Differences
This shows you the differences between two versions of the page.
learn:how-tos [2017/05/31 01:17] – [Tor Browser] 127.0.0.1 | learn:how-tos [2022/05/08 11:42] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
**Brief How-tos** {{ : | **Brief How-tos** {{ : | ||
- | This page briefly explains how to use various tools which enhance your privacy, anonymity and overall security. The guides are written in an easy to understand, step-by-step manner. The difficulty | + | This page briefly explains how to use various tools which enhance your privacy, anonymity and overall security. The guides are written in an easy to understand, step-by-step manner. The difficulty |
+ | |||
+ | FIXME This page has grown and is hard to navigate in. Recommended re-arrangement: | ||
+ | * Move each guide under separate article, not headline | ||
+ | * People attending crypto parties carry different devices with different operating systems. Therefore, do not arrange stuff under Windows, OSX, iOS, Android etc, but instead under topics, and then explain how to do that for each system. This is because general, cross-platform introduction to each technology (e.g. what is E2EE messaging or FDE) is usually required, and having a copy of what is is FDE for each OS creates pointless redundancy. | ||
+ | * Make this a landing page with short explanation of each tech and add link to actual article(s). | ||
+ | |||
+ | |||
+ | ====== Why is mass surveillance a problem? ====== | ||
+ | |||
+ | * [[: | ||
+ | |||
+ | ====== Quotes ====== | ||
+ | |||
+ | "// | ||
+ | |||
+ | "//All the headlines saying [[https:// | ||
+ | |||
+ | ---- | ||
====== Security warning ====== | ====== Security warning ====== | ||
- | Note however, that security is a process, not a tool. You need at least basic understanding to assess the degree of security or [[: | + | Note, however, that security is a process, not a tool. You need at least basic understanding to assess the degree of security or [[: |
- | Usage for security sensitive activity (prohibited and persecuted | + | All security sensitive activity (which is both prohibited, and prosecutable |
====== Guides to Crypto Tools ====== | ====== Guides to Crypto Tools ====== | ||
- | | + | |
+ | | ||
* [[https:// | * [[https:// | ||
- | * [[http://www.tcij.org/resources/handbooks/infosec|Center for Investigative Journalism - Information Security for Journalists]] | + | * [[https://ssd.eff.org/en | Surveillance Self-Defense - Tips, Tools and How-tos for Safer Online Communications]] |
+ | * [[https://files.gendo.ch/ | ||
* [[https:// | * [[https:// | ||
- | * [[https:// | + | |
====== Alternatives to common online services and programs ====== | ====== Alternatives to common online services and programs ====== | ||
+ | * [[https:// | ||
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
- | ====== Why is mass surveillance a problem? ====== | ||
- | |||
- | * [[: | ||
- | |||
- | ====== Quotes ====== | ||
- | |||
- | "// | ||
- | |||
- | "//All the headlines saying [[https:// | ||
- | |||
- | ---- | ||
====== Web Browsing ====== | ====== Web Browsing ====== | ||
To get an idea of what web browsing actually is, read the chapter **[[http:// | To get an idea of what web browsing actually is, read the chapter **[[http:// | ||
+ | |||
* When you visit a website you give away information about yourself to the site owner, unless precautions are taken. | * When you visit a website you give away information about yourself to the site owner, unless precautions are taken. | ||
- | * Your browsing on the Internet may be tracked by the sites you visit and partners of those sites. | ||
- | * Visiting a website on the Internet is never a direct connection. Many computers, owned by many different people are involved. Secure connections ensure that your browsing can not be read in between you and the server. | ||
* What you search for is of great interest to search providers (mostly for targeted advertising). | * What you search for is of great interest to search providers (mostly for targeted advertising). | ||
+ | * Your browsing on the Internet may be tracked by the sites you visit and partners of those sites. | ||
+ | * Visiting a website on the Internet is never a direct connection. Many computers, owned by many different people are involved. | ||
+ | * Encrypted connections (HTTPS a.k.a TLS) ensure that your browsing can not be read in between you and the server. | ||
