Secure Communications

From Wired Wiki
Jump to navigation Jump to search

Communicating securely over the internet is a must. This article compares available and actively-developed projects that are used for secure communications. Favor is given to platforms that support group-chats, but pure 1:1 communications are discussed as well.

Matrix

Matrix is a feature-rich, modern, and secure messaging client. Its not the most paranoid thing on this list, but for group-chats and communities across mobile/web/desktop platforms it is a compelling option with a good balance of usability, features, and security.

Key points:

  • Self-hostable
  • Encrypted by default
  • Supports file uploads and markdown formatting
  • Supports voice, video, and screen-sharing calls (although not by all clients)
  • Actively developed ecosystem. Plenty of client and (home)server software to choose from.
  • Federated. You can participate in chats on different servers from the same account.
  • Supports "bridges", so you can talk to people on Discord, Slack, IRC, Teams, or others all from one client.

Notes on VOIP

1:1 Calls

1:1 Calls are done over the TURN server of your home-server of choice. TURN servers live on their own domain, say, matrix.org and turn.matrix.org for instance. The call is securely initiated over the TURN and encrypted using its TLS domain and then the call continues securely over WebRTC being E2EE the whole way. [1] It should be noted though, that if no TURN server is set-up on your home-server, your call may fall back to a P2P connection. By default on the Element client "Allow P2P for 1:1 calls" is enabled, if a call is P2P parties can see each others IP addresses, however, so long as VPNs are in use only VPNs address will be known. WebRTC leaks, like all modern browsers, do not affect the electron based Element app.

Setting up a TURN server on your host does however open a lot of ports and increases attack surface. The VOIP system of Matrix is not as audited as the core. If security is your primary concern, picking a dedicated VOIP platform (mumble, self-hosted Jitsi) is likely a better option.

Group Calls

Group calls are done over Jitsi.

Claims of being a Honeytrap

Often when Matrix is discussed there are claims that it is a honeypot or otherwise should not be trusted for secure communications, some undated blog posts may be provided to "back" this claim.[2] [3] It always seems to be criticism without offered alternative and may be part of a campaign to make the security curious apathetic, that or just contrarian /g/-likes wanting to act 'superior' in discourse. It's likely both, but to what ratio is not discernible. The arguments are as follows:

The AMDOCS / MOSSAD Problem

  • Matrix began as an AMDOCS project [4] [5]
  • Matrix continued to receive funding from AMDOCS until 2017 [6]
  • AMDOCS is known to collaborate with MOSSAD [7]

So the argument is MOSSAD can't be trusted, so AMDOCS can't be trusted, and so Matrix can't be trusted. This is an Association fallacy, [8][9] similar to critiques regarding the Tor projects DoD funding [10][11][12], and are not valid.

The Metadata Problem

  • A matrix.org user being in a room ensures all metadata events that occur in that room (even if the room is E2E encrypted) will be stored on the matrix.org home-server [13]
  • Matrix is UK based [14] and so does not need to follow GDPR and could be compelled under warrant to share metadata on users. [15] The situation is similar to Swiss based Protonmail, all content is encrypted but metadata can, and is often, disclosed to aid investigations. [16] [17]
  • Governments have been known to kill based off metadata. [18]

The File Drop Problem

  • A flaw of federalization is automatic file sharing amongst federated homeservers. If harmful and/or illegal multi-media files are shared in a room, it is shared to all homeservers that have a client in the room that the media was shared in. Even if the media is later deleted by moderators in that room, the media persists on all federated homeservers unless deleted via the API.

What needs to be understood though, is these metadata problems are not unique to Matrix. These metadata problems affect all federalized services, such as XMPP or Email. If you are conducting communications that make metadata leakage a legitimate problem, self-host and don't utilize federation. [19] The Matrix foundation prioritizes, and continues to make steps in, obfuscating and reducing the amount of metadata that's shared amongst home-servers. [20] [21] [22] [23]

XMPP

XMPPs biggest flaw is its extensibility. The "core" is a worse IRC and modern features like VoIP and user avatars are only supported by one! client, Dino. Its ecosystem sucks. You can spool up a server and client that supports the necessary feature-set to make XMPP a secure messaging platform, but its no more secure than Matrix and lacks so many other features. XMPP is the bastard middle child of this list. Return to the stone age of IRC or use Matrix. [24] [25] XMPP has the weakest population out of the three too.

