Signaling without exposing your private phone number
in Anonymity / Privacy / Security / Communication on Signal, Secure-communication, Phone-number, Privacy, Anonymity
The situation
I wanted a way to avoid revealing my private phone number when using Signal. There can be many reasons for this. E.g.
- Privacy
- Safety
- Annoyance over why it is necessary in the first place when using Signal
End goal
Accomplishing the above will be considered a success when:
- I’m able to use the
Signal Desktop
application both with my private phone number and my public phone number. On the same computer - Linking the
Signal Desktop
application can happen without using a secondary phone or needing to uninstall and install theSignal
mobile application (as this would result in a need to be verified by my private contacts) - Getting a public phone number should be as cheap as possible
- If possible, avoiding the registration of my address
- I should be able to hold onto the public phone number for as long as I want
Findings
Using Signal Desktop
with both phone numbers on the same computer
The Signal Desktop
application is not multi-instance capable in the non-development version. Therefore one need to run
the general available version and the beta version side-by-side.
Linking without a secondary phone
This proved to be possible even though it required some nice nerdy magic
As cheap as possible & registration
I spent a lot of hours on different vendor pages. Vendors selling virtual phone numbers and the like. Twilio ended up being the vendor I chose. As with them it is possible to acquire an US phone number for 1$ a month. With an initial top-up of 20$. Therefore giving you 20 months of Twilio.
Twilio also makes it possible to use Paypal
as a payment service. Limiting the number of stakeholders that will get parts of my personal information.
Holding onto the phone number
Using a prepaid mobile phone card is not an option. Even though it nicely comes with no registration. As the phone number falls out of my control at some point. Per say, you’re leasing it.
Again Twilio
makes this possible. As long as I pay my dues.
Guidance on achieving the above
Parts of the below, have for documentation purposes, been copied from Shields Up: Using Signal Without Giving Your Phone Number
- Sign-up for Twilio
- Verify your account as asked
- Top-up the account via
Paypal
with the required 20$ - Choose an American phone-number, with voice and SMS capabilities
- In Twilio, navigate to “All Products and Services” > “Runtime” > “TwiML Bins”
- Create two TwiML bins
- One for SMS, that should contain the following code
<?xml version="1.0" encoding="UTF-8"?> <Response> <Message to="YOUR PHONE NUMBER"> : </Message> </Response>
- And the one for voice
<?xml version="1.0" encoding="UTF-8"?> <Response> <Dial> YOUR PHONE NUMBER </Dial> </Response>
N.B. In the above, insert your phone number. When doing so, it should contain the country code it belongs to. Pre-fixed with the plus character.
- Now navigate to “All Products & Services” > “Phone Numbers” > “Manage Numbers” > “Active Numbers”
- Click on your Twilio phone number. Change the “A call comes in” field from “Webbook” to “TwiML” and switch to your custom voice forwarding settings by selecting the appropriate bin name (e.g., “my voice forwarding”). Do the same for the messaging settings.
- Install the beta of Signal
- Windows: First, download this file and look for the url property that specifies the location for the latest beta installer. Download the installer by constructing a final URL that looks like this:
https://updates.signal.org/desktop/<installer location>
. Then run the installer - macOS: First, download this file and look for the url property that specifies the location for the latest beta installer. Download the installer by constructing a final URL that looks like this:
https://updates.signal.org/desktop/<package location>
. Then unzip that package and copy the .app file into the /Applications folder usingFinder
- Linux: Follow the production instructions to set up the APT repository and run
apt install signal-desktop-beta
- Windows: First, download this file and look for the url property that specifies the location for the latest beta installer. Download the installer by constructing a final URL that looks like this:
- If it isn’t already install the official, general available version of Signal. As you will have to run the Beta and the Official one side-by-side. A further guide on how-to install the Official one would be the one on Signal’s homepage
- Install
signal-cli
which is a command-line interface for Signal and will be used for registering, linking and testing Signal with the acquired public phone number. Get it from Signal-cli download - You are now ready and prepped for registering Signal with your phone number provided by
Twilio
. So change directory to the folder whereto you installedsignal-cli
and…- Execute:
./bin/signal-cli -u PHONE_NUMBER_AKA_USERNAME register
- Execute:
./bin/signal-cli -u PHONE_NUMBER_AKA_USERNAME verify THE_CODE_YOU_RECEIVED_ON_YOUR_PHONE
- To test that the new
Signal
account with theTwilio
phone number works, execute:./bin/signal-cli -u PHONE_NUMBER_AKA_USERNAME send -m "crazy stuff" PHONE_NUMBER_AKA_USERNAME_TO_PRIVATE_ACCOUNT
-
Optionally execute:
./bin/signal-cli -u PHONE_NUMBER_AKA_USERNAME_TO_PRIVATE_ACCOUNT receive
if you want to send a message the other way. Meaning, from your private phone number to theSignal
account with theTwilio
phone number - Now we want to link the
Signal
account with theTwilio
phone number, but without using a secondary phone- Ensure that
Signal Beta
is started, you must see the QR code screen in the application - Scan the QR code with a QR scanner on your phone, to derive the URI that it contains
- Get the URI to your computer in one way or the other
- Now with
signal-cli
execute:./bin/signal-cli addDevice -u PHONE_NUMBER_AKA_USERNAME --uri "tsdevice:/?uuid=....
- In the
Signal Beta
application you should now be prompted to name the device - Name it and proceed,
Signal Beta
will load users and groups and finally …. after some loading your are in
- In the
- Ensure that
- Execute:
Optionally heighten the security of your new Signal
Twilio
phone number account by setting a Registration Lock pin. Here’s how:
- Execute:
./bin/signal-cli -u PHONE_NUMBER_AKA_USERNAME setPin PIN_BETWEEN_4_20_CHARS
And make sure to read the Registration Lock article by Whisper Systems
. As there is some pointers to be aware of. Namely that the pin expires if there are no activity on the account for more than 7 days.
Readings I found useful
-
Does Signal send my number to my contacts? read
Whisper Systems
notes on that here - How to Use Signal Without Giving Out Your Phone Number read The Intercept article on that here
- How to install and use Signal messenger without a smartphone read that guide here
Thank you for reading along.
Over and out