The majority of people I communicate with are using either Signal or Wire as their preferred method of communication. Both offer extremely secure, end-to-end encrypted communications and I have reviewed those services in previous posts about my communications strategy. Many of you have adopted a similar strategy for yourselves and I applaud your efforts to make all your communications more private and secure.
Recently, I decided to “verify” all of my contacts that use either Signal or Wire. Both services offer a verification method in order to ensure that communications are only happening between you and the person you expect to be having a conversation with. This eliminates the concern of a man-in-the-middle attack, which occurs when two users believe they are communicating with one another, but instead a third party intervenes in the conversation. Signal and Wire protect you from this type of attack by allowing you to compare key fingerprints (Wire) and safety numbers (Signal). Matching those ensures that you’re talking to the correct person, and not to a third party who is posing as your contact.
For Wire users:
You can verify your conversations by comparing your contact’s key fingerprints as shown on your device with those shown on their device.
In a conversation:
1. Tap or click your contact’s name at the top of the conversation to show their profile.
2. Tap or click DEVICES.
3. A list of your contact’s devices is displayed. Tap the device name and ID that you’d like to verify.
4. Verify with your contact that the key fingerprint listed on your device matches the key fingerprint shown on theirs.
5. Tap or click VERIFIED.
If your contact uses Wire on more than one device, each key fingerprint should be compared and and verified. If you use Wire on additional devices, you will need to verify them as well to have a verified conversation. Once all of your and your contact’s devices are verified, the conversation can be marked verified.
For Signal users:
Each Signal conversation has a unique safety number. The safety number gets stored the first time you exchange a private message with a new contact. You will be alerted if a conversation’s safety number ever changes. This can happen if someone else is pretending to be them, or if they get a new phone and reinstall Signal.
To view and verify your safety number in a direct conversation
1. Open your conversation with just that contact.
2. If you see an alert of a safety number change, then the new safety number is displayed through the alert and you can tap on the alert and skip to step 5.
3. View conversation settings.
◦ On iOS or Android, tap on your contact name to show the conversation settings.
◦ On Desktop, choose the menu option.
4. Choose Verify Safety Number.
5. Copy and Share the safety number.
◦ On iOS or Android, long press on the numerical digits then choose copy to clipboard and share with your contact OR choose the share icon in the top right and choose how you’d like to share.
◦ On Desktop, highlight the safety number and copy, then share with your contact.
◦ You can choose to share through another app or mode of communication.
6. Compare the safety number.
◦ On iOS or Android, electronically,
1. Long press and copy the safety number shared by your contact.
2. Long-press on YOUR safety number or use the share icon in the top right and choose “Compare with Clipboard.”
◦ On iOS or Android, in-person, tap Scan Code icon or tap on the circle with the QR code to scan a contact’s QR code then move your phone to fill the circle with your contact’s QR Code or allow your contact to scan the QR code on your phone.
◦ On Desktop, manually and visually compare the 60-digits of the safety number.
7. Tap on the Verified option to mark this contact as verified. You will see an alert in your conversation thread and a check mark under your contact’s name.
To view and verify a group contact start a one-on-one conversation first. The safety number is not visible in group conversations.
The safety number on your phone should match those on your contact’s phone. If the safety number is identical then you can be sure that you are communicating with the right person. If the safety number does not match, then make sure you and your contact are using updated versions of Signal, open a conversation with just that contact, and then try again.
Using these apps to ensure that your communications remain private and secure is extremely important to those of us who value privacy. I would encourage you to take the time to “verify” each of your contacts so that you have the piece of mind that everyone you communicate with is who you expect them to be. Each of these apps makes it easy to do, so why not take this extra step?