Author: unoffensiveadmin

This post continues from the one before, which you can find HERE.

By now you would’ve understood key components that make or break a messaging app and should’ve read the list of common applications we would advise against. Today, we would like to mention three applications we feel are much better in terms of respecting your privacy and security.

SIGNAL: Signal has, unsurprisingly, become the gold standard for encrypted messaging applications. Its Sealed Sender capabilities have managed to reduce a lot of the metadata sent out to their servers, it has a very simple and easy to use interface, allows for group chats, group phone calls and group video chats and it is of course open-sourced and end to end encrypted by default. There are two drawbacks to signal that are still important and should be considered depending on your own threat model. The first one is that Signal is centralised, which means if a government decided to block Signal servers, Signal would not work in that specific country (Belgium has just said they are thinking about doing exactly that!). It means there is a single point of failure, and although it would be very difficult to decrypt any information, all that data is being funnelled through a single point. The second big problem with Signal is that it requires user data in order to set up an account. That user data is also not some silly, throwaway email, they need your telephone number. In many countries around the world, obtaining a SIM card without an ID is a problem in itself, but even when that SIM is anonymous, leaking a phone number that is continuously attached to your device could mean being targeted via connectivity networks and being geolocated by telephone towers. Telephone numbers tend to be something personal, and sometimes you do not wish to give someone you just met your number. Those are the two main drawbacks in an otherwise very powerful application.

Read more at www.signal.org

SESSION: Session App is the youngest app on our list, but it has made incredible progress and we would go as far as saying that we prefer it over Signal. It is a decentralised, open-source app backed by about 1800 nodes around the globe that routes all your traffic through onion routing, which means there is no IP leak and other identifying metadata is stripped off. The biggest and most important feature that makes Session stand out is that you do not require ANY personal information to sign up. No email address. No telephone number. No name. NOTHING. How fucking cool is that?! The fact that they’ve now implemented voice and video calls, onion routed and in a very user-friendly way, has won all the points needed for us to push it to n1! Let’s not forget about drawbacks tho. Because it is decentralised, it takes a little longer for the message to be received by your friend. This is barely noticeable on text and even photos, but it might take a few extra seconds for a video to send or to download! The second, more important drawback is that Session does not enforce Perfect Forward Secrecy. This is a complicated system where encryption keys get substituted regularly so if someone was to steal the key somehow they would only be able to decrypt some messages and not entire conversations. Session does not implement PFS, but as the encryption key is saved in your device, if your device was compromised the text would already be in plain text. Whilst we understand Session’s mitigation against that attack, they should implement PFS for extra security. Session is the app we would advise for all of you to talk to each other on a regular basis.

Read more here: https://getsession.org

BRIAR: Briar is an incredibly interesting application. End to end encryption by default and an open-source application that will only run on Android devices (sorry iPhone users). It runs through P2P connectivity, which means no server or nodes to depend on. When you message someone on Briar, the message travels through the TOR network directly to your friend’s device without depending on any specific centralised systems. Briar is also a very useful tool when the network is down. Police will, during intense riot situations, jam the network in order to stop any form of connectivity. Briar circumvents those problems by allowing users to connect through a Bluetooth mesh or a wifi mesh, without depending on the telephone network. This, of course, has a distance limitation. The drawbacks should be obvious. A P2P connection is not anonymous. The message is encrypted and if someone was sniffing the connection they would not be able to read your texts or see the photos, but the recipient of your text is able to work out the network you connect to and some device identifiers which could be used to de-anonymise you. As mentioned before, it only runs on Android, so compatibility might be a problem. Finally, briar has a usability problem. Because it is P2P and your messages are not stored in a server, they cannot be sent to your friend unless your friend is also connected. Briar is an incredible app and we highly recommend it, but we would advise you to use this app for specific situations and only with people you trust. Briar is without a doubt, the app we would use when the armed revolution starts!

Find Briar here: www.briarproject.org

Keep an eye for our next instalment of this miniseries, which will be a more practical use and advice on how to talk to each other.

Remember that apps only know what you tell them. We will talk about what to say and what not to say in our last instalment about messaging apps! 



PRIVACY SHOULD BE FOR EVERYONE.

UA Tech&Sec 101 support.

PS: We volunteer our time, but we cannot volunteer all our funds too in order to keep this project alive. If you have the means and like what we do, please consider donating a few coins. Monero is our favourite way, you can find the wallet address on our website, but if you don’t use cryptocurrencies you can donate over Paypal and Patreon too!

www.patreon.com/animalliberation
PayPal: unoffensive_animal(aaattt)tutanota(ddddot)com

This post is a continuation of a series, the previous post can be found HERE

We have talked about the different key points that make a good instant messaging app, and it is time to name and shame applications you should never use for any communications (from organising a demo to organising a coffee date, fuck using the apps below!)

SMS (Text) Messages. We’ve already talked about this but your SMS are sent in plain text and literally, everybody can read them. Don’t use text unless necessary.

FACEBOOK, INSTAGRAM AND SOCIAL MEDIA MESSAGING: Facebook Messenger, Instagram Direct and other social media private messaging apps are NEVER safe to use. They work in a centralised network, they are (for the most part) not encrypted and they only serve one purpose: to collect your data. All the big social media names also have no problem complying with governments when requested, so your metadata, text and media will be shared on request. WhatsApp is an incredibly common instant messaging application you should delete from your phone immediately. Since it was acquired by Meta (Facebook) this has become an even more important thing.

