From 5938b66f75ec94cd5eeb971e0522ed652c5f8e1d Mon Sep 17 00:00:00 2001 From: Stephen L Date: Thu, 14 Oct 2021 01:17:49 +0200 Subject: [PATCH] Overhaul and revamp IM page (#192) --- _data/nav/2_software.yml | 4 +- .../1_linphone.yml | 27 ++ .../2_jitsi-meet.yml | 27 ++ _data/software/messengers/1_signal.yml | 32 +++ _data/software/messengers/2_element.yml | 40 +++ _data/software/messengers/3_briar.yml | 22 ++ _data/software/messengers/4_session.yml | 30 ++ _data/software/messengers/5_status.yml | 27 ++ _includes/badge.html | 5 +- _includes/legacy/card.html | 2 +- _includes/legacy/sections/email-warning.html | 2 +- .../legacy/sections/instant-messenger.html | 178 ------------ _includes/legacy/sections/teamchat.html | 42 --- .../sections/voice-video-messenger.html | 59 ---- _includes/recommendation-card.html | 32 +++ .../img/layout/network-anonymous-routing.svg | 2 + assets/img/layout/network-centralized.svg | 2 + assets/img/layout/network-decentralized.svg | 2 + assets/img/layout/network-distributed.svg | 2 + .../3rd-party => messengers}/briar.svg | 0 .../3rd-party => messengers}/element.svg | 0 .../3rd-party => messengers}/jitsi.svg | 0 .../3rd-party => messengers}/linphone.svg | 0 assets/img/messengers/session.svg | 7 + .../3rd-party => messengers}/signal.svg | 0 assets/img/messengers/status.svg | 2 + .../_evergreen/real-time-communication.html | 263 ++++++++++++++++++ ...22-self-hosting-shadowsocks-vpn-outline.md | 2 +- legacy_pages/software.html | 2 +- .../software/real-time-communication.html | 89 ------ 30 files changed, 526 insertions(+), 376 deletions(-) create mode 100644 _data/software/messengers-videoconferencing/1_linphone.yml create mode 100644 _data/software/messengers-videoconferencing/2_jitsi-meet.yml create mode 100644 _data/software/messengers/1_signal.yml create mode 100644 _data/software/messengers/2_element.yml create mode 100644 _data/software/messengers/3_briar.yml create mode 100644 _data/software/messengers/4_session.yml create mode 100644 _data/software/messengers/5_status.yml delete mode 100644 _includes/legacy/sections/instant-messenger.html delete mode 100644 _includes/legacy/sections/teamchat.html delete mode 100644 _includes/legacy/sections/voice-video-messenger.html create mode 100644 assets/img/layout/network-anonymous-routing.svg create mode 100644 assets/img/layout/network-centralized.svg create mode 100644 assets/img/layout/network-decentralized.svg create mode 100644 assets/img/layout/network-distributed.svg rename assets/img/{legacy_svg/3rd-party => messengers}/briar.svg (100%) rename assets/img/{legacy_svg/3rd-party => messengers}/element.svg (100%) rename assets/img/{legacy_svg/3rd-party => messengers}/jitsi.svg (100%) rename assets/img/{legacy_svg/3rd-party => messengers}/linphone.svg (100%) create mode 100644 assets/img/messengers/session.svg rename assets/img/{legacy_svg/3rd-party => messengers}/signal.svg (100%) create mode 100644 assets/img/messengers/status.svg create mode 100644 collections/_evergreen/real-time-communication.html delete mode 100644 legacy_pages/software/real-time-communication.html diff --git a/_data/nav/2_software.yml b/_data/nav/2_software.yml index a864aa5c04..0fa4c616b9 100644 --- a/_data/nav/2_software.yml +++ b/_data/nav/2_software.yml @@ -45,9 +45,9 @@ items: icon: fad fa-briefcase file: legacy_pages/software/productivity.html - type: link - title: Real-Time Communication Platforms + title: Real-Time Communication icon: fad fa-comments-alt - file: legacy_pages/software/real-time-communication.html + file: _evergreen/real-time-communication.html - type: link title: Self-Contained Networks icon: fad fa-chart-network diff --git a/_data/software/messengers-videoconferencing/1_linphone.yml b/_data/software/messengers-videoconferencing/1_linphone.yml new file mode 100644 index 0000000000..a6b6138c28 --- /dev/null +++ b/_data/software/messengers-videoconferencing/1_linphone.yml @@ -0,0 +1,27 @@ +title: Linphone +type: Recommendation +logo: /assets/img/messengers/linphone.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Centralized::tooltip==All communications pass through a single host.|color==info::icon==fas fa-fw fa-phone::text==Encrypted group VoIP::tooltip==Multiparty voice and video calls can be end-to-end encrypted.' +description: | + Linphone is an open-source SIP Phone and a free voice over IP service, available on mobile and desktop environments and on web browsers. It supports ZRTP for end-to-end encrypted voice and video communication. + +

