*Legal disclaimer: I am not a lawyer and this is not legal advice. I am an artist and designer, I am not claiming this is the whole truth or the only truth about this subject; the things I say here are based on my experience and research. Also, I am not advocating any of this information be used in the perpetration of a crime, and I am not instructing, soliciting or condoning the perpetration of a crime. Also, I have not been paid or sponsored by any of the services mentioned herein.*
Signal is a very popular encrypted messaging app made by Open Whisper Systems. It’s probably the most widely adopted encrypted messaging platform right now. Signal is a pretty well rounded, secure and easy to use application. Its purpose is to provide end-to-end encryption for its users, and it is pretty much unparalleled in terms of balance between usability and security. Signal shares many features with more common messengers which aren't security and privacy oriented, which makes it approachable for those who don't have the capacity, energy or time to devote themselves to learning more complex software with less functional UI. These qualities make signal a great option, though Signal is far from the most bulletproof secure and private communication platform (it's still pretty damn good). I have some issues with specific functions of Signal, but it’s undeniably the strongest contender for its audience.
Signal has been used by activists, organizers and others seeking privacy for years, but it has become much more widely adopted this year. This is really exciting because it means more people can communicate within Signal’s encrypted ecosystem.
In the privacy tech world, “hardening” means fortifying a pre-existing program against security and privacy threats. Basically hardening is changing settings and configuration to make the most of an app or software (or device). We can easily use Signal with all it's default configurations, but we will get more security and value from Signal by making a few changes to the settings to “harden" the app. These are my recommendations for settings in Signal. As with all things privacy and security related, there are infinite interpretations of what the “best” way to do something is, so I’m not saying these are the “best” Signal settings — they’re just what I use based on my experience and research. Take each with a grain of salt and tailor your use to your threat model first and foremost. These settings may appear different to iPhone users, as iOS allows slightly less customization. These are pulled from Signal version 4.76.3 running on CalyxOS.
Settings>Privacy
>App Access
• Screen Lock - ON
• Screen Lock Inactivity timeout - 30s-1m
◇ I always keep screen lock on. I recommend 1 minute or 30 second timeout so that whenever you set your phone down for a moment it locks. This will inhibit an adversary from accessing your Signal messages even if your phone is unlocked.
• Screen Security (Block screenshots in recents list and inside app) - ON
◇ I always keep screen security on. This is intended to prevent bad actors from screenshotting/recording anything inside Signal. The only time I ever would turn this off is if I absolutely had to screenshot something within Signal, and I would immediately turn it back on when I was done.
• Incognito Keyboard (request keyboard to disable personalized learning) - ON
◇ Incognito keyboard is a must. I don’t want any other app/process seeing what I type in Signal as that would defeat the purpose of using Signal. This setting basically just disables your phone keyboard’s ability to record and learn from your keystrokes.
>Communication
• Always relay calls - ON
◇ I prefer to relay all Signal calls through the Signal servers, even though I also use other methods to obfuscate my IP. This will ideally prevent an adversary from exploiting Signal to learn your IP. This only applies to calls made from within Signal, it doesn’t route all your phone calls through Signal.
• Read Receipts - OFF
◇ I never use read receipts. I don't think it's helpful/necessary to share more information about what I am doing with any person I talk to. Not a really big deal in terms of security risk, but in terms of privacy I generally try to operate by the philosophy that sharing less information is always better.
• Typing Indicators - OFF
◇ Again, I don't think it's helpful/necessary to share more information about what I am doing with any person I talk to. If I'm typing, they'll know when they get the message lol.
• Generate Link Previews - OFF
◇ Link previews can seem helpful and convinient, but they’re a possible attack surface. Shortened links can also expose you to malware and IP data collection. It’s generally best practice to never click a redirect/shortened link without using a tool to view what it redirects to. One such tool is unshort.link which will show you the link you’re being redirected to, meaning your IP is never exposed to the redirect service.
>Sealed Sender
Sealed sender is an interesting option in Signal that’s not offered by many of their peers. It means that Signal allows the sending of messages without metadata of the sender being exposed to the receiving party. This is basically like sending an envelope with no return address. One of my main issues with Signal is that it relies on phone numbers to indentify users. I greatly prefer when platforms allow the user to set a unique username or identify with a random ID number. Sealed sender is Signal’s way of partially circumventing that vulnerability for the moment, until they figure out a way to avoid the use of phone numbers entirely. I keep sealed sender on for everyone, so I can use this function of Signal to communicate.
• Display Indicators - ON
◇ This tells you if
• Allow from anyone - ON
◇ This setting is up to you - I keep it on because it means anyone can have the option of more private/secure way to message me, but do what works best for you.
>Signal PIN
I highly recommend setting a PIN for Signal. The PIN is used to lock Signal when you’re not using it, but also for registration lock which prevents someone from using a SIM swapping attack to register your number with Signal so they can receive messages intended for you. This is crucial. Signal has gotten into some controversy for storing the PIN numbers on their servers for verification, but all-in-all I think the benefits of a PIN on Signal are worth the very slight risk.
