At any given point in time I assume my chat counterpart may be compromised or even malicious to begin with. So even end-to-end encryption won’t help and I have to make sure I never disclose any identifiable information of any kind anyway. This doesn’t mean I like everyone on the way to just view everything at will, but it’s a lesser risk then data leaks. Think about it as SSL/TLS with clearnet sites. It’s not going to guarantee anything (forged/stolen certificates, ssl stripping, unreliable CAs, compromised site etc) but you still want to have it, right?
I also try to avoid having any identifying data in the workstation. But even non idenfying data may probably be valuable for an attacker to get a bigger picture about me and look for weak points and mistakes.
The point I was trying to get across is use the most secure messaging app you can find and not use apps with known flaws. It just good practice/OPSec. As you mentioned using care with the information you share with other users is a good idea since in there is no way of knowing:
Who they share that info with
If there system is secure, compromised etc
if they have the app configured correctly
Yes
Good idea/recommended. Very easy if you use Qubes OS
Both Telegram and Signal require your phone number. It’s a non-starter.
So, I figure my best bet is to use XMPP with OTR encryption.
Any recommended XMPP client then?
Pidgin - I read in the above link it should be avoided, actually it’s listed under “deprecated”. But Tails include it by default?
I had a look at bitmessage site, the first thing you see is a notice of remote code executions incidents that looks very similar in nature to the warnings here about Pidgin.
Despite being written in Python (and thus generally invulnerable to buffer overflow attacks), Gajim has a history of a critical vulnerabilities. Up until late 2011, it was possible to forge a link such that when a receiving Gajim user clicks on it, arbitrary code would be executed on the Gajim user’s machine.
This was taken from the Whonix wiki before Pidgen was depreciated. FYI Tor messenger is now depreciated by upstream dev
Pidgin supports most protocols. However do not use it. It has a very bad security track record with many remotely exploitable bugs - a result of being written in C and containing many legacy protocols. There is no reason to use it when Tor Messenger is now available.
You can go with Gamjum for Whonix 13, then Ricochet for Whonix 14.
Thanks. I installed Gajim and done the modifications as in the link above.
Don’t like it much at first sight. It allows unencrypted communication.
I added an OpenPGP key and assigned it to a contact. For some reason, I can’t toggle the End to End encryption, only the OpenPGP encryption. OK, maybe good enough. So I tried to communicate with someone (a test), and he didn’t set his own key. Gaijin still indicates “OpenGPG encryption is active and authenticated”. But when trying to converse, he couldn’t read my messages, and I got cleartext messages from him (Gaijim indicated “The following message was NOT encrypted”).
I guess that can be solved if both sides are more knowledgeable, but at first sight it looks too easy to make a mistake with this app. I think enforcing only encrypted messages by default (or not having the option of non-encryted messages at all) is what I look for.
Although Whonix 14 has not been blessed stable you can still use the images since all of the known serious bugs have been fixed. The only thing holding up this up is creating and testing New Qubes templates. (Have to upgrade all (VBox, KVM, Qubes) Whonix 13 → 14 at same time)
None. It’s on our roadmap but lacks offline communication. Something like cwtch would both be metadata free and offline. However it needs to be packaged and tested because its extremely bleeding edge.
Have you tried it with OMEMO? How do you enable encryption then? Is it a menu option or a per contact thing?
Gajim is the only offline messaging solution currently and has compatible XMPP clients on mobile. Its in our interest to make it work and give it our absolute attention.
Reading over there website it seems they have implemented end to end encryption. They also claim to have handed over 0 user data to 3rd parties. They also have moved locations to avoid regulations.
Why isn’t this mentioned as a viable option more often? Is there any critical security flaw I am not seeing here? It has also been audited, as compared to qtox which is provided by default in whonix 15, which is experimental software, ie could have critical vulnerabilities
Telegram has used really weak encryption in the past and most people haven’t realised that those issues have been solved with MTProto 2. Some people also dislike that Telegram uses their own home-made encryption rather than using something like the Signal protocol which has been audited many times and is well respected by cryptographers.
Telegram is where many people who have been censored by private companies go nowadays and use it as a “hard”-to-censor [1] notification mechanism to reach their audience or modern replacement (IRC alike) chat channel. It looks very popular outside the Tor / Whonix sphere.
I would use Telegram to get the word out if I was censored [i.e. beyond already existing self-censorship] by private companies too. (At least for communications on subjects other than Tor / Whonix.) Even if there were “Open Source trickery issues”, which are really bad indeed, it does its job currently to provide free speech.
Related:
[1] I cannot personally say if telegram censors nothing, light, or whatnot since I did not research that in depth. From what I causally observed it looks like one of the most free speech supporting platforms at the momment.
The clients are all open source but the server is proprietary.
I’m not sure but that doesn’t seem to affect users. It looks to be something that will only affect developers and people wanting to make their own Telegram fork.
I think they only censor porn in public groups unrelated to porn.