Technical documentation

+ The communication protocol is described in a whitepaper. + +website: 'https://www.linphone.org/' +privacy_policy: 'https://www.linphone.org/privacy-policy' +downloads: + - icon: fab fa-windows + url: 'https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner' + - icon: fab fa-apple + url: 'https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner' + - icon: fab fa-linux + url: 'https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner' + - icon: fab fa-android + url: 'https://f-droid.org/packages/org.linphone' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.linphone' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/us/app/linphone/id360065638' + - icon: fab fa-github + url: 'https://github.com/BelledonneCommunications' diff --git a/_data/software/messengers-videoconferencing/2_jitsi-meet.yml b/_data/software/messengers-videoconferencing/2_jitsi-meet.yml new file mode 100644 index 0000000000..13ef7bb838 --- /dev/null +++ b/_data/software/messengers-videoconferencing/2_jitsi-meet.yml @@ -0,0 +1,27 @@ +title: Jitsi Meet +type: Recommendation +logo: /assets/img/messengers/jitsi.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Centralized::tooltip==All communications pass through a single host.|color==info::icon==fas fa-fw fa-phone::text==Encrypted group VoIP::tooltip==Multiparty voice and video calls can be end-to-end encrypted.' +description: | + Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application with optional E2EE. It can be used from the browser, in desktop applications or on smartphones. Additional features include screen sharing for presentations and an always-on-top floating call window when minimized. See the list of public Jitsi Meet instances. + +

Notes

+ E2EE in Jitsi Meet is an alpha feature and is dependent on Insertable Streams, which is currently supported in Chrome but not Firefox. The mobile apps do not support E2EE at all for the moment. Prefer to use the desktop apps instead. By default, communications are decrypted by the server if the E2EE option is not enabled. + +website: 'https://jitsi.org/jitsi-meet/' +privacy_policy: 'https://jitsi.org/security/' +downloads: + - icon: fab fa-windows + url: 'https://github.com/jitsi/jitsi-meet-electron/releases' + - icon: fab fa-apple + url: 'https://github.com/jitsi/jitsi-meet-electron/releases' + - icon: fab fa-linux + url: 'https://github.com/jitsi/jitsi-meet-electron/releases' + - icon: fab fa-android + url: 'https://f-droid.org/en/packages/org.jitsi.meet/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.jitsi.meet' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/us/app/jitsi-meet/id1165103905' + - icon: fab fa-github + url: 'https://github.com/jitsi/jitsi-meet' diff --git a/_data/software/messengers/1_signal.yml b/_data/software/messengers/1_signal.yml new file mode 100644 index 0000000000..c3b1e0abb1 --- /dev/null +++ b/_data/software/messengers/1_signal.yml @@ -0,0 +1,32 @@ +title: Signal +type: Recommendation +logo: /assets/img/messengers/signal.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Centralized::tooltip==All communications pass through a single host.|color==info::icon==fas fa-fw fa-phone::text==VoIP::tooltip==Voice or video calls are supported.' +description: | + Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Signal is a widely praised and used messenger. + +

Notes

+

Signal requires your phone number as a personal identifier, hence anyone you communicate with will see it.

+

Hardened forks such as Molly implement additional security features.

+

The Sealed Sender option allows to hide who is the sender of messages, as only the receiver address will be visible to the server. It is by default enabled only for the user's contacts list, but can be enabled for all recipients, with the risk of receiving more spams. The company also claims the Signal centralized server does not store any metadata, although this is unverifiable. If you consider metadata leaking a sensitive issue for your usecase, consider anonymous routing messengers, which theoretically provide verifiable guarantees against metadata leaking.

+ +

Audit

+ The protocol was independently audited. + +website: 'https://signal.org/' +privacy_policy: 'https://signal.org/legal/' +downloads: + - icon: fab fa-windows + url: 'https://signal.org/download/' + - icon: fab fa-apple + url: 'https://signal.org/download/' + - icon: fab fa-linux + url: 'https://signal.org/download/' + - icon: fab fa-android + url: 'https://signal.org/android/apk/#apk-danger' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/app/signal-private-messenger/id874139669' + - icon: fab fa-github + url: 'https://github.com/signalapp' diff --git a/_data/software/messengers/2_element.yml b/_data/software/messengers/2_element.yml new file mode 100644 index 0000000000..f09ed60a45 --- /dev/null +++ b/_data/software/messengers/2_element.yml @@ -0,0 +1,40 @@ +title: Element +type: Recommendation +logo: /assets/img/messengers/element.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Federated::tooltip==Your communications pass through one of a network of hosts that intercommunicate.|color==info::icon==fas fa-fw fa-wifi::text==P2P::tooltip==One-on-one voice and video calls are peer-to-peer (option can be disabled).|color==info::icon==fas fa-fw fa-wifi::text==Centralized::tooltip==Some optional services such as e-mail login, external links preview integrations and TURN reverse connection are provided by a centralized server.|color==info::icon==fas fa-fw fa-phone::text==VoIP::tooltip==Voice or video calls are supported.|color==info::icon==fas fa-fw fa-users::text==TeamChat::tooltip==Group channels are supported, and self-hosted servers can run non-federated to isolate from other servers.' +description: | + Element (formerly Riot) is the reference client for the Matrix protocol, which is an open standard for secure decentralized real-time communication. + +

