Category Archives: Open Whisper Systems

Another attempt to get someone to use good encryption

I have something that I want to talk with you about over a trustworthy medium or in person. I presume you’re using an iPhone these days which is cool. Signal is the iOS app that uses the Axolotl encryption protocol that is compatible with my Android (TextSecure). It’s a platform that I know you’d appreciate if you learned about it. Moxie Marlinspike (a pseudonym) is the hacker/activist behind Open Whisper Systems. That’s the not-for-profit org behind the crypto and app development. It really is state of the art encryption– you don’t have to trust any middle-people because the protocol is end-to-end.

Anyway, I’d really appreciate it if you could install it and send me a text. It’s not about “nothing to hide”, it’s about creating safe, trustworthy spaces for people to be themselves, independent of people mining everything you say and storing it or sharing it. It’s an unobtrusive app made to be straight forward and easy to use. I’d also love to get coffee or lunch sometime. I presume you’re in the area but I don’t know.

I hope you’re well!

Apps disabled on stock Motorola Moto E (2nd gen)

The following apps and/or services were ones I disabled. Some of them are Motorola services, some are Google apps, and some of them are apps that don’t provide any identifier at all yet have access to my phone. Before giving a new phone any network access (no cell network, no Wi-Fi), I disable these services.

This time around (I’ve tried many different mobile device configurations for security), this device is kept locked (not rooted) and lightly used (in this case TextSecure, RedPhone, and Flock are my only apps). I don’t have a browser like Chrome or Firefox because the web isn’t safe. I don’t use any social media apps because they suck up the contact list. The only software that I choose to run on this device (I have others) is from Open Whisper Systems.

Apps/services disabled:

Android Work Assistant
Basic Daydreams
Camera (replaced with “Open Camera”)
Chrome
Cloud Print
ConfigUpdater
CQATest
Device Management
Docs
Drive
Email
Exchange Services
Gallery (replaced with “Gallery ICS”)
Gmail
Google Backup Transport
Google Contact Sync (replaced with “Flock”)
Google Hindi Input
Google Korean Input
Google Launcher Config
Google One Time Init
Google Partner Setup
Google Pinyin Input
Google Play Books
Google Play Games
Google Play Movies & TV
Google Play Music
Google Play Newstand
Google Text-to-speech Engine
Google+
Hangouts
Help
HP Print Service Plugin
iWnn IME
Maps
Market Feedback Agent
Moto
Moto Actions
Moto Display
Motorola Alert
Motorola Boot Services
Motorola Checkin
Motorola Migrate
Motorola Notification
Motorola One Time Init
Motorola Sensor Services
Motorola Services
Motorola System Service
OMA Client Provisioning
Photos
Preset
Print Spooler
Setup
Setup Wizard
Sound Recorder
Storage Optimizer
Street View
TalkBack
Trusted Face
YouTube

Securing voice communication for lawyers, clients, journalists, and sources

Introduction

Lawyers need to talk to their clients securely. Journalists need to talk to their sources securely. It is through good security tools and good security practices that privacy can be achieved. Securing the conversation (content) is important. Revelations made possible by Edward Snowden show the dangers of unsecured content and metadata. This guide does not aim to create an anonymous communication device by way of anonymizing either content or metadata, only securing the content by way of employing Open Whisper Systems Signal (iOS or Android).

In February 2014, documents publicized by James Risen and Laura Poitras revealed proof of the United States explicit and illegal action of spying on lawyers. The National Security Agency’s technological capabilities, also being made public, provide facts that the public needs in order to understand the complex threats that alone chill freedom of association. Even though you might not be a law firm “representing a foreign government in trade disputes with the United States,” the threat and probability of occurrence are clear. Your voice communication can be passively swept up into a global surveillance dragnet.

This guide’s target audience are people needing to protect their day-to-day phone calls and thus the privacy of the people involved. If you want to be successful at using technology to perform your work, you need to be open to learning some technical information and theory. Without sacrificing too many comforts when it comes to communicating via phones, this guide aims to bridge the gap between easy-to-use, state-of-the-art encryption and tools that are readily available.

Prior but related guides

Notes for Signal

Signal threat modeling

Create an anonymous Signal phone number w/ Android

Goals

Provide a public or private phone number that:

1. Uses an iOS or Android device with Signal to securely communicate with your clients or sources. “Security” is gained by having an independent device that is only used for encrypted communication. Calls will be end-to-end encrypted for protecting the content of your conversations.

2. Falls back on a voicemail recording so normal (unencrypted) telephone callers hear an automated message to install Signal and to remake the call after getting it installed.

