Differences

This shows you the differences between two versions of the page.

Link to this comparison view

learn:how-tos [2016/12/16 03:13] – [Calls] 127.0.0.1learn:how-tos [2022/05/08 11:42] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +**Brief How-tos** {{  :cp-logo-100x33.png?nolink&}}
  
 +This page briefly explains how to use various tools which enhance your privacy, anonymity and overall security. The guides are written in an easy to understand, step-by-step manner. The difficulty and time required for most of them don't provide any reason to //not// secure your communications and blurring your digital traces.
  
-**Brief How-tos*{{  :cp-logo-100x33.png?nolink&}}+FIXME This page has grown and is hard to navigate in. Recommended re-arrangement: 
 +  Move each guide under separate article, not headline 
 +  People attending crypto parties carry different devices with different operating systems. Therefore, do not arrange stuff under Windows, OSX, iOS, Android etc, but instead under topics, and then explain how to do that for each system. This is because general, cross-platform introduction to each technology (e.g. what is E2EE messaging or FDE) is usually required, and having a copy of what is is FDE for each OS creates pointless redundancy. 
 +  Make this a landing page with short explanation of each tech and add link to actual article(s). 
 + 
 + 
 +====== Why is mass surveillance a problem? ====== 
 + 
 +  * [[:masssurveillance|cryptoparty.in/MassSurveillance]] 
 + 
 +====== Quotes ====== 
 + 
 +"//Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on//." \\ <wrap lo>~[[http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower|Edward Snowden]] (on [[http://www.theguardian.com/world/the-nsa-files|NSA surveillance]])</wrap> 
 + 
 +"//All the headlines saying [[https://twitter.com/search?q=#NSA&f=realtime|#NSA]] breaks encryption are wrong; correct phrase is NSA works with vendors to sabotage security technology//." \\ <wrap lo>~[[https://twitter.com/doctorow/status/376011707643994112|Cory Doctorow]] (on [[http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security|NSA Backdoors & 'cracking' encryption]])</wrap> 
 + 
 +----
  
-This page briefly explains how to use various tools which enhance your privacy, anonymity and overall security. The guides are written in an easy to understand, step-by-step manner. The difficulty & time required for most of them don't provide any reason to //not// secure your communications and blurring your digital traces. 
 ====== Security warning ====== ====== Security warning ======
  
-Note however, that security is a process, not a tool. You need at least basic understanding to assess the degree of security or [[:connect:resources#why_there_is_no_100_anonymity|anonymity]] a tool can give you. That said, treat it like a game. The worst thing which can happen if you use these tools for your everyday business is that you are just as unsecure, unencrypted or in the open as you would be anyway.+Notehowever, that security is a process, not a tool. You need at least basic understanding to assess the degree of security or [[:connect:resources#why_there_is_no_100_anonymity|anonymity]] a tool can give you. That said, treat it like a game. The worst thing which can happenif you use these tools for your everyday businessis that you are just as insecure, unencrypted or in the open as you would be anyway.
  
-Usage for security sensitive activity (prohibited and persecuted by society and/or government) without deeper understanding is however **strongly** discouraged.+All security sensitive activity (which is both prohibitedand prosecutable by the society and/or the government) without deep understanding is **strongly** discouraged.
  
  
 ====== Guides to Crypto Tools ====== ====== Guides to Crypto Tools ======
-  * [[https://www.cryptoparty.in/learn/handbook|The CryptoParty Handbook]]+ 
 +  * [[:learn:handbook|The CryptoParty Handbook]]
   * [[https://securityinabox.org/|Tactical Technology Collective - Security-in-a-Box]]   * [[https://securityinabox.org/|Tactical Technology Collective - Security-in-a-Box]]
-  * [[http://www.tcij.org/resources/handbooks/infosec|Center for Investigative Journalism - Information Security for Journalists]]+  * [[https://ssd.eff.org/en | Surveillance Self-Defense - Tips, Tools and How-tos for Safer Online Communications]] 
 +  * [[https://files.gendo.ch/Books/InfoSec_for_Journalists_V1.1.pdf|Center for Investigative Journalism - Information Security for Journalists]]
   * [[https://flossmanuals.net/an-open-web/|FLOSS Manuals - An Open Web]]   * [[https://flossmanuals.net/an-open-web/|FLOSS Manuals - An Open Web]]
 +
  
 ====== Alternatives to common online services and programs ====== ====== Alternatives to common online services and programs ======
  
 +  * [[https://www.privacytools.io/|https://www.privacytools.io]]
   * [[https://prism-break.org|https://prism-break.org]]   * [[https://prism-break.org|https://prism-break.org]]
   * [[https://alternatives.tacticaltech.org/|https://alternatives.tacticaltech.org/]]   * [[https://alternatives.tacticaltech.org/|https://alternatives.tacticaltech.org/]]
   * [[https://github.com/redecentralize/alternative-internet|https://github.com/redecentralize/alternative-internet]]   * [[https://github.com/redecentralize/alternative-internet|https://github.com/redecentralize/alternative-internet]]
 +  * [[https://switching.software/|https://switching.software/]]
  