Notes

+

There are a few gotchas and missing features at the moment that need to be kept in mind to avoid unforeseen privacy breaches:

+ + +

Audit

+ The protocol was independently audited. + +website: 'https://element.io' +privacy_policy: 'https://element.io/privacy' +downloads: + - icon: fab fa-windows + url: 'https://element.io/get-started' + - icon: fab fa-apple + url: 'https://element.io/get-started' + - icon: fab fa-linux + url: 'https://element.io/get-started' + - icon: fab fa-android + url: 'https://f-droid.org/packages/im.vector.app/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=im.vector.app' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/app/vector/id1083446067' + - icon: fas fa-globe-americas + url: 'https://app.element.io' + - icon: fab fa-github + url: 'https://github.com/vector-im/element-web' diff --git a/_data/software/messengers/3_briar.yml b/_data/software/messengers/3_briar.yml new file mode 100644 index 0000000000..83c698f54c --- /dev/null +++ b/_data/software/messengers/3_briar.yml @@ -0,0 +1,22 @@ +title: Briar +type: Recommendation +logo: /assets/img/messengers/briar.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==P2P::tooltip==Senders and recipients connect directly with no middlemen (can be disabled).|color==info::icon==fas fa-fw fa-wifi::text==Anonymous Routing::tooltip==Senders and recipients are hidden in the network, no one can know they communicate together (can be disabled).' +description: | + Briar is an encrypted instant messenger that connects to contacts via Wi-Fi or Bluetooth in short distances, or Tor over the internet in long distances. Technology such as this has proven to be useful when Internet availability is an issue, such as in times of crisis. + +

Notes

+ Briar supports perfect forward secrecy by using the Bramble Handshake and Transport protocol. + +

Audit & Technical Documentation

+ The client software was independently audited, the anonymous routing protocol uses the Tor network which is also audited. An overview of how the software works was published along with the complete specifications. + +website: 'https://briarproject.org' +privacy_policy: 'https://briarproject.org/privacy-policy/' +downloads: + - icon: fab fa-android + url: 'https://f-droid.org/packages/org.briarproject.briar.android/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.briarproject.briar.android' + - icon: fab fa-git + url: 'https://code.briarproject.org/briar/briar' diff --git a/_data/software/messengers/4_session.yml b/_data/software/messengers/4_session.yml new file mode 100644 index 0000000000..fd1e9d2205 --- /dev/null +++ b/_data/software/messengers/4_session.yml @@ -0,0 +1,30 @@ +title: Session +type: Recommendation +logo: /assets/img/messengers/session.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==Anonymous Routing::tooltip==Senders and recipients are hidden in the network, no one can know they communicate together.|color==info::icon==fas fa-fw fa-users::text==TeamChat::tooltip==Group channels are supported.' +description: | + Session is an encrypted instant messenger using 3-hops onion routing to transmit communications via Oxen blockchain\'s nodes that are distributed worldwide. All communications are E2EE encrypted by default, supporting 1-on-1, private group and public group textual chatrooms. + +

Notes

+ Session does not support forward secrecy, so that anyone who joins a past discussion can read the whole history. + +

Audit & Technical Documentation

+ The client softwares on all platforms were independently audited. The protocol is described in a whitepaper. + +website: 'https://getsession.org/' +privacy_policy: 'https://getsession.org/privacy-policy/' +downloads: + - icon: fab fa-windows + url: 'https://getsession.org/windows' + - icon: fab fa-apple + url: 'https://getsession.org/mac' + - icon: fab fa-linux + url: 'https://www.getsession.org/linux' + - icon: fab fa-android + url: 'https://fdroid.getsession.org/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=network.loki.messenger' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/app/session-private-messenger/id1470168868' + - icon: fab fa-github + url: 'https://github.com/oxen-io/session-desktop' diff --git a/_data/software/messengers/5_status.yml b/_data/software/messengers/5_status.yml new file mode 100644 index 0000000000..39a415a6bd --- /dev/null +++ b/_data/software/messengers/5_status.yml @@ -0,0 +1,27 @@ +title: Status +type: Recommendation +logo: /assets/img/messengers/status.svg +labels: 'color==info::icon==fas fa-fw fa-wifi::text==P2P::tooltip==Senders and recipients connect directly with no middlemen.|color==info::icon==fas fa-fw fa-wifi::text==Centralized::tooltip==Offline messages relaying is provided by a centralized server.|color==info::icon==fas fa-fw fa-users::text==TeamChat::tooltip==Group channels are supported.' +description: | + Status is an encrypted instant messenger with an integrated Ethereum wallet (cryptocurrency) that also includes support for DApps (decentralized apps) (web apps in a curated store). It uses the Waku protocol (a fork of Whisper) for P2P communication. When offline, messages are relayed by centralized Waku mailservers. + +

