Send Signal Messages over Tor with Whonix

From Whonix

About this Signal Page
Support Status stable
Difficulty medium
Maintainer Patrick
Support Professional Support


Signal is a well-respected, free, open source, cross-platform encrypted messaging service. It supports individual and group messages (files, voice notes, images and video) as well as one-to-one voice and video calls. All communications are encrypted end-to-end for security, and mechanisms exist to independently verify the identity of contacts as well as the integrity of the data channel. The encryption keys are generated and stored at the endpoints (user devices), rather than by the servers. Both the client and server code is openly published, and the software is recommended by noted privacy advocates Edward Snowden and Bruce Schneier, among others. This is due to the strong architecture and limited metadata available in the ecosystem. [1] [2] [3]

Ambox warning pn.svg.png It is possible to pair Signal with Whonix ™ by installing the standalone Signal Desktop application for Linux in Whonix-Workstation ™, and tunneling the application over the Tor network. However, this configuration is not recommended because although the traffic will be routed over the Tor network, Signal requires the user provide a phone number for verification. [4]

The mandatory linkage of the desktop software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of Signal in Whonix ™ with a user's real identity, even if a secondary phone number is used as a limited workaround. Notably, to date Signal has ignored user requests to enable registration with an email account as a possible alternative. For this reason alone, alternative options like Gajim, HexChat and Tox should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice -- see below for Whonix instructions.


Signal must already be installed on your Android or iOS device -- first follow the download instructions on the Signal homepage if required. [5]

It is also recommended to create a separate Whonix-Workstation ™ that is only used for Signal because these instructions require the enabling of the Ubuntu Xenial repository for the desktop client. [6] The Signal developers do not maintain specific versions for other distributions, which is why Ubuntu is defaulted to.

Install the Signal Desktop Client[edit]

This configuration allows the standalone Signal desktop client to link with the mobile device and send/receive messages from a laptop or desktop computer. [7] As of early-2019, the desktop application does not support voice or video calling. After launching the desktop client, it must be linked with the (mobile) phone. Be aware that messages are synchronized with Signal on the mobile phone.

In Linux, the Signal desktop client is available for both 64-bit Debian and Ubuntu, as well as other distributions supporting APT. The APT repository signing key has been sourced from the following address; at the time of writing (2019), the full GPG fingerprint is: DBA36B5181D0C816F630E889D980A17457F6FB06. [8]

1. Add the Signal GPG key to the APT sources keyring.

sudo apt-key --keyring /etc/apt/trusted.gpg.d/signal.gpg adv --keyserver hkp://qdigse2yzvuglcix.onion --recv-keys DBA36B5181D0C816F630E889D980A17457F6FB06

2. Create a signal starter script ~/signal-start.

Open ~/signal-start in an editor as a regular, non-root user.

If you are using a graphical environment, run.

mousepad ~/signal-start

If you are using a terminal, run.

nano ~/signal-start

3. Paste the following text. [9]

set -x
set -e
echo "deb [arch=amd64] xenial main" | sudo tee /etc/apt/sources.list.d/signal-xenial.list
sudo apt-get update
sudo apt-get install --yes signal-desktop

4. Make the file executable.

chmod +x ~/signal-start

5. Install and start Signal from command line.



To launch Signal in the future, run.


Footnotes / References[edit]

  2. For additional Signal features, see: Wikipedia: Signal (software) - Features
  3. Signal blog:

    By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.

  4. The number can be different form the device's SIM card; it can be a landline or VOIP number, so long as the user can receive the verfication code and possesses a separate device to set up the software.
  5. Also see: Installing Signal.
  6. Common advice is to not mix repositories from related distributions like Ubuntu and Debian, since this can cause system instability.

No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.

Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.

Random News:

Have you read our Documentation, Technical Design and Developer Portal links yet?

https | (forcing) onion

Follow: Twitter | Facebook | | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.