Signal client for the Librem 5


#1

Hello Community,

TL;DR most of my colleagues and family are finally using Signal. They will definitely not want to switch again to another IM (such as Matrix). But I believe Signal integration with the Librem 5 is possible.

Side question for Purism team: is a partnership with OpenWhisper envisioned?


I managed to get most of my family and colleagues on Signal. I understand that Purism wants to push its user towards Matrix as they have partnered up.

For most of my not-tech-savvy-at-all contacts, Signal is already a huge achievement. I can definitely not expect them to switch again, from Signal to Matrix.

The good news is PureOS will likely be powered by Features. For a bit more of information, see the following thread

What does it mean? It means I can write a daemon that is a standalone Signal client. When the “instant messaging Feature” interface will be released, I can push to this interface the information retrieved with my daemon.

I definitely want a Signal client for my Librem, but I cannot ask Purism for it. Moxie, Signal’s principal developper, has also long been known to be very hostile to third party clients. Well, at least to third party clients binding to their servers.

Signal is released under GPLv3 licence, meaning their code is Libre. A user already wrote a basic command-line client for Signal

This client is written in Java, and is based mostly on libsignal-service-java, the library OpenWhisper provides and uses for its Android application. This library is based on a lower level library : libsignal-protocol-java.

I’m not that comfortable with having a daemon for messaging that requires a whole jvm running to power it. Luckily for us, OpenWhisper also has released libsignal-protocol-c, a C library they use for their iOS application. It is a bit hard to read for non-professional developpers though.

Someone wrote a sort of wrapper around lib-signal-protocol-c, called axc. I believe this wrapper could be used to create a daemon that acts as a standalone client, working even on desktop (given that you can use a phone number for registration).

I don’t have much free time to develop it, but I might try to find some time. If anyone is interested in building it first, be my guest :slight_smile:


Will the Librem 5 run Signal? (Updated)
Signal for linux
#2

Hi all,

A bit more about this potential Signal client. I had a look at AsamK’s signal-cli wiki, and it seems that the project already is quite polished. I especially had a look at the DBus service page

I am contacting him to see how I can reuse his project as efficiently as possible.

I also commented an open issue about the Signal-Desktop client (today an electron client) to get Open Whisper System’s opinion regarding third party clients.

It is to be noted that signal-cli appeared several time on the Hacker News and it did not trigger Moxie or the Signal team’s wrath. Still, I would definitely prefer to have OWS’ permission to bind against their servers before doing anything likely to engage Purism reputation.


#3

I wouldn’t like to disappoint you but i don’t think its a good idea.

The main reason is that someone else other than the signal team will be responsible for the app. Its a matter of trust.

Another reason is that when the signal team updates the code you should update it. That adds another layer-time between signal and your app. At best the app will lag behind the official updates.

There are 2 ways signal can run on librem 5.

1.Run signal android app using Anbox.

2.Update the signal linux client to support registering through the linux client AND extend the current linux client to make phone calls.
The above are both on the feature request on Signal-Desktop github.

Personally i believe 2 is the best option.
We just need to extend the current app and any update on the current android desktop client would instantly update our client.

Personally although i find the project really interesting signal is the main reason that i dont plan to buy librem 5.

Most of my friends and family use signal and convincing them to switch to another app is unlikely to happen.

If i cant use signal it means that i cant use any encryption on my day to day calls and messages. I would be forced to use unencrypted mobile calls.

ps.Lack of NFC support is the other problem i have with librem 5. All my emails are encrypted and PGP key is stored on my yubikey.
I wouldnt be able to read my emails. if i switch to librem 5


#4

Hi @gre,

While I understand the point, keep in mind this is intended to be Libre software and can be audited by anyone anytime.

This is true. As an individual, I cannot have the same level of commitment as a company or an organization would have.

The whole point is I intended to write a client using Signal team’s code for me and share it with anyone willing to use it. It comes with no guarantees, neither technical or ethical ones. If you are an activist or a person at risk, it probably is not a good idea to use such a software. All I can offer is to publish the code :slight_smile:

Signal’s core team is very small and already has a lot to do. They precisely created an electron app for desktop so they can use their efforts for the three main OS. The resulting client could somehow be acceptable for desktop (although not everyone agrees on that), but definitel is not suitable for mobile. I think they have neither the resources nor the will to make a Signal client Librem 5 friendly.

I am in the very same situation. I intend to port a signal client for messages only. I couldn’t be happier if my solution was made obsolete by the Signal team by porting the app themselves!

That is another matter, but I believe the Librem 5 will be compatible with the Librem Key created in partnership with Nitrokey. Of course, it means you need to buy new hardware. See this news for more information.

That said, if you backed-up your GPG key (which is strongly advised if you need not to lose access to your former emails in case you lose or break your YubiKey) and are willing to buy the said Librem Key, you should be able to read your mails on your phone.


#5

While I understand the point, keep in mind this is intended to be Libre software and can be audited by anyone anytime.

Yes i know. Still open source is a necessary but not sufficient condition for security.

If you are an activist or a person at risk, it probably is not a good idea to use such a software
I believe the best use of signal and similar apps is for hiding metadata (social circle etc) and making it difficult - expensive for mass surveillance.

If you are an individual that is targeted from a state i would suggest you stop using your mobile phone.

The resulting client could somehow be acceptable for desktop (although not everyone agrees on that), but definitel is not
suitable for mobile. I think they have neither the resources nor the will to make a Signal client Librem 5 friendly.

Since librem 5 is basically linux Signal desktop might already be able to run on librem 5. Maybe some adjustment for screen resolution etc. Of course video calls and registration is the only added code really needed.

Of course, it means you need to buy new hardware. See this news1 for more information.

Thanks for your info. I just saw it. I have already designed my opsec and incorporated yubikey neo. (including a backup yubikey) In a couple of years i will definitely use nitrokey.

The above are just my opinions. Beside my arguments if you decide to go forward and make a signal app for librem that would be greatly appreciated!


#6

When targeted by a state, anything with bits will bite :wink:

Yes, but not quite. The Signal desktop client is not yet ready to be used on its own. It can only be used a slave, with a master Signal app on an Android or iPhone. Plus it also is an electron app. Electron is very well known for making development work easier, but goes really hard on resources. Let’s not forget the Librem 5 is a mobile device, with limited memory and limited power (both computing power and energy).

Thank you very much for the civilized conversation and all your valid concerns :slight_smile: