Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-29 01:18:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

clarity and syntax edits

Browse source
This commit is contained in:
anarsec 2024-04-09 23:18:37 +00:00
parent 3660b0a2ec
commit 9a06111d64
No known key found for this signature in database
7 changed files with 106 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

103
content/posts/e2ee/index.md
View file

@ -15,28 +15,27 @@ letter = "e2ee-letter.pdf"
+++
There are several different options for [end-to-end encrypted](/glossary/#end-to-end-encryption-e2ee) communication, each with different trade-offs. This article provides an overview and installation instructions for Tails, Qubes OS, and GrapheneOS.
<!-- more -->
Before proceeding, there are a few concepts that need to be understood, in order to distinguish between the various options.
Before proceeding, lets go over a few concepts to help you distinguish between the different options.
* **End-to-end encryption** means that only you and the person you are communicating with can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* used and how it is implemented at the software level.
* **Metadata protection** means that the [*metadata*](/glossary/#metadata) (the data about the data) about the communication is obscured. Even if the message itself is encrypted, metadata can reveal who is communicating with whom, when, how often, the sizes of any files that may have been transferred, and so on. Metadata exposure is [a major concern](https://docs.cwtch.im/security/risk#threat-model).
* **Peer-to-peer** means that there is no centralized server to trust.
* **Tor** is an [anonymity network](/glossary/#tor-network), and some applications route your messages through it by default.
* **End-to-end encryption** means (in theory) that only you and the person you are communicating with can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* used and how it's implemented at the software level.
* **Metadata protection** means that the message [*metadata*](/glossary/#metadata) (the data about the data) is obscured. Even if the message itself is encrypted, metadata can reveal who is communicating with whom, when, how often, the sizes of any files that may have been transferred, and so on. Metadata exposure is [a major concern](https://docs.cwtch.im/security/risk#threat-model).
* **Peer-to-peer** means that the messages do not pass through a centralized server.
* **Tor** is an [anonymity network](/glossary/#tor-network). Some applications route your messages through Tor by default.
For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.notrace.how/resources/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar.
Anonymous public-facing projects have additional needs for encrypted communication, because they will be interacting with unknown (and untrusted) contacts:
* Anyone can contact the project without requiring a separate channel
Since anonymous public-facing projects such as counter-info websites interact with unknown (ie untrusted) contacts, they need more from encrypted communication than a personal user. These additional needs include:
* That anyone can contact the project
* Resiliency to [correlation attacks](/glossary/#correlation-attack)
* Resiliency to [exploits](/glossary/#exploit)
* Multiple project members can access the same messages
* For multiple project members to be able to access the same messages
The following options for encrypted messaging are listed from most metadata protection to least.
The following recommendations for encrypted messaging are listed in order of highest to lowest metadata protection.
**TLDR:**
* For text communication with other anarchists, prioritize Cwtch.
* For voice or video calls, use SimpleX Chat or Signal (with usernames).
* For anonymous public projects, PGP email is still the best option.
* Cwtch for text messages
* SimpleX Chat or Signal for voice or video calls
* PGP Email for anonymously-run public projects
# Cwtch
@ -48,7 +47,7 @@ The following options for encrypted messaging are listed from most metadata prot
* **Peer-to-peer**: Yes
* **Tor**: Yes
Cwtch is our preference, by a long shot. For an overview of how Cwtch works, watch the video below. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network, and stores everything locally on the device, encrypted.
Cwtch is our preference for text messages by a long shot. For an overview of how Cwtch works, watch the video below. Cwtch is designed with metadata protection in mind; it's peer-to-peer, uses the Tor network, and stores all data locally on the device, encrypted.
