Send Signal Messages over Tor with Whonix
|About this Signal Page|
Signal is a well-respected, free, open source, cross-platform encrypted messaging service. It supports individual and group messages (files, voice notes, images and video) as well as one-to-one voice and video calls. All communications are encrypted end-to-end for security, and mechanisms exist to independently verify the identity of contacts as well as the integrity of the data channel. The encryption keys are generated and stored at the endpoints (user devices), rather than by the servers. Both the client and server code is openly published, and the software is recommended by noted privacy advocates Edward Snowden and Bruce Schneier, among others. This is due to the strong architecture and limited metadata available in the ecosystem.   
The mandatory linkage of the desktop software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of Signal in Whonix ™ with a user's real identity, even if a secondary phone number is used as a limited workaround. Notably, to date Signal has ignored user requests to enable registration with an email account as a possible alternative. For this reason alone, alternative options like Gajim, HexChat and Tox should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice -- see below for Whonix instructions.
It is also recommended to create a separate Whonix-Workstation ™ that is only used for Signal because these instructions require the enabling of the Ubuntu Xenial repository for the desktop client.  The Signal developers do not maintain specific versions for other distributions, which is why Ubuntu is defaulted to.
Install the Signal Desktop Client
This configuration allows the standalone Signal desktop client to link with the mobile device and send/receive messages from a laptop or desktop computer.  As of early-2019, the desktop application does not support voice or video calling. After launching the desktop client, it must be linked with the (mobile) phone. Be aware that messages are synchronized with Signal on the mobile phone.
In Linux, the Signal desktop client is available for both 64-bit Debian and Ubuntu, as well as other distributions supporting APT. The APT repository signing key has been sourced from the following address; at the time of writing (2019), the full GPG fingerprint is:
To launch Signal in the future, run.
Footnotes / References
- For additional Signal features, see: Wikipedia: Signal (software) - Features
- Signal blog:
By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.
- The number can be different form the device's SIM card; it can be a landline or VOIP number, so long as the user can receive the verfication code and possesses a separate device to set up the software.
- Also see: Installing Signal.
- Common advice is to not mix repositories from related distributions like Ubuntu and Debian, since this can cause system instability.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)