Signal usernames are here!

Martin Shelton

Principal Researcher

Header image with a graphic of Signal's "speech bubble" logo, with a pattern of silhouettes of phones in the background.
Credit: Freedom of the Press Foundation (CC BY 4.0)

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

This week, security nerds are dancing in the streets because Signal, the encrypted messaging app, is finally rolling out usernames. Signal has previously required users to provide their phone number as an identifier, but with this most recent update, users may instead use a username. Through massive reengineering, Signal is now able to store additional data, including information about usernames, in a secure format. By default, phone numbers will be hidden from new contacts, and users can also optionally remove their phone number from Signal’s “new contact” search. Read their blog post here.

What you can do

  • Right now these new features are in Signal’s public beta. If you want these features now, you can sign up. The beta version can sometimes be a little buggy, so fair warning. However, it’s also rolling out to the more stable “vanilla” app in coming weeks, so stay on top of downloading your app updates.
  • Signal’s default settings are already great, but if you want to dive deeper into maximizing its security benefits, read our guide to locking down Signal.

Updates from my team

  • We wrote a post on why journalists should set up Signal usernames! Check it out here.
  • To include the new changes to usernames we’ll also be updating our other Signal-related guides in the coming weeks. Stay tuned.

We are always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Donate to support press freedom

Your support is more important than ever.

Read more about Digital Security Digest

Apple warns iPhone users of targeted malware

On April 10, Apple sent users in 92 countries warning of mercenary malware attacks targeting the iPhone. The notification did not provide details about the identities of the attackers. According to TechCrunch, Apple warned, “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”

Preparing for election-related security issues

Throughout this year, our digital security training team will share our thoughts on navigating security issues during the 2024 election season. Elections around the world experience distinct security issues that may change from year to year, but in the U.S. we look to 2020 for lessons on how to get ahead of likely issues, from surveillance of our sensitive communications to perennial phishing attacks and harassment for political reporting.

Google to delete old Chrome Incognito data

Following a class-action lawsuit over Google’s handling of user data in its Chrome browser’s “Incognito” private browsing mode, the search company will expunge “billions of event-level data records that reflect class members’ private browsing activities” improperly collected before January 2024. It also updated its Incognito landing page to highlight that even Google can discern your activities in private browsing mode. Additionally, the company will be required to delete data that makes users’ private browsing data personally identifiable, such as IP addresses.