Additionally this guide will discuss basic operational security to protect the physical device and thus its contents.

Signal simply needs a telephone number to get setup. You do not need a cell phone with active cell service. When done correctly, your voicemail will be reachable by a regular phone caller but said caller and Signal calls will be routed to your Signal device.

Your options:

– A new or used iPod Touch (5th generation with iOS 8), a new or used iPhone 5, 5S, or 6 (iOS 8), or Android (OS version 5, or “L”, is ideal). The Motorola “Moto E” is inexpensive and the Google Nexus line runs “pure” Android and gets updates the quickest. Operating the phone in airplane mode with Wi-Fi enabled creates a similar device as the iPod Touch in terms of which communication networks it uses.

– Any voice-over-internet-protocol (VoIP) service that gives you a long-term phone number. I also suggest a service that provides voicemail in order to warn normal callers to call again with Signal.

Register a land line, cell phone, or VoIP number?

Installing Signal on to your iOS or Android device simply requires a phone number that can either receive a text message confirmation code or an automated telephone/audio confirmation code. Open Whisper Systems’ software does not care what type of phone number it is, they just need to be able to call it for setup confirmation. It is possible for you to do any number of the following:

1. Register a land-line phone number with Signal. Doing so will automatically route Signal callers to your Signal device. Regular, unencrypted callers will still reach your land-line phone.

2. Register a cell phone number on the same device as the SIM-registered number. This is what most people do when they install and use Signal, and it is the common scenario that your callers will implement.

3. Register a cell phone number on a different device as the SIM-registered number. The original, SIM-registered cell phone will continue to receive normal, unencrypted phone calls, but Signal calls will get automatically routed to the secondary device. Doing this compartmentalizes the communications metadata and device exploitation risk.

4. Register a VoIP phone number on a new iOS or Android device. This guide focuses on this scenario to benefit from voicemail options to alert normal, unencrypted callers to install Signal and call again.

Instead of a VoIP service, you could, in fact, use your work land-line phone number to register Signal. I advise against that based merely on the fact that using the same number may confuse your clients/sources on what is and is not a secured line. Giving them a separate Signal phone number creates cognitive dissonance. However, maybe your target audience is aware of the differences between unsecured and secured (Signal) calls. You must assess the risks involved.

Clients/sources will undoubtedly save your Signal number in to their phones. This name-number association will end up on Google’s, Apple’s, Facebook’s, Twitter’s (they steal contact databases from phones), etc servers, so keeping the number private is not probable. What you have to focus on is making it easiest for your clients/sources to contact you securely, with them knowing that the content of the call is private. Maybe you have a combination of 1+4 or 2+4, where 4 in either scenario is a private, non-publicized Signal number. Maybe you give out business cards with this number with explicit directions not to save this number into the client’s/source’s phone book. Keeping a number completely private can be difficult.

Requirements

– At least one lock-and-key safe, ideally a fireproof/waterproof safe with alphanumeric keypad entry.

Unavoidable information and metadata leakage

As stated above, without explicit direction, your clients/sources will likely store your contact number digitally. This digital database, on their iOS or Android smart phone, is continuously copied by other applications that people use, either out of convenience (to backup contact lists) or because of capitalism (direct marketing, relationship linking). Either way, state-actors make it a point to obtain these databases so that they can know who communicates with whom. As a lawyer or journalist, the likelihood that a state actor wants to know whom you work with is much higher than normal.

Apple (or Google if you use an Android) will have a name-to-device information. This means that US surveillance agencies will probably have the same information. This guide does not attempt to create an anonymous phone number (where the device is not linked to you or your company’s identity).

Even though this guide is written to use an iPod Touch which requires the use of a wireless access point and thus at least one internet service provider, and even though Signal network traffic is end-to-end encrypted, encrypted network traffic creates metadata that indicates:

A) you’re using the Internet at all, and
B) that you’re generating encrypted network traffic.

It is possible, with deep packet inspection, that your adversary will be able to identify what kind of encrypted traffic that it is, maybe even as specific as the application being used. So, theoretically, you will, for sure, create metadata, recorded by the internet service provider, that you (or your company) is making Signal calls, when, and for how long. A state actor such as the NSA, with global dragnet surveillance capabilities, may even be able to associate that traffic to the destination. These are critical issues if your threat is a well-funded surveillance agency with legal/political/global reach. A simple minimization procedure, to avoid network metadata leakage, would be to only use the Wi-Fi of at public locations such as coffee shops or libraries. But doing so is not a silver bullet.

