dark comms: a basic guide to secure communications

La geek forumo - Y fforwm geek - Otakufōramu.

dark comms: a basic guide to secure communications

Postby red » Fri Jan 27, 2017 9:02 am

Jaeger had the brilliant idea to start a thread covering things like encryption, secure sms and etc. So, here it is. I am far from an expert but I know a little.


Secure SMS/MMS

Android/iOS: The best app out there right now is Signal by Whisper Systems. It allows secure and nonsecure SMS/MMS along with secure calling that features a randomly generated two word key at the bottom of the display.
User avatar
red
Yap. Doomed for all eternity.
 
Posts: 2629
Joined: Sat Nov 20, 2004 1:47 am
Location: Indy
BANNER!:
Jolly Roger

Re: dark comms: a basic guide to secure communications

Postby red » Fri Jan 27, 2017 12:15 pm

Just to clarify, this was made as a group effort to share info about secure communications, not a thread where I spout off info (I'm not that smart). So... if you have some tips or ideas on the subject, please share!
User avatar
red
Yap. Doomed for all eternity.
 
Posts: 2629
Joined: Sat Nov 20, 2004 1:47 am
Location: Indy
BANNER!:
Jolly Roger

Re: dark comms: a basic guide to secure communications

Postby Bigshankhank » Fri Jan 27, 2017 12:33 pm

For reference, I am still using an archaic iPhone 5c, same model as the San Bernadino shooters that the feds couldn't force their way in to. So am I better off keeping it? I have thus far refused to upgrade to IOS 10.
It's time for Humankind to ditch the imaginary friends of our species' childhood and grow the fuck up.
-Davros

"Lasse mich deine Seele dem Herrscher der Finsternis opfern"

Let me sacrifice your soul to the ruler of darkness

Always carry a bottle of whiskey when you travel in case of a snakebite. Futhermore, always carry a small snake.
User avatar
Bigshankhank
Fully Autonomous Cock-Puncher
 
Posts: 7529
Joined: Wed Sep 14, 2005 8:11 am
Location: Deep In The Swamps of South Florida
BANNER!:
US Florida

Re: dark comms: a basic guide to secure communications

Postby motorpsycho67 » Fri Jan 27, 2017 9:46 pm

Why would I want to do this?

I'm not particularly paranoid. They're welcome to my boring texts/calls.
'75 Honda CB400F
'82 Kawalski GPz750
etc.
User avatar
motorpsycho67
Double-dip Diogenes
 
Posts: 4642
Joined: Tue Oct 07, 2008 1:24 am
Location: City of Angels

Re: dark comms: a basic guide to secure communications

Postby DerGolgo » Sat Jan 28, 2017 3:00 am

motorpsycho67 wrote:Why would I want to do this?

I'm not particularly paranoid. They're welcome to my boring texts/calls.


Solidarity and plausible deniability. Signal to noise.

Even if you have nothing to hide, you have something to fear. You should fear the regime muzzling dissenting voices. You should fear the fascists turning the world around you into a giant ATM for their corporate masters, destroying democratic institutions in the process.

When the new US regime begins cracking down on dissenters, which won't necessarily happen in any manner resembling a traditional crackdown, and only those they crack down upon use encryption, they have no plausible deniability. If a large portion of the population uses encrypted communications, the regime would find it slightly more difficult to find someone for the cracking.
Such a crackdown might just look like that old gem, the no-fly-list. Just that it'll be a no-drivers-license list, a no-mortgage list, a no-health-insurance list. Any number of little things to ensure that anyone making a ruckus against the junta won't be able to even just get a job, never mind activism. They'd leave them cellphones and credit cards, because those things DO allow tracking, actually.

No, public outcries won't stop them from getting away with such. For one, the public won't outcry much about something if it's presented to them right, also the Trumpista likely won't even care about any outcry, and last but not least, it can likely all be done in secret. So much is done through database systems these days, DMVs, mortgage brokers, insurance agents. They only see what the computer tells them when whatever application they entered is being denied. Even their bosses don't have to know such little tricks could be hidden in their system. All it takes is someone walking into the office of whoever runs IT for the outfit, present them with a top-secret presidential order that security "monitoring" software XY must be installed, and that it must be double-plus secret and if you say anything it's orange jumpsuits for you.
There are any number of subtle little harassments one could imagine. Trump may be thick as two planks nailed together with a third plank for a nail. But the people around him aren't. They know what it'd look like and what noise they'd have to deal with if they just rounded up the dissenters. Much easier and equally effective to just exclude them from the infrastructure of modern life and society.