Audit & Technical Documentation

+ The mobile client softwares and protocol were independently audited with publicly released reports. The protocol is described in a whitepaper. + +website: 'https://status.im/' +privacy_policy: 'https://status.im/privacy-policy/' +downloads: + - icon: fab fa-windows + url: 'https://status.im/get/' + - icon: fab fa-apple + url: 'https://status.im/get/' + - icon: fab fa-linux + url: 'https://status.im/get/' + - icon: fab fa-android + url: 'https://f-droid.org/packages/im.status.ethereum/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=im.status.ethereum' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/us/app/status-private-communication/id1178893006' + - icon: fab fa-github + url: 'https://github.com/status-im/' diff --git a/_includes/badge.html b/_includes/badge.html index 0b2e9df21d..71b553e2b4 100644 --- a/_includes/badge.html +++ b/_includes/badge.html @@ -1,10 +1,11 @@ {% if include.link %} {{ include.text }} -{% else %}> {{ include.text }}{% endif %} +{% else %}> {{ include.text }} +{% endif %} {% else %} {{include.title}} {% assign labels = include.labels | replace:", ", "," | split:"," %}
{% for label in labels %} - {% assign label_data = label | split:":" %} + {% assign label_data = label | split:";" %} {% assign color = label_data[0] %} {% assign text = label_data[1] %} {% assign tooltip = label_data[2] | default: "" %} diff --git a/_includes/legacy/sections/email-warning.html b/_includes/legacy/sections/email-warning.html index 35b10a1bbb..105ac23866 100644 --- a/_includes/legacy/sections/email-warning.html +++ b/_includes/legacy/sections/email-warning.html @@ -5,6 +5,6 @@

When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about email metadata.

OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. How do I protect my private keys?

Rather than use email for prolonged conversations, consider using a medium that does support Forward secrecy.

- Recommended Instant Messengers + Recommended Instant Messengers
diff --git a/_includes/legacy/sections/instant-messenger.html b/_includes/legacy/sections/instant-messenger.html deleted file mode 100644 index 11d25a4359..0000000000 --- a/_includes/legacy/sections/instant-messenger.html +++ /dev/null @@ -1,178 +0,0 @@ -

- - Encrypted Instant Messengers -

- - - -

We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE). When E2EE is used, all transmissions (messages, voice, video, etc.) are encrypted before they are sent from your device. E2EE protects both the authenticity and confidentiality of the transmission as they pass through any part of the network (servers, etc.).

- -

All the client programs/apps we chose are free and open-source software unless otherwise mentioned. This to ensure that the code can be independently verified by experts now and in the future.

- -

We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.

- -

- - Centralized -

- -

Centralized messengers are those where every participant is on the same server or network of servers controlled by the same organization.

- -{% - include legacy/cardv2.html - title="Signal" - image="/assets/img/legacy_svg/3rd-party/signal.svg" - description='Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been independently audited (PDF)' - labels="color==warning::text==Requires phone number::tooltip==Signal requires your phone number as an personal identifier which means anyone you communicate with will see it.|text==VoIP" - website="https://signal.org/" - privacy-policy="https://signal.org/legal/" - github="https://github.com/signalapp" - windows="https://signal.org/download/" - mac="https://signal.org/download/" - linux="https://signal.org/download/" - googleplay="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms" - android="https://signal.org/android/apk/#apk-danger" - ios="https://apps.apple.com/app/id874139669" -%} - -
-
-
-

Advantages

-
    -
  • New features and changes can be implemented more quickly.
    • -
  • Easier to get started with and to find contacts.
    • -
-
-
-

Disadvantages

- -
-
-
- - -

- - Federated -

- -

Federated messengers use multiple, independent servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.

- -{% - include legacy/cardv2.html - title="Element" - image="/assets/img/legacy_svg/3rd-party/element.svg" - description='Element (formerly Riot) is the reference client for the Matrix network. The Matrix open standard is an open-source standard for secure (audit), decentralized, real-time communication.' - labels="text==VoIP" - website="https://element.io" - privacy-policy="https://element.io/privacy" - github="https://github.com/vector-im/element-web" - windows="https://element.io/get-started" - mac="https://element.io/get-started" - linux="https://element.io/get-started" - fdroid="https://f-droid.org/packages/im.vector.app/" - googleplay="https://play.google.com/store/apps/details?id=im.vector.app" - ios="https://apps.apple.com/app/id1083446067" - web="https://app.element.io" -%} - -
-
-
-

Advantages

-
    -
  • Allows for greater control over your own data when running your own server.
    • -
  • Allows you to choose who to trust your data with by choosing between multiple "public" servers.
    • -
  • Often allows for third party clients which can provide a more native, customized, or accessible experience.
    • -
  • Generally a less juicy target for governments wanting backdoor access to everything as the trust is decentralized. The server may be hosted independently from the organization developing the software.
    • -
  • Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)
    • -
  • Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.
    • -
-
-
-

Disadvantages

-
    -
  • Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
    • -
  • Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
    • -
  • Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
    • -
  • Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
    • -
-
-
-
- -

Worth Mentioning

- - - -

- - Peer to Peer (P2P) -

- -

Peer-to-Peer instant messengers connect directly to each other without requiring third-party servers. Clients (peers) usually find each other through the use of a distributed computing network. Examples of this include DHT (distributed hash table) (used with technologies like torrents and IPFS, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the Scuttlebutt social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made.

