Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-28 16:27:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

e2ee integrate feedback and add SimpleX

Browse source
This commit is contained in:
anarsec 2023-11-10 01:45:23 +00:00
parent 01ef703770
commit e07dc59bd2
No known key found for this signature in database
8 changed files with 221 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -2,7 +2,7 @@
Built with [Zola](https://www.getzola.org/).
If you would like to suggest edits to a guide, you can either [contact us](https://www.anarsec.guide/contact/) or submit an issue/merge request on 0xacab - whatever is your preference.
If you would like to suggest edits to a guide, we prefer that you [contact us](https://www.anarsec.guide/contact/) rather than submit a merge request on 0xacab. This is to maintain a unified tone and style to the guides.
We are also open to submitted guides - please get in touch with proposals.

3
content/_index.md
View file

@ -7,4 +7,5 @@ title = "Tech Guides for Anarchists"
* You need to write anonymous responsibility claims or do action research? → [**Tails for Anarchists**](/posts/tails) and [**Tails Best Practices**](/posts/tails-best)
* You need to manage a large number of digital identities on a daily basis? → [**Qubes OS for Anarchists**](/posts/qubes)
* You want to protect your digital devices from covert house visits by law enforcement? → [**Make Your Electronics Tamper-Evident**](/posts/tamper)
* All other guides are listed [**here**](/series).
<center><p><a href="/series"><strong>See all guides</strong></a></p>

2
content/contact/_index.md
View file

@ -25,7 +25,7 @@ paginate_by = 5
# Contribute
Anarsec encourages contributions! If you would like to suggest edits to a guide, either use the contact information listed above, or submit an issue or merge request on [Riseup's Gitlab instance](https://0xacab.org/anarsec/anarsec.guide) - whatever is your preference.
Anarsec encourages contributions! If you would like to suggest edits to a guide, we prefer that you contact us rather than submit a merge request on 0xacab. This is to maintain a unified tone and style to the guides.
We are also open to submitted guides - please get in touch with proposals.

6
content/glossary/_index.md
View file

@ -29,6 +29,10 @@ The "command line" is an all-text alternative to the graphical "point and click"
For more information, see [Linux Essentials](/posts/linux/#the-command-line-interface). The Tech Learning Collective's "Foundations: Linux Journey" course on the [command line](https://techlearningcollective.com/foundations/linux-journey/the-shell) is our recommended introduction to using the CLI/terminal.
### Correlation Attack
An end-to-end correlation attack is a theoretical way that a global adversary could break the anonymity of the [Tor network](/glossary/#tor-network). For more information, see [Protecting against determined, skilled attackers](/posts/tails-best/#2-protecting-against-determined-skilled-attackers) and [Make Correlation Attacks More Difficult](/posts/tails/#make-correlation-attacks-more-difficult).
### CVE
CVE stands for Common Vulnerabilities and Exposures. It is a globally unique identifier for [security vulnerabilities](/glossary/#vulnerability) in software. Identifiers look like “CVE-YEAR-NUMBER.” The year in the identifier is the year the CVE ID was assigned, not the year the vulnerability was publicly disclosed.
@ -239,7 +243,7 @@ For more information, see [Privacy Guides](https://www.privacyguides.org/en/basi
### Vulnerability
Vulnerabilities are [exploitable](/glossary/#exploit) security flaws in software or hardware. Well-known vulnerabilities have names like Heartbleed, Shellshock, Spectre, or Stagefright and at least one [CVE](/glossary/#cve) identifier. Vulnerabilities don't always have exploits. A popular vulnerability severity rating system is [CVSS](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
Vulnerabilities are [exploitable](/glossary/#exploit) security flaws in software or hardware. Well-known vulnerabilities have names like Heartbleed, Shellshock, Spectre, or Stagefright and at least one [CVE](/glossary/#cve) identifier. Vulnerabilities don't always have exploits. A popular vulnerability severity rating system is [CVSS](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Zero-day exploit