If only the people "with something to hide" refuse to put their phone on the tray for the x-ray, even the TSA can work out who to pat down, and will likely find something.
Recall the "jammers" from The Prisoner? Would talk about killing Number 2 so much and so often, they stopped being treated as genuine suspects.
In the end, the question is cost effectiveness, or rather a cost/benefit calculation that anyone looking would likely have to engage in.
Some stuff we think secure, they might just giggle about. Other stuff, they'll go "Hm". Even if it doesn't cost much money, having a highly qualified specialist decypher it creates opportunity-cost and may just not be worth it. Even if they decypher everything, unless they already have robust AI, someone still has to look over some stuff. Enough people use encryption, enough stuff to look over, enough opportunity cost to create blind spots that activism can hide behind.
Like with aviation in the 1950s and 60s, public knowledge is probably about a decade behind what the governments of the world can do in terms of cypher breaking and suchlike. When Ed Snowden revealed what he revealed, parts of what is publicly known were bumped forward a bit. But we hardly caught up, and TPTB Inc surely did what they could to ensure we'd fall even further behind in the aftermath. This entire discussion may be moot, there may be no secure communications left at all. But TPTB Inc don't deserve THAT benefit of THAT doubt.

Secure browsing
Commercial VPN services my be subverted by security agencies. Or may not. A proper VPN lets you do anything you do over the internet. But whoever is on the other side only ever sees the IP of your VPN service. As long as you don't let anything set cookies, that's good anonymity right there. Good services cost money, though.
TOR, meanwhile, is free. "The Onion Router" doesn't let you do absolutely everything, only what you can do through your browser, and doesn't support all plugins. But you don't get cheaper than free, and the routers therein are random volunteers somewhere in the world, not a server farm in Switzerland.
As it is, though, the TOR network may have, in large part, been subverted by the NSA, or so I recall hearing a while back. That may have changed, I don't know. Around the time I think I heard that there were a few spree killings, the usual cluster of events within a short period (thanks to the extensive media coverage motivating the next guy, as usual), and before anyone had even checked to see where the guns had actually come from, we were told "dark web! dark web! dark net! fear, fear, fear!".
The mainstream media here in Germany was desperate to tell anyone, even if they wouldn't listen, that if you just google "the dark web", and you don't have gym bag full of submachine guns, loaded and rounds chambered, in thirty minutes or less, you get a bazooka for free.

Encrypted Email and other text files
You can encrypt any text with PGP. A free implementation of which is GnuPG.
"Pretty Good Privacy" is an asymmetric encryption system. You start out with it and create two keys. One is the "public key", with which anyone can encrypt a message for you. That key is literally intended to be published. A message encrypted with it cannot be decrypted with it, thanks to mathematical vodoo I won't even pretend to comprehend (ha! gotcha! you thought I would try and explain!). You also generate a private key, which must be kept plus-top-secret. That is the one that can decrypt a message encrypted with the public key.

Instant messaging
For instant messaging, there is Jabber. That protocol implements PGP encryption in an IM system. Popular clients for Windows machines are Jitsi and Pidgin. I use Jitsi.
For Android phones, the client I know is Chatsecure. Though I haven't used that in a while and am not sure about how well it's being updated. I can't be arsed to check on that right now, but it's where you may want to start googling.

Encrypting larger files
For your larger, non-text files, there is VeraCrypt. It's like TrueCrypt, almost entirely identical user interface and functionality, only it's still being supported and updated, unlike TrueCrypt, which has been abandoned.
VeraCrypt lets you create virtual hd partitions that exist in reality as encrypted files. These are never fully decrypted when data stored therein is accessed. The software only decrypts the bits that are needed at the time. It's fast and offers a bunch of encryption mechanisms that can even be combined. It's not like simple password protection, like on a WinRAR file, but real encryption that takes the experts more then three minutes to get around.
Hypothetically, it should be possible to play Russian dolls with encrypted files, actually.
As an aside, you can also use it to create hidden partitions on your computer. Anyone looking would only find an unformatted part of your HD, entirely filled with random data.
If there were absolutely anything to be afraid of, don't you think I would have worn pants?

I said I have a big stick.
User avatar
DerGolgo
Zaphod's Zeitgeist
 
Posts: 12140
Joined: Sun Apr 04, 2004 9:34 am
Location: It's bad enough I gotta live here, don't make me say it, too ...
BANNER!:
Jolly Roger Alternative

Re: dark comms: a basic guide to secure communications

Postby motorpsycho67 » Sat Jan 28, 2017 10:41 am

TL;DR (as usual)


Sorry, but I'm not that paranoid.

Not saying it's not possible, just don't care to let it take up valuable real estate in my noggin.
'75 Honda CB400F
'82 Kawalski GPz750
etc.
User avatar
motorpsycho67
Double-dip Diogenes
 
Posts: 4642
Joined: Tue Oct 07, 2008 1:24 am
Location: City of Angels

Re: dark comms: a basic guide to secure communications

Postby DerGolgo » Sun Jan 29, 2017 12:43 am

motorpsycho67 wrote:TL;DR (as usual)


Sorry, but I'm not that paranoid.

Not saying it's not possible, just don't care to let it take up valuable real estate in my noggin.


I've shortened.
If only dissenters use the "paranoid" way of communicating, they are too easy to find. Big old "look here" sticker. But if they don't, that's not helpful, either, for obvious reasons. Find one, you'd have it all, lacking safe comms.
Even the "happy birthday" message to your aunty should be encrypted if you want to help others dissent and engage in activism.

DerGolgo wrote:
motorpsycho67 wrote:Why would I want to do this?

I'm not particularly paranoid. They're welcome to my boring texts/calls.


Solidarity and plausible deniability. Signal to noise.

Even if you have nothing to hide, you have something to fear. You should fear the regime muzzling dissenting voices. You should fear the fascists turning the world around you into a giant ATM for their corporate masters, destroying democratic institutions in the process.
If there were absolutely anything to be afraid of, don't you think I would have worn pants?

I said I have a big stick.
User avatar
DerGolgo
Zaphod's Zeitgeist
 
Posts: 12140
Joined: Sun Apr 04, 2004 9:34 am
Location: It's bad enough I gotta live here, don't make me say it, too ...
BANNER!:
Jolly Roger Alternative

Re: dark comms: a basic guide to secure communications

Postby red » Mon Jan 30, 2017 6:20 am

motorpsycho67 wrote:TL;DR (as usual)


Sorry, but I'm not that paranoid.

Not saying it's not possible, just don't care to let it take up valuable real estate in my noggin.


Due to the increased threat of ransomware, I have to apply this secure mindset to all of my digital interactions, online, sms and etc. Being secure not only keeps prying eyes away, it keeps your personal data safe.
User avatar
red
Yap. Doomed for all eternity.
 
Posts: 2629
Joined: Sat Nov 20, 2004 1:47 am
Location: Indy
BANNER!:
Jolly Roger

Re: dark comms: a basic guide to secure communications

Postby Shhted » Mon Jan 30, 2017 8:15 am

May I suggest some basic OpSec for those who don't want to go totally Dark but want to improve their security perimeter. A lot of this may seem trivial, but it greatly decreases your attack surface.

1. Obtain and use a password manager. There are many out there. I use 1Password, and I'd recommend it. However, just use one. This is a key component of what I will cover in the following. It's worth it to spend $ here. Do NOT reuse passwords. The rule is unique account = unique password.
2. Your ISP connection, is it a cable modem or somesuch? Change the default password on the hardware to something long and unique. Store it in your password manager. Update the firmware on it frequently. Many are configured to obtain fresh firmware upon reboot. Otherwise do so on your own schedule by setting a calendar reminder for yourself. Search for the device model and firmware update from the manufacturer's website. Do this for all of your networking gear (routers, modems, hubs).
3. Your devices, regardless of OS or brand - update often. Update the OS via trusted sources (the manufacturer). Don't just think about your mobile phones and workstations, do the same for your smart devices too: TVs, Cameras, Game Consoles, Thermostats, etc. They are often the most dumb. :P
4. Have an email address solely for the purposes of receiving SPAM and other shit. Use that address to sign up for things. This is how I use Yahoo. Don't populate contacts with this account.
5. You should know not to click unknown links and such, but you should also be aware of how social media can leave you exposed. Review all of your social media privacy settings, and do so often. If you are looking for guidance many tech or security blogs detail how to do so per platform.
6. Get yourself a VPN. This is most important when leveraging free wi-fi. It doesn't secure you completely, but it does make you more difficult to attack than someone who isn't using one. Remember, with free wi-fi you get what you pay for. If you don't need to connect, don't.
7. Set your devices such that they do not autoconnect to available WiFi. Require that you interact to connect to WiFi.
8. Shut off any unnecessary services on your devices. If you're not using Bluetooth devices, shut off the capability.
9. The most important aspect IMHO, assist those who are connected to you but not savvy enough to save their own skins.

Stay vigilant, my friends.
Drink beer. As much as you like. Mostly good stuff.
User avatar
Shhted
Magnum Jihad
 
Posts: 830
Joined: Thu Jul 13, 2006 9:09 am
Location: Mini-apple-ish
BANNER!:
Norway

Re: dark comms: a basic guide to secure communications

Postby guitargeek » Mon Jan 30, 2017 9:53 pm

Goes to look up SMS and MMS...
Elitist, arrogant, intolerant, self-absorbed.
Midliferider wrote:Wish I could wipe this shit off my shoes but it's everywhere I walk. Dang.
Pattio wrote:Never forget, as you enjoy the high road of tolerance, that it is those of us doing the hard work of intolerance who make it possible for you to shine.
xtian wrote:Sticking feathers up your butt does not make you a chicken
User avatar
guitargeek
Master Metric Necromancer
 
Posts: 11855
Joined: Fri Jan 27, 2006 7:36 pm
Location: East Goatfuck, Oklahoma
BANNER!:
US Oklahoma 46

Re: dark comms: a basic guide to secure communications

Postby DerGolgo » Mon Jul 31, 2017 12:47 am

Oh yeah, I should maybe chime in.
I've gotten me some VPN last year, simply because I value my privacy, actually. No, I'm not torrenting shit, even though I probably could do so with more or less impunity.
I pay for it, but the prices are reasonable, imho.
It IS sometimes useful if I want to watch something on youtube that's geo-locked (or whatever the kids call it these days) to the USA.
If there were absolutely anything to be afraid of, don't you think I would have worn pants?

I said I have a big stick.
User avatar
DerGolgo
Zaphod's Zeitgeist
 
Posts: 12140
Joined: Sun Apr 04, 2004 9:34 am
Location: It's bad enough I gotta live here, don't make me say it, too ...
BANNER!:
Jolly Roger Alternative

Re: dark comms: a basic guide to secure communications

Postby red » Wed Aug 16, 2017 6:44 pm

Still think this is all silly nonsense?

https://www.nytimes.com/2017/08/15/us/politics/justice-department-trump-dreamhost-protests.html

WASHINGTON — The Justice Department is trying to force an internet hosting company to turn over information about everyone who visited a website used to organize protests during President Trump’s inauguration, setting off a new fight over surveillance and privacy limits.
User avatar
red
Yap. Doomed for all eternity.
 
Posts: 2629
Joined: Sat Nov 20, 2004 1:47 am
Location: Indy
BANNER!:
Jolly Roger

Re: dark comms: a basic guide to secure communications

Postby DerGolgo » Thu Aug 17, 2017 2:50 pm

Been using this with friends for quite a while:
https://telegram.org/

It's fully encrypted and cloud based. Which means you just install it on all your devices, and all your contacts are there, and all your conversations, no additional "syncinc" and such required.
It's what the lefty nerd scene (yes, that's a thing) recommends. Also does file transfers, conferences, etc.
If there were absolutely anything to be afraid of, don't you think I would have worn pants?

I said I have a big stick.
User avatar
DerGolgo
Zaphod's Zeitgeist
 
Posts: 12140
Joined: Sun Apr 04, 2004 9:34 am
Location: It's bad enough I gotta live here, don't make me say it, too ...
BANNER!:
Jolly Roger Alternative

Re: dark comms: a basic guide to secure communications

Postby red » Sat Sep 14, 2019 11:54 am

What about mesh network messaging? I installed Bridgefy and Briar but looks like none of my contacts have gone that deep.
User avatar
red
Yap. Doomed for all eternity.
 
Posts: 2629
Joined: Sat Nov 20, 2004 1:47 am
Location: Indy
BANNER!:
Jolly Roger

Re: dark comms: a basic guide to secure communications

Postby DerGolgo » Sun Sep 15, 2019 7:58 am

I confess, I'm not familiar with mesh networks at all. Isn't that what the protesters in Hong Kong are using to organize?

For private messaging, I prefer Signal, these days. It's fully open-source, and dissenter groups in various parts of the world use it.
Ditto Telegram. I use that, but not as much, and not as present, due to computer woes. General problem: part of the Telegram source is proprietary and undisclosed, so it may be compromised. I was told that dissenters in Iran use it a lot.

For either application, just using it at all is an act of solidarity, as any new user adds to the noise that intelligence agencies and secret polices have to dig through to find the signal they are looking for.
If there were absolutely anything to be afraid of, don't you think I would have worn pants?

I said I have a big stick.
User avatar
DerGolgo
Zaphod's Zeitgeist
 
Posts: 12140
Joined: Sun Apr 04, 2004 9:34 am
Location: It's bad enough I gotta live here, don't make me say it, too ...
BANNER!:
Jolly Roger Alternative


Return to Cyber Terror

Who is online

Users browsing this forum: No registered users and 3 guests