- -{% - include legacy/cardv2.html - title="Briar" - image="/assets/img/legacy_svg/3rd-party/briar.svg" - description="Encrypted instant messenger that connects to contacts via Wi-Fi, Bluetooth, or Tor over the internet to synchronize messages. Technology such as this has proven to be useful when Internet availability is an issue, such as in times of crisis." - website="https://briarproject.org" - privacy-policy="https://briarproject.org/privacy-policy/" - gitlab="https://code.briarproject.org/briar/briar" - fdroid="https://f-droid.org/packages/org.briarproject.briar.android/" - googleplay="https://play.google.com/store/apps/details?id=org.briarproject.briar.android" -%} - -{% - include legacy/cardv2.html - title="Jami" - image="/assets/img/legacy_svg/3rd-party/jami.svg" - description='Encrypted instant messaging and video calling software. All communications are E2EE using TLS 1.3 and never stored outside the client, even when TURN servers are used.' - labels="color==warning::link==https://git.jami.net/savoirfairelinux/ring-project/issues/765::text==Warning::tooltip==This software is partially centralized but can be self-hosted.|text==VoIP" - website="https://jami.net/" - privacy-policy="https://jami.net/privacy-policy/" - gitlab="https://git.jami.net/savoirfairelinux" - windows="https://jami.net/download-jami-windows" - mac="https://jami.net/download-jami-macos" - linux="https://jami.net/download-jami-linux" - fdroid="https://f-droid.org/packages/cx.ring/" - googleplay="https://play.google.com/store/apps/details?id=cx.ring" - ios="https://apps.apple.com/app/id1306951055" -%} - -
-
-
-

Advantages

-
    -
  • Minimal information is exposed to third parties.
    • -
  • Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
    • -
-
-
-

Disadvantages

-
    -
  • Reduced feature set:
    • -
      -
    • Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
      • -
    • Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
      • -
    -
  • Your IP address and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a self contained network, such as Tor or I2P. Many countries have some form of mass surveillance and/or metadata retention.
    • -
-
-
-
diff --git a/_includes/legacy/sections/teamchat.html b/_includes/legacy/sections/teamchat.html deleted file mode 100644 index db4a33fe36..0000000000 --- a/_includes/legacy/sections/teamchat.html +++ /dev/null @@ -1,42 +0,0 @@ -

- -Team Chat Platforms -

- - - -{% - include legacy/cardv2.html - title="Element" - image="/assets/img/legacy_svg/3rd-party/element.svg" - description='Element (formerly Riot) is the reference client for the Matrix network. The Matrix open standard is an open-source standard for secure, decentralized, real-time communication.' - labels="text==VoIP" - website="https://element.io" - privacy-policy="https://element.io/privacy" - github="https://github.com/vector-im/element-web" - windows="https://element.io/get-started" - mac="https://element.io/get-started" - linux="https://element.io/get-started" - fdroid="https://f-droid.org/packages/im.vector.app/" - googleplay="https://play.google.com/store/apps/details?id=im.vector.app" - ios="https://apps.apple.com/app/id1083446067" - web="https://app.element.io" -%} - -{% - include legacy/cardv2.html - title="Rocket.chat" - image="/assets/img/legacy_svg/3rd-party/rocketchat.svg" - description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE." - labels="color==warning::link==https://rocket.chat/docs/user-guides/end-to-end-encryption/::text==Experimental E2EE::tooltip==Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. Federation was also added afterwards, potentially causing room for mistakes.|text==VoIP" - website="https://rocket.chat/" - privacy-policy="https://rocket.chat/privacy" - github="https://github.com/rocketchat/" - windows="https://rocket.chat/install" - mac="https://apps.apple.com/app/id1086818840" - linux="https://rocket.chat/install" - googleplay="https://play.google.com/store/apps/details?id=chat.rocket.android" - ios="https://apps.apple.com/app/id1148741252" -%} diff --git a/_includes/legacy/sections/voice-video-messenger.html b/_includes/legacy/sections/voice-video-messenger.html deleted file mode 100644 index 9e0a91c8ba..0000000000 --- a/_includes/legacy/sections/voice-video-messenger.html +++ /dev/null @@ -1,59 +0,0 @@ -

