Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-08 23:02:55 -04:00
Code Issues Projects Releases Packages Wiki Activity

clarify phrasing and small edits from feedback

Browse source
This commit is contained in:
anarsec 2024-05-01 16:50:05 +00:00
parent 9bed1441fc
commit 1bf64e65a1
No known key found for this signature in database
6 changed files with 69 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

40
content/posts/e2ee/index.md
View file

@ -17,14 +17,14 @@ There are several different options for [end-to-end encrypted](/glossary/#end-to
<!-- more -->
Before proceeding, lets go over a few concepts to help you distinguish between the different options.
* **End-to-end encryption** means (in theory) that only you and the person you are communicating with can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* used and how it's implemented at the software level. See ["End-to-end encryption security: attacks and defense"](https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html#end-to-end-encryption-security-attacks-and-defense) for more information.
* **End-to-end encryption** means (in theory) that only you and the person you are communicating with can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* used and how it's implemented at the software level.
* **Metadata protection** means that the message [*metadata*](/glossary/#metadata) (the data about the data) is obscured. Even if the message itself is encrypted, metadata can reveal who is communicating with whom, when, how often, the sizes of any files that may have been transferred, and so on. Metadata exposure is [a major concern](https://docs.cwtch.im/security/risk#threat-model).
* **Peer-to-peer** means that the messages do not pass through a centralized server.
* **Tor** is an [anonymity network](/glossary/#tor-network). Some applications route your messages through Tor by default.
For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.notrace.how/resources/#pet-guide). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar.
Since anonymous public-facing projects such as counter-info websites interact with unknown (ie untrusted) contacts, they need more from encrypted communication than a personal user. These additional needs include:
Since anonymous public-facing projects such as counter-info websites interact with unknown (i.e. untrusted) contacts, they need more from encrypted communication than people using applications for private communication. These additional needs include:
* That anyone can contact the project
* Resiliency to [correlation attacks](/glossary/#correlation-attack)
@ -62,16 +62,22 @@ Cwtch is our preference for text communication by a long shot. Cwtch is designed
Like all peer-to-peer communication, Cwtch requires *[synchronous](/glossary/#synchronous-communication)* communication, meaning that both people must be online at the same time. However, its server feature also allows *[asynchronous](/glossary/#asynchronous-communication)* communication by providing offline delivery:
>"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch [servers](https://docs.cwtch.im/security/components/cwtch/server) which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it."
>"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch servers which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it."
Once the server exists, contacts can be invited to use it. For asynchronous direct messaging, create a group chat with only two people.
Cwtch servers enable group communication through untrusted infrastructure — these servers are "untrusted" because the protocol is [designed to be secure against a malicious Cwtch server](https://docs.cwtch.im/security/components/cwtch/server). Once the server exists, contacts can be invited to use it. For asynchronous direct messaging, create a group chat with only two people.
Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, as the device must remain powered on for it to work. Fortunately, [Anarchy Planet](https://anarchyplanet.org/chat.html#cwtch) runs a public server that is suitable for long-term groups.
Any Cwtch user can turn the app on their phone or computer into a server to host a group chat, though this is best for temporary needs like an event or short-term coordination, as the device must remain powered on for it to work. Fortunately, [Anarchy Planet](https://anarchyplanet.org/chat.html#cwtch) runs a public server that is suitable for long-term groups.
Asynchronous conversations on Cwtch need to be started from a synchronous conversation — in other words, you need to be online at the same time as your contact to invite them to a group, and then you no longer need to be online at the same time. This "first contact" dynamic is not unique to Cwtch, but is present in all peer-to-peer applications. In the future, Cwtch plans to improve this with [hybrid groups](https://docs.cwtch.im/blog/path-to-hybrid-groups/). Until hybrid groups are implemented, you will need to establish your asynchronous Cwtch conversations by using a second channel to set a time when you will both be online.
You can learn more about how to use Cwtch with the [Cwtch Handbook](https://docs.cwtch.im/).
>**Note**
>
>**[Briar](https://briarproject.org)** is another application that works in a similar way (with peer-to-peer and Tor), using the [Bramble Transport Protocol](https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack) (BTP). Briar's main distinguishing feature is that it continues to work [even when the underlying network infrastructure is down](https://briarproject.org/how-it-works/). It was [audited in 2017](https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-briar-been-independently-audited). Unfortunately, Briar Desktop does not yet work with Tails or Qubes-Whonix because it cannot [use the system Tor](https://code.briarproject.org/briar/briar/-/issues/2095). Unlike Cwtch, to connect to a contact on Briar, you both have to add each other first. You can either exchange `briar://` links or scan a contacts QR code if they are nearby. [Briar Mailbox](https://briarproject.org/download-briar-mailbox/) allows asynchronous communication.
>
