Gibberfish, Inc./Gibberfish User Documentation
-
The chat server is also reachable as a Tor “onion service” on port 5222. Ask your administrator for your server’s Tor address.
-
However, when chatting with users outside your server, you have no guarantee of privacy unless you and your contacts use an end-to-end encryption plugin such as “OTR”. Most chat clients support end-to-end encryption, and have guides to help you understand and enable it.
-
It is difficult, but possible, for your data to be intercepted by resourceful adversaries while in transit. For this reason we do not recommend syncing your data without carefully considering your Threat Model and your security practices.
-
Administrators should also familiarize themselves with the Admin Manual.
-
Finally, we recommend subscribing to the Gibberfish Blog in the News app to keep up to date on important announcements and our canary statement.
-
We rely on donations to survive. If you can afford it, please consider making a charitable contribution of any amount at https://gibberfish.org/donate. We will appreciate it immensely. Thanks!
-
For security reasons, we only respond to requests from your registered Administrator. If you have service-related questions, please ask your administrator.
-
PROFILE
-
If this is your first time logging in, you should take a few minutes to fill out your profile, and while you’re there change your passphrase! Click on the colored circle in the upper right corner and choose Personal to edit your profile.
-
PASSPHRASES
-
TWO-FACTOR AUTHENTICATION
-
Once you’ve changed your passphrase, we also strongly encourage you to enable Two-Factor authentication (“2FA”). This involves installing an app on your mobile device that generates a unique 6-digit code you must enter each time you log in. For someone to hack your account, they would need to know your passphrase and physically possess your phone. This combination keeps you more secure. Because Gibberfish is part of the Nextcloud ecosystem, you can use the Nextcloud 2FA app. This app supports FreeOTP, which can be downloaded in the app store for Android and iOS devices.
-
KEY VAULTS
-
If you’re not already in the habit of doing so, it would be a good idea to store your passphrases in a key vault like KeePass. Key vaults make it easy to securely remember all your passphrases. You will need to lock your key vault itself with a Diceware generated passphrase. In addition, we strongly recommend you enable full-disk encryption on the device storing your key vault.
-
DIGITAL HYGIENE
-
Good Digital Hygiene is the consistent use of robust security practices.
-
THREATS
-
Understanding the threats you and your group will encounter is an important step in establishing a useful security strategy. The goal is to use only the techniques necessary to protect against your likely adversaries. This will prevent your security regime from becoming so burdensome that you stop using it. Your administrator may have already created a Threat Model describing the security challenges you and your group may expect. If you are unsure, please contact them and ask.
-
EXISTING COMMUNICATIONS
-
It is likely that you are adding Gibberfish to a variety of existing accounts and services associated with your online activities. These older accounts and services may already be compromised. We recommend using fresh accounts for any activity that involves your Gibberfish server, the content stored there, or the activities associated with it.
No more segments to load.
Loading more segments…
© 2009-2024 WebTranslateIt Software S.L. All rights reserved.
Terms of Service
·
Privacy Policy
·
Security Policy