The Living Thing / Notebooks :

Secure chat systems

Optimising backchannel interjections into your friends’ boring meetings

Most communication systems spraypaint your friends’ houses with dick picks. Metaphorically. Usually metaphorically. Instant-ish messaging via text and telephony.

tl;dr Everyone use Signal, or just meet up face-to-face. In a Faraday cage.

The ephemeral nature of chats turns out to be potentially much more practically secure than email, at least if you do it right.

There are too many chat programs which aspire to security and not enough secure anything else, and we can’t persuade people to use even the secure chat clients, let alone the same chat protocols. Building them is hard and many are doing it badly. The ones that exist are often awful - gossip is that the stalwart pidgin/adium/libpurple is bad in that it is full of security bugs. Even without bugs the underlying protocol XMPP by design leaks information about your contact list to the server, if not the message content.

Nonetheless it gets worse with commercial systems. For a visualisation of how the popularity of chat clients increases roughly in proportion to how much of your information is given to unaccountable third parties, see the EFF chat scorecard

BONUS UPDATE: Thanks to Australia mobile chat clients are no longer secure.

Skype, however, does not do it right; rather, it is an NSA honeypot, and not even an especially usable one.

There are attempts to do it right below as regards confidentiality, but refer also of course to the problem of jurisdiction.

Trumping end to end encryption

Currently, the NSA can tap into a broad range of communications, but have no means to compel communications to be in a form they can monitor. This is likely to change; after all, they will need to be able to hunt down those involved in, or providing support to, terrorist groups like Black Lives Matter and Friends Of The Earth, not to mention the President’s extensive list of enemies. As such, it is quite likely that, at some point during Trump’s first year, end-to-end encrypted messaging systems will be required to provide real-time plaintext to the security services.

UPDATE: This part got outsourced to Australia via the AssAccessBill.

(Things have already been moving slowly in this direction, and will only accelerate under a president who has expressed admiration for autocrats and a brutishly Hobbesian view of how power works.)

Similar laws are already in force in more established autocracies such as Russia and Turkey. The difference is that American companies, subject to American law, provide many of the communications systems used worldwide, such as Apple iMessage, WhatsApp and Signal. These are likely to be compelled to provide the US homeland-security authorities with the plaintext of all messages coming through them, in real time, and to make whatever changes are necessary to their architecture to achieve this.


Group chat

You want a social media site but for a single project? ## Unfiled

Where does keybase fit in all this?