Tech Safety For Protestors
Privacy and Anonymity – Session Is Better Than Signal
I’m a huge fan of privacy and security and with all things going on in the world I can see anonymity is another worthwhile goal. I like WhatsApp for the end to end encryption, but as it is owned by Facebook I wouldn’t give it my full trust. In my search for the best end-to-end encrypted messaging apps I found Threema. Threema’s excellent and ticks most of the boxes. The only two things against it is the fact that it’s a paid for application and the lack of self-destructing messages. I didn’t mind paying for it, the problem only shows itself when you have to persuade your contacts to also pay for the application. All of the security questions you would ask you get the best answers with Threema. I feel fairly sure that the application will get exploding messages at some point in time.
Signal is the application which gets most of the accolades and praise. It is highly commended by actual spies like Edward Snowden. As far as I’m concerned, for security and privacy it is one of the best. The only problem is having to attach a phone number to your account. There are ways around this, like getting someone else to buy you a burner phone, use it once to register the account with Signal. Dump the phone after that to make sure there’s no way can be connected to you. With Threema you don’t need an email address or phone number to set up your account and you get full anonymity straight out of the box. What about if you could have something based upon the Signal privacy and security technology, but with anonymity? That’s now possible with this new application called Session.
Setting Up With Session
As a user it’s a simple application and easy to set up. As you go through the process you don’t have to give an email address or phone number. You can call yourself whatever you like. It doesn’t have to be a real name, a nickname will do. You get a session ID which is a long alphanumeric set of characters. You also get a recovery phrase which is a set of 13 words. With this you can restore or migrate your session ID to a new device. I have got this saved in a safe place in case I need to do a recovery. You can connect another device to the same account. This means you can use the same Session ID on those two accounts. At the moment it is limited to just two. It’ll be good when this is extended to more devices so I can use the same account on my iPad and also on my desktop computer. I suppose the thing is with the same Session account on more devices the less secure it is.
Making Use of Session for Security and Privacy
It’s really easy to start using your Session account on your device. You give your session ID to your friend/contact so you can begin making contact. Share the session ID either with a QR code or with the alphanumeric ID. You could send the ID code to your contacts by whatever means. I suggest by using a different messaging app with end-to-end encryption. The connection between you and your friend is verified and both of you know exactly who you are talking to. If you are doing this in person, one of you will show the other a QR code and you are in business. You are ready for secure and private and anonymous messaging.
Closed or Open Groups
There is also the option of closed or open group chats. Open groups can be joined by anyone and don’t provide the full privacy protection. There is a round icon with a + symbol in the middle of it at the bottom of the screen. This is where you choose your open group or closed group messaging or a person to person session. The screen which pops up for the closed group looks almost the same as the screen you get when you’re starting a new closed group session. In a closed group chat you can have up to 10 people participating.
Not Just Text
Apart from sending text you can send photos directly from the camera or from the photo library. There’s also an option to send a GIF. Type in a search term and you get a choice from the Giphy service. If you want to send a document you can choose from the photo library or to browse in the Files application.
Send Voice messages in Session. It doesn’t do video or phone calls yet. There are other apps which cover that requirement. It is good to see an app doing the basics the best possible way. Security – Privacy – Anonymity the core of the app is well taken care of by Session.
There are situations when disappearing messages are vital for your safety. Imagine you have been arrested and they take your phone. What if they force you to unlock your device. They could use your face or fingerprint biometrics without your consent to unlock. Best to turn off biometrics before you go on that protest. You can’t be forced to give the password in your memory. In any case with Session it’s possible to set it so messages delete after a set amount of time. From 1 minute to 1 week, and settings in between. If you are in a group organising where to be and protesting (peacefully of course) you don’t want to give away vital information. The message disappears from both devices involved in the conversation. Even if arrested, Move along – Nothing to see here. The timer starts after the message has been seen at the receivers end. On your own device the timer starts as soon as you hit send. The officers might know you had messages which went ‘Poof’ and exploded into the void. There is a message on the screen stating the setting for the TTL – Time-To-Live. There will be no messages there though. In the iOS version you see a small icon on the message which shows a countdown. On the Mac version it counts down in 5 second intervals before it wobbles and vanishes.
Find out more at the Loki Foundation.
Benefits of Using Session
- No Phone numbers or other identification to set up
- Doesn’t collect data so it can’t leak anything
- Open Source software means anyone can check and verify the code.
- It will sync across devices, which Threema can’t do.
- Uses Onion routing network to not leave a footprint.
- De-centralised servers. Harder to shut down.
- Run by the Loki Foundation – Believes – Privacy is a fundamental right.