Using Signal Messenger for Truly Secure End to End Encrypted Conversions

How do i get friends/family to switch over from apple to Android? Let alone messaging app? End-to-End Encryption required both users to have Signal. 0.02 cents.

Been using Signal for years. Worked great when traveling internationally (when we could do such things).

The telephone number issue is a HUGE security problem. It's NOT a feature but instead a bug.

I want to challenge your use of the term "end to end" a little bit. Did you and Brett exchange public keys or a shared secret out-of-band before communicating? Or did you have a mutually trusted NEUTRAL third party vouch for both of your public keys? If not, you could be vulnerable to a MITM attack.

You may trust signal due to their foundation status as you've mentioned, but I personally don't. I think there is a difference between a neutral institution that has nothing to gain (but plenty to lose) from verifying your identity and the provider's institution from verifying your keys. Signal may not have a motive as an institution to forge your public key, but a rogue sysadmin at signal or their datacenters may.

What I'm trying to get at is not whether or not we can trust signal - that's up for you and the people you are communicating with to decide. What I'm trying to say is that we need to be very careful how we use the term "end to end encryption" - this is what has gotten Zoom in so much trouble.

Would I consider emailing you with your PGP key as end-to-end encryption? That all depends on how I obtained your public key and how you obtained mine. Another thing to think of is SSH - when you connect to an SSH server for the first time, how do you know the communication was not MITM'd assuming it was a self-signed SSH keypair? You really don't know. The best thing you have is TOFU. I'm sure people will classify my caution as paranoia but I think it's rightfully placed in a post-snowden world.

What about matrix/Synapse/riot ?

quantum computer is ... :)(:

Why not Telegram?

You don't have to give someone your phone number with Telegram.

Wtf, is this some sort of paid advert for Signal?

excellent application, thanks what phone do you have?

It's amazing how laziness put all the messengers we know and loved in the bin for systems that require a phone number. Why would I want to be available to every other user in the first place? I used to hand over my ICQ / Yahoo details to those I cared to converse with. Must be so hard to take a minute to set up an account once and enter the credentials into an app. Smh.

I prefer unprotected Text

Where are the messages and pictures stored?

how about the new Sessions, no phone number no email. or Wire.

Signal can also be your default SMS app. When texting other Signal users, it'll send it as encrypted. When messaging non-users, it'll fall back to conventional unencrypted SMS.

I am kinda saddened that XMPP/Jabber didn't gain traction. How nice if instant messaging was like email in that it didn't matter who your host was, anyone with an address could talk to anyone else regardless of provider? (Plus OMEMO+OpenPGP support for encryption.)

It's understandable, considering that rolling your own XMPP server or paid hosting is a barrier when there are a ton of free (insecure & incompatible) options. It's also to be expected since monetizing it as a hosted service while remaining zero-cost to the users is an additional problem for adoption and commercial viability. The real killer as a user being, what use is it maintaining a messaging presence when absolutely nobody you want to message with is on board?

Still saddens me a bit. Kinda like when I think about the lack of adoption for email encryption. I guess if Snowden taught us one thing, it's that the masses ultimately don't care when it comes to choosing between security and convenience. :-/

'Foundation' -- almost guarantees that some NSA or CIA phuck-stick has infiltrated it, and planted a backdoor, all the while spreading rumors that it is super-secure!

My biggest issue is that they still have not fixed the "import SMS" function.
It makes it to hard of a sale for me to friends and family, even to my self.

The weak point in any of these "encrypted" systems is that they are only as protected as you trust the company that made your phone, the chips on it, and the network it runs on. It is an app running on a phone you don't control, running software you can't audit, using chips that are dark to you, on a network that is licenced by the government.


This probably works fine to protect against other companies spying on you, or the media, or other rivals, but it would be ineffective against the government who has closer access to the base platform you're using than you do. After all, the microphone isn't encrypted, the screen itself has to read what you're pressing, there is an unprotected interface between you and the app you don't control.

Tom doing the goodguy work, breaking down all the relevant topics on how to stay, safe, connected and explaining the open source options. Amazing video series you're doing the past weeks! Thanks for the work man

I use Signal for a year now and I recommend too. I appreciate the linux client to texting friends with a real keyboard.

Thank's for sharing ! ;-)

Hi Tom, thank you on this wonderful video. This app super amazing. Two thumbs on this channel and keep safe.

I don't like it. I send lots of videos by text for my job. It only give you a 3 seconds video recording.

Awesome! My phone suggested the video in a notification and I just wanted to comment and say thanks for spreading the good word. I've been using Signal since it was TextSecure in 2012. It always makes me happy when a new contact texts me and I see the lock icon.

I used it for around 6 months. It was hardly what I would call 'instant' in its messaging. More like 2-24 hours. Dumped it. Just didn't work for me. Tried to find out what was going on but Signal support was not great.

Signal is a highly recommend encrypted messaging app for privacy-centric people. It runs on world's best encryption protocol i.e. Signal Protocol.

As of 1 May 20, Signal™ requires goog svc to run. Also, doesn't run on tablets or phablets.

Signal agent stop making fake propaganda videos!
We know your enterpris is working with the CIA just like encrochat!
We all know signal can read the messages can locate the user
Know at which time you spoke to who
How meny times a day
And store all data on the signal server!!
Stop trying to trick people!!!


If you need to Get in contact with a authorized SKY ECC reseller near you. contact me i will provid you with the application!:)

Kind regards
Sales executive
Schengen SKY ECC

Recently i install Signal app Really it's have Great features of privacy , Frankly Guys it's nice and best App Fro our Privacy . Thanks to Signal Team

Hello from the last frontier. Questions for ya, what is a sticky broadcast? Is it good, bad, & how do I detect it if needed without. A laptop/computer, from my phone only

What I want to know is how can I find a 8inch laptop and make it air gap. I don’t see any that I like

Why Signal do not use QRcode feature so you can share your profile without giving your number?

By the way I use Line ^w^

I just installed Signal. Thanks for your ideas but you speak too fast hahaha

Signal uses pgp lol

Great videos, Tom.
One minor issue, - we do not all have ‘english’ as our primary language and you are no slow-speaker....

i use Telegram now after i duumped whatsApp

How are the phone calls encrypted? And how can I tell if someone is calling me from Signal (encrypted) versus unencrypted?

"The FBI Can Read Messages From Signal Messaging App, Documents Said"