L3 Comms Veil

What You’re Building at L3

This protocol sits on top of L0, L1, L2 (Secret Box → Device Shell → Network Cloak).

You are building four lines of communication, all on CLEAN devices:

1. EVERYDAY LINE
   → Keychat on CLEAN PHONE (optional on CLEAN LAPTOP).
   → Text + 1:1 voice/video.
2. OFFLINE / CRISIS LINE
   → Briar (Android) or Bitchat Mesh (iOS / Android).
   → Works when internet is censored or dead (local mesh / Tor).
3. HIGH-RISK LINE (ADVANCED)
   → Cwtch on CLEAN DEVICES.
   → Tor-based, metadata-resistant DMs/groups.
4. VOICE / VIDEO LINE
   → Jitsi Meet on CLEAN DEVICE.

(Optional advanced: SimpleX transitional use, with a hard sunset.)

Prerequisites

You already have:

• L0: my-secrets.kdbx working on CLEAN LAPTOP + CLEAN PHONE.
• L1: One CLEAN LAPTOP and one CLEAN PHONE labeled.
• L2: VPN on CLEAN LAPTOP + CLEAN PHONE, always-on with kill switch.

For L3 you need:

• 📝 Paper + ✍️ Pen
• 💻 CLEAN LAPTOP
• 📱 CLEAN PHONE (GrapheneOS / Android / iOS)
• 📶 VPN ON (L2 rules active)

Name Your L3 Tools on Paper

On paper, write:

L3 COMMS VEIL MAP

**EVERYDAY LINE:** Keychat

**OFFLINE / CRISIS LINE:**
- Android: Briar
- iPhone: Bitchat Mesh

**HIGH-RISK LINE (ADV):** Cwtch (CLEAN LAPTOP)

**VOICE / VIDEO LINE:**
- Jitsi via COMPAT browser (Ungoogled-Chromium) on CLEAN LAPTOP

• L3 COMMS VEIL MAP written.

BASIC – Everyday Line (Keychat)

Keychat = Bitcoin-native secure chat app (ecash / Nostr / modern crypto).

3.1 Install Keychat on CLEAN PHONE

3.1.A Android (GrapheneOS / stock)

On CLEAN PHONE:

1. Open browser.
2. Go to keychat.io (or search “Keychat app Bitcoin” and pick official site).
3. Tap Download App:
   • Download Android APK and install it, or
   • Use Play Store if you already have sandboxed Play on GrapheneOS.
4. Open Keychat.

• Keychat installed on CLEAN PHONE (Android).

3.2 Create Your Keychat Identity

In Keychat (on CLEAN PHONE):

1. Tap Get Started / Create Account / Log In.
2. Choose a display name (pseudonym is fine).
3. Let Keychat generate its keys/recovery info.

On paper, write:

KEYCHAT
Device: CLEAN PHONE
Display name: ______
Recovery phrase / info (if shown): ______

• Keychat identity created.
• Recovery info (if any) written on paper.

3.3 Add One Test Contact and Send a Message

1. Make sure someone you trust has Keychat (any device).
2. Ask for their Keychat ID / profile link / QR.
3. In Keychat → Add Contact → scan or paste.
4. Send message: TEST: hello from CLEAN PHONE.
5. Ask them to reply.

• At least one contact added.
• Test message sent and received.

BASIC – Offline / Crisis Line

You will use:

• Android: Briar – P2P messenger over Bluetooth/Wi-Fi/Tor.
• iPhone (and/or Android): Bitchat Mesh – Bluetooth mesh chat, no account.

These are for:

• Internet censorship.
• Blackouts.
• Local protests / crises.

4.1 Android – Install Briar on CLEAN PHONE

On CLEAN PHONE (Android):

1. With VPN ON, open F-Droid / Play Store / browser.
2. Search “Briar secure messaging”.
3. Install Briar from official sources.
4. Open Briar.

First run:

1. Choose a nickname (pseudonym).
2. Choose a Briar unlock password / code.

On paper:

BRIAR
Device: CLEAN PHONE (Android)
Nickname: ______
Unlock password / code: ______

• Briar installed.
• Nickname + unlock code written down.

4.1.1 Add a Briar Contact (In Person)

You need a friend physically present, with Briar installed.

1. Both open Briar.
2. Both tap Add Contact → Nearby.
3. Follow prompts to scan each other’s QR or use NFC.
4. Wait until it confirms you’re connected.

• At least one Briar contact added.

4.1.2 Test Offline Messaging with Briar

Both phones:

1. Turn Airplane Mode ON.
2. Turn Wi-Fi ON and Bluetooth ON (Airplane Mode allows toggling).
3. Open Briar.
4. You send them: TEST: offline Briar.
5. Confirm they receive it.

• Offline Briar message works in Airplane + Wi-Fi/Bluetooth mode.

This is your OFFLINE / CRISIS LINE (Android).

4.2 iPhone (or Extra Android) – Install Bitchat Mesh

Bitchat Mesh = Bluetooth mesh chat, no SIM, no account.

