/cyb/ - cyberpunk and cybersecurity

Bitmessage.
> there are tech illiterates
Set it up on their devices and teach them how to use it.
> Signal
It's okay, if you're lazy.
> jewgle marqeet
F-droid or apk.

>>2761

Before anything it doesn't matter what kind of Smart phone your are using it's not safe to use them. Since this group want to squat place which can result in police raid they can found anything inside of it because the smart phone is not safe but the app is..

I highly recommend OTR there is multiple guide on internet it's easy to setup but in all honesty just use PGP plain and simple.

I drop my 2 cents, I had to deal with squat before it's not fun. So do this for my be smart and respectful don't trash the place. The less there is behind you the harder it is to find you.

Smartphones as of now are insecure. This is not necessary. A big smartphone revolution comes with the upcoming Librem phone because it has LTE, hardware switches and was built with the purpose of open source. More like it will most probably follow, Ubuntu Phone, Sailfish, Wayland stabilizing and KDE Mobile are pointing in that direction.
While waiting the only pseudo-secure phones (for non-super serious activities and having relative user-autonomy and "security") are the ones recommended by the GNU Replicant project (https://replicant.us/). OS-wise Lineage-MicroG or Replicant are the best as of now, Replicant is just way harder to find a suitable hardware-software match for, since it's a GNU-terms free software OS and thus contains no binary blobs (required for most smartphone comms, except GSM). E2E encrypted comms, anonymous overlay networks and P2P programs need to be integrated way better with mobile OS until a serious, newb-proof approach to this is realistic and capable of emerging a technically enlightened counter-culture/society/economy. It's theoretically feasible, just not anywhere in sight just yet. It seems as if though the material conditions just aren't up to task; no surprise considering we're still in the x86 INTEL/amd duopoly.
Also never expect others to have secure phones. If you plan on using tech for some controversial end then plan that out beforehand with new hardware, software.
TL;DR: hardware: Replicant recommended smartphones; software: Google-free Lineage-MicroG w/ Copperhead's 'Noise' fork of Signal that updates through F-Droid, as opposed to OWS' Signal.

>>2762
>Bitmessage
Compromised: https://en.wikipedia.org/wiki/Bitmessage#Security

Why not just set up a hidden service on tor?

installing tor browser doesn't require technical litteracy.

>>2772
because TOR is unsafe to do this kind of stuff. Your exit traffic is not encrypted and can be sniffed, so many exit nodes are found doing the same thing. Therefore, the only difference between you using tor and clean https is that your traffic was sniffed not by provider's DPI, but a random guy or FBI idk. There are many things TOR is really good in, but continuous use is not in this list. If you want to create secret network, you need to dig into i2p project.
Imo OP would like to set up his own messenger on his own server, for instance he could use Matrix protocol to do that. For real security PGP is still the best way of messaging.>>2772

>>2761
What kind of squatting? Squatting as in "fuck around abandoned buildings until someone breaks their spine falling three floors down the hole"? I'm sure you'll be fine with using whatever proprietary messaging app you use right now given the fact it's not your local Facebook clone or plaintext sms. If you want to role-play as ebin cyberpunks, you really should try running an IRC or XMPP server on a remote network machine, bonus points for Tor or i2p as tunneling protocols. Keep in mind that any cellular device, be it smartphone, flip-phone, super secure Librem Phone with Gentoo have one common flaw: they constantly connect to cell towers and communicate with them, Depending on how incestual relationships between your local police and cell carriers are in your platnet's sector ZOG jurisdiction, there may be some consequences, such as sending SWAT/HOMO squad after identifying and locating your group as right-wing pagan terrorists squatting in a forbidden area and practicing wrongthink. Simple answer: don't bring any cellphones to your squat place, communicate over encrypted channels without correlating your metadata between participants, i.e use different Jabber servers for each user or VPNs or Tor. If you ask this question here, you've probably already made a lot of commsec mistakes and is surely on a list :)
>>2773
A previous poster said use hidden service, you spit a bunch of cianigger bullsoykaf about sniffing exit nodes and T.O.R. to scare off newbies.
>>2772
Yep, making a hidden service forum and downloading Tor Browser is probably the most secure normal person-friendly way out here.

>>2775
From since unsafety of tor has become a cianigger bullsoykaf? It's all like 'don't use this phone security illusions, use another one'.