A supplementary read: Cell Phone Opsec

If you choose to purchase a registered cell phone instead, which may be required for your work/reach-ability, you must be aware that state actors can track the physical locations of said device whenever the device is on. Movements and non-movements are very informative to adversaries. Cell phone tracking is made painless with IMSI-catchers when governments and companies can afford it.

Guide

1. Purchase and setup your device. Download and install Signal by Open Whisper Systems.

2. Choose a VoIP service.

To test Signal calling from an iPod Touch, I bought a Microsoft Skype phone number that is registered to my long-time Skype account. Skype is convenient because you simply purchase a Skype phone number with a debit/credit card, install Skype, install Signal, and you use Skype to receive the confirmation code. Yes, Skype, is a PRISM participant, and records (of you purchasing a Skype number and receiving a confirmation call from Open Whisper Systems) are guaranteed to end up in the hands of any government agency. Yes, Skype is backdoored by design. But Registering a Skype number with Signal makes the routing of said calls managed by completely different infrastructure. Skype calls are not end-to-end encrypted. Signal calls are.

An alternative to Microsoft Skype is Google Voice. Google Voice, by way of a Gmail address, has the added benefit of 2-factor authentication (2FA). Skype does not offer 2FA, so your account is remotely accessible if your password is stolen. Voice gives you a perpetual phone number that is tied to your Gmail address. Yes, Google is a PRISM participant, too. Like with Skype, calls made by Signal using a Google Voice phone number will not use Google infrastructure.

3. Setup voicemail

The value of using a dedicated, VoIP-based phone number is the ability to setup voicemail. This way, when people call with a normal, unencrypted phone number, they can get the automated message to call back after they’ve installed Signal.

Signal does not have voicemail. If they call you with either and you do not answer, it will only ring.

4. Physically secure your device.

Make sure that your iPod password is secure. Use a strong passphrase and not a simple, 4-digit “Simple Passcode”.

It is critical that you habitually store your device(s) anytime they are not in use. If your work requires that you be available 24/7, you may need to purchase a second, isolated safe for home use for when you bathe/sleep/etc. Never leave your device unattended or in the possession of someone you do not trust.

5. Share your contact number.

Depending on the nature of your work, you should decide how you want to share your number. If you’re a lawyer, you would want to share your public phone number on your website. In this case it is prudent to ensure your website is serving content via HTTPS (data in motion) so that an adversary cannot inject/disinform your clients/sources with a bad number. Similarly, having a secure website (data at rest) is equally important so that the integrity of the public information is unchanged.

It is also prudent to include minimal directions on installing and using Signal. Guiding them to EFF’s Surveillance Self Defense guide is a good option.

Signal threat modeling

In this blog post I will explore what telecommunication companies (telcos) are able to observe in terms of metadata and content when using or not using Open Whisper Systems’ Signal. Special thanks to John Brooks for content editing.

Introduction

Telecos, globally, for over a hundred years, have had various data retention policies that include metadata and content collection and storage (information seizure). In the United States, the Communications Assistance for Law Enforcement Act (CALEA) was enacted specifically to enhance electronic surveillance. Anything the telecos can see and store, intelligence agencies and law enforcement have the ability to obtain too, often in real-time (information search). Intelligence agencies store this information for much longer than telcos because of the monetary costs to store your private information. Within the Snowden revelations, top secret documents make clear that as much information as possible is collected depending on company/agency capacity and technical capability.

The mobile devices that you use contain a huge swath of information about you. They also contain a huge swath of information about the people that you communicate with. In each of the scenarios that I explore below, I’ll be breaking down my exploration into two high-level categories; device vulnerabilities, which can alternatively be thought of as “data at rest”. The second high-level category is infrastructure threats, which can alternatively be thought of as “data in motion”.

Target audience

Journalists, lawyers, activists, and domestic violence survivors are all example populations that have a choice. They can either attempt to learn somewhat technical material and self-empower their decisions about the technology that they use or don’t use, or they can further trust other people to make those decisions for them. It is my opinion that vulnerable populations that are direct victims of surveillance should put more effort into learning technical material. It is unethical for me to make all information and operational security decisions for my students. It is also my opinion that technical educators like me have a responsibility to help bridge any gaps in learning.

Summary

Standard SMS and standard voice calls leave you vulnerable to device and infrastructure exploits (information seizure) for both content and metadata. Once installed, Signal, for Android, handles SMS which is the same in transport as standard SMS, but message content is better protected on the device. Signal can not protect standard voice calls.

Signal manages both encrypted IMs and encrypted voice calls. When you use encrypted IMs and encrypted voice calls, your message content is protected against device and infrastructure exploits. Metadata is protected against infrastructure exploits when you use encrypted IMs and encrypted voice calls, but metadata on the device is still somewhat vulnerable.

