Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-23 23:01:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

md formatting

Browse source
This commit is contained in:
anarsec 2023-07-08 18:09:30 +00:00
parent 0dc607247e
commit b6bbc36b6f
No known key found for this signature in database
8 changed files with 141 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

16
content/posts/e2ee/index.md
View file

@ -14,6 +14,7 @@ dateedit=2023-05-10
Several different options are available for [end-to-end encrypted](/glossary/#end-to-end-encryption-e2ee) communications, with different trade-offs. This article will present an overview, as well as installation instructions for Tails, Qubes OS, and GrapheneOS.
<!-- more -->
There are some concepts that need to be understood before going further, in order to distinguish the various options.
* **End-to-end encryption** means that only you, and the person you communicate with, can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* that is used, and how it is implemented at the software level.
* **Metadata protection** means whether the [*metadata*](/glossary/#metadata) (the data about the data) about the communication is obscured. Even if the message itself is encrypted, metadata can reveal who is communicating with whom, when, how often, the sizes of whatever files may have been transferred, etc. Metadata exposure is [a major concern](https://docs.cwtch.im/security/risk#threat-model).
* **Peer-to-peer** means that there is no centralized server that you need to trust.
@ -30,6 +31,7 @@ The following options for encrypted messaging are listed from most metadata prot
</video>
# Cwtch
* **Mediums**: Text
* **Metadata protection**: Yes (strong)
* **Encryption protocol**: Tor Onion Services (v3) + [Tapir](https://docs.openprivacy.ca/cwtch-security-handbook/cwtch-overview.html)
@ -93,9 +95,10 @@ Any Cwtch user can turn the app on their phone or computer into an untrusted ser
<p>Cwtch on Whonix currently has an <a href="https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550">issue</a> - support is forthcoming. </p>
</details>
![onionshare](onionshare.png)
![](onionshare.png)
# OnionShare
* **Mediums**: Text
* **Metadata protection**: Yes (strong)
* **Encryption protocol**: Tor Onion Services (v3)
@ -106,9 +109,10 @@ OnionShare has a [chat feature](https://docs.onionshare.org/2.6/en/features.html
<br>
![signal](signal.jpg)
![](signal.jpg)
# Signal
* **Mediums**: Video call, voice call, text
* **Metadata protection**: Yes (Moderate)
* **Encryption protocol**: Signal Protocol, audited ([2017](https://en.wikipedia.org/wiki/Signal_Protocol))
@ -172,9 +176,10 @@ https_proxy = 127.0.0.1:8082
<br>
<br>
![element](element.png)
![](element.png)
# Element / Matrix
* **Mediums**: Video call, voice call, text
* **Metadata protection**: Poor
* **Encryption protocol**: vodozemac, audited ([2022](https://matrix.org/blog/2022/05/16/independent-public-audit-of-vodozemac-a-native-rust-reference-implementation-of-matrix-end-to-end-encryption))
@ -192,12 +197,14 @@ Matrix can either be used through a web client (using Element Web on Tor Browser
A matrix ID looks like @username:homeserver, so for example, @anarsec:riot.anarchyplanet.org. Just like email, you can message accounts that are on different homeservers.
As soon as you have logged in, go to **Setting → Security & Privacy**.
* You will see that under **Where you're signed in** it lists all signed-in devices. For anonymous use cases, you will generally only be signed-in on one device.
* Scroll down to **Secure Backup**. This is a feature that allows you to verify a new session without having access to a signed-in device. Press **Set up**, then the **Generate a Security Key** choice. Save the Security Key in KeePassXC. This "Security Key" will be needed for logging into a new device or session.
* For Element Desktop, you will only need to use the Security Key if you sign out.
* For Element Web (using Tor Browser), you will need the Security Key every time you use it. Tor Browser clears your cookies, so you will need to sign in to a new session.
Some current limitations:
* "Disappearing messages" is not yet a feature, but it is forthcoming. Message retention time can be set by the homeserver administrator, as mentioned above, and it is indeed set on both of our recommended homeservers.
* One to one audio/video calls [are encrypted](https://matrix.org/faq/#are-voip-calls-encrypted%3F) and you can use them. Group audio/video calls are not encrypted, so don't use them. This will be resolved when [Element-call](https://github.com/vector-im/element-call) is stable.
* The Matrix protocol itself [theoretically](/glossary#forward-secrecy) supports [Forward Secrecy](/glossary#forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-meta/issues/1296) due to it breaking some aspects of the user experience such as key backups and shared message history.
@ -252,9 +259,10 @@ https_proxy = 127.0.0.1:8082
<br>
<br>
![pgp](pgp.webp)
![](pgp.webp)
# PGP Email
* **Mediums**: Text
* **Metadata protection**: No
* **Encryption protocol**: [RSA](https://blog.trailofbits.com/2019/07/08/fuck-rsa/) or ed25519, no forward secrecy