mirror of
https://0xacab.org/anarsec/anarsec.guide.git
synced 2025-07-23 23:01:04 -04:00
update most guides
This commit is contained in:
parent
be05046783
commit
3ce6491c8f
21 changed files with 86 additions and 79 deletions
BIN
content/posts/e2ee/cwtch.png
Normal file
BIN
content/posts/e2ee/cwtch.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 38 KiB |
|
@ -34,17 +34,19 @@ The following options for encrypted messaging are listed from most metadata prot
|
|||
|
||||
# Cwtch
|
||||
|
||||

|
||||
|
||||
* **Mediums**: Text
|
||||
* **Metadata protection**: Yes (strong)
|
||||
* **Encryption protocol**: Tor Onion Services (v3) + [Tapir](https://docs.openprivacy.ca/cwtch-security-handbook/cwtch-overview.html)
|
||||
* **Encryption protocol**: Tor Onion Services (v3) + [Tapir](https://docs.cwtch.im/security/components/tapir/authentication_protocol)
|
||||
* **Peer-to-peer**: Yes
|
||||
* **Tor**: Yes
|
||||
|
||||
Cwtch is our preference, by a long shot. It is currently in transition from [beta to stable versions](https://docs.cwtch.im/blog/path-to-cwtch-stable). For an overview of how Cwtch works, watch the video above. The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know for using it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network as a shield and stores everything locally on-device, encrypted.
|
||||
Cwtch is our preference, by a long shot. It is currently in transition from [beta to stable versions](https://docs.cwtch.im/blog/cwtch-stable-roadmap-update-june). For an overview of how Cwtch works, watch the video above. The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know for using it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network as a shield and stores everything locally on-device, encrypted.
|
||||
|
||||
Like all peer-to-peer communication, Cwtch requires *synchronous* communication, meaning that both peers are online simultaneously. However, their server feature allows *asynchronous* communication as well by providing offline delivery:
|
||||
|
||||
>"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch [servers](https://docs.cwtch.im/docs/servers/introduction) which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it."
|
||||
>"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch [servers](https://docs.cwtch.im/security/components/cwtch/server) which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it."
|
||||
|
||||
Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, because the device needs to stay powered on for it to work. Medium-term untrusted servers can be set up on a spare Android device that can stay on, and longer-term servers can be self-hosted on a VPS if you know Linux system administration. Once the server exists, contacts can be invited to use it. You can create a group chat with only two people, which enables asynchronous direct messages.
|
||||
|
||||
|
@ -108,10 +110,10 @@ Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwt
|
|||
<br>
|
||||
</details>
|
||||
|
||||

|
||||
|
||||
# OnionShare
|
||||
|
||||

|
||||
|
||||
* **Mediums**: Text
|
||||
* **Metadata protection**: Yes (strong)
|
||||
* **Encryption protocol**: Tor Onion Services (v3)
|
||||
|
@ -122,17 +124,17 @@ OnionShare has a [chat feature](https://docs.onionshare.org/2.6/en/features.html
|
|||
|
||||
<br>
|
||||
|
||||