-====== Why is mass surveillance a problem ? ====== 
- 
-  * [[:masssurveillance|cryptoparty.in/MassSurveillance]] 
- 
-====== Quotes ====== 
- 
-"//Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on//." \\ <wrap lo>~[[http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower|Edward Snowden]] (on [[http://www.theguardian.com/world/the-nsa-files|NSA surveillance]])</wrap> 
- 
-"//All the headlines saying [[https://twitter.com/search?q=#NSA&f=realtime|#NSA]] breaks encryption are wrong; correct phrase is NSA works with vendors to sabotage security technology//." \\ <wrap lo>~[[https://twitter.com/doctorow/status/376011707643994112|Cory Doctorow]] (on [[http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security|NSA Backdoors & 'cracking' encryption]])</wrap> 
- 
----- 
  
 ====== Web Browsing ====== ====== Web Browsing ======
  
 To get an idea of what web browsing actually is, read the chapter **[[http://cryptoparty.is/handbook/chapter_02_understanding_browsing/chapter_02_understanding_browsing.html|Understanding Browsing]]** of the CryptoParty Handbook. In brief: To get an idea of what web browsing actually is, read the chapter **[[http://cryptoparty.is/handbook/chapter_02_understanding_browsing/chapter_02_understanding_browsing.html|Understanding Browsing]]** of the CryptoParty Handbook. In brief:
 +
  
   * When you visit a website you give away information about yourself to the site owner, unless precautions are taken.   * When you visit a website you give away information about yourself to the site owner, unless precautions are taken.
-  * Your browsing on the Internet may be tracked by the sites you visit and partners of those sites. 
-  * Visiting a website on the Internet is never a direct connection. Many computers, owned by many different people are involved. Secure connections ensure that your browsing can not be read in between you and the server. 
   * What you search for is of great interest to search providers (mostly for targeted advertising).   * What you search for is of great interest to search providers (mostly for targeted advertising).
 +  * Your browsing on the Internet may be tracked by the sites you visit and partners of those sites.
 +  * Visiting a website on the Internet is never a direct connection. Many computers, owned by many different people are involved. 
 +  * Encrypted connections (HTTPS a.k.a TLS) ensure that your browsing can not be read in between you and the server.
 +  * TLS is important, but since the server belongs to an untrusted third party, your primary protection when browsing the web and publishing to web is **anonymity**.
 +
  
-Then you can see what you just learned by facing a virtual mirror to yourself on+See what companies know about you by facing a virtual mirror to yourself on
  
-  * [[http://ip-check.info|http://ip-check.info]] 
   * [[http://ifconfig.me|http://ifconfig.me]]   * [[http://ifconfig.me|http://ifconfig.me]]
   * [[http://smart-ip.net/geoip|http://smart-ip.net/geoip]]   * [[http://smart-ip.net/geoip|http://smart-ip.net/geoip]]
   * [[https://panopticlick.eff.org|https://panopticlick.eff.org]]   * [[https://panopticlick.eff.org|https://panopticlick.eff.org]]
 +  * [[https://webkay.robinlinus.com/]]
 +  * [[https://clickclickclick.click/]]
 +  * [[https://iknowwhatyoudownload.com/en/peer/]]
  
-===== Browser ===== 
  
-[[https://www.mozilla.org/en-US/firefox/|Firefox]] is an open source web browser that respects your privacy. If you're not using it already you should do from now on. It's available for Windows, Mac & Linux.+===== Tor Browser =====
  
-===== Tor Browser Bundle =====+Tor Browser is  
 +    * Anonymous and secure by default. For more information, see [[https://2019.www.torproject.org/about/overview.html.en|this]] and [[https://www.eff.org/pages/tor-and-https|this]] article 
 +    * The best option out there 
 +    * Based on the [[https://www.mozilla.org/en-US/firefox/|Mozilla Firefox]], an open source web browser that respects your privacy 
 +    * Designed to protect you against surveillance done by companies and governments
  
-  Watch this Video: [[https://media.torproject.org/video/2012-10-21-cryptoparty/UsingTorByAndrewAndSteve.mov|"Using Tor"]] from CryptoParty Boston. +**Setup** 
-  [[https://www.torproject.org/download/download-easy.html.en|Download the Tor Browser Bundle]] +   [[https://www.torproject.org/download/|Download the Tor Browser]] 
-  * Install & [[https://www.torproject.org/download/download-easy.html.en#warning|read the warning]] +   - [[https://tb-manual.torproject.org/installation/|Install the Tor Browser]] 
-  * Use! (Instead of your normal browser)+   - [[https://tb-manual.torproject.org/running-tor-browser/|Launch the Tor Browser]]
  
-  * [[https://www.eff.org/pages/tor-and-https|Here is an animated diagram to help explain more]] +**Before browsing** 
-  * When browsing .onion sites make sure to click on the {{https://i.imgur.com/wPP9v0M.png?nolink&30x24}}in the upper left of the browser and choose Forbid Scripts Globally. This prevents JavaScript from leaking potentionally personally identifiable information - disable for individual sites if needed.+   [[https://tb-manual.torproject.org/|Have a look at the manual]] 
 +   - Watch the [[https://media.torproject.org/video/2012-10-21-cryptoparty/UsingTorByAndrewAndSteve.mov|"Using Tor"]] from CryptoParty Boston.
  
-===== Browser Plugins =====+**Adjust the Tor Browser security settings** 
 +   - Before accessing [[:learn:how-tos#Tor Hidden Services|.onion sites (i.e. Onion Services)]], make sure to click on the {{https://i.imgur.com/wPP9v0M.png?nolink&30x24}}in the upper left of the browser and choose "Forbid Scripts Globally". This prevents JavaScript from leaking potentially personally identifiable information - disable for individual sites if needed. 
 +   - set the [[https://tb-manual.torproject.org/security-settings/|security setting level]] to ''Safest'' and lower it **only** if it has major effect on your browsing experience. The Security setting can be found under the Tor logo in navigation bar.
  
