ADVERTISEMENT

Backup and Organize Your iPhone Photos/Videos with DearMob – Easier, Faster Having at least one backup of your photos can prevent permanent loss if you ever lose or damage your iPhone, and it frees up space on your device. DearMob iPhone Manager transfers your HDR, HEIC, ProRaw, and live photos, videos, music, contacts, apps, and 15+ file types between iPhone/iPad and computer, whether selectively or in bulk. It also offers file format conversion, password encryption, one-click backup and restore. Shop now for an early Easter discount. Enjoy lifetime free usage, upgrades, plus a 30-day money-back guarantee!

PRIVACY

By Mary Branscombe • Comment about this article

Signal is a smartphone secure-messaging app that also works in Windows. Here’s why you want it, and how to get started.

Sometimes you need to send a message that you can be certain will stay private. Perhaps a friend urgently needs a place to stay while you’re out of town, and you must give them your alarm code (and maybe tell the neighbor who has your spare key how to recognize them).

Or perhaps you want to discuss a medical condition, or something that’s perfectly legal but might still get you into trouble at work, such as whistleblowing or staging a protest.

To keep those conversations secure, you need a messaging system that offers end-to-end encryption (E2EE for short), where the device from which you’re sending the message encrypts it before sending it to the server, which passes it on to the person you’re talking to. It isn’t decrypted until it gets to the recipient’s device. Even if someone else should get a copy of the message, they can’t read it in its encrypted form.

Text messages on your phone are not encrypted but are sent in plain text. This means your phone network can read your messages. The SMS protocol has been attacked by hackers more than once.

Direct Messages on Mastodon aren’t encrypted at all, so whoever runs the Mastodon server you use can read them, as can the admin of servers with which they federate. The so-called “Twitter files” showed that the service now known as 𝕏 had access to direct messages users sent each other. Although it has now launched encrypted DMs, they’re only for (paying) verified users; messages aren’t encrypted by default; it doesn’t encrypt photos, videos, or group chats; and experts have concerns about whether the service could actually still get access to messages.

Facebook Messenger offers E2EE only for certain kinds of messages, including group chats but not community, Marketplace, or business chats. The same is true for Instagram. Apple’s iMessage uses E2EE, but if you use iCloud Backup by default, a copy of your encryption key will be stored in the cloud to make it easier for you to recover. You must turn on Advanced Data Protection to avoid the possibility of the company being able to decrypt your iMessage backup — and of course, you can exchange messages only with other Apple users.

The RCS messaging in Google Messages on Android phones has end-to-end encryption for text messages, but only when you’re talking to someone else who has RCS chats turned on. Google is still getting metadata, such as whom you’re talking to and when. There is an open standard for E2EE messaging with OMEMO, the XMPP protocol upon which Google’s RCS is based, but it’s not widely supported in messaging apps.

WhatsApp does offer true E2EE that is turned on by default for messages and calls so that you can’t forget to set it. But not everyone is comfortable using a Facebook service, especially after the platform grabbed WhatsApp user phone numbers for Facebook advertising after promising not to do so. The recent WhatsApp outage was caused by its reliance on Facebook authentication, further illustrating that connection.

Signal also has full E2EE. In fact, the protocol that Facebook, Google, and others use to deliver encrypted messaging is the one developed by Signal. Even though it doesn’t have the marketing might of Meta behind it, Signal’s own messaging app often releases new secure-chat features before WhatsApp does. These include encrypted profile pictures, disappearing messages, and videos that can be watched only once. It even has a “spoiler” effect, where the message text won’t be visible until the person you send it to chooses to read it.

Although it was developed to be a secure replacement for SMS and is usually thought of as a smartphone app, Signal works just as well for secure messaging on your PC, Mac, or even Linux desktop. Just install the Signal Desktop app. Despite its high security level, Signal is as easy to use as any other messaging app.

Signal encrypts everything — one-to-one and group chats, voice and video calls, file transfers, photos, and even stickers. With other services, things such as nicknames or “thumbs up” reactions aren’t always encrypted.

