Tech for the People Guide to Securing Signal

Tech for the People Guide to Securing Signal

Whenever I talk to people about digital security, one of the most basic things I recommend is moving your text messaging to Signal. It’s one of the most well-known secure messaging systems, for good reason. While some other platforms including iMessage and WhatsApp may encrypt the content of a message from eavesdroppers, Signal also protects the metadata: Who you’re talking to, how often you talk, when you send and receive messages and so on

Other companies also work closely with the FBI and other law enforcement agencies and will hand over the information they have. Their products are closed source so security researchers can’t independently audit them to find flaws. On the other hand, Signal’s protocol is available for researchers to look at, and Signal keeps next to no information about its users. In 2016, Open Whisper Systems (the company that makes Signal) was forced to hand over information about two users. OWS complied – and the only info they had to hand over was the times the account was created, and the last time it connected to Signal’s servers. Compare that to what Apple or Google or Facebook have: The dates and times of every message you send, who you’re talking to, and more.

While Signal helps protect you and your communications by default, there are a few steps you can take to make it more secure for you and those you talk to.

Installing Signal

The first step is to install Signal if you don’t have it. You can search your App Store (iPhone, Android) but I recommend going to Signal’s website and find the download link for your device. This avoids scam apps pretending to be Signal.

Once you have Signal, make sure to keep it updated as new features are regularly added.

Step 1: Privacy Settings

Once you’ve got Signal installed and set up, tap your initials in the top left and then tap the Privacy button. Here’s an overview of some settings you might want to change:

Read Receipts: Turn this on to let others know that you’ve read their messages. You’ll also be able to see when people have read your messages. If you don’t want people to know when you’ve seen their messages – or that you’re leaving them on read, turn this off.

Typing Indicators: Turn this on to let others know that you’re typing a message, and to see when others are doing the same.

Generate Link Previews: Turn this on for Signal to show you an image of the website when someone sends you a link. Attackers may try to use this in creative ways, so keep it off. And don’t click links from unknown or untrusted contacts.

Always Relay Calls: If you’re having phone calls with someone you don’t know or trust, this helps hide your IP address, which could expose your general location or information about your device. Turn it on if you’re going to have a call with an unknown or untrusted contact.

Show Calls in Recents: Turn this on to have phone calls you take in Signal show up in your phone’s regular call list.

Change your PIN and PIN Reminders: When you set up Signal, you’ll be asked to set up a PIN. Make this something you’ll remember: If you switch phones, you’ll be able to recover your Signal contacts and settings. If you don’t set a PIN or you forget it, you’ll lose access to those.

Registration Lock: This is very important to turn on and use in conjunction with your PIN! By enabling Registration Lock, someone will need to know your Signal PIN to register your phone number on another phone.

Screen Lock: Turn this on to require your phone’s passcode when opening Signal. It adds an extra layer of protection if your phone is taken from you while it’s unlocked.

Screen Lock Timeout: This sets how long of a delay there is before you have to unlock Signal again. Set it as low as possible for yourself.

Enable Screen Security: When flipping through your app switcher, Signal will show a blank with the app’s logo screen instead of a preview of your messages. Turn this on.

Sealed Sender Display Indicators: Enable this to add an extra layer of privacy around who’s sending you messages.

Allow from Anyone: Turn this on unless you deal with frequent abuse by unknown contacts on Signal.

Step 2: Notification Settings

Back in the main settings menu in Signal, tap Notifications and then Show. You have 3 options here:

Name, Content and Actions: This is the most convenient, but also shows the text of a message, the sender’s name, the group name if it’s a group conversation to anyone who’s looking at your lock screen.

Name Only: Only shows the name of the sender when you get a new message.

No Name or Content: The least convenient but the most secure if someone’s looking at your lock screen: Just shows that you have a new message in Signal, but not who it’s from or what it says.

Disappearing Messages

In any chat, you can set messages to automatically delete themselves for you and everyone in the chat by tapping the name at the top and turning on Disappearing Messages. The time can be set to 5, 10 or 30 seconds; 1, 5 or 30 minutes; 1, 6 or 12 hours; 1 day or 1 week.

The countdown for the message disappearing is different for each person in the chat: It starts when the person has seen the message.

Contact

info@techforthepeople.org

Misc