Setting up Signal without Android or iOS
2022 July 3
Update 2022/12/24: I'm now using signal-cli. See this post.
My previous attempt at using Signal didn't turn out too well.
I'm moving soon, and I'll need to be more contactable so I can make friends and other important contacts. I've already started using my phone number some. (That said, I am planning to change my phone number when I move.) Despite my issues with Signal, I'd much prefer it to unencrypted SMS, and some people actually use it, so it would be a good idea to set it up.
However, I don't have a phone, and officially you're only allowed to use Signal if you have an Android or iOS device.
The approach I'm taking here to register is officially against Signal's rules because it involves third-party software, but the goal is to end up using the official desktop client.
At the time of writing, I have not actually used this Signal setup enough to test how well it works; I just set it up.
- An amd64 desktop computer (which I'll assume runs Linux)
- A phone number where you can receive a verification text message
1. Set up Axolotl
A single Signal account must have exactly one "phone" device (Android/iOS, including tablets) and may additionally have up to 5 "linked" (desktop) devices. Since I don't have an Android or iOS device to set up the "phone", I instead used the third-party client Axolotl (pronunciation, pronunciation explanation) which registers itself as a primary device. (Axolotl is largely intended for non-Android Linux phones like the Pinephone and Librem 5.)
I installed Axolotl through Flatpak. (I used the
--user flag because I set it up in a Qubes VM, and I wanted it to persist across reboots.)
flatpak remote-add --user flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak install --user org.nanuc.Axolotl
I ran Axolotl:
flatpak run org.nanuc.Axolotl
On first boot, it asked me to set up an account by putting in a phone number. I put in my JMP.chat VoIP number. Signal required me to perform free labor for Google with a reCAPTCHA before I could register. The Signal service then sent me a text with a code, which I typed in.
Axolotl required me to enter a username for some reason. (The Signal Desktop client also required a username. I haven't used Signal in a while; this may just be the new norm.) I put in my phone number as my username, but I may change that later.
When Axolotl is set up, go to the menu → Settings → Linked devices and click the Plus (+) symbol in the lower-right corner. Then I took the steps in the next section to get the value to paste in.
2. Link Signal Desktop
I installed the desktop Signal app using the Debian amd64 package:
- I downloaded the signing key from https://updates.signal.org/desktop/apt/keys.asc
- I put this key in /usr/share/keyrings/:
- I added a signal repository to the apt lists
- I updated and installed signal-desktop
cat keys.asc | gpg --dearmor | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
sudo nano /etc/apt/sources.list.d/signal.list
I added this line:
deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main
(Note, it needed to be xenial even though I'm running Debian stable/bullseye.)
sudo apt update && sudo apt install signal-desktop
On first launch, Signal Desktop displayed a QR code to be scanned from the primary ("phone") device in order to sync.
I took a screenshot of this QR code (with xfce4-screenshooter), then decoded it with
zbarimg (installable on Debian through the zbar-tools package):
The output included a line like this:
QR-Code:sgnl://linkdevice?uuid=<a UUID>&pub_key=<a public key>
I copied all the stuff after "QR-CODE:" and pasted it into the Axolotl "Add a new device" dialog, then clicked "Add".
Signal Desktop tried to sync with Axolotl. It seemed to get stuck, but I closed Signal Desktop and re-opened it, and
everything seemed fine. I now have a working Signal Desktop client! (The desktop client should work even when Axolotl is closed.)
This uses a third-party client. The Signal project does not seem to be actively hostile towards Axolotl, but it could be in the future. The Axolotl client has not been audited with the same rigor that is given to the official Signal software.
This requires (or may require) the completion of a Google reCAPTCHA.
Both Signal Desktop (which is not intended as a standalone client) and Axolotl are missing important features, such as locking one's account with a PIN. Someone who compromises my phone number can easily take over my account.