Net Privacy Pro

You probably use instant messaging to stay in touch with your family and friends. With an abundance of mobile messengers available and data leaks happening left and right, it’s important to choose one that keeps you safe online. There is a wide spectrum to choose from, whether you value convenience (as in Telegram) or privacy (like TeleGuard) more. With each messenger there’s a trade-off between these two extremes. Today I’m presenting to you an option that maintains a good balance between both: Messaging Privately with Signal. This article will focus on the Signal app in the Apple app store, but the general guidance applies to the Android app as well.

Signal has been around for more than a decade, and has undergone various transformations since its inception. While it is one of the older messenger apps, it still drives the news with how people use it for online privacy (the FTC and Amazon fighting over disappearing messages). It’s use-case can’t be more current than today though, where online privacy and safety is getting more important all the time. In this article I will guide you through the most prominent features of the messenger, a brief cut through its history, and what options you have to further increase your privacy when using it.

Why Signal is a Great Messenger: An Overview

With many benefits promised by all messengers, it can be tricky to find the one that suits your personal preferences best. Below I’m listing some points that highlight why Signal is a great messenger and why you should give it a go if you’re looking for a new way to instant message.

Minimal Data Retention

As with most instant messengers today, Signal claims to serve content in an end-to-end encrypted fashion. While I’ve discussed that this does not necessarily attest for privacy, Signal aims to retain as little data about yourself as possible. As their Terms of Service & Privacy Policy page claims:

Signal is designed to never collect or store any sensitive information. Signal messages and calls cannot be accessed by us or other third parties because they are always end-to-end encrypted, private, and secure.

Signal Terms of Service & Privacy Policy

Refer to the details of the above link to learn when they need to share at least some of your data. This consists entirely of reasonable cases:

  • To meet any applicable law, regulation, legal process or enforceable governmental request.
  • To enforce applicable Terms, including investigation of potential violations.
  • To detect, prevent, or otherwise address fraud, security, or technical issues.
  • To protect against harm to the rights, property, or safety of Signal, our users, or the public as required or permitted by law.

If you feel comfortable with the above, then Signal’s stance on privacy is right on track for you.

Signal is Free and Open Source Software (FOSS)

Signal is managed as an open source project on GitHub. This means you can see, access, and change the source code at your own disposal. You can even download, adapt, and compile it, and then deploy it to your own devices. The idea here is to give the public insights into how it really works and whether it stands true to its word in terms of functionality and security.

Messages, Media Files, Group Chats and Calls

As with all modern instant messengers, you can exchange text messages and various media file formats with your peers. You can also have group chats and calls – and even group calls! So if your squad wants to hang out to talk virtually, you don’t need to use a dedicated app. You can just start a group call, invite everyone, and start chatting.

Screen Security

If you’ve ever had someone take screenshots of your conversations with them, this one comes as a relieve to you. Signal blacks out the screen when someone tries to take screenshots of your messages. This helps remove any potential leaks from your otherwise private conversations if you talk to untrustworthy peers.

Sealed Senders

There are messengers that don’t record who’s talking to whom. TeleGuard for example never stores this information (all info is deleted once the message is delivered). Signal goes one step further: Sealed Senders means that even the Signal servers don’t know whom a message was sent by. They only store the destination account until the message is delivered. The receiver can then decrypt the message and reveal the sender. This is a nifty feature that greatly reduces your conversation footprint on services’ servers. This option is by default only enabled for contacts you already know. In the Settings screen, you can enable Sealed Senders from anyone if that’s something you desire.

Relay Calls

When you voice or video call someone through most messaging apps, a direct connection between your device and theirs is opened. This has the benefit of reducing latency by connecting directly to the peer’s device instead of going through a server first. The drawback on this is that each peer knows the public IP address of the other peer. In privacy focused scenarios, that’s something you don’t necessarily want. Signal allows to relay your voice and video calls through their servers, effectively obscuring your IP identity from your call partner. This option is disabled by default, but can be enabled easily through the Settings screen.

A Brief History of Signal

Signal’s history is riddled with change, and each step helped it evolve into the go-to private messenger it is today. In the following, I will give you a brief overview of the historical milestones the messenger went through.

2010-2013: The Redphone app, published by Whisper Systems, was Signal’s spiritual predecessor (led by Moxie Marlinspike and Stuart Anderson). This app initially only supported encrypted voice calls, later on encrypted texting was introduced via TextSecure.

2014: Whisper Systems was shut down by Twitter, and Open Whisper Systems merged Redphone and TextSecure into Signal.

2015: The Signal Foundation received $50 million from WhatsApp co-founder Brian Acton. This helped in funding the development of Signal.