<br>
@ -60,7 +59,7 @@ Cwtch is our preference, by a long shot. For an overview of how Cwtch works, wat
<br>
Like all peer-to-peer communication, Cwtch requires *[synchronous](/glossary/#synchronous-communication)* communication, meaning that both peers must be online at the same time. However, its server feature also allows *[asynchronous](/glossary/#asynchronous-communication)* communication by providing offline delivery:
Like all peer-to-peer communication, Cwtch requires *[synchronous](/glossary/#synchronous-communication)* communication, meaning that both people must be online at the same time. However, its server feature also allows *[asynchronous](/glossary/#asynchronous-communication)* communication by providing offline delivery:
>"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch [servers](https://docs.cwtch.im/security/components/cwtch/server) which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it."
@ -74,23 +73,23 @@ You can learn more about how to use Cwtch with the [Cwtch Handbook](https://docs
## For Anonymous Public-facing Projects
**Anyone can contact the project without requiring a separate channel**
**Need #1: That anyone can contact the project**
Anyone can connect to a public Cwtch account when it is online. In the future, Cwtch bots that are semi-trusted (which are hosted on a Cwtch server) will enable first contact when the public Cwtch account is offline.
Anyone can connect to a public Cwtch account when it's online. If the account is offline, it's not currently possible to establish first contact, though this will be supported in the future.
Cwtch will reject connections from blocked contacts, and if the setting "Block Unknown Contacts" is enabled, you must be the one to add a contact in order to establish a connection. This greatly limits the kinds of features that untrusted contacts can access. However, this setting is less relevant for public projects that need to be able to be contacted by anyone.
**Resiliency to correlation attacks**
**Need #2: Resiliency to correlation attacks**
Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because of the ability of an adversary, once they know their target's ID on the messaging platform, to trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). "Appear Offline Mode" in Cwtch allows a user to selectively connect to trusted contacts and groups, while appearing offline to everyone else. An [issue](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/712) is open to further address this.
[Content padding exists](https://docs.cwtch.im/security/components/tapir/packet_format) to frustrate correlation attacks via message size.
**Resiliency to exploits**
**Need #3: Resiliency to exploits**
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Cwtch does [fuzz testing](https://openprivacy.ca/discreet-log/07-fuzzbot/) to find bugs. For public-facing project accounts, we recommend that you do not enable the "file sharing experiment" or the "image previews and profile pictures experiment" in the settings.
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Cwtch does [fuzz testing](https://openprivacy.ca/discreet-log/07-fuzzbot/) to find bugs. For public-facing project accounts, we recommend against enabling the "file sharing experiment" or the "image previews and profile pictures experiment" in the settings.
**Multiple project members can access the same messages**
**Need #4: For multiple project members to be able to access the same messages**
If a project has multiple members, all of them should be able to access the same messages independently. Currently, this is not possible with Cwtch.
@ -108,7 +107,7 @@ If a project has multiple members, all of them should be able to access the same
</summary>
<br>
Install Cwtch as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid).
Install Cwtch the same way you would install any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid).
<br>
</details>
@ -128,7 +127,7 @@ Cwtch support for Tails is very new and not thoroughly tested.
* Verify your download
* Open the folder using the Tor Browser's download icon
* Right-click in the file manager and select "Open a Terminal Here"
* Run `sha512sum cwtch-VERSION-NUMBER.tar.gz` (replace the version number as appropriate)
* Run `sha512sum cwtch-VERSION-NUMBER.tar.gz` (fill in the version number)
* Compare the hash of the file to what is listed on the download page
* According to our [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), personal data should be stored on a second LUKS USB and Persistent Storage should not be enabled. Extract the file with the file manager (right click, select "Extract Here"), then copy the `cwtch` folder to such a personal data LUKS USB.
* OPTIONAL - If you enable Persistent Storage: with Persistent Storage unlocked, in Terminal run `sudo sed -i '$ a /home/amnesia/.cwtch source=cwtch' /live/persistence/TailsData_unlocked/persistence.conf && sudo sed -i '$ a /home/amnesia/.local source=cwtch_install' /live/persistence/TailsData_unlocked/persistence.conf` then restart Tails for the changes to take effect, again with an Adminstration Password.
@ -138,7 +137,7 @@ Cwtch support for Tails is very new and not thoroughly tested.
