Differences
This shows you the differences between two versions of the page.
resource [2013/06/21 23:16] – [Kerckhoffs's principle] sva | connect:resources [2022/05/08 11:42] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | “In order to make sure the mobile phone frequencies are not being tracked, I would fill up a washbasin with water and put the lid of a rice cooker over my head while I made a phone call. I don’t know if it worked or not, but I was never caught.” | + | {{ :cp-logo-100x33.png? |
+ | ====== Resources ====== | ||
+ | |||
+ | We are working on multi language [[http:// | ||
+ | |||
+ | Here are some links to the resources made by our community which can be used below: | ||
+ | |||
+ | ^ Link ^ Comment | ||
+ | | [[https:// | ||
+ | | [[https:// | ||
+ | | [[https:// | ||
+ | | [[https:// | ||
+ | | [[https:// | ||
+ | | [[https:// | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | ==== old stuff below ==== | ||
+ | |||
+ | “In order to make sure the mobile phone frequencies are not being tracked, I would fill up a washbasin with water and put the lid of a rice cooker over my head while I made a phone call. I don’t know if it worked or not, but I was never caught.” – [[http:// | ||
====== A Note of Caution ====== | ====== A Note of Caution ====== | ||
- | Please only add resources and tools to this page or it subpages. | + | Please only add resources and tools to this page or it subpages. |
+ | |||
+ | ====== External Resources ====== | ||
+ | |||
+ | For good, concrete, peer-reviewed advice, we recommend | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https://freedom.press/ | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
- | That said, your privacy is already more configurable than you might think... | + | That said, your privacy is already more configurable than you might think… |
=== Cryptography is Powerful, but not your only line of defense === | === Cryptography is Powerful, but not your only line of defense === | ||
The theory behind cryptography is solid and proven, but solid crypto will fail if: | The theory behind cryptography is solid and proven, but solid crypto will fail if: | ||
+ | |||
* Implemented incorrectly – if the tool claims to have certain crypto implemented, | * Implemented incorrectly – if the tool claims to have certain crypto implemented, | ||
* Misused – encrypted a file but didn't secure-delete the plain-text? Initiated an SSL tunnel but didn't verify the remote certificate? | * Misused – encrypted a file but didn't secure-delete the plain-text? Initiated an SSL tunnel but didn't verify the remote certificate? | ||
Line 18: | Line 48: | ||
Come to a crypto-party and talk to experts, learn from each other, and continue to learn over time. Take responsibility for your communication, | Come to a crypto-party and talk to experts, learn from each other, and continue to learn over time. Take responsibility for your communication, | ||
- | == Learn and Use == | + | === Learn and Use === |
Video: [[https:// | Video: [[https:// | ||
Line 26: | Line 56: | ||
===== Risk Analysis ===== | ===== Risk Analysis ===== | ||
- | Committee to Protect Journalists [[http:// | + | Committee to Protect Journalists [[http:// |
- | + | ||
- | //Your emphasis should be on simplicity. There’s no point in surrounding yourself with computer security that you don’t use, or that fails to address a weaker link elsewhere. Take advantage of what you know well: the people who are most likely to take offense or otherwise target your work, and what they may be seeking to obtain or disrupt. Use that knowledge to determine what you need to protect and how. | + | |
- | + | ||
- | Ask yourself: What information should I protect? What data is valuable to me or a potential adversary? It might not be what you think of at first. Many journalists feel that what they are doing is largely transparent, | + | |
+ | //Your emphasis should be on simplicity. There’s no point in surrounding yourself with computer security that you don’t use, or that fails to address a weaker link elsewhere. Take advantage of what you know well: the people who are most likely to take offense or otherwise target your work, and what they may be seeking to obtain or disrupt. Use that knowledge to determine what you need to protect and how. Ask yourself: What information should I protect? What data is valuable to me or a potential adversary? It might not be what you think of at first. Many journalists feel that what they are doing is largely transparent, | ||
===== Kerckhoffs' | ===== Kerckhoffs' | ||
- | A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. ([[https:// | + | A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. ([[https:// |
This principle should apply to all of the tools and resources mentioned on this page. | This principle should apply to all of the tools and resources mentioned on this page. | ||
- | |||
===== Public Key Cryptography ===== | ===== Public Key Cryptography ===== | ||
- | [[https:// | + | [[https:// |
Public Key Cryptography also offers a method of detecting attempts at forgery through the use of [[https:// | Public Key Cryptography also offers a method of detecting attempts at forgery through the use of [[https:// | ||
- | == Learn and Use == | + | === Learn and Use === |
* BBC science presenter Dr Yan Wong explains (without mathematics) the principle of how Alice and Bob can use " | * BBC science presenter Dr Yan Wong explains (without mathematics) the principle of how Alice and Bob can use " | ||
* There is an excellent visual explanation of [[http:// | * There is an excellent visual explanation of [[http:// | ||
* Slides: [[https:// | * Slides: [[https:// | ||
+ | |||
+ | ===== Why there is no 100% anonymity ===== | ||
+ | |||
+ | * **People make mistakes** | ||
+ | * **Behavior can be analyzed** | ||
+ | * **Behavior can be correlated** | ||
+ | * You have to connect somehow. Everything between your body and **your means of anonymity is exposed**. (e.g if you're using tor, // | ||
+ | * Some **offline threat** | ||
+ | |||
+ | \\ | ||
+ |