>>2776
The way you present it has nothing to do with the usecase.
Use say
>Your exit traffic can be sniffed
A hidden service has no exit traffic because by definition of "hidden service" it never leaves the Tor network and end-to-end link is encrypted with asymmetric public key (hidden service address).
You say
>Your exit traffic is not encrypted and can be sniffed
Which in most cases is untrue because distributing TLS certificates for your basement server is free as in no shekels spent and is very easy by adding them into browser or messaging client.
You say
>many exit nodes are found doing the same thing
When in fact there is a tiny amount of them doing so. Moreover, since Tor network is somewhat centralized boo I dare you didn't know that, right? Put that down your note book, mr cia agent, it bans nodes upon confirming malicious activity reports.
You say
>only difference between you using tor and clean https is that your traffic was sniffed not by provider's DPI, but a random guy or FBI idk
Which is in fact more then adequate for most Internet users, when FBI is not in their threat model list, but again we're talking about hidden service.
And there's classic, you call it TOR which means you didn't even read the website past front page.

Ok, i think i probably explained myself badly. I said squatting cause i don't know how to say it in english, but the thing i meant was "occupy a public building with a bunch of political activists and mantain the position, without making the cops know place and hour before we arrive". Also that was only an example of planned actions that here often happen to be intercepted by the police and blocked before they can begin, i'm not saying we are going to do that in particular.
What's more, i think you overrated my comrades. It's a big group including also people of 40+ years who barely know how to use a computer, installing torchat for everyone is quite unrealistic. The aim was only to send a pair of messages not instantly intercepted by local police to organize meetings during a week or so and to coordinate the final action the very day it starts, not to have bulletproof security against the fucking CIA

>>2780

Well, then PGP is what you're searching. With too many people you're bound to get caught no matter what. Teaching your 40 years old friend new habit isn't an easy task.

Just remember be respectful of your environment.

>>2780
In a large group of varying ages like that, with most of them involved in some kind of activism, it's probably too late because the bacon is already monitoring you.

Get a small group together and secure the place in secret. Set up some physical infrastructre on your own. Then invite the old people and those who huff glue in their spare time to occupy the place while you pull up the vans full of books and couches and computers and stuff so you can load all the stuff in while a fresh and lively crowd is on hand.

Don't let perfect be the enemy of good. All this crypto and complexity will not get adopted if the group is not used to it.

First off, analyze your threats. You guys are doing squatting; in general, you are going to have to deal with police showing up. They will not be using sophisticated technology to track you; they will not be dropping advanced malware on your devices. They will not be breaking any crypto. They are cops.

You need to balance an actual solution that gives you a reasonable amount of operational security while actually being used by your group. Forcing them to use complex communication means does not secure your organization. Instead, members of your group will sneak comms through easier, far less secure means, and you won't know about it.

Yes, use smartphones. No, they are not secure, but they are good enough for your threat. Install Signal, it doesn't matter from where; the police are not going to run a campaign that propagates backdoored Signal packages via Google Play.

Everyone has smart phones, and will be using them, so integrating comms with Signal will be easy enough. You'll get a pretty good boost in security, and it will be simple enough that people will stick to the plan without talking in the clear for convenience.

>>2780
Just promise us you're not planning a covert operation to illegally bring more uneducated angry economic migrants who pose themselves as orphans of war to a peaceful European village.
And you are not organizing a coup d'etat resulting in establishing a cryptocolony puppet state of US globalist interests and ZOG.
Okay, back on track. Has anyone mentioned Briar? It's a all-in-one solution that allows disconnected mesh messaging (when cops disable cell towers in protest areas, all hipsters lose -10 morale when they can't refresh their facebook status), and onion-routed (using Tor) serverless messaging similar to Tox. It's free as in Stallman's feet software, but some people say it tracks users for troubleshooting purposes.

>>2798
Well that useless rant of yours sure came out of nowhere.

In the end all went good, we utilized only Signal and no policeman showed up before us.
It seems to work, but i don't know if it's the application that is very secure or if it was only the local police not being used to people communicating through better means than Whatsapp/SMS

>>2798
Sometimes we utilize the occupied places for free schools to teach the local language to migrants or to give them a place where to sleep, but this wasn't the case. Also i think you're funny, i've never seen right-wing groups doing this kind of protests, is obvious that if we occupy a place we are not that kind of people who is against n1ggers.