From bb4dcb3025ff9a0cdebc464f4e5462a840ee1bbe Mon Sep 17 00:00:00 2001 From: Stephen L Date: Thu, 14 Oct 2021 01:17:49 +0200 Subject: [PATCH] Overhaul and revamp IM page (#192) Co-Authored-By: Tommy Co-Authored-By: Daniel Gray --- _data/nav/2_software.yml | 4 +- _data/software/messengers/1_signal.yml | 35 ++++ _data/software/messengers/2_element.yml | 42 +++++ _data/software/messengers/3_briar.yml | 26 +++ _data/software/messengers/4_session.yml | 34 ++++ _includes/badge.html | 5 +- _includes/legacy/card.html | 2 +- _includes/legacy/sections/email-warning.html | 2 +- .../legacy/sections/instant-messenger.html | 178 ------------------ _includes/legacy/sections/teamchat.html | 42 ----- .../sections/voice-video-messenger.html | 59 ------ _includes/recommendation-card.html | 34 ++++ _sass/brand.scss | 1 - _sass/variables.scss | 1 - .../img/layout/network-anonymous-routing.svg | 2 + assets/img/layout/network-centralized.svg | 2 + assets/img/layout/network-decentralized.svg | 2 + assets/img/layout/network-distributed.svg | 2 + .../3rd-party => messengers}/briar.svg | 0 .../3rd-party => messengers}/element.svg | 0 .../3rd-party => messengers}/jitsi.svg | 0 .../3rd-party => messengers}/linphone.svg | 0 assets/img/messengers/session.svg | 2 + .../3rd-party => messengers}/signal.svg | 0 .../_evergreen/real-time-communication.html | 168 +++++++++++++++++ ...22-self-hosting-shadowsocks-vpn-outline.md | 2 +- legacy_pages/software.html | 2 +- .../software/real-time-communication.html | 89 --------- 28 files changed, 358 insertions(+), 378 deletions(-) create mode 100644 _data/software/messengers/1_signal.yml create mode 100644 _data/software/messengers/2_element.yml create mode 100644 _data/software/messengers/3_briar.yml create mode 100644 _data/software/messengers/4_session.yml delete mode 100644 _includes/legacy/sections/instant-messenger.html delete mode 100644 _includes/legacy/sections/teamchat.html delete mode 100644 _includes/legacy/sections/voice-video-messenger.html create mode 100644 assets/img/layout/network-anonymous-routing.svg create mode 100644 assets/img/layout/network-centralized.svg create mode 100644 assets/img/layout/network-decentralized.svg create mode 100644 assets/img/layout/network-distributed.svg rename assets/img/{legacy_svg/3rd-party => messengers}/briar.svg (100%) rename assets/img/{legacy_svg/3rd-party => messengers}/element.svg (100%) rename assets/img/{legacy_svg/3rd-party => messengers}/jitsi.svg (100%) rename assets/img/{legacy_svg/3rd-party => messengers}/linphone.svg (100%) create mode 100644 assets/img/messengers/session.svg rename assets/img/{legacy_svg/3rd-party => messengers}/signal.svg (100%) create mode 100644 collections/_evergreen/real-time-communication.html delete mode 100644 legacy_pages/software/real-time-communication.html diff --git a/_data/nav/2_software.yml b/_data/nav/2_software.yml index a864aa5c..0fa4c616 100644 --- a/_data/nav/2_software.yml +++ b/_data/nav/2_software.yml @@ -45,9 +45,9 @@ items: icon: fad fa-briefcase file: legacy_pages/software/productivity.html - type: link - title: Real-Time Communication Platforms + title: Real-Time Communication icon: fad fa-comments-alt - file: legacy_pages/software/real-time-communication.html + file: _evergreen/real-time-communication.html - type: link title: Self-Contained Networks icon: fad fa-chart-network diff --git a/_data/software/messengers/1_signal.yml b/_data/software/messengers/1_signal.yml new file mode 100644 index 00000000..a8b4c935 --- /dev/null +++ b/_data/software/messengers/1_signal.yml @@ -0,0 +1,35 @@ +title: Signal +type: Recommendation +logo: /assets/img/messengers/signal.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Centralized::tooltip==All communications pass through a single host. | + color==info::icon==fas fa-fw fa-phone::text==VoIP::tooltip==Voice or video calls are supported.' +description: | + Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. + + All communications are E2EE. Contact lists are encrypted using your login PIN and the server does not have access to it. Personal profiles are also encrypted and only shared with contacts who add you. + + Signal has minimal metadata when Sealed Sender is enabled. The sender address is encrypted along with the message body, and only the reciepient address is visible to the server. + +

Notes

+

Signal requires your phone number as a personal identifier.

