Following rumours of a cyberattack on encrypted messaging tool Signal’s servers, the European Commission recently published a guide on how to safely use the application, widely used by journalists.

The open source messaging application Signal was recently rumoured to be the victim of cyber attack on its servers. Following this, the European Commission published a useful guide providing advice on how to safely use the application, widely used by journalists.

1 – Use official website to download Signal 

2 – Set automatic updates

Set your application to automatically update. This ensures that any bugs or weaknesses are continually fixed. 

3 – Verify the identity of your contacts

Do not accept requests from unknown numbers. If you receive a request from a supposed known contact, verify their identity by sending that person their Signal number through another trusted means of communication. Instructions: To verify existing contacts, you may cross check their safety number with that person by using another trusted means of communication. The safety number can be accessed by tapping on their profile icon/picture and selecting ‘View Safety Number’. Once the safety number is confirmed by your contact, tap the ‘Mark as Verified’ button. 

4 – Customise your profile

The European Commission suggests that users customise their profile using their real name and add a personal picture and a short bio (Editor’s note: journalists working on sensitive issues should, of course, disregard this advice). 

5 – Activate the Registration Lock

Signal accounts are linked to the user’s phone number. If someone gets access to your account, they may impersonate you. Instructions: To avoid this, activate the feature called “Registration Lock” by tapping your own profile/picture, and selecting ‘Settings’. Signal will then ask you to create a PIN that will be required for account registration. 

6 – Make sure your account is only linked to trusted devices

Only synchronise your account to secure and trusted devices. A compromised device will allow hackers to see all the content of your conversations. Instructions: Check your account’s linked devices by tapping on your profile/icon and selecting ‘Settings’ then ‘Linked Devices’. Check that you recognise each device. To delete any unknown device, select ‘Edit’ in the top right corner and ‘Unlink’. 

7 – Activate the screen lock

Activate the screen lock so that your screen switches off after a period of inactivity. Instructions: Tap on your profile/icon and select ‘Settings’ then select ‘Privacy’ and toggle ‘Screen Lock’ under ‘App Security’. You may then choose the length of time before the screen locks. 

8 – Make your notifications private

Make sure no one is able to read your incoming messages while your screen is locked. Instructions: Change your settings so that only the notification and sender’s name will appear on your phone by tapping your icon/profile picture, selecting ‘Settings’, select ‘Notifications’, then ‘Show’ under notification content and select ‘Name Only’.

9 – Use the Disappearing Message function

Use Signal’s “Disappearing Message” function so that messages will automatically delete themselves after a selected period of time. Instructions: To do this for all of your chats, tap your profile icon/picture on the top left corner of the application, then select ‘Settings’. Select ‘Privacy’ then ‘Default Timer for New Chats’ under ‘Disappearing Messages’. To set disappearing messages for individual chats, tap on the icon/picture of your chat with someone, tap ‘Disappearing Messages’ and choose a timer for the message eg. one week. 

10 – Reboot your phone regularly

By rebooting your phone at least once a day, non-persistent implants that may have been installed will be deleted. 

To access the complete guide, click here.