Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-08 14:52:54 -04:00
Code Issues Projects Releases Packages Wiki Activity

e2ee update

Browse source
This commit is contained in:
anarsec 2024-04-16 21:35:50 +00:00
parent 3c2946baac
commit af1bc7fc97
No known key found for this signature in database
4 changed files with 26 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
content/glossary/_index.md
View file

@ -142,7 +142,7 @@ Phishing is a technique of [social engineering](/glossary/#social-engineering).
A physical attack is a situation where an adversary first gains physical access to your device through loss, theft, or confiscation. For example, your phone may be confiscated when you cross a border or are arrested. This is in contrast to a [remote attack](/glossary/#remote-attacks).
For more information, see [Making Your Electronics Tamper-Evident](/posts/tamper), the [Threat Library](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/physical-access.html), and [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/).
For more information, see [Making Your Electronics Tamper-Evident](/posts/tamper), the [Threat Library](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/physical-access.html), and [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/).
### Plausible deniability
@ -206,7 +206,7 @@ For more information, see [Tails for Anarchists](/posts/tails).
Threat modeling is a family of activities for improving security by identifying a set of adversaries, [security goals](/glossary/#security-goal), and [vulnerabilities](/glossary/#vulnerability), and then defining countermeasures to prevent or mitigate the effects of threats to the system. A threat is a potential or actual undesirable event that can be malicious (such as a [DDoS attack](/glossary/#ddos-attack)) or accidental (such as a hard drive failure). Threat modeling is the deliberate activity of identifying and assessing threats and vulnerabilities.
For more information, see [the No Trace Project Threat Library](https://www.notrace.how/threat-library/), [Defend Dissent: Digital Threats to Social Movements](https://open.oregonstate.education/defenddissent/chapter/digital-threats/) and [Defending against Surveillance and Suppression](https://open.oregonstate.education/defenddissent/chapter/surveillance-and-suppression/).
For more information, see [the No Trace Project Threat Library](https://notrace.how/threat-library/), [Defend Dissent: Digital Threats to Social Movements](https://open.oregonstate.education/defenddissent/chapter/digital-threats/) and [Defending against Surveillance and Suppression](https://open.oregonstate.education/defenddissent/chapter/surveillance-and-suppression/).
### Tor network

38
content/posts/e2ee/index.md
View file

@ -67,7 +67,7 @@ Once the server exists, contacts can be invited to use it. For asynchronous dire
Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, as the device must remain powered on for it to work. Fortunately, [Anarchy Planet](https://anarchyplanet.org/chat.html#cwtch) runs a public server that is suitable for long-term groups.
Asynchronous conversations on Cwtch need to be started from a synchronous conversation — you need to be online at the same time as your contact to invite them to a group, and then you no longer need to be online at the same time. In the future, Cwtch plans to improve this with [hybrid groups](https://docs.cwtch.im/blog/path-to-hybrid-groups/). Until this is implemented, you will need to establish your asynchronous Cwtch conversations by using a second channel to set a time for when you both need be on Cwtch.
Asynchronous conversations on Cwtch need to be started from a synchronous conversation — in other words, you need to be online at the same time as your contact to invite them to a group, and then you no longer need to be online at the same time. This "first contact" dynamic is not unique to Cwtch, but is present in all peer-to-peer applications. In the future, Cwtch plans to improve this with [hybrid groups](https://docs.cwtch.im/blog/path-to-hybrid-groups/). Until hybrid groups are implemented, you will need to establish your asynchronous Cwtch conversations by using a second channel to set a time when you will both be online.
You can learn more about how to use Cwtch with the [Cwtch Handbook](https://docs.cwtch.im/).
@ -77,8 +77,6 @@ You can learn more about how to use Cwtch with the [Cwtch Handbook](https://docs
Anyone can connect to a public Cwtch account when it's online. If the account is offline, it's not currently possible to establish first contact, though this will be supported in the future.
Cwtch will reject connections from blocked contacts, and if the setting "Block Unknown Contacts" is enabled, you must be the one to add a contact in order to establish a connection. This greatly limits the kinds of features that untrusted contacts can access. However, this setting is less relevant for public projects that need to be able to be contacted by anyone.
**Need #2: Resiliency to correlation attacks**
Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because of the ability of an adversary, once they know their target's ID on the messaging platform, to trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). "Appear Offline Mode" in Cwtch allows a user to selectively connect to trusted contacts and groups, while appearing offline to everyone else. An [issue](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/712) is open to further address this.
