nihilist/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org synced 2024-09-20 12:56:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Overhaul and revamp IM page (#192)

Browse Source 
Co-Authored-By: Tommy <contact@tommytran.io>
Co-Authored-By: Daniel Gray <dng@disroot.org>
This commit is contained in:
Stephen L 2021-10-14 01:17:49 +02:00 committed by Daniel Gray
parent f5ec6b4ecf
commit bb4dcb3025
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
28 changed files with 358 additions and 378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_data/nav/2_software.yml
View File

@ -45,9 +45,9 @@ items:
icon: fad fa-briefcase
file: legacy_pages/software/productivity.html
- type: link
title: Real-Time Communication Platforms
title: Real-Time Communication
icon: fad fa-comments-alt
file: legacy_pages/software/real-time-communication.html
file: _evergreen/real-time-communication.html
- type: link
title: Self-Contained Networks
icon: fad fa-chart-network

35
_data/software/messengers/1_signal.yml Normal file
View File

@ -0,0 +1,35 @@
title: Signal
type: Recommendation
logo: /assets/img/messengers/signal.svg
labels: 'color==info::icon==fas fa-fw fa-wifi::text==Centralized::tooltip==All communications pass through a single host. |
color==info::icon==fas fa-fw fa-phone::text==VoIP::tooltip==Voice or video calls are supported.'
description: |
<strong>Signal</strong> is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling.
All communications are E2EE. Contact lists are encrypted using your login PIN and the server does not have access to it. Personal profiles are also encrypted and only shared with contacts who add you.
Signal has minimal metadata when <a href="https://signal.org/blog/sealed-sender/">Sealed Sender</a> is enabled. The sender address is encrypted along with the message body, and only the reciepient address is visible to the server.
<h4>Notes</h4>
<p>Signal requires your phone number as a personal identifier.</p>
<p><a href="https://signal.org/blog/sealed-sender/">Sealed Sender</a> is only enabled for users on your contact list but can be enabled for all recipients with the increased risk of receiving spam.</p>
<h4>Technical information</h4>
The protocol was independently <a href="https://eprint.iacr.org/2016/1013.pdf">audited</a> in 2016. The specification for the Signal protocol can be founded in their <a href="https://signal.org/docs/">documentation</a>.
website: 'https://signal.org'
privacy_policy: 'https://signal.org/legal'
downloads:
- icon: fab fa-windows
url: 'https://signal.org/download'
- icon: fab fa-apple
url: 'https://signal.org/download'
- icon: fab fa-linux
url: 'https://signal.org/download'
- icon: fab fa-android
url: 'https://signal.org/android/apk/#apk-danger'
- icon: fab fa-google-play
url: 'https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms'
- icon: fab fa-app-store-ios
url: 'https://apps.apple.com/app/id874139669'
- icon: fab fa-github
url: 'https://github.com/signalapp'

42
_data/software/messengers/2_element.yml Normal file
View File

@ -0,0 +1,42 @@
title: Element
type: Recommendation
logo: /assets/img/messengers/element.svg
labels: 'color==info::icon==fas fa-fw fa-wifi::text==Federated::tooltip==Your communications pass through one of a network of hosts that intercommunicate. |
color==info::icon==fas fa-fw fa-wifi::text==P2P::tooltip==One-on-one voice and video calls are peer-to-peer (option can be disabled). |
color==info::icon==fas fa-fw fa-phone::text==VoIP::tooltip==Voice or video calls are supported.'
description: |
<strong>Element</strong> is the reference client for the <a href="https://matrix.org/docs/guides/introduction">Matrix</a> protocol, an <a href="https://matrix.org/docs/spec">open standard</a> for secure decentralized real-time communication.
Messages and files shared in private rooms (those which require an invite) are by default E2EE as are 1 to 1 voice and video calls.
<h4>Notes</h4>
Profile pictures, reactions, and nicknames not encrypted.
Group voice and video calls are <a href="https://github.com/vector-im/element-web/issues/12878">not</a> E2EE, and use Jitsi, but this is expected to change with <a href="https://github.com/matrix-org/matrix-doc/pull/3401">Native Group VoIP Signalling</a>.
Native Group VoIP Signalling
When using <a href="https://github.com/vector-im/element-web">element-web</a>, you must trust the server hosting the Element client. If your <a href="/threat-modeling">threat model</a> requires stronger protection then use a desktop or mobile client instead.
<h4>Technical information</h4>
The protocol was independently <a href="https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last">audited</a> in 2016. The specification for the Matrix protocol can be founded in their <a href="https://spec.matrix.org/latest/">documentation</a>. The <a href="https://matrix.org/docs/projects/other/olm">Olm</a> cryptographic ratchet used by Matrix is an implementation of Signal's <a href="https://signal.org/docs/specifications/doubleratchet/">Double Ratchet algorithm</a>.
website: 'https://element.io'
privacy_policy: 'https://element.io/privacy'
downloads:
- icon: fab fa-windows
url: 'https://element.io/get-started'
- icon: fab fa-apple
url: 'https://element.io/get-started'
- icon: fab fa-linux
url: 'https://element.io/get-started'
- icon: fab fa-android
url: 'https://f-droid.org/packages/im.vector.app/'
- icon: fab fa-google-play
url: 'https://play.google.com/store/apps/details?id=im.vector.app'
- icon: fab fa-app-store-ios
url: 'https://apps.apple.com/app/vector/id1083446067'
- icon: fas fa-globe-americas
url: 'https://app.element.io'
- icon: fab fa-github
url: 'https://github.com/vector-im/element-web'

26
_data/software/messengers/3_briar.yml Normal file
View File

@ -0,0 +1,26 @@
title: Briar
type: Recommendation
logo: /assets/img/messengers/briar.svg
labels: 'color==info::icon==fas fa-fw fa-wifi::text==P2P::tooltip==Senders and recipients connect directly with no middlemen (can be disabled). |
color==info::icon==fas fa-fw fa-wifi::text==Anonymous Routing::tooltip==Senders and recipients are hidden in the network, no one can know they communicate together (can be disabled).'
description: |
<strong>Briar</strong> is an encrypted instant messenger that <a href="https://briarproject.org/how-it-works/">connects</a> to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar's local mesh mode can be useful when internet availability is a problem.
<h4>Notes</h4>
To <a href="https://briarproject.org/manual/">add a contact</a> on Briar, you must both add each other first. You can either exchange <code>briar://</code> links or scan a contact's QR code if they are nearby.
<h4>Technical information</h4>
The client software was independently <a href="https://briarproject.org/news/2017-beta-released-security-audit/">audited</a> and the anonymous routing protocol uses the Tor network which has also been audited.
Briar has a fully <a href="https://code.briarproject.org/briar/briar-spec">published specification</a>.
Briar supports perfect forward secrecy by using the Bramble <a href="https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md">Handshake</a> and <a href="https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md">Transport</a> protocol.
website: 'https://briarproject.org'
privacy_policy: 'https://briarproject.org/privacy-policy'
downloads:
- icon: fab fa-android
url: 'https://f-droid.org/packages/org.briarproject.briar.android'
- icon: fab fa-google-play
url: 'https://play.google.com/store/apps/details?id=org.briarproject.briar.android'
- icon: fab fa-git
url: 'https://code.briarproject.org/briar/briar'

