大约 20 年前，当我第一次开始使用Internet时，有许多即时消息选项可用。^(Internet)从MSN Messenger到 Yahoo Messenger再到ICQ，我都用过。

但问题^{(problem though)}是它们并不安全。如果聊天平台或政府想窃听你的谈话，他们很容易做到。但是多亏了爱德华·斯诺登^{(Edward Snowden)}，我们最终发现了我们在网上的隐私是多么的少。

从那时起，在让人们更难听到我们的谈话方面取得了巨大的进步。其中有一款名为Signal的高度加密的^(Signal)智能手机和桌面应用程序^{(smartphone and desktop app)}，由大名鼎鼎的Moxie Marlinspike开发。

下面我将概述使Signal如此安全的功能以及如何激活这些功能。由于我使用的是 iPhone，因此我将专注于该设备，但以下内容同样适用于Android手机。

请务必^{(Make sure)}阅读我之前关于此主题的帖子：您的消息传递应用程序真的安全^{(App Really Secure)}吗？和Best Encrypted Messaging Apps，后者讨论了您可以使用的其他几个安全消息传递应用程序。

强大的端到端加密和无用户记录^{(Strong End-To-End Encryption & No User Records)}

Signal链^{(s chain)}中的一个弱点是您需要注册一个有效的电话号码^{(phone number)}才能使用该应用程序。在他们找到解决方法之前， Signal^(Signal)上不会有真正的 100 % anonymity。

但是平衡这一点的是非常强大的端到端加密以及没有用户记录。这意味着Signal不会保留您的通话记录，除非您上次登录该服务。因此，您的电话号码^{(phone number)}可能会表明您是Signal 用户，但没有人^{(Signal user but nobody)}会知道您在与谁交谈或您在谈论什么。

为 Signal 本身设置屏幕锁定 PIN^{(Set a Screen Lock PIN On Signal Itself)}

如果你有手机，你应该有一个屏幕锁定^{(screen lock)} PIN 码^(PIN)。那只是给定的。但您也可以向Signal添加^(Signal)额外的^{(an additional)} 屏幕锁定^{(screen lock)} PIN 码^(PIN)以提高安全性。您也可以使用Touch ID打开Signal，但不建议这样做。

要将屏幕锁定^{(screen lock)} PIN添加到Signal，请转到设置^(Settings)–>隐私^(Privacy)。向下滚动^(Scroll)到“屏幕锁定”并移动切换开关以使其打开。

系统还会询问您何时希望屏幕锁定^{(screen lock)}超时。我建议选择“即时^(Instant)”。

隐藏消息，使其不会出现在锁定屏幕上^{(Hide Messages From Appearing On Your Lock Screen)}

如果您将Signal锁定，那么如果人们的消息开始在您的手机锁定屏幕上弹出，那就有点讽刺了。那种放弃游戏，不是吗？

因此，您不必在屏幕上看到完整的消息，而是可以定制通知，这样您要么只获得发件人的姓名（坦率地说，这仍然是太多的信息），要么是我的首选选项，即只显示“新消息^{(New Message)}”。

进入设置后，转到通知^{(Notifications)}，然后转到“通知内容^{(Notification Content)}”。

现在决定你想要哪一个。

确保您在与正确的人交谈^{(Make Sure You’re Talking To The Correct Person)}

由于存在端到端加密，“中间人”攻击^{(” attack)}的可能性很小。这是入侵者在两个人谈话的中间截获的消息，他们假装自己是通话或聊天^{(call or chat)}中的人之一。

但是除了死亡和税收^{(death and taxes)}之外，没有什么是生命中可以保证的。 这^(Which)就是为什么你仍然应该采取额外的步骤来确保你正在与之交谈的人是正确的人。

有两种验证方法。一种用于语音通话，一种用于文本聊天。

使用语音通话^{(voice call)}，一旦通话接通，屏幕上会出现一个两个字的验证短语。双方都在他们的屏幕上看到了这一点。

所以一个人说第一个词，另一个人说第二个词（例如）。任何试图闯入对话并冒充来电者之一的人都不会知道这句话是什么，因为他们的手机上不会有它。

对于文本聊天，它涉及更多一点，但好处是您只需执行一次（或直到他们使用 Signal注册新设备）。

首先，当您向某人发送消息时，他们的身份密钥^{(identity key)} 会下载到您的设备上，Signal^{(device and Signal)}会自动相信该密钥来自正确的人。但是，如果您想仔细检查此人的真实性，那很简单。

