![eb303623](https://pic-cc.com/data/avatars/m/150/150934.jpg?1733143058"){kind=avatar}
eb303623
MEMO
- Joined
- 01.05.24
- Messages
- 254
- Reaction score
- 6,747
- Points
- 93
So Today, we are going to look at VOICE AND TEXT
Protecting your personal voice and text communications is an incredibly important step in achieving true privacy. Though the thought of all of your voice and message traffic being intercepted may seem incredibly paranoid and unlikely, recent news articles have indicated that it certainly is not. Though metadata collection was the first privacy bombshell to burst, it did not end there. I advocate encrypting the maximum amount of voice and message traffic possible. Fortunately, encrypting voice and message traffic is a fairly simple affair. In most cases it requires nothing more than installing an app, modifying your own behavior, and that of the people with whom you talk and text.
Most mobile telephone calls that occur on LTE (Long Term Evolution) networks are already encrypted by default. In fact, LTE encryption is one of the most successful cryptography implementations ever in regards to user compliance. It is completely transparent and requires no user input whatsoever – it just happens. The problem with LTE encryption is that is has avowed backdoors for use by law enforcement, intelligence, and other government agencies. Unfortunately, due to the technical nature of “backdoors”, this vulnerability is also available to anyone else able to discover and exploit it. I strongly recommend implementing stronger, intact
encryption protocols, even if no specific threat exists against you.
I also strongly encourage each reader of this work to convince as many friends, family, colleagues, clients, and anyone else to use these apps. When more of us
use these products, we create noise for each other. If only one of us uses a particular encryption product, it is easy to single that user out and massive amounts of resources can be dedicated to exploiting that user’s communications. When we all encrypt as much of our communications as possible, surveillance must become targeted again, and a good deal of our privacy is restored. I also
believe that we can reach a point where these apps are “mainstream” and not considered uncommon or different, even among “common” users. So please, convince others to use these apps.
Most of the applications listed here are produced by security-focused companies and do not collect data about their users beyond what is necessary to create accounts or process financial transactions. This chapter will discuss products that
will replace your plaintext voice and texting apps. I will also discuss some native iOS apps that are already encrypted that you may not be aware of. Finally, I will discuss an application that can replace instant-messaging style apps.
All of the applications here utilize your device’s Data or Wi-Fi connection rather than your service provider’s calling minutes or texting plan. This has the benefit of
reducing the data your wireless service provider is able to collect about your calling and messaging habits by cutting them out of the loop completely. It also allows you to use your device even when you do not have cellular service as long
as you have a Wi-Fi connection.
Depending on your service provider, coverage plan, and your personal habits, you may be able to reduce your phone’s calling and texting plan and send the majority
of your calls and texts from your home’s Wi-Fi. With the exception of iMessage and FaceTime, all of the applications mentioned here are supported by both Android and iOS.
1. SIMPLEX CHAT
Simplex Chat is one of the best secure messaging and texting platform that protects your privacy by not having any persistent identifiers for users. Among the other apps I recommend Simplex Chat. It gives you a complete privacy and encrypted chats. All messages are sent via the servers, both providing better metadata, privacy and reliable asynchronous message delivery, while avoiding many problems of P2P networks. Unlike federated networks and apps, SimpleX relay servers do NOT store user profiles, contacts and delivered messages, do NOT connect to each other, and there is NO servers directory.
2. SINGNAL
Signal Messenger is a free application, Signal supports both voice calls and text messaging in a single app and is incredibly easy to use and convince others to use too. You will be prompted to enter your
telephone number for verification. The app will verify the number by sending you a code that you must enter into the application. No other personal information is required or requested. but in my opinion it's not really safe because it ask for phone number to verify the app, which is not good for our privacy. But I've found one juicy way to use signal without your personal phone number.
You can simply get one of the SMS verification site such as Textverified etc. You can buy some credit on there with BTC and use their service to verify signal. In that case, you didn't use your personal or real phone number for the verification.
Signal does not offer anonymity. Because it uses your mobile number to register you will be associated with the account. Even if you use an anonymous number to register the account consider the contacts to whom you provide this number. If
they put you in their Androids phone’s contact list by your full name this
information will likely be transmitted to Google and dozens of other apps on their device. Signal also does not obscure your metadata: who you talk to, when you talk to them, and for how long. It merely protects the content of the message.
3. SILENT CIRCLE OR SILENT PHONE
Silent phone is probably one of the most widely publicized encrypted voice applications in existence. Silent Circle, is well-known in security and privacy circles for their custom BlackPhone handset. Fortunately for privacy-minded users, the Silent Phone app is also available on iOS and Android handsets. The app is free to download, but you must pay for a subscription before you can use it. The legacy app Silent Text was recently merged into Silent Phone so users now have access to encrypted phone calls and messaging within a single app.
