{{Header}}
{{#seo:
|description=How-to: Use Signal Private Messenger with {{project_name_long}}.
|image=Signalmessenger.png
}}
{{title|title=
Send Signal Messages with {{project_name_short}}
}}
[[image:Signal.png|<code>Signal</code> Logo|thumb]]
{{intro|
How-to: Use Signal Private Messenger with {{project_name_short}}.
}}

{{Community_Support|scope=page}}

= Introduction =

[https://www.signal.org Signal] is a well-respected, free, open source, cross-platform encrypted messaging service. It supports individual and group messages (files, voice notes, images and video) as well as one-to-one voice and video calls. All communications are encrypted end-to-end for security, and mechanisms exist to independently verify the identity of contacts as well as the integrity of the data channel. The encryption keys are generated and stored at the endpoints (user devices), rather than by the servers. Both the client and server code is openly published, and the software is recommended by noted privacy advocates Edward Snowden and Bruce Schneier, among others. This is due to the strong architecture and limited metadata available in the ecosystem. <ref>
https://en.wikipedia.org/wiki/Signal_%28software%29
</ref> <ref>
For additional Signal features, see: [https://en.wikipedia.org/wiki/Signal_(software)#Features Wikipedia: Signal (software) - Features]</ref> <ref>
[https://www.signal.org/blog/setback-in-the-outback/ Signal blog]:

<blockquote>
By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.
</blockquote>
</ref>

{{mbox
| image   = [[File:Ambox_warning_pn.svg.png|40px]]
| text    = It is possible to install the [https://www.signal.org/blog/standalone-signal-desktop/ standalone Signal Desktop application version] for Linux in {{project_name_workstation_long}}. However, this configuration is <u>not</u> recommended because Signal requires the user provide a phone number for verification. <ref>
The number can be different form the device's SIM card; it can be a landline or VOIP number, so long as the user can receive the verification code and possesses a separate device to set up the software.
</ref> See [https://www.whonix.org/wiki/Phone_Number_Validation Phone Number Validation vs User Privacy].
}}

= Prerequisites =

Signal must already be installed on your Android or iOS device -- first follow the [https://signal.org/download download instructions] on the Signal homepage if required. <ref>Also see: [https://support.signal.org/hc/en-us/articles/360008216551-Installing-Signal Installing Signal].</ref>

It is also recommended to create a separate  {{project_name_workstation_short}} that is only used for Signal because these instructions require the enabling of the Ubuntu Xenial repository for the desktop client. <ref>
Common advice is to not mix repositories from related distributions like Ubuntu and Debian, since this can cause system instability.
</ref> The Signal developers do not maintain specific versions for other distributions, which is why Ubuntu is defaulted to.

= Install the Signal Desktop Client =

This configuration allows the standalone Signal desktop client to link with the mobile device and send/receive messages from a laptop or desktop computer. <ref>
https://www.signal.org/blog/standalone-signal-desktop/
</ref> As of late-2020, the desktop application also now supports one-to-one voice and video conversations. <ref>
https://github.com/signalapp/Signal-Desktop/releases/tag/v1.35.1
</ref> After launching the desktop client, it must be linked with the (mobile) phone. Be aware that messages are synchronized with Signal on the mobile phone.

{{Third_Party_Repository}}

* [[{{Non_q_project_name_short}}|{{non_q_project_name_long}}]]: Perform these steps inside {{project_name_short}}.
* [[{{q_project_name_short}}|{{q_project_name_long}}]]: Perform these steps inside Qubes <code>{{project_name_workstation_template}}</code> Template.

{{Box|text=
'''1.''' Add the Signal GPG key to the APT keyrings. <ref>
https://github.com/freedomofpress/ansible-role-signal-desktop
</ref>

{{apt key add derivative
|download_command=scurl-download https://updates.signal.org/desktop/apt/keys.asc
|download_command_qubes_templatevm=http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 scurl-download https://updates.signal.org/desktop/apt/keys.asc
|source_filename=keys.asc
|target_filename=/usr/share/keyrings/signal-desktop-keyring.asc
|gpg_fingerprint=Key fingerprint = DBA3 6B51 81D0 C816 F630  E889 D980 A174 57F6 FB06
}}

'''2.''' Add the Signal third-party APT repository. <ref>
https://signal.org/download/
</ref> <ref>
https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302
</ref> <ref>
See [[Advanced_Host_Security#apt-transport-tor|this]] for a comment why <code>tor+</code> is useful even inside {{project_name_short}}.
</ref>

{{CodeSelect|code=
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.asc] tor+https://updates.signal.org/desktop/apt xenial main' {{!}} sudo tee /etc/apt/sources.list.d/signal-xenial.list
}}

'''3.''' Install Signal.

{{Install Package|
package=signal-desktop
}}

'''4.''' Done.

The process of installing Signal is complete.

'''5.''' Note.

* {{non_q_project_name_short}}: No extra steps required.
* {{q_project_name_short}}: Shutdown <code>{{project_name_workstation_template}}</code> Template. Restart {{project_name_workstation_short}} (<code>{{project_name_workstation_vm}}</code> App Qube).
}}

= Start Signal =
To launch Signal, run.

