The Signal messenger app encrypts voice and text messages
Private Messenger
Signal is an efficient private messenger app that encrypts voice and text messages, integrates easily into existing interfaces, and places all communications in a single display.
Dozens of private messenger apps are available today; however, only one has the endorsement of both Edward Snowden and Bruce Schneier and is recommended by both the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union. That app is Signal Private Messenger, developed by the non-profit Open Whisper Systems [1] for Android, iOS, and desktop environments. These endorsements are the result of not just Signal's ability to encrypt voice and text messages, but also its ability to integrate into existing interfaces for ease of installation and use.
Signal originated in RedPhone and TextSecure, two proprietary encryption tools for Android developed by Whisper Systems, founded by Moxie Marlinspike and Stuart Anderson. Whisper Systems was bought by Twitter in November 2011, and within half a year, both RedPhone and TextSecure, were released under the third version of the GNU General Public License. A year later, Marlinspike left Twitter to found Open Whisper Systems, which is funded by donations and grants, a neutrality that partially explains the high regard for its products.
Since 2013, Open Whisper Systems has merged RedPhone and TextSecure into a single application, adding encrypted group chat and gradually developing Android and iOS versions with comparable feature sets. Recently, it released a beta version of Signal Desktop [2] in the form of a Chrome app. So far, the desktop version, compared with the other versions, has a simplified feature set lacking password protection, for example. However, when linked to a mobile device, Signal Desktop provides centralized storage, as well as the increased usability of a mouse and a full-size keyboard.
Signal is designed as a drop-in replacement for both for voice and text messaging apps (Figure 1). Although voice and text messages use separate protocols, from the perspective of users, the two are treated almost identically, and both are free of cost. Contacts are added from a device's Contact app into Signal, with encryption keys stored locally.
Calls in Signal are routed through Open Whisper Systems' servers, which handles the exchange of public keys without the need of input from users. Unlike the popular Pretty Good Privacy (PGP) [3], Signal's protocols switch encryption keys regularly, making conversations harder to crack. Although such encryption keys are ordinarily called fingerprints, Signal refers to them as safety numbers [4] – presumably to replace the often obscure jargon with a more user-friendly term. Users can manually approve and verify safety numbers, either visually or through a QR code, but Signal can still function without these steps.
Additionally, users can manually delete messages or set times when they will be deleted automatically. Signal and its database can also be protected with a passphrase.
What is noticeable about all of Signal's operations is how much they are hidden by default. In most encryption implementations, encrypting and decrypting are additional steps, and these complications probably deter many from using them regularly. By contrast, encryption in Signal is invisible to users unless they specifically change the settings. From the interface, using Signal appears no more complicated than unencrypted messaging – a claim that few other messaging systems can make, although Signal protocols have been widely borrowed, including in CyanogenMod and Facebook Messenger.
Installing Signal
Signal requires installation on an Android or iOS phone. Tablets are not currently supported. For convenience, you can also install Signal Desktop, although it is not necessary for using Signal and cannot operate on its own.
Installing on an Android phone (Figure 2) is only slightly more complicated than installing any app in the Google Play Store [5]. However, if necessary, you can follow the instructions at the EFF website [6]. Similar instructions are available for installing to iOS devices from the Apple App store. Unlike most Android apps, it requires access to almost all aspects of your phone, which for any other app might be a security risk.
Once Signal installs, enter your country and phone number and click the Register button. After you re-enter this information to ensure accuracy, Signal verifies your number and sends you a confirmation text.
The installer then asks if you want to make Signal your default messaging app and imports your existing contacts if you accept. Your phone's default app will probably warn of dire consequences if you do so, but you can still use the original app if necessary, so this warning can be safely ignored. In fact, since Signal displays both voice and text messages for which you have a phone number in a single list, if anything, switching to Signal is a general convenience. Besides, if a listing is not Signal-enabled, Signal still lets you exchange unencrypted messages with it, so there is really no reason to be concerned about the replacement.
At this point, Signal is ready to use. However, you might choose to install Signal Desktop, which is not capable of sending messages by itself but offers the convenience of a larger screen and the use of a mouse.