34
_data/software/messengers/4_session.yml Normal file
View File

@ -0,0 +1,34 @@
title: Session
type: Recommendation
logo: /assets/img/messengers/session.svg
labels: 'color==info::icon==fas fa-fw fa-wifi::text==Anonymous Routing::tooltip==Senders and recipients are hidden in the network, no one can know they communicate together.'
description: |
<strong>Session</strong> is an encrypted instant messenger that uses three random <a href="https://getsession.org/blog/onion-requests-session-new-message-routing-solution"> service nodes</a> to route messages anonymously on the <a href="https://oxen.io">Oxen Network</a>.
Session allows for E2EE in one-to-one or closed rooms that allow up to 100 members.
Open rooms have no restriction on the number of members, but anyone can join.
<h4>Notes</h4>
Session does <a href="https://getsession.org/blog/session-protocol-technical-information">not</a> support forward secrecy. The key pair for each conversation is not rotated.
<h4>Technical information</h4>
Session was independently <a href="https://getsession.org/session-code-audit/">audited</a> in 2020. The protocol is described in a <a href="https://arxiv.org/abs/2002.04609">whitepaper</a>.
website: 'https://getsession.org/'
privacy_policy: 'https://getsession.org/privacy-policy'
downloads:
- icon: fab fa-windows
url: 'https://getsession.org/windows'
- icon: fab fa-apple
url: 'https://getsession.org/mac'
- icon: fab fa-linux
url: 'https://www.getsession.org/linux'
- icon: fab fa-android
url: 'https://fdroid.getsession.org/'
- icon: fab fa-google-play
url: 'https://play.google.com/store/apps/details?id=network.loki.messenger'
- icon: fab fa-app-store-ios
url: 'https://apps.apple.com/app/id1470168868'
- icon: fab fa-github
url: 'https://github.com/oxen-io/session-desktop'

5
_includes/badge.html
View File

@ -1,10 +1,11 @@
{% if include.link %}
<a
href="{{ include.link }}" class="text-decoration-none link-{{ include.color | default: "info" }}"
href="{{ include.link }}" class="text-decoration-none badge rounded-pill bg-{{ include.color | default: "info" }}"
{% if include.tooltip %}
data-bs-toggle="tooltip"
title="{{ include.tooltip }}"><i class="{{ include.icon | default: "fad fa-question-circle"}}"></i> {{ include.text }}
{% else %}><i class="{{ include.icon | default: "fas fa-external-link-alt"}}"></i> <span class="text-decoration-underline">{{ include.text }}</span>{% endif %}
{% else %}><i class="{{ include.icon | default: "fas fa-external-link-alt"}}"></i> {{ include.text }}
{% endif %}
</a>
{% else %}
<span

2
_includes/legacy/card.html
View File

@ -12,7 +12,7 @@
{% assign labels = include.labels | replace:", ", "," | split:"," %}
<div class="mb-1">
{% for label in labels %}
{% assign label_data = label | split:":" %}
{% assign label_data = label | split:";" %}
{% assign color = label_data[0] %}
{% assign text = label_data[1] %}
{% assign tooltip = label_data[2] | default: "" %}

2
_includes/legacy/sections/email-warning.html
View File

@ -5,6 +5,6 @@
<p class="card-text text-danger">When using end-to-end encryption (E2EE) technology like <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy">OpenPGP</a>, email will still have some metadata that is not encrypted in the header of the email. <a href="/providers/email/#metadata">Read more about email metadata.</a></p>
<p class="card-text text-danger">OpenPGP also does not support <a href="https://en.wikipedia.org/wiki/Forward_secrecy">Forward secrecy</a>, which means if either your or the recipient's private key is ever stolen, <strong>all</strong> previous messages encrypted with it will be exposed. <a href="/providers/email/#email-encryption">How do I protect my private keys?</a></p>
<p class="card-text text-info">Rather than use email for prolonged conversations, consider using a medium that does support Forward secrecy.</p>
<a href="/software/real-time-communication/" class="btn btn-outline-info">Recommended Instant Messengers</a>
<a href="/real-time-communication/" class="btn btn-outline-info">Recommended Instant Messengers</a>
</div>
</div>