{{CodeSelect|code=
signal-desktop
}}

'''Figure:''' ''Signal Desktop in {{project_name_short}}''

[[Image:Signaldesktop.png|border]]

= Broken Metadata Protection =
Signal's metadata protection (who is communicating with whom) might be ineffective.

<blockquote>Hi, thank you for this thought provoking talk. You said so many things I disagree with it is tough to pick a question. But the one I want to ask is: The features that you have about private groups and sealed sender, those seem to be protecting data at rest for when the server is compromised the data that's on it is less useful to the attacker, but if the server is already compromised it is not really providing traffic analysis protection - your metadata protection is effectively a pinky-promise oriented architecture and you have outsourced the keeping of the promise to a defense contractor owned by the richest man in the world; so my question it: How confident are you that Amazon is keeping the promises that you are making?</blockquote>

[https://media.ccc.de/v/36c3-11086-the_ecosystem_is_moving#t=2034 See this question and Moxie's (founder of Signal) answer here.] Moxie failed to deny or refute this.

Amazon NSA collusion:

* [https://www.huffpost.com/entry/nsa-and-corporate-coopera_b_4516581 NSA and Corporate Cooperation Revealed]
* [https://www.reuters.com/article/us-amazon-board/ex-nsa-chief-keith-alexander-joins-amazon-board-idUSKBN2603A7 Ex-NSA chief Keith Alexander joins Amazon board]
* [https://www.theverge.com/2021/8/10/22618764/nsa-10-billion-microsoft-aws-cloud-services-protest NSA awarding its cloud contract to Amazon instead of Microsoft]

Amazon is proud of their cooperation with law enforcement and providing them with recordings from Amazon Ring the doorbell snitch. Hard to believe they don't collaborate with higher agencies such as the NSA of the security apparatus ladder.

* [https://www.wired.com/story/ces-2020-amazon-defends-ring-police-partnerships/ Amazon Doubles Down on Ring Partnerships With Law Enforcement]
* [https://www.cnet.com/home/smart-home/features/amazons-helping-police-build-a-surveillance-network-with-ring-doorbells/ Amazon's helping police build a surveillance network with Ring doorbells]
* [https://www.schneier.com/blog/archives/2022/08/ring-gives-videos-to-police-without-a-warrant-or-user-consent.html Amazon Ring Gives Videos to Police without a Warrant or User Consent]
* [https://arstechnica.com/tech-policy/2022/07/amazon-finally-admits-giving-cops-ring-doorbell-data-without-user-consent/ Amazon finally admits giving cops Ring doorbell data without user consent]
* [https://www.techdirt.com/2019/06/11/amazon-law-enforcement-joining-forces-to-turn-your-front-door-into-integral-part-surveillance-state/ Amazon, Law Enforcement Joining Forces To Turn Your Front Door Into An Integral Part Of The Surveillance State]
* [https://www.techdirt.com/2019/07/30/amazons-free-doorbell-cameras-only-cost-law-enforcement-agencies-their-dignity-autonomy/ Amazon's Free Doorbell Cameras Only Cost Law Enforcement Agencies Their Dignity And Autonomy]

= Claims That Signal Encryption Is Broken =

[https://en.wikipedia.org/wiki/Cellebrite Cellebrite] [https://web.archive.org/web/20201210150311/https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/ formerly claimed] they were able to decrypt Signal encryption. However, the article details were later removed <ref>https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/</ref> because it {{Twitter_link|moxie/status/1337434126186553345|was debunked by Moxie Marlinspike}} (co-founder and currently CEO of Signal Messenger), [https://twitter.com/Snowden/status/1338859880384368641 Edward Snowden]([https://nitter.net/Snowden/status/1338859880384368641 Nitter]), and [https://twitter.com/FiloSottile/status/1341358429873553408 Filippo Valsorda]([https://nitter.net/FiloSottile/status/1341358429873553408 Nitter]). Signal also [https://signal.org/blog/cellebrite-and-clickbait/ officially] responded to this false claim.

Note: cryptographer Bruce Schneier wrote an article about this issue in his blog entitled "Cellebrite Can Break Signal", but he later [https://www.schneier.com/blog/archives/2020/12/cellebrite-can-break-signal.html apologized] for his erroneous post.

= Signal Delayed Updating Their Server Code On Time =

Signal server code been [https://github.com/signalapp/Signal-Android/issues/11101 delayed] to get updated to prevent spammers from gleaning the new anti-spam measures the company planned to enact (According to the [https://signal.org/blog/new-year-new-ceo/ previous] signal CEO Moxie Marlinspike <ref>https://github.com/signalapp/Signal-Android/issues/11101#issuecomment-815400676</ref> <ref>https://www.xda-developers.com/signal-updates-public-server-code/#update1</ref>).

= See Also =
* [[Mobile Phone Security]]
* [https://www.whonix.org/wiki/Phone_Number_Validation Phone Number Validation vs User Privacy]

= Footnotes =

{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]