diff --git a/content/posts/e2ee/index.md b/content/posts/e2ee/index.md index fee0ccb..479f4dd 100644 --- a/content/posts/e2ee/index.md +++ b/content/posts/e2ee/index.md @@ -22,7 +22,7 @@ Before proceeding, let’s go over a few concepts to help you distinguish betwee * **Peer-to-peer** means that the messages do not pass through a centralized server. * **Tor** is an [anonymity network](/glossary/#tor-network). Some applications route your messages through Tor by default. -For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://notrace.how/resources/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. +For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.notrace.how/resources/#pet-guide). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. Since anonymous public-facing projects such as counter-info websites interact with unknown (ie untrusted) contacts, they need more from encrypted communication than a personal user. These additional needs include: @@ -268,7 +268,7 @@ Another barrier to anonymous registration is that Signal Desktop will only work These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://notrace.how/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://notrace.how/threat-library/techniques/house-raid.html) or arrests. For example, if police bypass your device's [authentication](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), they can identify Signal contacts (as well as the members of any groups you are in) simply by their phone numbers, if those contacts haven't changed their settings to hide their phone number. -In a recent [repressive operation in France against a riotous demonstration](https://notrace.how/resources/read/lafarge-case-the-investigation-methods-used.html#header-access-to-phone-contents-during-and-after-police-custody), the police did exactly that. Police got physical access to suspects' phones during arrests and house raids, remote access through spyware, and then identified Signal contacts and group members. These identities were added to the list of suspects who were subsequently investigated. +In a recent [repressive operation in France against a riotous demonstration](https://www.notrace.how/resources/#lafarge), the police did exactly that. Police got physical access to suspects' phones during arrests and house raids, remote access through spyware, and then identified Signal contacts and group members. These identities were added to the list of suspects who were subsequently investigated. The risk of a compromised device aiding the police in network mapping is partly mitigated by the [username feature](https://signal.org/blog/phone-number-privacy-usernames/) — use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. We recommend that you select a profile name and photo that won't be useful for establishing your identity. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor, then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this. diff --git a/content/posts/tails-best/index.md b/content/posts/tails-best/index.md index 03de965..d515e8c 100644 --- a/content/posts/tails-best/index.md +++ b/content/posts/tails-best/index.md @@ -14,7 +14,7 @@ a4="tails-best-a4.pdf" letter="tails-best-letter.pdf" +++ -All anarchists should know how to use Tails — this text describes some additional precautions you can take that are relevant to an anarchist [threat model](/glossary/#threat-model). Not all anarchist threat models are the same, and only you can decide which mitigations are worth putting into practice for your activities, but we aim to provide advice that is appropriate for high-risk activities like [claiming an action](https://notrace.how/resources/#how-to-submit-an-anonymous-communique). If you are new to Tails, start with [Tails for Anarchists](/posts/tails/). +All anarchists should know how to use Tails — this text describes some additional precautions you can take that are relevant to an anarchist [threat model](/glossary/#threat-model). Not all anarchist threat models are the same, and only you can decide which mitigations are worth putting into practice for your activities, but we aim to provide advice that is appropriate for high-risk activities like [claiming an action](https://www.notrace.how/resources/#how-submit). If you are new to Tails, start with [Tails for Anarchists](/posts/tails/). @@ -94,7 +94,7 @@ To mitigate the risk of "targeted" correlation attacks: * If you only need to use the Internet briefly to submit a communique, you can **do [surveillance detection](https://notrace.how/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://notrace.how/threat-library/mitigations/anti-surveillance.html) before going to a coffee shop**, just like you would prior to a direct action. * For projects like moderating a website or hacking that require daily Internet access, it is not realistic to find a new Wi-Fi location every day. In that case, the ideal mitigation is to **use a Wi-Fi antenna from indoors** — a physical surveillance effort won't see you entering a cafe, and a digital surveillance effort won't see anything on your home Internet. * If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use your personal Wi-Fi. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). In our view, the main risk of using your home internet is not that the adversary is able to break Tor through a correlation attack, but that the adversary is able to hack your system, such as through [phishing](/posts/tails-best/#phishing-awareness), which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os). -* If you want to submit a report-back the morning after a riot, or a communique shortly after an action (times when there may be a higher risk of targeted surveillance), consider waiting and at least taking surveillance detection and anti-surveillance measures beforehand. In 2010, the morning after a bank arson in Canada, police surveilled a suspect as he traveled from his home to an Internet cafe, and watched him post the communique and then bury the laptop in the woods. More recently, investigators physically surveilling [an anarchist in France](https://notrace.how/resources/#quelques-premiers-elements-du-dossier-d-enquete-contre-ivan) installed a hidden camera to monitor access to an Internet cafe near the comrade's home and requested CCTV footage for the day an arson communique was sent. +* If you want to submit a report-back the morning after a riot, or a communique shortly after an action (times when there may be a higher risk of targeted surveillance), consider waiting and at least taking surveillance detection and anti-surveillance measures beforehand. In 2010, the morning after a bank arson in Canada, police surveilled a suspect as he traveled from his home to an Internet cafe, and watched him post the communique and then bury the laptop in the woods. More recently, investigators physically surveilling [an anarchist in France](https://notrace.how/resources/#ivan) installed a hidden camera to monitor access to an Internet cafe near the comrade's home and requested CCTV footage for the day an arson communique was sent. To summarize: For sensitive and brief Internet activities, use Internet from a random cafe, preceeded by surveillance detection and anti-surveillance. For activities that require frequent internet access such that the random cafe model isn't sustainable, it's best to use a Wi-Fi antenna positioned behind a window to access from a few hundred metres away. If this is too technical for you, using your home Wi-Fi is an option, but requires putting faith in it being difficult to break Tor with a non-targeted correlation attack, and it being difficult to draw meaningful conclusions from your home's Tor traffic through a "targeted" correlation attack. diff --git a/content/posts/tails/index.md b/content/posts/tails/index.md index 4c63232..0812e58 100644 --- a/content/posts/tails/index.md +++ b/content/posts/tails/index.md @@ -433,7 +433,7 @@ Sometimes the Synaptic Package Manager will refuse to install software. In this # Best Practices -[Tails Best Practices](/posts/tails-best) are important to establish before using Tails for highly sensitive activities like [claiming an action](https://notrace.how/resources/#how-to-submit-an-anonymous-communique). To avoid overwhelming yourself, start by learning how to use Tails in basic ways, such as reading anarchist websites or writing texts. See the [Tails tag](/tags/tails/) for tutorials on topics like [removing identifying metadata from files](/posts/metadata/). +[Tails Best Practices](/posts/tails-best) are important to establish before using Tails for highly sensitive activities like [claiming an action](https://www.notrace.how/resources/#how-submit). To avoid overwhelming yourself, start by learning how to use Tails in basic ways, such as reading anarchist websites or writing texts. See the [Tails tag](/tags/tails/) for tutorials on topics like [removing identifying metadata from files](/posts/metadata/). *This article is heavily modified from* [TuTORiel Tails](https://infokiosques.net/spip.php?article1726) *(in French), and also includes some excerpts from* [Capulcu #1](https://capulcu.blackblogs.org/neue-texte/bandi/) *(in German).*