Man
Professional
- Messages
- 3,059
- Reaction score
- 585
- Points
- 113
Nowadays, the importance of anonymity on the Internet has increased many times. The Internet is no longer a place where you can feel safe, today for a like or a careless phrase in a chat you can get several years in prison. This is today's reality, and not only in the Russian Federation and the Republic of Belarus, but also in more civilized countries.
Even if you do not violate any laws now, your traffic and message history are saved "where necessary", and in the future, the laws will change and the archives will be raised, you can be sure. Our laws have retroactive effect.
Therefore, an anonymous means of communication with reliable encryption is a mandatory standard for a normal person. Telegram with secret chats is not the best option. To guarantee a semblance of anonymity, you need to perform a number of optional actions, including buying a virtual number for TONs (first you need to buy these TONs, which is also a non-trivial procedure).
The question is, why do you need a virtual number if you can implement registration without a number at all, like in normal anonymous messengers?
The experience of 2020 in Belarus showed what methods the special services use to de-anonymize users. The first to be repressed were the administrators of popular channels and communities in Telegram. Through them, the authorities gained control over channels, subscriber lists, etc.
Having received physical access to the device for a few minutes, they connect a third-party client to the Telegram account on their PC (a special client that is being developed for law enforcement agencies). Through it, the entire message history in all Telegram channels, the contact list are quickly downloaded, and the user's further communication is tracked. Interestingly, this third-party client is not displayed in the list of active sessions in the Telegram settings; the user only receives a service message "Login from a new device" of something like this:
His operative immediately marks it as read so that the victim does not notice anything when the smartphone is returned to her.
Mobile phones of Belarusian residents are checked right on the street, so you need to remember about security constantly, see methods of counteracting deanon and double bottom.
Recently, several interesting developments have appeared in the list of secure messengers. Among them are the first distributed group P2P chat Quiet, the first messenger without using user IDs SimpleX, the ephemeral messenger Chitchatter, the anonymous messenger BeProg and others. It is obvious that the problem of anonymous messages on the Internet is extremely relevant now.
In the development of an anonymous messenger, the main problem is that identifiers (IDs) of these objects are required for communication between objects. Therefore, all existing messengers, including the most secure Signal, Matrix, Session, Briar, Jami, Cwtch and others, really use the user ID in one form or another, at least randomly generated timestamps like Session ID.
A permanent identifier allows you to correlate the identity of an anonymous user with profiles in social networks and determine his real name.
The new SimpleX messenger is declared to be the first in which the architecture does not have user IDs at all, and in the "Incognito" mode, a new name is shown for each interlocutor.
For this, "temporary anonymous paired identifiers of message queues" are used, separate for each of the connections. The sender specifies the servers to receive their messages, and each of the contacts - the servers to receive theirs. Each session uses two different servers.
User profiles, contact lists and groups are stored only on client devices, and messages are sent via channels with two-level end-to-end encryption.
SimpleX as a whole is a platform on which you can create applications. SimpleX Chat is one such application, which also serves as an example and a benchmark.
SimpleX Messaging Protocol (SMP) is a protocol for sending messages in one direction to the recipient through an intermediate server. Messages are delivered in unidirectional queues created by recipients. The SMP server acts as a proxy, using onion routing (like in Tor / Onion) through two hops. This is necessary to protect the sender's transport information (IP address and session) from the server selected by the receiver.
SMP Server Design:
The transport protocol provides integrity, server authentication, confidentiality, and transport channel binding.
The SimpleX client libraries provide a low-level API that is not intended for use by applications. SimpleX Agents interact with SimpleX clients and provide a higher-level API intended for use by applications. They are typically embedded in libraries, but can also be abstracted into local services.
SMP Agent Design:
SimpleX agents communicate with other agents inside encrypted E2E wrappers provided by the SMP protocol - the syntax and semantics of the messages exchanged between agents are defined by the SMP Agent protocol. For more information, see the technical documentation.
The diagram below shows the SimpleX Chat application, with the logical layers of the chat application interacting with the SimpleX Agent library, which interacts with the SimpleX Client library. The client library, in turn, transmits the message exchange protocol to the SimpleX server:
Chitchatter (source code) is a secure web messenger on the web mesh architecture (P2P, WebRTC, no central server, frontend on Vite, Trystero network stack, file transfer via secure-file-transfer):
Implementation of a web mesh in the Trystero
library End-to-end encryption is implemented via WebRTC. In the "ephemeral" messenger, the content of messages is never saved to disk, either on the client or on the server. In fact, there is no server for the API. The program only requires access to GitHub for static assets and to public WebTorrent relay servers and STUN/TURN relay servers for establishing communication when a direct peer-to-peer connection cannot be established.
