When I first started using the Internet almost 20 years ago, there were many instant messaging options available. From MSN Messenger to Yahoo Messenger to ICQ, I’ve used them all.
However, the problem was that they were not secure. If a chat platform or the government wanted to eavesdrop on your conversations, they could very easily do so. But thanks to Edward Snowden, we finally found out just how little privacy there is on the Internet.
Since then, great strides have been made in making it harder for people to eavesdrop on our conversations. Among them is a heavily encrypted smartphone and desktop app called Signal, created by the awesomely named Moxie Marlinspike.
Below I’ll talk about the features that make Signal so secure and how to activate them. Since I’m an iPhone user, I’ll focus on that device, but the following applies to Android phones as well.
Be sure to also read my previous posts on this topic: Is Your Messaging App Really Secure? and The Best Encrypted Messaging Apps, the latter of which talks about a few other secure messaging apps you can use.
Strong end-to-end encryption and no user records
The only downside to the Signal chain is that you need to register a valid phone number to use the app. Until they find a way around this, there won’t be true 100% anonymity on Signal.
But this is balanced by very strong end-to-end encryption, as well as the absence of user records. This means that Signal does not keep any logs of your calls, except for your last login. That way, your phone number can identify you as a Signal user, but no one will ever know who you’re talking to or what you’re talking about.
Set the screen lock PIN on the alarm itself
If you have a mobile phone, you must have a screen lock PIN. It’s just a given. But you can add additional Screen lock PIN for Signal for added security. You can also use Touch ID to open Signal, but it’s not recommended.
To add a screen lock PIN to Signal, go to Settings->Privacy. Scroll down to Screen Lock and slide the switch to turn it on.
You will also be asked when you want to disable the screen lock. I recommend choosing “instantly“.
Hide messages on the lock screen
If you have Signal blocked, it becomes a bit ironic if messages from people start appearing on your phone’s lock screen. That kind of gives the game away, doesn’t it?
So instead of seeing the full message on the screen, you can instead set the notification so that you only get the sender’s name (which, frankly, is still too much information), or my preferred option, which is a notification that contains only “New message“.
In settings, go to Notification and then “Notification content“.
Now decide which one you want.
Make sure you’re talking to the right person
Since there is end-to-end encryption, the chances of a man-in-the-middle attack are slim. This is where an attacker gets in the middle of a conversation between two people and intercepts the message, pretending to be one of the participants in the call or chat.
But nothing is guaranteed in life except death and taxes. That’s why you should still take extra steps to make sure the person you’re talking to is the right person.
There are two ways to check. One for voice calls and one for text chats.
During a voice call, a two-word verification phrase will appear on the screen when the call is connected. Both sides see it on their screen.
Thus, one person says the first word and another person says the second word (for example). Anyone trying to break into the conversation and impersonate one of the callers won’t know what the phrase is because they won’t have it on their phone.
For text chats, it’s a bit more complicated, but the upside is that you only have to do it once (or until they register the new device with Signal).
First, when you send someone a message, their ID key is downloaded to your device, and Signal automatically assumes that the key came from the right person. But if you want to double-check a person’s good faith, it’s easy.
Just tap their name at the top of the chat screen.
Now click on View Security Number.
You will then be provided with an identification key along with a QR code. If the person is physically with you, you can scan the QR code and Signal will instantly approve (or not). Otherwise, ask that person to enter your ID key in a text chat.
After confirmation, you can click the “Mark as verified” button.
Finally, as any good criminal will tell you, if you don’t want to get caught, you need to get rid of the evidence.
This means that if you’re, say, a whistleblower, you don’t want to leave evidence of your conversations in your Signal app if someone somehow manages to access it.
You can of course delete the message, but being human it’s very easy to forget. That’s why Signal’s Disappearing Messages are really good.
Here, you send a message to one of your Signal contacts, and once the message has been read, it’s deleted from both your device and theirs – with no way to get it back.
To enable Disappearing Messages, tap the contact’s name at the top of the chat window.
Now scroll down to Disappearing Notifications and enable it. Below that, you’ll see a slider that you can use to specify when the messages should disappear. This is up to you, although you should give the other person a reasonable amount of time to read the message.
Now, when you send a message, a timer appears on the screen counting down the time until the message disappears.
There are a few other cool features that make Signal a very secure app, such as a registration lock that prevents your phone number from being deregistered, and relaying your voice calls through Signal’s servers to hide your IP address.
But the ones I’ve detailed are the best and illustrate why you should ditch WhatsApp for the Moxie alternative.