+ | * TLS is important, but since the server belongs to an untrusted third party, your primary protection when browsing the web and publishing to web is **anonymity**. | ||
- | Then you can see what you just learned by facing a virtual mirror to yourself on | ||
- | * [[http:// | + | See what companies know about you by facing a virtual mirror to yourself on |
* [[http:// | * [[http:// | ||
* [[http:// | * [[http:// | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
- | ===== Browser ===== | ||
- | |||
- | [[https:// | ||
===== Tor Browser ===== | ===== Tor Browser ===== | ||
- | | + | Tor Browser is |
- | * Install & [[https:// | + | |
- | * Use! (instead of your normal browser) | + | * The best option out there |
- | * Before browsing | + | * Based on the [[https://www.mozilla.org/ |
+ | * Designed to protect you against surveillance done by companies | ||
- | | + | **Setup** |
+ | - [[https:// | ||
+ | - [[https:// | ||
+ | - [[https:// | ||
- | | + | **Before browsing** |
- | | + | |
+ | - Watch the [[https:// | ||
- | ===== Browser | + | **Adjust the Tor Browser |
+ | - Before accessing [[: | ||
+ | - set the [[https:// | ||
- | ==== HTTPS Everywhere ==== | + | **WARNING! Do not install any browser add-ons to Tor Browser. The anonymity Tor provides is based on the fact all users look identical. If you install an add-on that makes your browser fingerprint unique, it means you will stand out from the crowd, and you can be tracked.** |
- | * [[https:// | ||
- | ==== Block Advertising and Tracking | + | ==== Firefox Browser |
- | * [[https:// | + | |
- | * For Firefox there also is [[https:// | + | |
- | * [[https:// | + | |
- | * [[https:// | + | |
- | * [[https:// | + | |
- | ==== Scripting ==== | + | For browsing that can't be done anonymously (i.e. browsing that requires you to log in -- think banking, shopping, social media), switch to Mozilla Firefox. It's as good as Chrome, fast and the most extendible browser with most add-ons. It's available for Windows, Mac, and Linux. Firefox supports many useful security privacy enhancing plugins discussed next. |
- | Advanced. Only enable JavaScript, and especially | + | **Ad block plugins** |
+ | *[[https://addons.mozilla.org/en-US/firefox/ | ||
- | | + | **Security plugins** |
+ | | ||
- | ==== Identifiable Browser configurations ==== | + | **Privacy plugins to block tracking** |
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
- | | + | **Advanced plugins** |
- | ==== Request Policy ==== | + | **WARNING!** Only enable JavaScript, and especially plugins like Java, and Flash for sites you __trust__. |
- | + | ||
- | Advanced. | + | |
+ | * [[https:// | ||
* [[https:// | * [[https:// | ||
- | ==== Certificate Patrol ==== | ||
- | Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. The Firefox | + | **Certificate plugins** |
+ | |||
+ | Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. The Firefox | ||
- | //FIXME Please review | + | //FIXME Please review |
+ | * [[https:// | ||
+ | * [[https:// | ||
===== Web search ===== | ===== Web search ===== | ||
- | Another thing you might do often on the web is use Google to search things. There are plenty of alternatives to Google who all state that they keep minimal or no IP logs. Most popular ones are: | + | Another thing you might do often on the web is use Google to search things. There are plenty of alternatives to Google who all state that they keep minimal or no IP logs, but blind trust is never a good option. A much better choice is to always use the Tor Browser to actively hide your IP. Even better, some search engines provide a Tor Onion Service ('' |
+ | |||
+ | * [[https:// | ||
+ | * partly proprietary, | ||
* [[https:// | * [[https:// | ||
* proprietary, | * proprietary, | ||
- | | + | |
- | * partly proprietary, hosted in the USA, and provides you with anonymized Yahoo search | + | |
+ | * open source, selfhostable meta-search | ||
* [[https:// | * [[https:// | ||
* Anonymized results using Google, Bing, Yahoo!, or DuckDuckGo. | * Anonymized results using Google, Bing, Yahoo!, or DuckDuckGo. | ||
- | * [[https:// | + | * [[https:// |
* from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service | * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service | ||
- | | + | **How to change default search engine** |
