Thanks for collaborating.
As best I understand it, you can sign up via desktop cli signal, but you still need a number to recieve a text/call to and register via, even if desktop is not the main device. This number can be a mobile/landline/voip/other, decide based on your threat model. You can then set a passcode for your signal account to preserve the associated number (even if you’re only displayed as and searchable by a user tag with no number), but the passcode will default after 7 days of inactivity so someone else can use the number. Users much either maintain a number to re-authenticate through (be that a real phone or voip/sms forward solution) OR must be sure to use the account at least once every 7 days.
Using a cellphone
In my case the only form of cellphone i’d be using would be a dumb phone with battery removed for emergencies. Or maybe an older smartphone with all antennas removed so that it was airgapped. No GSM, no wifi/bluetooth, no rfid. For me geolocation is a massive part of my threat model, but not anonymity. An airgapped smartphone would be a useful camera, calculator, pocket device. Good for currency exchange conversions, voice recording etc. Maybe as a portable media player and external storage. (Think about trying to get the highest degree of compartmentalisation with the maximum degree of functionality and portability. You don’t want to carry an ipod and calculator and cheap camera if you can just use a modified iphone safely)
Graphene OS sounds great. I saw posts in this forum about people hoping to port it to Qubes but no offerings as of yet. Back to a question from before: can anyone comment on android emulators being able to ‘phone home’? I can’t imagine the emulator VM would gain access outside of itself so can’t expose other VMs or home wifi information, but if forced to register the device then google still has some talons in where they’re not wanted. My understanding of network tunneling isn’t great yet, I don’t know if google would get access to your IP address, for instance. Identity anonymity isn’t my concern, but geographical anonymity is.
USB Dongle (and geolocation)
USB dongle is an option, but that does tie you to SS7 network for messages. Safer option with dongles is almost certainly a data only sim, but then no verification texts. If using voice/text enabled sim, a victim of simjacker or pegasus attack at least won’t suffer precise gps tracking as the dongle won’t have gps antenna (check yours). (refer to Rob Braxman video on privacy experiments for notes on travel routers and using your devices without a simcard directly attached) For me, location is everything, anonymity and encryption are almost irrelevant, but nice to have.
The most convenient, and the most dangerous. The one that gets your number uploaded to other peoples contact lists without your consent; it has no option to disguise your phone number. Should definitely only be used with a proxy/voip number to register- reduce risks of SS7 based attacks. Still not ideal. Whatsapp is undoubtedly the biggest risk.
Patching into SS7 network
In the instance where you have to contact a normal phone number maybe it’s best to use google/skype type voip number to call with a withheld number and hope recipient is within tower range or leave a voicemail (maybe voip protocols recognise if someone has wifi calling enabled- can anyone comment?).
Ideals vs Compromise
Compel important contacts to get signal on their device, more likely to succeed than getting them to use wickr.
Decide for yourself if you’ll accept use of a real phone to register your messaging/calling accounts. If all you want is the functionality for use/testing in qubes, i’m sure this thread will still be applicable once it’s populated with answers, and you can forget the voip anonymous signup part.
Encryption and Anonymity Actually of least importance in my threat model. I assume all other devices are untrusted, so do not disclose locations or other specifics. If someone can read my chats, all they’ll see is that i’m keeping in contact with friends. When i introduce a professional role to this mix, encryption becomes more important. The scales slide for each of us contextually as we move through life.