IRC

IRC is old as fuck and the majority of clients are not secure by default. For instance, by default your IP is leaked to everyone in the channel when you join. But IRC is fairly simple to understand, and if you're comfortable on the command line you can set-up a secure IRC server/client. However, part of what makes a secure communication service good is the ability for people to reach you securely. If normal people cannot securely contact you, than its not a great service. Sometimes a technical barrier to entry is desired (for example, a community discussing security will have less skids on IRC than one on Discord or Matrix), if this is the case IRC can be a very compelling option.

Hosting

Software

Securing

https://www.unrealircd.org/docs/Security

Serving over alternative networks

.onion IRCs are actually pretty good for the paranoid.

Clients

There are a LOT of IRC clients. This is not a comprehensive list. The ones mentioned below are some of the most popular. For more info: https://www.ilmarilauhakangas.fi/irc_technology_news_from_the_first_half_of_2023/

IRCCloud

Free, Open-Source client that uses a proprietary back-end bouncer to keep messages synchronized even if your device is offline. IRCCloud could be subpoenaed and your message history would be known.

Kiwi

GUI, Cross Platform Web Client, themeable. Integrates well, can host on a VPS and access from any web browser. Written in Vue, JS, and Go.

Quassel

GUI, Cross Platform, themeable. Integrates well, can host on a VPS and access from any other Quassel client. Written in C++. Has had RCE's. [26]

WeeChat

Text, themeable. Requires a bouncer set-up or SSH'ing into a VPS that has weechat running under tmux. Written in C and C++.

https://veronneau.org/hardening-weechat-relays-against-rce-on-bullseye.html

https://github.com/weechat/weechat/issues/928

Halloy

GUI, Cross Platform. Written in Rust.

Bouncers

Signal

Is good enough to protect from IMSI catcher attacks, but not against advanced actors. Has many components that compromises the privacy of its users. [27]

Session

Runs off Lokinet. Lokinet uses Oxen (a Cryptocoin) to have Sybil attacks be expensive. Developed by a for-profit company based in Australia. Reeks of Web3 cryptbro and is also in a host-nation where the government can mandate a backdoor. Suspciously dropped support for Perfect Forward Secrecy. [28] Avoid.

Keet

P2P. No central servers. Clients are electron apps. UI modeled after Discord. Documentation is light on technical details. Post Web3 cryptobro developers. Supported by Tether and Bitfenix. They may say otherwise [29] but the app and ecosystem is primarily revenue generating. [30] Headquartered in England, [31] they could be compelled to implement backdoors in shipped clients. [32] [33] [34] Avoid.

SimpleX

Is available on Desktop, CLI, and Mobile devices. Coded in Haskell. Supports group chats. Actively developed. Native proxy and .onion support. Paranoid as FUCK. Not a huge user population but its moderately active. Plenty good for 1:1 and group chats. But if youre looking to talk about Security with 1000 other people Matrix is better atm. Backed by VC funding [35] with the founder replying to, but not addressing, critiques. [36] SimpleX is based in the United Kingdom, and can be compelled to implement backdoors in shipped clients. [32] [33] [34]

Has cool way to share big files https://simplex.chat/blog/20230301-simplex-file-transfer-protocol.html

Has been audited by one of the best firms in the world https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website

https://news.ycombinator.com/item?id=37105477

https://discuss.privacyguides.net/t/simplex-chat-the-first-messaging-platform-that-has-no-user-identifiers-of-any-kind-not-even-random-numbers/3456

Briar

https://web.archive.org/web/20231020185621/https://itsgoingdown.org/the-guide-to-peer-to-peer-encryption-and-tor-new-communication-infrastructure-for-anarchists/

Coded in Java. P2P, routed over Tor. Metadata resistant. E2EE. Where connectivity is not available it can function as a mesh messenger with Bluetooth and WiFi. Put this on a device running Graphene OS and your communications will be pretty secure. No commercialization. No cryptbros. Just cypherpunks developing a secure, limited scope application. Its good man. Just don't complain for the lack of stickers or voice calls lol. It however does NOT provide anonymity, malicious contacts can identify you with correlation attacks. [37] However, if all your contacts are trusted your identity and communications are secure from third parties.

