Secure Your Comms

18th March 2019
SHARE

If you are taking action, you need to secure your comms. It's that simple. There are a few options for this depending on needs, tech skills and how much time you have to secure your Viddyjam thread, meme shares and most importantly your action planning. For most folk the app that balances our security for user-bility, is Signal. The reasons for this are, well as the developers over at Open Whisper Systems stated in response to the Australian state's 'Assistance and Access' bill:

By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us.

The bill is an Aus variant on the UK's 'Snooper's Charter', intended to give the state more power over our communications. It demands that organisations like Open Whisper Systems hand over all the data they hold on an individual at the state's request. Think of all the data Fedbook Facebook or Google could hand over. Think of your email provider. Think of your Internet Service Provider.

Unfortunately for the state, if you're using Signal, your messages are safe - Open Whisper Systems have no data to hand over. If you're not already using it, below we explain how to get started.

It's available from the Apple Store, the Play Store, or direct from their website (Android users only) and is a pretty small download so it won't rinse your credit. The first thing to happen on boot up is that it'll ask for your phone number. This is the only data they will ever hold on you.Your friends can message you on this number once they've installed Signal too.

It's that simple. You're good to go.

Although Signal uses telephone numbers as contacts, encrypted calls and messages actually use your data connection; therefore you will need internet access (either over wifi, 4G or the brain melting 5G) on your mobile to use it.

If you have used WhatsApp, iMessager or Facebook Messenger before, or even old school SMS texts, then Signal will feel very familiar to you. Your friends who have already installed the app will appear in Signal's contact list. You can write messages to them, send them pictures, ring them, make a group with them... everything you are used to doing now, but without compromising your privacy and security.

A great feature of Signal we recommend using is 'disappearing messages'. This is something Whatsapp etc don't have. You can use this feature to set all messages to self-destruct after a day, a week, a month etc, so if you or your friend's phone ever falls into the wrong person's hands they won't have your entire conversation history - just messages from the last week or so.

If you're still not convinced, Wired explains all the tech behind Signal here: (www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal-again)

For a more detailed, step by step guide to installing and using Signal read the Electronic Freedom Frontier's how-tos here: (www.ssd.eff.org/en/module/how-use-signal-ios)

Now remember, if you might be of interest to state actor, assume they can read your shit. Nothing digital is secure forever. Even if GCHQ or Skum Corp. can't access your data today, encryptions are not “future proof” and just like every other app do not assume it is a a magic bullet and using it will protect you in a court of law against anything that may be incriminating if you are of interest to a state actor.

Aspects of incriminating communications are mainly:

  • WHO has been communicating
  • WHAT has been communicated

WHO: If it's enough to prove you have been communicating with another party to implicate you does a state prosecutor need to know what your messages said? No. They may use traffic timing analysis and/or meta data analysis to prove people have been talking. For example, let's say a government agency decides to put everyone who has googled 'Kropotkin' on a watch list and monitor their internet connections. Now lets say a bunch of those people are in a Signal group chat and somebody sends a message to the group at 2am. At 2am a blip of data is going to travel down all of to all their home internet connections from Signal's servers, they can record this blip and other blips like it to work out who is talking to each other, then they only need to compromise one device or person to implicate your ass. It's not like they have to do this by hand either -- they'll use AI.

WHAT: Don't place too much faith in end-to-end encryption (E2EE) apps to hide your shit from prying eyes if you are of interest to a state actor. Take instant messages for example; sure they are encrypted in transit, but how do they get into transit? You type them with your sinful fingers first. So what attack vectors may exist?

  • Maybe they can get malware onto your device and install a keylogger or screen recorder.
  • Maybe you use a third party keyboard on your smartphone like SwiftKey, developed by TouchType Ltd. a subsidiary of Microsoft. Maybe it collects data they can get their hands on. Maybe it has a backdoor already. Microsoft don't give a shit about your privacy.
  • Of course, all smartphone keyboards have predictive text now and a lot of them sync that data to the cloud. Maybe there's something there they can warrant for. E.g. if you're planning an action to stick a banana in a car exhaust -- your predictive text data might show that the words 'banana' and 'exhaust' appear in close proximity to each-other with unusually high frequency.

Also, if you don't have deleting messages and they can get your device password/unlock code you're fucked. Maybe you're logged into Signal on your PC and you don't have full disk encryption - forensics could probably crack your password with a biscuit in one hand. Maybe a spook shoulder-surfs you on public transport and gets your smartphone unlock code. Maybe you get nicked while eating a pasty and left a nice smudge on the screen of your phone where your unlock code was swiped. You get the idea.

Saying all that, it's impossible to deny the utility of secure messengers, 90% of the time the stuff your getting up to wont warrant investing into accessing your device, so make use of Signal for working groups, planing Squats and tactical comms out and about.

We should mention that there are indeed a few other options available, each with their positives and negatives. Telegram for instance is prettier and more accessible, it's most people's gateway into secure comms and hell if it's good enough for ISIS and the IRA, you're XR group are probably ok, on the other end of the Scale would be RIOT, which the Anarchist Federation are experimenting with for short form workshopping and group chats, it's a little harder to break into but functions better for the purpose. ■

For a great comparison chart use : securemessagingapps.com
Download Signal here:
signal.org

Read More

/

4th March 2021
Social Media - A Guide | Knowledge Exchange

I hate social media.
I really do, I think it's an insidious poison that has fragmented our communities.
However, there is no point longing after the days of telephone trees, weekly meetings and mates from Bristol popping into social centre to share a joint and write up something about the ZAD before heading down the pub.

Read More
23rd June 2020
Tear Gas | Knowledge Exchange

Let's be clear about this. Tear gas is a weapon of terror which is used to intimidate and disperse. It is neither a “none lethal” nor “less lethal” option.

Read More
18th May 2020
Riot Medicine | Knowledge Exchange

Riot medicine is the practice of medicine in an adversarial environment. It exists outside of formal and State sanctioned medical services. Practitioners of riot medicine go by many names but at the end of the day, their goals are the same. They take to the streets as part of the diverse system of mutual aid that allows individuals to engage in protest.

Read More
30th January 2020
Help! I've been called a transphobe! | Reading List

So you have been called a Transphobe.Maybe even a TERF! Hot words have been exchanged. It's easy to get defensive, dig in, camp up and not take any shit from these "woke idiots" on the internet. Yeah you could do that. Mind you, you could also have a read and try to understand some of […]

Read More
25th October 2019
Putting The A Back Into Admin | Knowledge Exchange

Here in the Anarchist Federation we sometimes joke that the revolution is 60% admin. Although some of the most beautiful examples of resistance have occurred ad- hoc and “of the moment”, you can sure that for almost every on going campaign, network and social movement there is a wave of meetings and bureaucracy that can be extremely daunting! Whether it’s the Paris Commune or The Free Territory there was no doubt, someone sat up all hours, drinking way too much wine, trying to compile the minutes from the last assembly.

Read More
30th July 2019
Why We Fight The TERF War | Theory And Analysis

This article is a call to action to protect and defend the trans community.

There is no space for neutrality.

We strongly suggest you listen to G.L.O.S.S. when reading this article.

Read More
1 2 3 5