Start communicating securely in an hour!
Skip to 3.2 for the most exciting part.
- The problem
- The non-solution
- The real™ solution
3.1 Devices
3.2 Software
4. Bonus: software/reading recommendations
- The problem
You might have heard about chat control (https://european-pirateparty.eu/eu-minister-welcome-chatcontrol/). You might have heard about one of the countless surveillance programs the US government and it's big business friends have put in place. You might have heard about one of the countless surveillance programs implemented by all regimes around the globe (i can't list every one of them, but since I'm living in EU chat control is the most relevant to me). There's basically a new thing uncovered every week or month and it doesn't shock anyone anymore.
2. The non-solution
Some instant messengers promising end to end encryption and lack of metadata pop out here and there (signal, telegram, briar and matrix to name a few) and they more or less deliver on those promises (with the exception of telegram open sourcing its servers maybe). You're being told that by apple that they respect your privacy. If you are under that impression, take a look at that video deconstructing their privacy policy: https://yewtu.be/watch?v=r38Epj6ldKU spoiler: they don't respect your privacy. Now, even if those apps were as secure as they promise, nothing stops them from introducing backdoors, data collection or other nasty things. In the end, you're not gonna switch: EVERYBODY uses this platform instead of that one so you're being held hostage by the network effect. If this wasn't the truth, why would you still have your facebook account, why would you still use whatsapp, google cloud or other countless shitty services? They're not even good. They don't give you joy, and they don't serve a simple purpose. They're filled with useless shit to the brim, are designed to make you anxious and dependent and don't improve your quality of life.
3. The real™ solution
Take your network presence back! Change the toxic dynamic of dependence on your service provider into a dynamic of community owned and operated resources! "That's just buzzwords!" I hear you scream - not really so let me show you how to do that. But first, let's talk about your smartphone and computer.
if you are not afraid of tinkering with technology, you can do all of those things yourself!
If you're not good with computers though, get in touch with a hackerspace nearby, your friend that helps you out when your laptop breaks or a friendly activist group. Take a look at online groups dedicated to those topics. I assure you, these things do not require a STEM degree (I only finished high school and can do them ;), but I understand that computers might be intimidating! I'm sure you'll figure something out, and keep in mind that open source communities are crazy about what they're doing so if you come and ask for help there's a good chance you'll get it!
3.1 Devices
There is nothing you can do with apple and microsoft devices to my knowledge, I'm sorry. You don't need to spend a lot of money on a new device though. I'd say there are a few options if you need a smartphone:
- Buy a phone supported by grapheneos (grapheneos.org/releases) [rather expensive, but good]
- For the adventurous: buy a Pinephone (https://www.pine64.org/)
- cheapest: get (ask your friends for a spare phone, look for classifieds) a device supported by lineageOS or /e/ OS: https://doc.e.foundation/devices, https://download.lineageos.org
As for computers, what I'd consider a reasonably secure stack is:
- coreboot with Intel ME disabled
- a linux distribution with all network trafic routed trough VPN (I can recommend mullvad.net) or better yet, Tor. Note that VPN doesn't make you anonymous, it only makes it impossible for the local authorities and your ISP to know where are you connecting, but if the service you're using is compromised, this doesn't matter.
- full disk encryption
Now flashing coreboot/libreboot requires more confidence and understanding of technical mumbo-jumbo than changing your phones operating system. Also you need supported hardware (A thinkpad x230 or t430 is probably your best bet), but you can get Linux Mint installed in 30-40 minutes. Best to have your friend with you to help you out if something breaks, but you can also figure it out yourself! I won't go into detail about this because it's not the main focus of this article, but you can do it yourself, consult the online documentation or get in touch with someone you trust and I'm sure they'll be happy to help!
3.2 Software
XMPP
Now, after 2000000 words we can get to the point of this article. How the hell do you switch from whatsapp/signal/telegram/AOL/ICQ/postal pigeons to a community owned and built secure instant messaging service? What if I told you that you can have it running in an hour if you have the hardware? that's right, less time than you spent cooking that dinner last night.
XMPP is a bit like e-mail. And I don't mean filled with spam. I mean federated. Can you message a person using signal from a telegram account? Fuck no. Can you message a riseup.net user if you have your mailbox at disroot.org? Of course! The same goes for XMPP. You can message users on every other XMPP server on the globe! Had a beef with your friend? Switch providers! Your ex was hosting your services? Switch providers! Wanna try hosting it yourself? Become a provider! And if you don't like one application, there are other options. For total beginners: go with snikket as a server and application for your phone and Dino for desktop. Here are the steps to run the server part:
step 1. get some friends who are also angry about all the shit that's going on with the communication, or curious about alternatives. preferably one of you should be a bit technical.
step 2. Find an old computer you have lying around, or buy one of the countless single board computers that are available (such as a raspberry pi) and an SSD. Can't afford it? Look for 2nd hand stuff. Gather 10 friends and chip in 10€ each. Sell your soul in exchange for a raspberry pi. Rob a bank. Operating costs are probably 3-5€ a year so you don't need any further financial input.
step 3. buy a domain and point it at your IP address
porkbun.com, njal.la and gandi.net are all cheap (starting at 0.99€ for 1 year of domain ownership). freedns.afraid.org and freenom.com have free domains. If you don't have a static IP address (i.e. you only have 3/4/5G internet and no cable) you'll need to configure dynamic DNS. There's a list here: https://freedns.afraid.org/scripts/freedns.clients.php. You can check you ip address at wtfismyip.com or ifconfig.co
step 3. port forwarding and home network configuration
https://homebrewserver.club/fundamentals-port-forwarding.html
step 3. Run an XMPP instance
super EZ: https://snikket.org/service/quickstart/
a bit more difficult: https://homebrewserver.club/category/instant-messaging.html
Nextcloud
Nextcloud is basically a drop-in replacement for google cloud, offering file storage, calendar, todo lists, contact synchronisation and hundreds other plug-ins that make it whatever you like. The data can be encrypted with users' passwords, it's quick, reasonably easy to set up and also offers federation options (meaning, if you wanna share your files with people on other nextcloud instances so they can edit them or do other cool stuff, you absolutely can and it's easy!). Check out coopcloud.tech: a software stack for extremely easy management of web services. There is a package for nextcloud available and it makes setting it up way easier. And I'd like to point out a very important thing: YOU DON'T NEED TO BE AN EXPERT TO HOST YOUR STUFF. Just like you cook despite not having a formal education for that, just like you paint or sing despite not knowing the "proper" way, drive a car or bike or fix stuff around the house. I know, the dark window with letters looks scary, but if you can't do it, you probably know somebody who can. So try and you will be delighted!
I'm also gonna direct you to the documentation. Nextcloud requires a bit more knowledge than snikket, but once you configure it it's pretty low maintenance.
https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html
Why do this instead of use one of countless file hosting services?
- if the internet/power goes down you (or your friend) still have all of your stored data
- No metadata is leaked to 3rd parties
- It's cool as fuck
4. Other software recommendations:
https://greenhouse.server.garden/
Reading recommendations:
https://communitywiki.org/wiki/SmolNet