只需在聊天屏幕^{(chat screen)}顶部点击他们的名字。

现在点击“查看安全号码”。

然后，这会向您显示身份密钥^{(identity key)}以及 QR 码。如果此人与您同在，您可以扫描QR 码，Signal^{(QR code and Signal)} 会立即批准（或不批准）。否则，请通过文本聊天^{(text chat)}要求此人将身份密钥键入^{(identity key)}回给您。

确认后，您可以点击“标记^(Mark)为已验证”按钮。

自毁消息^{(Self-Destructing Messages)}

最后，正如任何优秀的罪犯都会告诉你的那样，如果你不想被抓到，你需要摆脱证据。

这意味着，如果您是举报人，您不希望在Signal 应用程序^{(Signal app)}上留下任何对话证据，如果有人设法访问它。

您当然可以删除消息，但作为人类，很容易忘记。这就是 Signal 的“消失的消息”非常简洁的原因。

在这里，您可以向其中一个Signal 联系人发送消息，一旦消息被阅读，它就会从您的设备和他们的设备中删除——无法取回。

要启用“消失的消息”，请点击聊天窗口^{(chat window)}顶部的联系人姓名。

现在向下滚动到“消失的消息”并将其打开。在其下方，您将看到一个滑块，您可以在其中指定消息何时消失。把它放在你的喜好，虽然你应该给对方合理的时间来阅读信息。

现在，当您发送消息时，屏幕上会出现一个计时器，倒计时到消息消失的时间。

结论^(Conclusion)

还有其他一些很酷的功能使Signal成为一个非常安全的应用程序，例如注册锁定^{(registration lock)}防止某人注销您的电话号码^{(phone number)}，以及通过 Signal的服务器中继您的语音呼叫以隐藏您的IP 地址^{(IP address)}。

但是我已经详细介绍的那些是最好的，并说明了为什么你应该抛弃WhatsApp以支持 Moxie 的替代方案。

The Features Which Make Signal The Most Secure Messaging App In Existence

When I first started using the Internet almost 20 years ago, there were many instant messaging options available. From MSN Messenger to Yahoo Messenger to ICQ, I used them all.

The problem though was that they were not secure. If the chat platform or a government wanted to eavesdrop on your conversations, they very easily could. But thanks to Edward Snowden, we eventually found out just how little privacy we have online.

Since then, huge advances have been made in making it more difficult for people to listen in on our conversations. Among them is a heavily encrypted smartphone and desktop app called Signal, made by the wonderfully-named Moxie Marlinspike.

Below I will outline the features that make Signal so secure and how to activate those features. Since I use an iPhone, I will be focusing on that device but the following equally applies to Android phones as well.

Make sure to also read my previous posts on this topic: Is Your Messaging App Really Secure? and Best Encrypted Messaging Apps, the latter of which talks about a couple of other secure messaging apps you can use.

Strong End-To-End Encryption & No User Records

The one weakness in Signal’s chain is that you need to register a valid phone number to use the app. Until they figure out a way around this, there won’t be truly 100% anonymity on Signal.

But balancing this out is very strong end-to-end encryption as well as no user records. This means Signal does not keep logs of your calls, except the last time you logged onto the service. So your phone number might reveal you to be a Signal user but nobody will ever know who you are talking to or what you are talking about.

Set a Screen Lock PIN On Signal Itself

If you have a mobile phone, you should have a screen lock PIN. That is just a given. But you can also add an additional screen lock PIN to Signal for extra security. You can also use Touch ID to open Signal but that would not be recommended.

To add a screen lock PIN to Signal, go to Settings–>Privacy. Scroll down to “Screen Lock” and move the toggle so it is on.

You will also be asked when you want the screen lock to time out. I recommend choosing “Instant”.