-==== HTTPS Everywhere ====+**WARNING! Do not install any browser add-ons to Tor Browser. The anonymity Tor provides is based on the fact all users look identical. If you install an add-on that makes your browser fingerprint unique, it means you will stand out from the crowd, and you can be tracked.**
  
-  * [[https://www.eff.org/https-everywhere|HTTPS Everywhere]] has a big list of websites that support encrypted connections, and whenever you connect to them silently switches to the encrypted variant. That little "s" in the URL is what it is about 
  
-==== Block Advertising and Tracking ==== +==== Firefox Browser ====
-  * [[https://adblockplus.org|Adblock Plus]] blocks banners, pop-ups and video ads. +
-  * For Firefox there also is [[https://addons.mozilla.org/​en-us/​firefox/​addon/​adblock-edge/​|Adblock Edge]] which is a fork of AdBlock Plus without ​the [[https://​adblockplus.org/​en/​acceptable-ads|'​acceptable ads']] feature  +
-  * [[https://​disconnect.me/​|Disconnect.me]] ([[https://​github.com/​disconnectme/​disconnect|free and open source with GPLv3 license]]). +
-  * [[https://github.com/gorhill/uBlock|uBlock Origin]] is an add-on for Firefox and Chrome that blocks a variety of advertisement and tracking companies – which are one and the same in many cases. +
-  * [[https://www.eff.org/privacybadger|Privacy Badger]] does a similar job, but based on heuristics rather than block lists.+
  
-==== Scripting ====+For browsing that can't be done anonymously (i.e. browsing that requires you to log in -- think banking, shopping, social media), switch to Mozilla Firefox. It's as good as Chrome, fast and the most extendible browser with most add-ons. It's available for Windows, Mac, and Linux. Firefox supports many useful security privacy enhancing plugins discussed next.
  
-Advanced. Only enable JavaScript, and especially plugins like Java, and Flash for sites you //trust.//+**Ad block plugins** 
 +    *[[https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/|uBlock Origin]] has become the de-facto ad-block plugin for Firefox.
  
-  * [[https://github.com/gorhill/uMatrix|uMatrix]]+**Security plugins** 
 +    * [[https://www.eff.org/https-everywhere|HTTPS Everywhere]] has a big list of websites that support encrypted connections, and whenever you connect to them silently switches to the encrypted variant. That little "s" in the URL is what it is about.
  
-==== Identifiable Browser configurations ====+**Privacy plugins to block tracking** 
 +  * [[https://​disconnect.me/​|Disconnect.me]] is a free and open source add-on that blocks tracking elements based on block lists. 
 +  * [[https://www.eff.org/privacybadger|Privacy Badger]] does a similar job, but based on heuristics rather than block lists. 
 +  * [[https://addons.mozilla.org/sv-SE/firefox/addon/happy-bonobo-disable-webrtc/|Disable WebRTC]] prevents IP-address from leaking via WebRTC connections (note: may break some sites).
  
-  The only serious attempt to thwart browser fingerprinting is the [[https://torproject.org|Tor Browser]].+**Advanced plugins**
  
-==== Request Policy ==== +**WARNING!** Only enable JavaScript, and especially plugins like Java, and Flash for sites you __trust__.
- +
-Advanced.+
  
 +  * [[https://github.com/gorhill/uMatrix|uMatrix]]
   * [[https://www.requestpolicy.com/|Request Policy]] is an open source Firefox extension to control cross-site requests.   * [[https://www.requestpolicy.com/|Request Policy]] is an open source Firefox extension to control cross-site requests.
  
-==== Certificate Patrol ==== 
  
-Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. The Firefox AddOn [[https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/|Certificate Patrol]] reveals when certificates are updated, so you can ensure it was a legitimate change.+**Certificate plugins**
  
-//FIXME Please review AddOns such as [[https://addons.mozilla.org/en-us/firefox/addon/betterprivacy/|BetterPrivacy]], [[https://addons.mozilla.org/en-us/firefox/addon/beef-taco-targeted-advertising/|BeefTaco]], [[https://addons.mozilla.org/en-us/firefox/addon/smart-referer/?src=dp-dl-othersby|SmartReferer]][[https://addons.mozilla.org/en-us/firefox/addon/anonymox/|anonymoX (proxies!)]]//+Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. The Firefox add-on [[https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/|Certificate Patrol]] reveals when certificates are updatedso you can ensure it was a legitimate change. 
 + 
 +//FIXME Please review add-ons such as// 
 +    * [[https://addons.mozilla.org/en-us/firefox/addon/smart-referer/?src=dp-dl-othersby|SmartReferer]] 
 +    * [[https://addons.mozilla.org/en-us/firefox/addon/anonymox/|anonymoX (proxies!)]]
  