135
content/posts/e2ee/index.md
View file

@ -24,9 +24,19 @@ Before proceeding, there are a few concepts that need to be understood, in order
For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar.
Public-facing projects have additional needs for encrypted communication, because they will be interacting with unknown (and untrusted) contacts:
* Anyone can contact the project without requiring a separate channel
* Resiliency to [correlation attacks](/glossary/#correlation-attack) from untrusted contacts
* Resiliency to [exploits](/glossary/#exploit) from untrusted contacts
* Multiple project members can access the same messages
The following options for encrypted messaging are listed from most metadata protection to least.
**TLDR: For text communication with other anarchists, prioritize Cwtch over Signal or PGP. For voice or video calls, use Signal.**
**TLDR:**
* For text communication with other anarchists, prioritize Cwtch.
* For voice or video calls, prioritize SimpleX Chat.
* Don't use Signal to communicate with other anarchists.
* For public projects, PGP email is still the best option.
# Cwtch
@ -39,7 +49,7 @@ The following options for encrypted messaging are listed from most metadata prot
* **Peer-to-peer**: Yes
* **Tor**: Yes
Cwtch is our preference, by a long shot. For an overview of how Cwtch works, watch the video below. The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know to use it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network, and stores everything locally on the device, encrypted.
Cwtch is our preference, by a long shot. For an overview of how Cwtch works, watch the video below. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network, and stores everything locally on the device, encrypted.
<br>
@ -57,15 +67,37 @@ Like all peer-to-peer communication, Cwtch requires *[synchronous](/glossary/#sy
Once the server exists, contacts can be invited to use it. For asynchronous direct messaging, create a group chat with only two people.
Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, as the device must remain powered on for it to work. If an adversary gets access to a server running on your own device in addition to an invitation to join the server, they can deanonymize you. Fortunately, both Systemli and [Anarchy Planet](https://anarchyplanet.org/chat.html#cwtch) run public servers that are suitable for long-term groups and can't be used to deanonymize you.
Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, as the device must remain powered on for it to work. Fortunately, [Anarchy Planet](https://anarchyplanet.org/chat.html#cwtch) runs a public server that is suitable for long-term groups.
Asynchronous conversations on Cwtch need to be started from a synchronous conversation - you need to be online at the same time as your contact to invite them to a group, and then you no longer need to be online at the same time. In the future, Cwtch plans to improve this with [hybrid groups](https://git.openprivacy.ca/cwtch.im/cwtch-ui/wiki/One-Pager:-Managed-Groups-%28-A-Roadmap-towards-Hybrid-Groups%29). Until hybrid groups are implemented, you will need to establish your asynchronous Cwtch conversations by using a second channel to set a time for when you both need be online.
Asynchronous conversations on Cwtch need to be started from a synchronous conversation - you need to be online at the same time as your contact to invite them to a group, and then you no longer need to be online at the same time. In the future, Cwtch plans to improve this with [hybrid groups](https://git.openprivacy.ca/cwtch.im/cwtch-ui/wiki/One-Pager:-Managed-Groups-%28-A-Roadmap-towards-Hybrid-Groups%29). Until hybrid groups are implemented, you will need to establish your asynchronous Cwtch conversations by using a second channel to set a time for when you both need be on Cwtch.
For public-facing projects, we recommend using the "Appear Offline Mode" in order to mitigate [targeted correlation attacks](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/712) - this allows you to only connect to servers without connecting to peers. This way, an adversary cannot control the timing of network traffic arriving at your client. However, hybrid groups must be implemented before this will work, so for now, we don't yet recommend Cwtch for public-facing projects.
You can learn more about how to use Cwtch with the [Cwtch Handbook](https://docs.cwtch.im/).
## For Public-facing Projects
**Anyone can contact the project without requiring a separate channel**
Anyone can connect to a public Cwtch account when it is online. In the future, Cwtch bots that are semi-trusted (which are hosted on a Cwtch server) will enable first contact when the public Cwtch account is offline.
**Resiliency to correlation attacks from untrusted contacts**
Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because of the ability of an adversary, once they know their target's ID on the messaging platform, to trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). "Appear Offline Mode" in Cwtch allows a user to selectively connect to trusted contacts and groups, while appearing offline to everyone else. An [issue](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/712) is open to further address this.
[Content padding exists](https://docs.cwtch.im/security/components/tapir/packet_format) to frustrate correlation attacks via message size.
**Resiliency to exploits from untrusted contacts**
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Cwtch does [fuzz testing](https://openprivacy.ca/discreet-log/07-fuzzbot/) to find bugs. For public-facing project accounts, we recommend that you do not enable the "file sharing experiment" or the "image previews and profile pictures experiment" in the settings.
**Multiple project members can access the same messages**
If a project has multiple members, all of them should be able to access the same messages independently. Currently, this is not possible with Cwtch.
>**Note**
>
>[**Briar**](https://briarproject.org) is another application that works in a similar way (with peer-to-peer and Tor), using the [Bramble Transport Protocol](https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack) (BTP). Briar's main distinguishing feature is that it continues to work [even when the underlying network infrastructure is down](https://briarproject.org/how-it-works/). It was [audited in 2017](https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-briar-been-independently-audited). Unfortunately, Briar Desktop does not yet work with Tails or Qubes-Whonix because it cannot [use the system Tor](https://code.briarproject.org/briar/briar/-/issues/2095). Unlike Cwtch, to connect to a contact on Briar, you both have to add each other first. You can either exchange `briar://` links or scan a contacts QR code if they are nearby. [Briar Mailbox](https://briarproject.org/download-briar-mailbox/) allows asynchronous communication.
>
>[**OnionShare**](https://docs.onionshare.org/2.6/en/features.html#chat-anonymously) has a chat feature that creates an ephemeral peer-to-peer chat room that is routed over the Tor network. The metadata protection works in the same way as Cwtch; it uses the Tor network as a shield and stores everything (ephemerally) locally on the device running OnionShare. OnionShare doesnt implement any chat encryption on its own - it relies on the Tor onion services encryption. Cwtch and Briar both have more features (including the additional Tapir and BTP encryption protocols). The only advantage of OnionShare is that it is installed on Tails by default.
<details>
<summary>
@ -123,19 +155,45 @@ Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwt
<br>
</details>
# OnionShare
# SimpleX Chat
![](onionshare.png)
![](network.svg)
* **Mediums**: Text
* **Mediums**: Video call, voice call, text
* **Metadata protection**: Yes (strong)
* **Encryption protocol**: Tor Onion Services (v3)
* **Peer-to-peer**: Yes
* **Tor**: Yes
* **Encryption protocol**: [SimpleX Messaging Protocol](https://simplex.chat/docs/protocol/simplex-chat.html), audited ([2022](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html)), and [SimpleX File Transfer Protocol](https://simplex.chat/blog/20230301-simplex-file-transfer-protocol.html)
* **Peer-to-peer**: No
* **Tor**: Not default
OnionShare has a [chat feature](https://docs.onionshare.org/2.6/en/features.html#chat-anonymously) that creates an ephemeral peer-to-peer chat room that is routed over the Tor network. The metadata protection works in the same way as Cwtch; it uses the Tor network as a shield and stores everything (ephemerally) locally on the device. The encryption protocol is the Tor v3 onion service encryption; elliptic curve Diffie Hellman with Curve25519. Cwtch and Briar both have more features (including the additional Tapir and BTP encryption protocols). The only advantage of OnionShare is that it is installed on Tails by default.
SimpleX Chat functions without persistent user IDs, which creates strong metadata protection. This means that an adversary can't easily observe how users are connected to each other in a network. This is possible because connection requests work by sharing an invitation link that is communicated through a separate channel, or in person. When connecting to another user you have the choice to use "Incognito mode", which creates a new random profile for each contact. This avoids sharing any data between contacts.
<br>
As a design choice to facilitate asynchronous communication, SimpleX Chat is not peer-to-peer - it uses decentralized servers that [anyone can host](https://simplex.chat/docs/server.html) and does not rely on any centralized component. Servers do not store any user information (no user profiles or contacts, or messages once they are delivered), and primarily use in-memory persistence. To understand what a server can and cannot see, read the [threat model](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#simplex-messaging-protocol-server). Your data can be exported, and imported onto another device, as there are no central servers where this is backed up.
Due to needing to [place some trust in the SimpleX servers](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#trust-in-servers), **we recommend prioritizing Cwtch over SimpleX Chat for text communication with other anarchists, and using SimpleX Chat for voice and video calls**. For people who are unlikely to start using Cwtch because it has an unfamiliar user experience, SimpleX Chat is still an acceptable solution for text communication. The experience of using SimpleX Chat is very similar to Signal, but unlike Signal, it won't expose the identities of your network to an adversary if they get access to your device.
SimpleX Chat will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. However, voice and video calls are generally not very functional over Tor with any application due to the latency Tor will introduce.
You can learn more about how to use SimpleX Chat with their [guide](https://simplex.chat/docs/guide/readme.html).
## For Public-facing Projects
**Anyone can contact the project without requiring a separate channel**
Unlike the one-time invitation links that are normally used by SimpleX Chat and shared through a separate channel, you also have a [long term address](https://simplex.chat/docs/guide/app-settings.html#your-profile-settings) that can be published online so that anyone can connect to you. We recommend not enabling "Auto-accept".
**Resiliency to correlation attacks from untrusted contacts**
Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because of the ability of an adversary, once they know their target's ID on the messaging platform, to trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). An [issue](https://github.com/simplex-chat/simplex-chat/issues/3197) is open to address this. Message "mixing" is also [planned](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations).
[Content padding exists](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations) to frustrate correlation attacks via message size.
**Resiliency to exploits from untrusted contacts**
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). For public-facing project accounts, we recommend that you set SimpleX Chat preferences to only allow text (prohibiting voice messages and attachments).
**Multiple project members can access the same messages**
If a project has multiple members, all of them should be able to access the same messages independently. Currently, this is not possible with SimpleX Chat.
# Signal
@ -147,7 +205,7 @@ OnionShare has a [chat feature](https://docs.onionshare.org/2.6/en/features.html
* **Peer-to-peer**: No
* **Tor**: Not default
The Signal Protocol has a moderate amoung of metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only stored on Signal's servers for as long as it takes to deliver each message. As a result, if Signal is served with a warrant, they [will only be able to provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to the Signal servers. Still, Signal relies on the Google Services Framework (though it's possible to use it without it), and the sealed sender metadata protection applies only to contacts (by default).
The Signal Protocol has a moderate amount of metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only stored on Signal's servers for as long as it takes to deliver each message. As a result, if Signal is served with a warrant, they [will only be able to provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to the Signal servers. Still, Signal relies on the Google Services Framework (though it's possible to use it without it), and the sealed sender metadata protection applies only to contacts (by default).
Signal [is not peer-to-peer](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor); it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails.
@ -155,13 +213,19 @@ Signing up for a Signal account is difficult to do anonymously. The account is t
Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously.
These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would be possible to identify each of your Signal contacts simply by their phone number (in addition to reading message history, etc.). This is a serious security breach, especially in the context of Signal groups, and is unavoidable due to the way Signal is designed. Compare this to the same attack on a Cwtch user - all contacts are anonymous, and their identities are also protected by Tor, so device compromise does not contribute to network mapping.
These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number. This is a serious security breach, especially in the context of Signal groups, and is **unavoidable due to the way Signal is designed**. Compare this to the same attack on a Cwtch or SimpleX Chat user - all contacts are anonymous so device compromise does not contribute to network mapping.