178
_includes/legacy/sections/instant-messenger.html
View File

@ -1,178 +0,0 @@
<h2 id="im" class="anchor">
<a href="#im"><i class="fas fa-link anchor-icon"></i></a>
Encrypted Instant Messengers
</h2>
<div class="alert alert-warning" role="alert">
<strong>If you are currently using an Instant Messenger like Telegram, LINE, Viber, <a href="https://www.eff.org/deeplinks/2016/10/where-whatsapp-went-wrong-effs-four-biggest-security-concerns">WhatsApp</a>, or plain SMS, you should pick an alternative here.</strong>
</div>
<p>We only recommend instant messenger programs or apps that support <a href="https://en.wikipedia.org/wiki/End-to-end_encryption">end-to-end encryption (E2EE)</a>. When E2EE is used, all transmissions (messages, voice, video, etc.) are encrypted <strong>before</strong> they are sent from your device. E2EE protects both the authenticity and confidentiality of the transmission as they pass through any part of the network (servers, etc.).</p>
<p>All the client programs/apps we chose are <a href="https://en.wikipedia.org/wiki/Free_and_open-source_software">free and open-source software</a> unless otherwise mentioned. This to ensure that the code can be independently verified by experts now and in the future.</p>
<p>We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.</p>
<h3 id="centralized" class="anchor">
<a href="#centralized"><i class="fas fa-link anchor-icon"></i></a>
Centralized
</h3>
<p>Centralized messengers are those where every participant is on the same server or network of servers controlled by the same organization.</p>
{%
include legacy/cardv2.html
title="Signal"
image="/assets/img/legacy_svg/3rd-party/signal.svg"
description='Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been <a href="https://eprint.iacr.org/2016/1013.pdf">independently audited (PDF)</a>'
labels="color==warning::text==Requires phone number::tooltip==Signal requires your phone number as an personal identifier which means anyone you communicate with will see it.|text==VoIP"
website="https://signal.org/"
privacy-policy="https://signal.org/legal/"
github="https://github.com/signalapp"
windows="https://signal.org/download/"
mac="https://signal.org/download/"
linux="https://signal.org/download/"
googleplay="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms"
android="https://signal.org/android/apk/#apk-danger"
ios="https://apps.apple.com/app/id874139669"
%}
<div class="container">
<div class="row">
<div class="col-md-6">
<h4>Advantages</h4>
<ul>
<li>New features and changes can be implemented more quickly.</li>
<li>Easier to get started with and to find contacts.</li>
</ul>
</div>
<div class="col-md-6">
<h4>Disadvantages</h4>
<ul>
<li>Centralized services could be more susceptible to <a href="#exploiting-centralized-networks">legislation requiring backdoor access</a>.</li>
<li>Can include <a href="https://drewdevault.com/2018/08/08/Signal.html">restricted control or access</a>. This can include things like:</li>
<ul>
<li>Being <a href="https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165">forbidden from connecting third-party clients</a> to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.</li>
<li>Poor or no documentation for third-party developers.</li>
</ul>
<li>The <a href="https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/">ownership</a>, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.</li>
</ul>
</div>
</div>
</div>
<h3 id="federated" class="anchor">
<a href="#federated"><i class="fas fa-link anchor-icon"></i></a>
Federated
</h3>
<p>Federated messengers use multiple, independent servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.</p>
{%
include legacy/cardv2.html
title="Element"
image="/assets/img/legacy_svg/3rd-party/element.svg"
description='<a href="https://element.io">Element</a> (formerly <a href="https://element.io/blog/welcome-to-element/">Riot</a>) is the reference client for the <a href="https://matrix.org/docs/guides/introduction">Matrix</a> network. The <a href="https://matrix.org/docs/spec">Matrix open standard</a> is an open-source standard for secure (<a href="https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last">audit</a>), decentralized, real-time communication.'
labels="text==VoIP"
website="https://element.io"
privacy-policy="https://element.io/privacy"
github="https://github.com/vector-im/element-web"
windows="https://element.io/get-started"
mac="https://element.io/get-started"
linux="https://element.io/get-started"
fdroid="https://f-droid.org/packages/im.vector.app/"
googleplay="https://play.google.com/store/apps/details?id=im.vector.app"
ios="https://apps.apple.com/app/id1083446067"
web="https://app.element.io"
%}
<div class="container">
<div class="row">
<div class="col-md-6">
<h4>Advantages</h4>
<ul>
<li>Allows for greater control over your own data when running your own server.</li>
<li>Allows you to choose who to trust your data with by choosing between multiple "public" servers.</li>
<li>Often allows for third party clients which can provide a more native, customized, or accessible experience.</li>
<li>Generally a less juicy target for governments wanting <a href="#exploiting-centralized-networks">backdoor access to everything</a> as the trust is decentralized. The server may be hosted independently from the organization developing the software.</li>
<li>Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)</li>
<li>Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.</li>
</ul>
</div>
<div class="col-md-6">
<h4>Disadvantages</h4>
<ul>
<li>Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.</li>
<li>Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).</li>
<li>Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.</li>
<li>Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.</li>
</ul>
</div>
</div>
</div>
<h4>Worth Mentioning</h4>
<ul>
<li><a href="https://status.im">Status.im</a> - Encrypted instant messenger with an integrated <a href="https://en.wikipedia.org/wiki/Ethereum">Ethereum</a> wallet (cryptocurrency) that also includes support for <a href="https://our.status.im/tag/dapps">DApps (decentralized apps)</a> (web apps in a curated store). Uses the <a href="https://our.status.im/status-launches-private-peer-to-peer-messaging-protocol/">Waku protocol (a fork of Whisper)</a> for P2P communication. Only available for iOS and Android.</li>
</ul>
<h3 id="peer-to-peer" class="anchor">
<a href="#peer-to-peer"><i class="fas fa-link anchor-icon"></i></a>
Peer to Peer (P2P)
</h3>
<p>Peer-to-Peer instant messengers connect directly to each other without requiring third-party servers. Clients (peers) usually find each other through the use of a <a href="https://en.wikipedia.org/wiki/Distributed_computing">distributed computing</a> network. Examples of this include <a href="https://en.wikipedia.org/wiki/Distributed_hash_table">DHT (distributed hash table)</a> (used with technologies like <a href="https://en.wikipedia.org/wiki/BitTorrent_(protocol)">torrents</a> and <a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">IPFS</a>, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the <a href="https://www.scuttlebutt.nz">Scuttlebutt</a> social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made.</p>
{%
include legacy/cardv2.html
title="Briar"
image="/assets/img/legacy_svg/3rd-party/briar.svg"
description="Encrypted instant messenger that connects to contacts via Wi-Fi, Bluetooth, or Tor over the internet to synchronize messages. Technology such as this has proven to be useful when Internet availability is an issue, such as in times of crisis."
website="https://briarproject.org"
privacy-policy="https://briarproject.org/privacy-policy/"
gitlab="https://code.briarproject.org/briar/briar"
fdroid="https://f-droid.org/packages/org.briarproject.briar.android/"
googleplay="https://play.google.com/store/apps/details?id=org.briarproject.briar.android"
%}
{%
include legacy/cardv2.html
title="Jami"
image="/assets/img/legacy_svg/3rd-party/jami.svg"
description='Encrypted instant messaging and video calling software. All communications are E2EE using <a href="https://jami.net/improving-performance-and-security-with-tls-1-3/">TLS 1.3</a> and never stored outside the client, even when <a href="https://jami.net/why-is-jami-truly-distributed/">TURN servers are used</a>.'
labels="color==warning::link==https://git.jami.net/savoirfairelinux/ring-project/issues/765::text==Warning::tooltip==This software is partially centralized but can be self-hosted.|text==VoIP"
website="https://jami.net/"
privacy-policy="https://jami.net/privacy-policy/"
gitlab="https://git.jami.net/savoirfairelinux"
windows="https://jami.net/download-jami-windows"
mac="https://jami.net/download-jami-macos"
linux="https://jami.net/download-jami-linux"
fdroid="https://f-droid.org/packages/cx.ring/"
googleplay="https://play.google.com/store/apps/details?id=cx.ring"
ios="https://apps.apple.com/app/id1306951055"
%}
<div class="container">
<div class="row">
<div class="col-md-6">
<h4>Advantages</h4>
<ul>
<li>Minimal information is exposed to third parties.</li>
<li>Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.</li>
</ul>
</div>
<div class="col-md-6">
<h4>Disadvantages</h4>
<ul>
<li>Reduced feature set:</li>
<ul>
<li>Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.</li>
<li>Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.</li>
</ul>
<li>Your <a href="https://en.wikipedia.org/wiki/IP_address">IP address</a> and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a <a href="/software/networks">self contained network</a>, such as <a href="https://www.torproject.org">Tor</a> or <a href="https://geti2p.net/">I2P</a>. Many countries have some form of mass surveillance and/or metadata retention.</li>
</ul>
</div>
</div>
</div>