• Change your pin (N/A)
◇ This option is obviously only relevant if you want to change your PIN. If you feel your PIN has been compromised or you accidentally used the same PIN for a different account/device, it might be time to change it.
• PIN Reminders - ON
◇ These will help you remember your PIN. It should be something you've never used for any other account/device, which can be tricky to remember. Having consistent reminders which won't lock you out of your device is a helpful way to memorize.
• Registration Lock - ON
◇ This is intended to prevent another person from registering a Signal account with your phone number. If someone were to attempt to register an account with your number by spoofing it or SIM swapping, registration lock would require them to input your PIN, thus adding another layer of protection.
DO NOT use a PIN you use for your phone lock screen or anything else. It should be completely unique to Signal. I recommend using an 8 digit PIN, as it will have more entropy meaning it will be harder to crack via brute force. Four digits is better than nothing, but longer is always preferable.
Settings>Notifications
>Messages
• Screen Lock - Name Only
◇ I never want Signal to show the content of a message in a notification, because that would make it available outside the app, to the OS and other potential threats so I use “name only” or “no name or message” options for this setting. I always turn off lock screen notifications in my OS too, because I don’t want any content to show when my phone is locked.
General recommendations
UPDATE UPDATE UPDATE
Keep signal updated ( this doesn't just apply to signal, but pretty much an application) as developers find bugs, they fix them and roll out new updates. These updates aren't always just new features, they often include fixes to security issues and bugs which could otherwise compromise the intended use of the application.
A note about phone numbers
Signal recommends against using a burner number to register your Signal account, but I would personally never use a real number which is registered to my name for Signal. I honestly at this point wouldn’t even use a number tied to my actual SIM card for Signal. This is because your phone number can expose data about you, and can be compromised by SIM swapping attacks. If you have a phone number that is registered to your real name (or that of a family member or friend) or if you pay your phone bill with a card/account tied to your real name, do not count on a Signal account registered to that number to be anonymous. If you use your real number with Signal, you’re tying all the data your cell provider has about you to your Signal account.
Signal says not to use a burner number because you might lose control of the number, so someone else could register with the same number or you could lose access to recovery options. Here’s my plain and simple solution: just DON’T lose control of the number. Treat this differently than you would a one-and-done burner number, make sure you keep the number for as long as you will be using it for Signal.
You can do this by a couple different methods. If you want to, you could use a burner SIM card number but I wouldn’t recommend it because that number will be permanently tied to the IMEI of whatever phone you put the SIM card in. What I recommend is using a VOIP number. There are a few options for VOIP numbers but I’d recommend MySudo or Hushed for those who don’t want to go through the process of setting up a Twilio number. Twilio is the cheapest of the three, but requires much more involvement.
No matter what VOIP service you choice, make sure you do not use any real personally identifying information or payment methods because that would defeat the purpose. I really only recommend Hushed and MySudo because they’ll work with anonymous payment methods, though it’s worth noting MySudo won’t work without the Play Store or Apple App Store so if you use a degoogled android ROM you’re currently unable to use MySudo.
Use a randomly generated fake name (not one you thought of) and pay with either anonymized cryptocurrency or a Visa gift card bought with cash. Most services will not allow you to set up an automatically recurring subscription on a prepaid Visa gift card, so you will have to manually reload minutes/months/data when you need to. Signal only requires the phone number for registration purposes, so you don’t need to keep the VOIP app on your phone after you’ve finished registering. Signal will not use that number’s data or minutes at all after it’s registered — the number basically just becomes an ID.
Set signal as your default messaging application (Android only)
On android, I would recommend setting Signal as your default messaging app. You will still be able to text people who do not have signal from the app, but it will tell you if someone you normal text via SMS has Signal, and you can move to communicating with them that way. Unfortunately Apple doesn't allow anything to replace the stock messenger on iPhones. If someone you talk to has signal, the send button will be blue and a lock will show beside each message. If you want to text them via SMS but you normally talk via Signal, and you've made Signal your stock messenger, long press down on the send button and it should turn grey, or give you an option to send them a message via SMS.
Use ephemeral/self destructing messages
If you’re talking about something sensitive/private (or just all the time if you feel like it) make use of Signal’s ephemeral message function. E2EE doesn’t really matter if someone gets ahold of either endpoint device, as the message has to be unencrypted for you to read it. Ephemeral messages offer a solution to this. It’s worth noting that in 2018 a security researcher found that while using Signal’s macOS desktop client, copies of disappearing messages were stored in plaintext in macOS notifications bar. This issue seems like it’s entirely dependent on notifications being on, and doesn’t really have to do with the disappearing message function of Signal directly — but regardless I would recommend keeping up to date on the issues raised in Signal’s Github repo if you rely on Signal for extremely sensitive communications (or pick something you have more direct control over).
Be smart, be safe.
I think it’s just generally best practice to never trust software (or hardware for that matter) 100%. I don’t think paranoia is the solution, but I do think having a little wariness and being a little careful is always a good idea. Also remember that even if your messages are encrypted, it could always be a different person than you think you’re talking to who is holding the device on the other end. The person you’re talking to could be coerced, being held against their will or their device could simply be compromised.