From 543dfe1ba59b4f34db3bf68ee3c0d11a53f8a04c Mon Sep 17 00:00:00 2001 From: Alicia Sykes Date: Sat, 11 Jul 2020 13:31:38 +0100 Subject: [PATCH] =?UTF-8?q?Adds=20Secure=20Messaging=20Section=20?= =?UTF-8?q?=F0=9F=92=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index 77f4f88..1fb6731 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,31 @@ The big companies providing "free" email service, don't have a good reputation f - [Anonymous Mail Forwarding](/5_Privacy_Respecting_Software.md#anonymous-mail-forwarding) - [Pre-Configured Mail Servers](/5_Privacy_Respecting_Software.md#pre-configured-mail-servers) +## Secure Messaging + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Only Use Fully End-to-End Encrypted Messengers** | Recommended | [End-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption) is a system of communication where messages are encrypted on your device and not decrypted until they reach the intend recipient. This ensures that any actor who intercepts traffic cannot read the message contents, nor can the anybody with access to the central servers where data is stored. Note that if an app is not completely open source, the extent to which the encryption is implemented cannot be verified, and it should not be trusted. +**Use only Open Source Messaging Platforms** | Recommended | If code is open source then it can be independently examined and audited by anyone qualified to do so to ensure that there are no backdoors, vulnerabilities, or other security issues. As well as this bugs are raised transparently and are usually fixed quickly, and version histories can show who added what, and when. When downloading a pre-built package, you can verify that it has not been tampered with by [doing a hack check](https://proprivacy.com/guides/how-why-and-when-you-should-hash-check) and comparing the digital signatures. It's important to note that, no piece of software that it totally bug free, and hence never truly secure or private- being open source, is in no way a guarantee that something is safe +**Use a "Trustworthy" Messaging Platform** | Recommended | When selecting an encrypted messaging app, ensure it's fully open source. It should be stable and actively maintained. Ideally it should be backed by reputable developers or at least be fully clear where funding originates from and/ or what their revenue model is. It should have undergone an independent code audit, with results publicly published +**Check Security Settings** | Recommended | Enable security settings, including contact verification, security notifications and encryption. Disable optional non-security features such as read receipt, last online and typing notification. If the app supports cloud sync either for backup or for access through a desktop or web app companion, this increases the attack surface and so should be disabled +**Disable Cloud Services** | Recommended | Some mobile messaging apps offer a web or desktop companion. This not only increases attack surface, but it has been linked to several [critical security issues](https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/), and should therefore be avoided, if possible. Some messaging apps also offer a cloud backup feature. Again there a serious security issues with many of these implementations, for example WhatsApp [backups are not encrypted](https://www.ghacks.net/2018/09/04/whatsapp-backups-android/), and so with this feature available, you chat history may be breached. Again, this should be [disabled](https://www.techuntold.com/stop-whatsapp-backup-iphone-android/). +**Ensure your Recipients Environment is Secure** | Recommended | Your conversation can only be as secure as the weakest link. Often the easiest way to infiltrate a communications channel, is to target the individual or node with the least protection. They may not even be aware that their environment has been compromised, leading to sensitive information being captured by an adversary. The best solution to this is to educate and inform the participants in your conversation, about good security practices. Focus on secure authentication, device encryption, network security and malware prevention +**Secure Group Chats** | Recommended | That the risk of compromise will rise exponentially, the more participants are in a group, as the attack surface increases. There is also a higher chance that an adversary lurking among the members can go unnoticed. Periodically check that all participants are legitimate, and ensure only trusted members have admin privileges. It may sometimes be worth only sharing sensitive information within smaller groups. Note that with some messengers, not all group chats are encrypted (especially if one recipient is on an [older](https://graziadaily.co.uk/life/real-life/whatsapp-group-chats-actually-encrypted-theres-way-find/) version) +**Create a Safe Environment for Communication** | Recommended | There are several stages where your digital communications could be monitored or intercepted. This includes: Your or your participants device, your ISP, national gateway or government logging, the messaging provider, the servers. You can help protect from these risks by: paying attention to your surroundings, keeping your devices up-to-date, avoiding malware, watching out for phishing attacks, relying on trustworthy services, creating strong passwords and second-factor authentication, using encryption and helping those with whom you communicate do the same. If you are concerned about your communications being intercepted, consider using a reputable VPN provider, or routing traffic through Tor +**Agree on a Communication Plan** | Optional | In certain situations (such as attending a protest, communicating with a source or traveling to a risky location), it may be worth making a communication plan. This should include primary and backup methods of securely getting in hold with each other, (in order to avoid falling back on insecure technologies). You may wish to include procedures to implement in potential situations, e.g. to signal for help or assistance +**Strip Meta-Data from Media** | Optional | [Metadata](https://www.maketecheasier.com/understanding-metadata-and-privacy/) is "Data about Data" or additional information attached to a file or transaction. When you send a photo, audio recording, video or document you may be revealing more than you intended to, or [leaking your location](https://nakedsecurity.sophos.com/2012/12/03/john-mcafee-location-exif/). For example [Exif data](https://en.wikipedia.org/wiki/Exif) attached to images typically includes: Device name