I entirely understand that the more secure and private a means of communication gets, the less convenient it is. That being said it seems like there should be some way to be reasonably secure while still being able to promote these types of things.
To be completely transparent I am not planning on being said organizer of protests, but recent events have simply piqued my interest in the topic. I’ve read certain frequently referenced materials like “What is Security Culture”, “Confidence Courage Connection Trust”, and “Mobile Phone Security for Activists and Agitators”. I feel like the more resources I read the more it seems like there is no general consensus on the best solutions even for similar threat models.
So far the only thing I’ve truly gathered is that if you want the best security and privacy you should just not use online communications, which obviously is sub-optimal for gaining traction.
Some people say using Signal is the best means of communication, but that the use of phone numbers and centralization could be a concern. Some people say SimpleX, but cite concerns about notifications or how it hasn’t been around long enough to be fully vetted. There’s Briar which actually seems great but goodbye to every iPhone user.
Is there any completely solid answer to such a scenario where privacy and security must be upheld while maintaining outreach? I get all things will have their tradeoffs, but is the best solution really just using network communications as little as possible and being careful about your presence?
I think Signal is the best. The flaws you mentioned are valid for some threat models, but now when organizing a protest.
Signal has phone number privacy, so goverment can not link any accounts to any phone numbers. At most they will know you registered Signal.
Yes, it’s centralized, but if the only threat actor you worry about is your goverment, then Signal will do just fine. They can not hand over any meaningful data on anyone because of metadata protection.
Flash mob protests for 5-10 minutes then meet at a new location for the next one.
Cops can’t be everywhere and agent provocateurs would have to be on the inside.
Go get involved and you’ll see pretty quick how people generally handle organizing. They’ll be some kind of low stakes event like a reading or art gallery or concert or something and people will say “come out to this protest tomorrow”.
If there’s a signal or something it’s not usually a necessary link.
All that is to say: don’t use computers to organize. If you want to use social media to raise awareness of an event that’s a different thing altogether.
Protests that upset the US federal government are serious business. Garden-variety privacy won’t do.
I don’t agree with the overall logic of that first article. It makes a huge assumption that the CIA has influenced Signal, but as with F-Droid (who just received a grant from the same OTF), the funds go from Congress to the USAGM (formerly RFA) to OTF to regular folk, nonprofits, charities, etc.
The OTF is an independent nonprofit corporation, with its own set of board members, and they make their own decisions. Could they all be bought by the CIA to secretly fund backdoors in open source projects? I suppose, but that would be a possibility fallacy to imply: because it could, it therefore is.
Lots of money moves around the government, and even it doesn’t always know where it all goes. People should be able to make informed choices, but paranoia and tinfoil aren’t going to help anyone.
I also like how the “good alternatives” blog post shows a bunch of apps that basically have “less secure”, “not compatible” or “unstable” as caveats. Signal is (for now) still gold standard for messaging apps overall.
It’s also stupid easy to set up. I got my whole family to switch in two days.
I like the way SimpleX does everything much more, with the anonymous contact tokens, but Signal is still open source and doing things like local-only storage, ephemeral chats, password protection for the app, etc.
It’s fair to keep an eye on any service that’s centralized, but thus far, it’s probably the best option out there for people who aren’t technically-minded or otherwise don’t have the patience to get into the weeds of some of those other apps.
SimpleX or Briar
SimpleX, try actually doing it and you’ll find out pretty quick.