|
||||
|
||||
# Signal
|
||||
|
||||

|
||||
|
||||
* **Mediums**: Video call, voice call, text
|
||||
* **Metadata protection**: Yes (Moderate)
|
||||
* **Encryption protocol**: Signal Protocol, audited ([2017](https://en.wikipedia.org/wiki/Signal_Protocol))
|
||||
* **Peer-to-peer**: No
|
||||
* **Tor**: Not default
|
||||
|
||||
The Signal Protocol has some metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only kept on the Signal servers as long as necessary in order to transmit each message. As a result, when Signal is served with a warrant, they [can only provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to Signal servers, when provided with a phone number. Nonetheless, Signal is [reliant on the Google Services Framework](https://web.archive.org/web/20210728141938/https://serpentsec.1337.cx/signal-sucks-heres-why) (though it's possible to use without it) and the metadata protection of sealed sender [only applies to contacts (by default)](https://web.archive.org/web/20210728141938/https://serpentsec.1337.cx/signal-sucks-heres-why).
|
||||
The Signal Protocol has some metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only kept on the Signal servers as long as necessary in order to transmit each message. As a result, when Signal is served with a warrant, they [can only provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to Signal servers, when provided with a phone number. Nonetheless, Signal is reliant on the Google Services Framework (though it's possible to use without it) and the metadata protection of sealed sender only applies to contacts (by default).
|
||||
|
||||
Signal [is not peer-to-peer](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor); it operates centralized servers that we have to trust. Signal will work with Tor if it is used on an operating system that forces it; such as Whonix or Tails.
|
||||
|
||||
|
@ -140,7 +142,7 @@ However, registration for a Signal account is difficult to achieve anonymously.
|
|||
|
||||
Another barrier to anonymous registration is that Signal Desktop only works if Signal is first registered from a smartphone. For users comfortable with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer with [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for the registration would need to be obtained anonymously.
|
||||
|
||||
As a result, Signal is rarely used anonymously which has a significant impact if the State gets [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's not uncommon that they get physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html). For example, if device [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would then be possible to identify every Signal contact simply via their phone numbers (in addition to reading message history, etc.).
|
||||
As a result, Signal is rarely used anonymously which has a significant impact if the State gets [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's not uncommon that they get physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even just simple arrests. For example, if device [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would then be possible to identify every Signal contact simply via their phone numbers (in addition to reading message history, etc.).
|
||||
|
||||
Due to the near impossibility of using Signal anonymously as well as our [recommendation to not use phones](/posts/nophones/), we don't currently recommend anarchists use Signal. We nonetheless provide installation instructions because it has become the norm in the anarchist space in many countries, and it might be hard to get in touch with somebody without it.
|
||||
|
||||
|
@ -185,6 +187,8 @@ Some of [Signal Configuration and Hardening Guide](https://blog.privacyguides.or
|
|||
|
||||
Signal Desktop on Whonix is not guaranteed to have Tor Stream Isolation from other applications in the same qube, so we will install it in a dedicated qube. Signal Desktop is installed in a Template, not an App qube (because it is available as a .deb from a third party repository).
|
||||
|
||||
Some of [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) also applies to Signal Desktop.
|
||||
|
||||
* Go to **Applications menu → Qubes Tools → Qube Manager**
|
||||
* Clone whonix-ws-16, and call it something like whonix-ws-16-signal.
|
||||
* We do this to not add attack surface to the base Whonix Workstation template. If you also install other messaging applications like Element Desktop, they could share a cloned template with a name like whonix-ws-16-e2ee
|
||||
|
@ -197,7 +201,7 @@ use_proxy = on
|
|||
http_proxy = 127.0.0.1:8082
|
||||
https_proxy = 127.0.0.1:8082
|
||||
```
|
||||
* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-signal` and networking `sys-whonix`.
|
||||
* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-ws-16-signal` and networking `sys-whonix`.
|
||||
* In the new App qube's **Settings → Applications** tab, bring Signal into the Selected column, and press **OK**.
|
||||
* Updates will be handled by **Qubes Update** as you would expect.
|
||||
|
||||
|
@ -211,10 +215,10 @@ https_proxy = 127.0.0.1:8082
|
|||
<br>
|
||||
<br>
|
||||
|
||||

|
||||
|
||||
