Skip to main content

Keeping group chats as secure as possible

Larger chats such as Local Group chats, cannot be practically kept completely secure, because you need to be able to welcome new people into them. It is therefore important to make it clear that these chats are not secure, and no 'spicy' information should ever be shared in them. You may want to allow people to add their friends etc. to the chat, so it might not always be appropriate to follow all of the advice below. Use your judgement to follow relevant recommendations.

Standard security measures

  1. Don't publish invite links to chats on websitewebsites or social media unless they are for 'broadcast' type channels on Telegram.Telegram or Whatsapp.
  2. Always have multiple 'admins' for a chat group, to help to remove posts or spammers.
  3. Read the page on moderating a chat.

Higher security suggestions

  1. Ideally only add people that you know well or are verified by others (trusted rebels)
  2. Make sure only admins can add new members to the chat.
  3. For Signal remember if you add someone by mistake and remove them, they can still see the info in the header of the chat.
  4. If you are doing spicy actions make sure people use pseudonyms and burner phones if possible, and that those are added to the correct chats (with their normal names and numbers removed).
  5. Make sure there are separate secure chats for action days or spicy actions so that you can delete them afterwards.
  6. Make sure you set up disappearing messages. If actions are happening soon, make sure you set disappearing messages to a day or a week. Otherwise 4 weeks should be fine (only Signal can do this automatically however Admins in Mattermost, WhatsApp and Telegram can delete others' messages).
  7. Make sure you keep the group 'invite links' off.
  8. Remember that many chat platforms attach media and files and links separately, so admins should regularly check that old media files and links are deleted.
  9. After the chat is done, and everyone has agreed that the group chat is done with, leave the group and delete the chat off your phone.
  10. Some members may not do this, so once the chat is done with, admins can remove members individually and then delete the chat off phones by deleting the group chat altogether - in this way people are not on lots of different chats that have ended which may cause security issues should someone’s phone be seized.
  11. Use the XR Cloud or CryptPad instead of Google Docs. See Document Management
  12. If you are using chats for actions read more about 'air-gapping' here.