+

Sealed Sender is only enabled for users on your contact list but can be enabled for all recipients with the increased risk of receiving spam.

+ +

Technical information

+ The protocol was independently audited in 2016. The specification for the Signal protocol can be founded in their documentation. +website: 'https://signal.org' +privacy_policy: 'https://signal.org/legal' +downloads: + - icon: fab fa-windows + url: 'https://signal.org/download' + - icon: fab fa-apple + url: 'https://signal.org/download' + - icon: fab fa-linux + url: 'https://signal.org/download' + - icon: fab fa-android + url: 'https://signal.org/android/apk/#apk-danger' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/app/id874139669' + - icon: fab fa-github + url: 'https://github.com/signalapp' diff --git a/_data/software/messengers/2_element.yml b/_data/software/messengers/2_element.yml new file mode 100644 index 00000000..467a7dae --- /dev/null +++ b/_data/software/messengers/2_element.yml @@ -0,0 +1,42 @@ +title: Element +type: Recommendation +logo: /assets/img/messengers/element.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Federated::tooltip==Your communications pass through one of a network of hosts that intercommunicate. | + color==info::icon==fas fa-fw fa-wifi::text==P2P::tooltip==One-on-one voice and video calls are peer-to-peer (option can be disabled). | + color==info::icon==fas fa-fw fa-phone::text==VoIP::tooltip==Voice or video calls are supported.' +description: | + Element is the reference client for the Matrix protocol, an open standard for secure decentralized real-time communication. + + Messages and files shared in private rooms (those which require an invite) are by default E2EE as are 1 to 1 voice and video calls. + +

Notes

+ Profile pictures, reactions, and nicknames not encrypted. + + Group voice and video calls are not E2EE, and use Jitsi, but this is expected to change with Native Group VoIP Signalling. + + Native Group VoIP Signalling + + When using element-web, you must trust the server hosting the Element client. If your threat model requires stronger protection then use a desktop or mobile client instead. + +

Technical information

+ The protocol was independently audited in 2016. The specification for the Matrix protocol can be founded in their documentation. The Olm cryptographic ratchet used by Matrix is an implementation of Signal's Double Ratchet algorithm. + +website: 'https://element.io' +privacy_policy: 'https://element.io/privacy' +downloads: + - icon: fab fa-windows + url: 'https://element.io/get-started' + - icon: fab fa-apple + url: 'https://element.io/get-started' + - icon: fab fa-linux + url: 'https://element.io/get-started' + - icon: fab fa-android + url: 'https://f-droid.org/packages/im.vector.app/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=im.vector.app' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/app/vector/id1083446067' + - icon: fas fa-globe-americas + url: 'https://app.element.io' + - icon: fab fa-github + url: 'https://github.com/vector-im/element-web' diff --git a/_data/software/messengers/3_briar.yml b/_data/software/messengers/3_briar.yml new file mode 100644 index 00000000..0a09ef3d --- /dev/null +++ b/_data/software/messengers/3_briar.yml @@ -0,0 +1,26 @@ +title: Briar +type: Recommendation +logo: /assets/img/messengers/briar.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==P2P::tooltip==Senders and recipients connect directly with no middlemen (can be disabled). | + color==info::icon==fas fa-fw fa-wifi::text==Anonymous Routing::tooltip==Senders and recipients are hidden in the network, no one can know they communicate together (can be disabled).' +description: | + Briar is an encrypted instant messenger that connects to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar's local mesh mode can be useful when internet availability is a problem. + +