Signal Desktop is also available as a Chrome app [7]. So far, at least, it does not run on any web browser except Chrome or Chromium, although it can be used with other Android or iOS phones.
Signal Desktop is installed via a wizard (Figure 3). At the end of the installation, the wizard displays a QR code (Figure 4). For Signal Desktop to function, you must link it by selecting on a device Setting | Linked devices from the menu in the upper right corner, and then scanning the QR code that displays from your phone. When the desktop recognizes the QR code, encryption keys are generated for communication between the phone and the desktop. If you add or delete contacts when using the linked phone without Signal Desktop, the next time you use it, select Settings |Contact |Import Now to resync.
Using Signal
Whether you are using the desktop or a phone, Signal is much the same. The main differences are that the desktop has fewer settings and, in the beta version, has three restrictions: It can delete but not add contacts, shows only contacts with which you have interacted, and can only place a call with phone or voice if you have already done so at least once from the linked phone.
On a linked phone, you can still use the original apps for contacts and phone calls without using Signal, but any missed messages from Signal display in them. Additionally, the phone has options for setting notifications. On both the desktop and the phone, you should add a passphrase to Signal – after all, it hardly makes sense to go to the trouble of setting up encryption, and then having encrypted messages accessible to anyone who reaches your desktop. Start Signal Desktop from the Apps icon in the upper left corner of the browser.
To communicate, either click the phone icon in the title bar of a contact or use the text field at the bottom of the screen. You can also add an image or audio file, a shot from the camera, your location, or another contact to a message by selecting the paper clip at the bottom right of the screen.
If the phone number you are contacting is not already Signal-enabled, you can still send to it. However, when you call unenabled numbers, an option displays below the title bar that gives you an option to invite your contact to join Signal. In any other app, this option might seem like blatant opportunism, but because all parties in a conversation need to use Signal for encryption, in this case, the advertising seems forgivable.
From each contact, you can also manage your exchanges using the menu at the upper right in the title bar. As you might expect, you can delete the log of your exchanges or change the color-coding for the contact. More unusually, you can set the time from the present that the log expires, display all exchanged images, or verify safety numbers with the link provided (Figure 5). Should a contact become a nuisance, another option is to block them via the Conversation settings submenu.
An Example for Security
Signal does have a few limitations. In particular, contacts must have a phone number, not just an email address. Perhaps the most serious limitation is that it must run on specific equipment and operating systems. However, given that the necessary conditions, hardware, and software are readily available, these limitations are mostly matters of preference and are seldom a barrier to using Signal.
The greatest barrier is undoubtedly convincing others to use it, and even that is changing with the current political and social climates.
Even so, Signal is gaining popularity with a speed that few comparable apps can match. I suspect that the secret of its success is that it hides the complexity of encryption from users who simply want its services. Just as importantly, even without encryption, Signal is an efficient messenger, replacing preinstalled apps without a problem, and placing all communications in a single display. Through these tactics, Signal makes encryption a feature that anyone can use – and, in doing so, sets an example for the entire industry.
Infos
- Open Whisper Systems: https://signal.org/
- Signal Desktop: https://whispersystems.org/blog/signal-desktop/
- Pretty Good Privacy: http://www.pgpi.org/
- Safety numbers: https://www.whispersystems.org/blog/safety-number-updates/
- Signal at Google Play: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
- EFF on installing Signal with Android: https://ssd.eff.org/en/module/how-use-signal-android
- Signal on Chrome: https://chrome.google.com/webstore/detail/signal-private-messenger/bikioccmkafdpakkkcpdbppfkghcmihk
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.
-
System76 Unveils an Ampere-Powered Thelio Desktop
If you're looking for a new desktop system for developing autonomous driving and software-defined vehicle solutions. System76 has you covered.
-
VirtualBox 7.1.4 Includes Initial Support for Linux kernel 6.12
The latest version of VirtualBox has arrived and it not only adds initial support for kernel 6.12 but another feature that will make using the virtual machine tool much easier.
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.