+ | * [[https://support.mozilla.org/ | ||
+ | * [[https://support.google.com/ | ||
- | * In **Chrome** | ||
- | * In **Firefox** | ||
===== General Tips ===== | ===== General Tips ===== | ||
Line 129: | Line 156: | ||
* Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[: | * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[: | ||
* Use antivirus software and a firewall. Do regular scans & updates | * Use antivirus software and a firewall. Do regular scans & updates | ||
- | * Regularly update all of the software you find on this page | + | * Regularly update all of the software |
+ | * Check if you have an account that has been compromised in a data breach | ||
+ | |||
====== Insecure software ====== | ====== Insecure software ====== | ||
Line 136: | Line 166: | ||
Uninstall Adobe Flash. | Uninstall Adobe Flash. | ||
- | ====== | + | ====== |
The following is for people running their own website. | The following is for people running their own website. | ||
Line 143: | Line 173: | ||
* Make your website available via HTTPS, or even better, redirect unencrypted connection attempts to the encrypted version. First follow these instructions for [[https:// | * Make your website available via HTTPS, or even better, redirect unencrypted connection attempts to the encrypted version. First follow these instructions for [[https:// | ||
- | ===== Closing | + | **Close |
- | + | ||
- | **Check open ports.** | + | |
From the command line, you can see which ports are open on which interface by typing: | From the command line, you can see which ports are open on which interface by typing: | ||
Line 155: | Line 183: | ||
'' | '' | ||
- | '' | + | '' |
Services can be removed, disabled, or configured to only listen locally. | Services can be removed, disabled, or configured to only listen locally. | ||
+ | |||
+ | |||
+ | ==== Secure communication ==== | ||
+ | |||
+ | **Public key encryption** | ||
+ | |||
+ | Uses who desire secure communication, | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | For people who want slightly more detailed look into how Diffie-Hellman and RSA algorithms work, see | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | **General principles** | ||
+ | |||
+ | * Symmetric encryption can protect content such as any length message, call, file, or even video stream. | ||
+ | * Symmetric encryption doesn' | ||
+ | * Key delivery of symmetric key is handled by asymmetric ciphers. | ||
+ | * Diffie-Hellman (derive key by combining private and public value) | ||
+ | * RSA (encrypt key with another key) | ||
+ | * Diffie-Hellman is better than RSA for key | ||
+ | |||
+ | **Encryption must be end-to-end** | ||
+ | |||
+ | * Client-server encryption is useful when browsing web, accessing online bank, bying things online: Effectively End-to-end encryption because other end is the server. | ||
+ | * When the other end becomes a buddy we want to talk to, server becomes an untrusted third party. | ||
+ | * Many bad messaging apps like Telegram by default send everything via client-server encryption, meaning server can read, modify, and copy the message content. | ||
+ | * For messaging with buddies we need end-to-end encryption, where messages are encrypted and decrypted only by you and your buddy. | ||
+ | * This is equally important, whether we're talking about email, instant messaging, calls, or video calls. | ||
+ | |||
+ | **End-to-end encryption requires two equally important parts** | ||
+ | |||
+ | * Private key(s) must never leave the user's device without password protection that only the user knows | ||
+ | * Public keys from contact' | ||
+ | |||
+ | |||
+ | ====== Chat ====== | ||
+ | |||
+ | ===== Signal protocol ===== | ||
+ | |||
+ | Signal-protocol is a modernized version of OTR-protocol that is designed to work in asynchronous environments such as on smartphones. This is because on smartphones apps open and close so frequently, OTR-sessions (that need to be established for each time they' | ||
+ | |||
+ | More information | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | Applications that use Signal protocol or similar (so called [[https:// | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | |||
+ | ===== OTR ===== | ||
+ | |||
+ | **Warning, the OTRv3 is starting to show its age, e.g. wrt. the key size used (1536-bits). The [[https:// | ||
+ | |||
