In an age where digital surveillance looms large and privacy is challenged by legal and technological advancements, understanding how to navigate this terrain becomes paramount. From the darknet to the encrypted channels of private messaging, this blog is a guide for those who seek to converse in whispers, away from prying eyes and intrusive ears.

Here, we unravel the tools and tactics that fortify your digital conversations against unwanted intrusion. In a world where the battle for privacy is waged in bytes and encryption keys, we arm you with the knowledge to choose your weapons wisely.

From XMPP, and Signal, to Tails, I2P, and Tor, each tool serves a purpose in protecting your privacy.

As laws like the The Assistance and Access Bill cast long shadows over the landscape of digital communication and Privacy in Australia, these shifting sands impact our ability to remain unseen and unheard.

Let’s explore the art of staying hidden, where being harder to trace is the objective, and every message is a ghost, here one moment and gone the next.

Tools of the Trade

Signal – The Gold Standard

A highly secure, open-source messaging app known for its end-to-end encryption. Signal provides features like self-destructing messages and sealed sender technology, ensuring private and secure communication.

Signal blends ease of use with heightened security, making it a preferred choice for encrypted conversations.

  • Ephemeral Messaging: Signal’s self-destructing messages reduce the lifespan of digital footprints.
  • Sealed Sender: By masking the identity of communicators, Signal amplifies privacy.
  • Open Source: The open-source nature allows for independent security audits.
  • State-of-the-art Encryption: Uses the Signal Protocol, renowned for its security.
  • User Privacy: Designed with a privacy-first approach, collecting minimal user data.

Signal has dedicated apps that are known for their simplicity and strong encryption:

Android & iOS: Available on both platforms, ensuring seamless end-to-end encryption.

Desktop: Offers a desktop client for Windows, Mac, and Linux, maintaining high security.

In an exciting development, Signal is poised to introduce a username feature. This marks a significant step forward in enhancing user privacy. With this feature, users will be able to communicate without revealing their phone numbers, adding an extra layer of anonymity to their interactions. This update underscores Signal’s commitment to user privacy and security, making it an even more appealing choice for those seeking confidential and secure communication channels.

XMPP (Jabber)

XMPP: The Darknet’s Communication Backbone – XMPP, known for its flexibility and strong encryption, has emerged as the de facto standard for secure, anonymous communications within the darknet.

It’s decentralized nature and robust encryption make it a favoured tool for those who value privacy.

  • Encryption Options: With OTR or OMEMO, XMPP messages are securely encrypted.
  • Decentralization: Its dispersed nature complicates tracking, similar to darknet paths.
  • Real-World Use: Ideal for covert operations or sensitive discussions.
  • Flexibility: Open standard with a variety of client and server options.
  • Feature-rich: Supports various communication forms, including file sharing and calls.

XMPP is versatile and has several client applications across various platforms:

  • Android: Conversations is a popular choice with advanced encryption features.
  • iOS: ChatSecure offers robust options for Apple users.
  • Desktop: Gajim supports both OTR and OMEMO encryption, suitable for desktop users.

Briar

In the realm of secure communication, Briar stands out for its robust approach to privacy and resilience, particularly in challenging environments.

  • Direct, Encrypted Communications: Operates on a peer-to-peer model, bypassing central servers.
  • Offline Functionality: Can sync messages without the internet, using Wi-Fi or Bluetooth.
  • Censorship Resistant: Designed to resist censorship and internet shutdowns over Tor.
  • Resistance to Network Surveillance: Uses Tor to encrypt traffic, enhancing security.
  • Group Chat and Forums: Supports secure group communication.
  • Emergency Use: Effective in crises situations with compromised communication infrastructures.

Available only on Android, Briar is ideal for journalists, activists, and those needing resilient communication tools.

Session

Session operates on the principle of absolute anonymity, demanding no personal details for sign-up. It uses onion routing and Lokinet integration to offer anonymous, decentralized communication across Android, iOS, and desktop platforms.