42
_includes/legacy/sections/teamchat.html
View File

@ -1,42 +0,0 @@
<h2 id="teamchat" class="anchor">
<a href="#teamchat"><i class="fas fa-link anchor-icon"></i></a>
Team Chat Platforms
</h2>
<div class="alert alert-warning" role="alert">
<strong>If your project or organization currently uses a platform like <a href="https://tosdr.org/#discord">Discord</a> or <a href="https://drewdevault.com/2015/11/01/Please-stop-using-slack.html">Slack</a> you should pick an alternative here.</strong>
</div>
{%
include legacy/cardv2.html
title="Element"
image="/assets/img/legacy_svg/3rd-party/element.svg"
description='<a href="https://element.io">Element</a> (formerly <a href="https://element.io/blog/welcome-to-element/">Riot</a>) is the reference client for the <a href="https://matrix.org/docs/guides/introduction">Matrix</a> network. The <a href="https://matrix.org/docs/spec">Matrix open standard</a> is an open-source standard for secure, decentralized, real-time communication.'
labels="text==VoIP"
website="https://element.io"
privacy-policy="https://element.io/privacy"
github="https://github.com/vector-im/element-web"
windows="https://element.io/get-started"
mac="https://element.io/get-started"
linux="https://element.io/get-started"
fdroid="https://f-droid.org/packages/im.vector.app/"
googleplay="https://play.google.com/store/apps/details?id=im.vector.app"
ios="https://apps.apple.com/app/id1083446067"
web="https://app.element.io"
%}
{%
include legacy/cardv2.html
title="Rocket.chat"
image="/assets/img/legacy_svg/3rd-party/rocketchat.svg"
description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE."
labels="color==warning::link==https://rocket.chat/docs/user-guides/end-to-end-encryption/::text==Experimental E2EE::tooltip==Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. Federation was also added afterwards, potentially causing room for mistakes.|text==VoIP"
website="https://rocket.chat/"
privacy-policy="https://rocket.chat/privacy"
github="https://github.com/rocketchat/"
windows="https://rocket.chat/install"
mac="https://apps.apple.com/app/id1086818840"
linux="https://rocket.chat/install"
googleplay="https://play.google.com/store/apps/details?id=chat.rocket.android"
ios="https://apps.apple.com/app/id1148741252"
%}

59
_includes/legacy/sections/voice-video-messenger.html
View File

@ -1,59 +0,0 @@
<h2 id="voip" class="anchor"><a href="#voip"><i class="fas fa-link anchor-icon"></i></a> Video/Voice Calling</h2>
<div class="alert alert-warning" role="alert">
<strong>If you are currently using a Video/Voice Calling app like Google Hangouts, Skype, Viber or <a href="https://medium.com/privacyguides/protecting-your-privacy-with-a-virtual-machine-while-using-zoom-efab2b65c8c6">Zoom</a>, you should pick an alternative here.</strong> Please note that many of the above instant messengers also support {% include badge.html color="info" text="VoIP" %}. The software listed below are <em>primarily</em> Voice/Video focused.
</div>
{% include legacy/cardv2.html
title="Linphone"
image="/assets/img/legacy_svg/3rd-party/linphone.svg"
website="https://www.linphone.org/"
privacy-policy="https://www.linphone.org/privacy-policy"
description="Linphone is an open-source SIP Phone and a free voice over IP service, available on mobile and desktop environments and on web browsers. It supports ZRTP for end-to-end encrypted voice and video communication."
github="https://github.com/BelledonneCommunications"
windows="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner"
linux="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner"
mac="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner"
fdroid="https://f-droid.org/packages/org.linphone"
googleplay="https://play.google.com/store/apps/details?id=org.linphone"
ios="https://apps.apple.com/app/id360065638"
%}
{% include legacy/cardv2.html
title="Jitsi Meet"
image="/assets/img/legacy_svg/3rd-party/jitsi.svg"
website="https://jitsi.org/jitsi-meet/"
privacy-policy="https://jitsi.org/security/"
description='Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application with optional E2EE. It can be used from the browser, in <a href="https://github.com/jitsi/jitsi-meet-electron/releases">desktop applications</a> or on smartphones. Additional features include screen sharing for presentations and an always-on-top floating call window when minimized. See the <a href="https://github.com/jitsi/jitsi-meet/wiki/Jitsi-Meet-Instances">list of public Jitsi Meet instances</a>.'
labels="color==warning::text==Requires WebRTC::tooltip==Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it.|color==warning::link==https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/e2ee.md::text==Experimental E2EE::tooltip==E2EE in Jitsi Meet is dependent on Insertable Streams, which is currently supported in Chrome but not Firefox. The mobile apps also do not support E2EE for the moment. Prefer to use the desktop apps instead."
github="https://github.com/jitsi/jitsi-meet"
windows="https://github.com/jitsi/jitsi-meet-electron/releases"
linux="https://github.com/jitsi/jitsi-meet-electron/releases"
mac="https://github.com/jitsi/jitsi-meet-electron/releases"
fdroid="https://f-droid.org/en/packages/org.jitsi.meet/"
googleplay="https://play.google.com/store/apps/details?id=org.jitsi.meet"
ios="https://apps.apple.com/app/id1165103905"
%}
{% include legacy/cardv2.html
title="Mumble"
image="/assets/img/legacy_svg/3rd-party/mumble.svg"
website="https://mumble.info/"
description="Mumble is an open-source, low-latency, and high quality voice chat application primarily intended for use while gaming. Note that while Mumble doesn't log messages or record by default, <a href=\"https://github.com/mumble-voip/mumble/issues/1813\">it's missing end-to-end encryption</a>, so self-hosting is recommended."
github="https://github.com/mumble-voip/"
windows="https://www.mumble.info/downloads"
linux="https://www.mumble.info/downloads"
mac="https://www.mumble.info/downloads"
android="https://www.mumble.info/downloads/#third-party-clients"
ios="https://apps.apple.com/app/id443472808"
%}
<h3>Related Information</h3>
<ul>
<li>More information about Mumble:</li>
<ul>
<li><a href="https://wiki.mumble.info/wiki/Running_Murmur">Running Mumble Server</a> and <a href="https://wiki.mumble.info/wiki/Murmur.ini">its config file</a>, particularly <a href="https://wiki.mumble.info/wiki/Murmur.ini#obfuscate">obfuscating IPv4 addresses</a> and <a href="https://wiki.mumble.info/wiki/Murmur.ini#Process_Administrivia">logging</a></li>
<li><a href="https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble">Torifying Mumble</a>
</ul>
</ul>