Video/Voice Calling

- - - -{% include legacy/cardv2.html - title="Linphone" - image="/assets/img/legacy_svg/3rd-party/linphone.svg" - website="https://www.linphone.org/" - privacy-policy="https://www.linphone.org/privacy-policy" - description="Linphone is an open-source SIP Phone and a free voice over IP service, available on mobile and desktop environments and on web browsers. It supports ZRTP for end-to-end encrypted voice and video communication." - github="https://github.com/BelledonneCommunications" - windows="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner" - linux="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner" - mac="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner" - fdroid="https://f-droid.org/packages/org.linphone" - googleplay="https://play.google.com/store/apps/details?id=org.linphone" - ios="https://apps.apple.com/app/id360065638" -%} - -{% include legacy/cardv2.html - title="Jitsi Meet" - image="/assets/img/legacy_svg/3rd-party/jitsi.svg" - website="https://jitsi.org/jitsi-meet/" - privacy-policy="https://jitsi.org/security/" - description='Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application with optional E2EE. It can be used from the browser, in desktop applications or on smartphones. Additional features include screen sharing for presentations and an always-on-top floating call window when minimized. See the list of public Jitsi Meet instances.' - labels="color==warning::text==Requires WebRTC::tooltip==Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it.|color==warning::link==https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/e2ee.md::text==Experimental E2EE::tooltip==E2EE in Jitsi Meet is dependent on Insertable Streams, which is currently supported in Chrome but not Firefox. The mobile apps also do not support E2EE for the moment. Prefer to use the desktop apps instead." - github="https://github.com/jitsi/jitsi-meet" - windows="https://github.com/jitsi/jitsi-meet-electron/releases" - linux="https://github.com/jitsi/jitsi-meet-electron/releases" - mac="https://github.com/jitsi/jitsi-meet-electron/releases" - fdroid="https://f-droid.org/en/packages/org.jitsi.meet/" - googleplay="https://play.google.com/store/apps/details?id=org.jitsi.meet" - ios="https://apps.apple.com/app/id1165103905" -%} - -{% include legacy/cardv2.html - title="Mumble" - image="/assets/img/legacy_svg/3rd-party/mumble.svg" - website="https://mumble.info/" - description="Mumble is an open-source, low-latency, and high quality voice chat application primarily intended for use while gaming. Note that while Mumble doesn't log messages or record by default, it's missing end-to-end encryption, so self-hosting is recommended." - github="https://github.com/mumble-voip/" - windows="https://www.mumble.info/downloads" - linux="https://www.mumble.info/downloads" - mac="https://www.mumble.info/downloads" - android="https://www.mumble.info/downloads/#third-party-clients" - ios="https://apps.apple.com/app/id443472808" -%} - -

Related Information

- - diff --git a/_includes/recommendation-card.html b/_includes/recommendation-card.html index 31368ca4ae..8a5748eead 100644 --- a/_includes/recommendation-card.html +++ b/_includes/recommendation-card.html @@ -8,6 +8,38 @@

{{ item.title }}

{% if item.info %}

{{ item.info }}

{% endif %} {% if item.warning %}

{{ item.warning }}

{% endif %} + {% if item.labels %} + {% assign labels = item.labels | split:"|" %} + {% for label in labels %} + {% assign label_data = label | split:"::" %} + {% for label_attr in label_data %} + {% assign attr = label_attr | split:"==" %} + {% if attr[0] == "color" %} + {% assign color = attr[1] %} + {% elsif attr[0] == "link" %} + {% assign link = attr[1] %} + {% elsif attr[0] == "text" %} + {% assign text = attr[1] %} + {% elsif attr[0] == "icon" %} + {% assign icon = attr[1] %} + {% elsif attr[0] == "tooltip" %} + {% assign tooltip = attr[1] %} + {% endif %} + {% endfor %} + {% include badge.html + link=link + color=color + text=text + icon=icon + tooltip=tooltip + %} + {% assign color = nil %} + {% assign link = nil %} + {% assign text = nil %} + {% assign icon = nil %} + {% assign tooltip = nil %} + {% endfor %} + {% endif %} {{ item.description | markdownify }} {% if item.downloads %}