Notes

+ To add a contact on Briar, you must both add each other first. You can either exchange briar:// links or scan a contact's QR code if they are nearby. + +

Technical information

+ The client software was independently audited and the anonymous routing protocol uses the Tor network which has also been audited. + + Briar has a fully published specification. + + Briar supports perfect forward secrecy by using the Bramble Handshake and Transport protocol. +website: 'https://briarproject.org' +privacy_policy: 'https://briarproject.org/privacy-policy' +downloads: + - icon: fab fa-android + url: 'https://f-droid.org/packages/org.briarproject.briar.android' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.briarproject.briar.android' + - icon: fab fa-git + url: 'https://code.briarproject.org/briar/briar' diff --git a/_data/software/messengers/4_session.yml b/_data/software/messengers/4_session.yml new file mode 100644 index 00000000..9872bd99 --- /dev/null +++ b/_data/software/messengers/4_session.yml @@ -0,0 +1,34 @@ +title: Session +type: Recommendation +logo: /assets/img/messengers/session.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Anonymous Routing::tooltip==Senders and recipients are hidden in the network, no one can know they communicate together.' +description: | + Session is an encrypted instant messenger that uses three random service nodes to route messages anonymously on the Oxen Network. + + Session allows for E2EE in one-to-one or closed rooms that allow up to 100 members. + + Open rooms have no restriction on the number of members, but anyone can join. + +

Notes

+ Session does not support forward secrecy. The key pair for each conversation is not rotated. + +

Technical information

+ Session was independently audited in 2020. The protocol is described in a whitepaper. + +website: 'https://getsession.org/' +privacy_policy: 'https://getsession.org/privacy-policy' +downloads: + - icon: fab fa-windows + url: 'https://getsession.org/windows' + - icon: fab fa-apple + url: 'https://getsession.org/mac' + - icon: fab fa-linux + url: 'https://www.getsession.org/linux' + - icon: fab fa-android + url: 'https://fdroid.getsession.org/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=network.loki.messenger' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/app/id1470168868' + - icon: fab fa-github + url: 'https://github.com/oxen-io/session-desktop' diff --git a/_includes/badge.html b/_includes/badge.html index 0b2e9df2..71b553e2 100644 --- a/_includes/badge.html +++ b/_includes/badge.html @@ -1,10 +1,11 @@ {% if include.link %} {{ include.text }} -{% else %}> {{ include.text }}{% endif %} +{% else %}> {{ include.text }} +{% endif %} {% else %} {% for label in labels %} - {% assign label_data = label | split:":" %} + {% assign label_data = label | split:";" %} {% assign color = label_data[0] %} {% assign text = label_data[1] %} {% assign tooltip = label_data[2] | default: "" %} diff --git a/_includes/legacy/sections/email-warning.html b/_includes/legacy/sections/email-warning.html index 35b10a1b..105ac238 100644 --- a/_includes/legacy/sections/email-warning.html +++ b/_includes/legacy/sections/email-warning.html @@ -5,6 +5,6 @@

When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about email metadata.

OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. How do I protect my private keys?

Rather than use email for prolonged conversations, consider using a medium that does support Forward secrecy.

- Recommended Instant Messengers + Recommended Instant Messengers diff --git a/_includes/legacy/sections/instant-messenger.html b/_includes/legacy/sections/instant-messenger.html deleted file mode 100644 index 11d25a43..00000000 --- a/_includes/legacy/sections/instant-messenger.html +++ /dev/null @@ -1,178 +0,0 @@ -

- - Encrypted Instant Messengers -

- - - -

We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE). When E2EE is used, all transmissions (messages, voice, video, etc.) are encrypted before they are sent from your device. E2EE protects both the authenticity and confidentiality of the transmission as they pass through any part of the network (servers, etc.).

- -

All the client programs/apps we chose are free and open-source software unless otherwise mentioned. This to ensure that the code can be independently verified by experts now and in the future.

- -

We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.

- -

- - Centralized -

- -

Centralized messengers are those where every participant is on the same server or network of servers controlled by the same organization.

