negative zero

Setting up Signal without Android or iOS

2022 July 3

[messaging] [privacy] [signal] [tech] [tutorial]


Update 2022/12/24: I'm now using signal-cli. See this post.

My previous attempt at using Signal didn't turn out too well.

I'm moving soon, and I'll need to be more contactable so I can make friends and other important contacts. I've already started using my phone number some. (That said, I am planning to change my phone number when I move.) Despite my issues with Signal, I'd much prefer it to unencrypted SMS, and some people actually use it, so it would be a good idea to set it up.

However, I don't have a phone, and officially you're only allowed to use Signal if you have an Android or iOS device.[1]

The approach I'm taking here to register is officially against Signal's rules because it involves third-party software, but the goal is to end up using the official desktop client.

At the time of writing, I have not actually used this Signal setup enough to test how well it works; I just set it up.


Requirements


1. Set up Axolotl

A single Signal account must have exactly one "phone" device (Android/iOS, including tablets) and may additionally have up to 5 "linked" (desktop) devices. Since I don't have an Android or iOS device to set up the "phone", I instead used the third-party client Axolotl (pronunciation, pronunciation explanation) which registers itself as a primary device. (Axolotl is largely intended for non-Android Linux phones like the Pinephone and Librem 5.)

I installed Axolotl through Flatpak. (I used the --user flag because I set it up in a Qubes VM, and I wanted it to persist across reboots.)

flatpak remote-add --user flathub https://dl.flathub.org/repo/flathub.flatpakrepo

flatpak install --user org.nanuc.Axolotl

I ran Axolotl:

flatpak run org.nanuc.Axolotl

On first boot, it asked me to set up an account by putting in a phone number. I put in my JMP.chat VoIP number. Signal required me to perform free labor for Google with a reCAPTCHA before I could register. The Signal service then sent me a text with a code, which I typed in.

Axolotl required me to enter a username for some reason. (The Signal Desktop client also required a username. I haven't used Signal in a while; this may just be the new norm.) I put in my phone number as my username, but I may change that later.

When Axolotl is set up, go to the menu → Settings → Linked devices and click the Plus (+) symbol in the lower-right corner. Then I took the steps in the next section to get the value to paste in.


2. Link Signal Desktop

I installed the desktop Signal app using the Debian amd64 package:

  1. I downloaded the signing key from https://updates.signal.org/desktop/apt/keys.asc
  2. I put this key in /usr/share/keyrings/:
  3. cat keys.asc | gpg --dearmor | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null

  4. I added a signal repository to the apt lists
  5. sudo nano /etc/apt/sources.list.d/signal.list

    I added this line:

    deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main

    (Note, it needed to be xenial even though I'm running Debian stable/bullseye.)

  6. I updated and installed signal-desktop
  7. sudo apt update && sudo apt install signal-desktop

On first launch, Signal Desktop displayed a QR code to be scanned from the primary ("phone") device in order to sync.

I took a screenshot of this QR code (with xfce4-screenshooter), then decoded it with zbarimg (installable on Debian through the zbar-tools package):

zbarimg ./my_qr_code.png

The output included a line like this:

QR-Code:sgnl://linkdevice?uuid=<a UUID>&pub_key=<a public key>

I copied all the stuff after "QR-CODE:" and pasted it into the Axolotl "Add a new device" dialog, then clicked "Add".

Signal Desktop tried to sync with Axolotl. It seemed to get stuck, but I closed Signal Desktop and re-opened it, and everything seemed fine. I can't view or update my profile from Signal Desktop, and Axolotl doesn't have an option for this. I now have a working Signal Desktop client! (The desktop client should work even when Axolotl is closed.)


Issues

This uses a third-party client. The Signal project does not seem to be actively hostile towards Axolotl, but it could be in the future. The Axolotl client has not been audited with the same rigor that is given to the official Signal software.

This requires (or may require) the completion of a Google reCAPTCHA.

Both Signal Desktop (which is not intended as a standalone client) and Axolotl are missing important features, such as locking one's account with a PIN. Someone who compromises my phone number can easily take over my account.