Send Signal Messages over Tor with Whonix
From Whonix
| About this Signal Page | |
|---|---|
| Support Status | stable |
| Difficulty | medium |
| Maintainer | Patrick |
| Support | Professional Support |
Contents
Introduction[edit]
Signal [archive] is a well-respected, free, open source, cross-platform encrypted messaging service. It supports individual and group messages (files, voice notes, images and video) as well as one-to-one voice and video calls. All communications are encrypted end-to-end for security, and mechanisms exist to independently verify the identity of contacts as well as the integrity of the data channel. The encryption keys are generated and stored at the endpoints (user devices), rather than by the servers. Both the client and server code is openly published, and the software is recommended by noted privacy advocates Edward Snowden and Bruce Schneier, among others. This is due to the strong architecture and limited metadata available in the ecosystem. [1] [2] [3]
It is possible to pair Signal with Whonix ™ by installing the standalone Signal Desktop application [archive] for Linux in Whonix-Workstation ™, and tunneling the application over the Tor network. However, this configuration is not recommended because although the traffic will be routed over the Tor network, Signal requires the user provide a phone number for verification. [4]
The mandatory linkage of the desktop software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of Signal in Whonix ™ with a user's real identity, even if a secondary phone number is used as a limited workaround. Notably, to date Signal has ignored user requests to enable registration with an email account as a possible alternative. For this reason alone, alternative options like Gajim, HexChat and Tox should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice -- see below for Whonix instructions.
Prerequisites[edit]
Signal must already be installed on your Android or iOS device -- first follow the download instructions [archive] on the Signal homepage if required. [5]
It is also recommended to create a separate Whonix-Workstation ™ that is only used for Signal because these instructions require the enabling of the Ubuntu Xenial repository for the desktop client. [6] The Signal developers do not maintain specific versions for other distributions, which is why Ubuntu is defaulted to.
Install the Signal Desktop Client[edit]
This configuration allows the standalone Signal desktop client to link with the mobile device and send/receive messages from a laptop or desktop computer. [7] As of early-2019, the desktop application does not support voice or video calling. After launching the desktop client, it must be linked with the (mobile) phone. Be aware that messages are synchronized with Signal on the mobile phone.
In Linux, the Signal desktop client is available for both 64-bit Debian and Ubuntu, as well as other distributions supporting APT. The APT repository signing key has been sourced from the following address [archive]; at the time of writing (2019), the full GPG fingerprint is: DBA36B5181D0C816F630E889D980A17457F6FB06. [8]
1. Add the Signal GPG key to the APT sources keyring.
sudo apt-key --keyring /etc/apt/trusted.gpg.d/signal.gpg adv --keyserver hkp://qdigse2yzvuglcix.onion --recv-keys DBA36B5181D0C816F630E889D980A17457F6FB06
2. Create a signal starter script ~/signal-start.
Open ~/signal-start in an editor as a regular, non-root user.
If you are using a graphical environment, run.
mousepad ~/signal-start
If you are using a terminal, run.
nano ~/signal-start
3. Paste the following text. [9]
#!/bin/bash set -x set -e echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee /etc/apt/sources.list.d/signal-xenial.list sudo apt-get update sudo apt-get install --yes signal-desktop signal-desktop
4. Make the file executable.
chmod +x ~/signal-start
5. Install and start Signal from command line.
~/signal-start
Done.
To launch Signal in the future, run.
signal-desktop
Footnotes / References[edit]
- ↑ https://en.wikipedia.org/wiki/Signal_%28software%29 [archive]
- ↑ For additional Signal features, see: Wikipedia: Signal (software) - Features [archive]
- ↑ Signal blog [archive]:
By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.
- ↑ The number can be different form the device's SIM card; it can be a landline or VOIP number, so long as the user can receive the verfication code and possesses a separate device to set up the software.
- ↑ Also see: Installing Signal [archive].
- ↑ Common advice is to not mix repositories from related distributions like Ubuntu and Debian, since this can cause system instability.
- ↑ https://www.signal.org/blog/standalone-signal-desktop/ [archive]
- ↑ https://github.com/freedomofpress/ansible-role-signal-desktop [archive]
- ↑ https://signal.org/download [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Did you know that anyone can edit the Whonix wiki [archive] to improve it?
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.