Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!
When discussing the topic of OPSEC, an important concept that inevitably arises is compartmentalization. Broadly speaking, compartmentalization can be defined as separating different activities into different buckets in order to prevent them from being linked together. This concept is perhaps most commonly seen using online emails. You may want one email for all of your social media, a different email for all of your online purchases and a different email still for all health related items. This same concept can be applied to your online chats. In this tutorial, we will explore the different types of chats, how to compartmentalize them based on their contexts and when each one is optimal to use.
The chart below describes 4 different types of chats. They are separated by their unique characteristics, and a brief description is provided along with technical details and some pros/cons for each category.
| Public Chat | Private Chat | Anonymous Chat | Deniable Chat | |
|---|---|---|---|---|
| Description | A conversation that is viewable by anyone, taking place in a public medium | A conversation whose contents are known only to the participants | A conversation where some/all of the participants are not know by their real identities | A conversation that cannot be proven to have taken place |
| Example | Alice and Bob speak in a sports stadium | Alice and Bob speak in a private glass conference room at work | Alice speaks to a mysterious man in a trench coat | Alice speaks to Bob but there is no record of their conversation or proof of what was said |
| Technical Requirements (Online) | -None. No E2EE required | -E2EE is required | -E2EE is required -No user IDs, no IP address linkability |
-E2EE is required -No user IDs, no IP address linkability -Disappearing messages |
| Pros | -Easiest to achieve -No restrictions -Suitable for any environment |
-Contents of conversation are secure -Many apps now implement E2EE |
-May assume different anonymous identities for different conversations -Suitable for exploring controversial topics |
-Off the record -No history of the conversation -Suitable for sensitive topics |
| Cons | -Anything said can be linked to your real identity | -May still be known the conversation took place -May be able to build patterns based on conversations |
-Requires specialized software | -Requires specialized software -Requires specialized settings configuration |
As with many things, these chats exist on a spectrum between being more convenient and being more secure.
Let's take a look at a few examples to illustrate these concepts. First up is a public chat similar to what you'd find online, on social media, in public chat rooms, etc.
This conversation, tied to Alice and Bob's real identities, is visible for anyone to see. Public chats such as this one pose the smallest barrier to entry as they can take place anytime/anywhere. Any information discussed, such as their plans together next weekend and mode of transportation, are now publicly known by anyone present at the time of the conversation. Alice and Bob may openly show their support for their favorite football teams, but what if there was some information they didn't want others to know?
For discussions involving information that is not necessarily meant for everyone to know about, we have private chats. In private chats, participants may still use their real identities, but the key differences is that the information is only accessible between the parties chatting and nobody else as the conversation is End-to-End Encrypted (E2EE).
Alice may be uncomfortable announcing to the world she's short on cash at the moment, but can confide in her friend Bob with this information. In this private chat, only Alice and Bob know what was discussed and a record of this conversation exists. Luckily many popular chat apps are starting to implement E2EE, but without also including metadata protections, patterns can still be gleaned based on which contacts you are talking to and how often. But there may be situations where someone may not want you to know who they are when they're speaking with you. What happens in that situation?
For discussions where one participant (or multiple participants) don't want the conversation tied in any way to their real identity, we have anonymous chats. With increasing OPSEC requirements comes the need for more specialized software, which may be more inconvenient for certain people.
In this example, Alice is speaking with someone who doesn't want to have their persona tied to their real identity (the participant is using an incognito profile). The nature of the conversation may include controversial topics such as insider information. To achieve an anonymous chat, there must specifically be no user identifiers and no IP address linkability. An added benefit of having no user identifies is that a person can create disposable personas on the fly and use a different anonymous identity for each new conversation. But what if we need to communicate and can leave no trace of the conversation ever having taken place?
For the next step up, deniable chats, we must build on everything we've discussed up to and further employ disappearing messages. This is the only chat type suitable for discussing sensitive topics.
When Alice starts up this chat, she selects using a new incognito profile. Additionally, she navigates the chat settings to enable disappearing messages and sets a desired timeframe.
The icon next to the contacts name denotes Alice is speaking anonymously in this chat, and the timer in the chat denotes how long until the conversation messages auto-delete for all participants. After 24 hours, the contents of this chat will appear blank thus providing plausible deniability for all participants. This type of chat requires not only the specialized software, but also adjusting some settings to achieve, making it the most secure but also the most inconvenient of chat types discussed.
By compartmentalizing our chats based on our different requirements we can prevent topics we want to keep private from overlapping with our real identities. The advanced configurations discussed in this tutorial may cause some friction during setup, but the intuitive user interface makes it manageable for anyone willing to give it a try. More advanced users should look into self-hosting their own SimpleX servers and routing traffic through Tor.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Donate XMR to the author: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3
