miscellaneous feedback integration

This commit is contained in:
anarsec 2023-10-03 21:11:45 +00:00
parent 5755584357
commit 8afa5b96a8
No known key found for this signature in database
9 changed files with 74 additions and 181 deletions

View file

@ -26,7 +26,7 @@ For a more in-depth look at these various considerations, we recommend [The Guid
The following options for encrypted messaging are listed from most metadata protection to least.
**TLDR: Use Cwtch. Don't use Signal or PGP.**
**TLDR: For text communication with other anarchists, prioritize Cwtch over Signal or PGP. For voice or video calls, use Signal.**
# Cwtch
@ -153,7 +153,11 @@ Another barrier to anonymous registration is that Signal Desktop will only work
These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would be possible to identify each of your Signal contacts simply by their phone number (in addition to reading message history, etc.). This is a serious security breach, especially in the context of Signal groups, and is unavoidable due to the way Signal is designed. Compare this to the same attack on a Cwtch user - all contacts are anonymous, and their identities are also protected by Tor, so device compromise does not contribute to network mapping.
**Simply put, Signal does not fit an anarchist threat model** - it was designed to bring encrypted communication to the masses. Because it's nearly impossible to use Signal anonymously, and because [we recommend against using phones](/posts/nophones/), **we recommend that anarchists don't use Signal**. We only provide installation instructions because it has become the norm in the anarchist space in many countries, and it may be difficult to contact someone without it.
**Simply put, Signal is not a great fit for an anarchist threat model** - it was designed to bring encrypted communication to the masses. Because it's very difficult to use Signal anonymously, and because [we recommend against using phones whenever possible](/posts/nophones/), **we recommend that anarchists prioritize Cwtch over Signal for text communications with other anarchists.** That said, we nonetheless recommend Signal for voice and video calls because there is currently no better option.
>**Note**
>
>[SimpleX Chat](https://www.privacyguides.org/en/real-time-communication/#simplex-chat) is similar to Signal, but supports anonymous registration. However, it is currently only available for smartphones.
<details>
<summary>
@ -224,112 +228,6 @@ https_proxy = 127.0.0.1:8082
<br>
<br>
# Element / Matrix
![](element.png)
* **Mediums**: Video call, voice call, text
* **Metadata protection**: Poor
* **Encryption protocol**: vodozemac, audited ([2022](https://matrix.org/blog/2022/05/16/independent-public-audit-of-vodozemac-a-native-rust-reference-implementation-of-matrix-end-to-end-encryption))
* **Peer-to-peer**: No
* **Tor**: Not default
Element is the name of the application (the client) and Matrix is the name of the network. A comparison to email may be helpful in understanding this; Element is the equivalent of Thunderbird, while Matrix is the equivalent of the Simple Mail Transfer Protocol (SMTP) that underlies email. **We recommend Element for one-to-one voice and video calls**.
Element/Matrix is not peer-to-peer; you have to trust the server. However, unlike Signal, the servers are not centralized, but rather federated - anyone can host their own. Unfortunately, the "federation model" has the trade-off that Matrix has [no metadata protection](https://web.archive.org/web/https://serpentsec.1337.cx/matrix): "Federated networks are naturally more vulnerable to metadata leaks than peer-to-peer or centralized networks". To minimize this, see Systemli's [notes on the safe use of the Matrix service](https://wiki.systemli.org/en/howto/matrix/privacy).
Element will work with Tor when used on an operating system that forces it, such as Whonix or Tails.
Which homeserver you use is important — do not use the default homeserver matrix.org. [Systemli](https://www.systemli.org/en/service/matrix/) and [Anarchy Planet](https://anarchyplanet.org/chat.html) are reputable radical hosts. Both have a default message retention time of [30 days](https://wiki.systemli.org/en/howto/matrix/max_lifetime) and do not store IP addresses.
Matrix can be used through either a web client (using Element Web on Tor Browser) or a desktop client (using Element Desktop). The web clients for Systemli and Anarchy Planet are `element.systemli.org` and `anarchy.chat`, respectively. If you are using a desktop client, change the homeserver address to `https://matrix.systemli.org` or `https://riot.anarchyplanet.org` before trying to log in. It is easy to create an account anonymously and does not require a phone. Systemli requires you to have an email account with them (for which you need an invitation), while anyone can register at Anarchy Planet using the registration code `aplanet`.
A matrix ID looks like \@username:homeserver, for example \@anarsec:riot.anarchyplanet.org. Just like email, you can send messages to accounts that are on different homeservers.
Once you are logged in, go to **Settings → Security & Privacy**.
* You'll see all the devices you're signed in to listed under **Where you're signed in**. For anonymous use cases, you will usually only be signed in to one device.
* Scroll down to **Secure Backup**. This is a feature that allows you to verify a new session without having access to a signed-in device. Press **Set up**, then **Generate a Security Key**. Save the Security Key in KeePassXC. This "Security Key" will be needed to log into a new device or session.
* For Element Desktop, you will only need to use the Security Key if you sign out.
* For Element Web (using Tor Browser), you will need the Security Key every time you use it. Tor Browser will clear your cookies, so you will need to sign in for a new session.
## Some current limitations
* "Disappearing messages" is not a feature yet, but it is coming. Message retention time can be set by the homeserver administrator, as mentioned above, and is in fact set on both of our recommended homeservers.
* One-to-one voice/video calls [are encrypted](https://matrix.org/faq/#are-voip-calls-encrypted%3F) and you can use them. Group audio/video calls are not encrypted, so don't use them. This will be fixed when [Element-call](https://github.com/vector-im/element-call) is stable.
