Are we Trump ready?

We know things are still fresh and we are still grappling with the outcome of the US election. We were really hoping we had more time—also so that we could have gotten further with Acter before this time arrived, but here we are. There is an urgent need to have that difficult conversation about the underlying tech that a lot of activism is using right now, in the US and all over the world, while there is still time to do something about it.

TL;DR:

• Move any unencrypted data off US-companies & cloud provider NOW
• WhatsApp is not secure, move off it now
• Signal is probably secure, but could become a very interesting target to take down
• Telegram has never been secure, think of it as a social network and not a messenger. Therefore, don't use it as a messenger.
• AppStore monopolies are a mid-term Achilles' heel for distribution of Apps.
• Not sure about your assessment? Get help now!

Why talk about this? And why now?

In case you are not aware, the biggest economy in the world just elected a fascist as their next president—and unlike last time, his cronies behind him come prepared this time around. He won't only have control over the US government but also over the legislature, the courts, but also the biggest and most sophisticated military, security and spy apparatus of the world. Last but not least, most of the worlds major tech companies are based in the US and if public statements are any indicator, they are willing participants to help out that government.

The threat level for a lot of social movements using any digital tools to communicate has vastly changed with the election outcome. But there is still time to do something about it (at least to some degree).

Thread-Level?

To understand better what will be outlined below, you first need to understand how professionals think about security (skip ahead if you already know about that). Security isn't an absolute term that you can just achieve. There is no life without risks. Security depends immensely on the situation and circumstances you are in and what you are doing. That's why any good professionals first question will be: secure from what/whom? Because the first thing to clarify is: what is the threat, who is (behind) the threat, why do they do it and what capabilities do they have? Know your enemy.

Based on that knowledge you can assess your vulnerabilities to certain threats or attacks that enemy might deploy. That is why that US election matters for so many people. Even for people who's threat level contained a state-level actor, those states weren't really capable of what the US is capable of. Even then, those activists could count on that whatever they did on US tech services wouldn't just be used to curry favors with autocrats on the geopolitical stage. This has changed now.

If you are using US services and what you do is not in favor of that new government, or even actively apposes them or anyone that the government might wants to cozy up to, do not expect that anything on those services will stay private.

Consider US-based Cloud Provider breached

This includes Google Mail, Google Docs & Drive, Notion, Microsoft Office & Teams, Zoom, Facebook, Discord, Slack, Instagram (DMs), but also anything hosted on Amazon AWS, Microsoft Azure or any of their resellers—ask your service provider, even many open-source software-hosting solution use US-affiliated hosting solutions.

We have seen no indicators that the surveillance programs run by the CIA and NSA leaked by Edwards Snowden in 2013—remember XKeyScore and PRISM—have been reduced ever since. We have to assume the opposite. While the Tech Industry did a lot to prevent such data to be swept in transit and secure their own infrastructure, already back then the reports revealed that some willingly gave that data, others were coerced or hacked into.

I believe it is fair to assume that whatever you have stored unencrypted in any of these US-based cloud providers ever can be found in those databases already today.

Even if it isn't store in that database yet, the legal powers (not as if Trump cared much for the law) of that government already today allows them to force any of those US companies to hand that data over to you–and force them to not tell you about it. And just because you "deleted" it, doesn't mean it is really gone from their servers.

Tip: To prevent any further breaches, you should be switching your cloud solution to a non-us-affiliated entity NOW—but surely before Jan 20th.

Side note on the "severity": You might not consider that information particularly relevant or revealing. But if you ever get into the cross hair of anyone in that security apparatus and they have access to internal documents and communication they can also use that "paint a certain picture" to the public about your organization by having it strategically "leaked". Access to this sort of information is not only interesting as part of gathering intelligence, it can also be used against you, if the adversary wants to destroy you and doesn't care about law or due process.

We use secure messaging, we are surely safe?!?

Unfortunately you will get the "Well, it depends" from me on this one.

WhatsApp isn't safe

If you are referring to using WhatsApp, then no. WhatsApp is part of Meta (that Facebook company), which isn't only already itself tying in that meta data of who is talking to who, but I have zero doubt that they would share that with any security agency, too. Yes, the content of your messages probably (we've never seen that source code!) won't be shared, but who is talking to who, how often, which other people are in that chat and so forth. And thanks to tying that to phone numbers, this gets really nice and handy to track.

Additionally, WhatsApp has that dark-pattern of "encouraging" its user base to store the backup of the messages on the (Google) cloud in clear text—which means the paragraph above applies. Relying on that none of any chat participants have activated that feature is just wishful thinking. You have to assume that at least some people have that activated, negating the entire point of them being end-to-end-encrypted as the government can just swoop the messages from the backup of the cloud provider.

Signal is probably safe, but ...

Signal is probably the most beloved communication Apps for activists. We at Acter are using the same base-line encryption protocol, too. They have a long track record of upholding their own standards and I have the highest trust and believe in their entire team that they will fight any court order that comes their way. It also has it going for itself that they don't store messages and due to the centralized nature can rely on storing very little information in general to hand out. And until recently, if all you want is chat, Signal is what we recommend to people.

But we are reassessing that recommendation as of now. Because Signal is a still a non-profit under US jurisdiction with their team and their servers entirely US-based. Though there isn't much to gain from getting their data, it being so popular among adversaries of that government and a centralized instance makes it an interesting target to surveil and "relatively easy" to shut down for the US security apparatus. So far, that wasn't really a threat, but if people now moved over there, it could become an interesting target for the upcoming government to target and shut down by legal means.

