This is an old revision of the document!


“In order to make sure the mobile phone frequencies are not being tracked, I would fill up a washbasin with water and put the lid of a rice cooker over my head while I made a phone call. I don’t know if it worked or not, but I was never caught.” – North Korean user

A Note of Caution

Please only add resources and tools to this page or it subpages. As anyone can edit this wiki, some skepticism is warranted —crowd-sourcing has the defects of its virtues! For good, concrete, peer-reviewed advice, we recommend the Electronic Frontier Foundation's tutorials at https://ssd.eff.org/

That said, your privacy is already more configurable than you might think…

Cryptography is Powerful, but not your only line of defense

The theory behind cryptography is solid and proven, but solid crypto will fail if:

  • Implemented incorrectly – if the tool claims to have certain crypto implemented, they may be truthful but the implementation may be unsound. Try to use the tools that have a large user base and large communities, as they are generally safer (but not always).
  • Misused – encrypted a file but didn't secure-delete the plain-text? Initiated an SSL tunnel but didn't verify the remote certificate? Use top notch crypto rumah dijual software but didn't protect the OS or the physical computer? It is so easy to make mistakes, doing it right requires consistency, vigilance, and a modicum of paranoia. Assume that you do not know anything about a tool, learn everything you can about it, then use it. Carefully. Mistakes may render your state-of-the-art crypto useless against a knowledgeable adversary.

Why is cryptography dangerous? Because it can give you a false sense of security.

Come to a crypto-party and talk to experts, learn from each other, and continue to learn over time. Take responsibility for your communication, privacy, and security. Don't let anyone scare you out of experimenting and implementing crypto, but please be aware it takes time and effort to learn that crypto is necessary, but not sufficent; it is not a panacea.

Learn and Use

Video: Encrypt to Live from Cryptoparty Boston (Andrew) via @torproject

Basics first

Risk Analysis

Committee to Protect Journalists Journalists Security Guide - Information Security by Danny O’Brien - hopefully a CryptoParty will clearly explain most of the software and techniques mentioned in this guide.

Your emphasis should be on simplicity. There’s no point in surrounding yourself with computer security that you don’t use, or that fails to address a weaker link elsewhere. Take advantage of what you know well: the people who are most likely to take offense or otherwise target your work, and what they may be seeking to obtain or disrupt. Use that knowledge to determine what you need to protect and how. Ask yourself: What information should I protect? What data is valuable to me or a potential adversary? It might not be what you think of at first. Many journalists feel that what they are doing is largely transparent, and that they have nothing to hide. But think about the dangers to sources if the information they have provided to you was more widely known. What may seem innocuous personal information to you might be incriminatory to others.

Kerckhoffs's principle

Kerckhoffs's principle

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

This principle should apply to all of the tools and resources mentioned on this page.

Public Key Cryptography

Public Key Cryptography has only become practical with the use of computers. It offers a mathematically secure way of sending encrypted messages or files between computers and their users, without necessarily having to set up a separate Secure Channel e.g. a face to face meeting, to agree upon or exchange the secret key to the cryptographic algorithm they are using to protect the privacy of the message or data from snoopers.

Public Key Cryptography also offers a method of detecting attempts at forgery through the use of Digital Signatures.

Learn and Use
  • BBC science presenter Dr Yan Wong explains (without mathematics) the principle of how Alice and Bob can use “digital padlocks” to protect their messages from being read by Ed the eavesdropper - Public Key Encryption video clip (3 minutes)
  • There is an excellent visual explanation of Diffie-Hellman key exchange on YouTube.
  • Slides: Introduction to Public Key Cryptography from CryptoParty Oakland (U.S.) via @micahflee