Unfortunately, I have found little use for the messaging function since it can only be used between Silent Circle subscribers. I have had very little success convincing
anyone to add $10 per month or more to their phone bill.
4. WICKR
WICKR is a free app that, in addition to being available for both iOS and Android, can also be used as a desktop messaging application on Linux and pretty much any other OS. After downloading the Wickr app to your device you must choose a
username and create a password. Wickr asks you for no personal information whatsoever during setup. Once the username is set up users can message each other through the very intuitive interface. Wickr can also be used to securely send pictures, videos, voice messages, and attachments from Dropbox and Google Drive. According to the company’s privacy policy Wickr messages are only stored on the Wickr server in an encrypted state, and then they are only stored until the message has been delivered, after which they are erased from the servers.
Wickr is considered an ephemeral messaging service because your messages are deleted from both the sender and recipient’s devices at a set interval of your choosing. You should be aware, however, that iOS users do have the ability to take screenshots of your text messages and photos, and anyone using the app in a desktop environment can take a screenshot. Wickr has found an inventive solution to this. When someone takes a screenshot in iOS everyone in the conversation is alerted to it and receives a copy of the screenshot. It is not a perfect solution but as Wickr points out, the app is intended to be used with people you trust. Also remember that if a user is on a desktop computer no screenshot protection exists.
The security of Wickr is incredibly good. When you send a message via Wickr it is encrypted locally on your device, with a unique, randomly-generated, asymmetric
key for each and every message. When the message is sent the key is destroyed. The message is encrypted in transit to the recipient and decrypted locally on his or
her device only where it is then forensically destroyed upon expiration. All data-at-rest and data-in-motion are encrypted with AES-256 and as Wickr’s website puts it,
“your messages are encrypted and secured during their entire lifespan”. Wickr is very security-and privacy-focused and offers a number of settings to allow you to
customize the app to your security needs.
5. JABBER/XMPP
Jabber/XMPP is a server-federation-based protocol designed with openness in mind. Its security depends on you making good use of OTR as you can never be
sure if servers are properly encrypted between each other. Privacy with Jabber is limited, as it is visible to various kinds of attackers who your account is talking to. TOR only helps to pseudonymize your account and hide your current location, but
your social graph may still expose your identity. For a good OPSEC guide on chatting anonymously see this article Chatting Anonymously.
Tor Exit Node eavesdropping can happen if no encryption to the server is enabled. Some protocols have encryption disabled by default, some do not support
encryption at all.
See also Overview about Pidgin protocols and their encryption features[1]. If encryption to the server is enabled, the Tor Exit Node can no longer eavesdrop. This fixes one problem, however it also leaves another problem unresolved.
Even with encryption to the server enabled, the server could still gather interesting information. For example:
o Account names
o Buddy list (list of contacts)
o Log login dates and times
o Timestamp of messages
o Who communicates with whom
• If the recipient knows the sender and the recipient uses a non-
anonymous account or the recipient ever logged in without Tor, this can be used as a hint for determining who the sender is.
o Content of messages - Can be prevented using end-to-end encryption.
On Qubes OS or Linux, the best and most secure way to use Jabber, is to connect to a Windows VM or RDP through Whonix using the Remmina program and run PSI+ from there. That way, you remove any possible connection of that account to your actual computer. Also recommend changing that Windows RDP or VM frequently.
6. TOX CHAT
TOX looks like a promising solution for secure, encrypted communications. The official client implementation is based on the Toxcore protocol library, which is
very feature-rich and has a variety of functions besides VOIP. By default, Tox does not attempt to cloak your IP address from authorized contacts. However, Tox connections can be tunneled through Tor, allowing communication with others even if they are not anonymous. Desktop and mobile client versions have been
developed for every major OS platform.
In the Tox design, users are assigned a public and private key, with direct
connections being established in a peer-to-peer network. Users can message friends, join chat rooms with friends or strangers, and send each other files. Everything is encrypted using the NaCl crypto library, via libsodium. Tox helps to protect your privacy by :
o Removing the need to rely on central authorities to provide messenger services
o Concealing your identity (in the form of meta-data, e.g. your IP address) from people who are not your authorized friends
o Enforcing end-to-end encryption with perfect forward secrecy as the default and only mode of operation for all messages
o Making your identity impossible to forge without the possession of your
personal private key, which never leaves your computer
In any Linux or Qubes OS, again, Tox is better run from a Windows virtual machine or RDP, of which you connect to using Whonix and the Remmina program. Tox is much more secure than Jabber, and I personally recommend it over any other instant messaging service. It is currently the safest way to communicate instantly online.