I am sure that the team will fight this to the bitter end, but I have little doubt that if deployed the US security services would not have a hard time shutting it down. This isn't an immediate threat though, like moving off the cloud provider is, As there isn't much stored at Signal of value, the intelligence gathered is rather limited. It is also not to be expected that Signal would just go away from one day to other, but we'd probably see a prolonged smear-campaign to legitimize the actions taken followed by some rough legal battles, if the administration chose to take it down (akin to what you see with TikTok at the moment). But the threat could become real quicker than we want to admit.

Telegram, Wire, etc.

As this article is already pretty long, let's not go into detail about each individual messenger that is out there. Nevertheless, if you use something else than WhatsApp or Signal, you should have an understanding of why you'd pick them.

That being said, there is one more "messenger" we have to talk about: Telegram. I've put that into quotes because to me, Telegram doesn't really count much as a messenger as by default its chats aren't even encrypted. It has more hallmarks of being a social network than a messenger at this point. But it is a popular means of communication upon activists, and though it isn't hosted in the US, we need to address it. Arguably, nothing much has changed on the assessment for Telegram with the election itself, but you shouldn't think that this means it is a safe means of communication  — it is not. I leave googling the details of that to the readers pleasure, but just remember its chats aren't event end-to-end-encrypted by default. I assume that the US has all those messages in its database.

So, what about Acter then?

We have been working on Acter under the premise that fascism is on the rise for a few years indeed—but as stated above, we hoped we had a bit more time to prepare for such a huge potent bad actor. We have picked an open, decentralized chat protocol (Matrix) with strong encryption as our base line and all our data storage in Europe in expectation of such events taking place. Using a decentralized system also allows you to run your own server anywhere you want, and even continue to do so if we—the legal entity behind Acter— were to be going under legal fire.

With any further server/legal entity in the network it also becomes less attractive to attack any single one of them as you wouldn't even be taking it down. Additionally with being built upon the open protocol if you ever lost trust into our ability to ship a trustworthy client, others are there to take its place (though not having all the same features as the time of writing).

Limiting access to limit infiltration

Another important aspect to mention is that due to their rather narrow chat-only-nature there is another common threat with chat apps: infiltration. In security sensitive environments it is common practice to separate access to certain aspects and conversation to a need-to-know-basis. While on the chat-only-usage pattern common with a lot of groups nowadays, everyone is just thrown into the same large group with essentially the same posting permissions, rarely with any due diligence on their part. Which makes it very vulnerable for infiltration for both intelligence gathering but also to disrupt the ability to communicate in the first place (by disruptive patterns and language in those rooms).

To avoid that problem, as well as ensure a better separation of signal from noise, Acter allows you to easily split into sub-spaces infinitely deep. Allowing for easier specialization and ensuring more limited access where that is needed.

Infiltration is a rather expensive measure compared to the others mentioned above, as it requires quite a bit of "manual" labor on the bad actors part. So we believe the risk of that happening at this time for most groups is low. If you are a high priority target however, this could become a viable threat that the US security forces have a history of being able to pull of successfully.

Gaps within Acter

That said, Acter isn't a perfect conditional for all problems either. Due to the decentralized nature of the underlying protocol more routing data is needed and stored on our servers than we'd like it to be. We believe that having a network which is effectively splitting that central power into many smaller entities is more resilient and harder to take down and thus outweighs the risk of that metadata. But there is more we can do, there is more data that could be reduced and encrypted in the underlying protocol, as well as within Acter itself, which currently doesn't have its workspaces encrypted due to the linear nature of the underlying state machine.

Further more we recognize that we are currently using a DNS provider from the US and our legacy product (Acter 2.0) is still on a AWS instance (though that hasn't been used in a while). Though neither of those is relevant for any data itself, we will be moving away from both before the inauguration in January as a result of this election.

And there are other aspects, like being able to use the app in off-grid fashion without any direct global DNS resolution available (e.g. because the security forces around you might have shut down the 5G network) that have been on our planning but need more time before they can be realized.

Finally, we have to talk about one part we can not easily move of from:

The App Store are with US Companies

A major mid-term concern we are having is being forced to rely on trusting US companies for certain supply chain services: in particular to send push notifications (though they do not contain any decrypted information!) and shipping the App itself. The latter is probably most known to you as "AppStore", which aren't only hosted by the two Big Tech Giants Apple and Google but there are even more problematic patterns coming in the last few years whereby we can't even ship to Mac or Windows anymore without also having those companies cross-sign what we do.

Thus if these companies were compromised or forced to attack our App—or any App really, including Signal or WhatsApp— that is of interest to the new administration to infiltrate—even only to do so for a specific target audience— they could. There would be nothing from stopping them to ship a different or somehow altered version of the App through their App Store. And that wouldn't even be any way for us to know. Though we don't expect that to happen in the very short term, we are highly appreciative about the EUs rules to allow for alternative AppStores and will make sure that we allow installing through those as well in the mid-term.

Further Resources

European alternatives for popular services | European Alternatives

We help you find European alternatives for digital service and products, like cloud services and SaaS products.

European Alternatives

• 👉 If you are under immediate threat, the Access Now Digital Security Help Line is there to help you
• 👉 More about How to make a Security Plan
• 👉 The Digital Wellness Check allows you assess further risks easily
• 👉 The Activist handbook offers several alternative to various digital tools used

Additionally, we are currently working with external partners to offer an "in app panic button" for people in distress and need of immediate help to ensure their safety. Stay tuned for that to come to your own Acter app in the near future.