Gibberfish, Inc./Gibberfish User Documentation
-
17d3ca2ac782ac79e8b6fc981177f266feb18301
17d3ca2ac782ac79e8b6fc981177f266feb18301
By ‘robust’ we mean procedures that have been established or vetted by trusted security experts. These include, but are not limited to, the Electronic Frontier Foundation (EFF), the Guardian Project and Tor project. -
1e19aa6796ef3abfdf38c00741b6a023425de6c8
1e19aa6796ef3abfdf38c00741b6a023425de6c8
We use ‘consistent’ to emphasize that the intermittent use of any security practice is as bad as not using one at all. Once you develop a threat model and a strategy to defeat it, you must apply that strategy every time you engage in private activities. -
dfac53482355c6d785945a68220e958ad0613511
dfac53482355c6d785945a68220e958ad0613511
Every user must understand your group’s Threat Model and consistently use the same security practices. -
045754cc8c7e2af2888bddc4ba5e1d2b2f13a993
045754cc8c7e2af2888bddc4ba5e1d2b2f13a993
For more information on Threat Models, please refer to this excellent primer produced by the EFF. -
94e07a7d4a3ef83c0a054fe871a39a9030ccc8e8
94e07a7d4a3ef83c0a054fe871a39a9030ccc8e8
When you first log in, your chat roster on the right side of the screen will be empty. From the menu at the bottom you can Add Contact. Just start typing and it will automatically search for existing users on the server, or you can type in the XMPP address of external users. -
5c1236f668a257440daa9a0b7321cb0f2682aa41
5c1236f668a257440daa9a0b7321cb0f2682aa41
To stay connected when you’re not logged in to Gibberfish, you can also connect to the server directly using an XMPP-compatible client such as Adium, Pidgin, or one of many mobile apps. -
edb248159cdb46742ae7bae016a014e9f32727eb
edb248159cdb46742ae7bae016a014e9f32727eb
The chat server is also reachable as a Tor “onion service” on port 5222. Ask your administrator for your server’s Tor address. -
4c53b49a35a006dcbffc2ac76310942f466059a3
4c53b49a35a006dcbffc2ac76310942f466059a3
However, when chatting with users outside your server, you have no guarantee of privacy unless you and your contacts use an end-to-end encryption plugin such as “OTR”. Most chat clients support end-to-end encryption, and have guides to help you understand and enable it. -
5e0bf90e5b370de9601d1b219fe802b1fa0194ac
5e0bf90e5b370de9601d1b219fe802b1fa0194ac
It is difficult, but possible, for your data to be intercepted by resourceful adversaries while in transit. For this reason we do not recommend syncing your data without carefully considering your Threat Model and your security practices. -
a272a64e66586176bf2059c47a1746ac98880816
a272a64e66586176bf2059c47a1746ac98880816
Administrators should also familiarize themselves with the Admin Manual. -
1bd67605c99104e586f5996a811e649cb688cd6d
1bd67605c99104e586f5996a811e649cb688cd6d
Finally, we recommend subscribing to the Gibberfish Blog in the News app to keep up to date on important announcements and our canary statement. -
537203e53e8e3b4f5b2118dd40501d6ef1f1f297
537203e53e8e3b4f5b2118dd40501d6ef1f1f297
We rely on donations to survive. If you can afford it, please consider making a charitable contribution of any amount at https://gibberfish.org/donate. We will appreciate it immensely. Thanks! -
bfbf6366a4fc012bcb27a4dd9ba8ab99822cba80
bfbf6366a4fc012bcb27a4dd9ba8ab99822cba80
For security reasons, we only respond to requests from your registered Administrator. If you have service-related questions, please ask your administrator. -
79799fc6ec788ff693f1a9a37f3ac93134cf4ec8
79799fc6ec788ff693f1a9a37f3ac93134cf4ec8
PROFILE -
5d075aaa4a300219a87aca496d1b52dae2344ce2
5d075aaa4a300219a87aca496d1b52dae2344ce2
If this is your first time logging in, you should take a few minutes to fill out your profile, and while you’re there change your passphrase! Click on the colored circle in the upper right corner and choose Personal to edit your profile. -
0410628e5f55289cbd73e449fccbe9a0afda2a5b
0410628e5f55289cbd73e449fccbe9a0afda2a5b
PASSPHRASES -
1fc2432671a4b219b10be09af089ea70b2c4aa0f
1fc2432671a4b219b10be09af089ea70b2c4aa0f
TWO-FACTOR AUTHENTICATION -
6885f5654c0e21e3d85e676178362ec5cb600fe3
6885f5654c0e21e3d85e676178362ec5cb600fe3
Once you’ve changed your passphrase, we also strongly encourage you to enable Two-Factor authentication (“2FA”). This involves installing an app on your mobile device that generates a unique 6-digit code you must enter each time you log in. For someone to hack your account, they would need to know your passphrase and physically possess your phone. This combination keeps you more secure. Because Gibberfish is part of the Nextcloud ecosystem, you can use the Nextcloud 2FA app. This app supports FreeOTP, which can be downloaded in the app store for Android and iOS devices. -
bea37f16d0f9be0c255d8a08ee4a6e763670be26
bea37f16d0f9be0c255d8a08ee4a6e763670be26
KEY VAULTS -
a5a24ec77441ffde7cb7af47dd78ae1d0ac85568
a5a24ec77441ffde7cb7af47dd78ae1d0ac85568
If you’re not already in the habit of doing so, it would be a good idea to store your passphrases in a key vault like KeePass. Key vaults make it easy to securely remember all your passphrases. You will need to lock your key vault itself with a Diceware generated passphrase. In addition, we strongly recommend you enable full-disk encryption on the device storing your key vault.