Using Chitchatter is quite simple. The user goes to the site and can join a private "room" for chat. Random UUIDs are generated on the client side as room names. For private communication, you can join one of these randomly generated rooms and share the URL with your interlocutor (using the "
" button at the top of the page) via an anonymous note-taking service on the Internet (like Burner Note or Yopass ). You can try the test room.
Features include:
Technitium Mesh is an anonymous peer-to-peer (P2P) messenger with end-to-end encryption and open source. It uses DHE-2048, ECDHE-256, RSA-2048, and AES-256 for encryption and authentication. The messenger is the successor to Bit Chat. Unfortunately, it is currently only available for Windows (alpha version).
Mesh does not require centralized user registration. Anonymous profiles work through the Tor hidden service. Unlike Bit Chat, peer search through BitTorrent trackers is disabled here, since some providers block BitTorrent traffic. Instead, Mesh relies entirely on distributed hash tables (DHT).
Mesh allows you to create completely anonymous or P2P profiles. Both profiles are compatible, so a P2P profile can connect to an anonymous profile through Tor. The profile itself is an encrypted file on the computer with a pair of RSA keys, the keys are needed to encrypt the E2E channel and generate IDs that change all the time.
The user ID is designed in such a way that it can be changed at any time. Since there is no user registration, the developers do not know who and how many people use Mesh.
In P2P mode, users connect directly without an intermediate server. In anonymous mode, all connections are made through Tor, and incoming connections go through the Tor hidden service.
In the messenger kit, you can download several other useful utilities for changing the MAC address and setting up a local DNS server.
Technitium MAC Address Changer (TMAC) is a free utility for changing or replacing the MAC address of network adapters. In addition to changing the MAC address, you can use the program to configure the network adapter, as well as to quickly switch between several network configurations:
Technitium DNS Server is an open source DNS server for self-hosting:
It can be used to block Internet advertising using a blacklist of domains:
The server is configured for forwarding via DNS-over-TLS or DNS-over-HTTPS, which makes all DNS requests private and secure for all applications on the network:
Technitium DNS Client is an online service for sending a request to any name server, including root servers:
There is also a separate utility for running the client locally on your PC.
In order to ensure anonymity, the BeProg messenger also decided to completely abandon user identification. No registration, phone number, email address, user ID or session generation in any closed or open form, etc., etc. are required.
BeProg only uses one-time anonymous message identification. There is no direct connection between user devices.
To communicate, you need to create a chat using a password, which you agree on with your interlocutor in advance. That is, a password is given for communication (instead of a phone number) with which a chat is created. Creation occurs in two steps: click on the "Private chat" button...
... and enter the password:
BeProg sought to find a simple and elegant solution that is convenient for the average user. The password can be easily thought up and transmitted verbally. For example, Vasilisa90. Password collisions were reduced to a minimum: after the start of communication in the chat, the password for this chat cannot be reused. It is impossible for a third party to get into an existing private chat.
There is no binding to the device ID either. The only thing is that if you install the application from the Google Play or App Store catalog, the registration ID in the store will be saved.
All chats are protected using symmetric encryption, using the one-time pad principle, i.e. each message is encrypted with a new key.
The messenger also supports voice calls, also with end-to-end encryption and anonymous sessions.
In addition to choosing the right messenger, it is advisable to follow other security measures, including:
Strong anonymity and encryption are the foundation of security in today's digital world.
Source
Even if you do not violate any laws now, your traffic and message history are saved "where necessary", and in the future, the laws will change and the archives will be raised, you can be sure. Our laws have retroactive effect.
Therefore, an anonymous means of communication with reliable encryption is a mandatory standard for a normal person. Telegram with secret chats is not the best option. To guarantee a semblance of anonymity, you need to perform a number of optional actions, including buying a virtual number for TONs (first you need to buy these TONs, which is also a non-trivial procedure).
The question is, why do you need a virtual number if you can implement registration without a number at all, like in normal anonymous messengers?