{% for platform in item.downloads %} diff --git a/assets/img/layout/network-anonymous-routing.svg b/assets/img/layout/network-anonymous-routing.svg new file mode 100644 index 0000000000..2a9632f77f --- /dev/null +++ b/assets/img/layout/network-anonymous-routing.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/layout/network-centralized.svg b/assets/img/layout/network-centralized.svg new file mode 100644 index 0000000000..6ca7ea0914 --- /dev/null +++ b/assets/img/layout/network-centralized.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/layout/network-decentralized.svg b/assets/img/layout/network-decentralized.svg new file mode 100644 index 0000000000..c7da6860a0 --- /dev/null +++ b/assets/img/layout/network-decentralized.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/layout/network-distributed.svg b/assets/img/layout/network-distributed.svg new file mode 100644 index 0000000000..5d8e5fef11 --- /dev/null +++ b/assets/img/layout/network-distributed.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/legacy_svg/3rd-party/briar.svg b/assets/img/messengers/briar.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/briar.svg rename to assets/img/messengers/briar.svg diff --git a/assets/img/legacy_svg/3rd-party/element.svg b/assets/img/messengers/element.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/element.svg rename to assets/img/messengers/element.svg diff --git a/assets/img/legacy_svg/3rd-party/jitsi.svg b/assets/img/messengers/jitsi.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/jitsi.svg rename to assets/img/messengers/jitsi.svg diff --git a/assets/img/legacy_svg/3rd-party/linphone.svg b/assets/img/messengers/linphone.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/linphone.svg rename to assets/img/messengers/linphone.svg diff --git a/assets/img/messengers/session.svg b/assets/img/messengers/session.svg new file mode 100644 index 0000000000..67416a987a --- /dev/null +++ b/assets/img/messengers/session.svg @@ -0,0 +1,7 @@ + + + + + diff --git a/assets/img/legacy_svg/3rd-party/signal.svg b/assets/img/messengers/signal.svg similarity index 100% rename from assets/img/legacy_svg/3rd-party/signal.svg rename to assets/img/messengers/signal.svg diff --git a/assets/img/messengers/status.svg b/assets/img/messengers/status.svg new file mode 100644 index 0000000000..bd3d00eb83 --- /dev/null +++ b/assets/img/messengers/status.svg @@ -0,0 +1,2 @@ + + diff --git a/collections/_evergreen/real-time-communication.html b/collections/_evergreen/real-time-communication.html new file mode 100644 index 0000000000..bce05a3278 --- /dev/null +++ b/collections/_evergreen/real-time-communication.html @@ -0,0 +1,263 @@ +--- +layout: evergreen +title: Real-Time Communication +description: "Discover secure and private ways to communicate with others online without letting any third parties read your messages. + +We only recommend communication softwares that support end-to-end encryption (E2EE), which ensures all communications are encrypted for anyone, including the server, except for you and the recipient. All the softwares also are free and open-source, which ensures that the code can be independently verified by experts now and in the future." +--- + +

+ + Encrypted Instant Messengers +

+ +

These softwares allow for instant communication via textual messages. Messengers with {% include badge.html color="info" icon="fas fa-fw fa-phone" text="VoIP" %} support voice and video communications. We only recommend softwares that were independently audited.

+ +{% for item_hash in site.data.software.messengers %} + {% assign item = item_hash[1] %} + + {% if item.type == "Recommendation" %} + {% include recommendation-card.html %} + {% endif %} +{% endfor %} + +

Videoconferencing

+ +

Videoconferencing softwares are primarily voice/video focused, and allow for multiple participants to communicate in a virtual room. None of the following softwares have been independently audited yet.

+ +{% for item_hash in site.data.software.messengers-videoconferencing %} + {% assign item = item_hash[1] %} + + {% if item.type == "Recommendation" %} + {% include recommendation-card.html %} + {% endif %} +{% endfor %} + +

+ + Types of communication networks +

+ +

Communication softwares rely on a network with a specific architecture to relay messages between users. Different network architectures, or network types, provide different guarantees of privacy, also termed the threat model, but also different degrees of ergonomical usability. There are two major categories of networks: centralized platforms versus decentralized protocols, with multiple network types in the latter, such as federated, P2P and anonymous routing. "Hybrid" communication softwares can use multiple network types for different features, such as using a federated network for textual messages but P2P for video and voice calling, so that the threat model depends on the network type of the feature being operated by the user. The rest of this section presents the various network types along with their privacy guarantees and usability limitations in more details.

+ +

+ + Centralized +

+ +
+ Centralized network +

Centralized messengers are those where every participants are on the same server or network of servers controlled by the same organization.

+

Self-hosting, which is when the user setup their own server, can provide additional privacy guarantees, such as no logs storage or private access to select individuals such as a workteam. When self-hosted, a centralized messenger server isolate its users from other servers of the same messenger.

+
+ +
+
+
+

Advantages

+
    +
  • New features and changes can be implemented more quickly.
    • +
  • Easier to get started with and to find contacts.
    • +
  • Most mature and stable features ecosystems, as they are easier to program in a centralized software.
    • +
+
+
+

Disadvantages

+
    +
  • Centralized services could be more susceptible to legislation requiring backdoor access.
    • +
  • Can include restricted control or access. This can include things like:
    • +
      +
    • Being forbidden from connecting third-party clients to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.
      • +
    • Poor or no documentation for third-party developers.
      • +
    +
  • The ownership, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
    • +
  • Privacy issues can be partially reduced by self-hosting (given the tools here are opensource) but require technical know-how.
    • +
+
+
+
+ +

+ + Federated +

+ +
+ Decentralized network +

Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.

+

When self-hosted, users of a federated server can discover and communicate with users of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).

