Signal Encrypted Messenger on GNU/Linux - gHacks Tech News

Signal Encrypted Messenger on GNU/Linux

Privacy awareness has been thankfully growing steadily across the web, and a number of programs have arisen as a result; Signal, is one such program.

I won’t name drop, but enough major players in the world of privacy advocacy have given their seal of approval for Signal, and so I knew I had to check it out for myself.

Signal, is a program that ties into your phone number in a similar fashion to WhatsApp, and offers encrypted messaging between clients using their data / wifi rather than sms system, to allow for messaging worldwide. As well, video and audio chat options are available.

Signal Installation

Signal is available for download from the main website, and is available for Android, iOS, Mac, Windows and Linux.

I installed via the AUR for Antergos, other distributions may have their own packages in repos, and Debian based distributions can also install with the following instructions,

curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list

sudo apt update && sudo apt install signal-desktop

Setting up and using Signal

Signal FirstRun

The first screen you’ll see when installing Signal, will ask if you wish to set up as a new install, or setup from exported data. Obviously, you’ll want to choose the option most appropriate. In this case, select a new install.

Next, you’ll be asked to install signal on your mobile device, verify your phone number, and scan a QR code. Once finshed, Signal will bring you to your main screen.

The application doesn’t have a plethora of options to be had, you can change a few things like making the program appear more like android, android dark, or iOS, and a few other basic settings, but that’s it. If your friends have Signal, it likely will find them based on your phone contacts, but you also have the option to search for friends.

Signal conversation

From my iPhone I was able to initiate video calls, but unfortunately I was not able from my Signal in my Antergos setup. Text messaging did work fine however.

However, Signal from Android also has the ability to send normal SMS messages when contacting a phone number that does not utilize Signal, just as iMessage does on iOS devices. However, iPhones and Desktop users do not have this option.

That said, I do love the continuity much like iMessage for Apple devices, how I can text someone else using Signal from my phone, and continue my conversation on my laptop later on, providing they are a Signal user too.

Signal does include a couple of features also worth noting however, such as the ability to set disappearing messages. This means that messages will automatically be deleted after X time, which can be determined by you.

Another feature, is the ability to verify your contacts. This can be done via QR code, or by comparing a series of numbers on the two phones, to confirm that the person you are talking to, is who you believe they are (or at least the correct device is being used.)

Final words

Overall, Signal for GNU/Linux is a great messenger application utilizing the industry standard AES-256, as well as HMAC-SHA256 and Curve25519. You can be fairly confident that your message will be encrypted well. The only real downside, is convincing your friends or family to use it.
Now you
What are your thoughts on Signal? Would you use it to replace things like Skype with your contacts?

Summary
Signal Encrypted Messenger on GNU/Linux
Article Name
Signal Encrypted Messenger on GNU/Linux
Description
Privacy awareness has been thankfully growing steadily across the web, and a number of programs have arisen as a result; Signal, is one such program.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. john said on December 17, 2017 at 7:13 am
      Reply

      Do we need the phone turned on in order to use signal? Or we just need the phone number to verify our account?

      1. alanp said on December 23, 2017 at 3:07 am
        Reply

        you don’t need the phone turned on. You just need the phone install completed first. After that all messages are downloaded once that device is connected and then subsequently deleted from server.

    2. Christian said on December 17, 2017 at 8:12 am
      Reply

      I deleted my facebook account a few weeks ago and I needed an alternative for communicating with people around me. I have used Signal-desktop for a month now, and I love it. However it’s not easy to get people to use it. Apart from the most obvious reasons for using signal, I also read that you could use it to send old school sms from your phone. However, this is only possible on android, not on iphone. Plus, when using signal to send sms on android, the messages do not show up on the signal-desktop application on the computer.

      Do anybody know an alternative where both computer and iphone/android is in sync?

      Oh! A little pro-tip. If you install the beta of signal-desktop, then you can make use of the tray-icon by using the command –stay-in-tray when you start the application :)

      1. alanp said on December 23, 2017 at 3:49 am
        Reply

        > when using signal to send sms on android, the messages do not show up on the signal-desktop application on the computer.

        syncing standard sms is a feature most of us would love to see, but this isn’t really something the Signal team can solve while keeping communications secure. It’s kind of the nature of the sms network. I would recommend trying to convince people to just use Signal. Eventually sms will go the way of the 5.25″ floppy disk.

    3. Fena said on December 17, 2017 at 9:44 am
      Reply

      top says Martin wrote this article,bottom says Mike ?