+ | Off-the-Record (OTR) messaging allows you to have private conversations over instant messaging by providing: | ||
+ | |||
+ | * **End-to-end encryption**: | ||
+ | * **Authentication**: | ||
+ | * **Deniability**: | ||
+ | * **Forward secrecy**: If you lose control of your private keys, no previous conversation is compromised (assuming control of log files was not lost at the same time). | ||
+ | |||
+ | A variety of chat clients are available which use OTR: | ||
+ | |||
+ | Clients that support the [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | Clients with built in support for OTR | ||
+ | |||
+ | * ChatSecure ([[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | === How to use === | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | Advanced: | ||
+ | |||
+ | * [[https:// | ||
+ | |||
+ | |||
+ | ===== IRC ===== | ||
+ | |||
+ | ==== IRC over Tor ==== | ||
+ | |||
+ | Note that if you don't use the Tor Browser Bundle (but just tor) replace 9150 with **9050** | ||
+ | |||
+ | For the **XChat** | ||
+ | |||
+ | * Start Tor. | ||
+ | * In Xchat go to Settings→Options→Network Setup and enter the following: | ||
+ | |||
+ | < | ||
+ | Hostname: 127.0.0.1 | ||
+ | Port: 9150 | ||
+ | Type: Socks5 | ||
+ | Use Proxy for: both | ||
+ | </ | ||
+ | |||
+ | * Save and make sure you don't connect with the nickname you use without tor. | ||
+ | |||
+ | For the **irssi** | ||
+ | |||
+ | For the **mIRC** | ||
+ | |||
+ | * Press Alt+O to open the options dialog | ||
+ | * Go to Connect → Proxy section | ||
+ | * Under Connection select Both | ||
+ | * Under Protocol select Socks | ||
+ | * Under Hostname enter " | ||
+ | * Under Port enter 9150 & press OK. | ||
+ | |||
+ | There are also tor-internal IRC servers to which you can only connect once you set up the above. [[http:// | ||
+ | |||
+ | ==== IRC with I2P ==== | ||
+ | |||
+ | * Set up I2P [[: | ||
+ | * Start it, as well as your IRC-Client (ie mIRC or Xchat) | ||
+ | * Connect to a new server: 127.0.0.1 Port 6668 | ||
+ | * Done. There are also more IRC servers than the default one above. For learning how to join them read the bottom of [[http:// | ||
+ | * // | ||
+ | |||
+ | ===== Pidgin over Tor ===== | ||
+ | |||
+ | * Go to the Accounts, select your Account | ||
+ | * Select Edit Account | ||
+ | * Go to the Advanced Tab | ||
+ | * Under Proxy Options select proxy type SOCKS v5 | ||
+ | * Enter 127.0.0.1 for the host and 9150 for the port | ||
+ | * Leave user/pass blank | ||
+ | |||
+ | See also: [[https:// | ||
+ | |||
+ | ===== Securing pidgin on GNU/Linux ===== | ||
+ | |||
+ | * For information on how to secure pidgin on GNU/Linux [[https:// | ||
+ | * For information on how to properly install Apparmor: [[https:// | ||
+ | |||
+ | ===== Other ===== | ||
+ | |||
+ | * [[http:// | ||
+ | * [[https:// | ||
+ | * [[http:// | ||
+ | * [[https:// | ||
+ | |||
====== Email ====== | ====== Email ====== | ||
Line 163: | Line 348: | ||
===== Which provider? ===== | ===== Which provider? ===== | ||
- | With email, you // | + | Email, like all secure communication, has two aspects |
- | One good Email provider | + | For email protection, you want any provider |
+ | * Access the email with email client that offers end-to-end encryption (protection for content). | ||
+ | * Register and access the email account anonymously via Tor (protection for metadata). | ||
+ | * Doesn' | ||
- | For more control over your email, you have to either [[:learn: | + | Thus, if e.g. the service requires you to confirm |
- | * Ask a geek/nerd friend | + | Check [[https:// |
- | * Pay for the service (instead of paying with your data) | + | |
- | * Combine the above (actually the very best option) | + | |
- | * Use email from a non-profit organization (and donate money if you can) | + | |
- | * See [[https://we.riseup.net/riseuphelp+en/radical-servers|radical servers]] for some options. | + | |
- | ===== Crypto! (GPG-Encryption) ===== | + | One good Email provider is [[https:// |
- | As you may know, your email goes through the data traffic like a postcard in snailmail: Everyone can read it! So, like snailmail, it would make sense to put your emails in a closed envelope. One possible envelope is called **GPG**. \\ The Pretty Good Privacy software was originally written by Phil Zimmermann, and is now owned by Symantec. The means of encryption defined by that software are also called | + | ===== PGP end-to-end encryption ===== |