- -{% - include legacy/cardv2.html - title="Signal" - image="/assets/img/legacy_svg/3rd-party/signal.svg" - description='Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been independently audited (PDF)' - labels="color==warning::text==Requires phone number::tooltip==Signal requires your phone number as an personal identifier which means anyone you communicate with will see it.|text==VoIP" - website="https://signal.org/" - privacy-policy="https://signal.org/legal/" - github="https://github.com/signalapp" - windows="https://signal.org/download/" - mac="https://signal.org/download/" - linux="https://signal.org/download/" - googleplay="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms" - android="https://signal.org/android/apk/#apk-danger" - ios="https://apps.apple.com/app/id874139669" -%} - -
-
-
-

Advantages

-
    -
  • New features and changes can be implemented more quickly.
    • -
  • Easier to get started with and to find contacts.
    • -
-
-
-

Disadvantages

- -
-
-
- - -

- - Federated -

- -

Federated messengers use multiple, independent servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.

- -{% - include legacy/cardv2.html - title="Element" - image="/assets/img/legacy_svg/3rd-party/element.svg" - description='Element (formerly Riot) is the reference client for the Matrix network. The Matrix open standard is an open-source standard for secure (audit), decentralized, real-time communication.' - labels="text==VoIP" - website="https://element.io" - privacy-policy="https://element.io/privacy" - github="https://github.com/vector-im/element-web" - windows="https://element.io/get-started" - mac="https://element.io/get-started" - linux="https://element.io/get-started" - fdroid="https://f-droid.org/packages/im.vector.app/" - googleplay="https://play.google.com/store/apps/details?id=im.vector.app" - ios="https://apps.apple.com/app/id1083446067" - web="https://app.element.io" -%} - -
-
-
-

Advantages

-
    -
  • Allows for greater control over your own data when running your own server.
    • -
  • Allows you to choose who to trust your data with by choosing between multiple "public" servers.
    • -
  • Often allows for third party clients which can provide a more native, customized, or accessible experience.
    • -
  • Generally a less juicy target for governments wanting backdoor access to everything as the trust is decentralized. The server may be hosted independently from the organization developing the software.
    • -
  • Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)
    • -
  • Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.
    • -
-
-
-

Disadvantages

-
    -
  • Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
    • -
  • Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
    • -
  • Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
    • -
  • Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
    • -
-
-
-
- -

Worth Mentioning

- - - -

- - Peer to Peer (P2P) -

- -

Peer-to-Peer instant messengers connect directly to each other without requiring third-party servers. Clients (peers) usually find each other through the use of a distributed computing network. Examples of this include DHT (distributed hash table) (used with technologies like torrents and IPFS, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the Scuttlebutt social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made.

- -{% - include legacy/cardv2.html - title="Briar" - image="/assets/img/legacy_svg/3rd-party/briar.svg" - description="Encrypted instant messenger that connects to contacts via Wi-Fi, Bluetooth, or Tor over the internet to synchronize messages. Technology such as this has proven to be useful when Internet availability is an issue, such as in times of crisis." - website="https://briarproject.org" - privacy-policy="https://briarproject.org/privacy-policy/" - gitlab="https://code.briarproject.org/briar/briar" - fdroid="https://f-droid.org/packages/org.briarproject.briar.android/" - googleplay="https://play.google.com/store/apps/details?id=org.briarproject.briar.android" -%} - -{% - include legacy/cardv2.html - title="Jami" - image="/assets/img/legacy_svg/3rd-party/jami.svg" - description='Encrypted instant messaging and video calling software. All communications are E2EE using TLS 1.3 and never stored outside the client, even when TURN servers are used.' - labels="color==warning::link==https://git.jami.net/savoirfairelinux/ring-project/issues/765::text==Warning::tooltip==This software is partially centralized but can be self-hosted.|text==VoIP" - website="https://jami.net/" - privacy-policy="https://jami.net/privacy-policy/" - gitlab="https://git.jami.net/savoirfairelinux" - windows="https://jami.net/download-jami-windows" - mac="https://jami.net/download-jami-macos" - linux="https://jami.net/download-jami-linux" - fdroid="https://f-droid.org/packages/cx.ring/" - googleplay="https://play.google.com/store/apps/details?id=cx.ring" - ios="https://apps.apple.com/app/id1306951055" -%} - -
-
-
-