Understanding the visual models

phone-basestation
The column and row -based models shown below, one model per scenario, were made to help illustrate the different phases of text/voice communications through telco networks and other related risks.

Asset

The messages that you send people (data in motion) contain two very important things. These two things are your assets: participant metadata and message content. These two assets have to traverse your telco network and the telco network of your friend in order to work the way you expect them to. Each of the two assets is uniquely vulnerable depending on your choice of communication technologies.

The adversaries to your assets are the people who want to illegally or unethically copy your assets for themselves. Your threats are the infrastructure technologies which your adversaries have designed and control.

Device

Your messages must be generated and stored (data at rest) on your mobile device in a messages database. In order to reliably send people messages, you have a third asset that must be protected: your contacts database. It is possible that your teleco has pre-installed software on your phone that has access to your stored assets. Other common threats to data confidentiality include social media applications and syncing applications that make a copy of your messages and contacts and stores them on someone else’s servers.

Infrastructure

When you want to communicate with someone, your device has to send your messages across various infrastructure technologies to reach the person whom you wish to communicate with. I will not be going to great depth into each of the phases of telco network traversal. It is not important given the Open Whisper Systems crypto tools that you have available. What is important to understand is that if you’re using AT&T and your friend is using Verizon, messages have to traverse two completely different sets of infrastructure. When you send a single message to someone, it is likely that three different adversaries are able to copy your assets. Each adversary has completely different data retention policies, laws, and ethics.

SMS communication scenarios

Scenario 1

SMS2SMS-1
1. You send an SMS on your cell network without Signal to a friend who receives the SMS on her cell network without Signal, or vice versa.

Participant metadata and message content

1.1. Device vulnerabilities: message databases and contact databases are, by default, easily accessible to other applications installed on your mobile devices. Social media apps, message sync apps, etc, will copy these databases and put them unsafely on servers that you have minimal control over. Specifically, regarding SMSs and IMs, these companies that store your private information can observe who you talk to and when. Companies like Facebook want to know everything they can about you. Companies like Apple and Google want to make backups easy and seamless, but they store your information in such a way that they can make it available to law enforcement.

1.2. Infrastructure threats: SMS is only encrypted between your mobile device and the cell tower. At no other point in the message’s traversal to the delivery cell tower is it encrypted in such a way that a network operator or intelligence agency cannot access it. Your information was designed to be exploited when using these systems as-is. 2G/3G/4G encryption standards largely protect cellular network communication from local eavesdroppers, but those standards are weak.

Scenario 2

TS2SMS-1
2. You send an SMS on your cell network with Signal to a friend who receives the SMS on her cell network without Signal, or vice versa.

Note:

From Open Whisper Systems: “Signal does not store its encrypted database in a location that other applications are allowed to access. Android features support for isolated storage, and Signal takes advantage of this functionality. Memory contents are also protected, and recent versions of Android include ASLR which makes manipulating memory contents (or predicting the location of stored material) even more difficult.

Having said that, users should still choose strong passphrases to properly protect their message contents if their phone gets lost or stolen.”

Participant metadata and message content

2.1. Device vulnerabilities: While the message database is protected on your mobile device when Signal is managing said database, the contacts database is not. Apps can and will read or copy your contacts database unless you take additional protections to block apps from doing so. Copying your contacts database will not reveal who you necessarily communicate with, but it does show who you can communicate with and who you’ve likely communicated with. Database security presumes that your mobile device is free from existing malicious software.

2.2. Infrastructure threats: All participant metadata and message content infrastructure threats are identical to scenario 1.2.

Communication scenarios with Signal

Scenario 3

TSS2TSS-2
3a. You send an IM on your cell network with Signal to a friend who receives the IM on her cell network with Signal, or vice versa.

3b. You make a Signal call on your cell network to a friend who receives the call on her cell network with Signal, or vice versa.

Note:

On transport security, see Open Whisper Systems Is it secure? Can I trust it?

Participant metadata

3.1. Device vulnerabilities: All participant metadata device vulnerabilities are identical to scenario 2.1.

3.2. Infrastructure threats: When using Open Whisper System’s end-to-end encryption, the participant metadata of messages is protected from all aspects of “data in motion”. However, Deep Packet Inspection (DPI) by any infrastructure intermediary is capable of identifying the fact that traffic is encrypted. DPI can also fingerprint the encrypted traffic to the degree that adversaries might be able to identify you as a Signal user. This alone would not allow a teleco to know whom you communicate with. A global adversary like Five Eyes (FVEY) may be able to identify who you communicate with by fingerprinting the type of encryption and network timing analysis. This should concern you if you’re a journalist talking to a source or vice versa.