 ===== Web search ===== ===== Web search =====
  
-Another thing you might do often on the web is use Google to search things. There are plenty of alternatives to Google who all state that they keep minimal or no IP logs. Most popular ones are:+Another thing you might do often on the web is use Google to search things. There are plenty of alternatives to Google who all state that they keep minimal or no IP logs, but blind trust is never a good option. A much better choice is to always use the Tor Browser to actively hide your IP. Even better, some search engines provide a Tor Onion Service (''.onion'' site) that makes tracking the users even harder. Most popular ones are: 
 + 
 +  *  [[https://duckduckgo.com/|https://duckduckgo.com/]] (Tor Onion Service https://3g2upl4pq6kufc4m.onion/
 +      * partly proprietary, hosted in the USA, and provides you with anonymized Yahoo search results
  
   *  [[https://startpage.com/|https://startpage.com/]]   *  [[https://startpage.com/|https://startpage.com/]]
       * proprietary, hosted in the USA/Netherlands, and provides you with anonymized Google search results (including images)       * proprietary, hosted in the USA/Netherlands, and provides you with anonymized Google search results (including images)
-  *  [[https://duckduckgo.com/|https://duckduckgo.com/]] + 
-      * partly proprietaryhosted in the USA, and provides you with anonymized Yahoo search results+  *  [[https://searx.me/|https://searx.me/]] 
 +      * open sourceselfhostable meta-search engine, [[https://github.com/asciimoo/searx/wiki/Searx-instances|list of public instances]]
   *  [[https://search.disconnect.me/|https://search.disconnect.me/]]   *  [[https://search.disconnect.me/|https://search.disconnect.me/]]
       * Anonymized results using Google, Bing, Yahoo!, or DuckDuckGo.       * Anonymized results using Google, Bing, Yahoo!, or DuckDuckGo.
-  *  [[https://metager.de/tor/en/|https://metager.de/tor/en/]]+  *  [[https://metager.de/|https://metager.de/]] (Tor Onion Service http://b7cxf4dkdsko6ah2.onion/)
       * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service       * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service
  
-  Though if you'd like to keep using google at least use its encrypted version: [[https://encrypted.google.com|https://encrypted.google.com]].+**How to change default search engine** 
 +    * [[https://support.mozilla.org/sv/kb/change-your-default-search-settings-firefox|Firefox]] 
 +    * [[https://support.google.com/chrome/answer/95426?co=GENIE.Platform%3DDesktop&hl=en|Google Chrome]]
  
-  * In **Chrome**  go to settings→Manage Search Engines and add a search engine (example url: [[https://encrypted.google.com/search?q=%s|https://encrypted.google.com/search?q=%s]]). For startpage go here: [[https://startpage.com/eng/download-startpage-plugin.html|https://startpage.com/eng/download-startpage-plugin.html]] 
-  * In **Firefox**  you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. Go to the page you intend to make your search engine and select the logo to the right of your search bar (top right), and select Add "[searchEngineName]" to change search engines. 
  
 ===== General Tips ===== ===== General Tips =====
Line 128: Line 156:
   * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[:documentation:password|More tips on good passwords]]   * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[:documentation:password|More tips on good passwords]]
   * Use antivirus software and a firewall. Do regular scans & updates   * Use antivirus software and a firewall. Do regular scans & updates
-  * Regularly update all of the software you find on this page+  * Regularly update all of the software to ensure security vulnerabilities are patched. 
 +  * Check if you have an account that has been compromised in a data breach on [[https://haveibeenpwned.com/|HaveIBeenPwned.com]]
  
-====== Own Website ======+ 
 + 
 +====== Insecure software ======  
 +Update your software frequently and uninstall (or at least deactivate) insecure software or software for which vulnerabilities have recently been disclosed and not yet patched. 
 + 
 +Uninstall Adobe Flash. 
 + 
 +====== Personal Website hardening ======
  
 The following is for people running their own website. The following is for people running their own website.
Line 137: Line 173:
   * Make your website available via HTTPS, or even better, redirect unencrypted connection attempts to the encrypted version. First follow these instructions for [[https://github.com/ioerror/duraconf/blob/master/startssl/README.markdown|getting the certificate]] then install it as in the appropiate tutorial [[https://www.globalsign.com/support/installcert.php|here]]. Secure Sockets Layer provides an encrypted connection between the client and the server/certificate holder.   * Make your website available via HTTPS, or even better, redirect unencrypted connection attempts to the encrypted version. First follow these instructions for [[https://github.com/ioerror/duraconf/blob/master/startssl/README.markdown|getting the certificate]] then install it as in the appropiate tutorial [[https://www.globalsign.com/support/installcert.php|here]]. Secure Sockets Layer provides an encrypted connection between the client and the server/certificate holder.
  
-===== Closing Unused Ports (Linux) ===== +**Close Unused Ports (Linux)**
- +
-**Check open ports.**+
  
 From the command line, you can see which ports are open on which interface by typing: From the command line, you can see which ports are open on which interface by typing:
Line 149: Line 183:
 ''*''  means it is listened on all interfaces (reachable from the outside) ''*''  means it is listened on all interfaces (reachable from the outside)
  
-''localhost''  means the ports are only opened locally (not reachable from the outside).+''localhost''  means the ports are only opened locally (only reachable from the user's own computer).
  