Advantages

-
    -
  • Minimal information is exposed to third parties.
    • -
  • Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
    • -
-
-
-

Disadvantages

-
    -
  • Reduced feature set:
    • -
      -
    • Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
      • -
    • Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
      • -
    -
  • Your IP address and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a self contained network, such as Tor or I2P. Many countries have some form of mass surveillance and/or metadata retention.
    • -
-
-
-
diff --git a/_includes/legacy/sections/teamchat.html b/_includes/legacy/sections/teamchat.html deleted file mode 100644 index db4a33fe..00000000 --- a/_includes/legacy/sections/teamchat.html +++ /dev/null @@ -1,42 +0,0 @@ -

- -Team Chat Platforms -

- - - -{% - include legacy/cardv2.html - title="Element" - image="/assets/img/legacy_svg/3rd-party/element.svg" - description='Element (formerly Riot) is the reference client for the Matrix network. The Matrix open standard is an open-source standard for secure, decentralized, real-time communication.' - labels="text==VoIP" - website="https://element.io" - privacy-policy="https://element.io/privacy" - github="https://github.com/vector-im/element-web" - windows="https://element.io/get-started" - mac="https://element.io/get-started" - linux="https://element.io/get-started" - fdroid="https://f-droid.org/packages/im.vector.app/" - googleplay="https://play.google.com/store/apps/details?id=im.vector.app" - ios="https://apps.apple.com/app/id1083446067" - web="https://app.element.io" -%} - -{% - include legacy/cardv2.html - title="Rocket.chat" - image="/assets/img/legacy_svg/3rd-party/rocketchat.svg" - description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE." - labels="color==warning::link==https://rocket.chat/docs/user-guides/end-to-end-encryption/::text==Experimental E2EE::tooltip==Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. Federation was also added afterwards, potentially causing room for mistakes.|text==VoIP" - website="https://rocket.chat/" - privacy-policy="https://rocket.chat/privacy" - github="https://github.com/rocketchat/" - windows="https://rocket.chat/install" - mac="https://apps.apple.com/app/id1086818840" - linux="https://rocket.chat/install" - googleplay="https://play.google.com/store/apps/details?id=chat.rocket.android" - ios="https://apps.apple.com/app/id1148741252" -%} diff --git a/_includes/legacy/sections/voice-video-messenger.html b/_includes/legacy/sections/voice-video-messenger.html deleted file mode 100644 index 9e0a91c8..00000000 --- a/_includes/legacy/sections/voice-video-messenger.html +++ /dev/null @@ -1,59 +0,0 @@ -

Video/Voice Calling

- - - -{% include legacy/cardv2.html - title="Linphone" - image="/assets/img/legacy_svg/3rd-party/linphone.svg" - website="https://www.linphone.org/" - privacy-policy="https://www.linphone.org/privacy-policy" - description="Linphone is an open-source SIP Phone and a free voice over IP service, available on mobile and desktop environments and on web browsers. It supports ZRTP for end-to-end encrypted voice and video communication." - github="https://github.com/BelledonneCommunications" - windows="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner" - linux="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner" - mac="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner" - fdroid="https://f-droid.org/packages/org.linphone" - googleplay="https://play.google.com/store/apps/details?id=org.linphone" - ios="https://apps.apple.com/app/id360065638" -%} - -{% include legacy/cardv2.html - title="Jitsi Meet" - image="/assets/img/legacy_svg/3rd-party/jitsi.svg" - website="https://jitsi.org/jitsi-meet/" - privacy-policy="https://jitsi.org/security/" - description='Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application with optional E2EE. It can be used from the browser, in desktop applications or on smartphones. Additional features include screen sharing for presentations and an always-on-top floating call window when minimized. See the list of public Jitsi Meet instances.' - labels="color==warning::text==Requires WebRTC::tooltip==Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it.|color==warning::link==https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/e2ee.md::text==Experimental E2EE::tooltip==E2EE in Jitsi Meet is dependent on Insertable Streams, which is currently supported in Chrome but not Firefox. The mobile apps also do not support E2EE for the moment. Prefer to use the desktop apps instead." - github="https://github.com/jitsi/jitsi-meet" - windows="https://github.com/jitsi/jitsi-meet-electron/releases" - linux="https://github.com/jitsi/jitsi-meet-electron/releases" - mac="https://github.com/jitsi/jitsi-meet-electron/releases" - fdroid="https://f-droid.org/en/packages/org.jitsi.meet/" - googleplay="https://play.google.com/store/apps/details?id=org.jitsi.meet" - ios="https://apps.apple.com/app/id1165103905" -%} - -{% include legacy/cardv2.html - title="Mumble" - image="/assets/img/legacy_svg/3rd-party/mumble.svg" - website="https://mumble.info/" - description="Mumble is an open-source, low-latency, and high quality voice chat application primarily intended for use while gaming. Note that while Mumble doesn't log messages or record by default, it's missing end-to-end encryption, so self-hosting is recommended." - github="https://github.com/mumble-voip/" - windows="https://www.mumble.info/downloads" - linux="https://www.mumble.info/downloads" - mac="https://www.mumble.info/downloads" - android="https://www.mumble.info/downloads/#third-party-clients" - ios="https://apps.apple.com/app/id443472808" -%} - -

