In July I wrote how to get the Signal Chrome/Chromium app working without the ability to receive SMS messages (aka without a cell phone). It is time to share some experiences and provide an updated setup.
The Signal app have worked fine for several months now, and I use it regularly to chat with my loved ones. I had a major snag at the end of my summer vacation, when the the app completely forgot my setup, identity and keys. The reason behind this major mess was running out of disk space. To avoid that ever happening again I have started storing everything in userdata/ in git, to be able to roll back to an earlier version if the files are wiped by mistake. I had to use it once after introducing the git backup. When rolling back to an earlier version, one need to use the 'reset session' option in Signal to get going, and notify the people you talk with about the problem. I assume there is some sequence number tracking in the protocol to detect rollback attacks. The git repository is rather big (674 MiB so far), but I have not tried to figure out if some of the content can be added to a .gitignore file due to lack of spare time.
I've also hit the 90 days timeout blocking, and noticed that this make it impossible to send messages using Signal. I could still receive them, but had to patch the code with a new timestamp to send. I believe the timeout is added by the developers to force people to upgrade to the latest version of the app, even when there is no protocol changes, to reduce the version skew among the user base and thus try to keep the number of support requests down.
Since my original recipe, the Signal source code changed slightly, making the old patch fail to apply cleanly. Below is an updated patch, including the shell wrapper I use to start Signal. The original version required a new user to locate the JavaScript console and call a function from there. I got help from a friend with more JavaScript knowledge than me to modify the code to provide a GUI button instead. This mean that to get started you just need to run the wrapper and click the 'Register without mobile phone' to get going now. I've also modified the timeout code to always set it to 90 days in the future, to avoid having to patch the code regularly.
So, the updated recipe for Debian Jessie:
- First, install required packages to get the source code and the
browser you need. Signal only work with Chrome/Chromium, as far as I
know, so you need to install it.
apt install git tor chromium git clone https://github.com/WhisperSystems/Signal-Desktop.git
- Modify the source code using command listed in the the patch block below.
- Start Signal using the run-signal-app wrapper (for example using `pwd`/run-signal-app).
- Click on the 'Register without mobile phone', will in a phone number you can receive calls to the next minute, receive the verification code and enter it into the form field and press 'Register'. Note, the phone number you use will be user Signal username, ie the way others can find you on Signal.
- You can now use Signal to contact others. Note, new contacts do not show up in the contact list until you restart Signal, and there is no way to assign names to Contacts. There is also no way to create or update chat groups. I suspect this is because the web app do not have a associated contact database.
I am still a bit uneasy about using Signal, because of the way its main author moxie0 reject federation and accept dependencies to major corporations like Google (part of the code is fetched from Google) and Amazon (the central coordination point is owned by Amazon). See for example the LibreSignal issue tracker for a thread documenting the authors view on these issues. But the network effect is strong in this case, and several of the people I want to communicate with already use Signal. Perhaps we can all move to Ring once it work on my laptop? It already work on Windows and Android, and is included in Debian and Ubuntu, but not working on Debian Stable.
Anyway, this is the patch I apply to the Signal code to get it working. It switch to the production servers, disable to timeout, make registration easier and add the shell wrapper:
cd Signal-Desktop; cat <<EOF | patch -p1 diff --git a/js/background.js b/js/background.js index 24b4c1d..579345f 100644 --- a/js/background.js +++ b/js/background.js @@ -33,9 +33,9 @@ }); }); - var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org'; + var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org'; var SERVER_PORTS = [80, 4433, 8443]; - var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com'; + var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com'; var messageReceiver; window.getSocketStatus = function() { if (messageReceiver) { diff --git a/js/expire.js b/js/expire.js index 639aeae..beb91c3 100644 --- a/js/expire.js +++ b/js/expire.js @@ -1,6 +1,6 @@ ;(function() { 'use strict'; - var BUILD_EXPIRATION = 0; + var BUILD_EXPIRATION = Date.now() + (90 * 24 * 60 * 60 * 1000); window.extension = window.extension || {}; diff --git a/js/views/install_view.js b/js/views/install_view.js index 7816f4f..1d6233b 100644 --- a/js/views/install_view.js +++ b/js/views/install_view.js @@ -38,7 +38,8 @@ return { 'click .step1': this.selectStep.bind(this, 1), 'click .step2': this.selectStep.bind(this, 2), - 'click .step3': this.selectStep.bind(this, 3) + 'click .step3': this.selectStep.bind(this, 3), + 'click .callreg': function() { extension.install('standalone') }, }; }, clearQR: function() { diff --git a/options.html b/options.html index dc0f28e..8d709f6 100644 --- a/options.html +++ b/options.html @@ -14,7 +14,10 @@ <div class='nav'> <h1>{{ installWelcome }}</h1> <p>{{ installTagline }}</p> - <div> <a class='button step2'>{{ installGetStartedButton }}</a> </div> + <div> <a class='button step2'>{{ installGetStartedButton }}</a> + <br> <a class="button callreg">Register without mobile phone</a> + + </div> <span class='dot step1 selected'></span> <span class='dot step2'></span> <span class='dot step3'></span> --- /dev/null 2016-10-07 09:55:13.730181472 +0200 +++ b/run-signal-app 2016-10-10 08:54:09.434172391 +0200 @@ -0,0 +1,12 @@ +#!/bin/sh +set -e +cd $(dirname $0) +mkdir -p userdata +userdata="`pwd`/userdata" +if [ -d "$userdata" ] && [ ! -d "$userdata/.git" ] ; then + (cd $userdata && git init) +fi +(cd $userdata && git add . && git commit -m "Current status." || true) +exec chromium \ + --proxy-server="socks://localhost:9050" \ + --user-data-dir=$userdata --load-and-launch-app=`pwd` EOF chmod a+rx run-signal-app
As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.