* As the [documentation](https://docs.cwtch.im/docs/platforms/tails) states, "When launching, Cwtch on Tails should be passed the CWTCH_TAILS=true environment variable". In the Terminal, run:
* `exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch`
* With Persistent Storage disabled, configuration and profile data must be restored from backup every session you need to install Cwtch. Backup `/home/amnesia/.cwtch/` to the personal data LUKS USB, and copy it back to `/home/amnesia/` the next time you install Cwtch.
* Updates to new versions must be done manually - back up your profile first.
* Updates to new versions must be done manually - back up your profile before updating.
<br>
</details>
@ -170,33 +169,33 @@ Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwt
SimpleX Chat functions without persistent user IDs, which creates strong metadata protection. This means that an adversary can't easily observe how users are connected to each other in a network. This is possible because connection requests work by sharing an invitation link that is communicated through a separate channel, or in person. When connecting to another user you have the choice to use "Incognito mode", which creates a new random profile for each contact. This avoids sharing any data between contacts.
As a design choice to facilitate asynchronous communication, SimpleX Chat is not peer-to-peer - it uses decentralized servers that [anyone can host](https://simplex.chat/docs/server.html) and does not rely on any centralized component. Servers do not store any user information (no user profiles or contacts, or messages once they are delivered), and primarily use in-memory persistence. To understand what a server can and cannot see, read the [threat model](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#simplex-messaging-protocol-server). Your data can be exported and then imported onto another device, as there are no central servers where this is backed up.
As a design choice to facilitate asynchronous communication, SimpleX Chat is not peer-to-peer - it uses decentralized servers that [anyone can host](https://simplex.chat/docs/server.html) and does not rely on any centralized component. Servers do not store any user information (no user profiles or contacts, or messages once they are delivered), and primarily use in-memory persistence. To understand what a server can and cannot see, read the [threat model](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#simplex-messaging-protocol-server).
Due to needing to [place some trust in the SimpleX servers](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#trust-in-servers), **we recommend prioritizing Cwtch over SimpleX Chat for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls**. Unlike Signal, SimpleX Chat doesn't require a phone number or smartphone.
Since SimpleX requires that users [place some trust in the SimpleX servers](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#trust-in-servers), **we recommend prioritizing Cwtch over SimpleX Chat for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls**. Unlike Signal, SimpleX Chat doesn't require a phone number or smartphone.
If SimpleX is served with a warrant, their [privacy policy](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md) is quite specific. Servers have the [records of the message queues](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md#connections-with-other-users) and any [undelivered encrypted messages](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md#messages-and-files) - no data is stored that links the queues or messages to particular users, and the data which is stored is not very useful without access to the user's device. SimpleX Chat doesn't have to use the default SimpleX servers.
If SimpleX is served with a warrant, their [privacy policy](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md) is quite specific. Servers have the [records of the message queues](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md#connections-with-other-users) and any [undelivered encrypted messages](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md#messages-and-files) - no data is stored that links the queues or messages to particular users, and the data which is stored is not very useful without access to the user's device.
SimpleX Chat will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. However, voice and video calls are generally not very functional over Tor with any application due to the latency Tor will introduce.
SimpleX Chat will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. However, voice and video calls generally don't work very well over Tor regardless of which application you use.
You can learn more about how to use SimpleX Chat with their [guide](https://simplex.chat/docs/guide/readme.html).
## For Anonymous Public-facing Projects
**Anyone can contact the project without requiring a separate channel**
**Need #1: That anyone can contact the project**
Unlike the one-time invitation links that are normally used by SimpleX Chat and shared through a separate channel, you also have a [long term address](https://simplex.chat/docs/guide/app-settings.html#your-profile-settings) that can be published online so that anyone can connect to you. We recommend not enabling "Auto-accept".
Unlike the one-time invitation links that are normally used by SimpleX Chat and shared through a separate channel, you also have a [long term address](https://simplex.chat/docs/guide/app-settings.html#your-profile-settings) that can be published online so that anyone can connect to you. We recommend against enabling "Auto-accept".
