This article is based on barton gellman’s “how to reach me securely”. This article was formerly known as “How to reach Matt Mitchell securely”.
TL;DR: hit me up on wire personal (my username is: geminiimattx)
please note the X at the end.
last updated: August 31st, 2021
What do I mean by “privately”?
The normal methods we use everyday to communicate are not private or secure. Meaning when you contact someone. You and the person you are reaching out to are not the only ones taking part in the conversation.
This isn’t a story but its probably my most important post. Here I lay out how to reach me on various secure communication tools or as some call them “secure comms”. I may usher you off the method you choose to contact me, to one more appropriate for the conversation. Please take the time to read this post carefully and to practice the steps mentally before doing them, thats the best way to be safe and secure when contacting me.
When you do reach me, be sure to verify through another channel that it is indeed me. That can be as simple as requesting me to tweet something or to Twitter DM you. Or it can be using two of the methods below. One to message me the other to verify. Stay safe & secure. I can walk you through how to do that.
Below are the services I use to communicate, also most importantly why and how i use them. So revisit this post for updates, because things change.
BUT WHO IS MATT MITCHELL & WHY CONTACT HIM?
How to reach me on WIRE Personal:
@ geminiimattx (please note the X at the end)
I use wire personal the most, reach me there. I have a lot of devices and I could hop on any one of them and access my wire account. This is part of why I use it so much. Wire is a paid service. These steps below are how to use wire for free. WIRE PERSONAL is the free version. Wire can be set up on a browser as a website you visit, wire can be installed on a phone, or installed on a computer your choice. The browser version is https://app.wire.com i use it mostly for encrypted group (“conference”) calling & encrypted group video ( the free product supports 12 person end-to-end encrypted video, 25 people end-to-end encrypted audio). If you want to have a one-to-one conversation with me I use wire personal (you will get a fast response). If you must you can send me a message on Signal (expect slower response, but I will get back to you). You can read more about Signal elsewhere in this article.
What is…wire.com: Wire, arrived on the scene, to much fanfare at the end of 2014. The company was founded by one of the co-founders of Skype , Janus Friis. wire.com’s security uses the thinking and open source code of Open Whisper System’s Signal app. Wire allows for group encrypted voice chats as well as allows me to communicate with you without knowing/finding out your phone number. phone numbers store a lot of information about you that you might not realize. I am in the business of teaching folks to lessen their digital trails, not to create more metadata. Technically one person could have several wire accounts. In a group everyone can see each others wire usernames but not email or phone number information. Making it ideal for privacy, Wire accounts are disposable in that way. Wire isn’t perfect ( wire stores a list of the people you have communicated with, it’s stored on their servers and its kept until a user deletes their account. signal does not keep a list of your contacts. There is a way to ignore your contacts but you can’t remove them, ever.) and Wire been criticized by the makers of signal, but it works for my purposes. Using aliases , creating your account from a web browser (instead of the phone app), using an email address instead of a phone number these things help mitigate some of the issues. Also if for some reason you don’t want to make an account on Wire, you can ask me to send you an anonymous wire pro edition “guest room” link and we can talk over an encrypted web page (this is not fun for me and will likely delay when we speak). Wire recently changed how their business is structured now that they are supported by an $8.2 million round of funding by Morpheus Ventures. This connects the German company that makes Wire with a US holding company and therefore may apply US law to them. Wire seems to have a security over privacy stance, but again the above mitigation s hold true. Wire is real I worked down the street from their headquarters, seen the office, and met the folks who work there and I understand their motivations for taking the investment.
When will i get back to you?: I check this account everyday. i usually hit people back within 48 hours depending on whats going on and my schedule.
How…to set up an account on wire.com and reach matt.
Pseudonymous or let matt know its me? The first decision you will need to make is if you want to keep your identity secret(ish) or let me know who you are. I recommend you try for pseudonymity. If you are ok with me knowing who you are skip to step 2 below. Otherwise, to remain pseudonymous first create a new email address on Protonmail or Tutanota , (if you use tor browser you will probably want to go with tutanota). When you sign up on wire use an alias or nickname. Also I would recommend doing all this from public WiFi like at a library. Otherwise go to the next step. NOTE: if you make a free account on tutanota it must be logged into at least once every 6 months or they will lock it down and you will forever lose access to it. You won’t need the account again unless you forget your wire password. if you pay for your tutanota account you are linking your payment details to that account which might ruin the whole pseudonymous thing.
- Create an account using your web browser so wire only needs an email address. There are a few ways to create an account and use wire. An app for computers and phones or just a webpage.
To use the webpage to sign up and login (recommended): go to https://app.wire.com/auth/createaccount and enter your name, email, etc
To use the computer or phone app: Go to the Wire personal (not pro) download page
[ figure #1]
- Create an account using your email and a strong password. If you are trying to hide your identity or contact me with a pseudonym, remember to come up with a username that isn’t your real name or something easily linked to your identity. A good password is a phrase or sentence with 9 or more words in it. Make it memorable, as the longer the password the stronger it is. DOUBLE CHECK YOUR EMAIL IS CORRECT. If you ever have problems logging in or forget your password it is used to help. You will need to enter this in to sign into wire on new devices or once you log off.
