Paranoia, some smart people like to say, is not retroactive. What I mean by this is not that you should start being paranoid now, because you never know when you’ll need it. Rather I mean that, at whatever point in time you actually need to start being paranoid, you’ll certainly wish you had started being paranoid at an earlier point in time.
So, to that end, it’s time to talk about a few secure communications technologies you can start employing TODAY to keep immoral corporate and government actors at bay. I’m pointing out these particular platforms not necessarily because I think they are the absolute best, but because I think that they are the most approachable. Some of the best methods for secure and private communications are still exceptionally rough around the edges and not at all ready to be used by a typical user, but I’ve found these to be fairly easy to get up and running.
vLine: a user friendly WebRTC facilitator
The state of web-based video calling is horrid. Atrocious. Has been for some time. On the one hand, you’ve got centralized services like Skype and Google Hangouts that come with their company’s repugnant record on privacy. Then you have the ridiculous “meeting” solutions like citrix or join.me and so on.
On the other hand, you have SIP, a protocol often used for video calls. SIP is great, or rather would be if anybody but a relatively small cadre of digital literati were capable of using it. If you have skill and need a secure video calling line, SIP with ZRTP is pretty much the way to get what you want, but I wouldn’t count on using it to successfully reach your grandma.
WebRTC on the other hand is really starting to look like a good technology at this point. Simple, easy to use, browser based video chat. Now comes with encryption technology, depending on how you go about facilitating the connection. Also, WebRTC is peer-to-peer which means the only roll that the server has in facilitating the conversation is connecting to two people.
The WebRTC facilitator that I’m liking the most at present is vLine. Their developers appear to know what they are doing, their descriptions of their goals are on point, and they’re using the most secure extensions that are commonly supported by the WebRTC standard at this time.
One thing to note is that vLine does not yet work on mobile, so you’ll have to be in front of a computer to use it. At present the only even half-decent piece of software that I know of for Android is Lumicall, although it is actually a SIP system and configuration can be a bear.
Tox.im: chat, decentralized
Tox.im has a great idea, one that you’ll see repeated in the next three items: leverage the inherent distributed nature of the fundamental technologies of bittorrent and bitcoin to produce robust, secure messaging platforms. In Tox.im’s case, the bitcoin protocol is not used, however Tox still does a fairly good job of allowing for pseudonymous (not anonymous, by by pseudonym) conversation with encrypted contents. It’s not perfect, but Tox.im is definitely a good start.
If you go to check it out you might see that while Tox.im has video chat capabilities, I have not listed them as a feature, and that is largely because they do not exist across all of the different clients that suppor the messaging protocol, including the mobile ones, so I don’t actually consider it a core feature at this point.
Twister: like Twitter, but without all that
Because Twister is built around bitcoin’s blockchain technology, you can’t simply install it and start running. It is going to take a good deal of time for the full blockchain to download and for Twister to be ready to use. Once the full blockchain is loaded, you access Twister like a website hosted locally on your machine. Then you can post microbloggy goodness and follow people and do all the direct-messagey things that you are used to doing on Twitter.
One very important note regarding Twister: as with bitcoin, your private key is your identity. It is very important that you back it up somewhere. Otherwise if you should lose it you will never be able to post as that user again, period end of story.
You can pick up the admittedly very beta-quality twister here, and I highly recommend you do some reading. It’s impressive stuff!
Bitmessage: Email, but private
The best way to think of Bitmessage is like a completely bulletproof e-mail system that uses a fake name. You can tell people your fake name, or share it on the internet, but you can also have an unlimited number of fake names. There are of course a few caveats. No attachments, unless you’re willing to jump through many hoops, and the user interface is still pretty simplistic. But it’s something rather than nothing, and as far as a distributed, fully encrypted, decentralized alternative to email, you aren’t going to find a lot on the internet right now that is better than Bitmessage.
Much like with Twister, it’s worth noting that identities are derived from private keys. Should you lose your private key, you will never be able to retreive messages for an adress, or send from that address ever again. Additionally, messages on the Bitmessage network have a lifespan of around three days. If you don’t connect to the network during that time, you can very easily miss messages. It’s worth pointing out though that if you do not receive the message, the message will never show as received to the sender, so if they are paying attention they will know the message hasn’t been read.
OTR + Jabber/XMPP: established encrypted chat.
XMPP is, by this point, one of the few real enduring standards of the internet. Facebook messaging speaks XMPP (although very poorly). Google chat speaks XMPP. And there are a plethora of freely joinable XMPP servers, all of which support (of course) XMPP. And here’s the real kicker: if you’re signed up on any one of these servers (except Facebook) you can talk to any person on any of the other servers. This concept, known as “federation”, is something you don’t see as much as you should, mostly because some companies think it’s easier to extract money from people if you keep them in walled silos.
Of course, XMPP by itself is somewhat lacking in the security department. While many XMPP servers secure the connection between the user and the server, the server is still able to read the message (a no-no for security specialists) and often the connection between servers is not encrypted, meaning that attackers on the network can read messages that pass between different servers as they move by on the network.
The solution to that problem is a plugin called OTR, and it’s supported by many XMPP clients. And the kicker is, the server doesn’t matter, because the encryption is all done client-side. In general, Pidgin is the most established and beloved of messaging clients that support XMPP, and it is in fact the reference implementation for the OTR system, which you can find here after you install Pidgin.
Assuming you have an XMPP account (you can use a Google chat account or sign up on one of the servers that you find here), OTR setup is very easy. Activate the plugin in Pidgin’s plugin list, generate a key, and start encrypting your messages with other people that have it installed. That simple.