Related Information

- - diff --git a/_includes/recommendation-card.html b/_includes/recommendation-card.html index 31368ca4..aaf84da0 100644 --- a/_includes/recommendation-card.html +++ b/_includes/recommendation-card.html @@ -8,6 +8,40 @@

{{ item.title }}

{% if item.info %}

{{ item.info }}

{% endif %} {% if item.warning %}

{{ item.warning }}

{% endif %} + {% if item.labels %} +

+ {% assign labels = item.labels | split:"|" %} + {% for label in labels %} + {% assign label_data = label | split:"::" %} + {% for label_attr in label_data %} + {% assign attr = label_attr | split:"==" %} + {% if attr[0] == "color" %} + {% assign color = attr[1] %} + {% elsif attr[0] == "link" %} + {% assign link = attr[1] %} + {% elsif attr[0] == "text" %} + {% assign text = attr[1] %} + {% elsif attr[0] == "icon" %} + {% assign icon = attr[1] %} + {% elsif attr[0] == "tooltip" %} + {% assign tooltip = attr[1] %} + {% endif %} + {% endfor %} + {% include badge.html + link=link + color=color + text=text + icon=icon + tooltip=tooltip + %} + {% assign color = nil %} + {% assign link = nil %} + {% assign text = nil %} + {% assign icon = nil %} + {% assign tooltip = nil %} + {% endfor %} +