+
+ +
+
+
+

Advantages

+
    +
  • Allows for greater control over your own data when running your own server.
    • +
  • Allows you to choose who to trust your data with by choosing between multiple "public" servers.
    • +
  • Often allows for third party clients which can provide a more native, customized, or accessible experience.
    • +
  • Generally a less juicy target for governments wanting backdoor access to everything as the trust is decentralized. The server may be hosted independently from the organization developing the software.
    • +
  • Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)
    • +
  • Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.
    • +
+
+
+

Disadvantages

+
    +
  • Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
    • +
  • Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
    • +
  • Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
    • +
  • Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
    • +
  • Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
    • +
+
+
+
+ +

+ + Peer to Peer (P2P) +

+ +
+

+ Distributed network + Peer-to-peer messengers connect to a distributed network of nodes to relay messages to the recipient without a third-party server. Clients (peers) usually find each other through the use of a distributed computing network. Examples of this include DHT (distributed hash table) (used with technologies like torrents and IPFS, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the Scuttlebutt social network protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient. +

+

P2P networks do not use servers, as users communicate directly between each others, and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as users discovery or offline messages relaying, which can benefit from self-hosting.

+
+ +
+
+
+

Advantages

+
    +
  • Minimal information is exposed to third parties.
    • +
  • Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
    • +
+
+
+

Disadvantages

+
    +
  • Reduced feature set:
    • +
      +
    • Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
      • +
    • Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
      • +
    • Some common messenger features may not be implemented or incompletely, such as message deletion.
      • +
    +
  • Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a self contained network, such as Tor or I2P. Many countries have some form of mass surveillance and/or metadata retention.
    • +
+
+
+
+ +

+ + Anonymous Routing +

+ +
+

Anonymous routing network + A messenger using anonymous routing hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three information.

+

There are many different ways to implement anonymous routing. One of the most famous is onion routing (e.g., Tor), which communicates encrypted messages through a virtual overlay network that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly, and only meet through a secret rendez-vu node, so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages nor the final destination, only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers".

+

Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.

+
+ +
+
+
+

Advantages

+
    +
  • Minimal to no information is exposed to other parties.
    • +
  • Messages can be relayed in a decentralized manner even if one of the parties is offline.
    • +
+
+
+

Disadvantages

+
    +
  • Slow messages propagation.
    • +
  • Often limited to fewer media types, mostly text since the network is slow.
    • +
  • Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
    • +
  • More complex to get started as the creation and secured backup of a cryptographic private key is required.
    • +
  • Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform, hence features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
    • +
+
+
+
+ +
+ +

Recent news about breaking E2EE on centralized instant messengers

+ +
July 2021
+ + +
June 2020
+ + +
March 2020
+ + +
January 2020
+ + +
November 2019
+ + +
October 2019
+ + +
August 2019
+ + +
July 2019
+ + +
May 2019
+ + +
January 2019
+ + +
December 2018
+ + +

Complete Comparison

+ + +

Independent security audits

+ diff --git a/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md b/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md index 830b21e236..7eccc1a900 100644 --- a/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md +++ b/collections/_posts/2019-08-22-self-hosting-shadowsocks-vpn-outline.md @@ -74,6 +74,6 @@ Once you add your server, that’s it! In the Outline clients it’s just a matt ### Conclusion -That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but don’t send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar]({% link legacy_pages/software/real-time-communication.html %}) if you don’t have a secure app already. +That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but don’t send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar]({% link _evergreen/real-time-communication.html %}) if you don’t have a secure app already. With Outline, there is no need to worry about the security of your server. Everything is set to automatically update with no intervention required! Another thing to note: The port on your Outline server is randomly generated. This is so the port can’t be easily blocked by nation/ISP level censors, however, this VPN may not function on some networks that only allow access to port 80/443, or on servers that only allow traffic on certain ports. These are edge-cases, but something to keep in mind, and if they apply you may need to look for more technical options. diff --git a/legacy_pages/software.html b/legacy_pages/software.html index 50d4640026..0260abbcf2 100644 --- a/legacy_pages/software.html +++ b/legacy_pages/software.html @@ -16,7 +16,7 @@
  • File Sharing
  • Password Manager
  • Productivity Tools
    • -
  • Real-Time Communication
    • +
  • Real-Time Communication
  • Self-contained Networks
  • Video Streaming
    • diff --git a/legacy_pages/software/real-time-communication.html b/legacy_pages/software/real-time-communication.html deleted file mode 100644 index c143432c90..0000000000 --- a/legacy_pages/software/real-time-communication.html +++ /dev/null @@ -1,89 +0,0 @@ ---- -layout: page -permalink: /software/real-time-communication/ -title: "Real-Time Communication" -description: "Discover secure and private ways to communicate with others online without letting any third parties read your messages." ---- - -{% include legacy/sections/instant-messenger.html %} - -

    - -Recent news about breaking E2EE on centralized instant messengers -

    - -
    June 2020
    - - -
    March 2020
    - - -
    January 2020
    - - -
    November 2019
    - - -
    October 2019
    - - -
    August 2019
    - - -
    July 2019
    - - -
    May 2019
    - - -
    January 2019
    - - -
    December 2018
    - - -

    Complete Comparison

    - - -

    Independent security audits

    - - -
    - -{% include legacy/sections/voice-video-messenger.html %} - -
    - -{% include legacy/sections/teamchat.html %}