csrc links to notrace.how, miscellaneous edits

content/posts/e2ee/index.md

@@ -22,7 +22,7 @@ Before proceeding, there are a few concepts that need to be understood, in order
 * **Peer-to-peer** means that there is no centralized server to trust. 
 * **Tor** is an [anonymity network](/glossary/#tor-network), and some applications route your messages through it by default. 
 
-For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. 
+For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.notrace.how/resources/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. 
 
 Public-facing projects have additional needs for encrypted communication, because they will be interacting with unknown (and untrusted) contacts:
 * Anyone can contact the project without requiring a separate channel
@@ -107,7 +107,7 @@ If a project has multiple members, all of them should be able to access the same
 </summary>
 <br>
 
-If you have decided to use a smartphone despite our [recommendation not to use phones](/posts/nophones/), Cwtch is available for Android. Follow the instructions for [installing software that isn't available in the Play Store](/posts/grapheneos/#software-that-isn-t-on-the-play-store). Updates must be done manually - back up your profile first.
+If you have decided to use a smartphone despite our [recommendation not to use phones](/posts/nophones/), Cwtch is available for Android. Install Cwtch as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). 
 
 <br>
 </details>
@@ -120,7 +120,7 @@ If you have decided to use a smartphone despite our [recommendation not to use p
 </summary>
 <br>
 
-Cwtch is still in beta - support for Tails is very new and not thoroughly tested.
+Cwtch support for Tails is very new and not thoroughly tested.
 
 * Start Tails with an Adminstration Password.
 * Download [Cwtch for Linux](https://cwtch.im/download/#linux) with Tor Browser
@@ -157,7 +157,7 @@ Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwt
 
 # SimpleX Chat
 
-![](network.svg) 
+![](network.png) 
 
 * **Mediums**: Video call, voice call, text
 * **Metadata protection**: Yes (strong)
@@ -207,13 +207,13 @@ If a project has multiple members, all of them should be able to access the same
 
 The Signal Protocol has a moderate amount of metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only stored on Signal's servers for as long as it takes to deliver each message. As a result, if Signal is served with a warrant, they [will only be able to provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to the Signal servers. Still, Signal relies on the Google Services Framework (though it's possible to use it without it), and the sealed sender metadata protection applies only to contacts (by default).  
 
-Signal [is not peer-to-peer](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor); it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. 
+Signal is not peer-to-peer; it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. 
 
 Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must still control - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained - most people will not do this. There have been unfounded rumors that Signal plans to remove the need for a phone number after the release of a username feature - however, [registration will still require a phone number](https://mastodon.world/@Mer__edith/110895045552696836).
 
 Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously. 
 
-These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number. This is a serious security breach, especially in the context of Signal groups. Compare this to the same attack on a Cwtch or SimpleX Chat user - all contacts are anonymous so device compromise does not contribute to network mapping. 
+These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.notrace.how/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number. This is a serious security breach, especially in the context of Signal groups. Compare this to the same attack on a Cwtch or SimpleX Chat user - all contacts are anonymous so device compromise does not contribute to network mapping. 
 
 In a recent repressive operation in France against a riotous demonstration, the police did exactly that. The phones of suspects were accessed through physically seizing them during arrests and house raids, as well as through spyware, and then Signal contacts and group members were identified. These identities were added to the list of suspects who were subsequently investigated. **We need to understand this as a wake-up call that it is time for anarchist networks to stop using Signal**.