+ {% endif %} {{ item.description | markdownify }} {% if item.downloads %}

{% for platform in item.downloads %} diff --git a/_sass/brand.scss b/_sass/brand.scss index 813b1990..98a29562 100644 --- a/_sass/brand.scss +++ b/_sass/brand.scss @@ -17,7 +17,6 @@ $reddit: #FFD06F; $linkedin: #FFD06F; $email: #FFD06F; $diaspora: #FFD06F; -$tor: #7d4698; $body-color: #28323F; $link-color: $secondary; diff --git a/_sass/variables.scss b/_sass/variables.scss index f29e5a5c..62ab65dd 100644 --- a/_sass/variables.scss +++ b/_sass/variables.scss @@ -28,7 +28,6 @@ $colors: ( "green": $green, "teal": $teal, "cyan": $cyan, - "tor": $tor ); /* Cards */ diff --git a/assets/img/layout/network-anonymous-routing.svg b/assets/img/layout/network-anonymous-routing.svg new file mode 100644 index 00000000..9a61525d --- /dev/null +++ b/assets/img/layout/network-anonymous-routing.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/layout/network-centralized.svg b/assets/img/layout/network-centralized.svg new file mode 100644 index 00000000..0e8ee5ec --- /dev/null +++ b/assets/img/layout/network-centralized.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/layout/network-decentralized.svg b/assets/img/layout/network-decentralized.svg new file mode 100644 index 00000000..57d4602e --- /dev/null +++ b/assets/img/layout/network-decentralized.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/layout/network-distributed.svg b/assets/img/layout/network-distributed.svg new file mode 100644 index 00000000..606c342f --- /dev/null +++ b/assets/img/layout/network-distributed.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/legacy_svg/3rd-party/briar.svg b/assets/img/messengers/briar.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/briar.svg rename to assets/img/messengers/briar.svg diff --git a/assets/img/legacy_svg/3rd-party/element.svg b/assets/img/messengers/element.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/element.svg rename to assets/img/messengers/element.svg diff --git a/assets/img/legacy_svg/3rd-party/jitsi.svg b/assets/img/messengers/jitsi.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/jitsi.svg rename to assets/img/messengers/jitsi.svg diff --git a/assets/img/legacy_svg/3rd-party/linphone.svg b/assets/img/messengers/linphone.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/linphone.svg rename to assets/img/messengers/linphone.svg diff --git a/assets/img/messengers/session.svg b/assets/img/messengers/session.svg new file mode 100644 index 00000000..80e68e95 --- /dev/null +++ b/assets/img/messengers/session.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/legacy_svg/3rd-party/signal.svg b/assets/img/messengers/signal.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/signal.svg rename to assets/img/messengers/signal.svg diff --git a/collections/_evergreen/real-time-communication.html b/collections/_evergreen/real-time-communication.html new file mode 100644 index 00000000..12835204 --- /dev/null +++ b/collections/_evergreen/real-time-communication.html @@ -0,0 +1,168 @@ +--- +layout: evergreen +title: Real-Time Communication +description: "We only recommend messengers that support strong end-to-end encryption (E2EE) and have been been independently audited to ensure their cryptography works as intended. The selection listed here is free and open-source software, ensuring that the code can be verified by experts now and in the future." +--- + +

+ + Encrypted Instant Messengers +

+ +{% for item_hash in site.data.software.messengers %} + {% assign item = item_hash[1] %} + + {% if item.type == "Recommendation" %} + {% include recommendation-card.html %} + {% endif %} +{% endfor %} + +

+ + Types of communication networks +

+ +

There are several network architectures commonly used to relay messages between users. These networks can provide different different privacy guarantees, which is why it's worth considering your threat model when making a decision about which app to use.

+ +

+ + Centralized +

+ +
+ Centralized network +

Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization.

+

Some self-hosted messengers allow you to set up your own server. Self-hosting can provide additional privacy guarantees such as no usage logs or limited access to metadata (data about who is talking to whom etc). Self-hosted centralized messengers are isolated and everyone must be on the same server to communicate.

+
+ +
+
+
+

Advantages

+
    +
  • New features and changes can be implemented more quickly.
    • +
  • Easier to get started with and to find contacts.
    • +
  • Most mature and stable features ecosystems, as they are easier to program in a centralized software.
    • +
  • Privacy issues may be reduced when you trust a server that you're self-hosting.
    • +
+
+
+

Disadvantages

+
    +
  • Can include restricted control or access. This can include things like:
    • +
      +
    • Being forbidden from connecting third-party clients to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.
      • +
    • Poor or no documentation for third-party developers.
      • +
    +
  • The ownership, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
    • +
  • Self hosting requires effort and knowledge of how to set up a service.
    • +
+
+
+
+ +

+ + Federated +

+ +
+ Decentralized network +

Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.

+

When self-hosted, users of a federated server can discover and communicate with users of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).

+
+ +
+
+
+

Advantages

+
    +
  • Allows for greater control over your own data when running your own server.
    • +
  • Allows you to choose who to trust your data with by choosing between multiple "public" servers.
    • +
  • Often allows for third party clients which can provide a more native, customized, or accessible experience.
    • +
  • Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)
    • +
+
+
+

Disadvantages

+
    +
  • Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
    • +
  • Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
    • +
  • Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
    • +
  • Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
    • +
  • Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
    • +
+
+
+
+ +

+ + Peer-to-Peer (P2P) +

+ +
+

+ Distributed network + Peer-to-peer messengers connect to a distributed network of nodes to relay messages to the recipient without a third-party server. Clients (peers) usually find each other through the use of a distributed computing network. Examples of this include DHT (distributed hash table) (used with technologies like torrents and IPFS, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the Scuttlebutt social network protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient. +

+

P2P networks do not use servers, as users communicate directly between each others, and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as users discovery or offline messages relaying, which can benefit from self-hosting.