      1. ShintoPlasm said on December 17, 2017 at 10:36 am
        Reply

        It’s to confuse the enemy, muhahaha…

    4. Yuliya said on December 17, 2017 at 10:39 am
      Reply

      >I do love the continuity [..] how I can text someone else using Signal from my phone, and continue my conversation on my laptop later on

      Oh boy.. rant incoming: I assume this thing uses two asymmetric keys (which in reality you end up with four keys in a one-on-one conversation, but that’s not the point). One encrypts data and is public, one decrypts data and it’s supposed to be private. How was the laptop able to retrieve the private key? Where did it got it from? From Signal’s server? This means they can always decrypt your conversations. From your phone? Is your phone able to send that keyat any given time just because the Signal servers request it? Do you see my problem with it? With any “””encrypted””” messaging system in fact. The only one that got it (sort of) better was Threema (is it spelt this way? idk, idgaf) – you had to physically bring the two devices together, they would exchange keys, then use those keys to encrypt the conversation. NOW, you’d have to trust the application not to do mischievous and undocumented actions without your consent, and your devce (as well as the other person’s device) not to do the same, or include it in some backup.

      My point it, it is no diffreent than any other IM client/service. Treat them all as if there are tens/hundreds/thousands of people near you and the one you’re speaking to, which can see or hear what you are talking about. And for me that’s fine. If I’m about to ask someone to get out and have a drink or something, or if I’m going to be asked by someone, it’s definitely not something that can be kept as a secret. The place that I will go will have other people in it that will see me anyway. And I will continue using VKontakte for this purpose. And SMS as well – it’s not much of a difference whether the VK guys see my conversation or whether my cell cervice provider sees it. Hell, at least it doesn’t leave my country – I think, not sure.

      1. AxMi-24 said on December 17, 2017 at 2:15 pm
        Reply

        I believe that the way it works is that it gets the PCs public key (that’s the QR code you scan with your phone) and then the phone is basically a relay between the PC and and the target. So it should be secure if not exactly perfect but proper key exchange is difficult with PCs as they would need a camera for it. The drawback in it all is that the PC “app” is based on electron framework and is not native in any way or form. So large resource use and questionable patching speed when issues are found in chromium that electron is based on.

        In the end I do prefer Threema as it has excellent UI for key exchange, being is so simple that even friends who don’t know anything about crypto want to get nice three green dots (which you get for doing in person key exchange). The additional benefit is that the account is not bound to your phone number and there is actual ability to backup it all for transfer to another device. Yes, it costs a few € but it is well worth it IMHO.

        Still, if people refuse to use Threema due to the cost then Signal is by far the best alternative despite it’s user unfriendly way of dealing with key exchange and demanding a phone number.

      2. somebody else. said on December 19, 2017 at 7:25 am
        Reply

        You also have to bring devices together to sync them. When other people write to you, you can either bring your laptop/phone to them or trust them through the app.

      3. alanp said on December 23, 2017 at 4:45 am
        Reply

        > How was the laptop able to retrieve the private key? Where did it got it from? From Signal’s server? This means they can always decrypt your conversations.

        uh no, here is how the end to end key exchange works: https://youtu.be/NmM9HA2MQGI

    5. Safe said on December 17, 2017 at 11:58 am
      Reply

      Only really “safe” solution has to be decentralized. Of course, the downside, is that there is no central server to keep messages in sych – both devices need to be on. But, at least, no middle-man.

      1. alanp said on December 23, 2017 at 3:53 am
        Reply

        with SIgnal both devices do NOT need to be on, except for the initial setup of the desktop app as a “linked device”. After that, either one can be powered off and messages can be sent/received seamlessly.

    6. Alex said on December 17, 2017 at 12:15 pm
      Reply

      It needs Google Services to work and it’s not avaliable un F-Droid. I wouldn’t say is the best for privacy if relies un Google to work

      1. rdoe said on December 17, 2017 at 12:33 pm
        Reply

        While not on f-droid, the APK is available on their website and does not require google services to run https://signal.org/android/apk/ (scroll half way down)

        It’s running fine on Lineage OS sans-google for me and has successfully linked to a desktop application install :)

    7. TelV said on December 17, 2017 at 2:17 pm
      Reply

      I have Signal installed on my Android phone, but not the desktop version. But so far I haven’t been able to convince my friends to use it. They all use LINE so I had to switch to that myself eventually: Both video calls and chats are encrypted on LINE. https://line.me/en-US/

      Ed Snowden recommends Signal though so I guess it’s pretty secure.

    8. Maelish said on December 17, 2017 at 3:53 pm
      Reply

      You referenced WhatsApp as being similar. In fact, WhatsApp uses lobotomized Signal code and protocol. However they’ve done some things in the same of end-user friendliness that’s made it not as robust.

    9. SignalNOTlover said on December 17, 2017 at 6:41 pm
      Reply

      Signal priorities privacy is my ass. Their website has google, and getclicky services. Fucking hpyractises! Martin you should not be writing about stuff that you do not understand or research well. You could have asked them to comment and your article would be interesting but now it’s just fraud.