**Simply put, Signal is not a great fit for an anarchist threat model** - it was designed to bring encrypted communication to the masses. Because it's very difficult to use Signal anonymously, and because [we recommend against using phones whenever possible](/posts/nophones/), **we recommend that anarchists prioritize Cwtch over Signal for text communications with other anarchists.** That said, we nonetheless recommend Signal for voice and video calls because there is currently no better option.
In a recent repressive operation in France against a riotous demonstration, the police did exactly that. The phones of suspects were accessed through physically seizing them during arrests and house raids, as well as through spyware, and then Signal contacts and group members were identified. These identities were added to the list of suspects who were subsequently investigated. **We need to understand this as a wake-up call that it is time for anarchist networks to stop using Signal**.
>**Note**
A company that sells spyware to governments has a product called JASMINE that is [marketed to deanonymize Signal users](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products), based on the analysis of metadata.
>In its targeted interception mode which starts from a single target JASMINE has claimed it is able to identify communicating parties in encrypted but peer-to-peer applications [...] the JASMINE documentation explicitly claims support for identifying the IP addresses of participants in encrypted apps such as WhatsApp and Signal during voice and video calls where peer-to-peer connections are also used for calling by default.
>
>[SimpleX Chat](https://www.privacyguides.org/en/real-time-communication/#simplex-chat) is similar to Signal, but supports anonymous registration. However, it is currently only available for smartphones.
>The JASMINE documentation also explains that by analysing encrypted traffic “events” for a whole country in mass interception mode JASMINE has the ability to correlate and identify the participants in encrypted group chats on messaging apps.
A similar product would not work against Cwtch, because it uses Tor by default.
Simply put, Signal is not a good fit for an anarchist threat model - it was designed to bring encrypted communication to the masses. Because it's very difficult to use Signal anonymously, and because [we recommend against using phones whenever possible](/posts/nophones/), **we recommend prioritizing Cwtch over Signal for text communication with other anarchists, and prioritizing SimpleX Chat over Signal for voice and video calls.** We only provide installation instructions because it has become the norm in the anarchist space in many countries, and it may be difficult to contact someone without it.
<details>
<summary>
@ -242,10 +306,39 @@ https_proxy = 127.0.0.1:8082
* **Peer-to-peer**: No
* **Tor**: Not default
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all future PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP should be disqualified from inclusion on this list. It simply doesn't meet the standards of modern cryptography. However, since it is already widely used in the anarchist space, we include it here as a warning that **we recommend that anarchists don't use encrypted email for communication with other anarchists**. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others."
PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to encrypt messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions from future key or password compromises. It maintains the secrecy of past communications even if the current communication is compromised. This means that an adversary could decrypt all future PGP messages in one fell swoop. When you also consider the metadata exposure inherent in email, PGP simply doesn't meet the standards of modern cryptography. For a more technical critique, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." **We recommend that anarchists don't use PGP email for communication with other anarchists**.
We recommend switching to Cwtch for synchronous and asynchronous use cases. The exception to this recommendation is for public-facing projects - Hybrid Groups need to be implemented in Cwtch before this can be recommended. If you must use email, use a [radical server](https://riseup.net/en/security/resources/radical-servers) and read the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
**There is an exception: for public-facing projects, we still recommend using PGP email** because it is the best option that meets the additional needs required by a public account. Use a [radical server](https://riseup.net/en/security/resources/radical-servers) that doesn't require an invite code and read the [Riseup Guide to Encrypted Email](https://riseup.net/en/security/message-security/openpgp).
PGP is used for another purpose outside of communication: verifying the integrity and authenticity of files. For this use case, see our [explanation](/posts/tails-best/#appendix-3-gpg-explanation).
## For Public-facing Projects
**Anyone can contact the project without requiring a separate channel**
Anyone can send a message to a public email account regardless of whether the recipient is online or offline.
**Resiliency to correlation attacks from untrusted contacts**
Email is not a real-time messaging application - this means that it is not particularly susceptible to end-to-end correlation attacks via time.
No content padding exists to frustrate correlation attacks via message size, but the asynchronous nature of email largely mitigates this.
**Resiliency to exploits from untrusted contacts**
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Email can be accessed through webmail (via Tor Browser) or through a client like Thunderbird - these have different attack surfaces. For example, a Cwtch developer found an exploit to [turn Thunderbird into a decryption oracle](https://pseudorandom.resistant.tech/disclosing-security-and-privacy-issues-in-thunderbird.html) when it displays messages with HTML.
We recommend using Thunderbird, using the setting to display email as "Plain Text" rather than as HTML: View → Message Body As → Plain Text. Most webmail will not function with Tor Browser in "Safest" mode.
**Multiple project members can access the same messages**
If a project has multiple members, all of them should be able to access the same messages independently. This is straight forward with email, if all project members have the email password and the private PGP key.
>**Note**
>
>PGP is used for another purpose outside of communication: verifying the integrity and authenticity of files. For this use case, see our [explanation](/posts/tails-best/#appendix-3-gpg-explanation).
# Warnings
We recommend to not use:
* **Telegram**: Telegram has no end-to-end encryption for group chats, and it is opt-in for one-on-one chats. The encryption doesn't use established protocols, and has had cryptographers describe it as ["The Most Backdoor-Looking Bug Ive Ever Seen"](https://words.filippo.io/dispatches/telegram-ecdh/).
* **Matrix/Element**: Matrix has a problem that is inherent in federated networks - terrible [metadata leakage](https://anarc.at/blog/2022-06-17-matrix-notes/#metadata-handling) and [data ownership](https://anarc.at/blog/2022-06-17-matrix-notes/#data-retention-defaults). It has no forward secrecy, the Element client has a large attack surface, and there is a [long list of other issues](https://telegra.ph/why-not-matrix-08-07). What's more, the developers are very friendly with various [national police agencies](https://element.io/blog/bundesmessenger-is-a-milestone-in-germanys-ground-breaking-vision/).
* **XMPP Clients**: Regardless of the client, an XMPP server will [always be able to see your contact list](https://coy.im/documentation/security-threat-model/). Additionally, server-side parties (e.g., administrators, attackers, law enforcement) can [inject arbitrary messages, modify address books, and log passwords in cleartext](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/).