**Resiliency to correlation attacks**
**Need #2: Resiliency to correlation attacks**
Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because of the ability of an adversary, once they know their target's ID on the messaging platform, to trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). An [issue](https://github.com/simplex-chat/simplex-chat/issues/3197) is open to address this. Message "mixing" is also [planned](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations).
Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because once an adversary knows their target's ID on the messaging platform, they can trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). An [issue](https://github.com/simplex-chat/simplex-chat/issues/3197) is open to address this. Message "mixing" is also [planned](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations).
[Content padding exists](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations) to frustrate correlation attacks via message size.
**Resiliency to exploits**
**Need #3: Resiliency to exploits**
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). For public-facing project accounts, we recommend that you set SimpleX Chat preferences to only allow text (prohibiting voice messages and attachments).
**Multiple project members can access the same messages**
**Need #4: For multiple project members to be able to access the same messages**
If a project has multiple members, all of them should be able to access the same messages independently. Currently, this is not possible with SimpleX Chat.
@ -208,7 +207,7 @@ If a project has multiple members, all of them should be able to access the same
</summary>
<br>
Install SimpleX Chat as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). If you are using SimpleX Chat from behind a VPN (as [we recommend](/posts/grapheneos/#how-to-install-software)) then the default relay for calls is redundant and can be turned off: **Settings → Audio & video calls**, disable **Always use relay**
Install SimpleX Chat the same way you would install any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). If you're using a VPN (as [we recommend](/posts/grapheneos/#how-to-install-software)) then the default relay for calls is redundant and can be turned off to improve call quality: **Settings → Audio & video calls**, disable **Always use relay**
<br>
</details>
@ -221,13 +220,13 @@ Install SimpleX Chat as you would any [app that doesn't require Google Services]
</summary>
<br>
* Start Tails with an Adminstration Password.
* Start Tails with an Administration Password.
* Download the [AppImage](https://simplex.chat/downloads/#desktop-app) with Tor Browser
* According to our [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), personal data should be stored on a second LUKS USB and Persistent Storage should not be enabled. Copy the .AppImage file to such a personal data LUKS USB.
* Make the AppImage executable
* In the File Manager, browse to the directory with the file. Right click in the File Manager and select "Open a Terminal Here"
* Run `chmod +x simplex-desktop-x86_64.AppImage` and enter the Administration Password when prompted.
* To launch, in the Terminal, run:
* To launch run the following command in the Terminal:
* `./simplex-desktop-x86_64.AppImage`
* With Persistent Storage disabled, configuration and profile data must be restored from backup every session. Backup `/home/amnesia/.local/share/simplex` to the personal data LUKS USB, and copy it back to `/home/amnesia/.local/share` in your next session.
@ -243,7 +242,7 @@ Install SimpleX Chat as you would any [app that doesn't require Google Services]
</summary>
<br>
SimpleX Chat on Whonix is not guaranteed to have Tor [Stream Isolation](/posts/qubes/#whonix-and-tor) from other applications in the same qube, so we will install it in a dedicated qube. SimpleX Chat is installed in an App qube, not a Template (because it is an AppImage).
SimpleX Chat on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#whonix-and-tor) from other applications in the same qube, so we will install it in a dedicated qube. SimpleX Chat is installed in an App qube, not a Template (because it is an AppImage).
* Download the [AppImage](https://simplex.chat/downloads/#desktop-app) using Tor Browser in a disposable Whonix qube.
* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16` and networking `sys-whonix`.
@ -272,23 +271,23 @@ The Signal Protocol has a moderate amount of metadata protection; [sealed sender
Signal is not peer-to-peer; it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails.
Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must still control - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained - most people will not do this.
Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must retain control of - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained as long as youre using it, which takes some technical know-how and likely some money, limiting the amount of people who will do this.
Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously.
These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.notrace.how/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number.