      1. alanp said on December 23, 2017 at 3:59 am
        Reply

        you must be out of your mind!! Signal is widely regarded in the cryptography world as the “gold standard” of mobile privacy/security messaging.
        Plus your broken english makes me suspect you’re a Russian bot/troll. How well does the FSB pay?
        MODS!! got one for you!

    10. Apparition said on December 18, 2017 at 12:53 am
      Reply

      I’ve been trying to get friends and family to switch from iMessage, Skype, and FaceTime to either Telegram or Wire for three years now. Only one person has. As far as the rest of my family and friends are concerned, “everyone” is on iMessage and/or Skype, and they don’t care about their privacy as they “have nothing to hide.” I’m just a “paranoid schmoe” who should use iMessage and/or Skype and/or FaceTime like everyone else. Trying to convince them otherwise is like talking to a brick wall.

      So Signal may be great, but good luck getting people to use it.

    11. Herman said on December 18, 2017 at 5:08 am
      Reply

      Use it with a friend stationed and working in Beijing. Works great, not a single instance where it appeared to fail or was delayed in either my sending or receiving of texts. Only real issue I dislike is, you must attach a picture or video first before typing the text. Doesn’t seem to let you do it the other way around. You also can’t send multiple pictures in one instance. Must send them one at a time.

    12. smaragdus said on December 18, 2017 at 1:58 pm
      Reply

      Signal Desktop is just another Electron/JavaScript monster.
      Telegram is better- native Windows/Linux desktop clients.
      Tox is best- no servers, no middle man.
      Sooner or later Signal true nature will be revealed- that it was created with the approval of the 3-letter agencies.

      1. alanp said on December 23, 2017 at 4:33 am
        Reply

        It does use a lot of memory, but I would hardly call Telegram “better”. Better at spying on it’s users maybe. While telegram’s client software may be open source, the server side is not and the crypto is “homegrown”. As long as there are no built in backdoors, you could say it’s better than nothing but homegrown crypto is basically security through obscurity. Better to use thoroughly tested methods that have been poked and prodded by the best in the business, that’s Signal. If you’re still skeptical read the white paper and review the code yourself, nothing is stopping you.

        as for “…created with the approval of the 3-letter agencies”
        “Signal is developed by a group called Open Whisper Systems. In general, receiving an investment implies the need to generate a profit for the investors. Moxie Marlinspike has said:

        Open Whisper Systems is a project rather than a company, and the project’s objective is not financial profit.

        One of the “highlights” that they’ve listed on their hiring page is:

        Not VC Funded

        We’re not a business. We’d rather think creatively than think about the dough.

        To answer the question “where does the money come from”, they recently tweeted:

        We’re supported by grants and donations, and everything we produce is open source. ”

        More info:
        The U.S. Government funding you might be referring to came through the Open Technology Fund. Since its creation in 2012, the OTF has used public funds to support Signal, The Tor Project, Tails, Cryptocat, Briar, The Guardian Project, NoScript, Qubes OS, Subgraph OS, Ricochet, and many other Open Source privacy software projects that have applied for it. This funding and the reasons for why they provide it have always been public information:

        https://www.opentech.fund/projects
        https://www.opentech.fund/about/program

    13. your name said on December 18, 2017 at 4:04 pm
      Reply

      …..tied to your phone number…. ehm what??? Why??? secure??? how???
      It just another privacy/security joke like telegram.

      1. alanp said on December 23, 2017 at 4:39 am
        Reply

        Signal is mainly used as a secure replacement for standard sms (look up it’s origins in the app called “textsecure”). In this case the people you communicate with would have your phone number anyway. You might be confusing security/privacy with anonymity. In any case, you don’t have to use your real phone number to register, you can use a google voice number. From the reddit faq:

        Why does Signal ask for my phone number?
        Signal uses phone numbers as identifiers. It is meant to be an easy way for regular nontechnical people to send end-to-end encrypted messages and make end-to-end encrypted voice and video calls to people who they would otherwise communicate with unencrypted via SMS/MMS or a phone call.

        The number you sign up with does not have to be the one that is tied to your device’s SIM card. If you want, you can sign up with a Google Voice number, any VoIP number, or a landline number, and hand that out to your contacts as your “Signal number”:

        https://source.opennews.org/articles/shields-using-signal-without-your-phone-number/

    14. Richard said on December 22, 2017 at 10:25 pm
      Reply

      Why does a chat application NEED my phone number? Why it don’t ASK about it if I want to send a SMS instead? Even Skype works without a phone number…

      1. alanp said on December 24, 2017 at 7:47 am
        Reply

        see my answer to the question directly above

    15. anon said on December 23, 2017 at 4:21 pm
      Reply

      I don’t have a phone so fuck Signal

      1. alanp said on December 24, 2017 at 7:53 am
        Reply

        well good for you :/

    16. alanp said on December 24, 2017 at 7:55 am
      Reply

      Signal is a great product, simple to use, and held in high regard among cyber security experts. Highly recommend.

    Leave a Reply