4.2.A iOS

On CLEAN PHONE (iPhone):

1. Open App Store.
2. Search “Bitchat Mesh”.
3. Install the app.
4. Open it and pick a display name.

On paper:

BITCHAT MESH
Device: CLEAN PHONE (iPhone)
Display name: ______

• Bitchat Mesh installed on iOS.
• Display name written.

4.2.B (Optional) Android Bitchat

On CLEAN PHONE (Android):

1. From Play Store or official site, install Bitchat Mesh if available.
2. Pick a display name.

4.2.1 Test a Bitchat Mesh Conversation

You need someone physically nearby with Bitchat Mesh.

1. Both open Bitchat Mesh.
2. Join the same nearby channel/room, or see each other in the app’s peer list.
3. Send: TEST: mesh.
4. Confirm they receive it.

• Bitchat Mesh message sent and received over Bluetooth mesh.

ADVANCED – High-Risk Line (Cwtch on CLEAN Device)

Cwtch = Tor-based, metadata-resistant messenger for high-risk contexts.

5.1 Install Cwtch on CLEAN LAPTOP

On CLEAN LAPTOP (VPN ON):

1. Search Cwtch secure messenger download.
2. Go to the official site (Open Privacy Research Society).
3. Download the Linux desktop app.
4. Install and run it.

• Cwtch installed on CLEAN LAPTOP.

5.2 Create Cwtch Profile

In Cwtch:

1. Click New Profile.
2. Pick a profile name (pseudonym).
3. Let Cwtch create your identity (onion address/profile).

On paper:

CWTCH PROFILE
Device: CLEAN LAPTOP
Profile name: ______
Backup info / onion address (if shown): ______

• Cwtch profile created and recorded.

5.3 Add One Cwtch Contact

You need a trusted contact also using Cwtch.

1. Ask for their Cwtch contact string / QR.
2. In Cwtch → Add Contact → paste or scan.
3. Send them: TEST: cwtch.
4. Confirm they reply.

• At least one Cwtch contact added.
• Test message exchange successful.

This is your HIGH-RISK LINE.

5.4 Android – Install CWTCH on CLEAN PHONE

On CLEAN PHONE (Android):

1. With VPN ON, open F-Droid / Obtanium / browser.
2. Search “CWTCH”.
3. Install CWTCH from official sources.
4. Open CWTCH.

First run:

1. Choose a Profile name.
2. Choose a CWTCH unlock password / code.

On paper:

CWTCH
Device: CLEAN PHONE (Android)
Profile name: ______
Unlock password / code: ______

• CWTCH installed on CLEAN PHONE.
• Profile name + unlock code written down.

BASIC – Voice / Video Line (Jitsi)

6.1 Join a Jitsi Call (Safe Pattern)

When someone sends you a Jitsi link (e.g. in Keychat/Briar/Cwtch):

On CLEAN LAPTOP:

1. Ensure VPN is ON (L2).
2. Open the COMPAT browser:
   • This is Ungoogled-Chromium set up at L5 as the quarantined “compat-only” browser.
   • Do not use Chrome / Edge / Brave / Safari.
3. Paste or click the Jitsi link (from Keychat/Briar/Cwtch).
4. When Jitsi opens:
   • Allow microphone/camera if you want to speak/appear.
   • Open the Security / Shield icon.
   • Turn E2EE ON (End-to-End Encryption).
   • Enter the room passphrase that was shared with you inside Keychat/Briar/Cwtch, not via email/SMS.

• Jitsi call joined from CLEAN LAPTOP using COMPAT browser.
• E2EE turned ON and passphrase entered.

6.2 (Advanced) Self-Hosted Jitsi

If you or an ally runs your own Jitsi server:

1. Prefer that server domain (e.g. https://meet.yourdomain.org/...) over public meet.jit.si.
2. Still join via Ungoogled-Chromium COMPAT browser with VPN ON.
3. Still enable E2EE + passphrase.

ADVANCED – Optional SimpleX Transitional Use

SimpleX is allowed only as a temporary tool with a built-in sunset, since tokenization is expected.

If you choose to use SimpleX:

1. Install SimpleX Chat on CLEAN PHONE and (optional) CLEAN LAPTOP from official sources.
2. Use it like Keychat for text chats during the “clean” window.

On paper, write:

SIMPLEX SUNSET RULE
“When SimpleX adds tokens or token features, I stop using it for new chats.
I move live conversations to Keychat or Cwtch.
SimpleX becomes read-only history for 3 months, then I uninstall.”

When token features appear:

1. Open each important chat in SimpleX and tell contact:
   → “We are moving to Keychat/Cwtch.”
2. Create a new chat with them in Keychat/Cwtch.
3. Stop sending new messages in SimpleX.
4. After ~3 months, export anything you need manually (if possible) and uninstall SimpleX.

• SIMPLEX SUNSET RULE written (if using SimpleX).
• Migration plan clear.

If you never use SimpleX, ignore this block.

