- get the App for Android/Samsung https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
- direct download link https://signal.org/android/apk/
- 2022-05 version: https://updates.signal.org/android/Signal-Android-website-prod-universal-release-5.38.5.apk
- how to verify (very (over?) complicated:
- get the sha256 sum from bottom of page https://signal.org/android/apk/
- remove all the :
- 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
- 29F34E5F27F211B424BC5BF9D67162C0EAFBA2DA35AF35C16416FC446276BA26
- remove all the :
- download commandlinetools-linux-8092744_latest.zip from https://developer.android.com/studio#downloads
- ./bin/sdkmanager –sdk_root=/tmp/android_sdk “build-tools;29.0.3”
- it will download a lot of stuff
- /tmp/android_sdk/build-tools/29.0.3/apksigner verify –print-certs /where/the/apk/is/stored/Signal-Android-website-prod-universal-release-5.different.version.apk
- result:
- /tmp/android_sdk/build-tools/29.0.3/apksigner verify –print-certs Signal_5.24.17_93701.apk
Signer #1 certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Signer #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
Signer #1 certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
Signer #1 certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
- /tmp/android_sdk/build-tools/29.0.3/apksigner verify –print-certs Signal_5.24.17_93701.apk
- get the sha256 sum from bottom of page https://signal.org/android/apk/
- how to verify (very (over?) complicated:
- 2022-05 version: https://updates.signal.org/android/Signal-Android-website-prod-universal-release-5.38.5.apk
- direct download link https://signal.org/android/apk/
- get the App for iOS (iPhone/iPad) https://apps.apple.com/us/app/signal-private-messenger/id874139669
Privacy just as Security is a never ending story.
Signal was once even recommended by Snowden.
According to “wired” the Signal encryption is solid and widely adopted by a lot of companies… but are the their servers without backdoor?
“1984” seems to make for a very profitable business model: “What exactly is Facebook up to?” (they bought WhatsApp ($19Billion!!!) and Instagram($1B in Cash))
“Facebook” (and Google, Apple & M$ tries too) “lives on the data it obtains about its users.”
“The more detailed this data is, the more targeted Facebook can place ads – and the more accurate an ad is, the more valuable it is.”
“This involves a lot of money: In the third quarter of 2014 alone, Facebook generated more than three billion US dollars in sales, about 90 percent of which comes from advertising.”
https://www.tagesschau.de/inland/faq-facebook-neue-nutzungsbedingungen-101.html
but it does not end with advertisements… Google is making a massive push into BigHealthData.
While it makes sense to monitor the environment for hazardous chemicals and one’s vital signs for any problems… (e.g. too less Fitness, says the Fitness Tracker) it shall done with very transparent Open Source systems only, so the user is in complete control over the user’s data (and can share it with a doc if user wants to… via an usb stick or Mail-Attachment.encrypted)… but not via the Google Cloud (as Google plans to).
Japan experiments with care giving robots, the Chinese try to replace the Dentist with a robot.
back to topic:
everyone who has:
- seen 1984 the movie-film from 1984 (UK) WARNING! IT IS DELIBERATELY SHOCKING!
- or has ever heard of Cambridge Analytica (basically using Facebook data to manipulate users into voting for a specific president)
- or has heard of “killer drones”
- the hacked Japanese robot-hotel
knows… that it-security & privacy is not just a fancy fashion choice.
The more the system knows about the user, the more precise the manipulation, the more control it can gain.
(BigPharma (of course) just want’s to know what are the most profitable markets, maybe the costs for developing & testing new medicines were set artificially so high, so that small companies can not compete?)
So computing won’t go away any time soon and thus mankind needs to develop systems process and store very personal data in a responsible (encrypted, so only the user has access and can grant very fine grained what doctor get’s to see what data) way.
or even better: have all the user’s data on the user’s self-hosted machine (also encrypted, with only very close friends knowing the decryption password, in case of an emergency).
desktop client that syncs with mobile 🙂
what really is cool about Telegram… it has a desktop client, that syncs with the user’s mobile client (thus all the chats and data and media are in sync)
SIGNAL has that too 🙂
for latest how to install instructions, check on official page: https://www.signal.org/download/linux/
# NOTE: These instructions only work for 64 bit Debian-based # Linux distributions such as Ubuntu, Mint etc. # 1. Install our official public software signing key wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null # 2. Add our repository to your list of repositories echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\ sudo tee -a /etc/apt/sources.list.d/signal-xenial.list # 3. Update your package database and install signal sudo apt update && sudo apt install signal-desktop
Not on Linux?
as Linus always says: “show me the src”
https://github.com/signalapp/Signal-Desktop
https://github.com/signalapp/Signal-Server
(mostly Java?)
the comapny behind this Open Whisper Systems
a complete goodbye?
guess no.
Because… loads of contacts will be unwilling or unable to migrate to any other messenger.
Loads of elderly users in Germany are so happy, that they finally are “cool” and able to send pictures with their phones… that they hardly understand the fuss… why they should switch to another application.
So there will be a need for those who want to switch completely to have a form of backward-compatibility with those users.
and there is a possibility:
buy another smart phone… and move the simcard…
so the setup is like:
- SmartPhone A (stationary, wifi only)
- will have no sim card (Wifi only)
- keeps running WhatsApp and Telegram but check less frequent
- will stay at home… so no location GPS tracking data
- give it to kids for installing games with trojans & viruses etc X-D
- SmartPhone B (mobile, LTE & wifi)
- will (of course) be running the latest available LineageOS without Google Play services (Signal does not need them, it might need them for push notification, but if pull notification is okay with the user, no Play Store needed)
- software minimalism: will have installed only the absolutely necessary apps such as banking and firefox browser
this setup also makes sense from a security perspective.
the (mobile) phone network infrastructure, seems to be like the mail system: security was simply not an issue 20 years ago and thus it is possible to fake sender-addresses and caller-phone-numbers.
Links:
Open Whisper CEO: https://twitter.com/moxie
Matthew Rosenfeld aka Moxie Marlinspike leaves as Signal CEO https://signal.org/blog/new-year-new-ceo/
no RSS feed of the blog https://signal.org/blog/ could be found
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!