Message content

3.3. Device vulnerabilities: All message content device vulnerabilities are identical to scenario 2.1.

3.4. Infrastructure threats: When using Open Whisper System’s end-to-end encryption, the content of messages is protected from all aspects of “data in motion”.

Scenario 4

TSS2TSS-1
4a. You send an IM on your Wi-Fi with Signal to a friend who receives the IM on her Wi-Fi with Signal, or vice versa.

4b. You make a Signal call on your Wi-Fi to a friend who receives the call on her Wi-Fi with Signal, or vice versa.

Note:

Scenario 4 is nearly identical to scenario 3, except that the transport infrastructure has changed, which means the specific adversaries have, too. Conceptually, the technical threats and vulnerabilities are the same.

Participant metadata

4.1. Device vulnerabilities: All participant metadata device vulnerabilities are identical to scenario 2.1.

4.2. Infrastructure threats: All participant metadata infrastructure threats are identical to scenario 3.2.

Message content

4.3. Device vulnerabilities: All message content device vulnerabilities are identical to scenario 2.1.

4.4. Infrastructure threats: All message content infrastructure threats are identical to scenario 3.4.

Scenarios with IMSI catchers

IMSI-catchers come in many different names and capabilities. There is even a Free and Open Source Software (FOSS) version called OpenBTS that allows amateur or professional hackers to exploit the weaknesses of cellular networks. Infosec Institute made a decent guide. They all pose an abundance of threats to you and your assets.

IMSI catcher capabilities:
  1. Passively or actively extract identifiers of cellular devices such as IMSI, ESN, and MEID numbers.
  2. Passively or actively track physical locations and movements.
  3. Actively perform Denial of Service (DoS) attacks that would prevent the cellular device from connecting to a cellular network. Targeted DoS attacks can also force cellular devices to use older wireless technologies (2G or 3G) which use weaker encryption or no encryption depending on the cellular network configuration.
  4. Actively perform Man in the Middle (MitM) attacks to eavesdrop on all forms of cellular communications: SMS, voice, or data.
  5. Actively exploit baseband processors, allowing the adversary to deploy malicious software onto to the cellular device.

There is no indication that local law enforcement perform capabilities #3 or #5. However, intelligence agencies and well-funded groups are capable of such operations. It is very important to understand who your actual adversaries are in order to apply any notion of risk (threat + vulnerability).

Scenario 5

SMSIC2SMS-1
5. You send an SMS without Signal via your compromised cell network to a friend who receives the SMS on her cell network without Signal, or vice versa.

Note:

When IMSI catchers are in use, there is a higher probability of device exploitation if you are the target of the operator. Mobile device databases could be extracted, key-logging software or voice and visual recording software might be installed that will jeopardize existing and future conversations.

Participant metadata and message content

5.1. Device vulnerabilities: All participant metadata and message content device vulnerabilities are identical to scenario 1.1.

5.2. Infrastructure threats: SMS is likely not encrypted at all or the IMSI catcher was able to Man-in-the-Middle the encryption between your mobile device and the cell tower. At no point in the message’s traversal to the delivery cell tower is the message protected in any way. The IMSI catcher operator, cellular network operator, and/or intelligence agency can access the messages.

Scenario 6

TSSIC2TSS-1
6a. You send an IM on your compromised cell network with Signal to a friend who receives the IM on her cell network with Signal, or vice versa.

6b. You make a Signal call on your compromised cell network to a friend who receives the call on her cell network with Signal, or vice versa.

Note:

When IMSI catchers are in use, there is a higher probability of device exploitation if you are the target of the operator. Mobile device databases could be extracted, key-logging software or voice and visual recording software might be installed that will jeopardize existing and future conversations.

Participant metadata

6.1. Device vulnerabilities: All participant metadata device vulnerabilities are identical to scenario 2.1.

6.2. Infrastructure threats: All participant metadata infrastructure threats are identical to scenario 3.2.

Message content

6.3. Device vulnerabilities: All message content device vulnerabilities are identical to scenario 2.1.

6.4. Infrastructure threats: All message content infrastructure threats are identical to scenario 3.4.

Related adversaries + threats not discussed

  1. Intelligence agencies, companies with lots of money to spend with grudges, and global surveillance adversaries that have the ability to pin-point your mobile device and perform one-time or persistent malicious activity.
  2. Technical threats or adversaries posed by IMSI catchers are the same when connecting to your normal cell network, but the probability of exploitation may not be the same.
  3. MitM attacks, similar to IMSI catchers, can also be performed on Wi-Fi networks; technical exploitation might be different, but outcome of exploitation might be the same.
  4. Mobile devices that have already been compromised either intentionally or accidentally.
  5. Can you think of one?