 Services can be removed, disabled, or configured to only listen locally. Services can be removed, disabled, or configured to only listen locally.
 +
 +
 +==== Secure communication ====
 +
 +**Public key encryption**
 +
 +Uses who desire secure communication, whether it's email or instant messaging, benefit greatly from understanding the basics of public key encryption (a.k.a. asymmetric encryption). Please watch (one or more) of these videos to get a general understanding of what public key cryptography is about:
 +
 +  * [[https://www.youtube.com/watch?v=AQDCe585Lnc|5 minutes]]: Simply Explained explains the principles of public key encryption
 +  * [[https://www.youtube.com/watch?v=M0K4ddNzmTw|4 minutes]]: CompTIA Security+ certification material on public key cryptography
 +
 +For people who want slightly more detailed look into how Diffie-Hellman and RSA algorithms work, see
 +
 +  * [[https://www.youtube.com/watch?v=YEBfamv-_do|9 minutes]]: Art of the Problem explains Diffie-Hellman key exchange
 +  * [[https://www.youtube.com/watch?v=wXB-V_Keiu8|17 minutes]]: Art of the Problem explains RSA encryption
 +
 +  * [[https://youtu.be/MpwkB-F5dvg|5 Minuten]]: E-Mail-Verschlüsselung: Der digitale Briefumschlag (DE)
 +  * [[https://www.youtube.com/watch?feature=player_embedded&v=V9k0mnIFuOI|5 minutes]]: PGP benutzen Stopmotion-Film (DE)
 +
 +**General principles**
 +
 +    * Symmetric encryption can protect content such as any length message, call, file, or even video stream.
 +    * Symmetric encryption doesn't solve key delivery problem: Sending symmetric key to contact without any protection is useless.
 +    * Key delivery of symmetric key is handled by asymmetric ciphers.
 +        * Diffie-Hellman (derive key by combining private and public value)
 +        * RSA (encrypt key with another key)
 +        * Diffie-Hellman is better than RSA for key 
 +
 +**Encryption must be end-to-end**
 +
 +    * Client-server encryption is useful when browsing web, accessing online bank, bying things online: Effectively End-to-end encryption because other end is the server.
 +    * When the other end becomes a buddy we want to talk to, server becomes an untrusted third party.
 +    * Many bad messaging apps like Telegram by default send everything via client-server encryption, meaning server can read, modify, and copy the message content.
 +    * For messaging with buddies we need end-to-end encryption, where messages are encrypted and decrypted only by you and your buddy.
 +    * This is equally important, whether we're talking about email, instant messaging, calls, or video calls.
 +
 +**End-to-end encryption requires two equally important parts**
 +
 +    * Private key(s) must never leave the user's device without password protection that only the user knows
 +    * Public keys from contact's must be verified to actually originate from contact's device, otherwise end-to-end encryption can be eavesdropped with something called a man-in-the-middle attack. Verification is done in almost all applications by comparing public key fingerprints, also called safety numbers, and security codes.
 +
 +
 +====== Chat ======
 +
 +===== Signal protocol =====
 +
 +Signal-protocol is a modernized version of OTR-protocol that is designed to work in asynchronous environments such as on smartphones. This is because on smartphones apps open and close so frequently, OTR-sessions (that need to be established for each time they're used) become inconvenient.
 +
 +More information
 +  * [[https://www.youtube.com/watch?v=tOMiAeRwpPA#t=12m45s|Next Generation Threats]] by Moxie Marlinspike
 +  * [[https://whispersystems.org/docs/|Technical documentation]]
 +
 +Applications that use Signal protocol or similar (so called [[https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm|double-ratchet algorithm]] based) protocols
 +
 +  * [[https://signal.org/|Signal]] (iOS, Android, Chromium)
 +  * [[https://wire.com|Wire]] (iOS, Android, Linux, Mac OS, Windows)
 +  * [[https://conversations.im/|Conversations]]
 +
 +
 +===== OTR =====
 +
 +**Warning, the OTRv3 is starting to show its age, e.g. wrt. the key size used (1536-bits). The [[https://github.com/otrv4/otrv4|OTRv4]] standardization is still a work-in-progress, thus Signal protocol should be favoured until the next gen OTR is ready to deploy.**
 +
 +Off-the-Record (OTR) messaging allows you to have private conversations over instant messaging by providing:
 +
 +  * **End-to-end encryption**: No one else can read your instant messages.
 +  * **Authentication**: You can verify that end-to-end encryption is not under [[https://en.wikipedia.org/wiki/Man-in-the-middle_attack|man-in-the-middle-attack]].
 +  * **Deniability**: The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
