e2ee edits

content/posts/e2ee/index.md

@@ -213,7 +213,7 @@ Signing up for a Signal account is difficult to do anonymously. The account is t
 
 Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously. 
 
-These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number. This is a serious security breach, especially in the context of Signal groups, and is **unavoidable due to the way Signal is designed**. Compare this to the same attack on a Cwtch or SimpleX Chat user - all contacts are anonymous so device compromise does not contribute to network mapping. 
+These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number. This is a serious security breach, especially in the context of Signal groups. Compare this to the same attack on a Cwtch or SimpleX Chat user - all contacts are anonymous so device compromise does not contribute to network mapping. 
 
 In a recent repressive operation in France against a riotous demonstration, the police did exactly that. The phones of suspects were accessed through physically seizing them during arrests and house raids, as well as through spyware, and then Signal contacts and group members were identified. These identities were added to the list of suspects who were subsequently investigated. **We need to understand this as a wake-up call that it is time for anarchist networks to stop using Signal**. 
 
@@ -320,7 +320,7 @@ Anyone can send a message to a public email account regardless of whether the re
 
 Email is not a real-time messaging application - this means that it is not particularly susceptible to end-to-end correlation attacks via time. 
 
-No content padding exists to frustrate correlation attacks via message size, but the asynchronous nature of email largely mitigates this. 
+No content padding exists to frustrate correlation attacks via message size in email protocols, but if you access the mail servers through Tor then the traffic is padded. 
 
 **Resiliency to exploits from untrusted contacts**