cross-posted from: https://hexbear.net/post/3876283
I'm passing this question along, because I think we might have folks here who have some suggestions.
What tools or combination of tools are folks using to organize in your local area and beyond?
A relative of mine was asking me about software to replace the event/RSVP/page aspects of Facebook.
It almost sounds like he wants a locked down Lemmy instance or a combination of tools, but I'm not sure what the landscape is like out there.
Any input would be cool. I might link him to this post later if I get enough comments.
whatever you use; be sure not to put any identifiable personal information in it and insist on using mullvad or firefox vpn only (other vpns won't help).
they already have that information, but why make their jobs easier on them. lol
security researchers have found exploitable weaknesses in all vpns except for mullvad and firefox.
I use AirVPN for port forwarding torrents, and I heard IVPN was good. Are those included?
Edit: From what I read online, IVPN was among the VPNs tested, and it is also on par with Mullvad and Mozilla.
they'll all be patched soon; that's the reason why we have security researches.
It wasn't the most polished experience in the world when I used it, but it didn't require anyone using it to set up an account.
I also found the jitsi is the best for screen-sharing, it doesn't ruin the quality too much and doesn't overload your network
Signal. There will definitely be people with valid and not-so-valid criticisms of it, but it's a very good tool for organizing. It's low-barrier-to-entry, it is very secure (conjecture notwithstanding), it scales really well, and does chat/text/video. You can have big "general" chats, and many other smaller ones for more specific or spicy reasons. Always make use of the disappearing messages function, as well as the username function.
Outside of Signal, you'll need someone plugged into the "normie" channels like Instagram and Facebook and tiktok etc for public announcements. Certain actions you'll want to announce securely via somewhere like itsgoingdown.
I wish matrix or XMPP was used more.
Some valid criticisms of Signal here: https://dessalines.github.io/essays/why_not_signal.html
I've read that before, I think it includes valid and invalid. I would also like to recommend Matrix and XMPP, but in my experience neither is a finished, smooth experience (yet?).
Edit: adding this link for some criticism of Matrix.
I just posted the dessalines essay for the readers' reference.
I believe Matrix and XMPP are just slightly less convenient, which is difficult for a mass userbase to adopt. XMPP has been around for a while, and I would consider Matrix, XMPP, and Signal relatively the same in regards to their development and stability. Matrix and XMPP are a bit more advanced and have a slightly higher learning curve, which I don't think is going to disappear. However, I would like ML organizations to adopt alternative tech more and not be so reliant on Big Tech (especially Google Cloud services), even at the cost of convenience. Thus, I would like see more techie comrades be recruited so they can help develop and maintain the technical infrastructure and train the other comrades before shit hits the fan.
I hear and relate to your concerns. I am security minded, personally, professionally and politically. I recently helped present a seminar on TAILS for local activists. In my opinion, the current, overall best solution for most people for secure over the internet comms, is Signal.
Matrix is maybe the leading contender in my eyes, but will require further development and testing. XMPP is honestly kind of a mess. If I was in total control of a network of XMPP users, I could have them all use the exact same client and server (or hand select a few totally compatible servers). Otherwise, letting people just choose whatever means that you inevitably won't have working encryption between clients.
XMPP and Matrix also share the problem with Signal that people are going to have to trust the server (or trust themselves to run it securely).
Edit: when SHTF we'll need radios.
I recently helped present a seminar on TAILS for local activists.
I aspire to do something like this someday.
In my opinion, the current, overall best solution for most people for secure over the internet comms, is Signal.
It is better than other alternatives, and for the sake that it is more widely adopted and familiar with many people, I would have to agree.
Matrix is maybe the leading contender in my eyes, but will require further development and testing.
Same and I agree.
XMPP is honestly kind of a mess. If I was in total control of a network of XMPP users, I could have them all use the exact same client and server (or hand select a few totally compatible servers). Otherwise, letting people just choose whatever means that you inevitably won’t have working encryption between clients.
Yeah if XMPP were to be adopted in an organization, I would have the accepted clients/servers limited to the most established ones in regards to security and compatibility.
XMPP and Matrix also share the problem with Signal that people are going to have to trust the server (or trust themselves to run it securely).
Same with a forum. To answer one of OP's questions, self-hosting forums or chat services would be ideal as long as someone trained in security can keep on top of keeping the server and each of the clients secure. For an ML organization, this is a big cost, so an application like Signal is usually sufficient for most cases in regards to organizing while minimizing the costs and efforts that could have been used for more important matters. Nevertheless, I believe Matrix could be a good alternative as it exists right now.
Edit: when SHTF we’ll need radios.
Radios could be risky, too, especially if not encrypted, though Hamas seems to be handling radio communications effectively. I just mean it would be good for comrades to begin studying effective opsec practices and countering increasing levels of surveillance with high and low tech, progressively moving towards the latter as things get worse.
As far as teaching others, something I've learned is that (especially with tech) you always know more than someone. Certainly when it comes to security there's an added weight of responsibility to give accurate information, and you'll want to give the usual caveats.
Define your goals. Define the threat model(s). Research the tools appropriate for the above use cases. Translate your findings into "layman's terms". Make a zine or slideshow or whatever. Practice it and present it! Leave time for questions, and then plan further lessons if people want to get deeper.
Last but maybe most importantly: find a comrade or two to help with all of this! The research, "sanity check", the presentation, the q&a...
I just remembered reading something critical about Matrix so I went and dug it up:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
It's worth reading all the way through, even if you (like me) have to skim over the math. There's even a link in there discussing XMPP+OMEMO.
Damn techbros. So frustrating to see critical issues not being fixed due to arrogance, ignorance, negligence, and/or laziness. I wish developers would be more meticulous, especially with projects where security is critical. Then again, if the open source projects received more funding to hire more devs to focus on these security holes, these projects would probably be much better. But it seems to be a common theme that pointing out critical security issue in a project full of evangelists will return a twitter-slop, boomer meme response. Techbros are deeply unserious, and sadly they work on very important projects.
Very interesting read. I feel better about the use of Signal now as Matrix and XMPP appear to be much worse and poorly managed. I do want Matrix to improve since it can be self-hosted, but I believe a fork and a dedicated team, one which is willing to fix deprecated libraries that most clients use, would be necessary. The work has already been laid out since the blog author has already made good suggestions to fix each issue.
I'm glad I chose profanity to use for XMPP and prefer to use pgp encryption, but that doesn't solve the issue when the majority of clients do not. Encryption needs to be baked into a protocol by default, otherwise the least common demoninator which has poor opsec endangers everyone else, let alone the fact that even the best cybersecurity professionals struggle to be secure and private in today's world of surveillance.
I really should study cryptography and cybersecurity.
Nobody mentioned it yet, but Framasoft makes organisation software like shared calendars, collab documents, events, and so on.
List of radical servers/services (free, if they're still up)
Here's a list of services one can self-host.
I'd also like to recommend Riseup, Disroot and Autistici/Inventati. They offer email/newsletter/blog/collab, etc.
A relative of mine was asking me about software to replace the event/RSVP/page aspects of Facebook.
Nextcloud is an alternative to Google Workspace, and there's Nextcloud Forms, which can be used instead of Google Forms and the like. Nextcloud also has a calendar which is necessary for keeping track of events.
It almost sounds like he wants a locked down Lemmy instance or a combination of tools, but I’m not sure what the landscape is like out there.
Not sure if using a federated social networking platform like lemmy would be much better than just creating a locked down traditional forum, such as Discourse. It's something I have thought about, but it seems locking down a federated instance somewhat defeats the purpose.
Btw, Tails is a good OS to run on a flash drive during critical situations.