 +  * **Forward secrecy**: If you lose control of your private keys, no previous conversation is compromised (assuming control of log files was not lost at the same time).
 +
 +A variety of chat clients are available which use OTR:
 +
 +Clients that support the [[https://otr.cypherpunks.ca/|OTR-plugin]]
 +  * [[https://gajim.org|Gajim]] (Windows, Linux, MacOS)
 +  * [[https://pidgin.im|Pidgin]] (Windows, Linux, MacOS)
 +  * [[https://adium.im/about/|Adium]] (MacOS only)
 +
 +Clients with built in support for OTR
 +
 +  * ChatSecure ([[https://itunes.apple.com/us/app/chatsecure/id464200063?mt=8|iOS]], Android: [[https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im|Play Store]], [[https://guardianproject.info/releases/chatsecure-latest.apk|APK]])
 +  * [[https://github.com/siacs/Conversations#conversations|Conversations]] (Android)
 +  * [[https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger#Downloads|Tor Messenger]] (Windows, Linux, MacOS)(**In beta!**)
 +
 +=== How to use ===
 +  * [[https://theintercept.com/2015/07/14/communicating-secret-watched/|Chatting in Secret While We’re All Being Watched ]] (fantastic article by Micah Lee)
 +  * [[https://ssd.eff.org/en/module/how-use-otr-mac|How to: Use OTR for Mac]]
 +  * [[https://www.bestvpn.com/blog/30751/tor-project-releases-secure-encrypted-tor-messenger-how-to-use-it/|Tor Messenger how-to]]
 +
 +Advanced:
 +
 +  * [[https://www.calyxinstitute.org/education/how-to-using-jabber.calyxinstitute.org-server-via-its-tor-hidden-service-with-pidgin-and-off-the-record|Routing messages via public Tor Hidden Service XMPP servers]]
 +
 +
 +===== IRC =====
 +
 +==== IRC over Tor ====
 +
 +Note that if you don't use the Tor Browser Bundle (but just tor) replace 9150 with **9050**
 +
 +For the **XChat**  IRC Client (or [[http://hexchat.github.io/downloads.html|Hexchat]]):
 +
 +  * Start Tor.
 +  * In Xchat go to Settings→Options→Network Setup and enter the following:
 +
 +<code>
 +      Hostname: 127.0.0.1
 +      Port: 9150
 +      Type: Socks5
 +      Use Proxy for: both
 +</code>
 +
 +  * Save and make sure you don't connect with the nickname you use without tor.
 +
 +For the **irssi**  IRC Client go here: [[https://www.cryptoparty.in/documentation/irssi_plus_tor|https://www.cryptoparty.in/documentation/irssi_plus_tor]]
 +
 +For the **mIRC**  Client:
 +
 +  * Press Alt+O to open the options dialog
 +  * Go to Connect → Proxy section
 +  * Under Connection select Both
 +  * Under Protocol select Socks
 +  * Under Hostname enter "127.0.0.1"
 +  * Under Port enter 9150 & press OK.
 +
 +There are also tor-internal IRC servers to which you can only connect once you set up the above. [[http://www.reddit.com/r/onions/comments/15kvb3/anyone_have_a_list_of_currently_working_onion_irc/|You can find most of them here]]
 +
 +==== IRC with I2P ====
 +
 +  * Set up I2P [[:learn:how-tos#i2p|as described further below]]
 +  * Start it, as well as your IRC-Client (ie mIRC or Xchat)
 +  * Connect to a new server: 127.0.0.1 Port 6668
 +  * Done. There are also more IRC servers than the default one above. For learning how to join them read the bottom of [[http://pastebin.com/xWzw10wW|this page]] but the above is the most active one.
 +  * //[[http://www.youtube.com/watch?v=cCN25hxjFjE|Full step by step guide for I2P over mIRC on youtube]]//
 +
 +===== Pidgin over Tor =====
 +
 +  * Go to the Accounts, select your Account
 +  * Select Edit Account
 +  * Go to the Advanced Tab
 +  * Under Proxy Options select proxy type SOCKS v5
 +  * Enter 127.0.0.1 for the host and 9150 for the port
 +  * Leave user/pass blank
 +
 +See also: [[https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration|https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration]]
 +
 +===== Securing pidgin on GNU/Linux =====
 +
 +  * For information on how to secure pidgin on GNU/Linux [[https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux|https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux]]
 +  * For information on how to properly install Apparmor: [[https://wiki.debian.org/AppArmor/HowTo|https://wiki.debian.org/AppArmor/HowTo]]
 +
 +===== Other =====
 +
 +  * [[http://retroshare.sourceforge.net/|Retroshare]] lets you //securely//  chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. It provides filesharing, chat, messages, forums and channels.
 +  * [[https://github.com/agl/pond|pond]] is a heavily encrypted replacement for email
 +  * [[http://echelon.i2p.to/qti2pmessenger/|I2P Messenger]] is an end-to-end encrypted serverless communication application over [[:learn:how-tos#i2p|I2P]]. It supports file transfer and has a search for other users.
 +  * [[https://bitmessage.org/wiki/Main_Page|BitMessage]] is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. [[https://wastun.tem.li/howto_bitmessage|Tutorial for setting up and using Bitmessage – an encrypted communications platform based on Bitcoin]]
 +
  
