Tips for Signal

Increase your privacy and freedom with these quick and easy tips.

Tips for Signal

Signal is flawed in that it’s centralized on Amazon servers, requires a phone number, and can not be self-hosted. However regular SMS is so horrible, and Signal is so intuitive for new users, that telling people not to use it likely does more harm to privacy than good.

Signal also recently announced that in the future there will be usernames, but this is still in beta and requires a phone number in the beta. The beta version can not communicate with the alpha version, so we’ll have to wait for usernames to be mainstream. In the meantime, here are some tips to improve:

1) Turn off read receipts


Signal has a system called “Sealed Sender” to hide metadata, but it’s flawed. It works by putting the metadata of who sent the message inside the encrypted packets. However, cybersecurity researchers from the University of Colorado Boulder, Boston University, George Washington University, and U.S. Naval Academy, found that Sealed Sender could be compromised by a malicious cloud host in as few as 5 messages to reveal who is communicating with who. In this paper published by NDSS, headed by Ian Martiny, these researchers found that Signal’s “read receipts”, which lets the sender know that the receiver got the message, can be used as an attack vector to analyze traffic. This is because read receipts send data packets right back to the sender.

Source:

https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-4_24180_paper.pdf

Therefore, our recommendation to increase metadata protection is turn off read receipts, which can be toggled in the security settings.

2) Don’t use an American phone number


In an earlier post on burner numbers, we talked about burner crypto text services, such as virtualsim.net which allow you to pay a tiny bit of crypto for a 1 time SMS code. If you can be anywhere in the world, why would you pick a jurisdiction that’s hostile to privacy? You can reach us on our Cambodian line! Remember that spacing matters on Signal. It’s counting +4 4 and +44 as different countries.

3) Use Signal only for people you know


Signal has poor metadata protection because your real life friends likely don’t have DeGoogled phones, so they’ll save your burner Cambodian line as your real name in their contact list, and then their contact list syncs with Google or iCloud and your anonymity is blown.

So if you want to hide that you’re even talking to someone, then use SimpleX, Session, XMPP, or one of the many other options.

4) You can have multiple profiles with different numbers


With GrapheneOS you can have different user profiles with new numbers, or even within the same user profile on a Work one. If you use a 2nd Work Profile number, just remember that the Amazon server can see two numbers pinging for messages from the same IP, so set your VPN to the largest city you can to disguise and don’t change cities/countries on both accounts at the same time. You could use numbers from different countries to throw them off too, but at the end of the day, Amazon would probably see that your Cambodian and Ohio identities both wake up at the exact same time every day.


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push

Related Posts

SimpleX is under attack by corrupt Wired

SimpleX is under attack by corrupt Wired

But what DOES surprise me is the reaction of developer Evgeny Poberezkin

[SP]

Oct 4, 2024

Why is Telegram horrible

Why is Telegram horrible

It’s popular but actually horrible for privacy and decentralization. Let’s dive into the reasons

[SP]

Jun 16, 2024

Spain has banned Telegram. Defending Session

Spain has banned Telegram. Defending Session

Session messenger gets a lot of criticism, but many of these arguements are not that strong.

[SP]

Mar 23, 2024

Signal Usernames for DESKTOP just rolled out

Signal Usernames for DESKTOP just rolled out

Learn how to get it now. And we've created a SP Signal Group.

[SP]

Feb 29, 2024