CONCLUSION Now, we came a long way from communication security through email and finally we have covered. The communication security by text and voice. Hope you have and keep your privacy and stay safe!
Security.
Protecting your personal voice and text communications is an incredibly important step in achieving true privacy. Though the thought of all of your voice and message traffic being intercepted may seem incredibly paranoid and unlikely, recent news articles have indicated that it certainly is not. Though metadata collection was the first privacy bombshell to burst, it did not end there. I advocate encrypting the maximum amount of voice and message traffic possible. Fortunately, encrypting voice and message traffic is a fairly simple affair. In most cases it requires nothing more than installing an app, modifying your own behavior, and that of the people with whom you talk and text.
Most mobile telephone calls that occur on LTE (Long Term Evolution) networks are already encrypted by default. In fact, LTE encryption is one of the most successful cryptography implementations ever in regards to user compliance. It is completely transparent and requires no user input whatsoever – it just happens. The problem with LTE encryption is that is has avowed backdoors for use by law enforcement, intelligence, and other government agencies. Unfortunately, due to the technical nature of “backdoors”, this vulnerability is also available to anyone else able to discover and exploit it. I strongly recommend implementing stronger, intact
encryption protocols, even if no specific threat exists against you.
I also strongly encourage each reader of this work to convince as many friends, family, colleagues, clients, and anyone else to use these apps. When more of us
use these products, we create noise for each other. If only one of us uses a particular encryption product, it is easy to single that user out and massive amounts of resources can be dedicated to exploiting that user’s communications. When we all encrypt as much of our communications as possible, surveillance must become targeted again, and a good deal of our privacy is restored. I also
believe that we can reach a point where these apps are “mainstream” and not considered uncommon or different, even among “common” users. So please, convince others to use these apps.
Most of the applications listed here are produced by security-focused companies and do not collect data about their users beyond what is necessary to create accounts or process financial transactions. This chapter will discuss products that
will replace your plaintext voice and texting apps. I will also discuss some native iOS apps that are already encrypted that you may not be aware of. Finally, I will discuss an application that can replace instant-messaging style apps.
All of the applications here utilize your device’s Data or Wi-Fi connection rather than your service provider’s calling minutes or texting plan. This has the benefit of
reducing the data your wireless service provider is able to collect about your calling and messaging habits by cutting them out of the loop completely. It also allows you to use your device even when you do not have cellular service as long
as you have a Wi-Fi connection.
Depending on your service provider, coverage plan, and your personal habits, you may be able to reduce your phone’s calling and texting plan and send the majority
of your calls and texts from your home’s Wi-Fi. With the exception of iMessage and FaceTime, all of the applications mentioned here are supported by both Android and iOS.
1. SIMPLEX CHAT
Simplex Chat is one of the best secure messaging and texting platform that protects your privacy by not having any persistent identifiers for users. Among the other apps I recommend Simplex Chat. It gives you a complete privacy and encrypted chats. All messages are sent via the servers, both providing better metadata, privacy and reliable asynchronous message delivery, while avoiding many problems of P2P networks. Unlike federated networks and apps, SimpleX relay servers do NOT store user profiles, contacts and delivered messages, do NOT connect to each other, and there is NO servers directory.
2. SINGNAL
Signal Messenger is a free application, Signal supports both voice calls and text messaging in a single app and is incredibly easy to use and convince others to use too. You will be prompted to enter your
telephone number for verification. The app will verify the number by sending you a code that you must enter into the application. No other personal information is required or requested. but in my opinion it's not really safe because it ask for phone number to verify the app, which is not good for our privacy. But I've found one juicy way to use signal without your personal phone number.
You can simply get one of the SMS verification site such as Textverified etc. You can buy some credit on there with BTC and use their service to verify signal. In that case, you didn't use your personal or real phone number for the verification.
Signal does not offer anonymity. Because it uses your mobile number to register you will be associated with the account. Even if you use an anonymous number to register the account consider the contacts to whom you provide this number. If
they put you in their Androids phone’s contact list by your full name this
information will likely be transmitted to Google and dozens of other apps on their device. Signal also does not obscure your metadata: who you talk to, when you talk to them, and for how long. It merely protects the content of the message.
3. SILENT CIRCLE OR SILENT PHONE
Silent phone is probably one of the most widely publicized encrypted voice applications in existence. Silent Circle, is well-known in security and privacy circles for their custom BlackPhone handset. Fortunately for privacy-minded users, the Silent Phone app is also available on iOS and Android handsets. The app is free to download, but you must pay for a subscription before you can use it. The legacy app Silent Text was recently merged into Silent Phone so users now have access to encrypted phone calls and messaging within a single app.