@ -99,6 +97,8 @@ If a project has multiple members, all of them should be able to access the same
>
>[**OnionShare**](https://docs.onionshare.org/2.6/en/features.html#chat-anonymously) has a chat feature that creates an ephemeral peer-to-peer chat room that is routed over the Tor network. The metadata protection works in the same way as Cwtch; it uses the Tor network as a shield and stores everything (ephemerally) locally on the device running OnionShare. OnionShare doesnt implement any chat encryption on its own — it relies on the Tor onion services encryption. Cwtch and Briar both have more features (including the additional Tapir and BTP encryption protocols). The only advantage of OnionShare is that it is installed on Tails by default.
## Installation
<details>
<summary>
@ -191,6 +191,8 @@ A vulnerability in any application can be targeted with exploits — a severe vu
If a project has multiple members, all of them should be able to access the same messages independently. Currently, this is not possible with SimpleX Chat.
## Installation
<details>
<summary>
@ -235,11 +237,10 @@ Install SimpleX Chat the same way you would install any [app that doesn't requir
SimpleX Chat on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#whonix-and-tor) from other applications in the same qube, so we will install it in a dedicated qube. SimpleX Chat is installed in an App qube, not a Template (because it is an AppImage).
* Download the [AppImage](https://simplex.chat/downloads/#desktop-app) using Tor Browser in a disposable Whonix qube.
* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16` and networking `sys-whonix`.
* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-workstation-17` and networking `sys-whonix`.
* Copy the file to your new App qube
* Make the AppImage executable
* In the File Manager, browse to the directory with the file. Right click in the File Manager and select "Open a Terminal Here"
* Run `chmod +x simplex-desktop-x86_64.AppImage`
* In the File Manager, right-click "Properties". Under "Permissions", enable "Allow this file to run as a program".
* Reboot the App qube for SimpleX Chat to show up in the **Settings > Applications** tab
<br>
@ -257,19 +258,19 @@ SimpleX Chat on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#w
* **Peer-to-peer**: No
* **Tor**: Not default
The Signal Protocol has a moderate amount of metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only stored on Signal's servers for as long as it takes to deliver each message. As a result, if Signal is served with a warrant, they [will only be able to provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to the Signal servers. Still, Signal relies on the Google Services Framework (though it's possible to use it without it), and the sealed sender metadata protection applies only to contacts (by default).
The Signal Protocol has a moderate amount of metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only stored on Signal's servers for as long as it takes to deliver each message. As a result, if Signal is served with a warrant, they [will only be able to provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to the Signal servers. Still, Signal relies on the Google Services Framework (though it's possible to use Signal without it), and the sealed sender metadata protection applies only to contacts (by default).
Signal is not peer-to-peer; it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails.
Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must retain control of — due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained as long as youre using it, which takes some technical know-how and likely some money, limiting the amount of people who will do this.
Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must retain control of — due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained as long as youre using it, which takes some technical know-how and money, limiting the amount of people who will do this.
Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](https://0xacab.org/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously.
These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://notrace.how/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://notrace.how/threat-library/techniques/house-raid.html) or arrests. For example, if police bypass your device's [authentication](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), they can identify Signal contacts (as well as the members of any groups you are in) simply by their phone numbers, if those contacts haven't changed their settings to hide their phone number.
In a recent [repressive operation in France against a riotous demonstration](https://notrace.how/resources/read/lafarge-case-the-investigation-methods-used.html#header-access-to-phone-contents-during-and-after-police-custody), the police did exactly that. Police seized suspects' phones during arrests and house raids, as well as targeting them through spyware, and then identified Signal contacts and group members. These identities were added to the list of suspects who were subsequently investigated.
In a recent [repressive operation in France against a riotous demonstration](https://notrace.how/resources/read/lafarge-case-the-investigation-methods-used.html#header-access-to-phone-contents-during-and-after-police-custody), the police did exactly that. Police got physical access to suspects' phones during arrests and house raids, remote access through spyware, and then identified Signal contacts and group members. These identities were added to the list of suspects who were subsequently investigated.
The risk of a compromised device aiding the police in network mapping is partly mitigated by the [username feature](https://signal.org/blog/phone-number-privacy-usernames/) — use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. We recommend that you select a username and profile photo that won't be useful for establishing your identity. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor, then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this.