L3 Daily Rules

On paper, write:

L3 DAILY RULES

**EVERYDAY LINE**
- Use **Keychat** on CLEAN PHONE for normal private chat and 1:1 voice calls.

**OFFLINE / CRISIS LINE**
- If internet/cell is censored or down:
- Android: use **Briar** with pre-added contacts (Bluetooth/Wi-Fi mesh + Tor when available).
- iPhone (or extra Android): use **Bitchat Mesh** for local Bluetooth mesh chat.

**HIGH-RISK LINE (ADV)**
- Use **Cwtch** on CLEAN DEVICE for sensitive groups / operations.

**VOICE / VIDEO LINE**
- Calls: **Jitsi** on CLEAN Device, E2EE ON.

• L3 DAILY RULES written and posted near CLEAN LAPTOP.

L3 “Never Do This” List

New heading on paper:

L3 – NEVER DO THIS

Under it:

1. Never add your real phone number or email inside any L3 app on CLEAN devices (Keychat, Briar, Bitchat, Cwtch, SimpleX).
2. Never log into Facebook / Instagram / TikTok / X / KYC exchanges / banks inside:
   • Keychat, Briar, Bitchat, Cwtch, SimpleX.
   • Jitsi meetings.
3. Never install Signal, Telegram, WhatsApp, Session, Messenger, etc. on CLEAN devices.
   Those live only on DIRTY devices.
4. Never share Jitsi room links or meeting passphrases over plain email or SMS; share them only via Keychat/Briar/Cwtch.
5. Never use Briar or Bitchat Mesh for truly criminal / catastrophic topics unless you consciously accept physical environment risk (others near you, devices that can be seized).
6. Browser constraint (aligned with L5):
   • Never install or use Chrome, Edge, Safari, or Brave on CLEAN LAPTOP.
   • For Jitsi group calls on CLEAN Device, use only the Ungoogled-Chromium COMPAT browser from L5.

• L3 NEVER DO list written and visible.

Weekly & Monthly L3 Checklists

Weekly (10–15 minutes)

On CLEAN PHONE:

• Open Keychat – send WEEKLY TEST to a trusted contact and get a reply.
• (Android) Open Briar – unlock and send WEEKLY TEST to a Briar contact.
• (iOS / Android) Open Bitchat Mesh – if a friend is nearby, exchange WEEKLY TEST.

On CLEAN LAPTOP:

• Open Cwtch – verify profile loads and send WEEKLY TEST to a contact.
• Join a short Jitsi test call via Ungoogled-Chromium COMPAT browser, toggle E2EE, verify you can see/hear someone or at least connect.

Monthly (20–30 minutes)

• Review L3 NEVER DO list; confirm you didn’t violate any rule.
• Check for app updates (Keychat, Briar, Bitchat, Cwtch, SimpleX if used).
• Do one full-group Jitsi rehearsal if you rely on group calls:
  • Everyone joins via COMPAT browser, VPN ON, E2EE ON, passphrase shared via Keychat/Briar/Cwtch.
• Verify that CLEAN LAPTOP still has no Chrome/Edge/Safari/Brave installed.
• Confirm Ungoogled-Chromium is still used only for Jitsi and rare compat tasks.

Emergency Branches (L3)

Case 1 – Internet / Cell Completely Down

• Android CLEAN PHONE:
  • Open Briar → talk to pre-added contacts (Bluetooth/Wi-Fi mesh).
• iPhone / extra Android:
  • Open Bitchat Mesh → talk to people within Bluetooth mesh range.

Case 2 – You Installed a Banned Messenger on CLEAN PHONE (e.g., WhatsApp)

That phone is now contaminated:

• Option A: Re-label it DIRTY PHONE permanently; get a new device for CLEAN PHONE.
• Option B: Factory reset, reinstall GrapheneOS/stock, and re-run L1–L3 setup.

Case 3 – Jitsi Link Comes From an Unknown Person

Treat as untrusted:

• Join only from CLEAN LAPTOP if necessary using COMPAT browser, with:
  • Camera OFF.
  • Mic muted.
  • Pseudonymous display name.
• Or refuse to join entirely if stakes are high.
• Never show real face or voice in unknown Jitsi rooms.

Final Micro-Checklist

To confirm L3 Comms Veil is fully in place and aligned with L5:

1. Keychat is on CLEAN PHONE, with at least one contact; you can send messages.
2. (Android) Briar is on CLEAN PHONE, with at least one contact tested offline (Airplane + Wi-Fi/Bluetooth).
3. (iOS / Android) Bitchat Mesh is on a CLEAN PHONE, tested for local Bluetooth mesh chat.
4. Cwtch is on CLEAN DEVICES with at least one contact and a successful test message (HIGH-RISK LINE).
5. You can join a Jitsi call from CLEAN DEVICE using Ungoogled-Chromium COMPAT browser, VPN ON, E2EE ON, passphrase shared in Keychat/Briar/Cwtch.
6. L3 DAILY RULES and L3 NEVER DO lists are written and visible near CLEAN LAPTOP.
7. Weekly tests (Keychat/Briar/Bitchat/Cwtch/Jitsi) and monthly reviews are happening.