From feb6775cd1766876399cd9a48387668fb249ddba Mon Sep 17 00:00:00 2001 From: "about:privacy" Date: Wed, 28 Jun 2023 11:25:34 +0000 Subject: [PATCH 1/2] Update index.md, persist cwtch on Tails, links --- content/posts/e2ee/index.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/posts/e2ee/index.md b/content/posts/e2ee/index.md index d8d3edd..c131c79 100644 --- a/content/posts/e2ee/index.md +++ b/content/posts/e2ee/index.md @@ -75,9 +75,9 @@ Any Cwtch user can turn the app on their phone or computer into an untrusted ser
  • How you use Cwtch depends on whether you have enabled Persistent Storage: +
  • With Persistent Storage disabled, configuration and profile data must be recovered from backup every session you need to use it. Backup `/home/amnesia/.cwtch/` to the personal data LUKS USB, and copy it back into /home/amnesia/ the next time you install Cwtch.
    • +
  • With Persistent Storage enabled and unlocked, in Terminal run sudo sed -i '$ a /home/amnesia/.cwtch source=cwtch' /live/persistence/TailsData_unlocked/persistence.conf and subsequently restart Tails unlocking Persistent Storage, then create cwtch profile(s).
    • +
  • Cwtch must be re-installed every session you need to use it. With Persistent Storage enabled and unlocked, installation can be made persistent though, in Terminal run sudo sed -i '$ a /home/amnesia/.local/lib/cwtch' source=cwtch_install
    • , restart Tails unlocking Persistent Storage and run install-tails.sh script once in order to persist the install.
  • Updates must be made manually - back up your profile first.

    • @@ -117,7 +117,7 @@ Signal [is not peer-to-peer](https://www.csrc.link/#the-guide-to-peer-to-peer-en However, registration for a Signal account is difficult to achieve anonymously. The account is tied to a phone number which the user needs to continue to control - due to [changes to "Registration Lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. In the future, Signal intends to make it so that accounts do [not require a phone number](https://signal.org/blog/building-faster-oram/), but until this is the case Signal cannot be easily used anonymously. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number), and then must be maintained. -Another barrier to anonymous registration is that Signal Desktop only works if Signal is first registered from a smartphone. For users comfortable with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer with [Signal-cli](https://0xacab.org/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for the registration would need to be obtained anonymously. +Another barrier to anonymous registration is that Signal Desktop only works if Signal is first registered from a smartphone. For users comfortable with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer with [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for the registration would need to be obtained anonymously. As a result, Signal is rarely used anonymously which has a significant impact if the State gets [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's not uncommon that they get physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html). For example, if device [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would then be possible to identify every Signal contact simply via their phone numbers (in addition to reading message history, etc.). @@ -135,7 +135,7 @@ If you have decided to use a smartphone [despite our recommendation to not use p Signal Installation on Tails -About.Privacy [maintains a guide](https://0xacab.org/about.privacy/messengers-on-tails-os/) for installing Signal Desktop on Tails. There is a guide for registering an account from Tails without a smartphone (using Signal-cli), and another guide for if you already have a Signal account. +About.Privacy [maintains a guide](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo) for installing Signal Desktop on Tails. There is a guide for registering an account from Tails without a smartphone (using Signal-cli), and another guide for if you already have a Signal account. Some of [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) also applies to Signal Desktop. @@ -211,7 +211,7 @@ If you have decided to use a smartphone despite our [recommendation to not use p The easiest option is to use the Element web client on Tor Browser. This doesn't require any additional software. Tor Browser deletes all data upon closing, so you'll be prompted for the Security Key after each login in order to access your past messages. Make sure to **Sign Out** when finished, to avoid accumulating "Signed-in devices". -To install Element Desktop, About.Privacy [maintains a guide](https://0xacab.org/about.privacy/messengers-on-tails-os/). +To install Element Desktop, About.Privacy [maintains a guide](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo).
