securing_communications.md 7.4 KB

So you want to secure your communications?

As communists we are at a bigger risk of being monitored, spied on and infiltrated no matter where we live. Be it the US, Poland or India, national and international bourgeoisie have an interest in keeping tabs on communists, their actions, plans, members and more. Thus secure communications are extremely important to maintain and enforce with anyone you plan to do anything more serious than just shitposting.

This is a short guide to introduce you into these subjects, make sure to visit the Privacy community on lemmy.ml, you can also check out MentalOutlaw. He has good guides, howeveeeeer he is a libertarian type, so you're bound to find brain worms.

Also please be sure to look out for corporations and businesses marketing pro privacy products, privacy conciousness has recently blown up as a very big market and so, much money is to be made. Many of these actors, do not and will not act in your best interest.

What should I avoid?

Most important is to avoid any corporate messaging platforms, do not use Discord, Google Talk, Microsoft Teams, Messenger, Whatsapp, unencrypted email and the like. Social media platforms also fall into this category, forget about Twitter DMs and tweets, Reddit, Tumblr, Facebook and more. All of these fall out of the question as they are American capital and answer to Washington.

Other forms of communication may also pose a liability if they are not secured, do not use IRC, Lemmy DMs, SMS and phone calls. These do not in any way encrypt your communications and even store them on servers outside of your control, avoid that as much as you can.

"Oh Lemmygrad is safe, nothing's going to happen to us here!", you may say.

I wouldn't be so sure of that.

So what am I even supposed to use?

We've got a lot to choose from, and many of the choices listed can themselves be considered either backup plans or used in tandem to minimize risks.

Signal

Signal has been removed by contribution from the Lemmygrad community. Now why you may wonder? Simply, it's been proven to me to not be safe to use. Do not use it, and if you do: please find and alternative immediately.

Below is the resource I have have been linked to by comrades. Thank you to @Kovpak, @Pili, @ColonelRevolution,

Why not Signal? by Dessalines; co-creator of lemmy

All recommendations given by Dessalines are also for the moment endorsed by this guide, and they will be looked at through a short summary. Later on they will get their own comprehensive sections.

SimpleX

TODO: VERY MUCH IMPROVE THIS SECTION

Apart from what Dessalines mentioned SimpleX has some very interesting advantages compared to Signal. First of all, the documentation is fucking dense. There's a lot. I don't even have time to read through it to make this amendment, so I skimmed it. And you know what, the thing is advanced. You can really do a lot here.

The website itself also is a treasure trove of information, all of it densely packed and easily accessible. Normally I'd have to search for it, but here I even learn a few things. Like whatever the fuck a Sybil attack even is.

What I've learned is that I need to learn more, and that I can recommend SimpleX. For the moment I'll stick to Tox and get to studying these other alternatives I've found.

Matrix

TODO: ADD SECTION

Jitsi

TODO: ADD SECTION

Jami

TODO: ADD SECTION

Briar

TODO: ADD SECTION

XMPP

TODO: ADD SECTION

PGP and E-Mail

We also have communications which have existed for a very long time and which can be very well secured. Namely E-Mail, before we get into the whole securing thingy be sure you are not using any corporate providers and aren't allowing them store and collect your encrypted data.

I suggest using a provider like disroot, and additionally I suggest using multiple accounts as to for example not to mix your real world identity with your secret identities.

I also do suggest not using Tutanota, as their serivces do not allow for having IMAP or POP3 connections thus locking you into their own web client and encryption system, which only works between other Tutanota users, making PGP encryption very manual and tedious.

After creating an account setup a mail client, and also you're going to need to generate a PGP key pair. Make sure you never upload it to any E-Mail provider, that includes disroot. Keep it only locally and use it through the mail client you have installed. For Linux, there are many you can choose from so use whatever you like. Evolution, ClawsMail, Thunderbird, all will do. For Android it's best to use FairMail, a great FOSS client available on F-Droid. Returning to the PGP key pair, it will contain one public key you give others access to. It is used to encrypt data meant only for you, and one private key you should never ever send to anyone as it will be used to decrypt data meant for you. Many E-Mail clients available for *NIX operating systems can easily incorporate PGP keys into their operation, not requiring you to encrypt and decrypt anything manually.

Here's an introduction on GPG that will help you generate and manage a key pair.

Tox

Nex, we have the Tox protocol. It was created to allow for encrypted and safe communications without the need of a centralized authority managing all of these. Tox itself and it's clients are considered alpha software! So even if the communications are secure, it's very much not finished yet. This of course brings some additional quirks. For example, if you accept someone's friend request they will be able to see your IP address. This is bad! So please, visit the Tox wiki for a guide on how to remedy this very important issue.

Tox also has to be open and running on both ends for messages to reach the recipients. For example, let's say I send a message. Until my friend logs into his Tox account the message won't reach him, and if I decide to turn off my Tox connection before this message is recieved, sending will stop until I turn on Tox again. That's why a mobile client like aTox can be very handy, as you'll probably have your Tox client running 24/7.

Is there anything else I should know?

Well, the list I've provided isn't in any way including all of the options for secure communications, however it is a good base. You can explore to find other ways, or ask around in other communities, like the previously mentioned Privacy community on lemmy.ml or even the Linux community on lemmy.ml.

This guide is written for the c/leftistunix community on lemmygrad.ml.

© 2023 This guide is licensed under the Creative Commons BY-NC-SA 4.0 License