Apart from 𝕏 all the messaging services mentioned above are free to use. Signal is free, too, but it also comes from a nonprofit foundation funded by donations — so there’s no incentive for it to collect any information about users or their messages to sell to advertisers or use for training AI models.

When Signal received its first subpoena to provide all the information it had about specific users, based on their phone numbers, this meant just the date and time each user had set up their account and the last time they had used it. It did not include their real name, their address book, where they had connected from, or the details of whom they’d been talking to — the kind of metadata other services store.

Figure 1. All the information that Signal had to turn over to the FBI was when the user’s account was created and last used — and nothing at all for a phone number that had no account associated with it.

Your Signal messages, pictures, files, and contacts are stored only locally in your phone or PC. If you search for a GIF to use in a chat, the Signal service can’t see your search term (and the GIF search engine can’t see who is looking for that term). Signal calls from people you don’t know go through relay servers that obscure their IP addresses rather than via a direct connection. So Signal doesn’t see it — and you can turn that on for all calls.

Even your profile name and picture are encrypted. They are unlocked only for the people you choose to contact. no one can look up your details on Signal, even if they have your phone number — unless you want them to have those details.

Even though the Signal app looks at your phone ‘s address book to find contacts who also use Signal, it won’t get that information — because checking to see whether any of those numbers is a Signal user is done within a secure enclave. This is an Intel SGX server that uses encrypted memory to run computations with the Azure confidential computing service, so neither Signal nor Microsoft can see which phone numbers are checked.

If you already have Signal on your smartphone, just install Signal for Windows (or Mac or Linux). The first time you run it, you will see a QR code on the screen. On your smartphone, open Signal and go to Settings | Linked Devices, then scan the QR code.

That links the PC to Signal on your phone, after which you will get copies of any new chats and messages on the PC. You won’t see older messages already received on your phone, and you can’t copy these across without copying and pasting them into a new message. The easiest way is to send them as a note to yourself, which you can do by creating a new chat and typing “self” into the “name, username, or number” address field. Ironically, that’s much easier to find in Signal for Windows — it shows as a yellow note icon at the top of your list of active chats. So you might want to start the conversation on your desktop and then copy any important information in old messages so that they sync.

You can link multiple PCs, Macs, Linux desktops, or iPads to your mobile Signal account — up to five devices per phone. However, you can’t link another phone or an Android tablet.

Once you have Signal for Windows linked, your phone doesn’t need to be on in order for you to use Signal on your PC. You can start sending messages, using the same contact list you have on your phone or adding new contacts by either their phone number or username. As on the phone app, you can send text, photos, files, and stickers; format text in bold, italics, or spoiler style; edit your own messages for up to 24 hours after you send them, to fix any typos; or choose how messages in a chat are treated. This included setting disappearing messages and creating group chats, or making voice and video calls.

Figure 2. Click on the three dots in the top-right corner of a chat if you want to manage it by muting notifications, turning on disappearing messages, or changing other options. Use View recent media to look back through all the images, videos, and documents in one place.

There are some other clever things you can do with Signal on Windows, from desktop-specific features to a way of using Signal even if you don’t have a smartphone (or don’t want to put Signal on that phone). Plus, you can set up a username so you don’t have to give out your phone number just to chat with people.

I’ll show you how to do that next week.

Join the conversation! Your questions, comments, and feedback about this article are always welcome in our forums!

Mary Branscombe has been a technology journalist for nearly three decades, writing for a wide range of publications. She’s been using OneNote since the very first beta was announced — when, in her enthusiasm, she trapped the creator of the software in a corner.

ADVERTISEMENT

Enjoying the newsletter? Become a PLUS member and get it all!
	Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice. PLUS, these exclusive benefits: Every article, delivered to your inbox Four bonus issues per year, with original content MS-DEFCON Alerts, delivered to your inbox MS-DEFCON Alerts available via TEXT message Special Plus Alerts, delivered to your inbox Access to the complete archive of nearly two decades of newsletters Identification as a Plus member in our popular forums No ads We’re supported by donations — choose any amount of $6 or more for a one-year membership.