34
_includes/recommendation-card.html
View File

@ -8,6 +8,40 @@
<h2>{{ item.title }}</h2>
{% if item.info %} <p class="badge rounded-pill bg-info"><i class="fad fa-info-circle"></i> {{ item.info }}</p>{% endif %}
{% if item.warning %} <p class="badge rounded-pill bg-warning"><i class="fad fa-exclamation-triangle"></i> {{ item.warning }}</p>{% endif %}
{% if item.labels %}
<p>
{% assign labels = item.labels | split:"|" %}
{% for label in labels %}
{% assign label_data = label | split:"::" %}
{% for label_attr in label_data %}
{% assign attr = label_attr | split:"==" %}
{% if attr[0] == "color" %}
{% assign color = attr[1] %}
{% elsif attr[0] == "link" %}
{% assign link = attr[1] %}
{% elsif attr[0] == "text" %}
{% assign text = attr[1] %}
{% elsif attr[0] == "icon" %}
{% assign icon = attr[1] %}
{% elsif attr[0] == "tooltip" %}
{% assign tooltip = attr[1] %}
{% endif %}
{% endfor %}
{% include badge.html
link=link
color=color
text=text
icon=icon
tooltip=tooltip
%}
{% assign color = nil %}
{% assign link = nil %}
{% assign text = nil %}
{% assign icon = nil %}
{% assign tooltip = nil %}
{% endfor %}
</p>
{% endif %}
{{ item.description | markdownify }}
{% if item.downloads %}<p>{% for platform in item.downloads %}
<a href="{{ platform.url }}"><i class="{{ platform.icon }} fa-fw h2"></i></a>

1
_sass/brand.scss
View File

@ -17,7 +17,6 @@ $reddit: #FFD06F;
$linkedin: #FFD06F;
$email: #FFD06F;
$diaspora: #FFD06F;
$tor: #7d4698;
$body-color: #28323F;
$link-color: $secondary;

1
_sass/variables.scss
View File

@ -28,7 +28,6 @@ $colors: (
"green": $green,
"teal": $teal,
"cyan": $cyan,
"tor": $tor
);
/* Cards */

2
assets/img/layout/network-anonymous-routing.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

2
assets/img/layout/network-centralized.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.32208 0 0 .32208 -3.6371 -3.6592)"><path transform="scale(.75294)" d="m84.824 138.56v-34.412m-13.655-32.975-24.337-24.337m37.992 18.677v-34.412m-19.315 53.727h-34.412m67.387-13.655 24.337-24.337m-24.337 51.652 24.337 24.337m-18.677-37.992h34.412m-91.724 37.992 24.337-24.337" fill="none" stroke="#999" stroke-miterlimit="10" stroke-width="1.932"/><path d="m69.93 110.38c0.02344 2.1836-1.125 4.207-3.0117 5.3047-1.8828 1.0977-4.2148 1.0977-6.0977 0-1.8867-1.0977-3.0352-3.1211-3.0117-5.3047 0.03516-3.3203 2.7383-5.9922 6.0586-5.9922s6.0234 2.6719 6.0625 5.9922z" fill="#7dccba"/><path d="m78.414 63.867c0 8.0352-6.5117 14.547-14.547 14.547-8.0312 0-14.543-6.5117-14.543-14.547 0-8.0312 6.5117-14.543 14.543-14.543 8.0352 0 14.547 6.5117 14.547 14.543z" fill="#fc3"/><path d="m37.039 30.98c0.02344 2.1797-1.125 4.207-3.0117 5.3047-1.8828 1.0977-4.2148 1.0977-6.0977 0-1.8867-1.0977-3.0352-3.125-3.0117-5.3047 0.03516-3.3203 2.7383-5.9961 6.0586-5.9961s6.0234 2.6758 6.0625 5.9961zm32.891-13.625c0.02344 2.1797-1.125 4.207-3.0117 5.3047-1.8828 1.0977-4.2148 1.0977-6.0977 0-1.8867-1.0977-3.0352-3.125-3.0117-5.3047 0.03516-3.3203 2.7383-5.9922 6.0586-5.9922s6.0234 2.6719 6.0625 5.9922zm-46.516 46.516c0.02344 2.1797-1.125 4.207-3.0117 5.3047-1.8828 1.0977-4.2148 1.0977-6.0977 0-1.8867-1.0977-3.0352-3.125-3.0117-5.3047 0.03906-3.3203 2.7422-5.9961 6.0625-5.9961s6.0234 2.6758 6.0586 5.9961zm79.406-32.891c0.0234 2.1797-1.125 4.207-3.0117 5.3047-1.8828 1.0977-4.2148 1.0977-6.0977 0-1.8867-1.0977-3.0352-3.125-3.0117-5.3047 0.03516-3.3203 2.7383-5.9961 6.0586-5.9961s6.0234 2.6758 6.0625 5.9961zm-65.781 65.781c0.02344 2.1797-1.125 4.207-3.0117 5.3047-1.8828 1.0976-4.2148 1.0976-6.0977 0-1.8867-1.0977-3.0352-3.125-3.0117-5.3047 0.03516-3.3203 2.7383-5.9922 6.0586-5.9922s6.0234 2.6719 6.0625 5.9922zm65.781 0c0.0234 2.1797-1.125 4.207-3.0117 5.3047-1.8828 1.0976-4.2148 1.0976-6.0977 0-1.8867-1.0977-3.0352-3.125-3.0117-5.3047 0.03516-3.3203 2.7383-5.9922 6.0586-5.9922s6.0234 2.6719 6.0625 5.9922zm13.621-32.891c0.0273 2.1797-1.125 4.207-3.0078 5.3047-1.8867 1.0977-4.2148 1.0977-6.1016 0-1.8828-1.0977-3.0352-3.125-3.0078-5.3047 0.0352-3.3203 2.7383-5.9961 6.0586-5.9961s6.0234 2.6758 6.0586 5.9961z" fill="#7dccba"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.3 KiB

