📱 Safely use Signal

TYPE	AUDIENCE	PRIORITY	COMPLEXITY	EFFORT	COST	UPDATED
Conduct	🧑	⭐⭐⭐⭐⭐	⭐	🧑🧑	🆓	2021-06-13

Rationale

As Signal is both the most secure app for text messaging and voice/video calls, it is highly recommended to exclusively use this app for your sensitive online conversations.

Instructions

What you should know

• Disappearing Messages - Signal has a feature where messages are automatically removed from your chat history are a delay. If you are keen to keep records of your text messages, then don't use it. But if you can afford not to keep records, this will be better for your privacy as messages which have disappeared can no longer be read if someone manages to get hold of your phone... or anybody else in the chat! So by using the Disappearing messages feature you protect everyone. The time amount you set is the same for everyone, but it only starts counting once the person has first seen the message. So the message typically isn't deleted without the person seeing it. Even if your your timer has run out, their timer might still have to start if they haven't read their messages yet.

1. How to Start an Individual Chat

To send an individual message with Signal:

1. Tap the "pencil" icon in the lower-right corner.
2. This will show your contacts.
   • Note: Your contacts with Signal will show up on top and have a blue-colored letter in the left-most column showing the first letter of their name. Once you scroll down and the letters turn gray, you've reached your contacts which don't have Signal yet. If you only have gray letters, then none of your contacts have Signal yet! See "Be Careful Using Signal For SMS" below.
3. Tap on a contact who has Signal, and start typing.

Note: You have up to 3 hours to delete your message from BOTH phones, after 3 hours you can only delete the message from your own phone.

2. How to Secure an Individual Chat

Now that you have a Chat, you will want to adjust the chat settings to your liking:

1. In your chat view
2. Tap the Person's name / profile to bring up the settings for this chat.
3. Set Disappearing messages to the lowest possible value that is acceptable for both you and your contact. See "What you should know" above for guidance.
4. Choose whether you want notifications for this contact.

3. How to Start a Voice or Video Call

To place an encrypted audio or video call:

1. Select a contact
2. Tap the "phone" or "camera" icon that appears in the upper corner of the screen.
   

Group calls of up to 5 participants are supported.

4. How to Setup a Group Chat

To start a new group chat:

1. Tap the "pencil" icon on the home screen
2. Tap "New Group"
   
3. Select people from your contacts, or directly add people by their phone numbers.
   • Note: When adding new members they will NEVER be able to read any of the previous messages sent in the group.
4. Tap "Next"
5. Enter a group name
6. Tap "Create"
   

5. How to Secure a Group Chat

Now that you have a Group Chat, you will want to adjust the settings to your liking:

1. Set Disappearing messages to the lowest possible value that is acceptable for the group. See "What you should know" above for guidance.
2. Choose whether you want notifications for this group.
3. Decide whether "All Members" or "Only Admins" can add other members and edit group info. If you trust everyone in the group and the topic is non-sensitive, the former is OK, if you are talking with people you don't know and trust personally and or the topic is sensitive, we recommend to only allowing Admins to add new members.
4. If you want people to be able to join the group without directly being invited, you can turn on the Group Link feature.
   • Group links are web links that you can share through other channels (Email, WhatsApp) for members to be linked to your Signal group.
   • We recommend Toggling "Approve New Members" to "On" so you don't get any unexpected people join the group and read new messages..

6. In cases of Emergency, Delete Everything

If you are concerned that your phone will fall into the wrong hands, and you may be coerced to share your PIN codes, you can delete your full chat history:

On 🤖 ANDROID:

1. In Signal, tap your profile
2. Tap "Data and storage"
3. Tap "Manage storage"
4. Tap "Clear message history"
5. Tap "Delete".

On 🍏 iOS:

1. In Signal, tap your profile
2. Tap "Chats"
3. Tap "Clear Chat History"
4. Tap "Delete Everything"
5. Then refresh your Signal contact list. Go to "Pencil" Icon, Compose and pull down on the contact list to refresh.
   

Note: Deleting your messages won't make you leave groups so your membership will still show up.
Note: Deleting all messages only deletes the messages from your own phone, not from your contact's phones.

6. Blur Faces and Restrict Viewership for Sensitive Photos

Before sending sensitive photos through Signal, you can use its built in feature to blur faces.

1. When you're in a chat and either tap the camera to take a new photo, or the "+" button to select an exisiting photo, Signal will bring up the photo in editing mode
2. In the top toolbar, tap the icon as shown below:
   
3. Toggle "Blur Faces" and Signal will automatically blur most faces.
4. For any faces it missed, manually move your finger over their faces to blur them out.
5. Tap "Checkmark" icon to accept the edit.
6. The faces are now blurred.
   