96
content/posts/e2ee/network.svg Normal file
View file

@ -0,0 +1,96 @@
<svg width="202" height="122" viewBox="0 0 202 122" fill="none" xmlns="http://www.w3.org/2000/svg">
<rect x="171.148" y="54.8262" width="30.2948" height="60.5527" rx="4.5" transform="rotate(15 171.148 54.8262)" fill="url(#paint0_linear_621_8180)" stroke="#606C71"/>
<rect x="172.96" y="60.9698" width="23.6142" height="51.6681" rx="2.5" transform="rotate(15 172.96 60.9698)" fill="url(#paint1_linear_621_8180)" stroke="white"/>
<rect x="1.11042" y="62.668" width="30.2948" height="60.5527" rx="4.5" transform="rotate(-15 1.11042 62.668)" fill="url(#paint2_linear_621_8180)" stroke="#606C71"/>
<rect x="5.75153" y="67.083" width="23.6142" height="51.6681" rx="2.5" transform="rotate(-15 5.75153 67.083)" fill="url(#paint3_linear_621_8180)" stroke="white"/>
<path d="M82.2459 26.1038L82.246 26.1038L100.975 14.6661C100.975 14.6661 100.975 14.6661 100.975 14.6661C101.275 14.4834 101.65 14.4837 101.949 14.6668C101.949 14.6668 101.949 14.6668 101.949 14.6668L120.786 26.2084L121.048 25.782L120.786 26.2084C121.064 26.3786 121.234 26.6819 121.234 27.0093V34.5951C121.234 34.9264 121.06 35.2327 120.777 35.4017L121.011 35.7933L120.777 35.4017L101.907 46.6648C101.606 46.8445 101.23 46.8404 100.933 46.6542L82.2368 34.9379C81.9634 34.7666 81.7969 34.466 81.7969 34.142V26.9054C81.7969 26.5776 81.9674 26.2739 82.2459 26.1038Z" fill="url(#paint4_linear_621_8180)" stroke="#3F484B"/>
<path d="M100.662 14.3185L81.9329 25.7562C81.5053 26.0173 81.2444 26.4828 81.2444 26.9846V34.2211C81.2444 34.717 81.4992 35.1778 81.9188 35.4407L100.615 47.1571C101.071 47.4429 101.649 47.4491 102.111 47.1733L120.981 35.9101C121.415 35.6507 121.682 35.1812 121.682 34.6743V27.0884C121.682 26.5874 121.422 26.1225 120.995 25.8611L102.158 14.3196C101.699 14.0384 101.122 14.038 100.662 14.3185Z" fill="url(#paint5_linear_621_8180)" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M121.314 26.2285L101.41 38.3856L81.4019 26.2811" fill="url(#paint6_linear_621_8180)"/>
<path d="M121.314 26.2285L101.41 38.3856L81.4019 26.2811" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M101.384 47.3331V38.4258" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M82.2457 12.844L82.2457 12.844L100.975 1.40636C100.975 1.40635 100.975 1.40635 100.975 1.40635C101.274 1.22366 101.65 1.22395 101.949 1.40707C101.949 1.40707 101.949 1.40707 101.949 1.40708L120.786 12.9486L121.043 12.5299L120.786 12.9486C121.064 13.1189 121.234 13.4222 121.234 13.7495V21.3354C121.234 21.6666 121.06 21.9729 120.777 22.1419L121.011 22.5335L120.777 22.1419L101.907 33.405C101.606 33.5847 101.23 33.5806 100.933 33.3945L82.2365 21.6782C81.9631 21.5068 81.7966 21.2062 81.7966 20.8822V13.6457C81.7966 13.3178 81.9671 13.0141 82.2457 12.844Z" fill="url(#paint7_linear_621_8180)" stroke="#3F484B"/>
<path d="M100.662 1.04507L81.9329 12.4827C81.5053 12.7438 81.2444 13.2093 81.2444 13.7111V20.9476C81.2444 21.4435 81.4992 21.9044 81.9188 22.1673L100.615 33.8836C101.071 34.1694 101.649 34.1757 102.111 33.8998L120.981 22.6367C121.415 22.3773 121.682 21.9077 121.682 21.4008V13.815C121.682 13.314 121.422 12.849 120.995 12.5877L102.158 1.04617C101.699 0.764939 101.122 0.764545 100.662 1.04507Z" fill="url(#paint8_linear_621_8180)" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M121.314 12.9551L101.41 25.1122L81.4019 13.0077" fill="url(#paint9_linear_621_8180)"/>