2
assets/img/layout/network-decentralized.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.075623 0 0 .075623 -1.1343 4.2328)"><path d="m373.55 121.64-13.618-28.28m-245.99 153.64-32.342-119.76m-20.008-12.029-30.601 6.985m33.727-20.683-24.54-19.57m74.399 0-24.54 19.57m-12.66-6.097v-31.387m15.925 50.508 114.64 21.088m-137.59-9.428-13.618 28.279m154.48-26.017-24.54-19.57m198.86 97.472-146.73-61.543m-48.517-74.928 26.471 54.12m-88.092 126.3 84.706-99.43m9.682-28.496-1.166-23.035m116.33-13.767-99.65 46.166m22.507-22.859-24.54 19.57m14.224-88.658-22.63 83.13m-63.573 150.29-30.601-6.985m21.413-33.269-24.54 19.57m7.985 52.964-13.619-28.28m-19.684-24.684-24.54-19.57m21.413 33.269-30.6 6.984m39.361 4.001-13.619 28.28m295.91-78.292-13.619 28.28m57.844-72.533-24.54 19.57m7.984 52.963-13.618-28.28m39.361-4.001-30.6-6.984m-15.787-19.795v-31.387m-15.785 51.182-30.601 6.984m-13.827-154.53-24.54-19.57m37.199 13.474v-31.389m37.199 17.915-24.54 19.57m33.728 20.683-30.6-6.985" fill="none" stroke="#999" stroke-miterlimit="10" stroke-width="1.943"/><path d="m377.06 120.84a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192z" fill="#7fcdbb"/><path d="m77.375 95.412c8.943 0 16.192 7.25 16.192 16.192 0 8.943-7.249 16.192-16.192 16.192-8.942 0-16.191-7.25-16.191-16.192s7.249-16.192 16.191-16.192z" fill="#fc3"/><path d="m33.847 68.795a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-10.751 47.102a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm54.279-68.064a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-24.156 105.84a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm67.685-84.875a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192z" fill="#7fcdbb"/><path d="m223.87 122.36c8.943 0 16.192 7.25 16.192 16.192s-7.249 16.192-16.192 16.192c-8.942 0-16.191-7.25-16.191-16.192 0-8.943 7.249-16.192 16.191-16.192z" fill="#fc3"/><path d="m252.88 23.889a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-72.539 71.853a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm41.134-12.579a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm45.923 12.579a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-80.671-41.225a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-14.284 212.41a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-10.752-47.102a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-19.371 84.875a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192z" fill="#7fcdbb"/><path d="m118.16 246.44c8.943 0 16.192 7.25 16.192 16.192s-7.25 16.192-16.192 16.192-16.192-7.25-16.192-16.192c0-8.943 7.25-16.192 16.192-16.192z" fill="#fc3"/><path d="m74.633 219.82a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-10.75 47.102a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm30.122 37.773a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192z" fill="#7fcdbb"/><path d="m400.46 196.43c8.943 0 16.192 7.25 16.192 16.192 0 8.943-7.249 16.192-16.192 16.192-8.942 0-16.191-7.25-16.191-16.192s7.249-16.192 16.191-16.192z" fill="#fc3"/><path d="m454.74 216.91a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-108.56 0a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm54.279-68.064a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-24.157 105.84a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm67.686-84.875a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-19.372 84.875a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192z" fill="#7fcdbb"/><path d="m352.9 62.58c8.943 0 16.192 7.249 16.192 16.191 0 8.943-7.25 16.192-16.192 16.192s-16.192-7.25-16.192-16.192 7.25-16.192 16.192-16.192z" fill="#fc3"/><path d="m407.18 83.064a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm-97.809-47.102a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm43.529-20.962a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192zm43.529 20.962a8.096 8.096 0 1 1 0 16.192 8.096 8.096 0 0 1 0-16.192z" fill="#7fcdbb"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

2
assets/img/layout/network-distributed.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

0
assets/img/legacy_svg/3rd-party/briar.svg → assets/img/messengers/briar.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.6 KiB

After

Width:  |  Height:  |  Size: 2.6 KiB

0
assets/img/legacy_svg/3rd-party/element.svg → assets/img/messengers/element.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.1 KiB

After

Width:  |  Height:  |  Size: 1.1 KiB

0
assets/img/legacy_svg/3rd-party/jitsi.svg → assets/img/messengers/jitsi.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.8 KiB

After

Width:  |  Height:  |  Size: 8.8 KiB

0
assets/img/legacy_svg/3rd-party/linphone.svg → assets/img/messengers/linphone.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.7 KiB

After

Width:  |  Height:  |  Size: 2.7 KiB

2
assets/img/messengers/session.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.865 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(-144.99 -100.38)"><path class="st0" d="m172.42 117.59-6.3946-3.5448h4.3302c3.7663 0 6.8277-3.0614 6.8277-6.8277s-3.0614-6.8378-6.8277-6.8378h-15.126c-4.7231 0-8.5598 3.8367-8.5598 8.5598 0 3.3636 1.8328 6.4652 4.7734 8.0965l6.3946 3.5448h-4.3302c-3.7764 0-6.8378 3.0715-6.8378 6.8378s3.0614 6.8277 6.8277 6.8277h15.126c4.7231 0 8.5598-3.8367 8.5598-8.5598 0.01-3.3636-1.8227-6.4652-4.7633-8.0965zm-19.949-2.3967c-2.2256-1.2386-3.6253-3.5549-3.6856-6.0824-0.0805-3.6353 2.9707-6.6163 6.606-6.6163h14.833c2.5377 0 4.7231 1.9436 4.8438 4.4813 0.13092 2.709-2.0342 4.9546-4.7128 4.9546h-8.5397c-0.52368 0-0.94661 0.42297-0.94661 0.94661v6.9688zm16.002 16.938h-14.833c-2.5377 0-4.7231-1.9436-4.8438-4.4813-0.13092-2.709 2.0342-4.9546 4.7128-4.9546h8.5397c0.52364 0 0.94661-0.42295 0.94661-0.9466v-6.9688l8.3987 4.6525c2.2255 1.2286 3.6152 3.5549 3.6755 6.0824 0.0906 3.6353-2.9606 6.6163-6.5959 6.6163z" fill="#00f782" stroke-width=".1007"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

0
assets/img/legacy_svg/3rd-party/signal.svg → assets/img/messengers/signal.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.1 KiB