    Element Installation on Qubes-Whonix From 77493b58e13cfac2b210283ad8d910d45fbcd81b Mon Sep 17 00:00:00 2001 From: anarsec Date: Sun, 2 Jul 2023 00:43:18 +0000 Subject: [PATCH 2/2] Resolve merge conflict --- content/posts/e2ee/index.md | 65 ++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 27 deletions(-) diff --git a/content/posts/e2ee/index.md b/content/posts/e2ee/index.md index c131c79..027810b 100644 --- a/content/posts/e2ee/index.md +++ b/content/posts/e2ee/index.md @@ -14,11 +14,13 @@ Several different options are available for [end-to-end encrypted](/glossary/#en There are some concepts that need to be understood before going further, in order to distinguish the various options. * **End-to-end encryption** means that only you, and the person you communicate with, can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* that is used, and how it is implemented at the software level. -* **Metadata protection** means whether the [*metadata*](/glossary/#metadata) (the data about the data) about the communication is obscured. Even if the message itself is encrypted, metadata can reveal who is communicating with whom, when, how often, the sizes of whatever files may have been transferred, etc. Metadata exposure is [a major concern](https://docs.openprivacy.ca/cwtch-security-handbook/risk.html#threat-model). +* **Metadata protection** means whether the [*metadata*](/glossary/#metadata) (the data about the data) about the communication is obscured. Even if the message itself is encrypted, metadata can reveal who is communicating with whom, when, how often, the sizes of whatever files may have been transferred, etc. Metadata exposure is [a major concern](https://docs.cwtch.im/security/risk#threat-model). * **Peer-to-peer** means that there is no centralized server that you need to trust. * **Tor** is an [anonymity network](/glossary/#tor-network), and some applications route your messages through it by default. -For a longer form look at these different considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. The following options for encrypted messaging are listed from most metadata protection to least. +For a longer form look at these different considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. + +The following options for encrypted messaging are listed from most metadata protection to least.
    @@ -33,7 +35,7 @@ For a longer form look at these different considerations, we recommend [The Guid * **Peer-to-peer**: Yes * **Tor**: Yes -Cwtch is our preference, by a long shot. It is currently in transition from [beta to stable versions](https://docs.cwtch.im/blog/path-to-cwtch-stable). For an overview of how Cwtch works, see their [video explainer](https://cwtch.im/#how-it-works). The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know for using it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network as a shield and stores everything locally on-device, encrypted. +Cwtch is our preference, by a long shot. It is currently in transition from [beta to stable versions](https://docs.cwtch.im/blog/path-to-cwtch-stable). For an overview of how Cwtch works, watch the video above. The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know for using it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network as a shield and stores everything locally on-device, encrypted. Like all peer-to-peer communication, Cwtch requires *synchronous* communication, meaning that both peers are online simultaneously. However, their server feature allows *asynchronous* communication as well by providing offline delivery: @@ -41,7 +43,9 @@ Like all peer-to-peer communication, Cwtch requires *synchronous* communication, Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, because the device needs to stay powered on for it to work. Medium-term untrusted servers can be set up on a spare Android device that can stay on, and longer-term servers can be self-hosted on a VPS if you know Linux system administration. Once the server exists, contacts can be invited to use it. You can create a group chat with only two people, which enables asynchronous direct messages. ->**Note**: [**Briar**](https://briarproject.org) is another application which works in a similar way (with peer-to-peer and Tor), and uses the [Bramble Transport Protocol](https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack) (BTP). The main distinguishing feature of Briar is that it continues to function [even when underlying network infrastructure is down](https://briarproject.org/how-it-works/). It was [audited in 2017](https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-briar-been-independently-audited). Unfortunately, Briar Desktop does not yet work with Tails or Qubes-Whonix, because it cannot [use the system Tor](https://code.briarproject.org/briar/briar/-/issues/2095). Unlike Cwtch, to connect with a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby. [Briar Mailbox](https://briarproject.org/download-briar-mailbox/) enables asynchronous communication. +>**Note** +> +>[**Briar**](https://briarproject.org) is another application which works in a similar way (with peer-to-peer and Tor), and uses the [Bramble Transport Protocol](https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack) (BTP). The main distinguishing feature of Briar is that it continues to function [even when underlying network infrastructure is down](https://briarproject.org/how-it-works/). It was [audited in 2017](https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-briar-been-independently-audited). Unfortunately, Briar Desktop does not yet work with Tails or Qubes-Whonix, because it cannot [use the system Tor](https://code.briarproject.org/briar/briar/-/issues/2095). Unlike Cwtch, to connect with a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby. [Briar Mailbox](https://briarproject.org/download-briar-mailbox/) enables asynchronous communication.