- | ==== Understand ==== | + | As you may know, your email goes through the data traffic like a postcard in snail-mail: Everyone can read it! |
- | For your first time, you should get a basic understanding at least of the concept of asymmetric encryption (often | + | So, like snail-mail, it would make sense to put your emails in a closed envelope. The most common envelope is called **PGP**. The terminology around PGP is quite a jungle, so below is a dissection that explains the relation between these terms: |
- | | + | * PGP is an abbreviation of the Pretty Good Privacy, an encryption program originally written by Phil Zimmermann in 1991. |
- | * [[https://www.youtube.com/watch? | + | * PGP is a commercial product and is now owned by NortonLifeLock. |
- | * [[https:// | + | |
- | * [[https://youtu.be/MpwkB-F5dvg|5 Minuten]]: E-Mail-Verschlüsselung: | + | * '' |
- | * [[https://www.youtube.com/ | + | |
+ | * Another OpenPGP client program is called | ||
+ | |||
+ | |||
+ | ==== Warning! ==== | ||
+ | |||
+ | While email encryption is still mostly secure, the nature of PGP messages has two inherent problems. | ||
+ | |||
+ | | ||
+ | - **Lack of deniability**: In PGP, the authorship of messages is verified with what are called digital signatures. These digital signatures can only be created by the sender, and any message you send can be proven to have been written by you. | ||
+ | |||
+ | These problems have since been solved in modern end-to-end encrypted messaging porotocols like OTR, Signal protocol, OMEMO, etc. that are also easier to use (see below). Therefore, unless you absolutely have to use email, it is advised to **always** use modern messaging applications instead of PGP. | ||
==== Use a Mailclient with GPG support ==== | ==== Use a Mailclient with GPG support ==== | ||
Line 352: | Line 547: | ||
* [[https:// | * [[https:// | ||
- | ====== Chat ====== | ||
- | |||
- | ===== OTR ===== | ||
- | |||
- | Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: | ||
- | |||
- | * **Encryption**: | ||
- | * **Authentication**: | ||
- | * **Deniability**: | ||
- | * **Perfect forward secrecy**: If you lose control of your private keys, no previous conversation is compromised. | ||
- | A variety of chat clients are available which use OTR: | ||
- | |||
- | * [[https:// | ||
- | * ChatSecure ([[https:// | ||
- | * [[https:// | ||
- | |||
- | === How to use === | ||
- | |||
- | * [[https:// | ||
- | |||
- | ===== IRC ===== | ||
- | |||
- | ==== IRC over Tor ==== | ||
- | |||
- | Note that if you don't use the Tor Browser Bundle (but just tor) replace 9150 with **9050** | ||
- | |||
- | For the **XChat** | ||
- | |||
- | * Start Tor. | ||
- | * In Xchat go to Settings→Options→Network Setup and enter the following: | ||
- | |||
- | < | ||
- | Hostname: 127.0.0.1 | ||
- | Port: 9150 | ||
- | Type: Socks5 | ||
- | Use Proxy for: both | ||
- | </ | ||
- | |||
- | * Save and make sure you don't connect with the nickname you use without tor. | ||
- | |||
- | For the **irssi** | ||
- | |||
- | For the **mIRC** | ||
- | |||
- | * Press Alt+O to open the options dialog | ||
- | * Go to Connect → Proxy section | ||
- | * Under Connection select Both | ||
- | * Under Protocol select Socks | ||
- | * Under Hostname enter " | ||
- | * Under Port enter 9150 & press OK. | ||
- | |||
- | There are also tor-internal IRC servers to which you can only connect once you set up the above. [[http:// | ||
- | |||
- | ==== IRC with I2P ==== | ||
- | |||
- | * Set up I2P [[: | ||
- | * Start it, as well as your IRC-Client (ie mIRC or Xchat) | ||
- | * Connect to a new server: 127.0.0.1 Port 6668 | ||
- | * Done. There are also more IRC servers than the default one above. For learning how to join them read the bottom of [[http:// | ||
- | * // | ||
- | |||
- | ===== Pidgin over Tor ===== | ||
- | |||
- | * Go to the Accounts, select your Account | ||
- | * Select Edit Account | ||
- | * Go to the Advanced Tab | ||
- | * Under Proxy Options select proxy type SOCKS v5 | ||
- | * Enter 127.0.0.1 for the host and 9150 for the port | ||
- | * Leave user/pass blank | ||
- | |||
- | See also: [[https:// | ||
- | |||
- | ===== Securing pidgin on GNU/Linux ===== | ||
- | |||
- | * For information on how to secure pidgin on GNU/Linux [[https:// | ||
- | * For information on how to properly install Apparmor: [[https:// | ||