After

Width:  |  Height:  |  Size: 2.1 KiB

168
collections/_evergreen/real-time-communication.html Normal file
View File

@ -0,0 +1,168 @@
---
layout: evergreen
title: Real-Time Communication
description: "We only recommend messengers that support strong <a href='https://en.wikipedia.org/wiki/End-to-end_encryption'>end-to-end encryption (E2EE)</a> and have been been independently <a href='https://en.wikipedia.org/wiki/Information_security_audit#The_audited_systems'>audited</a> to ensure their cryptography works as intended. The selection listed here is <a href='https://en.wikipedia.org/wiki/Free_and_open-source_software'>free and open-source</a> software, ensuring that the code can be verified by experts now and in the future."
---
<h2 id="im" class="anchor">
<a href="#im"><i class="fas fa-link anchor-icon"></i></a>
Encrypted Instant Messengers
</h2>
{% for item_hash in site.data.software.messengers %}
{% assign item = item_hash[1] %}
{% if item.type == "Recommendation" %}
{% include recommendation-card.html %}
{% endif %}
{% endfor %}
<h2 id="network-types" class="anchor">
<a href="#network-types"><i class="fas fa-link anchor-icon"></i></a>
Types of communication networks
</h2>
<p>There are several network architectures commonly used to relay messages between users. These networks can provide different different privacy guarantees, which is why it's worth considering your <a href="https://en.wikipedia.org/wiki/Threat_model">threat model</a> when making a decision about which app to use.</p>
<h3 id="centralized" class="anchor">
<a href="#centralized"><i class="fas fa-link anchor-icon"></i></a>
Centralized
</h3>
<div class="clearfix">
<img src="/assets/img/layout/network-centralized.svg" width="150" height="150" class="img-fluid float-left ml-2" style="float: left" alt="Centralized network" />
<p>Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization.</p>
<p>Some self-hosted messengers allow you to set up your own server. Self-hosting can provide additional privacy guarantees such as no usage logs or limited access to metadata (data about who is talking to whom etc). Self-hosted centralized messengers are isolated and everyone must be on the same server to communicate.</p>
</div>
<div class="container">
<div class="row">
<div class="col-md-6">
<h4>Advantages</h4>
<ul>
<li>New features and changes can be implemented more quickly.</li>
<li>Easier to get started with and to find contacts.</li>
<li>Most mature and stable features ecosystems, as they are easier to program in a centralized software.</li>
<li>Privacy issues may be reduced when you trust a server that you're self-hosting.</li>
</ul>
</div>
<div class="col-md-6">
<h4>Disadvantages</h4>
<ul>
<li>Can include <a href="https://drewdevault.com/2018/08/08/Signal.html">restricted control or access</a>. This can include things like:</li>
<ul>
<li>Being <a href="https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165">forbidden from connecting third-party clients</a> to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.</li>
<li>Poor or no documentation for third-party developers.</li>
</ul>
<li>The <a href="https://blog.privacytools.io/delisting-wire">ownership</a>, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.</li>
<li>Self hosting requires effort and knowledge of how to set up a service.</li>
</ul>
</div>
</div>
</div>
<h3 id="federated" class="anchor">
<a href="#federated"><i class="fas fa-link anchor-icon"></i></a>
Federated
</h3>
<div class="clearfix">
<img src="/assets/img/layout/network-decentralized.svg" width="200" class="img-fluid float-left ml-2" style="float: left" alt="Decentralized network" />
<p>Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.</p>
<p>When self-hosted, users of a federated server can discover and communicate with users of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).</p>
</div>
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Allows for greater control over your own data when running your own server.</li>
<li>Allows you to choose who to trust your data with by choosing between multiple "public" servers.</li>
<li>Often allows for third party clients which can provide a more native, customized, or accessible experience.</li>
<li>Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.</li>
<li>Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.</li>
<li>Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).</li>
<li>Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.</li>
<li>Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.</li>
</ul>
</div>
</div>
</div>
<h3 id="peer-to-peer" class="anchor">
<a href="#peer-to-peer"><i class="fas fa-link anchor-icon"></i></a>
Peer-to-Peer (P2P)
</h3>
<div class="clearfix">
<p>
<img src="/assets/img/layout/network-distributed.svg" width="150" height="150" class="img-fluid float-left ml-2" style="float: left" alt="Distributed network" />
<a href="https://en.wikipedia.org/wiki/Peer-to-peer">Peer-to-peer</a> messengers connect to a <a href="https://en.wikipedia.org/wiki/Distributed_networking">distributed network</a> of nodes to relay messages to the recipient without a third-party server. Clients (peers) usually find each other through the use of a <a href="https://en.wikipedia.org/wiki/Distributed_computing">distributed computing</a> network. Examples of this include <a href="https://en.wikipedia.org/wiki/Distributed_hash_table">DHT (distributed hash table)</a> (used with technologies like <a href="https://en.wikipedia.org/wiki/BitTorrent_(protocol)">torrents</a> and <a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">IPFS</a>, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the <a href="https://www.scuttlebutt.nz">Scuttlebutt</a> social network protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
</p>
<p>P2P networks do not use servers, as users communicate directly between each others, and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as users discovery or offline messages relaying, which can benefit from self-hosting.</p>
</div>
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Minimal information is exposed to third parties.</li>
<li>Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Reduced feature set:</li>
<ul>
<li>Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.</li>
<li>Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.</li>
<li>Some common messenger features may not be implemented or incompletely, such as message deletion.</li>
</ul>
<li>Your <a href="https://en.wikipedia.org/wiki/IP_address">IP address</a> and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a <a href="/providers/vpn">VPN</a> or <a href="/software/networks">self contained network</a>, such as <a href="https://www.torproject.org">Tor</a> or <a href="https://geti2p.net/">I2P</a>. Many countries have some form of mass surveillance and/or metadata retention.</li>
</ul>
</div>
</div>
</div>
<h3 id="anonymous-routing" class="anchor">
<a href="#anonymous-routing"><i class="fas fa-link anchor-icon"></i></a>
Anonymous Routing
</h3>
<div class="clearfix">
<p><img src="/assets/img/layout/network-anonymous-routing.svg" width="150" height="150" class="img-fluid float-left ml-2" style="float: left" alt="Anonymous routing network" />
A messenger using <a href="https://doi.org/10.1007/978-1-4419-5906-5_628">anonymous routing</a> hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.</p>
<p>There are <a href="https://doi.org/10.1145/3182658">many different ways</a> to implement anonymous routing. One of the most famous is <a href="https://en.wikipedia.org/wiki/Onion_routing">onion routing</a> (e.g., <a href="https://en.wikipedia.org/wiki/Tor_(anonymity_network)">Tor</a>), which communicates encrypted messages through a virtual <a href="https://en.wikipedia.org/wiki/Overlay_network">overlay network</a> that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly, and only meet through a secret rendezvous node, so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages nor the final destination, only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers".</p>
<p>Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.</p>
</div>
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Minimal to no information is exposed to other parties.</li>
<li>Messages can be relayed in a decentralized manner even if one of the parties is offline.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Slow message propagation.</li>
<li>Often limited to fewer media types, mostly text since the network is slow.</li>
<li>Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.</li>
<li>More complex to get started as the creation and secured backup of a cryptographic private key is required.</li>
<li>Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform, hence features may be lacking or incompletely implemented, such as offline message relaying or message deletion.</li>
</ul>
</div>
</div>
</div>

2
collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md
View File

@ -74,6 +74,6 @@ Once you add your server, thats it! In the Outline clients its just a matt
### Conclusion
That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but dont send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar]({% link legacy_pages/software/real-time-communication.html %}) if you dont have a secure app already.
That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but dont send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar]({% link _evergreen/real-time-communication.html %}) if you dont have a secure app already.
With Outline, there is no need to worry about the security of your server. Everything is set to automatically update with no intervention required! Another thing to note: The port on your Outline server is randomly generated. This is so the port cant be easily blocked by nation/ISP level censors, however, this VPN may not function on some networks that only allow access to port 80/443, or on servers that only allow traffic on certain ports. These are edge-cases, but something to keep in mind, and if they apply you may need to look for more technical options.