    Cwtch Installation on GrapheneOS @@ -64,22 +68,21 @@ Any Cwtch user can turn the app on their phone or computer into an untrusted ser
  • Compare the hash of the file with what is listed on the download page
    • -
  • As per our Tails Best Practices, personal data should be stored on a second LUKS USB, not on the Tails Persistent Storage. Copy the file to such a personal data LUKS USB and extract it with the file manager (right click, select "Extract Here"). We will not be using the Additional Software Persistent Storage feature - Cwtch is an AppImage so doesn't require it.
    • +
  • As per our Tails Best Practices, personal data should be stored on a second LUKS USB, and the Persistent Storage is not enabled. Extract the file with the file manager (right click, select "Extract Here"), then copy the folder cwtch to such a personal data LUKS USB.
      +
    • OPTIONAL - If you do enable Persistent Storage: with Persistent Storage unlocked, in Terminal run sudo sed -i '$ a /home/amnesia/.cwtch source=cwtch' /live/persistence/TailsData_unlocked/persistence.conf && sudo sed -i '$ a /home/amnesia/.local source=cwtch_install' /live/persistence/TailsData_unlocked/persistence.conf then reboot Tails for the changes to take effect, again with an Adminstration Password.
      • +
    +
  • Run the install script
      -
    • In the File Manager, enter to directory you just created, cwtch. Right click in the File Manager and select "Open a Terminal Here"
      • -
    • Run install-tails.sh
      • +
    • In the File Manager, enter the directory you just created, cwtch. Right click in the File Manager and select "Open a Terminal Here"
      • +
    • Run install-tails.sh and enter the Administration Password when prompted.
  • As the documentation specifies, "When launching, Cwtch on Tails should be passed the CWTCH_TAILS=true environment variable". In the Terminal, run:
    • exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch
    • -
  • How you use Cwtch depends on whether you have enabled Persistent Storage:
      -
    • With Persistent Storage disabled, configuration and profile data must be recovered from backup every session you need to use it. Backup `/home/amnesia/.cwtch/` to the personal data LUKS USB, and copy it back into /home/amnesia/ the next time you install Cwtch.
      • -
    • With Persistent Storage enabled and unlocked, in Terminal run sudo sed -i '$ a /home/amnesia/.cwtch source=cwtch' /live/persistence/TailsData_unlocked/persistence.conf and subsequently restart Tails unlocking Persistent Storage, then create cwtch profile(s).
      • -
    • Cwtch must be re-installed every session you need to use it. With Persistent Storage enabled and unlocked, installation can be made persistent though, in Terminal run sudo sed -i '$ a /home/amnesia/.local/lib/cwtch' source=cwtch_install
      • , restart Tails unlocking Persistent Storage and run install-tails.sh script once in order to persist the install. - -
    • Updates must be made manually - back up your profile first.
      • +
    • With Persistent Storage disabled, configuration and profile data must be recovered from backup every session you need to install Cwtch. Backup `/home/amnesia/.cwtch/` to the personal data LUKS USB, and copy it back into /home/amnesia/ the next time you install Cwtch.
      • +
    • Updates to new versions must be made manually - back up your profile first.

    • @@ -145,23 +148,25 @@ Some of [Signal Configuration and Hardening Guide](https://blog.privacyguides.or Signal Desktop on Whonix is not guaranteed to have Tor Stream Isolation from other applications in the same qube, so we will install it in a dedicated qube. Signal Desktop is installed in a Template, not an App qube (because it is available as a .deb from a third party repository). -* Go to **Applications menu > Qubes Tools > Qube Manager** +* Go to **Applications menu → Qubes Tools → Qube Manager** * Clone whonix-ws-16, and call it something like whonix-ws-16-signal. * We do this to not add attack surface to the base Whonix Workstation template. If you also install other messaging applications like Element Desktop, they could share a cloned template with a name like whonix-ws-16-e2ee -* Open a Terminal in the new Template: **Applications menu > Template: whonix-ws-16-signal: Xfce Terminal** +* Open a Terminal in the new Template: **Applications menu → Template: whonix-ws-16-signal: Xfce Terminal** * Run the commands in the [Signal install guide](https://www.signal.org/download/linux/) to install Signal Desktop in the Template. * Note that the layout of the Signal install guide is a bit confusing for users unfamiliar with the command line; `wget` and `cat` are separate commands, but `echo` in #2 is one command that is so long it takes two lines (which is why the second line is indented). * Template qubes require a proxy for `wget`. Before running the command, create a configuration file at `~/.wgetrc` in the Template, with the contents: -``` +```bash use_proxy = on http_proxy = 127.0.0.1:8082 https_proxy = 127.0.0.1:8082 ``` * [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-signal` and networking `sys-whonix`. -* In the new App qube's **Settings > Applications** tab, bring Signal into the Selected column, and press **OK**. +* In the new App qube's **Settings → Applications** tab, bring Signal into the Selected column, and press **OK**. * Updates will be handled by **Qubes Update** as you would expect. ->**Alternative:** You can install Signal Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Signal Desktop on Flathub is [community maintained](https://github.com/flathub/org.signal.Signal), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security). +>**Alternative** +> +>You can install Signal Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Signal Desktop on Flathub is [community maintained](https://github.com/flathub/org.signal.Signal), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security).

