Actions

Send Signal Messages over Tor with Whonix ™

From Whonix



Signal Logo

Introduction[edit]

Signal [archive] is a well-respected, free, open source, cross-platform encrypted messaging service. It supports individual and group messages (files, voice notes, images and video) as well as one-to-one voice and video calls. All communications are encrypted end-to-end for security, and mechanisms exist to independently verify the identity of contacts as well as the integrity of the data channel. The encryption keys are generated and stored at the endpoints (user devices), rather than by the servers. Both the client and server code is openly published, and the software is recommended by noted privacy advocates Edward Snowden and Bruce Schneier, among others. This is due to the strong architecture and limited metadata available in the ecosystem. [1] [2] [3]

Ambox warning pn.svg.png It is possible to pair Signal with Whonix ™ by installing the standalone Signal Desktop application [archive] for Linux in Whonix-Workstation ™, and tunneling the application over the Tor network. However, this configuration is not recommended because although the traffic will be routed over the Tor network, Signal requires the user provide a phone number for verification. [4]

The mandatory linkage of the desktop software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of Signal in Whonix ™ with a user's real identity, even if a secondary phone number is used as a limited workaround. Notably, to date Signal has ignored user requests to enable registration with an email account as a possible alternative. For this reason alone, alternative options like Gajim,HexChat and Tox should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice -- see below for Whonix ™ instructions.

Community Support Only!:
Info

Community Support Only means Whonix ™ developers are unlikely to provide free support for wiki chapters or pages with this tag. See Community Support for further information, including implications and possible alternatives.

Prerequisites[edit]

Signal must already be installed on your Android or iOS device -- first follow the download instructions [archive] on the Signal homepage if required. [5]

It is also recommended to create a separate Whonix-Workstation ™ that is only used for Signal because these instructions require the enabling of the Ubuntu Xenial repository for the desktop client. [6] The Signal developers do not maintain specific versions for other distributions, which is why Ubuntu is defaulted to.

Install the Signal Desktop Client[edit]

This configuration allows the standalone Signal desktop client to link with the mobile device and send/receive messages from a laptop or desktop computer. [7] As of early-2019, the desktop application does not support voice or video calling. After launching the desktop client, it must be linked with the (mobile) phone. Be aware that messages are synchronized with Signal on the mobile phone.

In Linux, the Signal desktop client is available for both 64-bit Debian and Ubuntu, as well as other distributions supporting APT. The APT repository signing key has been sourced from the following address [archive]; at the time of writing (2019), the full GPG fingerprint is: DBA36B5181D0C816F630E889D980A17457F6FB06. [8]

1. Add the Signal GPG key to the APT sources keyring. 

sudo apt-key --keyring /etc/apt/trusted.gpg.d/signal.gpg adv --keyserver hkp://qdigse2yzvuglcix.onion --recv-keys DBA36B5181D0C816F630E889D980A17457F6FB06

2. Create a signal starter script ~/signal-start.

Open ~/signal-start in an editor as a regular, non-root user.

If you are using a graphical environment, run. 

mousepad ~/signal-start

If you are using a terminal, run. 

nano ~/signal-start

3. Paste the following text. [9] 

#!/bin/bash
set -x
set -e
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee /etc/apt/sources.list.d/signal-xenial.list
sudo apt-get update
sudo apt-get install --yes signal-desktop
signal-desktop

4. Make the file executable. 

chmod +x ~/signal-start

5. Install and start Signal from command line. 

~/signal-start

Done.

Start Signal[edit]

To launch Signal in the future, run. 

signal-desktop

Figure: Signal Desktop in Whonix ™

Signaldesktop.png

Claims That Signal Encryption Is Broken[edit]

Cellebrite [archive]claimed [archive] That they find solution to decrypt signal encryption but the article details was later removed [archive] because it has been debunked/proven to be false claims from Moxie [archive] (co-founder and currently CEO of Signal Messenger) , Edward Snowden [archive] , Filippo Valsorda [archive] and Signal officially [archive] responded to this claim.

Note: Bruce Schneier wrote a topic about that in his blog titled with "Cellebrite Can Break Signal" but he later apologized [archive] for his post.

Footnotes[edit]

  1. https://en.wikipedia.org/wiki/Signal_%28software%29 [archive]
  2. For additional Signal features, see: Wikipedia: Signal (software) - Features [archive]
  3. Signal blog [archive]:

    By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.

  4. The number can be different form the device's SIM card; it can be a landline or VOIP number, so long as the user can receive the verification code and possesses a separate device to set up the software.
  5. Also see: Installing Signal [archive].
  6. Common advice is to not mix repositories from related distributions like Ubuntu and Debian, since this can cause system instability.
  7. https://www.signal.org/blog/standalone-signal-desktop/ [archive]
  8. https://github.com/freedomofpress/ansible-role-signal-desktop [archive]
  9. https://signal.org/download [archive]
Fosshost is sponsors Kicksecure stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg Hacker.news.jpg 200px-Mastodon Logotype (Simple).svg.png

Want to help create awesome, up-to-date screenshots for the Whonix ™ wiki? Help is most welcome!

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=Signal&oldid=64723"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information