and model, author, time & date taken, GPS location (latitude & longitude) and photography information. In order to protect privacy, you should [remove](https://en.wikipedia.org/wiki/Metadata_removal_tool) this data before uploading and file or media item. Some apps strip this information out automatically, but they may be logging it before doing so +**Defang URLs** | Optional | Sending links via WhatsApp, Slack, Apple Messenger, Wire, Facebook and other services can unintentionally [expose your personal information](https://hunch.ly/osint-articles/osint-article-how-to-blow-your-online-cover). This is because, when a thumbnail or preview is generated- it happens on the client-side, and therefore causes your IP, user-agent, device info to be logged. This broadcasts to the website owner that you are discussing that website. One way around this, is to [defang](https://privacymatters.ubc.ca/blocking-email-links-why-we-use-hxxp-emails) your URLs (e.g. `https://www.example.com` --> `hxxps://www[.]example[.]com`), using a VPN will also help protect your IP +**Verify your Recipient** | Optional | Your communication is only as secure as it's weakest link- Always ensure you are talking to the intended recipient, and that they have not been compromised. One method for doing so is to use an app which supports contact verification. This is a powerful feature that enables users to trust the destination, and ensure the conversation has not been hijacked. It usually takes the form of comparing fingerprint codes, even over a phone call or in real life via scanning a QR code. If you believe you may be targeted, use a secure messenger that provides reliable indicators of compromise, where both parties will be notified if there have been any changes +**Enable Ephemeral Messages** | Optional | You cannot always rely on the physical security of your device. Self-destructing messages is a really neat feature the causes your messages to automatically delete after a set amount of time. This means that if your device is lost, stolen or seized, an adversary will only have access to the most recent communications. Unlike remote erase, disappearing messages does not require your device to be remotely accessible or have signal. You are able to vary this time frame from weeks all the way down to just a few seconds, depending on your threat model. Without disappearing messages enabled, you should periodically delete conversation history, in case your device is breached +**Avoid SMS** | Optional | SMS may be convenient, but it's [not secure](https://en.wikipedia.org/wiki/SMS#Vulnerabilities). It is susceptible to threats, such as [interception](https://en.wikipedia.org/wiki/IMSI-catcher), [sim swapping](https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html), manipulation and [malware](https://www.securitynewspaper.com/2019/09/13/hack-any-mobile-phone-with-just-a-sms). If you must use SMS, then you should encrypt messages before sending. One option is to use [Silence](https://silence.im/), an Android app that provides end-to-end encryption for SMS +**Watch out for Trackers** | Optional | A tracker is a piece of software meant to collect data about you or your usages. Be wary of messaging applications with trackers, as the detailed usage statistics they collect are often very evasive, and can sometimes reveal your identity as well as personal information that you would otherwise not intend to share. You can check how many, and which trackers a given app uses, by searching it in [Exodus Privacy](https://reports.exodus-privacy.eu.org/en/) +**Consider Jurisdiction** | Advanced | The jurisdictions where the organisation is based, and data is hosted should also be taken into account. As in some territories, organisations are forced to comply with local government regulations, which can require them to keep logs of all users interactions and metadata, or hand over encryption keys. Where possible, avoid [Five Eyes](https://en.wikipedia.org/wiki/Five_Eyes) and other [International Cooperatives](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives), and countries with poor respect for user privacy such as China, Russia, Singapore and Malaysia. +**Use an Anonymous Platform** | Advanced | If you believe you may be targeted, you should opt for an anonymous messaging platform that does not require a phone number, or any other personally identifiable information to sign up or use. Even using false or temporary information (such as a burner sim, VOIP number, temporary or forwarding email address, made-up details etc) cannot be grantee anonymity, and may put you at risk. As well as this you should download the app over Tor, outside of Google Play / Apple App Store, create an anonymous identity, only run the app while connected through Tor and ideally sandbox it to prevent data leaks (using a separate profile, virtual machine or even a secondary device) +**Ensure Forward Secrecy is Supported** | Advanced | Opt for a platform that implements [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy). This is where your app generates a new encryption key for every message. It means that if your adversary has obtained the private encryption key from one party, they will not be able to use it to decrypt any previously captured messages +**Consider a Decentralizes Platform** | Advanced | If all data flows through a central provider, you have to trust them with your data and meta-data. You cannot verify that the system running is authentic without back doors, and they may be subject to local laws, court orders or censorship, and if that provider ceases to operate, the entire network will be unavailable for that duration. Whereas with a decentralized system, there are no central servers to compromise, and no single point of failure. It cannot be raided, shut down, or forced to turn over data. Some decentralized platforms also route traffic through the Tor network, which provides an additional layer of anonymity and security. + + ## Social Media Online communities have existed since the invention of the internet, and give people around the world the opportunity to connect, communicate and share. Although these networks are a great way to promote social interaction and bring people together, that have a dark side - there are some serious [Privacy Concerns with Social Networking Services](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services), and these social networking sites are owned by private corporations, and that they make their money by collecting data about individuals and selling that data on, often to third party advertisers.