Send Signal Messages with [[:Template:Project name]]

From Kicksecure
Revision as of 16:28, 30 November 2021 by Nurmagoz (talk | contribs)
Jump to navigation Jump to search
Signal Logo

Introduction

Signalarchive.org iconarchive.today icon is a well-respected, free, open source, cross-platform encrypted messaging service. It supports individual and group messages (files, voice notes, images and video) as well as one-to-one voice and video calls. All communications are encrypted end-to-end for security, and mechanisms exist to independently verify the identity of contacts as well as the integrity of the data channel. The encryption keys are generated and stored at the endpoints (user devices), rather than by the servers. Both the client and server code is openly published, and the software is recommended by noted privacy advocates Edward Snowden and Bruce Schneier, among others. This is due to the strong architecture and limited metadata available in the ecosystem. [1] [2] [3]

It is possible to install the standalone Signal Desktop application versionarchive.org iconarchive.today icon for Linux in Template:Workstation product name, and tunneling the application over the Tor network. However, this configuration is not recommended because although the traffic will be routed over the Tor network, Signal requires the user provide a phone number for verification. [4] See Phone Number Validation vs User Privacy.

Info COMMUNITY SUPPORT ONLY : THIS WHOLE WIKI PAGE is only supported by the community. Kicksecure developers are very unlikely to provide free support for this content. See Community Support for further information, including implications and possible alternatives.

Anonymity Specific

The mandatory linkage of the desktop software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of Signal in Template:Project name with a user's real identity, even if a secondary phone number is used as a limited workaround. Notably, to date Signal has ignored user requests to enable registration with an email account as a possible alternative. For this reason alone, alternative options like Gajim and HexChat should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice -- see below for Template:Project name instructions.

Prerequisites

Signal must already be installed on your Android or iOS device -- first follow the download instructionsarchive.org iconarchive.today icon on the Signal homepage if required. [5]

It is also recommended to create a separate Template:Workstation product name that is only used for Signal because these instructions require the enabling of the Ubuntu Xenial repository for the desktop client. [6] The Signal developers do not maintain specific versions for other distributions, which is why Ubuntu is defaulted to.

Install the Signal Desktop Client

This configuration allows the standalone Signal desktop client to link with the mobile device and send/receive messages from a laptop or desktop computer. [7] As of late-2020, the desktop application also now supports one-to-one voice and video conversations. [8] After launching the desktop client, it must be linked with the (mobile) phone. Be aware that messages are synchronized with Signal on the mobile phone.

warning Security warning: Adding a third party repository and/or installing third-party software allows the vendor to replace any software on your system. Including but not limited to the installation of malware, deleting files and data harvesting. Proceed at your own risk! See also Foreign Sources for further information. For greater safety, users adding third party repositories should always use Multiple Kicksecure to compartmentalize VMs with additional software.

Kicksecure default admin password is: changeme Documentation in the Kicksecure wiki provides guidance on adding third-party software from different upstream repositories. This is especially useful as upstream often includes generic instructions for various Linux distributions, which may be complex for users to follow. Additionally, documentation Kicksecure usually has a higher focus on security, digital software signatures verification.

The instructions provided here serve as a "translation layer" from upstream documentation to Kicksecure, offering assistance in most scenarios. Nevertheless, it's important to acknowledge that upstream repositories, software may undergo changes over time. Consequently, the documentation on this wiki might need occasional updates, such as revised signing key fingerprints, to stay current and accurate.

Please note, this is a general wiki template and may not apply to all upstream documentation scenarios.

Users encountering issues, such as signing key problems, are advised to adhere to the Self Support First Policy and engage in Generic Bug Reproduction. This involves attempting to replicate the issue on Debian bookworm, contacting upstream directly if the issue can be reproduced as such problems are likely unspecific to Kicksecure. In most cases, Kicksecure is not responsible for, nor capable of resolving, issues stemming from third-party software.

For further information, refer to Introduction, User Expectations - What Documentation Is and What It Is Not.

Should the user encounter bugs related to third-party software, it is advisable to report these issues to the respective upstream projects. Additionally, users are encouraged to share links to upstream bug reports in the Kicksecure forums and/or make edits to this wiki page. For instance, if there are outdated links or key fingerprints in need of updating, please feel free to make the necessary changes. Contributions aimed at maintaining the currentness and accuracy of information are highly valued. These updates not only improve the quality of the wiki but also serve as a useful resource for other users.

The Kicksecure wiki is an open platform where everyone is welcome to contribute improvements and edits, with or without an account. Edits to this wiki are subject to moderation, so contributors should not worry about making mistakes. Your edits will be reviewed before being made public, ensuring the integrity and accuracy of the information provided.