Unfortunately, I have found little use for the messaging function since it can only be used between Silent Circle subscribers. I have had very little success convincing
anyone to add $10 per month or more to their phone bill.
4. WICKR
WICKR is a free app that, in addition to being available for both iOS and Android, can also be used as a desktop messaging application on Linux and pretty much any other OS. After downloading the Wickr app to your device you must choose a
username and create a password. Wickr asks you for no personal information whatsoever during setup. Once the username is set up users can message each other through the very intuitive interface. Wickr can also be used to securely send pictures, videos, voice messages, and attachments from Dropbox and Google Drive. According to the company’s privacy policy Wickr messages are only stored on the Wickr server in an encrypted state, and then they are only stored until the message has been delivered, after which they are erased from the servers.
Wickr is considered an ephemeral messaging service because your messages are deleted from both the sender and recipient’s devices at a set interval of your choosing. You should be aware, however, that iOS users do have the ability to take screenshots of your text messages and photos, and anyone using the app in a desktop environment can take a screenshot. Wickr has found an inventive solution to this. When someone takes a screenshot in iOS everyone in the conversation is alerted to it and receives a copy of the screenshot. It is not a perfect solution but as Wickr points out, the app is intended to be used with people you trust. Also remember that if a user is on a desktop computer no screenshot protection exists.
The security of Wickr is incredibly good. When you send a message via Wickr it is encrypted locally on your device, with a unique, randomly-generated, asymmetric
key for each and every message. When the message is sent the key is destroyed. The message is encrypted in transit to the recipient and decrypted locally on his or
her device only where it is then forensically destroyed upon expiration. All data-at-rest and data-in-motion are encrypted with AES-256 and as Wickr’s website puts it,
“your messages are encrypted and secured during their entire lifespan”. Wickr is very security-and privacy-focused and offers a number of settings to allow you to
customize the app to your security needs.
5. JABBER/XMPP
Jabber/XMPP is a server-federation-based protocol designed with openness in mind. Its security depends on you making good use of OTR as you can never be
sure if servers are properly encrypted between each other. Privacy with Jabber is limited, as it is visible to various kinds of attackers who your account is talking to. TOR only helps to pseudonymize your account and hide your current location, but
your social graph may still expose your identity. For a good OPSEC guide on chatting anonymously see this article Chatting Anonymously.
Tor Exit Node eavesdropping can happen if no encryption to the server is enabled. Some protocols have encryption disabled by default, some do not support
encryption at all.
See also Overview about Pidgin protocols and their encryption features[1]. If encryption to the server is enabled, the Tor Exit Node can no longer eavesdrop. This fixes one problem, however it also leaves another problem unresolved.
Even with encryption to the server enabled, the server could still gather interesting information. For example:
o Account names
o Buddy list (list of contacts)
o Log login dates and times
o Timestamp of messages
o Who communicates with whom
• If the recipient knows the sender and the recipient uses a non-
anonymous account or the recipient ever logged in without Tor, this can be used as a hint for determining who the sender is.
o Content of messages - Can be prevented using end-to-end encryption.
On Qubes OS or Linux, the best and most secure way to use Jabber, is to connect to a Windows VM or RDP through Whonix using the Remmina program and run PSI+ from there. That way, you remove any possible connection of that account to your actual computer. Also recommend changing that Windows RDP or VM frequently.
6. TOX CHAT
TOX looks like a promising solution for secure, encrypted communications. The official client implementation is based on the Toxcore protocol library, which is
very feature-rich and has a variety of functions besides VOIP. By default, Tox does not attempt to cloak your IP address from authorized contacts. However, Tox connections can be tunneled through Tor, allowing communication with others even if they are not anonymous. Desktop and mobile client versions have been
developed for every major OS platform.
In the Tox design, users are assigned a public and private key, with direct
connections being established in a peer-to-peer network. Users can message friends, join chat rooms with friends or strangers, and send each other files. Everything is encrypted using the NaCl crypto library, via libsodium. Tox helps to protect your privacy by :
o Removing the need to rely on central authorities to provide messenger services
o Concealing your identity (in the form of meta-data, e.g. your IP address) from people who are not your authorized friends
o Enforcing end-to-end encryption with perfect forward secrecy as the default and only mode of operation for all messages
o Making your identity impossible to forge without the possession of your
personal private key, which never leaves your computer
In any Linux or Qubes OS, again, Tox is better run from a Windows virtual machine or RDP, of which you connect to using Whonix and the Remmina program. Tox is much more secure than Jabber, and I personally recommend it over any other instant messaging service. It is currently the safest way to communicate instantly online.
CONCLUSION
!!ALL THE BEST AND GOOD LUCK!!
