So, you’ve heard about this whole Signal thing, or maybe saw the FBI notice about encrypting your communications. Maybe you are thinking about who might be listening in on your calls. Well, this post is about what you can do with regards to encrypted communications, and what might happen when you do.
First things first
While the FBI may have told everyone back in 2024 to start using encryption, in the US (and much of the world) encrypted communications are a bad thing in the eyes of the authorities. They will automatically assume you are hiding nefarious activities and be extra bonus suspicious of you. The FBI wants you to use encryption…but only what they can break into.
What is encryption?
For the purposes of this discussion, we are talking about “end to end encryption” (E2EC), which basically means only the people on each end of the call can see/hear/read the communication. Anyone trying to “tap in” or somehow intercept the communication will only receive garbage.
The most well-known E2EC app is probably Signal. Other apps claim to offer this service, such as WhatsApp or Telegram, but these are either owned by a megacorp (WhatsApp) or readily cooperate with authorities (Telegram). Or even both.
Is it fool-proof?
Nope.
Even Signal is known to have been compromised. And while they attempt to plug the holes, they’re working against a lot of people who want to break it. These include governments and organizations with a lot of time, people, and money.
Much like putting “The Club” on your car’s steering wheel, using E2EC will dissuade/deter the majority of people who wish to steal, but a determined entity will most certainly be able to listen in/decrypt your communications.
Also, if your phone has already been compromised, then it doesn’t matter what app you use. They can already see and hear everything you do with your phone.
Finally, if you do not set it up correctly, or violate the Operational Security around using such things, then you might as well not used it in the first place.
I’m sorry, what?
Put very simply, Operational Security, or OpSec, is making sure you do not reveal the information which would allow someone you do not wish to listen in…to listen in. It also refers to not sharing plans, information, etc. which would allow a hostile entity to disrupt your finely-crafted plans. Or steal your stuff.
An example of bad OpSec would be to post a picture of your house keys on the internet.
Okay, so how do I use it?
We’ll presume you’ll want to use Signal, as it is currently the most secure* app out there. Signal can be used to send messages, files,group chats, and even make voice or video calls.
The first requirement to use Signal is you need a smartphone. There are versions for Android and iPhones. You install the Signal app on your phone, create an account, and choose a nickname. This is very important. The default for Signal is to use your cellphone number, which is not something you really want to be giving out to strangers or lesser-known acquaintances. See “OpSec”, above.
Make sure you’re installing the actual Signal app.
Once you are set up, you can then give out your nickname, or use their link generator to create a shareable link. You can also install Signal on other devices, such as a tablet or computer. Note that the more devices you have Signal installed upon, the less secure your communications are, as you are now giving potential hostile entities a greater number of ways to hack on in. This is referred to as ‘increasing your attack surface’, and is something to avoid.
People who wish to communicate with you using end to end encryption, or people you wish to communicate with, must also have Signal. And if they do not use it correctly, then you’re back to “why did I set all of this up”? All parties must act intelligently and safely, otherwise everyone they communicate with through Signal can now also be compromised.
The safest form of Signal is to use messages which self-destruct. This erases all evidence they were ever sent, so even if your phone is compromised, there’s no trace. And if the receiver’s phone is compromised, no trace can be found there.
*most secure, but not 100% secure
I’d like to know more
Great! The Electronic Frontier Foundation (EFF) has an in-depth guide to setting up and using Signal. You can find it here:
https://ssd.eff.org/module/how-to-use-signal
What about that whole secure ‘burner phone’ thing I saw in a movie/TV show?
Had to bring that up, didn’t you? Well, the short story is that burner phones are a thing of the past, and are only readily available to governments and other such shady entities. They’re mostly plot holes/complications.
The longer story is that you can set up a phone which is more secure, disposable, and less easy to trace.
But that’s another blog post…