The experience of 2020 in Belarus showed what methods the special services use to de-anonymize users. The first to be repressed were the administrators of popular channels and communities in Telegram. Through them, the authorities gained control over channels, subscriber lists, etc.
Having received physical access to the device for a few minutes, they connect a third-party client to the Telegram account on their PC (a special client that is being developed for law enforcement agencies). Through it, the entire message history in all Telegram channels, the contact list are quickly downloaded, and the user's further communication is tracked. Interestingly, this third-party client is not displayed in the list of active sessions in the Telegram settings; the user only receives a service message "Login from a new device" of something like this:
His operative immediately marks it as read so that the victim does not notice anything when the smartphone is returned to her.
Mobile phones of Belarusian residents are checked right on the street, so you need to remember about security constantly, see methods of counteracting deanon and double bottom.
Recently, several interesting developments have appeared in the list of secure messengers. Among them are the first distributed group P2P chat Quiet, the first messenger without using user IDs SimpleX, the ephemeral messenger Chitchatter, the anonymous messenger BeProg and others. It is obvious that the problem of anonymous messages on the Internet is extremely relevant now.
In the development of an anonymous messenger, the main problem is that identifiers (IDs) of these objects are required for communication between objects. Therefore, all existing messengers, including the most secure Signal, Matrix, Session, Briar, Jami, Cwtch and others, really use the user ID in one form or another, at least randomly generated timestamps like Session ID.
A permanent identifier allows you to correlate the identity of an anonymous user with profiles in social networks and determine his real name.
SimpleX
The new SimpleX messenger is declared to be the first in which the architecture does not have user IDs at all, and in the "Incognito" mode, a new name is shown for each interlocutor.
For this, "temporary anonymous paired identifiers of message queues" are used, separate for each of the connections. The sender specifies the servers to receive their messages, and each of the contacts - the servers to receive theirs. Each session uses two different servers.
User profiles, contact lists and groups are stored only on client devices, and messages are sent via channels with two-level end-to-end encryption.
SimpleX as a whole is a platform on which you can create applications. SimpleX Chat is one such application, which also serves as an example and a benchmark.
SimpleX Messaging Protocol (SMP) is a protocol for sending messages in one direction to the recipient through an intermediate server. Messages are delivered in unidirectional queues created by recipients. The SMP server acts as a proxy, using onion routing (like in Tor / Onion) through two hops. This is necessary to protect the sender's transport information (IP address and session) from the server selected by the receiver.
SMP Server Design:
The transport protocol provides integrity, server authentication, confidentiality, and transport channel binding.
The SimpleX client libraries provide a low-level API that is not intended for use by applications. SimpleX Agents interact with SimpleX clients and provide a higher-level API intended for use by applications. They are typically embedded in libraries, but can also be abstracted into local services.
SMP Agent Design:
SimpleX agents communicate with other agents inside encrypted E2E wrappers provided by the SMP protocol - the syntax and semantics of the messages exchanged between agents are defined by the SMP Agent protocol. For more information, see the technical documentation.
The diagram below shows the SimpleX Chat application, with the logical layers of the chat application interacting with the SimpleX Agent library, which interacts with the SimpleX Client library. The client library, in turn, transmits the message exchange protocol to the SimpleX server:
Code:
User's Computer Internet Third-Party Server
------------------ | ---------------------- | -------------------------
| |
SimpleX Chat | |
| |
+----------------+ | |
| Chat App | | |
+----------------+ | |
| SimpleX Agent | | |
+----------------+ -------------- TLS ---------------- + ----------------+
| SimpleX Client | ------ SimpleX Messaging Protocol ------> | SimpleX Server |
+----------------+ -------------------------------- --- +----------------+
| |Ephemeral P2P messenger Chitchatter
Chitchatter (source code) is a secure web messenger on the web mesh architecture (P2P, WebRTC, no central server, frontend on Vite, Trystero network stack, file transfer via secure-file-transfer):
Implementation of a web mesh in the Trystero
library End-to-end encryption is implemented via WebRTC. In the "ephemeral" messenger, the content of messages is never saved to disk, either on the client or on the server. In fact, there is no server for the API. The program only requires access to GitHub for static assets and to public WebTorrent relay servers and STUN/TURN relay servers for establishing communication when a direct peer-to-peer connection cannot be established.
