannot expect millions of users to understand that their private actions might be captured every few seconds.”
Four principles for the future
He concluded with four principles Signal hopes to see adopted more broadly:
- Clear mechanisms for apps to mark their data as off-limits for AI systems, with the default being opt-in rather than opt-out.
- Regulatory safeguards requiring OS providers to respect app-level privacy choices.
- Greater agency for application developers to defend their users.
- Recognition that AI-driven convenience cannot justify eroding fundamental rights.
Privacy as the norm
As new technologies such as AI agents and operating systems with built-in data collection emerge, the challenges are only growing. But Signal’s message is clear: we must build a digital world where privacy is the norm, not the exception.
Magnus Almgren
- Associate Professor, Computer and Network Systems, Computer Science and Engineering
