Is a Signal call as safe on public wi-fi as it is on a home network?

encrypted end-to-end?

what kind of signal is it?

pan64, not everyone is modifying it's signal client. He probably thinks about normal one. That one you install in the google play.

Although OP hasn't logged in (yet) since their OP, Yes, says: https://www.google.com/search?q=Is+a...+end-to-end%3F

Always easy to search & was done, while there is still no answer to the direct question.

Ie, 'It's safely encrypted end-to-end.'

is not the same as, 'Due to end-to-end encryption, messages & voice over public networks are just as safe as private.'

Best I can work from is assumption.

If you mean the signal private messenger app you need to ask the maintainer/developer. But from my side it is definitely secure, encrypted end-to-end.

Quote:

Originally Posted by JASlinux Always easy to search & was done, while there is still no answer to the direct question. Ie, 'It's safely encrypted end-to-end.' is not the same as, 'Due to end-to-end encryption, messages & voice over public networks are just as safe as private.' Best I can work from is assumption.

The Signal protocol (which has been widely adopted by the likes of Wire and Meta for WhatsApp and Facebook) has been reviewed and rated as secure. I would not be concerned about the E2EE employed by Signal Messenger.

And if there was concern about the protocol, I would not want to use it to send messages over the internet regardless of whether I was connecting to it through my home network or a public one.

Yes

As you see from the "https://" in the URL at the top of your screen, your communication with this web site is "end-to-end encrypted." However, the only practical benefit to you is that you can click on the "padlock" in the address-bar and be confident that "this is the real web site." Thus, encryption and message-signing is used – to excellent effect – to protect message integrity, but not necessarily privacy.

Actually, "message signing" is far more important than "encryption." By the end of WW2, the Allies were actually able to transmit "encrypted messages" to the Germans which were actually completely fake. Knowing that the Germans could not differentiate between "one message which they were able to decrypt" and "another." Although "message signing" is always used for encrypted messages, it can of course be used even for messages that are not encrypted.

Quote:

Originally Posted by sundialsvcs As you see from the "https://" in the URL at the top of your screen, your communication with this web site is "end-to-end encrypted." However, the only practical benefit to you is that you can click on the "padlock" in the address-bar and be confident that "this is the real web site." Thus, encryption and message-signing is used – to excellent effect – to protect message integrity, but not necessarily privacy. Actually, "message signing" is far more important than "encryption." By the end of WW2, the Allies were actually able to transmit "encrypted messages" to the Germans which were actually completely fake. Knowing that the Germans could not differentiate between "one message which they were able to decrypt" and "another." Although "message signing" is always used for encrypted messages, it can of course be used even for messages that are not encrypted.

That is erudite knowledge, but what I'm asking is a lay smart question.

Most people understand how a public network is less secure than private, but when using devices encrypted end-to-end for data, is there truly not any way that data can be intercepted deciphered?

The answer seems like yes.

Practically I just want to make Signal Messenger connections on public networks with the same security as home.

If you are using a public network to communicate between two machines that you own, you should use a VPN solution (OpenVPN recommended ...) with digital certificates.

(Do not use "PSKs = pre-shared keys," which are nothing more than passwords.)

If you take this simple step, all communications will be securely encrypted and the two VPN hosts will be able to recognize one another. If you use the tls-auth feature of OpenVPN, you can also conceal the very existence of(!) the two servers so that outsiders will not be "pestering" your servers in futile attempts to break in to them.

Unlike a "password," a digital certificate contains thousands of bits of "pure entropy," and it can be individually revoked without affecting any other certificate that may have also been issued. (Certificates can also be "password protected" – encrypted – to prevent unintended use.) Like a badge that you swipe to get into an office building, either you possess a "live" one or you don't.

When you connect, the remote side has an internal IP-address which you can predict. You simply "talk" to that address and the data is magically transported through the secure "tunnel" to the other side. It really is a "virtual private network," because the remote side appears to be local to you. Other software need take no additional steps to secure the communication. VPN's are a cryptographically-secure TCP/IP router (or switch): the remote side is "just there."

If you arrange for services such as "sshd" to listen and respond only to the tunnel address-domain, you create an additional layer of security – and you reduce the number of "unauthorized access attempts" to zero. No one can even see your SSH server in your castle's portcullis unless they have already cleared the tunnel moat (after having found the hidden drawbridge). It's effortless for authorized users but impossible for everyone else.

Yeah, it takes a little time to get everything working the first time, because crypto is purposely designed to offer no clues, but then you can just "fuhgeddaboudit" because It Just Works.™ (The most frequent problems have to do with correctly setting the routing tables in all of the surrounding hardware so that both encrypted and unencrypted traffic is routed correctly.)