    @@ -175,7 +180,7 @@ https_proxy = 127.0.0.1:8082 * **Peer-to-peer**: No * **Tor**: Not default -Element is the name of the application (the client), and Matrix is the name of the network. A comparison to email may be helpful to understand it; Element is the equivalent of Thunderbird, whereas Matrix is the equivalent of the Simple Mail Transfer Protocol (SMTP) which underlies email. Element/Matrix is not peer-to-peer; you need to trust the server. However, unlike Signal, the servers are not centralized but rather federated - anyone can host their own. Unfortunately, the 'federation model' has the trade off that Matrix does [not have metadata protection](https://web.archive.org/web/https://serpentsec.1337.cx/matrix): "Federated networks are naturally more vulnerable to metadata leaks than peer-to-peer or centralized networks". To minimize this, see [Notes on the safe use of the Matrix service from Systemli](https://wiki.systemli.org/howto/matrix/privacy). +Element is the name of the application (the client), and Matrix is the name of the network. A comparison to email may be helpful to understand it; Element is the equivalent of Thunderbird, whereas Matrix is the equivalent of the Simple Mail Transfer Protocol (SMTP) which underlies email. Element/Matrix is not peer-to-peer; you need to trust the server. However, unlike Signal, the servers are not centralized but rather federated - anyone can host their own. Unfortunately, the 'federation model' has the trade off that Matrix does [not have metadata protection](https://web.archive.org/web/https://serpentsec.1337.cx/matrix): "Federated networks are naturally more vulnerable to metadata leaks than peer-to-peer or centralized networks". To minimize this, see [Notes on the safe use of the Matrix service from Systemli](https://wiki.systemli.org/en/howto/matrix/privacy). Element will work with Tor if it is used on an operating system that forces it; such as Whonix or Tails. @@ -185,7 +190,7 @@ Matrix can either be used through a web client (using Element Web on Tor Browser A matrix ID looks like @username:homeserver, so for example, @anarsec:riot.anarchyplanet.org. Just like email, you can message accounts that are on different homeservers. -As soon as you have logged in, go to **Settings > Security & Privacy**. +As soon as you have logged in, go to **Setting → Security & Privacy**. * You will see that under **Where you're signed in** it lists all signed-in devices. For anonymous use cases, you will generally only be signed-in on one device. * Scroll down to **Secure Backup**. This is a feature that allows you to verify a new session without having access to a signed-in device. Press **Set up**, then the **Generate a Security Key** choice. Save the Security Key in KeePassXC. This "Security Key" will be needed for logging into a new device or session. * For Element Desktop, you will only need to use the Security Key if you sign out. @@ -197,7 +202,9 @@ Some current limitations: * The Matrix protocol itself [theoretically](/glossary#forward-secrecy) supports [Forward Secrecy](/glossary#forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-meta/issues/1296) due to it breaking some aspects of the user experience such as key backups and shared message history. * Profile pictures, reactions, and nicknames are not encrypted. ->**Note**: You may have heard of **XMPP** (formerly called Jabber). XMPP has similar security properties to Matrix, but many clients don't support end-to-end encryption (via the OMEMO protocol) by default. Configuring a client properly is non-trivial. XMPP and Matrix leak similar amounts of metadata, but OMEMO has never been formally audited like the Matrix encryption protocol. Additionally, the administrator is able to act as a [man-in-the-middle](/glossary#man-in-the-middle-attack) on [any XMPP server](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/). For these reasons, we recommend using Matrix over XMPP. +>**Note** +> +>You may have heard of **XMPP** (formerly called Jabber). XMPP has similar security properties to Matrix, but many clients don't support end-to-end encryption (via the OMEMO protocol) by default. Configuring a client properly is non-trivial. XMPP and Matrix leak similar amounts of metadata, but OMEMO has never been formally audited like the Matrix encryption protocol. Additionally, the administrator is able to act as a [man-in-the-middle](/glossary#man-in-the-middle-attack) on [any XMPP server](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/). For these reasons, we recommend using Matrix over XMPP.