  • Onion Routing: Complex server routing makes tracing messages challenging.
  • Lokinet Integration: Adds an extra layer of security, akin to darknet networks.
  • Decentralization: Operates on a decentralized network, reducing surveillance risks.
  • Reduced Metadata Leakage: Designed to minimize metadata creation for user privacy.
  • Blockchain-based: Ensures reliable serverless message delivery.

Session is available on multiple platforms

  • Android & iOS: Requires no phone number or email for signup.
  • Desktop: Provides a desktop application for Windows, macOS, and Linux.

GPG

GPG, short for GNU Privacy Guard, is a free and open-source implementation of the OpenPGP standard.

It is widely used for secure communication and data encryption. GPG allows users to encrypt and sign their data and communications, providing a high level of security and privacy. It works on the principle of public and private keys, enabling users to securely exchange encrypted messages and verify the authenticity of received data.

GPG is particularly popular for securing email communications but can also be used to encrypt files and other forms of digital data. Its versatility and strong encryption capabilities make it a cornerstone in the realm of secure digital communication.

  • Email Anonymity: When used with anonymous email services, enhances privacy.
  • Secure Key Exchange: Mimics the clandestine nature of darknet communications.
  • Widely Adopted: The standard for encrypted emails, supported by many email clients.
  • Digital Signatures: Provides authenticity and integrity of messages.
  • Versatility: Capable of encrypting files and texts beyond email.

GPG is mainly used for securing emails and has various implementations:

  • Android: OpenKeychain works with email apps for encrypted communications.
  • iOS: iPGMail allows encryption and decryption of emails and files.
  • Desktop: Thunderbird with Enigmail offers a comprehensive encrypted email solution.

Advanced Tools: Tails, Whonix, and I2P

Tails: The Ephemeral OS

Tails is a live operating system that leaves no trace on your computer, embodying digital impermanence.

  • Amnesic Feature: Forgets all activity after shutdown, avoiding digital traces.
  • High-Stakes Usage: Ideal where leaving no digital footprint is critical.
  • All-in-One Solution: Pre-configured with tools for encryption and anonymity.
  • Forensic Resistance: Designed to leave no trace on the used device.

Live System: Can be booted from a USB stick or DVD on almost any computer.

Whonix

Whonix thrives on isolation, running in a virtual machine and offering a secure environment.

  • Compartmentalization: Adds a significant hurdle to tracking efforts.
  • Tor Integration: Ensures all connections are anonymized through Tor.
  • Enhanced Anonymity: Ideal for handling sensitive information securely.

XMPP on Steroids: Integration with Tor and I2P

Before diving into the integration of XMPP with Tor and I2P, let’s briefly understand what these networks are:

  • Tor (The Onion Router): Tor is a network that enables anonymous communication. It directs internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conceal a user’s location and usage from network surveillance or traffic analysis. This makes it an effective tool for privacy and freedom online.
  • I2P (Invisible Internet Project): I2P is an anonymous network, much like Tor. It offers a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no fixed points of trust, which provides more security than traditional networks.

XMPP with Tor

Routing XMPP through Tor obscures your IP address, enhancing anonymity and making surveillance much harder.

XMPP on I2P

XMPP on I2P involves setting up an I2P tunnel, significantly encrypting communications.

  • Enhanced Privacy: This makes tracking XMPP communications significantly harder.

Caution with Mobile Devices for Secure Communications:

Mobile devices offer convenience but also bring inherent risks, such as vulnerability to app ecosystem risks and location tracking. Depending on your threat model, using secure communication tools on a computer, especially within a VM running a privacy-focused OS, can offer enhanced security.

Regular updates and reviewing app permissions are crucial for mobile communications. Physical security and awareness are key to privacy, regardless of the device.

Conclusion

Combining and understanding tools like XMPP, Signal, Session, GPG, Tails, Whonix, and I2P makes you a moving target and harder to trace. Understanding these tool’s strengths and limitations, and how they are used together, is crucial. Making yourself harder to trace is the goal.