[ figure #2]
- Search the wire user list for the person you want to add. Search for me on wire and add me. You don’t need to share your contacts with Wire.com if you know the wire.com usernames of the people you want to speak to. In this case, it’s me at “geminiimattx” (please note the x at the end, i have more than one account). Click on the icon of a person in the lower left corner and then type my username into the search field.
[ figure #3][ figure #4]
- OPTIONAL: Add wire.com to your smartphone so you can reach me on the go. Once you have created an account, have a password, and have tried to connect with geminiimattx (please note the X on the end) then you can go to the google play store or apple iphone store and install wire.com on your mobile device.
- Turn on timed messages so they disappear after I read them. Timed messages don’t work the way you probably think they do. A timed message has a dot to the left of it. Timed settings (at the time of this post) are DEVICE SPECIFIC. This means if we are talking on the wire app on my mobile phone and i set my message timer to “self-destruct” in 5 seconds. If I switch to the wire.com browser and continue the conversation there the timer is set to off, i have to change it here to 5 seconds. If I then open the wire desktop app, then continue the conversation from there the timer is set to off, i have to change it here to 5 seconds too. What are timed messages anyway? This feature means soon as I open my app and read the message a timer begins on it. It will disappear after the time you set. If you send me a message set to time out in 5 seconds it will disappear 5 seconds after you send it from your device and 5 seconds after I read it from my device. If you are in a group chat, anyone who changes the timed message timer effects all the messages from that point on. However something that may be unexpected to people is if you are on a 1-on-1 chat, changing timed messages only effects YOUR messages. Not the other person. If I am offline for a week the count for my device starts once I am back online and read the message. If you don’t know how long to set it, I recommend the maximum amount of time, which today is “4 weeks”.
- did you want to be pseudonymous ? if you were one of the people who decided you didn’t want me to know it was you, then you should be pseudonymous . Using an alias works on humans but if you want the wire server to not link your account with your device there is one way to do that. Wire keeps identifiable information about your device linked to your account. so when you are done chatting you should remove this information. Log onto your account from a public computer or device, on the mobile phone click on your face then the settings cog. on browser just click on the settings cog. click on DEVICES and for the devices you are not using you can click on them and REMOVE DEVICE. One device will have to remain that is the device you are currently using.
How to reach me on ProtonMail:
Protonmail is a paid service with some free options. email was never designed to be secure. there is little we can do to fix that, although many smart — minds are trying. When we send an email message to our friend’s inbox, we are basically writing a message on a post card and asking a mail carrier to drop it off. That post person/mail carrier may need to pass our post card on to another mail carrier, who passes it on to another, all of whom can read ( and even get a copy of) the message. After all its just a post card. They carry our messages from the server that our email is on to the server our friend’s email is on. To keep our messages private, it is important to use an email provider that encrypts email messages as they are sent, think of it as putting our postcard into an envelope. Most modern & professional email services use a form of encryption, to make sure messages are safely delivered from post office (our email server) to post office (our friend’s email server). Remember that it is important to remember not all encryption is the same. The type of encryption technologies used in most email deliver go by names like STARTTLS, TLS, and SSL. They are securing the route our messages travel between post offices but don’t secure the content of our messages on the email servers.
What about Google? Services like Google’s Gmail offer encryption for messages as they travel to where they are going. Google does offer email message content encryption using a technology called S/MIME but this is only to Gsuite (a paid gmail service) customers and it is complicated to get up and running. For all their services Google encrypts the data “at rest” (when it is sitting around on the Google servers) and “in transit” (as data flows internally through those servers), blocking exposure to the public internet to ensure safety. When you send from a gmail.com (or google suite) email address to another gmail.com email address the message is effectively going from side of Google’s server to another. This is arguably the most secure way to send a gmail message. If you write someone who it outside of that system all best are off. The only problem with the way Google encrypts your email is this, your inbox itself is not encrypted for “you and you alone”. This means that technically you are not the only one holding the keys to your data when its encrypted. Google the company and their employees hold the keys to all of this and can unlock any of it without your knowledge. This does routinely happen, when requests are made to Google for user data that they choose to answer. A judge can grant access through legal means, a rogue employee, etc can lead to inbox leakage.
How Protonmail is different from Google, Protonmail provides you with the same protonmail.com to protonmail.com email address encryption that google provides for , they also encrypt your inbox using a key that only you have, scrambling the email content to everyone else. Furthermore Protonmail is based in Switzerland a place with strong data protection laws FADP & nDPA, and laws that say you must be alerted about legal requests like subpoenas.
what is… protonmail.com: There is a really good Ted talk by one of their founders Andrew Yen. Along with Wei Sun and Jason Stockman, Andrew founded Protonmail. They were concerned that email was insecure and as scientist knew GPG was a workable option but just couldn’t imagine their friends and family using it. So they came up with a gmail like interface that handled all the complicated parts in the background invisible to the user.
