Signal Desktop has a standalone registration UI that works perfectly fine in the source (https://github.com/WhisperSystems/Signal-Desktop), but this hidden feature has been entirely removed from this version.
Here is a convoluted process that will allow you to register with any SMS-capable phone number, no Android app required:
First, install the Signal GitHub repo (unzip https://github.com/WhisperSystems/Signal-Desktop/archive/mas...) unpacked in Chrome, inspect the background page and enter `extension.install("standalone")` in your console. Enter a phone number to get your verification code. Do not submit your registration using the standalone UI! Keep your verification code for use with the official app.
Next, uninstall the source app and install the official app. Inspect the background page and type this in your console: `getAccountManager().registerSingleDevice("your phone number", "verification code")`. Don't forget to include your country code in your phone number (+...) and remove the dashes from your verification code, or you will probably get an error.
No idea why Open Whisper Systems felt that it was necessary to entirely remove this hidden UI, when it wasn't accessible through any of the standard UI anyways. The feature works completely fine (and has for months). The only purpose this removal seems to serve is to force users to install their mobile app.
I get an "HTTPError: Failed to connect to the server, please check your network connection" for the first part (extension.install). Does that not occur for you?
Edit: Ah, it's using a broken SSL cert (chain is broken). Going to the URL manually and accepting the break works.
When I first read that I was sure that must largely apply to the calling (voip) features, but testing showed me I was wrong. I couldn't even make messaging work through a firewall so now I sourly use Telegram instead (no private chats by default in telegram??).
No private chats at all for Windows/Linux. It is actually insane that (unless I'm missing something) there is no usable/accessible trustworthy end2end encryption chat program that has both mobile and desktop clients.
Note: Telegram desktop alternative apps have major usability issues at least on Linux.
Edit: Also, many people refuse to install/use Chrome for various reasons, so even if you don't have to open ports, this still won't be a solution.
OTR plugin[1] has been around for years. I have used it on top of icq, aim, skype and jabber. Also there are few clients for android that support jabber & otr.
Try to get an average user to copy their private keys onto android from their adium/pidgin install... Even just using adium with other people using adium with the plugin had all kinds of usability issues for me.
qTox, µTox and Antox do the job. Antox is very batter hungry, but that was it comes with fully decentralized network (DHT nodes setup by volunteers) with complete end to end encryption.
does tox have device syncing yet? I usually set my phone down out of reach when at a computer, but still need to receive messages on the go. I have antox and qTox both installed, but Im not going to convince other people to switch if it's not going to be in a usable state.
> Edit: Also, many people refuse to install/use Chrome for various reasons, so even if you don't have to open ports, this still won't be a solution.
Let's be honest, there aren't many. Chromium is enough to please the majority of OSS people. And if they are not using Chrome for 'security' reasons they are very misinformed.
I don't use Chrome or Chromium because I'm not happy with advertising companies deciding how the web should develop. Companies who's very survival is based on being able to extract information about users, being empowered to pick and choose what goes into modern web browsers due to market share? Great idea, with no possible long term damage.
Better not watch any TV shows, read newspapers, or use any search engines either then. They are all financed by ads. /s
Chromium is the best product on the market. I honestly don't see what negative influence Google's business model has on it. I use Duckduckgo as my default search engine and
Google doesn't do any monitoring/tracking in Chrome, despite what most people think.
Hey everyone has their own preferences. I try out a different browser every once in a while, or you may lose out on a feature that the "other" side has, or maybe a degradation that is not. Way back when, the great eagle king of browsers used to be Opera, no competition :) But those days are long gone (and after they fired the Presto team, the only similarity today is the name of the company, don't even bother).
Currently am using Firefox. Recently gave Chromium a good try for a month or so, for my personal experiences, right now best product on the market is Firefox. The address bar / search bar in Chromium is just inferior--you only get ~five autocompletes from your history and bookmarks, total. That basically means there's a reasonable chance the thing you're looking for will appear, but it's not really something you can rely on to navigate the personal knowledge base of bookmarks and history. Not talking about search suggestions btw. The other thing is Firefox Android supports Add-ons, so you can have uBlock and Ghostery on your phone (not even sure why anyone would even begin to consider a browser that doesn't support adblocking?) and Firefox Sync works well, to connect to the desktop and back (gave Pocket a try, didn't like it).
I also use DDG as default search in Firefox, very useful with the bang syntaxes, more powerful than Google (which is just a !g away anyhow). Also in Chromium, so the address bar feels more familiar and somewhat makes up for its lack of power :)
Google makes money from tracking people on the web. They will not introduce or develop new technology to their web browser which hits that revenue stream hard.
By using Chrome or Chromium you are giving them market share and therefore power to shape the future of the web. The future of the web under Googles custodian is more advertising, more tracking and less privacy.