2021: Signal saw a significant spike in users after WhatsApp announced changes to its privacy policy, highlighting user concerns over privacy and driving many to look for more secure communication platforms.

Setting up the Signal Messenger on your Phone

After installing the app from the iOS app store, the first thing it will ask for is permissions. Specifically it wants to send you notifications, and use Siri to let it use Signal’s shortcuts via voice. Both are legitimate asks, and if you want Signal to be an obvious application on your phone, you can enable both. If you don’t feel comfortable with allowing these, just disable them – there is no functional difference beyond not getting popups or Siri being unable to use the app.

After that, Signal will ask for your phone number. This is a safety measure as Signal needs to tie your account to a real identity. While other messengers like TeleGuard ditched this kind of verification entirely, Signal makes sure you’re not a random bot this way.

If in this process you’d like to bypass the prying eyes of your ISP, you can set up a proxy for the app even before starting the verification process. This way, not a single communication between you and the Signal servers will go un-proxied. Once you entered your phone number, you will receive an SMS with the verification code. Enter this, and your account is set up.

After your account was validated, you get the chance to choose a first/last name and set a profile picture. This is entirely optional. Also you can directly decide whether other people can find you by phone number or not. This is useful, as it increases your phone number privacy by a lot.

Finally, you get to choose a PIN with which you can secure access your account should you lose access to it (together with your phone number).

After this step, you can finally start using the app. The Chats view greets you with an empty chat log and a hint were you can start your first chat.

From here on, Signal behaves pretty much like any other instant messenger. It gives you helpful hints for how to get started, allows you to make calls, and you can post Stories, which is equivalent to the status updates on WhatsApp.

Making Contact

The easiest way to get in touch with others in Signal is by sending a direct message. You can find users by their username or their phone number (if they have enabled that). Alternatively, you can create a new group and invite users to that, or publish a public story and hope for others to react to it.

No matter which way you choose, Signal is very accessible in terms of finding chat partners, and you have various options to start a conversation here.

Privacy

When instant messaging with Signal, you can configure your privacy with very fine-grained options through the app. You can decide whether you want to send read receipts or typing indications. Disappearing messages make sure that no-one keeps unwanted records of your conversations.

One particularly interesting feature of Signal is that you can make it less apparent that you use it. You can choose a different app icon (see below under Customization), and can hide it from the app switcher. Few apps allow you to do this, but this way people peeping over your shoulder won’t accidentally see traces of your Signal usage.

There are various other options to customize the privacy features of the messenger, and any user starting out with it is advised to go through this section of the app.

Username

As mentioned above, users can be refered to by their username. To choose a username for yourself, you open the respective section in the Settings screen. Signal will educate you about the benefits of usernames and let’s you choose a custom one. Should that particular name be taken by a different user already, Signal will automatically append a numerical value to it to make it unique.

Once you set up your username, you can identify yourself instead of your phone number. If you set up your privacy settings right, other users won’t see your phone number when they contact you by your username.

Settings

The Settings dialog allows to customize the app’s behavior quite extensively. You can link your app to the Signal desktop app and manage that connection from this dialog. You can also administer your PIN code and how the app downloads data when on Cellular or WiFi.

All in all, you can tailor the app’s behavior to your needs here pretty well.

Notifications

In terms of notifications, you can decide when Signal will notify you, and what it will give away as previews. This is particularly useful when you want to keep sensitive chats hidden.

Besides this, for any contacts you create in Signal, you can decide whether you want to share them with the stock Contacts app on iOS or not. This again is ideal when you want to keep contexts between your phone and your conversations in Signal separate.

Customization

Last but not least (and there’s likely more to explore), you can change how Signal looks on your phone. This can happen for stylistic reasons, but you also can make its presence on your phone less apparent. Mind you though that the app name “Signal” will always be visible on the home screen or app library.

There are more ways you can customize the app and I strongly advise you to look through the different submenus and option screens available in the app.

Supported Platforms

Signal is available for all major platforms. You can download it for mobile (Android, iOS) and as a desktop app (Windows, mac OS, and Linux of you’re Debian-based).

For the desktop apps (as with most instant messengers), you first need to create an account on your mobile device. In a second step, you can then authenticate the desktop app through your mobile client. You can then use your account on both (and more) devices simultaneously.

Payment with MobileCoin

Signal by now integrated its own payment method via MobileCoin (MOB). This cryptocurrency is meant specifically for exchanging funds inside the app and can be purchased (or exchanged for real currency) on common crypto exchanges. At the time of writing, 1 MOB is worth ~0.09EUR (according to Coinbase).