WHATSAPP: WhatsApp is a closed source application (which means no one can read the code to tell if what WhatsApp says is true) and although they say it has End to End Encryption, Facebook can read any texts that have been marked as abusive, which brings into question the truth about their encryption. They collect heaps of metadata (location, time, date, users involved in the conversation and so on) which is not encrypted and they have an extensive track record of collaborating with the government. Move your family away from WhatsApp and delete the app. Seriously.

iMESSAGE: iMessage is also heavily advised against. For iPhone users only, iMessage was a very useful app when it was first introduced, making texts free for a lot of people! There are many problems with iMessage but here are a few important ones. The app’s code is closed. Their encryption protocol is trash. They collaborate with the NSA and will give information to governments on request. It is not a safe app.

TELEGRAM: Telegram needs to be completely trashed and put in the bin. This will divide many people and might make you feel uncomfy inside, but telegram is NOT a safe app. They have managed to sell themselves as a privacy and security messaging application, but the amount of problems with the application is staggering. To start with, Telegrams encryption is not enabled by default. This is such a massive problem that should make you uninstall the app immediately just because of it, but there are a few other bits to talk about. Telegram collects user information, does not hash it and permanently shares that information with the parent company. They DO NOT encrypt metadata (so the conversation logs are available) and thanks to a not-so-open-sourced code dealing with their bespoke cryptography, the company CAN READ YOUR MESSAGES even when encrypted! Telegram is so not an application to use, not for group chats, not for private chats, not for anything. There are much better alternatives to explore. In the next article, we will give you a few options for better messaging apps to use. Keep an eye out!

FIGHT BACK AGAINST THE TECHNOLOGY DYSTOPIA.

UA Tech&Sec Support

PS: If you appreciate the work we do, please send a few coins. We could do with some support.

Crypto addresses are on our website but PayPal and Patreon you can find just below! www.patreon.com/animalliberation
PayPal: unoffensive_animal(aattt)tutanota(doottt)com

Let’s talk about instant messaging communication. Since smartphones have become more and more embedded in our lives, instant messaging apps have taken a primary role in how we communicate. They are simple, they are fast, and they allow for photos and videos and even video calls over the internet, taking a huge step forward from the SMS/MMS capabilities of phones in the past.

But technology has more to it than accessibility, and instant messaging apps are not all created equal. In the next instalments of this series, we will talk about the apps we recommend and those that we advise against, but for now, we would like to define a few concepts that are very important for you to choose how you communicate with friends.

SMS/MMS texts are a decades-old protocol to send texts or media. They are reliable, but they are completely visible to telecommunication companies and governments as well as anyone with sufficient knowledge to connect to a telecommunications antenna. Stay away from them!

End to End Encryption BY DEFAULT should be the gold standard. Encryption is a process where the text sent is scrambled and can only be transformed into plain text by the recipient, who possesses a private key able to understand the “language” of the scrambled text. Many apps have encryption features, but only those that are encrypted by default (not as a “private conversation” feature) should be used.

Metadata is the information about the text, image or video you are sending. The metadata of a message could be the time and date it was sent, who the sender is, who the recipient is, the location of the sender and whatever other information an app collects and sends with the actual message. Applications that do not leak metadata are of course preferable when communicating with others.

Centralised, Decentralised and P2P Networks are different ways that your messages travel from your phone to your friend’s phone. 

Centralised networks work as follows: You send a message, it travels (hopefully encrypted) to a centralised server, and the server then sends that message over to your friend. The problem with Centralised networks is that there is one single location that has all the power. It means that the government can enforce censorship by blocking the servers, and even simply by raiding the servers and taking them away. There is a second problem with centralised networks. Even if your message is encrypted, depending on the app you are using the server will have various degrees of metadata knowledge. That means that if someone can access that centralised server, they can tell who is sending and receiving messages, at what time and even locations. Signal app is an example of an Encrypted, Centralised Messaging App.

Decentralised networks solve this problem. They use multiple nodes, so your message travels from you to a node, from that node to another and so on until it arrives in your friend’s app. This fixes a couple of problems. The first one, you cannot simply take down one server to stop someone from communicating with somebody else. In the second one, you can add extra layers of encryption on each node (like a TOR network), rendering any leftover metadata useless). The drawback of decentralised networks is that they are slower than centralised ones (sometimes by nanoseconds, but sometimes it’s a lot more noticeable!). Session App is an example of an encrypted, decentralised instant messaging app.

P2P or Peer2Peer is more of a connection than a network. When you use an instant messaging app with P2P the users will synchronise without the need for a secondary server or multiple nodes. This method makes things a lot safer. There is no risk of a compromised server, or of someone running multiple malicious nodes attempting to either deanonymize you or somehow collect metadata. There is one big problem with this. Both you and your friend need to be connected at the same time for that message to travel from your device to their device. If you send a message when your friend is offline, and then you go offline, even if your friend connects that message will still sit on your phone, as you are no longer attempting to send it. A second problem with encrypted P2P connections is that they do not anonymise you. Your friend could be able to tell information about your device and network as you are both connected.

Now that you know a few of the parameters you should consider before messaging someone, we will be able to talk about which apps we would advise to uninstall and then set on fire, and which apps are recommended to use, but we will do that on future instalments to not bore you to death with technical knowledge!



PRIVACY IS A HUMAN RIGHT! 



UA Tech&Sec Department.

PS: UA is a collaborative, not for profit project that never makes enough money to cover costs. If you enjoy our content, please consider donating. We have crypto addresses on our website (for ultimate privacy we advise you send through Monero, not Bitcoin), but there is also Paypal and Patreon.

Please consider sending even if it is a single coin, it all helps!
Paypal: unoffensive_animal(aaaaatttt)tutanota(doooot)com
Patreon: patreon.com/animalliberation