* The Matrix protocol itself theoretically supports [forward secrecy](/glossary#forward-secrecy), but it is [not currently supported in Element](https://github.com/vector-im/element-meta/issues/1296) because it breaks some aspects of the user experience such as key backups and shared message history.
* Profile pictures, reactions, and nicknames are not encrypted.
>**Note**
>
>You may have heard of **XMPP** (formerly known as Jabber). XMPP has similar security properties to Matrix, but many clients don't support end-to-end encryption (using the OMEMO protocol) by default. Properly configuring a client is non-trivial. XMPP and Matrix leak similar amounts of metadata, but OMEMO has never been formally audited like the Matrix encryption protocol. In addition, the administrator can act as a [man-in-the-middle](/glossary#man-in-the-middle-attack) on [any XMPP server](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/). For these reasons, we recommend using Matrix instead of XMPP.
<details>
<summary>
**Element Installation on GrapheneOS**
</summary>
<br>
If you have decided to use a smartphone despite our [recommendation not to use phones](/posts/nophones/), Element is available for Android. Install Element as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid).
<br>
</details>
<details>
<summary>
**Element Installation on Tails**
</summary>
<br>
The easiest option is to use the Element web client on Tor Browser. It doesn't require any additional software. Tor Browser deletes all data when it closes, so you'll be prompted for the Security Key each time you login in to access your past messages. Be sure to **Sign Out** when you are finished, to avoid accumulating "Signed-in devices".
To install Element Desktop, About.Privacy [maintains a guide](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo).
<br>
</details>
<details>
<summary>
**Element Installation on Qubes-Whonix**
</summary>
<br>
The easiest option is to use the Element web client on Tor Browser is a disposable Whonix qube. It doesn't require any additional software. Tor Browser deletes all data when it closes, so you'll be prompted for the Security Key after each time you log in to access your past messages. Be sure to **Sign Out** when you are finished, to avoid accumulating "Signed-in devices".
To install Element Desktop, Whonix is not guaranteed to have Tor [Stream Isolation](/posts/qubes/#whonix-and-tor) from other applications in the same qube, so we will install it in a dedicated qube. Element Desktop is installed in a Template, not an App qube (because it is available as a .deb from a third party repository).
* Go to **Applications menu → Qubes Tools → Qube Manager**
* Clone whonix-ws-16 and name it something like whonix-ws-16-element.
* We do this so as not to add attack surface to the base Whonix Workstation template. If you also install other messaging applications like Signal Desktop, they could share a cloned template with a name like whonix-ws-16-e2ee
* Open a Terminal in the new Template: **Applications menu → Template: whonix-ws-16-element: Xfce Terminal**
* Run the commands in the [Element installation guide](https://element.io/download#linux) to install Element Desktop in the Template.
* Template qubes require a proxy for `wget`. Before running the command, create a configuration file at `~/.wgetrc` in the Template, with the following contents:
```bash
use_proxy = on
http_proxy = 127.0.0.1:8082
https_proxy = 127.0.0.1:8082
```
* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-ws-16-element` and networking `sys-whonix`.
* In the **Settings → Applications** tab of the new App qube, move Element Desktop to the Selected column and press **OK**.
* Updates will be handled by **Qubes Update** as you would expect.
* Avoid pressing "Sign Out", just shut down the qube when finished.
>**Alternative method**
>
>You can install Element Desktop in a Whonix Workstation App qube using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/) and not need to bother with Templates. Element Desktop on Flathub is [community maintained](https://github.com/flathub/im.riot.Riot), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security).
<br>
</details>
<br>
<br>
# PGP Email
![](pgp.webp)
@ -340,10 +238,10 @@ https_proxy = 127.0.0.1:8082
* **Peer-to-peer**: No
* **Tor**: Not default
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all future PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP should be disqualified from inclusion on this list. It simply doesn't meet the standards of modern cryptography. However, since it is already widely used in the anarchist space, we include it here as a warning that **we recommend that anarchists don't use PGP**. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others."
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all future PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP should be disqualified from inclusion on this list. It simply doesn't meet the standards of modern cryptography. However, since it is already widely used in the anarchist space, we include it here as a warning that **we recommend that anarchists don't use encrypted email for communication with other anarchists**. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others."
We recommend switching to Cwtch for synchronous and asynchronous use cases. If you must use email, use a [radical server](https://riseup.net/en/security/resources/radical-servers) and read the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
We recommend switching to Cwtch for synchronous and asynchronous use cases. The exception to this recommendation is for public-facing projects - Hybrid Groups need to be implemented in Cwtch before this can be recommended. If you must use email, use a [radical server](https://riseup.net/en/security/resources/radical-servers) and read the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
PGP is used for another purpose outside of communication: verifying the integrity and authenticity of files. For this use case, see our [GPG explanation](/posts/linux/#gpg-explanation).
PGP is used for another purpose outside of communication: verifying the integrity and authenticity of files. For this use case, see our [explanation](/posts/tails-best/#appendix-3-gpg-explanation).