Once you activated the payment method on your app (you explicitly have to agree to its terms of service) you can see your balance, add funds, or send payments. If you want to receive payments, you can share either your wallet address or let the sending party scan your QR code.

Paying via crypto currency has become a common method of exchanging funds if either one or both parties want to stay anonymous. This aligns very well with the general focus of Signal’s privacy minded efforts.

Your Account Data

With all the above, you have guessed right that there is some amount of personal data stored about you. It’s not necessarily stored “in the cloud” (although some is), but also mostly on your device. Nevertheless, you can request a download of the entirety of data in store about you using the “Your Account Data” section in the settings of the iOS Signal app (and likewise for Android).

You can export your account data from the Signal messenger app

Here you can choose whether you want it to be in .txt format to be more human readable, or in .json format to make it more easy for machines to process it. Regardless of the format, the information contained is the same. Below is an example of how the .txt version might look like:

Report ID: 81f3a3ae-9f34-46cb-a0c2-475b03c8xxxx
Report timestamp: 2024-05-08T06:41:03Z

# Account
Phone number: +xxxxxxxxxxxxx
Allow sealed sender from anyone: false
Find account by phone number: false
Badges: None

# Devices
- ID: 1
  Created: 2024-05-08T04:27:08Z
  Last seen: 2024-05-08T00:00:00Z
  User-agent: null

There isn’t much stored about this particular account yet, and your own data may vary. The above poses the bare minimum you can expect, though.

Beyond Texting: Set up your own Signal Server

Signal is not only an app offered to connect to an existing service. The whole idea of Signal is that you can customize every part of it – including how and where the server you connect to is run. For this reason, you can set up your own Signal server rather easily. Below I outline the general steps you need to follow for this purpose.

Step 1: Obtain Server Software

  • Source Code: Signal’s server software is open source and available on GitHub. You can find the server repository at Signal-Server.
  • Documentation: Review the documentation provided in the repository to understand the server’s requirements and architecture.

Step 2: Requirements

  • Hardware: You’ll need a server with sufficient resources (CPU, RAM, storage) to handle the load, depending on the number of users you expect.
  • Software: Java (for the server), PostgreSQL, and Redis are required to run the Signal server. Additionally, you’ll need other services like a message queue (RabbitMQ is recommended).
  • Dependencies: Installation of various dependencies outlined in the project’s README, including setting up external services like AWS S3 for attachments, Twilio for SMS verification, etc.

Step 3: Configuration

  • Server Configuration: Set up and configure all necessary services. Adjust the configuration files of the Signal server to connect these services.
  • SSL Certificates: Secure the server with SSL/TLS certificates. Signal requires HTTPS to ensure all data is encrypted in transit.

Step 4: Set Up the Signal App

  • App Source Code: Obtain the Android and iOS client source code from their respective GitHub repositories (Signal-Android and Signal-iOS).
  • Modifications: Modify the client apps to connect to your server instead of the official Signal servers. This involves changing the server URLs in the app’s source code to point to your custom server.
  • Compilation: Build the apps from the source with these modifications.

Step 5: Deployment

  • Deploy the Server: Once the server setup is complete and running, deploy the server code.
  • Install Custom Apps: Distribute your modified Signal apps to users. They need to install these versions to connect to your server.

Step 6: Maintenance and Updates

  • Maintain: Regularly update both the server and app software to incorporate security patches and new features from the main Signal project.
  • Security: Regularly review security practices to ensure your server and communications remain secure against new vulnerabilities.

Legal and Privacy Considerations

Before installing and launching your server to the public, consider the legal implications of hosting a private messaging service, especially regarding data protection laws and compliance requirements in your jurisdiction.

Setting up a private Signal server and modifying the client apps requires substantial technical skills in server management, app development, and security. It’s a significant commitment to ensuring that the server is secure, reliable, and private, reflective of the responsibilities that Signal as an organization typically handles.

How Signal is Financed

The Signal app comes for free, both the app and the service it connects to. The service finances itself through contributions that allow servers to be run, apps to be maintained, and people to be paid for making sure that everything runs smoothly.

If you find Signal useful for your purpose and have funds to spare for such a purpose, consider contributing to the project.

Conclusion

In the above, I walked you through the intrinsics of the Signal app. I introduced you to the setup, requirements, and general capabilities of the app. For topics like privacy settings, notifications, and chat opportunities, I discussed which options you have. We also briefly touched on MobileCoin, and went through the general steps of setting up a brand new Signal server. By now, you should have a solid idea of what Messaging Privately with Signal really means, and how to get started.

I hope you found the above inspiring. If you want to add your own thoughts and experiences, be sure to comment below to get the conversation started!

Leave a Reply

Your email address will not be published. Required fields are marked *