From Briars website:

"Our long-term plans go far beyond messaging: we’ll use Briar’s data synchronization capabilities to support secure, distributed applications including crisis mapping and collaborative document editing. Our goal is to enable people in any country to create safe spaces where they can debate any topic, plan events, and organise social movements." [38]

CWTCH

Developed by a nonprofit based in Vancouver (Five Eyes). P2P for 1:1 communications, user-operated servers for group communications. Partly based on Ricochet, but server is in Go and client in Dart, both memory safe languages. Messages disappearing by default. Messages require both participants to be online to be received (like IRC) and does not queue to be sent like Briar.

Ricochet Refresh

Memory unsafe client (C++). P2P, routed over Tor. Metadata resistant. Actively developed. Cross platform. Only supports 1:1 chats at the moment, no group chats.

https://github.com/blueprint-freespeech/ricochet-refresh

Communications in ultra-hostile Regimes

Notes

  1. https://webrtchacks.com/how-does-webrtc-end-to-end-encryption-work-matrix-org-example-dave-baker/
  2. https://hackea.org/notas/matrix.html
  3. https://lukesmith.xyz/articles/matrix-vs-xmpp/
  4. https://web.archive.org/web/20141003202858/http://www.amdocs.com/Products/digital-lifestyle-services/Pages/unified-communications.aspx
  5. https://web.archive.org/web/20141122142145/http://matrix.org:80/blog/faq/#Whos_funding_Matrixorg
  6. https://web.archive.org/web/20201104154843/https://github.com/matrix-org/matrix-doc/issues/979
  7. https://www.news24.com/news24/spy-cables-were-israeli-spies-tapping-sa-cellphones-20150430
  8. https://owl.excelsior.edu/argument-and-critical-thinking/logical-fallacies/logical-fallacies-guilt-by-association/
  9. https://en.wikipedia.org/wiki/Association_fallacy
  10. https://www.washingtonpost.com/news/the-switch/wp/2013/09/06/the-feds-pays-for-60-percent-of-tors-development-can-users-trust-it/
  11. https://security.stackexchange.com/questions/37430/is-the-fact-that-tors-development-is-largely-government-funded-cause-for-concer/37433#37433
  12. https://old.reddit.com/r/TOR/comments/hedgxz/if_tails_and_tor_are_funded_by_us_govt_how_can/
  13. https://web.archive.org/web/20210202175947/https://serpentsec.1337.cx/matrix
  14. https://beta.companieshouse.gov.uk/company/11648710
  15. https://www.thorntons-law.co.uk/knowledge/handling-requests-for-information-from-the-police
  16. https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification
  17. https://proton.me/legal/transparency
  18. https://www.rt.com/usa/158460-cia-director-metadata-kill-people/
  19. https://web.archive.org/web/20230807042127/https://old.reddit.com/r/PrivacyGuides/comments/q7qsty/is_matrix_still_a_metadata_disaster/hgknexl/
  20. https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/
  21. https://matrix.org/blog/2021/08/31/synapse-1-41-1-released/
  22. https://matrix.org/blog/2022/03/29/how-do-you-implement-interoperability-in-a-dma-world/
  23. https://matrix.org/blog/2022/06/24/this-week-in-matrix-2022-06-24/
  24. https://xmpp.org/software/
  25. https://xmpp.org/extensions/xep-0479.html#im
  26. https://security-tracker.debian.org/tracker/CVE-2018-1000178
  27. https://github.com/privacytools/privacytools.io/issues/779
  28. https://web.archive.org/web/20231127210813/https://www.privacyguides.org/en/real-time-communication/#session
  29. https://nitter.net/paoloardoino/status/1718251504887288275#m
  30. https://www.coindesk.com/tech/2022/07/25/tether-bitfinex-hypercore-launch-encrypted-communications-protocol-holepunch/
  31. https://web.archive.org/web/20230506045147/https://holepunch.recruitee.com/
  32. 32.0 32.1 https://www.legislation.gov.uk/ukpga/2016/25
  33. 33.0 33.1 https://www.extremetech.com/defense/217798-uk-law-mandates-software-backdoors-jail-for-disclosing-vulnerability
  34. 34.0 34.1 https://mashable.com/article/snoopers-charter
  35. https://www.poberezkin.com/posts/2023-10-31-why-privacy-impossible-without-venture-funding.html
  36. https://old.reddit.com/r/privacy/comments/17kv3w1/why_privacy_becoming_a_norm_requires_venture/k7lcmmq/
  37. https://code.briarproject.org/briar/briar/-/wikis/FAQ#does-briar-provide-anonymity
  38. https://briarproject.org/how-it-works/