Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-25 07:35:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

dark mode fix

Browse source
This commit is contained in:
anarsec 2024-04-14 20:52:43 +00:00
parent 7daa9fe776
commit ec6fb8110b
No known key found for this signature in database
17 changed files with 122 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

8
content/posts/e2ee/index.md
View file

@ -55,7 +55,7 @@ Cwtch is our preference for text communication by a long shot. For an overview o
<source src="cwtch-explainer.mp4" type="video/mp4">
</video>
<center><em>How Cwtch works</em></center>
<p style="text-align:center"><em>How Cwtch works</em></p>
<br>
@ -87,7 +87,7 @@ Real-time messaging applications are particularly susceptible to end-to-end corr
**Need #3: Resiliency to exploits**
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Cwtch does [fuzz testing](https://openprivacy.ca/discreet-log/07-fuzzbot/) to find bugs. For public-facing project accounts, we recommend against enabling the "file sharing experiment" or the "image previews and profile pictures experiment" in the settings.
A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Cwtch libraries are written in memory-safe languages (Go and Rust) and Cwtch does [fuzz testing](https://openprivacy.ca/discreet-log/07-fuzzbot/) to find bugs. See the [Security Handbook](https://docs.cwtch.im/security/intro) to learn more. For public-facing project accounts, we recommend against enabling the "file sharing experiment" or the "image previews and profile pictures experiment" in the settings.
**Need #4: For multiple project members to be able to access the same messages**
@ -263,7 +263,7 @@ Signal is not peer-to-peer; it uses centralized servers that we must trust. Sign
Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must retain control of - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained as long as youre using it, which takes some technical know-how and likely some money, limiting the amount of people who will do this.
Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously.
Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](https://0xacab.org/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously.
These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.notrace.how/threat-library/techniques/house-raid.html) or arrests. For example, if police bypass your device's [authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), they can identify Signal contacts (as well as the members of any groups you are in) simply by their phone numbers, if those contacts haven't changed their settings to hide their phone number.
@ -305,7 +305,7 @@ We recommend the [Signal Configuration and Hardening Guide](https://blog.privacy
</summary>
<br>
About.Privacy [maintains a guide](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo) for installing Signal Desktop on Tails. There is a guide for registering an account from Tails without a smartphone (using Signal-cli), and another guide for if you already have a Signal account.
About.Privacy [maintains a guide](https://0xacab.org/about.privacy/messengers-on-tails-os/-/wikis/HowTo) for installing Signal Desktop on Tails. There is a guide for registering an account from Tails without a smartphone (using Signal-cli), and another guide for if you already have a Signal account.
Some of the [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) also applies to Signal Desktop.