    Element Installation on GrapheneOS @@ -221,10 +228,10 @@ The easiest option is to use the Element web client on Tor Browser is a disposab To install Element Desktop, Whonix is not guaranteed to have Tor Stream Isolation from other applications in the same qube, so we will install it in a dedicated qube. Element Desktop is installed in a Template, not an App qube (because it is available as a .deb from a third party repository). -* Go to **Applications menu > Qubes Tools > Qube Manager** +* Go to **Applications menu → Qubes Tools → Qube Manager** * Clone whonix-ws-16, and call it something like whonix-ws-16-element. * We do this to not add attack surface to the base Whonix Workstation template. If you also install other messaging applications like Signal Desktop, they could share a cloned template with a name like whonix-ws-16-e2ee -* Open a Terminal in the new Template: **Applications menu > Template: whonix-ws-16-element: Xfce Terminal** +* Open a Terminal in the new Template: **Applications menu → Template: whonix-ws-16-element: Xfce Terminal** * Run the commands in the [Element install guide](https://element.io/download#linux) to install Element Desktop in the Template. * Template qubes require a proxy for `wget`. Before running the command, create a configuration file at `~/.wgetrc` in the Template, with the contents: ``` @@ -233,11 +240,13 @@ http_proxy = 127.0.0.1:8082 https_proxy = 127.0.0.1:8082 ``` * [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-element` and networking `sys-whonix`. -* In the new App qube's **Settings > Applications** tab, bring Element Desktop into the Selected column, and press **OK**. +* In the new App qube's **Settings → Applications** tab, bring Element Desktop into the Selected column, and press **OK**. * Updates will be handled by **Qubes Update** as you would expect. * Avoid pressing "Sign Out", simply shutdown the qube when finished. ->**Alternative:** You can install Element Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Element Desktop on Flathub is [community maintained](https://github.com/flathub/im.riot.Riot), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security). +>**Alternative** +> +>You can install Element Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Element Desktop on Flathub is [community maintained](https://github.com/flathub/im.riot.Riot), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security).

    @@ -251,8 +260,10 @@ https_proxy = 127.0.0.1:8082 * **Peer-to-peer**: No * **Tor**: Depends -PGP (Pretty Good Privacy) isn't so much a messaging platform as it is a way of encrypting messages on top of existing messaging platforms (in this case, email). PGP email is the only option presented which does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions against future compromises of keys or passwords. It maintains the secrecy of past communications even if the current one is compromised. This means that an adversary could decrypt all PGP messages in the future in one fell swoop. Once you also take into account the metadata exposure inherent in email, PGP should be disqualified from inclusion in this list. It simply doesn't meet the standards of a modern cryptography. However, given that it is already widely used within the anarchist space, we include it here as a warning that it is not recommended. For a more technical criticism, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). We recommend switching to Element for asynchronous use cases, and switching to Cwtch for synchronous use cases. If you need to use email, use a [radical server](https://riseup.net/en/security/resources/radical-servers) and see the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp). +PGP (Pretty Good Privacy) isn't so much a messaging platform as it is a way of encrypting messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions against future compromises of keys or passwords. It maintains the secrecy of past communications even if the current one is compromised. This means that an adversary could decrypt all PGP messages in the future in one fell swoop. Once you also take into account the metadata exposure inherent in email, PGP should be disqualified from inclusion in this list. It simply doesn't meet the standards of a modern cryptography. However, given that it is already widely used within the anarchist space, we include it here as a warning that it is not recommended. For a more technical criticism, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." -PGP is used for another purpose outside of communication: to verify the integrity of files. For this use, see our [GPG explanation](/posts/linux/#gpg-explanation). +We recommend switching to Element for asynchronous use cases, and switching to Cwtch for synchronous use cases. If you need to use email, use a [radical server](https://riseup.net/en/security/resources/radical-servers) and see the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp). + +PGP is used for another purpose outside of communication: to verify the integrity and authenticity of files. For this use, see our [GPG explanation](/posts/linux/#gpg-explanation).