Just a few years ago, sending encrypted messages was a challenge. Just to get started, you had to spend hours following along with jargon-filled tutorials, or be lucky enough to find a nerd friend to teach you. The few that survived this process quickly hit a second barrier: They could only encrypt with others who had already jumped through the same hoops. So even after someone finally set up encrypted email, they couldn’t use it with most of the people they wanted to send encrypted emails to.
The situation is much better today. A number of popular apps have come along that make encryption as easy as texting. Among the most secure is Signal, open-source software for iOS and Android that has caught on among activists, journalists, and others who do sensitive work. And probably the most popular is WhatsApp, a Facebook-owned platform with encryption setup derived from Signal. For me, the spread of encrypted chat apps means that, with very few exceptions, all of my text messages — with friends, family, or for work — are end-to-end encrypted, and no one even has to understand what a “public key” is.
But there is a major issue with both Signal and WhatsApp: Your account is tied to your phone number.
This makes these apps really easy to use, since there are no usernames or passwords to deal with. It also makes it easy to discover other app users; if someone is a contact in your phone and has the app installed, you can send them encrypted texts with no further effort.
But it also means that if you want people to be able to send you messages securely, you need to hand out your phone number. This puts people who interact with the public in an awkward bind: Is the ability for strangers to contact you securely worth publishing your private phone number?
In this article I explain how to create a second Signal number that is safe to publish on your Twitter bio and business cards, so strangers have an easy way to contact you securely, while your primary phone…