diff --git a/_includes/sections/instant-messenger.html b/_includes/sections/instant-messenger.html index 88779ff50..e33e94384 100644 --- a/_includes/sections/instant-messenger.html +++ b/_includes/sections/instant-messenger.html @@ -1,4 +1,7 @@ -

Encrypted Instant Messengers

+

+ + Encrypted Instant Messengers +

@@ -9,42 +12,28 @@

We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.

-

Centralized

+

+ + Centralized +

Centralized messengers are those where every participant is on the same server or network of servers controlled by the same organization.

-

Advantages

- - -

Disadvantages

- - {% - include cardv2.html - title="Signal" - image="/assets/img/svg/3rd-party/signal.svg" - description='Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been indepedently audited (PDF)' - labels="warning:Requires phone number:Signal requires your phone number as an personal identifier which means anyone you communicate with will see it.|success:VoIP" - website="https://signal.org/" - forum="https://forum.privacytools.io/t/discussion-signal/664" - github="https://github.com/signalapp" - windows="https://signal.org/download/" - mac="https://signal.org/download/" - linux="https://signal.org/download/" - googleplay="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms" - android="https://signal.org/android/apk/#apk-danger" - ios="https://apps.apple.com/app/signal-private-messenger/id874139669" + include cardv2.html + title="Signal" + image="/assets/img/svg/3rd-party/signal.svg" + description='Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been indepedently audited (PDF)' + labels="warning:Requires phone number:Signal requires your phone number as an personal identifier which means anyone you communicate with will see it.|success:VoIP" + website="https://signal.org/" + forum="https://forum.privacytools.io/t/discussion-signal/664" + github="https://github.com/signalapp" + windows="https://signal.org/download/" + mac="https://signal.org/download/" + linux="https://signal.org/download/" + googleplay="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms" + android="https://signal.org/android/apk/#apk-danger" + ios="https://apps.apple.com/app/signal-private-messenger/id874139669" %} {% @@ -67,37 +56,45 @@

Disadvantages

chrome="https://chrome.google.com/webstore/detail/keybase-for-reddit/ognfafcpbkogffpmmdglhbjboeojlefj" %} -
-

Federated

- -

Federated messengers use multiple, independent servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.

- +
+
+

Advantages

    -
  • Allows for greater control over your own data when running your own server.
  • -
  • Allows you to choose who to trust your data with by choosing between multiple "public" servers.
  • -
  • Often allows for third party clients which can provide a more native, customized, or accessible experience.
  • -
  • Generally a less juicy target for governments wanting backdoor access to everything as the trust is decentralized. The server may be hosted independently from the organization developing the software.
  • -
  • Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)
  • -
  • Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.
  • +
  • New features and changes can be implemented more quickly.
  • +
  • Easier to get started with and to find contacts.
- +
+

Disadvantages

    -
  • Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
  • -
  • Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
  • -
  • Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
  • -
  • Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
  • +
  • Centralized services could be more susceptible to legislation requiring backdoor access.
  • +
  • Can include restricted control or access. This can include things like:
  • +
      +
    • Being forbidden from connecting third-party clients to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.
    • +
    • Poor or no documentation for third-party developers.
    • +
    +
  • The ownership, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
+
+
+
+

+ + Federated +

+ +

Federated messengers use multiple, independent servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.

+ {% include cardv2.html - title="Matrix" - image="/assets/img/svg/3rd-party/matrix.svg" - image-dark="/assets/img/svg/3rd-party/matrix-dark.svg" - description='Matrix is an open-source project that publishes the Matrix open standard for secure, decentralized, real-time communication.
- Riot.im is the popular reference client produced by the Matrix.org team. It offers optional E2EE for 1:1 and group conversations that must be turned on by the user. (This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security & Privacy → Encrypted). In the future it will be on by default.' + title="Riot" + image="/assets/img/svg/3rd-party/riotim.svg" + description='Riot.im is the reference client for the Matrix network. The Matrix open standard is an open-source standard for secure, decentralized, real-time communication.
' + labels="warning:Warning:Riot offers optional E2EE for 1:1 and group conversations that must be turned on by the user. + (This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security & Privacy → Encrypted).|success:VoIP" website="https://about.riot.im/" forum="https://forum.privacytools.io/t/discussion-riot-im/665/" github="https://github.com/vector-im/riot-web/" @@ -110,42 +107,44 @@

Disadvantages

web="https://riot.im/app/" %} -
-

Worth Mentioning

- -
    -
  • Other Matrix clients, that may however be less feature complete than Riot.im.
  • -
  • XMPP (Extensible Messaging and Presence Protocol) is an open-source communications protocol that began development in 1999. Since then, XMPP has been extended by the publishing of XEPs (XMPP Extension Protocols). OMEMO is the most popular XEP (XMPP extension) for E2EE. Clients are developed by the community and not by the XSF (XMPP Standards Foundation). Inconsistent E2EE
  • - -
  • Kontalk is a community-driven instant messaging network based on XMPP.
  • -
- -

Peer to Peer (P2P)

+
+
+
+

Advantages

+
    +
  • Allows for greater control over your own data when running your own server.
  • +
  • Allows you to choose who to trust your data with by choosing between multiple "public" servers.
  • +
  • Often allows for third party clients which can provide a more native, customized, or accessible experience.
  • +
  • Generally a less juicy target for governments wanting backdoor access to everything as the trust is decentralized. The server may be hosted independently from the organization developing the software.
  • +
  • Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)
  • +
  • Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.
  • +
+
+
+

Disadvantages

+
    +
  • Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
  • +
  • Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
  • +
  • Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
  • +
  • Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
  • +
+
+
+
-

Peer-to-Peer instant messengers connect directly to each other without requiring third-party servers. Clients (peers) usually find each other through the use of a distributed computing network. Examples of this include DHT (distributed hash table) (used with technologies like torrents and IPFS, for example), or Ethereum's Whisper protocol (used with some newer DApps). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the Scuttlebutt social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made.

+
+

Worth Mentioning

+ -

Advantages

-
    -
  • Minimal information is exposed to third parties.
  • -
  • Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
  • -
+

+ + Peer to Peer (P2P) +

-

Disadvantages

-
    -
  • Reduced feature set:
  • -
      -
    • Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
    • -
    • Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
    • -
    -
  • Your IP address and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a self contained network, such as Tor or I2P. Many countries have some form of mass surveillance and/or metadata retention.
  • -
-
+

Peer-to-Peer instant messengers connect directly to each other without requiring third-party servers. Clients (peers) usually find each other through the use of a distributed computing network. Examples of this include DHT (distributed hash table) (used with technologies like torrents and IPFS, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the Scuttlebutt social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made.

{% include cardv2.html @@ -176,30 +175,25 @@

Disadvantages

ios="https://itunes.apple.com/app/ring-a-gnu-package/id1306951055?mt=8" %} -{% - include cardv2.html - title="Tox" - image="/assets/img/svg/3rd-party/tox.svg" - image-dark="/assets/img/svg/3rd-party/tox-dark.svg" - description='Encrypted instant messaging and video calling software. Uses its own encryption protocol that has not yet been officially audited by cryptographers.' - labels="warning:Experimental:Encryption has not been audited by professional cryptographers|success:VoIP" - website="https://tox.chat" - forum="https://forum.privacytools.io/t/discussion-tox/2115" - windows="https://tox.chat/download.html#oses" - mac="https://tox.chat/download.html#oses" - linux="https://tox.chat/download.html#oses" - freebsd="https://tox.chat/download.html#oses" - openbsd="http://openports.se/search.php?so=tox" - netbsd="http://pkgsrc.se/search.php?so=tox" - fdroid="https://tox.chat/download.html#oses" - googleplay="https://tox.chat/download.html#oses" - ios="https://tox.chat/download.html#oses" -%} - -

Worth Mentioning

- -
    -
  • Status.im - Encrypted instant messenger with an integrated Ethereum wallet (cryptocurrency) that also includes support for DApps (decentralized apps) (web apps in a curated store). Uses the Whisper protocol for P2P communication. Experimental
  • -
  • Retroshare - Encrypted instant messaging and voice/video call client. RetroShare supports both Tor and I2P.
  • -
  • Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers.
  • -
+
+
+
+

Advantages

+
    +
  • Minimal information is exposed to third parties.
  • +
  • Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
  • +
+
+
+

Disadvantages

+
    +
  • Reduced feature set:
  • +
      +
    • Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
    • +
    • Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
    • +
    +
  • Your IP address and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a self contained network, such as Tor or I2P. Many countries have some form of mass surveillance and/or metadata retention.
  • +
+
+
+
diff --git a/_includes/sections/teamchat.html b/_includes/sections/teamchat.html index 21cd9064c..6df7e9d09 100644 --- a/_includes/sections/teamchat.html +++ b/_includes/sections/teamchat.html @@ -1,16 +1,20 @@ -

Team Chat Platforms

+

+ + + Team Chat Platforms +

{% include cardv2.html - title="Matrix" - image="/assets/img/svg/3rd-party/matrix.svg" - image-dark="/assets/img/svg/3rd-party/matrix-dark.svg" - description='Matrix is an open-source project that publishes the Matrix open standard for secure, decentralized, real-time communication.
- Riot.im is the popular reference client produced by the Matrix.org team. It offers optional E2EE for 1:1 and group conversations that must be turned on by the user. (This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security & Privacy → Encrypted). In the future it will be on by default.' + title="Riot" + image="/assets/img/svg/3rd-party/riotim.svg" + description='Riot.im is the reference client for the Matrix network. The Matrix open standard is an open-source standard for secure, decentralized, real-time communication.
' + labels="warning:Warning:Riot offers optional E2EE for 1:1 and group conversations that must be turned on by the user. + (This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security & Privacy → Encrypted).|success:VoIP" website="https://about.riot.im/" forum="https://forum.privacytools.io/t/discussion-riot-im/665/" github="https://github.com/vector-im/riot-web/" @@ -28,7 +32,7 @@

- diff --git a/assets/img/svg/3rd-party/tox-dark.svg b/assets/img/svg/3rd-party/tox-dark.svg deleted file mode 100644 index 13f26fe2f..000000000 --- a/assets/img/svg/3rd-party/tox-dark.svg +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/assets/img/svg/3rd-party/tox.svg b/assets/img/svg/3rd-party/tox.svg deleted file mode 100644 index 18433b424..000000000 --- a/assets/img/svg/3rd-party/tox.svg +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/pages/software/real-time-communication.html b/pages/software/real-time-communication.html index 180e45feb..e06237d7b 100644 --- a/pages/software/real-time-communication.html +++ b/pages/software/real-time-communication.html @@ -8,73 +8,73 @@ {% include sections/instant-messenger.html %}

- - + + - Recent news about breaking E2EE on centralized instant messengers + Recent news about breaking E2EE on centralized instant messengers

March 2020
January 2020
November 2019
October 2019
August 2019
July 2019
May 2019
January 2019
December 2018

Complete Comparison

Independent security audits