From 57119907f373dc594dc2265c5eba6cc561b6fae9 Mon Sep 17 00:00:00 2001 From: redoomed1 Date: Fri, 16 May 2025 11:45:44 +0000 Subject: [PATCH] update!: Require PFS for instant messengers and remove Session (#3034) Signed-off-by: fria Signed-off-by: Daniel Gray --- docs/real-time-communication.md | 86 +++++-------------------- docs/tools.md | 1 - theme/assets/img/messengers/session.svg | 1 - 3 files changed, 17 insertions(+), 71 deletions(-) delete mode 100644 theme/assets/img/messengers/session.svg diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index 3d9256fa..9e53c859 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -12,15 +12,11 @@ cover: real-time-communication.webp - [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } -These are our recommendations for encrypted **real-time communication**. These come in the form of many [types of communication networks](./advanced/communication-network-types.md). +These recommendations for encrypted **real-time communication** are great for securing your sensitive communications. These instant messengers come in the form of many [types of communication networks](./advanced/communication-network-types.md). [:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why){ .md-button } -## Encrypted Messengers - -These messengers are great for securing your sensitive communications. - -### Signal +## Signal
@@ -68,7 +64,7 @@ We have some additional tips on configuring and hardening your Signal installati [Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening) -#### Molly (Android) +### Molly (Android) If you use Android and your threat model requires protecting against [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network. @@ -105,7 +101,7 @@ All versions of Molly provide the same security improvements. Molly and Molly-FOSS support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code. -### SimpleX Chat +## SimpleX Chat
@@ -140,7 +136,7 @@ You can find a full list of the privacy and security [features](https://github.c SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/20241014-simplex-network-v6-1-security-review-better-calls-user-experience.html#simplex-cryptographic-design-review-by-trail-of-bits) and in [October 2022](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website). -### Briar +## Briar
@@ -174,76 +170,28 @@ Briar has a fully [published specification](https://code.briarproject.org/briar/ Briar supports forward secrecy[^1] by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol. -## Additional Options - -
-

Warning

- -These messengers do not have forward secrecy[^1], and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications. - -
- -### Session - -
- -![Session logo](assets/img/messengers/session.svg){ align=right } - -**Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls. - -Session uses the decentralized [Oxen Service Node Network](https://oxen.io) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network. - -[:octicons-home-16: Homepage](https://getsession.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://getsession.org/faq){ .card-link title="Documentation" } -[:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" } - -
-Downloads - -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger) -- [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868) -- [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases) -- [:fontawesome-brands-windows: Windows](https://getsession.org/download) -- [:simple-apple: macOS](https://getsession.org/download) -- [:simple-linux: Linux](https://getsession.org/download) - -
- -
- -Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. It is also possible to [set up](https://docs.oxen.io/oxen-docs/products-built-on-oxen/session/guides/open-group-setup) or join open groups which can host thousands of members, but messages in these open groups are **not** end-to-end encrypted between participants. - -Session was previously based on Signal Protocol before replacing it with their own in December 2020. Session Protocol does [not](https://getsession.org/blog/session-protocol-technical-information) support forward secrecy.[^1] - -Oxen requested an independent audit for Session in March 2020. The audit [concluded](https://getsession.org/session-code-audit) in April 2021: - -> The overall security level of this application is good and makes it usable for privacy-concerned people. - -Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol. - ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. ### Minimum Requirements -- Has open-source clients. -- Does not require sharing personal identifiers (phone numbers or emails in particular) with contacts. -- Uses E2EE for private messages by default. -- Supports E2EE for all messages. -- Has been independently audited. +- Must have open-source clients. +- Must not require sharing personal identifiers (particuarly phone numbers or emails) with contacts. +- Must use E2EE for private messages by default. +- Must support E2EE for all messages. +- Must support forward secrecy[^1] +- Must have a published audit from a reputable, independent third party. ### Best-Case Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. -- Supports forward secrecy[^1] -- Supports Future Secrecy (Post-Compromise Security)[^2] -- Has open-source servers. -- Decentralized, i.e. [federated or P2P](advanced/communication-network-types.md). -- Uses E2EE for all messages by default. -- Supports Linux, macOS, Windows, Android, and iOS. +- Should support future secrecy (post-compromise security)[^2] +- Should have open-source servers. +- Should use a decentralized network, i.e. [federated or P2P](advanced/communication-network-types.md). +- Should use E2EE for all messages by default. +- Should support Linux, macOS, Windows, Android, and iOS. [^1]: [Forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) is where keys are rotated very frequently, so that if the current encryption key is compromised, it does not expose **past** messages as well. -[^2]: Future Secrecy (or Post-Compromise Security) is a feature where an attacker is prevented from decrypting **future** messages after compromising a private key, unless they compromise more session keys in the future as well. This effectively forces the attacker to intercept all communication between parties, since they lose access as soon as a key exchange occurs that is not intercepted. +[^2]: Future secrecy (or [post-compromise security](https://eprint.iacr.org/2016/221.pdf)) is a feature where an attacker is prevented from decrypting **future** messages after compromising a private key, unless they compromise more session keys in the future as well. This effectively forces the attacker to intercept all communication between parties since they lose access as soon as a key exchange occurs that is not intercepted. diff --git a/docs/tools.md b/docs/tools.md index 9ac1f4b1..5619fa81 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -603,7 +603,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y - ![Signal logo](assets/img/messengers/signal.svg){ .twemoji loading=lazy } [Signal](real-time-communication.md#signal) - ![Briar logo](assets/img/messengers/briar.svg){ .twemoji loading=lazy } [Briar](real-time-communication.md#briar) - ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji loading=lazy } [SimpleX Chat](real-time-communication.md#simplex-chat) -- ![Session logo](assets/img/messengers/session.svg){ .twemoji loading=lazy } [Session](real-time-communication.md#session)
diff --git a/theme/assets/img/messengers/session.svg b/theme/assets/img/messengers/session.svg deleted file mode 100644 index 90162e87..00000000 --- a/theme/assets/img/messengers/session.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file