 ====== Email ====== ====== Email ======
Line 157: Line 348:
 ===== Which provider? ===== ===== Which provider? =====
  
-With emailyou //always//  have to trust the operator. Sono matter what, try to use real end-to-end encryption like OpenPGP. \\ Check [[https://prism-break.org/en/subcategories/web-services-email-accounts/|https://prism-break.org/en/subcategories/web-services-email-accounts/]] or [[http://prxbx.com/email/|http://prxbx.com/email/]] for recommendations+Emaillike all secure communicationhas two aspects to protect**content**, and **metadata**Practically no email provider provides you with either of them on its own.
  
-For more control over your email, you have to either [[:learn:run_your_own_mail_server|run your own mail server]] or have a good //personal//  trust relationship with the provider. \\ There are some ways to get a new email account with a bit more privacy:+For email protection, you want any provider that allows you to enforce your own privacy by doing the following 
 +    * Access the email with email client that offers end-to-end encryption (protection for content). 
 +    * Register and access the email account anonymously via Tor (protection for metadata). 
 +    * Doesn't require personal information during use or registration.
  
-  * Ask a geek/nerd friend +Thus, if e.g. the service requires you to confirm your phone number, it is not anonymous, and it does not protect your privacy even if you could otherwise use Tor to register and access itthey already know who you areSame goes for payment details, so make sure to evaluate whether paid features are worth itSometimes being anonymous and tracked is more private than paying for the service and not being tracked although the service provider knows who you are.
-  * Pay for the service (instead of paying with your data) +
-  * Combine the above (actually the very best option) +
-  * Use email from a non-profit organization (and donate money if you can) +
-      * See [[https://we.riseup.net/riseuphelp+en/radical-servers|radical servers]] for some options.+
  
-===== Crypto! (GPG-Encryption) =====+Check [[https://prism-break.org/en/subcategories/web-services-email-accounts/|https://prism-break.org/en/subcategories/web-services-email-accounts/]] or [[http://prxbx.com/email/|http://prxbx.com/email/]] for recommendations.
  
-As you may know, your email goes through the data traffic like a postcard in snailmail: Everyone can read it! So, like snailmail, it would make sense to put your emails in a closed envelope. One possible envelope is called **GPG**\\ The Pretty Good Privacy software was originally written by Phil Zimmermann, and is now owned by Symantec. The means of encryption defined by that software are also called PGP these standarts are now freely available as OpenPGP which derived from the original PGP\\ The GPG software is an independent implementation of the OpenPGP standardsso you can use it to exchange encrypted messages with people using other OpenPGP implementations (and Symantec'PGP).+One good Email provider is [[https://protonmail.com/|ProtonMail]]. Another good alternative is to use an e-mail provided by a non-profit such as [[https://riseup.net/|Riseup]] (Make sure to [[https://riseup.net/en/donate|donate]]even if it'just a little).
  
-==== Understand ====+===== PGP end-to-end encryption =====
  
-For your first time, you should get basic understanding at least of the concept of asymmetric encryption (often called **public key encryption**). Please watch one of those videos before you begin using it:+As you may know, your email goes through the data traffic like postcard in snail-mail: Everyone can read it
  
-  * [[http://www.bbc.co.uk/blogs/webwise/2012/04/secrets-of-online-security.shtml|3 minutes]]: BBC science presenter Dr Yan Wong explains (without mathematics) the principle of how Alice and Bob can use "digital padlocks" to protect their messages from being read by Ed the eavesdropper +So, like snail-mail, it would make sense to put your emails in a closed envelope. The most common envelope is called **PGP**. The terminology around PGP is quite a jungle, so below is a dissection that explains the relation between these terms: 
-  * [[https://www.youtube.com/watch?v=CR8ZFRVmQLg|2 minutes]]: explaining symmetcric and asymmetric + 
-  * [[https://www.youtube.com/watch?v=M0K4ddNzmTw|4 minutes]]: maybe watch the whole series! +    * PGP is an abbreviation of the Pretty Good Privacy, an encryption program originally written by Phil Zimmermann in 1991.  
-  * [[https://youtu.be/MpwkB-F5dvg|5 Minuten]]: E-Mail-Verschlüsselung: Der digitale Briefumschlag (DE) +    * PGP is a commercial product and is now owned by NortonLifeLock. 
-  * [[https://www.youtube.com/watch?feature=player_embedded&v=V9k0mnIFuOI|5 minutes]]: PGP benutzen Stopmotion-Film (DE)+    * [[https://www.openpgp.org/|OpenPGP]] is the open standard that defines the appearance of the envelope all OpenPGP applications use. 
 +    * ''gpg'' or Gnu Privacy Guard is a common OpenPGP client program for Linux operating systems. 
 +    * [[https://gpg4win.org/|Gpg4win]] is like ''gpg'' but for the Windows operating system 
 +    Another OpenPGP client program is called [[https://www.enigmail.net/index.php/en/|Enigmail]], a plugin for the [[https://www.thunderbird.net/en-US/|Thunderbird]] and Postbox email clients. 
 + 
 + 
 +==== Warning! ==== 
 + 
 +While email encryption is still mostly secure, the nature of PGP messages has two inherent problems. 
 + 
 +  - **Lack of forward secrecy**: PGP uses long term decryption keys that never changeIf at any point in future your device is stolen, accessed or hacked, all past messages recorded by powerful attackers can be decrypted, even if you have deleted messages from your own devices. 
 +  - **Lack of deniability**In PGP, the authorship of messages is verified with what are called digital signatures. These digital signatures can only be created by the sender, and any message you send can be proven to have been written by you. 
 + 
 +These problems have since been solved in modern end-to-end encrypted messaging porotocols like OTR, Signal protocol, OMEMO, etc. that are also easier to use (see below). Therefore, unless you absolutely have to use email, it is advised to **always** use modern messaging applications instead of PGP.
  
 ==== Use a Mailclient with GPG support ==== ==== Use a Mailclient with GPG support ====
Line 187: Line 390:
 === 1. Install a mailclient === === 1. Install a mailclient ===
  
-We recommend [[https://www.mozilla.org/en-US/thunderbird/|Thunderbird]], but there are plenty of good ones out there! (see [[https://prism-break.org/en/subcategories/windows-email-clients/|https://prism-break.org/en/subcategories/windows-email-clients/]] [[:https:prism-break.org:en:subcategories:gnu-linux-email-clients:index|or for Linux]]] for a list).+We recommend [[https://www.mozilla.org/en-US/thunderbird/|Thunderbird]], but there are plenty of good ones out there! (see [[https://prism-break.org/en/subcategories/windows-email-clients/|https://prism-break.org/en/subcategories/windows-email-clients/]] [[https://prism-break.org:en:subcategories:gnu-linux-email-clients:index|or for Linux]]] for a list).
  