The risk of a compromised device aiding the police in network mapping is partly mitigated by the [username feature](https://signal.org/blog/phone-number-privacy-usernames/) — use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. We recommend that you select a profile name and photo that won't be useful for establishing your identity. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor, then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this.
A private company that sells spyware to governments has a product called JASMINE that is [marketed to deanonymize Signal users](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products), based on the analysis of metadata.
@ -281,6 +282,8 @@ A similar surveillance product would not work against Cwtch because it uses Tor
Signal was designed to bring encrypted communication to the masses, not for an anarchist threat model. Because it's very difficult to register for Signal anonymously, and because you must first install Signal on a phone to use it on a computer, **we recommend prioritizing Cwtch over Signal for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls.** For the same reasons, Signal is not well-suited for anonymous public-facing projects.
## Installation
<details>
<summary>
@ -326,9 +329,9 @@ Signal Desktop on Whonix is not guaranteed to have Tor [Stream Isolation](/posts
Some of the [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) also applies to Signal Desktop.
* Go to **Applications menu → Qubes Tools → Qube Manager**
* Clone whonix-ws-16 and name it something like whonix-ws-16-signal.
* We do this to avoid adding attack surface to the base Whonix Workstation template. If you also install other messaging applications, they could share a cloned template with a name like whonix-ws-16-e2ee
* Open a Terminal in the new Template: **Applications menu → Template: whonix-ws-16-signal: Xfce Terminal**
* Clone whonix-workstation-17 and name it something like whonix-workstation-17-signal.
* We do this to avoid adding attack surface to the base Whonix Workstation template. If you also install other messaging applications, they could share a cloned template with a name like whonix-workstation-17-e2ee
* Open a Terminal in the new Template: **Applications menu → Template: whonix-workstation-17-signal: Xfce Terminal**
* Run the commands in the [Signal installation guide](https://www.signal.org/download/linux/) to install Signal Desktop in the Template.
* Note that the layout of the Signal installation guide is a bit confusing for users unfamiliar with the command line; `wget` and `cat` are separate commands, but `echo` in #2 is a command so long that it takes two lines (which is why the second line is indented).
* Template qubes require a proxy for `wget`. Before running the command, create a configuration file at `~/.wgetrc` in the Template, with the following contents:
@ -337,7 +340,7 @@ use_proxy = on
http_proxy = 127.0.0.1:8082
https_proxy = 127.0.0.1:8082
```
* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-ws-16-signal` and networking `sys-whonix`.
* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-workstation-17-signal` and networking `sys-whonix`.
* In the **Settings → Applications** tab of the new App qube, move Signal to the Selected column and press **OK**.
* Updates will be handled by **Qubes Update** as you would expect.
@ -365,9 +368,9 @@ https_proxy = 127.0.0.1:8082
* **Peer-to-peer**: No
* **Tor**: Not default
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all past PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP simply doesn't meet the standards of modern cryptography. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." **We recommend that anarchists still using PGP email for communication use Cwtch groups instead.**
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all past PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP simply doesn't meet the standards of modern cryptography. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." **We recommend that anarchists still using PGP email use Cwtch groups instead.**
**There is an exception: for anonymous public-facing projects, we still recommend using PGP email** because it is the best option that meets the additional needs required by a public account. Use a [radical server](https://riseup.net/en/security/resources/radical-servers) that doesn't require an invite code and read the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
**There is an exception: for anonymous public-facing projects, we still recommend using PGP email** because it is currently the best option that meets the additional needs required by a public account. Use a [radical server](https://riseup.net/en/security/resources/radical-servers) that doesn't require an invite code. You can learn more about how to use PGP email with the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
## For Anonymous Public-facing Projects
@ -385,7 +388,7 @@ No content padding exists to frustrate correlation attacks via message size in e
A vulnerability in any application can be targeted with exploits — a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Email can be accessed through webmail (via Tor Browser) or through a client like Thunderbird — these have different attack surfaces. For example, a Cwtch developer found an exploit to [turn Thunderbird into a decryption oracle](https://pseudorandom.resistant.tech/disclosing-security-and-privacy-issues-in-thunderbird.html) when it displays messages with HTML.
