Remote Work and Personal Safety

View this post in Portuguese (pt) | Spanish (es) | Italian (it).


This is a novel and troubling situation we’re in globally. As a remote, international organization developing tools for online safety, we’d like to share some of our tips about working from home and retaining your rights to privacy and freedom of expression.

Remote Working

Since incorporated in 2006, the Tor Project and its community have largely operated remotely. Whenever possible, we use free and open source tools that share our commitment to advancing the human rights to privacy and freedom of expression online. Here’s what we’re using now to stay connected:

IRC. The bulk of our online conversations happen in open channels on IRC, like #tor-project, #tor-dev, and #tor-www among others. If you want to chat with us about Tor, you can find us in #tor.  No matter what chat tool your organization may use, we recommend setting up an off-topic channel or direct messaging the person you want to connect with. The opportunity to interact on a more personal level by sharing news and just bantering without interfering with core channel topics is invaluable. You don’t need to share an email address or personal identifying information to register or use IRC.

Nextcloud. This productivity platform could be your alternative to G Suite. We use it for collaborative docs, calendars, and file storage.

Riseup pads. We use these for agendas, taking notes, and drafting blog posts. They don’t save indefinitely, so this isn’t for storage, but ephemerality can keep sensitive information safe. There’s no account needed, only a web browser.

For people working with at-risk groups or sensitive information, these will be particularly helpful:

Tor Browser. Using Tor Browser for searches, logging into accounts, or collaborating protects you from trackers on websites, surveillance from your ISP or anyone monitoring your network, and from censorship enacted by your ISP or government. If you are a health provider or first responder conducting sensitive searches that could be tied to people visiting you or other more easily monitorable activities, Tor Browser is a tool that can protect you and the people you serve.

I'm a doctor in a very political town. When I have to do research on diseases and treatment or look into aspects of my patients' histories, I am well aware that my search histories might be correlated to patient visits and leak information about their health, families, and personal lives. I use Tor to do much of my research when I think there is a risk of correlating it to patient visits.

- Anonymous Tor User

Signal. For 1:1 messaging, calls, and small group chats, we use Signal, the open source messaging app. It’s end-to-end encrypted, and you can set messages containing sensitive information to expire.

Jitsi Meet. For voice and video meetings, Jitsi Meet is a staple. It’s open source, encrypted, and no accounts are necessary to use it. Just choose a meeting address, say https://meet.jit.si/onionsforall, and share that link. Try this before turning to Zoom, which has come under scrutiny for its lack of transparency.

OnionShare. OnionShare allows you to securely and anonymously share a file of any size without any third parties. If you need to share critical resources with individuals or groups, the latest version of OnionShare also allows you to spin up an onion site only accessible over the Tor network.

share.riseup.net. This is a web-based tool for speedily sharing smaller files (up to 50mb). We frequently drop riseup links into our IRC channels to share photos and screenshots.

If you’re still not finding the right tool to fit your coworking needs, anarcat, SysAdmin at the Tor Project, has more recommendations for Remote presence tools for social distancing.

Personal Safety

Home isn’t a safe space for everyone. We realize that there are many people who are suddenly at home more often and in relationships that put them at risk of harm. If you are seeking help in a relationship or are in contact with someone who needs help, we recommend using Tor Browser to seek information or assistance without leaving a trace of that search or browsing history. The National Network to End Domestic Violence has additional recommendations you can follow.

The same goes for anyone researching sensitive personal topics, be they womens’ health resources, immigration resources, or information about medical or mental health conditions: Using Tor Browser, in combination with its default search engine DuckDuckGo, can help you keep your personal information to yourself, empower you with the ability to choose what you share, and allow you to access critical information and resources that may be blocked or under scrutiny.

I use Tor Browser to research about mental diseases, e.g. depression, that occur in our family. I don't want anyone to know about these diseases who I don't want to tell. That's why I use Tor for researching about anything related to these diseases.

- Anonymous Tor User

Many of the tools for coworking we outlined above, including Jitsi, Signal, and OnionShare, can help you communicate more safely in difficult circumstances.