Conclusion

This is the style of guide that people like journalists, activists, and lawyers need. It borders on specific technical details without getting into too many details. It is also the style of guide that needs regular maintenance (research, Q&A, feedback, editing, administration). This guide demonstrates the need of journalists, activists, and lawyers to become educated in certain areas of technological advancement.

I hope that this has proven useful to you. If you liked this blog post, tell your friends about it and talk to them about it. Talk about encryption. Talk about surveillance. People need to talk about this stuff. If you have any questions, concerns, or constructive feedback for me, please email me.

Glossary

2G/3G/4G: cellular teleco technologies that allow your cellular mobile device to talk to telco networks.

802.11 a/b/c/n: “Wi-Fi”

Android: Google’s mobile device operating system.

Asset: Something that is important to you.

BTS: See: “Base transceiver station” on Wikipedia.

IM: Instant Message. Think: AOL instant messenger or MSN instant messenger. Signal is capable of sending IMs to mobile devices using Internet data.

IMSI catcher: a device that can be used to maliciously intercept, alter, or deny your cellular network communication. It is commonly used by law enforcement, private police, private investigators, or hackers. See “IMSI-catcher” on Wikipedia.

iOS: Apple’s mobile device operating system.

ISP: Internet Service Provider. This might be your home ISP or the ISP of a coffee shop that you’re using.

Message content: the content of an SMS or IM.

Participant metadata: Any aspect of people and the communications between people. This could include, but is not limited to, who is communicating, when, for how long.

Signal: The open source application made for iOS by Open Whisper Systems. See: Notes for Signal

SMS: Short Message Service. A “text”. You usually send these to people with your phone, limited to 160 characters per message.

SMS-SC: See: “Short message service center” on Wikipedia.

SS7: See: “Signalling System No. 7” on Wikipedia.

Telco ISP: the ISP of your cellular telco network provider. It could be that your cellular network provider is also its own ISP.

Threat: A person, place, or thing that is likely to cause damage or danger to your assets.

Vulnerability: A person, place, or thing that is unable to withstand the effects of a hostile environment.

WAP: Wireless Access Point. It provides Wi-Fi.

Create an anonymous Signal phone number w/ Android

Formerly: “Create an anonymous TextSecure and RedPhone phone number”

Published: 2015-Mar-14
Updated: 2015-Nov-16, revision 64

Sometimes you just need an email address and a phone number to do things online. Or maybe you want to ditch you expensive phone plan because your friends and family all smartly use Open Whisper Systems crypto tools. And why not? Signal lets you communicate for free, even to international numbers. This guide will show you:

  • how to create a new Gmail address without an existing phone number,
  • create a new Google Voice phone number with your new Gmail address,
  • and then using your new Google Voice number to setup Signal.

After you complete this guide, your new phone number can send/receive Signal calls and instant messages using Wi-Fi. Persistent SMS capabilities will also be available using Google Voice. Baseband and SIM card exploits will be a thing of the past.

Anonymity is relative in this context. Yes, you’ll be creating a phone number that you’ll probably be giving to other people. Those people will probably know who you are. Pay special attention to step 14. If you follow this guide, you’ll be in a position to maintain communications anonymity in a massive passive-surveillance network.

The following was tested on a Motorola “Moto G” running Android 4.4.4. You will need a laptop to perform the Google Voice aspects of this procedure. Like most guides, you may want to read through the whole thing before starting. Please email or Tweet me if you have any suggestions.

Alternative security

If you just need security and not anonymity, Signal on an iPod Touch is even better.


Guide

1. Obtain an Android phone that was not purchased by you at any retail location. The Nexus phones might be ideal as they typically will not come with a bunch of extra software installed. The Moto E is also a good choice. Craigslist should be fine. Pay with cash. You don’t want any phone device IDs linkable to you (including by way of electronic payment cards and shipping addresses).

1.1. To further distance your connection to device IDs and location-based IPs, take a bus (pay with cash) to a different city than the one you live. Don’t bring any other personal cell phones. Go to a mall and buy a used Android from one of the kiosks. Perform this guide in that city. Do nothing else in the city; don’t go and get your face on a bunch of cameras, and don’t pay for things with debit/credit cards.

2. Go to a public library or coffee shop with free Wifi with your Android, laptop, and Tails Linux (USB or DVD). Make sure it’s a place that you’ve never been to and one which you’ll never return to. Order a coffee with cash, be nice, and avoid interacting with people.