Hence Protonmail an encrypted email startup based in Geneva, Switzerland was born. https://www.youtube.com/watch?v=hbkB_jNG-zE When I was in Geneva I was invited to visit the office, I wasn’t able to but have since been in direct contact with their staff.
when will i get back to you?: I check this account everyday. i usually hit people back within 48 hours depending on whats up.
how…to set up an account on protonmail.com and reach matt.
pseudonymous or let matt know its me? If you want to hide your identity some what be sure not to leave a recovery email when signing up. Using a nickname in your email account sign up is one way to be pseudonymous on protonmail. By design its not easy to create a protonmail email address that is completely metadata free. The best method i have come up with to avoid proofs , is to use a public wifi when signing up while in incognito or private browsing mode. I could write a full post on best ways to achieve this however for most of you trying to reach me its not necessary so i will leave it at that.
- Create an account using your web browser. Go to https://mail.protonmail.com/create/new on your web browser.
[ figure #1]
- When you write me at email@example.com ( thats a CH not a COM) be sure to set the message to expire in 4 weeks by click on the hour glass in the compose window. [ figure #2 ]
How to reach me on Signal Encrypted Messenger:
why…signal: signal is free, open-source, developed and designed by privacy aware digital rights advocates. signal encryption is arguably the best ever created, this is why signal has been integrated by facebook, google, whatsapp, & skype. These “integrations” is how signal paid to operate as a free service. Now it is supported by the Signal Foundation. its one of the most trusted teams and tools around. in short use it. when we use a cell phone to send a text message or make a voice call to a friend, it leaves a lot of metadata in the hands of people & companies. your location, possibly their location, and the content of your message or call are not private and secure. this can be a problem when you are reaching out to a digital safety expert for help. because signal uses your data plan or wifi and not cell towers, it doesn’t even make a lot of the information you would normally share. signal also will encrypt all text message and voice messages that you make with it. As of winter 2020 Signal supports video conferencing and group voice chat with up to 4 people.
when will i get back to you?: I check this account weekly. i usually hit people back within 1 or 2 weeks depending on whats up.
how…to set up an account on signal and reach matt.
pseudonymous or let matt know its me? as discussed in another part of this document your phone number reveals a lot about you. because signal uses your phone number as your “username” it might be a good idea to use a different phone number for signal. technically signal just needs to be able to text or call you ONCE to that number for you to use it forever as your signal number. however for digitally safety reason it should be a number you have control over if you can help it (for example i wouldnt recommend using a pay phone on the street, even though you could). if you are a google user from/in the united states i recommend using google voice to create a number you use to set up signal. if you are not in the usa or dont want to link your signal to a gmail account consider using a virtual number created by an app like burner app (least expensive), cover me app (encrypted), & hushed app (international numbers). If you are technical i recommend using a software number like those provided by twilio it is the smartest option. Also you may want to just buy another phone or sim that isn’t attached to you because you bought it in the part of town marginalized folks have been pushed to.
first take time out to watch this video: my friends micah & harlo star in the really nice video that explains how to use signal. when you use signal turn on disappearing messages, if you dont know what to set it to make it “one week”.
What about Whatsapp, why don’t you list it here?
Since July 2018, WhatsApp offers free encrypted group conference call & video (as of Winter 2020 up to 8 people) for free, yet I still use wire for this. Whatsapp is the number 1 most popular global messenger and most people have it on their phones. However of the “backup” problem, where the app stores an unencrypted copy of your chats in a file that takes up space on Google Drive for Android users, or ICloud for iPhone users. Combine this with the founders leaving after many disagreements with parent company, Facebook, comments from one founder , & security staff is why I steer completely clear of whatsapp. For Android users concerned about some being able to restore unencrypted copies of their old backed up Whatsapp messages, Whatsapp cleared all backups from before November 12, 2018 but you should still check your Google drive apps to make sure it’s cleared out. There was a New York Times article written on January 25th, 2019 about Facebook looking to fold whatsapp into the fold in order to monetize it. ( full disclosure: i used to work for the new york times )
- setting up signal: TBD
How to reach me on keybase:
why…keybase: keybase is a free, open-source secure messaging app that offers cryptocurrency wallets, groups, and is a social platform like twitter. Like a swiss army knife it does a lot and while very secure many people find the interface a little unfriendly. I like it and it has proven useful in the past so I use it often. It has a feature called “exploding” messages that like many of the apps listed cause words that are sent to disappear after a certain amount of time. To connect to me on keybase visit geminiimatt
Listed in order of hour frequently I check them…
whatsapp: +1 (347) 688–6288
signal: +1 (347) 688–6288
linkedin: (not secure but many asked for it) https://www.linkedin.com/in/matthewtechmitchell/
email: geminiimatt protonmail ch ← only if emailing from protonmail.com
fingerprint: 381A B2F0 0378 2939 B00C 467F 0B87 70AA 0704 6231
threema: geminiimattx ( R3WRR4V2 ) ← recently updated
xmpp/otr/jabber: firstname.lastname@example.org ← this may change
riochet refresh: ricochet:sbqt36ilnl6mnfjd
telegram: +1 (347) 688 6288 ← only send me secret chats