+
+ +
+
+
+

Advantages

+
    +
  • Minimal information is exposed to third parties.
    • +
  • Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
    • +
+
+
+

Disadvantages

+
    +
  • Reduced feature set:
    • +
      +
    • Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
      • +
    • Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
      • +
    • Some common messenger features may not be implemented or incompletely, such as message deletion.
      • +
    +
  • Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a VPN or self contained network, such as Tor or I2P. Many countries have some form of mass surveillance and/or metadata retention.
    • +
+
+
+
+ +

+ + Anonymous Routing +

+ +
+

Anonymous routing network + A messenger using anonymous routing hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.

+

There are many different ways to implement anonymous routing. One of the most famous is onion routing (e.g., Tor), which communicates encrypted messages through a virtual overlay network that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly, and only meet through a secret rendezvous node, so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages nor the final destination, only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers".

+

Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.

+
+ +
+
+
+

Advantages

+
    +
  • Minimal to no information is exposed to other parties.
    • +
  • Messages can be relayed in a decentralized manner even if one of the parties is offline.
    • +
+
+
+

Disadvantages

+
    +
  • Slow message propagation.
    • +
  • Often limited to fewer media types, mostly text since the network is slow.
    • +
  • Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
    • +
  • More complex to get started as the creation and secured backup of a cryptographic private key is required.
    • +
  • Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform, hence features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
    • +
+
+
+
diff --git a/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md b/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md index 830b21e2..7eccc1a9 100644 --- a/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md +++ b/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md @@ -74,6 +74,6 @@ Once you add your server, that’s it! In the Outline clients it’s just a matt ### Conclusion -That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but don’t send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar]({% link legacy_pages/software/real-time-communication.html %}) if you don’t have a secure app already. +That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but don’t send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar]({% link _evergreen/real-time-communication.html %}) if you don’t have a secure app already. With Outline, there is no need to worry about the security of your server. Everything is set to automatically update with no intervention required! Another thing to note: The port on your Outline server is randomly generated. This is so the port can’t be easily blocked by nation/ISP level censors, however, this VPN may not function on some networks that only allow access to port 80/443, or on servers that only allow traffic on certain ports. These are edge-cases, but something to keep in mind, and if they apply you may need to look for more technical options. diff --git a/legacy_pages/software.html b/legacy_pages/software.html index 50d46400..0260abbc 100644 --- a/legacy_pages/software.html +++ b/legacy_pages/software.html @@ -16,7 +16,7 @@ description: "Discover a variety of open-source software built to protect your p
  • File Sharing
  • Password Manager
  • Productivity Tools
    • -
  • Real-Time Communication
    • +
  • Real-Time Communication
  • Self-contained Networks
  • Video Streaming
    • diff --git a/legacy_pages/software/real-time-communication.html b/legacy_pages/software/real-time-communication.html deleted file mode 100644 index c143432c..00000000 --- a/legacy_pages/software/real-time-communication.html +++ /dev/null @@ -1,89 +0,0 @@ ---- -layout: page -permalink: /software/real-time-communication/ -title: "Real-Time Communication" -description: "Discover secure and private ways to communicate with others online without letting any third parties read your messages." ---- - -{% include legacy/sections/instant-messenger.html %} - -

    - -Recent news about breaking E2EE on centralized instant messengers -

    - -
    June 2020
    - - -
    March 2020
    - - -
    January 2020
    - - -
    November 2019
    - - -
    October 2019
    - - -
    August 2019
    - - -
    July 2019
    - - -
    May 2019
    - - -
    January 2019
    - - -
    December 2018
    - - -

    Complete Comparison

    - - -

    Independent security audits

    - - -
    - -{% include legacy/sections/voice-video-messenger.html %} - -
    - -{% include legacy/sections/teamchat.html %}