3. Remove any SIM cards from the Android. Turn on then restore the Android to factory defaults. Skip all activation settings and enable Airplane Mode as soon as possible. Disable or uninstall all possible apps that aren’t needed, especially ones that sync. You need, at a minimum, Google Play Store, Google Play Services, and Google Services Framework. With Airplane mode still enabled, turn on Wi-Fi and connect.

4. Open Google Play Store. Create a new Gmail address when Android prompts you to log in. Don’t use any words or phrases in either your email address or your password that you’ve used before. And don’t use a password that you’ve ever used before.

5. Using your laptop, boot up Tails Linux. Open the “insecure” browser that is not Iceweasel to log in to your Gmail address. Do not use Iceweasel or Tor, Google will lock you out of the new account, and you’ve already shown Google where you are in steps 3 and 4.

5.1. Make sure you do not proceed if you are prompted to accept bogus SSL/TLS certificates.

5.2. Booting up Tails has two advantages despite not using Tor: 1) the Wifi MAC address is spoofed, and 2) when you shut down your laptop, no history is saved. Do not use Tor to log in to your Google account until after you have two-factor authentication set up.

5.3. If you ever need to enter an alternate email address, simply open the Gmail Android app and create a new address. You can use it as the backup for your new primary address.

6. Use your Android to download “Talkatone“, a free VoIP Android app that gives you a temporary phone number. You will use it to receive phone calls over Wi-Fi. Register for a new account for a new number using your new Gmail address. You may need to search various area codes to find one that has numbers available.

7. Log into google.com/voice with Tails’ insecure browser. Enter your Talkatone phone number and receive its call to verify the number. Go into settings and verify that both “Receive text messages on this phone” and “Notify me of new voicemails via text” are checked. Turn Call Screening off in the Calls tab.

7.1. You can stop here if you don’t need Signal. You may only need a WiFi connected Android with Google Voice to privately receive access tokens via SMS.

8. Never use this phone from any place you routinely go (anchor points) unless you are behind Tor. See (*) below.


Signal configuration and Android configuration

9. Download “Signal” and register it with your Google Voice number. The SMS verification will fail. Wait and then verify via phone call. Your temporary Talkatone number will receive a call, so prepare to write down or remember the six-numeral verification code. Enter the code to verify Signal.

10. Encrypt the phone (Settings > Security > Encrypt phone).

11. Only use this device for Signal (and maybe Google Authenticator, see #13) from now on to minimize its exposure. Especially do not use apps that have in-app ads. Uninstall Talkatone. Uninstall or disable all web browsers. Uninstall or disable all Google apps and services except Google Play Services (and maybe Google Authenticator, see #13). You will need to enable Google Play Store again at some point to keep apps updated, but only at another random, public Wifi location. Always keep all syncing disabled, you do not want Google to have your contacts.

11.1. “NetGuard” may be a useful solution for keeping network activity minimized.

12. Open Signal. Disable SMS/MMS to both Signal users and non-Signal users in settings. Require password access to Signal by turning on “Enable passphrase” to further harden the message database in addition to adding another layer of defensive security (shoulder surfing for the phone access passphrase is easy). Set a low “Timeout interval”.

12.1. When preparing to IM someone with Signal, be sure to first add a contact in your Contacts. When you’re looking at your Signal contact list (or lack thereof), tap the refresh symbol to force a refresh. Now you should be able to see Signal users that can receive your IMs.

13. Using the “Google Authenticator” Android app, enable two-factor authentication (2FA) for access to your new Gmail. If an attacker can get into your Gmail accounts, an attacker could register your number with a new device and deny you the ability to communicate with Signal. When configuring your new Google account, you can now use your new Google Voice number as a verification phone number. Immediately configure 2FA with only Google Authenticator and Google Voice as a backup.

13.1. To further compartmentalize, put your Google Authenticator tokens on a separate device — Preferably one that remains in Airplane Mode all the time.

14. Tell people that you communicate with not to save your number with any personally identifiable name. The apps they use–like Facebook or their Google Contacts sync–will betray your privacy by recording their contact list, forever creating the digital record of your name with your new number.

15. Log into google.com/voice with Tails’ insecure browser on your laptop and disable forwarding to your former Talkatone number. Or alternatively, use Tails’ Iceweasel (Tor) and test access now that 2FA is configured.

Optionally…

16. Physically remove the phone’s microphone and cameras; if possible, the accelerometer too. Rely on a corded headset when communicating with Signal (voice). Don’t leave the headset plugged in when not in use.

