cwtch update

CHANGELOG.md

@@ -1,17 +1,35 @@
 # Tails for Anarchists 
 
+This guide has not been changed since publication. 
+
 # Tails Best Practices 
 
+This guide has not been changed since publication. 
+
 # Qubes OS for Anarchists
 
+This guide has not been changed since publication. 
+
 # Why Anarchists Shouldn't Have Phones 
 
+This guide has not been changed since publication. 
+
 # GrapheneOS for Anarchists 
 
+This guide has not been changed since publication. 
+
 # Linux Essentials 
 
+This guide has not been changed since publication. 
+
 # Removing Identifying Metadata From Files 
 
+This guide has not been changed since publication. 
+
 # Encrypted Messaging for Anarchists 
 
+This guide has not been changed since publication. 
+
 # Making Your Electronics Tamper-Evident
+
+This guide has not been changed since publication. 

content/posts/e2ee/index.md

@@ -26,6 +26,8 @@ For a longer form look at these different considerations, we recommend [The Guid
 
 The following options for encrypted messaging are listed from most metadata protection to least. 
 
+TLDR: use Cwtch. 
+
 <br>
 
 <video controls="" width="99%">
@@ -44,11 +46,13 @@ The following options for encrypted messaging are listed from most metadata prot
 
 Cwtch is our preference, by a long shot. It is currently in transition from [beta to stable versions](https://docs.cwtch.im/blog/cwtch-stable-roadmap-update-june). For an overview of how Cwtch works, watch the video above. The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know for using it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network as a shield and stores everything locally on-device, encrypted.
 
-Like all peer-to-peer communication, Cwtch requires *synchronous* communication, meaning that both peers are online simultaneously. However, their server feature allows *asynchronous* communication as well by providing offline delivery:
+Like all peer-to-peer communication, Cwtch requires *[synchronous](/glossary/#synchronous-communication)* communication, meaning that both peers are online simultaneously. However, their server feature allows *[asynchronous](/glossary/#asynchronous-communication)* communication as well by providing offline delivery:
 
 >"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch [servers](https://docs.cwtch.im/security/components/cwtch/server) which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it."
 
-Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, because the device needs to stay powered on for it to work. Medium-term untrusted servers can be set up on a spare Android device that can stay on, and longer-term servers can be self-hosted on a VPS if you know Linux system administration. Once the server exists, contacts can be invited to use it. You can create a group chat with only two people, which enables asynchronous direct messages.  
+Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, because the device needs to stay powered on for it to work. Once the server exists, contacts can be invited to use it. You can create a group chat with only two people, which enables asynchronous direct messages. If an adversary gets access to a server running on your own device in addition to an invitation to join the server, they can deanonymize you. Thankfully, Systemli and [Anarchy Planet](https://anarchyplanet.org/chat.html#cwtch) both run public servers which are appropriate for long-term groups, and can't be used to deanonymize you. 
+
+Asynchronous conversations on Cwtch must be started from a synchronous conversation - you must be online at the same time as your contact so that you can invite them to a group, and then you no longer need to be online simultaneously. In the future, [hybrid groups](https://git.openprivacy.ca/cwtch.im/cwtch-ui/wiki/One-Pager:-Managed-Groups-%28-A-Roadmap-towards-Hybrid-Groups%29) intend to improve on this. Until hybrid groups are implemented, you need to establish your asynchronous Cwtch conversations by first setting a time to both be online through a second channel. 
 
 >**Note**
 >
@@ -331,7 +335,7 @@ https_proxy = 127.0.0.1:8082
 
 PGP (Pretty Good Privacy) isn't so much a messaging platform as it is a way of encrypting messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions against future compromises of keys or passwords. It maintains the secrecy of past communications even if the current one is compromised. This means that an adversary could decrypt all PGP messages in the future in one fell swoop. Once you also take into account the metadata exposure inherent in email, PGP should be disqualified from inclusion in this list. It simply doesn't meet the standards of a modern cryptography. However, given that it is already widely used within the anarchist space, we include it here as a warning that it is not recommended. For a more technical criticism, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." 
 
-We recommend switching to Element for asynchronous use cases, and switching to Cwtch for synchronous use cases. If you need to use email, use a [radical server](https://riseup.net/en/security/resources/radical-servers) and see the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp). 
+We recommend switching to Cwtch for synchronous and asynchronous use cases. If you need to use email, use a [radical server](https://riseup.net/en/security/resources/radical-servers) and see the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp). 
 
 PGP is used for another purpose outside of communication: to verify the integrity and authenticity of files. For this use, see our [GPG explanation](/posts/linux/#gpg-explanation).
 

content/posts/tails-best/index.md

@@ -246,11 +246,7 @@ Now plain is just an empty folder again. Before storing important files in the c
 
 PGP email is the most established form of encrypted communication on Tails in the anarchist space. Unfortunately, PGP does not have [forward secrecy](/glossary#forward-secrecy)—that is, a single secret (your private key) can decrypt all messages, rather than just a single message, which is the standard in encrypted messaging today. It is the opposite of "metadata protecting", and has [several other shortcomings](/posts/e2ee/#pgp-email). 
 
-For [synchronous](/glossary/#synchronous-communication) messaging—when you are both online at the same time—we recommend [Cwtch](/posts/e2ee/#cwtch) on Tails.  
-
-For [asynchronous](/glossary/#asynchronous-communication) messaging—when you are not both online at the same time—we recommend [Element](/posts/e2ee/#element-matrix). Which server you use is also important; [Systemli](https://www.systemli.org/en/service/matrix/) and [Anarchy Planet](https://anarchyplanet.org/chat.html) are reputable hosts. 
-
-For more information on both options, see [Encrypted Messaging For Anarchists](/posts/e2ee/). 
+For [synchronous](/glossary/#synchronous-communication) and [asynchronous](/glossary/#asynchronous-communication) messaging we recommend [Cwtch](/posts/e2ee/#cwtch). For more information on Cwtch, see [Encrypted Messaging For Anarchists](/posts/e2ee/). 
 
 # Phishing Awareness 
 

content/recommendations/_index.md

@@ -7,6 +7,8 @@ paginate_by = 5
 
 These recommendations are intended for all anarchists and are accompanied by tutorials to put them into practice. They are informed by a threat model protecting against government security forces and equivalent adversaries that are trying to achieve [targeted digital surveillance](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance.html) for [incrimination](https://www.csrc.link/threat-library/tactics/incrimination.html) or [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html). The goal is to obscure the visibility of our enemies into our lives and projects, and to leave no traces when this is relevant. Technology is hostile terrain. 
 
+As an overview of [targeted surveillance measures in France](https://actforfree.noblogs.org/post/2023/07/24/number-of-the-day-89502-preventive-surveillance-measures-france/) concludes, "So let’s be clear about our responsibilities: when we knowingly introduce a networked device equipped with a microphone and/or camera (cellphone, baby monitor, computer, car GPS, networked watch, etc.) close to a conversation where “private or confidential words are spoken” and must remain that way, even if it's switched off, we become a potential state informer…"
+
 ## Phones
 
 >**[Operating system](/glossary#operating-system-os)**: **GrapheneOS** is the only reasonably secure choice for cellphones. See [GrapheneOS for Anarchists](/posts/grapheneos/). Better yet, [don't have a phone](/posts/nophones/).