>**[OnionShare](https://docs.onionshare.org/2.6/en/features.html#chat-anonymously)** has a chat feature that creates an ephemeral peer-to-peer chat room that is routed over the Tor network. The metadata protection works in the same way as Cwtch; it uses the Tor network as a shield and stores everything (ephemerally) locally on the device running OnionShare. OnionShare doesnt implement any chat encryption on its own — it relies on the Tor onion services encryption. Cwtch and Briar both have more features (including the additional Tapir and BTP encryption protocols). The only advantage of OnionShare is that it is installed on Tails by default.
## For Anonymous Public-facing Projects
**Need #1: That anyone can contact the project**
@ -92,12 +98,6 @@ A vulnerability in any application can be targeted with exploits — a severe vu
If a project has multiple members, all of them should be able to access the same messages independently. Currently, this is not possible with Cwtch.
>**Note**
>
>**[Briar](https://briarproject.org)** is another application that works in a similar way (with peer-to-peer and Tor), using the [Bramble Transport Protocol](https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack) (BTP). Briar's main distinguishing feature is that it continues to work [even when the underlying network infrastructure is down](https://briarproject.org/how-it-works/). It was [audited in 2017](https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-briar-been-independently-audited). Unfortunately, Briar Desktop does not yet work with Tails or Qubes-Whonix because it cannot [use the system Tor](https://code.briarproject.org/briar/briar/-/issues/2095). Unlike Cwtch, to connect to a contact on Briar, you both have to add each other first. You can either exchange `briar://` links or scan a contacts QR code if they are nearby. [Briar Mailbox](https://briarproject.org/download-briar-mailbox/) allows asynchronous communication.
>
>**[OnionShare](https://docs.onionshare.org/2.6/en/features.html#chat-anonymously)** has a chat feature that creates an ephemeral peer-to-peer chat room that is routed over the Tor network. The metadata protection works in the same way as Cwtch; it uses the Tor network as a shield and stores everything (ephemerally) locally on the device running OnionShare. OnionShare doesnt implement any chat encryption on its own — it relies on the Tor onion services encryption. Cwtch and Briar both have more features (including the additional Tapir and BTP encryption protocols). The only advantage of OnionShare is that it is installed on Tails by default.
## Installation
<details>
@ -157,14 +157,12 @@ Cwtch on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#whonix-a
![](/posts/e2ee/network.png)
* **Mediums**: Video call, voice call, text
* **Metadata protection**: Yes (strong)
* **Metadata protection**: Yes (Moderate)
* **Encryption protocol**: [SimpleX Messaging Protocol](https://simplex.chat/docs/protocol/simplex-chat.html), audited ([2022](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html)), and [SimpleX File Transfer Protocol](https://simplex.chat/blog/20230301-simplex-file-transfer-protocol.html)
* **Peer-to-peer**: No
* **Tor**: Not default
SimpleX Chat functions without persistent user IDs, which creates strong metadata protection. This means that an adversary can't easily observe how users are connected to each other in a network. This is possible because connection requests work by sharing an invitation link that is communicated through a separate channel, or in person. When connecting to another user you have the choice to use "Incognito mode", which creates a new random profile for each contact. This avoids sharing any data between contacts.
As a design choice to facilitate asynchronous communication, SimpleX Chat is not peer-to-peer — it uses decentralized servers that [anyone can host](https://simplex.chat/docs/server.html) and does not rely on any centralized component. Servers do not store any user information (no user profiles or contacts, or messages once they are delivered), and primarily use in-memory persistence. To understand what a server can and cannot see, read the [threat model](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#simplex-messaging-protocol-server).
SimpleX Chat allows voice and video calls, but this [inherently provides less metadata protection](https://mastodon.social/@sarahjamielewis/112311305534271974). As a design choice to facilitate asynchronous communication, SimpleX Chat is not peer-to-peer — it uses decentralized servers that [anyone can host](https://simplex.chat/docs/server.html) and does not rely on any centralized component. Servers do not store any user information (no user profiles or contacts, or messages once they are delivered), and primarily use in-memory persistence. To understand what a server can and cannot see, read the [threat model](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#simplex-messaging-protocol-server).
Since SimpleX requires that users [place some trust in the SimpleX servers](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#trust-in-servers), **we recommend prioritizing Cwtch over SimpleX Chat for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls**. Unlike Signal, SimpleX Chat doesn't require a phone number or smartphone.
@ -379,6 +377,10 @@ PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to
**There is an exception: for anonymous public-facing projects, we still recommend using PGP email** because it is currently the best option that meets the additional needs required by a public account. Use a [radical server](https://riseup.net/en/security/resources/radical-servers) that doesn't require an invite code. You can learn more about how to use PGP email with the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
>**Note**
>
>PGP is used for another purpose outside of communication: verifying the integrity and authenticity of files. For this use case, see our [explanation](/posts/tails-best/#appendix-gpg-explanation).
## For Anonymous Public-facing Projects
**Need #1: That anyone can contact the project**
@ -401,13 +403,7 @@ We recommend using Thunderbird (which is available in Tails and Qubes-Whonix by
If a project has multiple members, all of them should be able to access the same messages independently. This is straight forward with email, if all project members have the email password and the private PGP key.
>**Note**
>
>PGP is used for another purpose outside of communication: verifying the integrity and authenticity of files. For this use case, see our [explanation](/posts/tails-best/#appendix-gpg-explanation).
<br>
# Warnings
# Applications we do not recommend
We do *not* recommend: