UPDATE 06. June 2020: Beware of ZOOM !

Welcome To The Panopticon, or "How I Learned To Stop Worrying And Love Information Warfare"

So it's 2020......and so far we have:

- Zoom had become a major communications platform for home-office work during the worldwide corona-lockdown, but it became obcious that it is fully in the hands of the CCP regime of China. Choose: JITSI if you need to have a video-conference.

- Twitter, Facebook, Youtube and the like, de-platforming or censoring any content that leans towards the right or conservative side. Even LinkedIn - after the change at the helm - has now engaged AI for shadow-banning.

- Amazon, Google, Apple, Microsoft, et al, doubling down on collection of people's data.

- The US intelligence apparatus convincing major hotel chains (Marriot for one) to collect information and report on hotel guests (for the most trivial of "abnormalities", if one can call them that).

- Amazon working with law enforcement to implement widespread facial recognition gathering.

- Those nifty DNA/ Heritage testing sites have been caught giving your DNA to Uncle Sam.
- Cellular service providers selling your real-time location, voice-profile, contacts to anyone who wants to buy it.
- The proliferation of "smart" devices such as Alexa that is always listening. Brutal push of 5G.
- Web browsers screening the news you search for and only letting the "leftist" slanted news through.

I could go on for pages and pages, but you get the point. One needs to become aggressive to secure ones privacy in this day and age....so with that in mind I thought it apropriate to publish an updated breakdown of available options.

Let's establish some standards that should be adhered to when choosing a chat application.

1. It should be comprised of open-source code. Open source code can be audited by third parties for completeness, proper implementation and potential security vulnerabilities.

2. It should employ end to end encryption. In other words, the encryption happens on your device and the decryption happens on the recipient's device versus a third party server. This removes the need to trust a third party with your keys.

3. It should utilize INFOSEC industry accepted standards for cipher primitives. It should use well studied ciphers, key exchanges and hashes such as: AES-256, RSA-4096, ChaCha20, ECC-512, Curve25519, Poly1305, secp256k1, Curve448, Twofish, SHA-3, Whirlpool, GPG.

4. It should utilize forward secrecy. This protects the user if they have a key that somehow gets compromised. In this setup the system renegotiates the key exchange at short, established time intervals. Diffie-Hellman  is a common implementation of this concept.

5. It should support the removal/destruction of messages on both ends of the conversation. This could be based on a timer, manual selection or a "destroy on read" protocol.

6. Encryption scheme should be implemented in accordance with accepted standards. (This is one of the issues with Telegram). Some well studied implementations: Axolotl, Proteus, OMEMO, Matrix, Whisper, Mercury, Bramble.

7. It should obfuscate non-message data (metadata). Even if your message body is secure, information such as routing, timestamps, location and device fingerprinting data can be transmitted in the clear. This is less than ideal.

8. It should support the in-app blocking of screen captures. Certain malware has been known to silently take a screen capture as you read or write your otherwise secure message and then send it in the background or simply store it for later physical retrieval by bad actors.

9. Decentralized and blockchain based solutions are often preferable to server based (centralized) solutions. Decentralized/Peer to Peer (P2P) systems do not rely on a traditional server model (centralized model). Instead, they route traffic via other peers running the same software. This avoids a single point of failure and makes censoring/blocking extremely unlikely.

10. Having a verification process for chat partners is a plus. This would involve sharing a checksum or other unique identifier via a separate channel. Both parties involved in the chat would initiate the exchange on their respective ends. This helps to insure that you are actually talking to your intended chat partner and not a bad actor. This aides in the prevention of Man In The Middle attacks (MITM).

11. Is it multi-platform? Will it run on phones (Android, iPhone) and computers (Windows, Mac, Linux)? This is more a matter of versatility than security; unless, of course, you delete a sensitive message on one device (your phone) but fail to delete it on the same app that is running on your home computer (which gets seized by bad actors). Versatility is also a factor when dealing with a large group of people wanting to securely communicate with one another. Does everyone have a compatible device for said app?

 Bonus * For the phone based apps; do they include software trackers? If so, how many and where do they lead to? On an Android device, for example, most apps that you install will include trackers. These trackers for the most part exist for the developers to diagnose crashes, usage statistics and various marketing analytics. These seem reasonable enough, but you should always research who is behind the trackers as this data could conceivably be used in a non-favorable way.

Okay, so where does that leave us? Here are some options that meet all or most of the above requirements.

* Briar
Meets all policies above except: 5 and 11.

App available for Android only. App has no trackers.

Can be used anonymously.

Not for profit organization.

Briar is unique in that it allows connections not only via the web (via TOR), but also point to point using WiFi or Bluetooth. This would be useful in a "grid down" scenario where a group needs to communicate securely without web infrastructure availability. Briar is still under heavy development and has many interesting features planned for future releases.



* Signal

Meets above policies except: 9

App available for Android, iOS, Win, Mac and Linux. App has no trackers.

Identity is tied to your phone number (not anonymous).

Not for profit organization. (California, USA)

Signal is used as a drop in replacement for the native SMS app on your phone. It pushes messages via a data channel as opposed to the traditional SMS cellular band. This allows for better metadata concealment and also will not count against your phone provider's SMS limit. It does rely on servers (based in the US) and utilizes GCM (Google Cloud Messaging) for push notifications. Offers secure voice and file transfer as well. Signal does have access to your contacts list.


* Wire

Meets policies above except: 8 and 9.

App available for Android, iOS, Win, Mac and Linux. App has one tracker (Google Firebase Analytics).

Identity is tied to an email address. (anonymity dependent on email used).

For profit organization. (Switzerland)

Wire is often compared to Signal as they are structured in a similar fashion. Wire is not, however, meant to be a SMS replacement. Wire does keep a list of people you have communicated with until account deletion. Offers secure voice, video, file transfer as well as chat. Wire servers are located in Switzerland.



* Wickr

Meets policies above except: 9 and partially 1 (server side is closed source)

App available for Android, iOS, Win, Mac and Linux. App has two trackers (Countly and Google Firebase Analytics)

Anonymous identity. Can be tied to phone number if desired.

For profit organization. (California, USA)

Wickr had a rough start as it used closed source code. It has since moved to open source code and has been professionally audited. Offers secure voice and file transfer as well as chat. The Linux desktop version is depreciated and will not run on newer distros. Wickr servers are US based.


* Status

Meets above except: 5 and 8.

App available for Android, iOS, Win, Mac and Linux. (currently beta). App has one tracker (Google Firebase Analytics).

Anonymous identity.

Not for profit organization. (Germany)

 Status is based on the Ethereum blockchain (decentralized system) and is structurally similar to Bitmessage. It is still beta software at this time and has some growing to do yet.


* BCM/BlockChain Messenger

Meets above except: 1, 5 and 8. (switching to open source is ongoing).

App available for Android and iOS. App has two trackers (Google Firebase Analytics, Umeng Analytics).

Anonymous identity.

Not for profit organization. (British Virgin Islands).

BCM is another blockchain based secure messenger. It, like Status, has a lot of room for growth.


* Obsidian/OSM

Meets above except: 5 and 8.

App available for Android and iOS. (desktop apps under development).

Anonymous identity.

Not for profit organization.

Another blockchain based solution under heavy development.


* Tox (Antox, Trifa, qTox)

Meets above except: 5 and 8.

App available for Android, iOS, Win, Mac, Linux. No trackers.

Anonymous identity.

Not for profit organization.

Tox is a versatile platform for secure chat, voice, video and file transfer.


* Bitmessage

Meets above except: 4

App available for Win, Mac, Linux (Abit is available for android but is not recommended due to the Proof of Work draining the battery). No trackers.

Anonymous identity.

Not for profit organization.

Bitmessage is one of the original blockchain based messengers. It has been well studied and is considered stable at this point. The addresses are long hashes and can be cumbersome to transfer for some. PoW keeps it from being a viable option on a handheld device. Be sure and run the most recent version ( as of this writing) as the older version had a security flaw.


* Riot (Matrix)

Meets above except: 4, 5 and 8.