# Element / Matrix
|
||||
|
||||

|
||||
|
||||
* **Mediums**: Video call, voice call, text
|
||||
* **Metadata protection**: Poor
|
||||
* **Encryption protocol**: vodozemac, audited ([2022](https://matrix.org/blog/2022/05/16/independent-public-audit-of-vodozemac-a-native-rust-reference-implementation-of-matrix-end-to-end-encryption))
|
||||
|
@ -225,7 +229,7 @@ Element is the name of the application (the client), and Matrix is the name of t
|
|||
|
||||
Element will work with Tor if it is used on an operating system that forces it; such as Whonix or Tails.
|
||||
|
||||
What homeserver you use is important— do not use the default homeserver matrix.org. [Systemli](https://www.systemli.org/en/service/matrix/) and [Anarchy Planet](https://anarchyplanet.org/chat.html) are reputable radical hosts. Systemli's instance has a default message retention time of [30 days](https://wiki.systemli.org/en/howto/matrix/max_lifetime), and IP addresses are not stored.
|
||||
What homeserver you use is important— do not use the default homeserver matrix.org. [Systemli](https://www.systemli.org/en/service/matrix/) and [Anarchy Planet](https://anarchyplanet.org/chat.html) are reputable radical hosts. Both instances have a default message retention time of [30 days](https://wiki.systemli.org/en/howto/matrix/max_lifetime), and IP addresses are not stored.
|
||||
|
||||
Matrix can either be used through a web client (using Element Web on Tor Browser) or though a desktop client (using Element Desktop). The web clients for Systemli and Anarchy Planet are `element.systemli.org` and `anarchy.chat`, respectively. When using a desktop client, before trying to log in change the homeserver address to `https://matrix.systemli.org` or `https://riot.anarchyplanet.org`, respectively. It is easy to create an account anonymously, and does not require a phone. Systemli requires having an email account with them (which you need an invite to obtain), whereas anyone can sign up to Anarchy Planet with the registration code `aplanet`.
|
||||
|
||||
|
@ -242,7 +246,7 @@ As soon as you have logged in, go to **Setting → Security & Privacy**.
|
|||
|
||||
* "Disappearing messages" is not yet a feature, but it is forthcoming. Message retention time can be set by the homeserver administrator, as mentioned above, and it is indeed set on both of our recommended homeservers.
|
||||
* One to one audio/video calls [are encrypted](https://matrix.org/faq/#are-voip-calls-encrypted%3F) and you can use them. Group audio/video calls are not encrypted, so don't use them. This will be resolved when [Element-call](https://github.com/vector-im/element-call) is stable.
|
||||
* The Matrix protocol itself [theoretically](/glossary#forward-secrecy) supports [Forward Secrecy](/glossary#forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-meta/issues/1296) due to it breaking some aspects of the user experience such as key backups and shared message history.
|
||||
* The Matrix protocol itself theoretically supports [Forward Secrecy](/glossary#forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-meta/issues/1296) due to it breaking some aspects of the user experience such as key backups and shared message history.
|
||||
* Profile pictures, reactions, and nicknames are not encrypted.
|
||||
|
||||
>**Note**
|
||||
|
@ -300,7 +304,7 @@ use_proxy = on
|
|||
http_proxy = 127.0.0.1:8082
|
||||
https_proxy = 127.0.0.1:8082
|
||||
```
|
||||
* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-element` and networking `sys-whonix`.
|
||||
* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-ws-16-element` and networking `sys-whonix`.
|
||||
* In the new App qube's **Settings → Applications** tab, bring Element Desktop into the Selected column, and press **OK**.
|
||||
* Updates will be handled by **Qubes Update** as you would expect.
|
||||
* Avoid pressing "Sign Out", simply shutdown the qube when finished.
|
||||
|
@ -315,15 +319,15 @@ https_proxy = 127.0.0.1:8082
|
|||
<br>
|
||||
<br>
|
||||
|
||||

|
||||
|
||||
# PGP Email
|
||||
|
||||

|
||||
|
||||
* **Mediums**: Text
|
||||
* **Metadata protection**: No
|
||||
* **Encryption protocol**: [RSA](https://blog.trailofbits.com/2019/07/08/fuck-rsa/) or ed25519, no forward secrecy
|
||||
* **Peer-to-peer**: No
|
||||
* **Tor**: Depends
|
||||
* **Tor**: Not default
|
||||
|
||||
PGP (Pretty Good Privacy) isn't so much a messaging platform as it is a way of encrypting messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions against future compromises of keys or passwords. It maintains the secrecy of past communications even if the current one is compromised. This means that an adversary could decrypt all PGP messages in the future in one fell swoop. Once you also take into account the metadata exposure inherent in email, PGP should be disqualified from inclusion in this list. It simply doesn't meet the standards of a modern cryptography. However, given that it is already widely used within the anarchist space, we include it here as a warning that it is not recommended. For a more technical criticism, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others."
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue