Signal and a VPN service: does it make sense?


I use my Sony XA2 mainly as “dumb phone” (no web browsing, no sync to cloud services …), with the exeption of the messaging app Signal. I was thinking that, with other connected devices, I use a VPN service. But would it make sense to do the same with my /e/OS phone, since the traffic generated by Signal is already encrypted?
Or am I missing anything, and it would be a good idea? Would a VPN add some layer of security/privacy?

Thank you in advance for your advice.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

A vpn service is used to hide you behind a dedicated public IP address. the one of your vpn service provider.
that’s used if you want not to be seen/visible in the internet with your own IP.
mostly you can choose where you get natted behind. any country…

so, the vpn tunnel encryption is only between you and your vpn endpoint (vpn service provider), but not the whole way through internet.
not all of your traffic is encrypted on all the ways. only on the first part.

an vpn is just a kind of security (anonymization) but not security at all.

and I think this is the reason why I asked: if the traffic from the VPN endpoint and the final receiver is encryped by Signal, does it make sense to add a VPN there? I guess that the entrypoint would be anyway potentially visible (for my ISP if I use a VPN, for anybody else if I do not use it).
I do not know my question is clear (probably I do not have clear ideas about the topic…), but I would like some advice if I should consider a VPN or if, for my usage, it would not be a reasonable idea …
Perhaps I am missing something, and the smartphone is leaking other information (that could be “protected” by a VPN) when I am connected to the internet to use Signal, although I think that only Signal is exchanging data …

Thank you in advance

vpn does only hide you behind another IP

To protect your traffci in/out use TrackerControl, Blokada, netguard, etc…

Sometimes it’s useful to pretend your location is somewhere you are not.

When you use public WiFi (hotels, cafes, airports, planes, trains, etc.) it can be more secure to connect first to your trusted VPN service, in case there are malicious snoopers in the net, or in case the WiFi network is poorly secured or is compromised.

Signal does not protect anything except your Signal communications, so email, connected apps, web-browsing, etc., are still exposed.

1 Like

Hi @kisman172

I guess this is a very clear summary.

I will think about what to do, I believe that it would make more sense the second one, but I am afraid that it would be complex to correctly set up (what to allow / not allow in order to have what I need working properly…)

thank you

Hi @Taurus, as we never know, perhaps it would be a good idea to have a VPN when I (rarely) connect to a public WiFi. Sometimes I connect from a personal hotspot (sharing the data connection from another 4G device): I assumed that was a safe connection, or is it better to consider a VPN in such a case as well?

I do no use other connected apps / online services from my phone, apart from Signal. Therefore I have nothing else configured, but I was wondering whether, by default, my smartphone tries to connect and exchange data (example: to check the updates. But, what else?). I guess that the suggestion from @kisman172 to use TrackerControl/Blokada/Netguard is the way to control that, but I am afraid of blocking something needed … Is there any guide about that?

Thank you in advance

I wonder if in questions like this one is trying to disentangle whether we hold;

  1. A highly networked device being able to network with every possible modern convenience, and find it helpful when strangers send us invitations to use their services just as we were thinking “I wonder if I really need an xyz”. Is this thing nicely tied and bound to a global advertising agency with a certain number of pirates on the airwaves?

  2. A device we believe is totally under our control. We can use it as a secure computer with a sufficient level of compartmentalisation for all our needs for privacy and security.

1 Like

If the hotspot is reaching the internet via the mobile network and not some random public WiFi, then, again, you’re trusting the mobile network (and the hotspot manufacturer). Safe? Maybe. At least your Signal communications are encrypted.

If you’re truly using only Signal, not web browsing, using email, or sending/receiving regular SMS/MMS, then no worries. [EDIT: For clarity, I think telephonic messaging is carried by the mobile network, so is not behind the VPN.] (Note that if you allow Signal to handle your regular SMS/MMS with non-Signal users, those are still traveling unencrypted over the mobile network… Signal is just gathering them into the app for you.)

Regarding tracker blockers:

If no browser is installed, no worries. If there’s a browser installed, it might be connecting to somewhere behind the scenes.

If there is anything installed at all, it could be making attempts to connect with servers you don’t expect. Signal, for example, connects with cloudfront[.]net, i.e. Amazon infrastructure. (But it needs to do that to function, I would imagine.)

Apps related to weather, music, photo storage, and others, usually connect somewhere behind the scenes.

It all comes down to which apps are installed (even the disabled ones), and where you sourced them from.

Even the OS itself connects somewhere.

Tracker blockers can reveal all these hidden, and sometimes unexpected, connections, so you can disable or allow them, or look for alternatives. And they’re not complicated to use; these apps’ presets block most of the true trackers by default anyway, and manual blocking or enabling is just a toggle switch.

You can also then decide if there are some apps for which you want to block internet access altogether.

One downside, though, is that you typically can’t use a tracker blocker and a VPN simultaneously, due to a limitation in Android, so you have to choose one or the other, dependent on the situation.

Hi @ Taurus,

Thank you for your comprehensive answer.

:frowning: I forgot about the SMS … but I guess the service was design like that, so “take it or leave it” … Trust on the carrier, then … but it will be the same for the calls, won’t it?

Another thing I have not thought about … even if I do not open it, it could …

As I have the standard apps installed, I guess it is the case …

And this is something I have read in the past, and forgotten …

Thank you. I will have some reading and decide about a VPN, or TrackerControl / Blokada / Netguard …

1 Like

I should backtrack a bit… I think that a VPN probably doesn’t have any affect on SMS and phone calls, as these are handled by the mobile network. But now networks are converting to Voice over LTE (data connection), so…maybe?

Unfortunately I’m not an expert in actual telephony. :wink: I’ve edited my previous comment regarding SMS/MMS.