1. Add the Signal GPG key to the APT keyrings. [9]

To add the signing key, follow steps A to C.

A. Securely download the key.

Kicksecure

If you are using Kicksecure (kicksecure), run.

Click = Copy Copied to clipboard! scurl-download https://updates.signal.org/desktop/apt/keys.asc

Qubes

If you are using a Qubes Template (kicksecure-17), run. [10] [11]

Click = Copy Copied to clipboard! scurl-download --proxy http://127.0.0.1:8082/ https://updates.signal.org/desktop/apt/keys.asc

B. Display the key's fingerprint.

Optional for better security. If you are interested, click on Expand on the right.

C. Copy the signing key to the APT keyring folder. [14]

Click = Copy Copied to clipboard! sudo cp keys.asc /usr/share/keyrings/signal-desktop-keyring.asc

2. Add the Signal third-party APT repository. [15] [16] [17]

Click = Copy Copied to clipboard! echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.asc] tor+https://updates.signal.org/desktop/apt xenial main' | sudo tee /etc/apt/sources.list.d/signal-xenial.list

3. Install Signal.

Install package(s) signal-desktop following these instructions

1 Platform specific notice.

2 Update the package lists and upgrade the systemOnion network Logo.

Click = Copy Copied to clipboard! sudo apt update && sudo apt full-upgrade

3 Install the signal-desktop package(s).

Using apt command line --no-install-recommends optionOnion network Logo is in most cases optional.

Click = Copy Copied to clipboard! sudo apt install --no-install-recommends signal-desktop

4 Platform specific notice.

  • Kicksecure: No special notice.
  • Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per Qubes Template ModificationOnion network Logo.

5 Done.

The procedure of installing package(s) signal-desktop is complete.

4. Done.

The process of installing Signal is complete.

5. Note.

Start Signal

Inside Template:Workstation product name (Template:Workstation product name vm).

To launch Signal, run.

Click = Copy Copied to clipboard! signal-desktop

Figure: Signal Desktop in Template:Project name

Claims That Signal Encryption Is Broken

Cellebritearchive.org iconarchive.today icon formerly claimedarchive.org icon they were able to decrypt Signal encryption. However, the article details were later removedarchive.org iconarchive.today icon because it was debunked by Moxie Marlinspikearchive.org iconarchive.today icon (co-founder and currently CEO of Signal Messenger) , Edward Snowdenarchive.org iconarchive.today icon, and Filippo Valsordaarchive.org iconarchive.today icon. Signal also officiallyarchive.org iconarchive.today icon responded to this false claim.

Note: cryptographer Bruce Schneier wrote an article about this issue in his blog entitled "Cellebrite Can Break Signal", but he later apologizedarchive.org iconarchive.today icon for his erroneous post.

See Also

Footnotes

  1. https://en.wikipedia.org/wiki/Signal_%28software%29archive.org iconarchive.today icon
  2. For additional Signal features, see: Wikipedia: Signal (software) - Featuresarchive.org iconarchive.today icon
  3. Signal blogarchive.org iconarchive.today icon:

    By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.

  4. The number can be different form the device's SIM card; it can be a landline or VOIP number, so long as the user can receive the verification code and possesses a separate device to set up the software.
  5. Also see: Installing Signalarchive.org iconarchive.today icon.
  6. Common advice is to not mix repositories from related distributions like Ubuntu and Debian, since this can cause system instability.
  7. https://www.signal.org/blog/standalone-signal-desktop/archive.org iconarchive.today icon
  8. https://github.com/signalapp/Signal-Desktop/releases/tag/v1.35.1archive.org iconarchive.today icon
  9. https://github.com/freedomofpress/ansible-role-signal-desktoparchive.org iconarchive.today icon
  10. Using Qubes UpdatesProxy (http://127.0.0.1:8082/archive.org iconarchive.today icon) because Qubes Templates are non-networked by Qubes default and therefore require UpdatesProxy for connectivity. (APT in Qubes Templates is configured to use UpdatesProxy by Qubes default.)
  11. Even more secure would be to download the key Disposable and then qvm-copyarchive.org iconarchive.today icon it to the Qubes Template because this would avoid curl's attack surface but this would also result in even more complicated instructions.
  12. Even more secure would be to display the key in another Disposable because this would protect the Template from curl's and gpg's attack surface but this would also result in even more complicated instructions.
  13. Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
  14. https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302archive.org iconarchive.today icon
  15. https://signal.org/downloadarchive.org iconarchive.today icon
  16. https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302archive.org iconarchive.today icon
  17. See this for a comment why tor+ is useful even inside Template:Project name.
Notification image
Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

Retrieved from "https://www.kicksecure.com/w/index.php?title=Signal&oldid=52666"