Using Chitchatter is quite simple. The user goes to the site and can join a private "room" for chat. Random UUIDs are generated on the client side as room names. For private communication, you can join one of these randomly generated rooms and share the URL with your interlocutor (using the "
" button at the top of the page) via an anonymous note-taking service on the Internet (like Burner Note or Yopass ). You can try the test room.Features include:
- the number of interlocutors in one room is limited only by the number of connections supported by the browser;
- public and private rooms;
- video and audio chats;
- screen sharing;
- transfer of files of unlimited size, files are encrypted before sending and decrypted by the recipient (the key is the room name);
- embedding into other web applications via iframe;
- Markdown support with react-markdown, including syntax highlighting;
- dark and light themes;
- Automatic peer verification on the client side using public-key cryptography ;
- messages are never saved to disk, when you leave the room they are deleted from memory and cannot be recovered;
- can be installed on your hosting.
Technitium Mesh
Technitium Mesh is an anonymous peer-to-peer (P2P) messenger with end-to-end encryption and open source. It uses DHE-2048, ECDHE-256, RSA-2048, and AES-256 for encryption and authentication. The messenger is the successor to Bit Chat. Unfortunately, it is currently only available for Windows (alpha version).
Mesh does not require centralized user registration. Anonymous profiles work through the Tor hidden service. Unlike Bit Chat, peer search through BitTorrent trackers is disabled here, since some providers block BitTorrent traffic. Instead, Mesh relies entirely on distributed hash tables (DHT).
Mesh allows you to create completely anonymous or P2P profiles. Both profiles are compatible, so a P2P profile can connect to an anonymous profile through Tor. The profile itself is an encrypted file on the computer with a pair of RSA keys, the keys are needed to encrypt the E2E channel and generate IDs that change all the time.
The user ID is designed in such a way that it can be changed at any time. Since there is no user registration, the developers do not know who and how many people use Mesh.
In P2P mode, users connect directly without an intermediate server. In anonymous mode, all connections are made through Tor, and incoming connections go through the Tor hidden service.
In the messenger kit, you can download several other useful utilities for changing the MAC address and setting up a local DNS server.
Technitium MAC Address Changer (TMAC) is a free utility for changing or replacing the MAC address of network adapters. In addition to changing the MAC address, you can use the program to configure the network adapter, as well as to quickly switch between several network configurations:
Technitium DNS Server is an open source DNS server for self-hosting:
It can be used to block Internet advertising using a blacklist of domains:
The server is configured for forwarding via DNS-over-TLS or DNS-over-HTTPS, which makes all DNS requests private and secure for all applications on the network:
Technitium DNS Client is an online service for sending a request to any name server, including root servers:
There is also a separate utility for running the client locally on your PC.
Anonymous messenger BeProg
In order to ensure anonymity, the BeProg messenger also decided to completely abandon user identification. No registration, phone number, email address, user ID or session generation in any closed or open form, etc., etc. are required.
BeProg only uses one-time anonymous message identification. There is no direct connection between user devices.
To communicate, you need to create a chat using a password, which you agree on with your interlocutor in advance. That is, a password is given for communication (instead of a phone number) with which a chat is created. Creation occurs in two steps: click on the "Private chat" button...
... and enter the password:
BeProg sought to find a simple and elegant solution that is convenient for the average user. The password can be easily thought up and transmitted verbally. For example, Vasilisa90. Password collisions were reduced to a minimum: after the start of communication in the chat, the password for this chat cannot be reused. It is impossible for a third party to get into an existing private chat.
There is no binding to the device ID either. The only thing is that if you install the application from the Google Play or App Store catalog, the registration ID in the store will be saved.
All chats are protected using symmetric encryption, using the one-time pad principle, i.e. each message is encrypted with a new key.
The messenger also supports voice calls, also with end-to-end encryption and anonymous sessions.
General recommendations for anonymity
In addition to choosing the right messenger, it is advisable to follow other security measures, including:
- a separate phone that you take outside, while the main phone always remains at home in a protected place;
- the main phone must be reliably protected from surveillance: cleaning the OS from tracking components, you can use the protected CalyxOS operating system instead of stock Android, no SIM cards;
- IMEI and MAC address randomization;
- connecting to remote servers via Tor;
- clearing phone memory after a session;
- in the absence of a second phone (for the street), you can set up a double bottom for Telegram : one password opens the standard application, and the second password (in case of detention) deletes prohibited chats and channels and sends SOS to relatives and friends;
Strong anonymity and encryption are the foundation of security in today's digital world.
Source
