Generated.

[homepage.git] / blog / data / 2016-11-07-comm-loved-ones.txt

Title: How to talk with your loved ones in private
Tags: english, personvern, sikkerhet, surveillance
Date: 2016-11-07 10:25

<p>A few days ago I ran a very biased and informal survey to get an
idea about what options are being used to communicate with end to end
encryption with friends and family.  I explicitly asked people not to
list options only used in a work setting.  The background is the
uneasy feeling I get when using Signal, a feeling shared by others as
a blog post from Sander Venima about
<a href="https://sandervenema.ch/2016/11/why-i-wont-recommend-signal-anymore/">why
he do not recommend Signal anymore</a> (with
<a href="https://news.ycombinator.com/item?id=12883410">feedback from
the Signal author available from ycombinator</a>).  I wanted an
overview of the options being used, and hope to include those options
in a less biased survey later on.  So far I have not taken the time to
look into the individual proposed systems.  They range from text
sharing web pages, via file sharing and email to instant messaging,
VOIP and video conferencing.  For those considering which system to
use, it is also useful to have a look at
<a href="https://www.eff.org/secure-messaging-scorecard">the EFF Secure
messaging scorecard</a> which is slightly out of date but still
provide valuable information.</p>

<p>So, on to the list.  There were some used by many, some used by a
few, some rarely used ones and a few mentioned but without anyone
claiming to use them.  Notice the grouping is in reality quite random
given the biased self selected set of participants.  First the ones
used by many:</p>

<ul>

<li><a href="https://whispersystems.org/">Signal</a></li>
<li>Email w/<a href="http://openpgp.org/">OpenPGP</a> (Enigmail, GPGSuite,etc)</li>
<li><a href="https://www.whatsapp.com/">Whatsapp</a></li>
<li>IRC w/<a href="https://otr.cypherpunks.ca/">OTR</a></li>
<li>XMPP w/<a href="https://otr.cypherpunks.ca/">OTR</a></li>

</ul>

<p>Then the ones used by a few.</p>

<ul>

<li><a href="https://wiki.mumble.info/wiki/Main_Page">Mumble</a></li>
<li>iMessage (included in iOS from Apple)</li>
<li><a href="https://telegram.org/">Telegram</a></li>
<li><a href="https://jitsi.org/">Jitsi</a></li>
<li><a href="https://keybase.io/download">Keybase file</a></li>

</ul>

<p>Then the ones used by even fewer people</p>

<ul>

<li><a href="https://ring.cx/">Ring</a></li>
<li><a href="https://bitmessage.org/">Bitmessage</a></li>
<li><a href="https://wire.com/">Wire</a></li>
<li>VoIP w/<a href="https://en.wikipedia.org/wiki/ZRTP">ZRTP</a> or controlled <a href="https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol">SRTP</a> (e.g using <a href="https://en.wikipedia.org/wiki/CSipSimple">CSipSimple</a>, <a href="https://en.wikipedia.org/wiki/Linphone">Linphone</a>)</li>
<li><a href="https://matrix.org/">Matrix</a></li>
<li><a href="https://kontalk.org/">Kontalk</a></li>
<li><a href="https://0bin.net/">0bin</a> (encrypted pastebin)</li>
<li><a href="https://appear.in">Appear.in</a></li>
<li><a href="https://riot.im/">riot</a></li>
<li><a href="https://www.wickr.com/">Wickr Me</a></li>

</ul>

<p>And finally the ones mentioned by not marked as used by
anyone. This might be a mistake, perhaps the person adding the entry
forgot to flag it as used?</p>

<ul>

<li>Email w/Certificates <a href="https://en.wikipedia.org/wiki/S/MIME">S/MIME</a></li>
<li><a href="https://www.crypho.com/">Crypho</a></li>
<li><a href="https://cryptpad.fr/">CryptPad</a></li>
<li><a href="https://github.com/ricochet-im/ricochet">ricochet</a></li>

</ul>

<p>Given the network effect it seem obvious to me that we as a society
have been divided and conquered by those interested in keeping
encrypted and secure communication away from the masses.  The
finishing remarks <a href="https://vimeo.com/97505679">from Aral Balkan
in his talk "Free is a lie"</a> about the usability of free software
really come into effect when you want to communicate in private with
your friends and family.  We can not expect them to allow the
usability of communication tool to block their ability to talk to
their loved ones.</p>

<p>Note for example the option IRC w/OTR.  Most IRC clients do not
have OTR support, so in most cases OTR would not be an option, even if
you wanted to.  In my personal experience, about 1 in 20 I talk to
have a IRC client with OTR.  For private communication to really be
available, most people to talk to must have the option in their
currently used client.  I can not simply ask my family to install an
IRC client.  I need to guide them through a technical multi-step
process of adding extensions to the client to get them going.  This is
a non-starter for most.</p>

<p>I would like to be able to do video phone calls, audio phone calls,
exchange instant messages and share files with my loved ones, without
being forced to share with people I do not know.  I do not want to
share the content of the conversations, and I do not want to share who
I communicate with or the fact that I communicate with someone.
Without all these factors in place, my private life is being more or
less invaded.</p>

<p><strong>Update 2019-10-08</strong>: Børge Dvergsdal, who told me he
  is Customer Relationship Manager @ Whereby (formerly appear.in),
  asked if I could mention that appear.in is now renamed and found at
  <a href="https://whereby.com/">https://whereby.com/</a>.  And sure,
  why not.  Apparently they changed the name because they were unable
  to trademark appear.in somewhere...  While I am at it, I can mention
  that Ring changed name to Jami, now available from <a
  href="https://jami.net/">https://jami.net/</a>.  Luckily they were
  able to have a direct redirect from ring.cx to jami.net, so the user
  experience is almost the same.</p>