Secure Your Comms

,

If you are taking action, you need to secure your comms. It's that simple. There are a few options for this depending on needs, tech skills and how much time you have to secure your Viddyjam thread, meme shares and most importantly your action planning. For most folk the app that balances our security for user-bility, is Signal. The reasons for this are, well as the developers over at Open Whisper Systems stated in response to the Australian state's 'Assistance and Access' bill:

By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us.

The bill is an Aus variant on the UK's 'Snooper's Charter', intended to give the state more power over our communications. It demands that organisations like Open Whisper Systems hand over all the data they hold on an individual at the state's request. Think of all the data Fedbook Facebook or Google could hand over. Think of your email provider. Think of your Internet Service Provider.

Unfortunately for the state, if you're using Signal, your messages are safe - Open Whisper Systems have no data to hand over. If you're not already using it, below we explain how to get started.

It's available from the Apple Store, the Play Store, or direct from their website (Android users only) and is a pretty small download so it won't rinse your credit. The first thing to happen on boot up is that it'll ask for your phone number. This is the only data they will ever hold on you.Your friends can message you on this number once they've installed Signal too.

It's that simple. You're good to go.

Although Signal uses telephone numbers as contacts, encrypted calls and messages actually use your data connection; therefore you will need internet access (either over wifi, 4G or the brain melting 5G) on your mobile to use it.

If you have used WhatsApp, iMessager or Facebook Messenger before, or even old school SMS texts, then Signal will feel very familiar to you. Your friends who have already installed the app will appear in Signal's contact list. You can write messages to them, send them pictures, ring them, make a group with them... everything you are used to doing now, but without compromising your privacy and security.

A great feature of Signal we recommend using is 'disappearing messages'. This is something Whatsapp etc don't have. You can use this feature to set all messages to self-destruct after a day, a week, a month etc, so if you or your friend's phone ever falls into the wrong person's hands they won't have your entire conversation history - just messages from the last week or so.

If you're still not convinced, Wired explains all the tech behind Signal here: (www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal-again)

For a more detailed, step by step guide to installing and using Signal read the Electronic Freedom Frontier's how-tos here: (www.ssd.eff.org/en/module/how-use-signal-ios)

Now remember, if you might be of interest to state actor, assume they can read your shit. Nothing digital is secure forever. Even if GCHQ or Skum Corp. can't access your data today, encryptions are not “future proof” and just like every other app do not assume it is a a magic bullet and using it will protect you in a court of law against anything that may be incriminating if you are of interest to a state actor.

Aspects of incriminating communications are mainly:

  • WHO has been communicating
  • WHAT has been communicated

WHO: If it's enough to prove you have been communicating with another party to implicate you does a state prosecutor need to know what your messages said? No. They may use traffic timing analysis and/or meta data analysis to prove people have been talking. For example, let's say a government agency decides to put everyone who has googled 'Kropotkin' on a watch list and monitor their internet connections. Now lets say a bunch of those people are in a Signal group chat and somebody sends a message to the group at 2am. At 2am a blip of data is going to travel down all of to all their home internet connections from Signal's servers, they can record this blip and other blips like it to work out who is talking to each other, then they only need to compromise one device or person to implicate your ass. It's not like they have to do this by hand either -- they'll use AI.

WHAT: Don't place too much faith in end-to-end encryption (E2EE) apps to hide your shit from prying eyes if you are of interest to a state actor. Take instant messages for example; sure they are encrypted in transit, but how do they get into transit? You type them with your sinful fingers first. So what attack vectors may exist?

  • Maybe they can get malware onto your device and install a keylogger or screen recorder.
  • Maybe you use a third party keyboard on your smartphone like SwiftKey, developed by TouchType Ltd. a subsidiary of Microsoft. Maybe it collects data they can get their hands on. Maybe it has a backdoor already. Microsoft don't give a shit about your privacy.
  • Of course, all smartphone keyboards have predictive text now and a lot of them sync that data to the cloud. Maybe there's something there they can warrant for. E.g. if you're planning an action to stick a banana in a car exhaust -- your predictive text data might show that the words 'banana' and 'exhaust' appear in close proximity to each-other with unusually high frequency.

Also, if you don't have deleting messages and they can get your device password/unlock code you're fucked. Maybe you're logged into Signal on your PC and you don't have full disk encryption - forensics could probably crack your password with a biscuit in one hand. Maybe a spook shoulder-surfs you on public transport and gets your smartphone unlock code. Maybe you get nicked while eating a pasty and left a nice smudge on the screen of your phone where your unlock code was swiped. You get the idea.

Saying all that, it's impossible to deny the utility of secure messengers, 90% of the time the stuff your getting up to wont warrant investing into accessing your device, so make use of Signal for working groups, planing Squats and tactical comms out and about.

We should mention that there are indeed a few other options available, each with their positives and negatives. Telegram for instance is prettier and more accessible, it's most people's gateway into secure comms and hell if it's good enough for ISIS and the IRA, you're XR group are probably ok, on the other end of the Scale would be RIOT, which the Anarchist Federation are experimenting with for short form workshopping and group chats, it's a little harder to break into but functions better for the purpose. ■

For a great comparison chart use : securemessagingapps.com
Download Signal here:
signal.org