Status of Signal on the Librem 5

I did not manage to change the remote of the already installed Signal desktop flatpak. Apparently that is not possible. So I will remove and re-install the Signal desktop flatpak from the new remote.

Novice question. Downloaded the .zip file from the git hub and extracted it. Now I have folder “signal-desktop-development” in download folder on librem 5. What do I do now, or was there a different way I should have done it from git hub.

Thanks!

@lib52 it may be easier to install signal-desktop via flatpak, see the link to signalflatpak in this comment: Status of Signal on the Librem 5 - #19 by elagost

In my opinion Signal is easy because it glues itself to your phone number and address book and while your communications are secure metadata and who you talk to is probably retained if at a minimum to help you connect with friends at the start.

TOX clients are hard to use by design because they require you to act securely and pair securely, they don’t give you an easy way to onramp questionable software and contacts. Qtox gui works on pureos/librem5 if you use the compositor, there are a few tweaks keeping us away from using Briar though a diminished linux desktop client which is missing the critical offline bluetooth swarm bridging message sneaker-netting.

Something happened with the US presidential war cabinet where they were oversharing war plans on Signal in the summer of 2025, some sources claim it was a bespoke non-standard build, though it was probably just letting everyone join a secret discussion ‘room’.

Qtox and Briar require secure pairing and joining, Qtox has video and audio though it is not fully working(no video&audio) on the librem/pureos a bit better on mobian/pinephone with audio and video at one point but secure chat works for both. Briar is mostly about chat messages and creating discussions more like fidonet and usenet in the 80s. Both are very secure both rely on TOX and TOR networks to route traffic.

Hey that worked! I’m such a novice it took me over an hour to figure how to use git hub properly (from trying to download the zip etc. finally read that you look in the “read me” section). Anyway got app installed. Doesn’t appear blurry like instructions warned. The only smart phone I own is the Librem 5 so idk yet how I’m going to figure out about the linking part but good to know the app installed. Thanks!

I use the Librem 5 as my daily phone and also with Signal Desktop.
Some tips:

• Zoom out a few times in Signal Desktop. Use Ctrl and - key. This gives a less cramped overview.
• Make the left pane as narrow as possible, so you only see the avatars. Tapping on the hamburger menu
  

  image500×500 2.18 KB
  also hides the tabs.

Do you have a way to get notifications about Signal messages without having the Signal Desktop app running all the time?

No, I leave Signal Desktop running all the time, but I also do use suspend when not connected to power. I wake the Librem 5 now and then to see if there are Signal messages. And I tell people to phone call or SMS me if I have to respond immediately.

I use a small scrpt to wakeup the phone and check for messages. And goto sleep if there a none.

How? What does your script look like?

I use the rtc to wake up every x minutes or so.

Wait until internet is working, and then check if there are new messeges on dbus.

If not go back to sleep, if there are new ones enable display and play sound.

Tox should really not be used. It’s library (toxcore) is showing a big warning disclaimer on Github that it has not been properly audited and multiple issues are open discussing security aspects of it. Also I already had tests on my local machine were the protocol itself messed up so hard that I could steal the identity of another client by accident. Which means it probably messes up multiple cryptographic operations by a lot, given that I didn’t even need to look for attack vectors intentionally.

Still I used Tox as inspiration for the GNUnet Messenger in terms of how easy it was to get started. You don’t need to register an account or anything. But it surely missed a way to quickly open a secure chat with someone. You don’t need a phone number for that though.

That is a massive ‘bug’ as we are supposed to have public/private GPG style crypto signatures proving our identity in tox. Until that point I had felt that toxcore was a great way to have a securely initiated phone/vid-call, chat, or file transfer and that at least the project was competently managed but possibly subject to group think missing problems that would be caught by an outside audit. But if even identity can be spoofed easily… accidentally! it means that quite possibly nothing except a few TOR links are working inside the ‘black box’. Please post your bug report so we can follow the progress on github.

This has been years ago and the project hasn’t really looked active back then (2019 or 2020). So I didn’t open an issue for it. But given they still have the warning banner linking to open issues, I wouldn’t assume it has been fixed. Maybe they did though. The one issue states their handshake would be vulnerable and this might be exactly what I experienced by accident. However they changed their handshake in 2024.

Either way they are still claiming to not have been audited properly. So there’s definitely no guarantee for it to be secure. I would definitely not compare it to Signal before they have done a full specification that can be audited.

So question. Does the app you made the signal account on have to stay open/ active to use the desktop version on a librem 5?

I don’t have a way of creating a signal account on another device as I don’t have another device that’s compatible (I do have some old tablets but assume it has to be a phone). If I found an old phone and got one month of service on it or a friend that was never going to use signal, could I activate an account, link it to librem 5 and then delete the first one?

If I used a friend would they be able to reinstall the app, log back in and start seeing messages? Thanks.

• You do not have to have Signal on your primary device open. But I do think you have to access Signal from your primary device now and then (not 100% sure though).
• I think you only need a phone number once to register, after that all can be done via internet connection, also on your primary device.
• It seems that you can also register via signal-cli, but I never tried that myself.

It’s like @janvlug wrote, you have to access Signal from your primary now and then.

This is how it is for me at the moment. My “primary device” for Signal is signal-cli on a postmarketOS device which I don’t use for anything else, it just sits in a drawer until my Signal Desktop clients (my Librem 5 and a few laptops) tell me that I need to start Signal on my “primary device” to keep it working. Then I boot up the postmarketOS device and send a message to myself using signal-cli there. Sending a single message seems to be enough, then Signal notes that the “primary device” has shown activity and things are okay again. I need to do that about once a month.

So it’s a little bit of a nuisance that I have to still keep the postmarketOS device, but that’s only once a month and I’m fairly happy anyway because this setup means that I can use Signal (including the initial setup) without ever having to touch anything related to Android or iOS.

Someone mentioned in a flare thread that they heard it was possible to use flare on Librem 5 and also make librem 5 your “primary device” using signal-cli, they did a little research but hadn’t tried it. Im not super tech savy with linux, I wonder if thats possible, if you could also use signal and make librem 5 your “primary device” with the same method. Haven’t looked into the flare idea yet though.

what is a postmarketOS device if not android or iOS?

what is a postmarketOS device

In my case it’s another Librem 5, running the postmarketOS operating system.

postmarketOS is a Linux distribution for mobile phones, so it’s a “mobile Linux” variant similar to PureOS and Mobian. The special thing about postmarketOS regarding Signal is that postmarketOS has the signal-cli package as a standard package you can just install, you just do apk install signal-cli. PureOS and Mobian do not have the signal-cli package, at least I don’t think so.

You can read about postmarketOS here: https://postmarketos.org/