These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.notrace.how/threat-library/techniques/house-raid.html) or arrests. For example, if police bypass your device's [authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), they can identify Signal contacts (as well as the members of any groups you are in) simply by their phone numbers, if those contacts haven't changed their settings to hide their phone number.
In a recent [repressive operation in France against a riotous demonstration](https://www.notrace.how/resources/read/lafarge-case-the-investigation-methods-used.html#header-access-to-phone-contents-during-and-after-police-custody), the police did exactly that. The phones of suspects were accessed through physically seizing them during arrests and house raids, as well as through spyware, and then Signal contacts and group members were identified. These identities were added to the list of suspects who were subsequently investigated.
In a recent [repressive operation in France against a riotous demonstration](https://www.notrace.how/resources/read/lafarge-case-the-investigation-methods-used.html#header-access-to-phone-contents-during-and-after-police-custody), the police did exactly that. Police seized suspects' phones during arrests and house raids, as well as targeting them through spyware, and then identified Signal contacts and group members. These identities were added to the list of suspects who were subsequently investigated.
A compromised device contributing to network mapping is partly mitigated by the [username feature](https://community.signalusers.org/t/public-username-testing-staging-environment/56866) - use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor, then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this.
The risk of a compromised device aiding the police in network mapping is partly mitigated by the [username feature](https://community.signalusers.org/t/public-username-testing-staging-environment/56866) - use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor, then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this.
A company that sells spyware to governments has a product called JASMINE that is [marketed to deanonymize Signal users](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products), based on the analysis of metadata.
A private company that sells spyware to governments has a product called JASMINE that is [marketed to deanonymize Signal users](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products), based on the analysis of metadata.
>In its targeted interception mode which starts from a single target JASMINE has claimed it is able to identify communicating parties in encrypted but peer-to-peer applications [...] the JASMINE documentation explicitly claims support for identifying the IP addresses of participants in encrypted apps such as WhatsApp and Signal during voice and video calls where peer-to-peer connections are also used for calling by default.
>
>The JASMINE documentation also explains that by analysing encrypted traffic “events” for a whole country in mass interception mode JASMINE has the ability to correlate and identify the participants in encrypted group chats on messaging apps.
A similar surveillance product would not work against Cwtch because it uses Tor by default. Without a Tor or VPN proxy, an adversary can see that you are connecting to Signal servers which is what enables this type of timing correlation attack. Although it is possible to configure Signal to use a VPN or Tor, it is opt-in so will always be a minority of users.
A similar surveillance product would not work against Cwtch because it uses Tor by default. Without a Tor or VPN proxy, an adversary can see that you are connecting to Signal servers which is what enables this type of timing correlation attack. Although it is possible to configure Signal to use a VPN or Tor, it is opt-in so most people will not use it like this.
Signal was designed to bring encrypted communication to the masses, not for an anarchist threat model. Because it's very difficult to register for Signal anonymously, and because you must first install Signal on a phone to use it on a computer, **we recommend prioritizing Cwtch over Signal for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls.** For the same reasons, Signal is not well-suited for anonymous public-facing projects.
@ -300,10 +299,10 @@ Signal was designed to bring encrypted communication to the masses, not for an a
</summary>
<br>
We recommend the [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/). As noted above, unless you are familiar with the [Command Line Interface](/glossary/#command-line-interface-cli), Signal needs to be registered on a smartphone before it can be connected to a computer. Install Signal as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). If you are using Signal from behind a VPN (as [we recommend](/posts/grapheneos/#how-to-install-software)) then a relay for calls is redundant and should be turned off: **Settings → Privacy → Advanced**, disable **Always relay calls**
We recommend the [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/). As noted above, unless you are familiar with the [Command Line Interface](/glossary/#command-line-interface-cli), Signal needs to be registered on a smartphone before it can be connected to a computer. Install Signal the same way you would install any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). If you are using Signal from behind a VPN (as [we recommend](/posts/grapheneos/#how-to-install-software)) then a relay for calls is redundant and should be turned off: **Settings → Privacy → Advanced**, disable **Always relay calls**
[Molly-FOSS](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/#molly-android) is a fork of Signal with hardening and anti-forensic features available on Android - we recommend it over Signal for anarchists, and extending trust to the Molly team is made easier by its [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds). Follow the instructions for [installing software that isn't available in the Play Store](/posts/grapheneos/#software-that-isn-t-on-the-play-store). You can [migrate from an existing Signal account](https://github.com/mollyim/mollyim-android#compatibility-with-signal). Turn on database encryption.