- | |||
- | ===== Other ===== | ||
- | |||
- | * [[http:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[http:// | ||
- | * [[https:// | ||
- | * Using Tor Messenger: [[https:// | ||
====== VoIP ====== | ====== VoIP ====== | ||
Line 453: | Line 563: | ||
A darknet is an internet or private network, where information and content are shared by darknet participants anonymously. More accurately all of them share being //anonymous overlay networks//. | A darknet is an internet or private network, where information and content are shared by darknet participants anonymously. More accurately all of them share being //anonymous overlay networks//. | ||
- | ===== Tor Hidden | + | ===== Tor Onion Services ===== |
- | Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server' | + | Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called |
* Follow the [[: | * Follow the [[: | ||
- | * That's it already. [[http:// | + | * That's it already. [[http:// |
===== I2P ===== | ===== I2P ===== | ||
Line 677: | Line 787: | ||
====== Virtual Machines & Live Disc/USB ====== | ====== Virtual Machines & Live Disc/USB ====== | ||
- | The Amnesic Incognito Live System or **Tails** | + | The Amnesic Incognito Live System or **Tails** |
* Download [[https:// | * Download [[https:// | ||
* Verify the checksums as described here: [[: | * Verify the checksums as described here: [[: | ||
* [[: | * [[: | ||
+ | |||
+ | If you don't want to create these yourself, you can [[https:// | ||
Alternatives to Tails such as Liberté Linux [[https:// | Alternatives to Tails such as Liberté Linux [[https:// | ||
Line 704: | Line 816: | ||
* Make sure the DVD is inserted (or the USB plugged in) then restart your PC | * Make sure the DVD is inserted (or the USB plugged in) then restart your PC | ||
* Tails should boot automatically. Make sure you "press any key" when asked to do so. If it doesn' | * Tails should boot automatically. Make sure you "press any key" when asked to do so. If it doesn' | ||
+ | |||
+ | If you don't want to create these yourself, you can [[https:// | ||
====== Operating system ====== | ====== Operating system ====== | ||
Line 719: | Line 833: | ||
Make sure that.. | Make sure that.. | ||
- | * …you pay for the VPN (don't use one of the free ones!) | + | * …you pay for the VPN (don't use free ones, [[https:// |
* …you do the above anonymously (ie using [[: | * …you do the above anonymously (ie using [[: | ||
- | * …the VPN doesn' | + | * …the VPN [[https:// |
* …the VPN doesn' | * …the VPN doesn' | ||
+ | * …you can also install your own VPN [[https:// | ||
**Windows**: | **Windows**: | ||
Line 730: | Line 845: | ||
* You can then connect to and disconnect from VPNs using the network icon in the system tray - the same one where you manage the Wi-Fi networks you’re connected to. | * You can then connect to and disconnect from VPNs using the network icon in the system tray - the same one where you manage the Wi-Fi networks you’re connected to. | ||
- | FIXME //Please add how to set up a VPN + [[http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/ | + | FIXME //Please add how to set up a VPN + [[https://thebestvpn.com/118-vpns-logging-policy/ |
====== Android ====== | ====== Android ====== | ||
Line 743: | Line 859: | ||
=====Root===== | =====Root===== | ||
Many apps require root-access to your phone. Gaining such isn't //that// hard to do: just google your device name and firmware (both to be found in the settings under "info to device" | Many apps require root-access to your phone. Gaining such isn't //that// hard to do: just google your device name and firmware (both to be found in the settings under "info to device" | ||
- | |||
- | ===== Messengers ===== | ||
- | * Signal | ||
- | * Telegram (choose " | ||
- | * Wire | ||
- | * Conversations | ||
- | See [[: | ||
===== Encryption ===== | ===== Encryption ===== | ||
Line 796: | Line 905: | ||
====== iOS ====== | ====== iOS ====== | ||
iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// | ||
- | |||
- | ===== Messenger ===== | ||
- | |||
- | * Signal | ||
- | * Telegram (choose " | ||
- | * Wire | ||
- | * ChatSecure | ||
===== Calls ===== | ===== Calls ===== | ||
Line 812: | Line 914: | ||
===== Web Browsing ===== | ===== Web Browsing ===== | ||
- | * [[https:// | + | * [[https:// |
- | * [[https:// | + | |
===== Chat ===== | ===== Chat ===== |