Show me where to get a NoScript replacement and I'll consider that Chrome or Chromium might have a clear advantage in security. But if you try to point me at an extension that only blocks JavaScript based on URLs, I'll consider you very misinformed.
NoScript does more than block JavaScript, but if that's all you're interested in, uBlock Origin can block inline and external scripts on a global or site-specific basis.
You will find https:///www.wire.com/ interesting. e2e encrypted, clients for Windows, Mac, Android & iOS. And chats are synched between all your clients. Also .. no phone number required to sign up; use your email.
Because if it's end to end encrypted each device would either need the same private key to decode the messages or each message is encrypted with each devices public key.
This would require some kind of key exchange i.e. scanning bar codes.
There are probably a million ways to deal with it.
I haven't looked into it at all, but one way I just thought of right now is to have your own devices p2p the message among themselves with original sender's information after the one used most recently receives it.
I've noticed that a new device added to the account will not see the history. It only sees those messages that are received or sent after it has been added to the account.
The UX of the official Linux desktop Telegram client is really nice, IMHO. Simple and snappy even on a low-powered netbook. Syncs perfectly and immediately across devices. Copy/paste/drag/drop of images and files works very well. I also like the option-on-hover "drop here to quickly send compressed photo / drop here to send without compression" for its ease of use. Although given I had to explain some people, less curious / techsavvy people may not discover it or notice it.
But yeah, no encryption to speak of. So I'm no longer going to recommend Telegram over Whatsapp :) Just pointing out how much I like the UX of the Telegram client, no reason why you couldn't have that on a properly encrypted platform, after all :)
> I just wish Signal was easier to get through a firewall. ... I couldn't even make messaging work through a firewall...
That's really, really strange. I sit behind an IPv4 NATting router whose policy is "default REJECT unless the packet is related to a connection that conntrack knows about". [0] The device also runs UPnP, but Signal never attempts to forward any ports. Full disclosure: I have good IPv6 service, but textsecure-service-ca.whispersystems.org doesn't have any AAAA records, so I don't see what that would have to do with anything.
My friends and I can use both Signal text and voice messaging without issue.
Just what sort of obscenely restrictive firewall are you behind?
[0] You know, a typical NAT firewall configuration.
> Many companies block outbound on non-well known ports...
Mmmhmm. Yeah, I'm aware of that. :) However, click170 made no mention of a corporate firewall. He said:
> I just wish Signal was easier to get through a firewall.
Which is dramatically at odds with my and my friends experience with Signal; namely that it passes through firewalls with no configuration required.
If he would have mentioned that it was a corporate firewall that he was trying to get through, I expect his comment would have been much less popular, and much less confusing. :)
What's with all the weird restrictions on using Signal? Why do I have to register via an Android account? Why not a simple messaging app that just lets me message anyone else with the app with no bullshit?
Signal has done an excellent job of branding itself as the one true E2E encrypted messaging app made by real experts, as against e.g. Telegram. But the actual product is hugely disappointing because of these apparently arbitrary and, in the case of requiring a phone number, privacy-damaging restrictions.
Indeed! I can not understand the logic of using phone number in such apps while many security experts (like Jacob Appelbaum) call cell phones as little tracking devices which allow you to make call and send text with!
Such a disappointment!
Tried signing up for Signal using a RingCentral number. The callback verification triggers way too quickly for a VoIP call to propagate, answer and verify.
I didn't know Signal used Twilio on the backend to verify. I haven't used it myself but know someone that works there. Maybe they can help look into it.
It really would make sense if Signal would support more than just phone numbers as identifiers. It shouldn't be too hard: in the protocol, use URIs as identifiers, using tel: (or sms:?) for mobile phones, mailto: for email addresses, maybe urn:uuid: for general UUIDs.
I've not looked at the internals — it's possible of course that it already does exactly this.
Here is a convoluted process that will allow you to register with any SMS-capable phone number, no Android app required:
First, install the Signal GitHub repo (unzip https://github.com/WhisperSystems/Signal-Desktop/archive/mas...) unpacked in Chrome, inspect the background page and enter `extension.install("standalone")` in your console. Enter a phone number to get your verification code. Do not submit your registration using the standalone UI! Keep your verification code for use with the official app.
Next, uninstall the source app and install the official app. Inspect the background page and type this in your console: `getAccountManager().registerSingleDevice("your phone number", "verification code")`. Don't forget to include your country code in your phone number (+...) and remove the dashes from your verification code, or you will probably get an error.
No idea why Open Whisper Systems felt that it was necessary to entirely remove this hidden UI, when it wasn't accessible through any of the standard UI anyways. The feature works completely fine (and has for months). The only purpose this removal seems to serve is to force users to install their mobile app.