<path d="M121.314 12.9551L101.41 25.1122L81.4019 13.0077" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M101.384 34.0597V25.1523" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M82.2459 92.8352L82.246 92.8352L100.975 81.3976C100.975 81.3976 100.975 81.3976 100.975 81.3976C101.275 81.2149 101.65 81.2152 101.949 81.3983C101.949 81.3983 101.949 81.3983 101.949 81.3983L120.786 92.9398L121.048 92.5135L120.786 92.9398C121.064 93.1101 121.234 93.4134 121.234 93.7408V101.327C121.234 101.658 121.06 101.964 120.777 102.133L121.011 102.525L120.777 102.133L101.907 113.396C101.606 113.576 101.23 113.572 100.933 113.386L82.2368 101.669C81.9634 101.498 81.7969 101.197 81.7969 100.873V93.6369C81.7969 93.309 81.9674 93.0053 82.2459 92.8352Z" fill="url(#paint10_linear_621_8180)" stroke="#3F484B"/>
<path d="M100.662 81.05L81.9329 92.4876C81.5053 92.7487 81.2444 93.2142 81.2444 93.716V100.953C81.2444 101.448 81.4992 101.909 81.9188 102.172L100.615 113.889C101.071 114.174 101.649 114.181 102.111 113.905L120.981 102.642C121.415 102.382 121.682 101.913 121.682 101.406V93.8198C121.682 93.3188 121.422 92.8539 120.995 92.5926L102.158 81.0511C101.699 80.7698 101.122 80.7694 100.662 81.05Z" fill="url(#paint11_linear_621_8180)" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M121.314 92.96L101.411 105.117L81.4021 93.0126" fill="url(#paint12_linear_621_8180)"/>
<path d="M121.314 92.96L101.411 105.117L81.4021 93.0126" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M101.384 114.065V105.157" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M82.2462 79.5754L82.2462 79.5754L100.976 68.1378C100.976 68.1378 100.976 68.1378 100.976 68.1378C101.275 67.9551 101.651 67.9554 101.95 68.1385C101.95 68.1385 101.95 68.1385 101.95 68.1385L120.787 79.68L121.043 79.2613L120.787 79.6801C121.065 79.8503 121.234 80.1536 121.234 80.481V88.0668C121.234 88.398 121.061 88.7043 120.777 88.8733L121.011 89.265L120.777 88.8733L101.907 100.136C101.606 100.316 101.23 100.312 100.933 100.126L82.237 88.4096C81.9636 88.2383 81.7971 87.9376 81.7971 87.6136V80.3771C81.7971 80.0492 81.9676 79.7456 82.2462 79.5754Z" fill="url(#paint13_linear_621_8180)" stroke="#3F484B"/>
<path d="M100.662 67.7775L81.9329 79.2151C81.5053 79.4762 81.2444 79.9418 81.2444 80.4435V87.6801C81.2444 88.1759 81.4992 88.6368 81.9188 88.8997L100.615 100.616C101.071 100.902 101.649 100.908 102.111 100.632L120.981 89.3691C121.415 89.1097 121.682 88.6401 121.682 88.1332V80.5474C121.682 80.0464 121.422 79.5815 120.995 79.3201L102.158 67.7786C101.699 67.4974 101.122 67.497 100.662 67.7775Z" fill="url(#paint14_linear_621_8180)" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M121.314 79.6875L101.411 91.8446L81.4021 79.7401" fill="url(#paint15_linear_621_8180)"/>
<path d="M121.314 79.6875L101.411 91.8446L81.4021 79.7401" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M101.384 100.792V91.8848" stroke="#3F484B" stroke-miterlimit="10"/>
<path d="M46.3039 83.9824C46.1087 84.1776 46.1087 84.4942 46.3039 84.6895L49.4859 87.8715C49.6812 88.0667 49.9977 88.0667 50.193 87.8715C50.3883 87.6762 50.3883 87.3596 50.193 87.1644L47.3646 84.3359L50.193 81.5075C50.3883 81.3122 50.3883 80.9957 50.193 80.8004C49.9977 80.6051 49.6812 80.6051 49.4859 80.8004L46.3039 83.9824ZM46.6575 84.8359L73.687 84.8359L73.687 83.8359L46.6575 83.8359L46.6575 84.8359Z" fill="#606C71"/>
<path d="M128.736 83.9824C128.541 84.1776 128.541 84.4942 128.736 84.6895L131.918 87.8715C132.114 88.0667 132.43 88.0667 132.625 87.8715C132.821 87.6762 132.821 87.3596 132.625 87.1644L129.797 84.3359L132.625 81.5075C132.821 81.3122 132.821 80.9957 132.625 80.8004C132.43 80.6051 132.114 80.6051 131.918 80.8004L128.736 83.9824ZM129.09 84.8359L156.119 84.8359L156.119 83.8359L129.09 83.8359L129.09 84.8359Z" fill="#606C71"/>