[Molly-FOSS](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/#molly-android) is a fork of Signal with hardening and anti-forensic features available on Android - we recommend it over Signal, and trusting the Molly team is made easier by its [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds). Follow the instructions for [installing software that isn't available in the Play Store](/posts/grapheneos/#software-that-isn-t-on-the-play-store). You can [migrate from an existing Signal account](https://github.com/mollyim/mollyim-android#compatibility-with-signal). Turn on database encryption.
<br>
</details>
@ -338,7 +337,7 @@ Some of the [Signal Configuration and Hardening Guide](https://blog.privacyguide
* Go to **Applications menu → Qubes Tools → Qube Manager**
* Clone whonix-ws-16 and name it something like whonix-ws-16-signal.
* We do this so as not to add attack surface to the base Whonix Workstation template. If you also install other messaging applications, they could share a cloned template with a name like whonix-ws-16-e2ee
* We do this to avoid adding attack surface to the base Whonix Workstation template. If you also install other messaging applications, they could share a cloned template with a name like whonix-ws-16-e2ee
* Open a Terminal in the new Template: **Applications menu → Template: whonix-ws-16-signal: Xfce Terminal**
* Run the commands in the [Signal installation guide](https://www.signal.org/download/linux/) to install Signal Desktop in the Template.
* Note that the layout of the Signal installation guide is a bit confusing for users unfamiliar with the command line; `wget` and `cat` are separate commands, but `echo` in #2 is a command so long that it takes two lines (which is why the second line is indented).
@ -371,29 +370,29 @@ https_proxy = 127.0.0.1:8082
* **Peer-to-peer**: No
* **Tor**: Not default
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all future PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP simply doesn't meet the standards of modern cryptography. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." **We recommend that anarchists don't use PGP email for communication with other anarchists**.
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all past PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP simply doesn't meet the standards of modern cryptography. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." **We recommend that anarchists still using PGP email for communication use Cwtch groups instead.**
**There is an exception: for anonymous public-facing projects, we still recommend using PGP email** because it is the best option that meets the additional needs required by a public account. Use a [radical server](https://riseup.net/en/security/resources/radical-servers) that doesn't require an invite code and read the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
## For Anonymous Public-facing Projects
**Anyone can contact the project without requiring a separate channel**
**Need #1: That anyone can contact the project**
Anyone can send a message to a public email account regardless of whether the recipient is online or offline.
**Resiliency to correlation attacks**
**Need #2: Resiliency to correlation attacks**
Email is not a real-time messaging application - this means that it is not particularly susceptible to end-to-end correlation attacks via time.
No content padding exists to frustrate correlation attacks via message size in email protocols, but if you access the mail servers through Tor then the traffic is padded.
**Resiliency to exploits**
**Need #3: Resiliency to exploits**
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Email can be accessed through webmail (via Tor Browser) or through a client like Thunderbird - these have different attack surfaces. For example, a Cwtch developer found an exploit to [turn Thunderbird into a decryption oracle](https://pseudorandom.resistant.tech/disclosing-security-and-privacy-issues-in-thunderbird.html) when it displays messages with HTML.
We recommend using Thunderbird (which is available in Tails and Qubes-Whonix by default) with the setting to display email as "Plain Text" rather than as HTML: View → Message Body As → Plain Text. Most webmail will not function with Tor Browser in "Safest" mode.
**Multiple project members can access the same messages**
**Need #4: For multiple project members to be able to access the same messages**
If a project has multiple members, all of them should be able to access the same messages independently. This is straight forward with email, if all project members have the email password and the private PGP key.