Hide Messages From Appearing On Your Lock Screen

If you have Signal locked down, it then becomes a bit ironic if messages from people start popping up on your phone’s lock screen. That kind of gives the game away, doesn’t it?

So instead of seeing the full message on the screen, you can instead tailor the notifications so you either only get the name of the sender (which is still too much information frankly), or my preferred option which is a notification which only says “New Message”.

Once in the Settings, go to Notifications and then “Notification Content”.

Now decide which one you want.

Make Sure You’re Talking To The Correct Person

Since there is end-to-end encryption, the chances of a “man-in-the-middle” attack is slim. This is where an intruder gets in the middle of two people talking and intercepts messages passing themselves off as one of the people on the call or chat.

But nothing is guaranteed in life except death and taxes. Which is why you should still take additional steps to ensure that the person you are talking to is the right person.

There are two verification methods. One for voice calls and one for text chats.

With the voice call, once the call is connected, a two word verification phrase appears on the screen. Both sides see this on their screen.

So one person says the first word and the other person says the second word (for example). Anyone trying to break into the conversation and impersonate one of the callers will not know what the phrase is because they will not have it on their phone.

For text chats, it’s a bit more involved but the upside is that you only have to do this once (or until they register a new device with Signal).

First, when you send a message to someone, an identity key from them is downloaded onto your device and Signal automatically trusts that key as coming from the right person. But if you want to double-check the person’s bona-fides, it’s simple.

Just tap on their name at the top of the chat screen.

Now tap “View Safety Number”.

This then presents to you the identity key along with a QR code. If the person is physically with you, you can scan the QR code and Signal will instantly approve it (or not). Otherwise, ask the person via text chat to type the identity key back to you.

When it has been confirmed, you can tap the “Mark as Verified” button.

Self-Destructing Messages

Finally, as any good criminal will tell you, if you don’t want to get caught, you need to get rid of the evidence.

This means that if you are say a whistleblower, you don’t want to be leaving any proof of your conversations on your Signal app, if somehow someone managed to gain access to it.

You can of course delete messages but being human, it is very easy to forget. This is why Signal’s “Disappearing Messages” is really neat.

This is where you send a message to one of your Signal contacts, and once the message has been read, it is wiped from your device and theirs – with no way to get it back.

To enable “Disappearing Messages”, tap on the contact’s name at the top of the chat window.

Now scroll down to “Disappearing Messages” and toggle it on. Underneath that, you will see a slider where you can specify when the messages should disappear. Put it to your preference, although you should give the other person a reasonable amount of time to read the message.

Now when you send a message, a timer will appear on the screen counting down to when the message will disappear.

Conclusion

There are several other cool features which make Signal a very secure app such as a registration lock preventing someone from deregistering your phone number, as well as relaying your voice calls through Signal’s servers to conceal your IP address.

But the ones I have gone into more detail are the best, and illustrate why you should be dumping WhatsApp in favour of Moxie’s alternative.

Related posts

• Windows ToDoist Desktop App：Full Review

• YNAB vs薄荷：为什么YNAB是Better Budget App

• 如何为 VLC 媒体播放器制作和管理音乐播放列表

• Cash App Review - 最简单的汇款和收款方式

• 5 种将大文件传输给人们的安全在线服务

• Windows，Mac和2022年Mac和Linux的11 Best IRC Clients

• Autohotkey Tutorial至Automate Windows Tasks

• 什么是BetterDiscord and How安装？

• 什么是Twitch Turbo，值得吗？

• Emby vs Plex：这是Better Media Server的吗？

• 6 Best Reddit Alternatives您可以免费使用

• 3最佳远足Apps至Find Trails，Log Hikes，而且没有迷路

• Slack vs Discord：哪个是Better？

• 什么是Discord Nitro，值得吗？

• 6 Ways至Animate仍Photos Online Or Apps

• 7 Best Apps帮助您更好地学习

• NewPipe：适用于 Android 的轻量级 YouTube 应用

• 10最佳Firefox附加组件和扩展

• 什么是最好的视频会议应用程序？4 比较

• 6 Mobile Or PC最佳面部Swap Apps