<path d="M71.9403 38.8116C71.9403 38.5355 71.7165 38.3116 71.4403 38.3116L66.9403 38.3116C66.6642 38.3116 66.4403 38.5355 66.4403 38.8116C66.4403 39.0878 66.6642 39.3116 66.9403 39.3116H70.9403V43.3116C70.9403 43.5878 71.1642 43.8116 71.4403 43.8116C71.7165 43.8116 71.9403 43.5878 71.9403 43.3116V38.8116ZM49.2579 61.7012L71.7939 39.1652L71.0868 38.4581L48.5507 60.9941L49.2579 61.7012Z" fill="#606C71"/>
<path d="M153.351 61.0337C153.627 61.0337 153.851 60.8099 153.851 60.5337L153.851 56.0337C153.851 55.7576 153.627 55.5337 153.351 55.5337C153.075 55.5337 152.851 55.7576 152.851 56.0337V60.0337H148.851C148.575 60.0337 148.351 60.2576 148.351 60.5337C148.351 60.8099 148.575 61.0337 148.851 61.0337H153.351ZM131.505 39.3946L152.997 60.8873L153.704 60.1802L132.212 38.6875L131.505 39.3946Z" fill="#606C71"/>
<defs>
<linearGradient id="paint0_linear_621_8180" x1="201.629" y1="54.2139" x2="160.994" y2="61.265" gradientUnits="userSpaceOnUse">
<stop stop-color="#53C1FF"/>
<stop offset="1" stop-color="#0053D0"/>
</linearGradient>
<linearGradient id="paint1_linear_621_8180" x1="196.859" y1="60.3574" x2="164.752" y2="65.4785" gradientUnits="userSpaceOnUse">
<stop stop-color="#53C1FF"/>
<stop offset="1" stop-color="#0053D0"/>
</linearGradient>
<linearGradient id="paint2_linear_621_8180" x1="31.3326" y1="62.3144" x2="-9.30308" y2="69.3656" gradientUnits="userSpaceOnUse">
<stop stop-color="#53C1FF"/>
<stop offset="1" stop-color="#0053D0"/>
</linearGradient>
<linearGradient id="paint3_linear_621_8180" x1="29.3914" y1="66.7295" x2="-2.71522" y2="71.8505" gradientUnits="userSpaceOnUse">
<stop stop-color="#53C1FF"/>
<stop offset="1" stop-color="#0053D0"/>
</linearGradient>
<linearGradient id="paint4_linear_621_8180" x1="121.14" y1="14.0293" x2="74.9932" y2="33.173" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint5_linear_621_8180" x1="121.087" y1="14.1084" x2="74.9407" y2="33.2521" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint6_linear_621_8180" x1="120.727" y1="26.2285" x2="97.0576" y2="52.7495" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint7_linear_621_8180" x1="121.139" y1="0.769524" x2="74.993" y2="19.9133" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint8_linear_621_8180" x1="121.087" y1="0.834954" x2="74.9407" y2="19.9787" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint9_linear_621_8180" x1="120.727" y1="12.9551" x2="97.0576" y2="39.4761" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint10_linear_621_8180" x1="121.14" y1="80.7607" x2="74.9932" y2="99.9045" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint11_linear_621_8180" x1="121.087" y1="80.8398" x2="74.9407" y2="99.9836" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint12_linear_621_8180" x1="120.727" y1="92.96" x2="97.0578" y2="119.481" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint13_linear_621_8180" x1="121.14" y1="67.501" x2="74.9934" y2="86.6447" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint14_linear_621_8180" x1="121.087" y1="67.5674" x2="74.9407" y2="86.7111" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
<linearGradient id="paint15_linear_621_8180" x1="120.727" y1="79.6875" x2="97.0578" y2="106.209" gradientUnits="userSpaceOnUse">
<stop stop-color="#FDFF97"/>
<stop offset="1" stop-color="#F1DA09"/>
</linearGradient>
</defs>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 11 KiB