7. Also notice that there's an icon in the bottom left corner, with the infinity symbol - this implies that currently the photos can be viewing 'unlimited' times. If you want to limit the viewership, i.e. automatically delete the photo after a number of viewings, tap the infinity icon to change it to View Once mode. Tap to send the "View Once Media" to your contact
   
8. Your contact will receive the media in a message bubble indicating that there's a Photo inside once they tap on the bubble:
   1. Can open the media (photo/video) once in full screen mode. Closing the view or pressing back deletes the media.
   2. If the disappearing timer runs out before they one it, the media will be deleted
   3. If 30 days pass after sending the image, it's deleted unseen.

Note: If you take a photo from within Signal, it doesn’t automatically save to your "camera roll" or gallery, which means it shouldn't get backed up to your cloud photo library.

7. Linked Devices

It's possible to add multiple devices - see the Signal Guide for linking Signal to a Desktop App on Mac or Windows.

From time to time, you will want to check that there are no unauthorised deviced linked to your Signal (and listening in on your messages):

1. Tap on your profile icon in the main app view to open Settings
2. Tap "Linked Devices"
   
3. Review the linked devices here.
4. Remove any devices which you are not using Signal on, by tapping on them and tapping "Unlink".
   

8. Use Safety Number Feature (Optional)

advanced 👩‍💻 - This is for advanced users, or rather users who are facing adversaries which are advanced enough that they could intercept your encrypted Signal traffic.

Viewing the Safety Number

Signal has a way of verifying whether the connection to your contact is E2EE (End-to-End Encrypted). If it isn't then you know someone is intercepting your messages and you should stop using the channel immediately.

Signal does this through its Safety Number feature:

1. Open a chat with a contact.
2. Tap on the chat header or chat settings
3. Tap "View Safety Number"
4. Now you will be shown a screen that shows a unique safety number pair for you and your contact:
   

Verifying the Safety Number

The basic concept is that if the same number is shown for you and your contact, the connection is e2ee. So you will need to compare the numbers with your contact. Luckily, Signal has made this easy through the use of QR codes. So if you are in the same place, you can use your phones to scan each others code, or if aren't together, you can take a screenshot and send that to your contact for scanning:

1. On your contact's phone, ask them to navigate to the same "Verify safety number" view.
2. On your contact's phone, tap the QR code and the phone should turn into a scanner.
3. Ask them to scan the QR code on your phone, or scan the screenshot you shared with them.
4. If the scan worked and your safety number is verified, Signal will inform you and you can mark the contact as Verified.

If you don't have the ability to scan QR codes or can't make a screenshot, you can either read out the numbers to each other to confirm they are the same, or share the numbers with the "Share" icon, and then manually setting the toggle to "Verified" if the numbers are the same.

The Safety Number in Practice

While your contact is correctly marked as "Verified", Signal knows and confirms that the connection is E2EE and you are indeed communicating with who you think you are communicating.

If someone receives a message that "Your Safety Number with NAME OF CONTACT has changed" it can mean that they:

1. Either you or your contact reinstalled Signal
2. Either you or your contact installed Signal on a different device
3. ... There is someone tampering with your communication.

If the safety number changes, you will want to talk with your contact via a channel where you can verify it is really them (for example over voice/video call or in person), and ask them whether they changed their Signal install, if it wasn't you. If they did change their install, then the changed safety number is expected, as the whole point of the number is to uniquely identify two instances of Signal to each other - since the instances have changes, the security number changed as well.

If neither you or your contact changed your Signal install, see if you can verify the new number. If the numbers don't match, something if wrong with the connection and it can no longer be trusted.

9. Be Careful Using Signal For SMS

Signal can be configured as your default SMS app on Android (but not on iOS). In your contact list, both Signal contacts and non-Signal contacts will be displayed. But note that Signal's security benefits only apply to conversations when both people use the Signal app.

Chat screens with contacts who ARE using Signal, it will look like this:

Chat screens with contacts who are NOT using Signal will look like this:

The benefit of using Signal for your SMSes is that your SMS messages will also be locked behind Signal app's PIN code, the downside is that you may accidentally send SMS messages to you contacts who are not yet on Signal.

Decide whether you think you will be able to distinguish between a "Signal Contact" and an "Unsecure SMS Contacts", and if you want to setup Signal for SMS, to setup on 🤖 ANDROID:

1. In Signal, tap your profile image
2. Tap "Chats"
3. Tap "SMS and MMS"
4. Tap "Use as default SMS app" if it says "Disabled", and select it from the next list. If it already says "Enabled", you are already done.

Remember that you want to 📱 Avoid Text Messages over SMS, so be careful not to accidentally send messages via SMS.

Sources : Wired, TomsGuide, PocketLint