Just a few years ago, sending encrypted messages was a challenge. Just to get started, you had to spend hours following along with jargon-filled tutorials, or be lucky enough to find a nerd friend to teach you. The few that survived this process quickly hit a second barrier: They could only encrypt with others who had already jumped through the same hoops. So even after someone finally set up encrypted email, they couldn’t use it with most of the people they wanted to send encrypted emails to.
The situation is much better today. A number of popular apps have come along that make encryption as easy as texting. Among the most secure is Signal, open-source software for iOS and Android that has caught on among activists, journalists, and others who do sensitive work. And probably the most popular is WhatsApp, a Facebook-owned platform with encryption setup derived from Signal. For me, the spread of encrypted chat apps means that, with very few exceptions, all of my text messages — with friends, family, or for work — are end-to-end encrypted, and no one even has to understand what a “public key” is.
But there is a major issue with both Signal and WhatsApp: Your account is tied to your phone number.
This makes these apps really easy to use, since there are no usernames or passwords to deal with. It also makes it easy to discover other app users; if someone is a contact in your phone and has the app installed, you can send them encrypted texts with no further effort.
But it also means that if you want people to be able to send you messages securely, you need to hand out your phone number. This puts people who interact with the public in an awkward bind: Is the ability for strangers to contact you securely worth publishing your private phone number?
In this article I explain how to create a second Signal number that is safe to publish on your Twitter bio and business cards, so strangers have an easy way to contact you securely, while your primary phone number remains private. I explain how to obtain a second phone number, how to register it with the Signal server, and how to configure it to use Signal Desktop — even if you’re already using Signal Desktop with your private phone number. I will focus on Signal rather than WhatsApp for reasons I’ll explain further down (basically, WhatsApp appears to block non-cellular phone numbers that make all this possible with Signal).
Why Wouldn’t You Want to Publish Your Phone Number?
When you give out your phone number, you risk opening yourself up to abuse. As freedom of expression activist Jillian York wrote on her personal blog, “As a woman, handing out my phone number to a stranger creates a moderate risk: What if he calls me in the middle of the night? What if he harasses me over SMS? What if I have to change my number to get away from him?”
If you’re a public figure, and especially if you’re a women or person of color, you’re probably used to sexist or racist jerks yelling slurs and threats at you on Twitter, Facebook, and in the comments section under the articles you write. Publishing your private phone number could make this problem worse and could make these people harder to mute.
It could also open up your online accounts to attack. Last year, someone hackedracial justice activist DeRay Mckesson’s Twitter and email accounts by taking over his phone number. The hacker called Verizon and, impersonating Mckesson, asked to change the SIM card associated with his phone number to a new one that they controlled, so they could receive SMS messages sent to his phone number.