2
content/posts/tails-best/index.md
View file

@ -64,7 +64,7 @@ You can mitigate this first issue by [**Tor bridges**](https://tails.boum.org/do
### 2. Protecting against determined, skilled attackers
An *end-to-end correlation* attack is a theoretical way that a global adversary could break Tor's anonymity:
An [*end-to-end correlation* attack](/glossary/#correlation-attack) is a theoretical way that a global adversary could break Tor's anonymity:
> A powerful adversary, who could analyze the timing and shape of the traffic entering and exiting the Tor network, might be able to deanonymize Tor users. These attacks are called *end-to-end correlation* attacks, because the attacker has to observe both ends of a Tor circuit at the same time. [...] End-to-end correlation attacks have been studied in research papers, but we don't know of any actual use to deanonymize Tor users.
You can mitigate the techniques available to powerful adversaries by **not using an Internet connection that is tied to your identity**, and by **prioritizing .onion links when available**.

2
content/posts/tails/index.md
View file

@ -288,7 +288,7 @@ It is possible to send a document through an .onion link thanks to [OnionShare](
### Make Correlation Attacks More Difficult
When you request a web page through a web browser, the site's server sends it to you in small "packets" that have a specific size and timing (among other characteristics). When using the Tor Browser, the sequence of packets can also be analyzed to look for patterns that can be matched to those of websites. To make this "correlation attack" more difficult, before connecting to a sensitive site you can open various other pages that need to load (such as streaming video on a privacy-friendly site like kolektiva.media) in additional tabs of your browser. This is officially recommended by Tor - see [Do multiple things at once with your Tor client](https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations/). This will generate a lot of additional traffic, making it harder to analyze your pattern.
When you request a web page through a web browser, the site's server sends it to you in small "packets" that have a specific size and timing (among other characteristics). When using the Tor Browser, the sequence of packets can also be analyzed to look for patterns that can be matched to those of websites. To make this ["correlation attack"](/glossary/#correlation-attack) more difficult, before connecting to a sensitive site you can open various other pages that need to load (such as streaming video on a privacy-friendly site like kolektiva.media) in additional tabs of your browser. This is officially recommended by Tor - see [Do multiple things at once with your Tor client](https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations/). This will generate a lot of additional traffic, making it harder to analyze your pattern.
## Included Software