App available for Android, iOS, Win, Mac and Linux. Two trackers (Google Firebase Analytics, Matomo).

Anonymous identity.

Not for profit organization.

Riot is one of several clients for the Matrix protocol. Riot has a lot of versatility, including chat, voice, video and file transfer. One thing to keep in mind is that at the moment encryption is not turned on by default, so you must ensure that you activate "private messages".



* Ricochet IM

Meets above except: 5 and 10.

App available for Win, Mac and Linux. No trackers.

Anonymous identity.

Not for profit organization.

Ricochet is a very no frills, but very secure messenger. It makes an anonymous connection via TOR where you can conduct your chat. Ricochet IM has been well audited by security professionals.


* Adamant

Meets above  except: 5 and 8.

App available for Android, iOS and web based. No trackers.

Anonymous identity.

Not for profit organization. (Ireland)

Adamant strives to be one of the most secure and anonymous blockchain based messengers on the market. They are relatively new to the scene, so time will tell how they stack up.



As you can see there are pros and cons to all of the above solutions. You may find that two or more of the above would be appropriate for your current threat model. In any case, give them a try....you have nothing to lose and much to gain.

If you are currently using Whatsapp, Viber, your phone's built in SMS client, Telegram or any of the other countless mainstream messaging apps, you might consider switching to one of the above solutions.

Let us use the same approach to examine email and email-like solutions; as email, by it's very design, can be a security nightmare.

What To Do About Email? *UPDATED*

I think its safe to say that the most alluring thing that our own mailserver brings to the table is that it sits in one of the world's most privacy respecting legal jurisdictions, Iceland. While a jurisdiction that has laws favorable to personal privacy with respect to data is certainly a good thing, it is not the only factor for consideration. As far as jurisdictions go, a good starting point is to be cautious doing business with companies in the Five Eyes (USA, UK, Canada, Australia, New Zealand) for reasons we have already addressed in the past I should also point out that this is a much more important factor with a VPN service than with an email service.

Bear in mind though that if you setup your email account anonymously (use a throwaway contact email and obfuscate your IP with TOR and/or VPN) and use GPG/PGP encryption, even if some authority or bad guys grab those email servers they really have nothing useful on you.

Here are some providers I have been studying that are worth consideration:

1. Bitmessage.ch
          - Free
          - can be used with your mail client
          - hybrid of normal email and the Bitmessage decentralized network
          - setup can be a little confusing for newcomers
          - based in Switzerland (good jurisdiction)

2. Disroot.org
          - Free
          - can be used with email client
          - offers several other privacy services like secure chat & cloud
          - setup is pretty straight forward
          - based in the Netherlands (fair jurisdiction)

3. Protonmail
          - Free and paid versions
          - can be used with client on Windows/Mac, Linux still waiting
          - offers VPN service as well
          - simple setup
          - based in Switzerland (good jurisdiction)

4. Tutanota
          - Free
          - not email client compatible at this time
          - simple setup
          - based in Germany (fair jurisdiction)

5. Novo-ordo.com (Sub Rosa Email)
          - Paid
          - can be used with email client
          - offers numerous and fairly unique services
          - one of the only providers to use Mixmaster service
          - simple setup
          - based in Switzerland and Panama

6. I2P-Bote
          - Unique "email like" system (uses key hash as address)
          - can be used with email client
          - must be running I2P router backend
          - can only communicate with other Bote users
          - encryption by default
          - can be tricky to setup
          - can be setup multi-hop with timing obfuscation
          - Free

7. Susimail
          - I2P based
          - communicates with normal SMTP email
          - can be used with email client
          - can be used with your PGP keys
          - can talk to I2P based addresses or clearweb addresses
          - scrubs metadata
          - Free

Here are some others that look promising (but beware some are US based):

1. Mailfence

2. VFEmail

3. Scryptmail

4. Confidesk

5. Lockbin

6. Lavabit (back in business with some new tricks)

There are, of course, non-email "email" services out there that offer much more anonymity, security and privacy; such as Confidantmail, Retroshare, Keybase, Riot, Bitmessage and Tox just to name a few. 

Some light reading links:








CREDITS: Combat Studies Group