Stay Connected

These are uncertain times, and it’s critical we stay connected and do our part to keep each other safe. If you have any questions about Tor, how Tor or any of these other tools may be helpful to you, join us in #tor on IRC.

If you want to get involved with our work, we welcome you to join our community. We are a small nonprofit organization with a big mission: to make privacy and freedom the default online, and our work is made possible by countless volunteer contributors around the world. Our second DocsHackathon, a totally remote event, starts this Sunday 22 March, and we’d value your time, contribution, and presence. We hope you'll join us.

We are just one of countless online communities where you could make an impact, so if you’re not finding the right fit, keep exploring. This could also be an opportunity to start your own.


As a nonprofit organization, we rely on supporters like you to keep Tor strong. Donate now to help us take back the internet. If you're financially able, developers of these other tools, including Riseup, could also use your support. Even a small amount can make an impact.

> [I'm] Looking to help in [my area]

COVID-19 Mutual Aid Resources and Map
(Of course, take personal protective measures if interacting in person.)
http://bigdoorbrigade.com/2020/03/16/covid-19-mutual-aid-resources/

Meet 17-Year-Old Avi Schiffmann Behind a Coronavirus Tracking Website Used by 40+ Million Globally
https://www.youtube.com/watch?v=AXFm2u4EHrs

Basic services, electricity, water, petrol stations, grocery stores, internet, etc. will remain on. Personal preparations are similar to those of a natural disaster, but unlike a natural disaster, services and normal logistics will remain operating, resupplied, and available. In the problem category, most issues seem to me to be economic-service related and psychological. I would look back at how industry-city societies got along through the 1930's Great Depression and at types of societies today that get on comfortably without dependence on western banking hierarchies. These tend toward community cooperation and some barter of goods for services in place of currency. Although, in our situation, basic services and goods will remain available and resupplied.

One could think of this as a staycation. Do your rainy-day activities. Catch up on chores you've been neglecting. Get creative. Start an exercise routine. Practice how to do something new from online tutorials. Cuddle up with a book you've been meaning to read. Plant a fruit tree species native and non-invasive to your area.

Please prefer regular non-antibacterial soap. There's no reason to prefer hand sanitizer unless you are frequently in physical contact with other people's surfaces or don't have access to a sink. Leave hand sanitizer on the shelf for cashiers, public transportation drivers, and workers who don't have a chance to visit a sink. Leave N95 and better masks for nurses and people who are having symptoms.

If you have symptoms and can't get a medical mask from a doctor's office, local stores, or online, then you can search for tutorials to make a low-grade non-medical dust mask out of layered paper towels, coffee filters, or cloth and rubber bands or string. After you fit a new mask to your face, do not touch the front. Try not to adjust it or touch your face at all. If you have to adjust or remove a mask, only touch the ear bands from the back after you wash your hands.

Anonymous

March 20, 2020

Permalink

Wonderful post Steph. Certainly deserves wide circulation in our community and far beyond. It's a regular discussion, and this was a great summary of options for today.

Anonymous

March 20, 2020

Permalink

> IRC

No end-to-end encryption, and clients leak metadata. Torify them:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IRC
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
https://trac.torproject.org/projects/tor/wiki/doc/SupportPrograms

Note: Client programs or apps may have DNS leaks or features that can transmit characteristics of your device or your network. These may not be mitigated by torifying.

> Riseup Pads

All of them require Javascript. If you want to avoid Javascript, use a basic pastebin. I wish there was a static site generator of no-js wikis. It's harder to edit sites in git.
https://github.com/xwiki-labs/cryptpad
https://github.com/ether/etherpad-lite/wiki/Sites-that-run-Etherpad-Lite
https://duckduckgo.com/?q=create+"a+pad+with+the+name"

> Signal

Content of messages is end-to-end encrypted, but its protocol leaks metadata. Torify it if possible:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/InstantMe…

> Jitsi

XMPP leaks metadata. Torify it:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/InstantMe…

> share.riseup.net

Instances of Up1 require Javascript. Use OnionShare unless you have to disconnect.
https://docs.google.com/spreadsheets/d/1vrKixs_ItQlLnGK6_D22qP3NhRPiD8n…
http://felixxxboni3mk4a.onion/
http://matrixtxri745dfw.onion/

Metadata Anonymization Toolkit:
https://tails.boum.org/blueprint/doc/mat/
https://0xacab.org/jvoisin/mat2
https://www.whonix.org/wiki/Metadata

> Riseup

Lavabit.

