From 8b56d36300c6141e692d01e1f0a5f5f45fd293b6 Mon Sep 17 00:00:00 2001 From: anarsec Date: Sun, 20 Aug 2023 16:48:26 +0000 Subject: [PATCH] e2ee syntax --- content/posts/e2ee/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/posts/e2ee/index.md b/content/posts/e2ee/index.md index 0f5e3fd..9b07c2d 100644 --- a/content/posts/e2ee/index.md +++ b/content/posts/e2ee/index.md @@ -142,13 +142,13 @@ The Signal Protocol has a moderate amoung of metadata protection; [sealed sender Signal [is not peer-to-peer](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor); it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. -Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user still needs to control - due to [changes to "Registration Lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained - most people will not do this. There have been unfounded rumours that Signal plans to remove the need for a phone number after the release of a username feature - however, [registration will continue to require a phone number](https://mastodon.world/@Mer__edith/110895045552696836). +Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must still control - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained - most people will not do this. There have been unfounded rumors that Signal plans to remove the need for a phone number after the release of a username feature - however, [registration will still require a phone number](https://mastodon.world/@Mer__edith/110895045552696836). -Another barrier to anonymous registration is that Signal Desktop only works if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously. +Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously. -These obstacles to anonymous registration result in Signal rarely being used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would be possible to identify each of your Signal contacts simply by their phone number (in addition to reading message history, etc.). This is a serious security breach, especially in the context of Signal groups, and is unavoidable due to how Signal was designed. Compare this with the same attack on a Cwtch user - all contacts are anonymous and their identity is also protected by Tor, so device compromise does not contribute to network mapping. +These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would be possible to identify each of your Signal contacts simply by their phone number (in addition to reading message history, etc.). This is a serious security breach, especially in the context of Signal groups, and is unavoidable due to the way Signal is designed. Compare this to the same attack on a Cwtch user - all contacts are anonymous, and their identities are also protected by Tor, so device compromise does not contribute to network mapping. -**Simply put, Signal is not appropriate for an anarchist threat model** - it is designed to bring encrypted communications to the masses. Due to the near impossibility of using Signal anonymously, and our [recommendation not to use phones](/posts/nophones/), **we recommend that anarchists don't use Signal**. We only provide installation instructions because it has become the norm in the anarchist space in many countries, and it may be difficult to contact someone without it. +**Simply put, Signal does not fit an anarchist threat model** - it was designed to bring encrypted communication to the masses. Because it's nearly impossible to use Signal anonymously, and because [we recommend against using phones](/posts/nophones/), **we recommend that anarchists don't use Signal**. We only provide installation instructions because it has become the norm in the anarchist space in many countries, and it may be difficult to contact someone without it.