.. | ||
files/repo | ||
clone.sls | ||
clone.top | ||
configure.sls | ||
configure.top | ||
create.sls | ||
create.top | ||
firewall.sls | ||
firewall.top | ||
init.top | ||
install.sls | ||
install.top | ||
README.md |
signal
Signal messaging app in Qubes OS.
Table of Contents
Description
Install Signal Desktop and creates an app qube named "signal".
Installation
- Top:
qubesctl top.enable signal
qubesctl --targets=tpl-signal,signal state.appply
qubesctl top.disable signal
- State:
qubesctl state.apply signal.create
qubesctl --skip-dom0 --targets=tpl-signal state.apply signal.install
qubesctl --skip-dom0 --targets=signal state.apply signal.configure
Usage
You may use different Signal accounts for different identities, such as
personal, work or pseudonym. Maintain the signal
qube pristine and clone it
to the assigned domain, personal-signal
, work-signal
, anon-signal
. If
you don't maintain the qube pristine, you will have to apply the firewall
rules manually.
Signal might loose connectivity due to upstream rotating IP addresses with the use of CDNs to evade blocking. You will have to reapply the firewall rules eventually.
TODO: Is it worth using the firewall? If you allow all cloudfront.net IPs for region "GLOBAL", what is blocking an attacker from using that to host his malicious callback server? Recently (2023-11-11) signal stopped working with the current firewall.