Plus one to all that.

Of the modalities cited in the blog post, OnionShare is the only one I can use out of the box. The problem is sharing the onion address, because Tails Project removed the IRC automatically configured accounts (under pressure from US or EU LEAs?).

I ask again: can Tor Project restart from scratch the Tor Messenger project? Or at least ask Tails Project to take out something nonessential and put back in auto chat? (I guess Tails is trying to keep the total size of the Tails ISO image at about 1.1 GB so that updates of live Tails USBs will not fail.)

Riseup and (IIRC) Lavabit both have been coerced into giving up account data by LEAs. The reasons for the intrusions into the servers has never been explained, IIRC, in the case of the second known NSL received by Riseup. IIRC, Lavabit was coerced into giving up account information associated with Edward Snowden--- someone please correct me if I misremembered.

Anonymous

March 22, 2020

Permalink

Hey,

I would like, on a close subject, to know a bit more about hard drive encryption. It seems to be plenty of "guides" about this, but which one to trust ? Would love a Tor guide about how to encrypt hardrives.

Tor + Bitmessage or Ricochet would be good if their releases were up to date.

Messengers can also be graded by presence/history (Can chatters receive messages offline or connected intermittently?), availability (Which OS's, desktop and mobile, are not supported by the messenger? Which OS's must all chatters be running?), and battery life (Presence, software crypto, and mining blockchains drain batteries.). There is no messenger yet that satisfies every criteria I want. Some criteria are inversely proportional to each other. It might be technically impossible to satisfy every criteria.

Anonymous

March 23, 2020

Permalink

Nice post Steph

Jitsi Meet needs WebRTC to work, right?

Is there any way to use Jitsi safely in the Tor Browser, without leaking IP addresses?

The approach of Tor Browser seems to completely disable WebRTC but there are some browsers based on Firefox which leave WebRTC enabled while correctly proxying WebRTC IP read requests. Also uBlock Origin says it can block WebRTC leaks.

So I think it should be possible also in the Tor Browser but I don't see any recommended or documented way to do so.

Thanks for clarification.

Is it safe to assume Jitsi can still be used securely with Tails or WhoNix?

Incidentaly, in case it is of any interest to Tor Browser devs, IceCat aparently already supports WebRTC without leaking IP (eg. when used over VPN).

I don't think a recommendation would be a good idea anyway. Jitsi meet is not necessarily end-to-end encrypted, so the server has access to the video, audio and chat data. I felt very disappointed, as I first learned about the tool from this blog, and have already used it, assuming it is fit for the most paranoid. Only later learned that is it not so. :'(

According to the issue below, the call with 2 participants can be end-to-end encrypted if clients establish p2p connection, and "the switch from p2p to the bridge can happen without any user interaction ". The conference calls are all decrypted on the server and the chat is also stored there. (btw, they also use google analytics)
https://github.com/jitsi/jitsi-meet/issues/409

Is there ever any e2ee conference call solution alternative? I only see that you can make jitsi secure by hosting your own instance. For 2-people chats, I see that Signal and Wire (and WhatsApp maybe?) offer e2ee video and voice. Any other?

Anonymous

March 24, 2020

Permalink

Why are you recommending the privacy-hostile Signal? It requires a verified phone number to use.

Anonymous

March 25, 2020

Permalink

hi

Anonymous

March 29, 2020

Permalink

"privacy-hostile" ( from a couple of posts above )

Is requesting; or to be fair, registering being contingent upon entering a phone number .. "hostile"? I get the implication.. but is term being used correctly?

( I'm not saying that it isn't )

It might be less assumptive to say "inaccurate" or "misleading" rather than "hostile" if someone asserts Signal is private. The point is that your username in Signal is a phone number that you have access to, and a phone number practically reveals your physical location and is usually tied to your real-life identity.