We recommend using Thunderbird (which is available in Tails and Qubes-Whonix by default) with the setting to display email as "Plain Text" rather than as HTML: View → Message Body As → Plain Text. Most webmail will not function with Tor Browser in "Safest" mode.
We recommend using Thunderbird (which is available in Tails and Qubes-Whonix by default) with the setting to display email as "Plain Text" rather than as HTML: **View → Message Body As → Plain Text**. Most webmail will not function with Tor Browser in "Safest" mode.
**Need #4: For multiple project members to be able to access the same messages**
@ -400,6 +403,7 @@ If a project has multiple members, all of them should be able to access the same
# Warnings
We do *not* recommend:
* **Telegram**: Telegram has no end-to-end encryption for group chats, and it is opt-in for one-on-one chats. The encryption doesn't use established protocols, and has had cryptographers describe it as ["the most backdoor-looking bug Ive ever seen"](https://words.filippo.io/dispatches/telegram-ecdh/).
* **Matrix/Element**: Matrix has a problem that is inherent in federated networks — terrible [metadata leakage](https://anarc.at/blog/2022-06-17-matrix-notes/#metadata-handling) and [data ownership](https://anarc.at/blog/2022-06-17-matrix-notes/#data-retention-defaults). It has no forward secrecy, the Element client has a large attack surface, and there is a [long list of other issues](https://telegra.ph/why-not-matrix-08-07). What's more, the developers are very friendly with various [national police agencies](https://element.io/blog/bundesmessenger-is-a-milestone-in-germanys-ground-breaking-vision/).
* **XMPP Clients**: Regardless of the client, an XMPP server will [always be able to see your contact list](https://coy.im/documentation/security-threat-model/). Additionally, server-side parties (e.g., administrators, attackers, law enforcement) can [inject arbitrary messages, modify address books, log passwords in cleartext](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/) and [act as a man-in-the-middle](https://notes.valdikss.org.ru/jabber.ru-mitm/).

2
content/recommendations/_index.md
View file

@ -8,7 +8,7 @@ paginate_by = 5
Our recommendations are intended for all anarchists and they are accompanied by guides for putting the advice into practice.
An anarchist threat model needs to protect against State-level adversaries that seek to achieve [targeted digital surveillance](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance.html) for [incrimination](https://www.notrace.how/threat-library/tactics/incrimination.html) or [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html). Our goal is to obscure the visibility of our enemies into our lives and projects, and to leave no trace when relevant. Technology is hostile terrain.
An anarchist threat model needs to protect against State-level adversaries that seek to achieve [targeted digital surveillance](https://notrace.how/threat-library/techniques/targeted-digital-surveillance.html) for [incrimination](https://notrace.how/threat-library/tactics/incrimination.html) or [network mapping](https://notrace.how/threat-library/techniques/network-mapping.html). Our goal is to obscure the visibility of our enemies into our lives and projects, and to leave no trace when relevant. Technology is hostile terrain.
We agree with the conclusion of an overview of [targeted surveillance measures in France](https://actforfree.noblogs.org/post/2023/07/24/number-of-the-day-89502-preventive-surveillance-measures-france/): "So lets be clear about our responsibilities: if we knowingly bring a networked device equipped with a microphone and/or a camera (cell phone, baby monitor, computer, car GPS, networked watch, etc.) close to a conversation in which “private or confidential words are spoken” and must remain so, even if it's switched off, we become a potential state informer…"

4
layout/python/anarsec_article_to_pdf.py
View file

@ -125,7 +125,7 @@ class Converter:
# Add recommendations to the Markdown content
recommendations = re.search(r'\+{3}.*?\+{3}(.*)', recommendations_file.open().read(), re.MULTILINE | re.DOTALL).group(1)
markdown_content += f"\n\n# Recommendations\n\n{recommendations}\n\n"
markdown_content += f"\n\n# Appendix: Recommendations\n\n{recommendations}\n\n"
# Make all images paths relative in the Markdown content
for extension in ["jpg", "png", "webp", "jpeg", "gif"]:
@ -141,7 +141,7 @@ class Converter:
# Add glossary entries to the Markdown content
if glossary_entries:
markdown_content += "\n\n# Glossary\n\n"
markdown_content += "\n\n# Appendix: Glossary\n\n"
for entry, entry_content in glossary.items():
if entry in glossary_entries:
markdown_content += f"## {entry_content[0]}\n\n{entry_content[1]}\n\n"