Signal isn’t perfect and we’re not certain it’s designed with activists in mind–for instance, you and your friends can’t use it without all using real phone numbers. But still, Signal takes almost zero time or training and equips activists with 5-star end-to-end text, voice and video encryption with an accompanying desktop app that can make securely sharing files a cinch. We here at CLDC recommend it to folks all the time. Here is how we recommend you all make best use of it:
(A) Keep your Signal devices safe & secure. Keep your phone (and any synced desktop apps) encrypted, locked with a strong passcode, and up to date. If an adversary gets your phone and can unlock it, they get all the encrypted conversations, as well as the phone numbers of the people you’ve messaged, which are often their real, current phone numbers. Not good. Also, if your device is out of date it is easier to hack, and if it’s hacked and someone can read your screen or listen to your microphone, Signal’s fancy crypto can’t protect you.
(B) Know who you’re talking to. Verify safety numbers of your contacts (in person or otherwise not using Signal). Don’t message huge group chats without knowing who is on the group. You get a little checkmark badge after confirming someone’s safety number. Look for that checkmark badge on a conversation once you’ve verified everyone on it. Use it as a community-building opportunity to say hello directly to all the folks you organize with, at least once.*
(C) Set messages to disappear. Especially with group chats! Think about group chat lists (names, cellphone numbers and any other info you provided to your cellphone carrier/account) as if they could be used as evidence in a civil or criminal prosecution (conspiracy or otherwise) and delete that information as soon as you no longer need it. Don’t leave sensitive messages lying around on everyone’s devices. Set messages to disappear *before* they are sent, otherwise there’s no way for you to erase them from your friends’ devices. (Note the group chat itself is *not* deleted by disappearing messages; so if the list of people having a conversation is top secret, the group chat needs to be manually removed from all devices). How soon should messages disappear? If you’re sloganeering or trying to decide on times for public meetings, a week is probably OK. If it’s showtime, it’s a good idea to set messages to disappear in an hour. We think it’s safe to trust that the messages really do disappear — it is like the messages are set with a self-destruct timer. But keep in mind the timer starts counting down separately for each recipient’s copy only once it is decrypted and read. Just to be crystal clear — is Clara is part of a super secret group chat with disappearing messages and they leave their phone in storage and switched off for a month, any disappearing messages sent during that period will be waiting on Clara’s phone long after those messages have expired on everyone else’s device. So for sensitive conversations, keep the group as small as practical, make sure everyone is actively checking their messages, and before action day arrives everyone should unlink their Signal Desktop apps. This is a best practice that should be part of your organizing group’s basic guidelines–teach it and spread it long before you really need it.
(D) Own your mistakes. Hey we all mess up sometimes, and we need to limit the damage done to our movements and our communities. The first thing to do is to be honest and let everyone you’re organizing with know if you’ve lost control of your Signal device and how bad it is (it’s lost or a cop has it; it was locked or not). Folks need to be able to make their own decisions knowing private messages exchanged with you might no longer be private. This is a really good reason to set disappearing messages. If you can’t get your phone back right away, as soon as possible try to regain control of your old phone number. Then immediately register Signal again on a new phone with your old number. This will tell Signal’s servers to expire your old keys, making the compromised phone unable to decrypt any further messages.**
(E) Understand how it works. Signal uses some fancy crypto. Unlike PGP/GPG (which we love!), there is no single encryption key to be protected at all costs, lest an adversary gain the ability to read all of your messages. Instead, the key is always changing (“ratcheting”). For mortals, this means a Signal Desktop app can’t decrypt any messages sent before it was linked. And an adversary would need continued control of a device to read encrypted messages on an ongoing basis — temporary access would not be enough.
(F) Delete things you don’t need. Have a regular practice of backing up your device securely (to an encrypted backup drive or computer, and never to the cloud) and then delete EVERYTHING you don’t need on your phone. Texts, emails, photos … get it all off your mobile device if you plan to bring it to political activities.
Published September 6, 2017
* Look for our upcoming post on authentication. A Safety Number is created on the first conversation you have with a friend — tap on your friend’s name, and select “View safety number”. You’ll see a 2-D barcode (which you can scan on your friend’s phone in person) and the Safety Number itself, which is 12 sets of five-digit numbers. The first 6 sets of five is your (or your friend’s) unique ID and the last 6 sets is your friend’s (or your) unique ID (“fingerprint”). Find out which fingerprint is yours by comparing with a few other friends’ Safety Numbers on your device. If you organize with a huge number of people or want strangers to be able to verify you and contact you on Signal, you can manually post your fingerprint to your social media accounts or website. This is especially important if you get a new phone or have to wipe and reinstall your old phone, which will alert everyone that your Safety Number has changed. If a contact’s Safety Number changes, get in touch outside of Signal to make sure it was caused by a legit change in phone.
** Look for our upcoming post on how to “find my iPhone” or other location services to determine where your phone physically is from another device. Also learn how to remotely erase your phone in a worst-case scenario to prevent loss of private information.