2
legacy_pages/software.html
View File

@ -16,7 +16,7 @@ description: "Discover a variety of open-source software built to protect your p
<li class="list-group-item"><a href="/software/file-sharing/"><span class="fas fa-file-export fa-fw"></span> File Sharing</a></li>
<li class="list-group-item"><a href="/software/passwords/"><span class="fas fa-user-lock fa-fw"></span> Password Manager</a></li>
<li class="list-group-item"><a href="/software/productivity/"><span class="fas fa-briefcase fa-fw"></span> Productivity Tools</a></li>
<li class="list-group-item"><a href="/software/real-time-communication/"><span class="fas fa-comments fa-fw"></span> Real-Time Communication</a></li>
<li class="list-group-item"><a href="/real-time-communication/"><span class="fas fa-comments fa-fw"></span> Real-Time Communication</a></li>
<li class="list-group-item"><a href="/software/networks/"><span class="fas fa-user-secret fa-fw"></span> Self-contained Networks</a></li>
<li class="list-group-item"><a href="/video-streaming"><span class="fab fa-youtube fa-fw"></span> Video Streaming</a></li>
</ul>

89
legacy_pages/software/real-time-communication.html
View File

@ -1,89 +0,0 @@
---
layout: page
permalink: /software/real-time-communication/
title: "Real-Time Communication"
description: "Discover secure and private ways to communicate with others online without letting any third parties read your messages."
---
{% include legacy/sections/instant-messenger.html %}
<h3 id="exploiting-centralized-networks" class="anchor">
<a href="#exploiting-centralized-networks"><i class="fas fa-link anchor-icon"></i></a>
Recent news about breaking E2EE on centralized instant messengers
</h3>
<h5>June 2020</h5>
<ul>
<li><a href="https://www.eff.org/deeplinks/2020/06/senates-new-anti-encryption-bill-even-worse-earn-it-and-thats-saying-something">The Senates New Anti-Encryption Bill Is Even Worse Than EARN IT, and Thats Saying Something (EFF)</a></li>
<li><a href="https://cyberlaw.stanford.edu/blog/2020/06/there%E2%80%99s-now-even-worse-anti-encryption-bill-earn-it-doesn%E2%80%99t-make-earn-it-bill-ok">Theres Now an Even Worse Anti-Encryption Bill Than EARN IT. That Doesnt Make the EARN IT Bill OK. (Stanford)</a></li>
</ul>
<h5>March 2020</h5>
<ul>
<li><a href="https://www.eff.org/deeplinks/2020/03/graham-blumenthal-bill-new-path-doj-finally-break-encryption">The Graham-Blumenthal Bill: A New Path for DOJ to Finally Break Encryption (EFF)</a></li>
</ul>
<h5>January 2020</h5>
<ul>
<li><a href="https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it">The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It (Stanford)</a></li>
</ul>
<h5>November 2019</h5>
<ul>
<li><a href="https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7">Exclusive: Interpol plans to condemn encryption spread, citing predators, sources say (Reuters)</a></li>
<li><a href="https://arstechnica.com/tech-policy/2019/11/think-of-the-children-fbi-sought-interpol-statement-against-end-to-end-crypto/">Think of the children: FBI sought Interpol statement against end-to-end crypto (ArsTechnica)</a></li>
</ul>
<h5>October 2019</h5>
<ul>
<li><a href="https://www.eff.org/deeplinks/2019/10/open-letter-governments-us-uk-and-australia-facebook-all-out-attack-encryption">The Open Letter from the Governments of US, UK, and Australia to Facebook is An All-Out Attack on Encryption (EFF)</a></li>
<li><a href="https://arstechnica.com/tech-policy/2019/10/the-broken-record-why-barrs-call-against-end-to-end-encryption-is-nuts/">The broken record: Why Barrs call against end-to-end encryption is nuts (ArsTechnica)</a></li>
<li><a href="https://arstechnica.com/information-technology/2019/10/ag-barr-is-pushing-facebook-to-backdoor-whatsapp-and-halt-encryption-plans">US wants Facebook to backdoor WhatsApp and halt encryption plans (ArsTechnica)</a></li>
</ul>
<h5>August 2019</h5>
<ul>
<li><a href="https://arstechnica.com/tech-policy/2019/08/post-snowden-tech-became-more-secure-but-is-govt-really-at-risk-of-going-dark">Post Snowden tech became more secure, but is government really at risk of going dark? (ArsTechnica)</a></li>
</ul>
<h5>July 2019</h5>
<ul>
<li><a href="https://techcrunch.com/2019/07/23/william-barr-consumers-security-risks-backdoors/">US attorney general William Barr says Americans should accept security risks of encryption backdoors (TechCrunch)</a></li>
<li><a href="https://www.theregister.co.uk/2019/07/23/us_encryption_backdoor/">Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General (The Register)</a></li>
</ul>
<h5>May 2019</h5>
<ul>
<li><a href="https://www.theguardian.com/uk-news/2019/may/30/apple-and-whatsapp-condemn-gchq-plans-to-eavesdrop-on-encrypted-chats">Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats (The Guardian)</a></li>
</ul>
<h5>January 2019</h5>
<ul>
<li><a href="https://www.justsecurity.org/62114/give-ghost-backdoor/">Give Up the Ghost: A Backdoor by Another Name (Just Security)</a></li>
</ul>
<h5>December 2018</h5>
<ul>
<li><a href="https://www.zdnet.com/article/whats-actually-in-australias-encryption-laws-everything-you-need-to-know/">What's actually in Australia's encryption laws? Everything you need to know (ZDnet)</a></li>
</ul>
<h3>Complete Comparison</h3>
<ul>
<li><a href="https://securechatguide.org/effguide.html">securechatguide.org</a> - Guide to Choosing a Messenger.</li>
<li><a href="https://www.securemessagingapps.com/">securemessagingapps.com</a> - Secure Messaging Apps Comparison.</li>
</ul>
<h3 id="#rtc-independent-security-audits">Independent security audits</h3>
<ul>
<li><a href="https://eprint.iacr.org/2016/1013.pdf">A Formal Security Analysis of the Signal Messaging Protocol (2019)</a> by Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt and Douglas Stebila</li>
<li><a href="https://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/">Matrix Olm Cryptographic Review</a></li>
<li><a href="https://briarproject.org/news/2017-beta-released-security-audit">Briar - Darknet Messenger Releases Beta, Passes Security Audit</a></li>
</ul>
<hr/>
{% include legacy/sections/voice-video-messenger.html %}
<hr/>
{% include legacy/sections/teamchat.html %}