16.1. If an attacker is able to compromise your device, you do not want them to be able to hot-mic your Android or take pictures/video of your environments.

rootkovska
An iPhone with its microphone and front camera removed.
Photo credit: Joanna Rutkowska

Root?

There are pros and cons to rooting your phone. Rooting might make the job of targeted attacker much easier. Should you root for more control (creating new vulnerabilities) or simply hope that Airplane Mode is doing what it promises when you are carrying your phone with you at anchor points?

(*) There are several options for getting Signal to work with Tor, but the downside is that only Signal IMs will work, not Signal voice calls. One option is to create a wireless access point for your anchor points that force all traffic over Tor, which does not need root, like P.O.R.T.A.L.. It also may be possible to leverage another Android phone that is already rooted and running Orbot to tether through. And again, InvizBox and Anonabox are simple solutions, but you have to buy them online and have them shipped somewhere, creating a lot of metadata. Lastly, there is the option of rooting and using Orbot to proxy local Android traffic.

Mission Impossible Android Hardening on Github, previously on the Tor Project blog, goes into good detail on how to root your Android device and attempt to delete the Android baseband firmware partition.

Once your Android is rooted, you would need to install a 3rd-party ROM that does not have any Google services pre-installed. Then you’d have to find the Signal APK online (plus verifying their hashes) and manually install the apps you need. There are some interesting, unsupported ways to get and use Signal on an Android. Google Cloud Messaging (GCM) is required unless another service pretends to be GCM.

Ideally you’d use an iptables-based firewall to prevent any apps or services using any network interface except Signal and Orbot. You would also need to find a different long-term VOIP provider (to receive phone calls and SMS) since you wouldn’t be setting up a Gmail or Google Voice in this scenario.

Notes for Signal

Previously: “Signal, TextSecure, and RedPhone ecosystem notes”

Published: 2015-Mar-02
Updated: 2015-Nov-16, revision 36

FAQs

1. You need a phone number plus an Android, iPhone, or iPod Touch to use Signal.

2. You need a data connection (Wifi or cellular) to use any of Signal’s end-to-end encrypted (E2EE) services.

3. Signal provides easy E2EE voice and text communications including to international Signal users; however, Signal for Android can optionally manage SMS by replacing your default SMS application.

4. Signal’s message database is independently encrypted on the device. Other apps cannot access the contents of this database. Signal (iOS) messages are not included in iCloud backups if iCloud is enabled. Signal (Android) messages are not included in Google Hangout syncing.

5. Unlike iMessage, WhatsApp, and other encrypted IM solutions, Signal allows users to verify each other’s public encryption key by sharing the public key fingerprint.

Group Messaging

6. Signal can be used to create and manage E2EE text/IM group chats.

7. Signal group chats protect 1) who is in the chat, 2) the name of the chat, and 3) the message content shared between Signal users.

Android specific

8. Signal asks to replace the default Android SMS application. It can send SMS (insecure) to non-Signal users. When Signal manages the SMS database (default SMS application), SMS (insecure) sent and received are not any more protected in transit than if you were using Android’s default SMS application.

9. If you need to send an SMS (insecure) to a contact but you have already chatted with Signal IMs, long-press the “enter” button when you are about to send the message.

10. Signal for Android can be configured to turn off SMS-sending. In this case you’ll only be able to send IMs to other Signal users. However, turning off SMS-sending only removes SMS contacts from Signal’s user interface. If you have an existing SMS conversation that is managed by Signal, you will still be able to send SMS to said contact. If someone SMSs you, you can still reply with SMS. Turning off SMS-sending in Signal is only superficial.

11. Signal SMS messages provide message content, time, date, contact (phone number), and location (cell tower) metadata to your telecommunication service provider and to your federal agencies. In the United States, this is accomplished via Section 215 of the USA Patriot Act. Signal IMs can provide time, date, and location metadata to telecommunications companies while protecting message content and contact metadata. Communication records will not show up on your phone bill when using Signal (non-SMS) encrypted communications.

iOS specific

12. Signal for iOS cannot send or receive SMS because there is no application program interface (API) in iOS for SMS. It can only send encrypted IMs.

13. Signal (iOS) is like iMessage. However, iMessage encryption keys can be replaced transparently (without your knowledge) by Apple, and iMessage does not employ Perfect Forward Secrecy (PFS). PFS allows each IM or encrypted voice call to have it’s own, unique, encryption key, making your communications much harder to crack once captured. Additionally, iMessages, by default, are synced to iCloud, making them easy to obtain by Apple or any government agency with the right paperwork. iMessages stored in iCloud are encrypted, but Apple holds those private keys and can unencrypt them for anybody it chooses.