 === 2. Install GnuPG === === 2. Install GnuPG ===
Line 330: Line 533:
   * If you don't have Thunderbird, get it for free here: [[http://www.getnow.com/windows/communications/e-mail-clients/mozilla-thunderbird/?refid=659&gclid=CNHhn7r4o7wCFUNd3god0hsAsA|Thunderbird e-mail client]]   * If you don't have Thunderbird, get it for free here: [[http://www.getnow.com/windows/communications/e-mail-clients/mozilla-thunderbird/?refid=659&gclid=CNHhn7r4o7wCFUNd3god0hsAsA|Thunderbird e-mail client]]
   * Then you need to install Tor, so follow this [[:learn:how-tos#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]   * Then you need to install Tor, so follow this [[:learn:how-tos#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]
-  * Next, [[https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/|download Tor Birdy]] or choose the [[:​https:addons.mozilla.org:thunderbird:downloads:file:199062:index|direct link to the latest version]] and save it somewhere on your computer+  * Next, [[https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/|download Tor Birdy]] or choose the [[https://addons.mozilla.org:thunderbird:downloads:file:199062:index|direct link to the latest version]] and save it somewhere on your computer
   * in Thunderbirds, go to Extras or Tools –> Add-ons –> install add-on from file (//in German: das Zahnrad wählen und dann Add on aus Datei installieren//)   * in Thunderbirds, go to Extras or Tools –> Add-ons –> install add-on from file (//in German: das Zahnrad wählen und dann Add on aus Datei installieren//)
   * then you need to adjust your Proxy to 9150 which you can do at Tools (//Extras//) –> Settings (//Einstellungen//) –> Network (//Netzwerk & Speicherplatz//) –> Settings (//Einstellungen//) –> Manual Proxy Configuration (//Manuelle Proxy-Konfiguration//). Type "9150" in the field "Port" at SOCKS-Host   * then you need to adjust your Proxy to 9150 which you can do at Tools (//Extras//) –> Settings (//Einstellungen//) –> Network (//Netzwerk & Speicherplatz//) –> Settings (//Einstellungen//) –> Manual Proxy Configuration (//Manuelle Proxy-Konfiguration//). Type "9150" in the field "Port" at SOCKS-Host
Line 344: Line 547:
   * [[https://www.youtube.com/watch?v=m56dsDc2808|How to use GPG Encryption (with GPA)]]   * [[https://www.youtube.com/watch?v=m56dsDc2808|How to use GPG Encryption (with GPA)]]
  
-====== Chat ====== 
- 
-===== OTR ===== 
- 
-Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: 
- 
-  * **Encryption**: No one else can read your instant messages. 
-  * **Authentication**: You are assured the correspondent is who you think it is. 
-  * **Deniability**: The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. 
-  * **Perfect forward secrecy**: If you lose control of your private keys, no previous conversation is compromised. 
-A variety of chat clients are available which use OTR: 
- 
-  * [[https://gajim.org|Gajim]] (Windows, Linux, MacOS) 
-  * ChatSecure ([[https://itunes.apple.com/us/app/chatsecure/id464200063?mt=8|iOS]], [[https://guardianproject.info/releases/chatsecure-latest.apk|iOS]]) 
-  * [[https://github.com/siacs/Conversations#conversations|Conversations]] (Android) 
- 
-=== How to use === 
- 
-  * [[https://ssd.eff.org/en/module/how-use-otr-mac|How to: Use OTR for Mac]] 
- 
-===== IRC ===== 
- 
-==== IRC over Tor ==== 
- 
-Note that if you don't use the Tor Browser Bundle (but just tor) replace 9150 with **9050** 
- 
-For the **XChat**  IRC Client (or [[http://hexchat.github.io/downloads.html|Hexchat]]): 
- 
-  * Start Tor. 
-  * In Xchat go to Settings→Options→Network Setup and enter the following: 
- 
-<code> 
-      Hostname: 127.0.0.1 
-      Port: 9150 
-      Type: Socks5 
-      Use Proxy for: both 
-</code> 
- 
-  * Save and make sure you don't connect with the nickname you use without tor. 
- 
-For the **irssi**  IRC Client go here: [[https://www.cryptoparty.in/documentation/irssi_plus_tor|https://www.cryptoparty.in/documentation/irssi_plus_tor]] 
- 
-For the **mIRC**  Client: 
- 
-  * Press Alt+O to open the options dialog 
-  * Go to Connect → Proxy section 
-  * Under Connection select Both 
-  * Under Protocol select Socks 
-  * Under Hostname enter "127.0.0.1" 
-  * Under Port enter 9150 & press OK. 
- 
-There are also tor-internal IRC servers to which you can only connect once you set up the above. [[http://www.reddit.com/r/onions/comments/15kvb3/anyone_have_a_list_of_currently_working_onion_irc/|You can find most of them here]] 
- 
-==== IRC with I2P ==== 
- 
-  * Set up I2P [[:learn:how-tos#i2p|as described further below]] 
-  * Start it, as well as your IRC-Client (ie mIRC or Xchat) 
-  * Connect to a new server: 127.0.0.1 Port 6668 
-  * Done. There are also more IRC servers than the default one above. For learning how to join them read the bottom of [[http://pastebin.com/xWzw10wW|this page]] but the above is the most active one. 
-  * //[[http://www.youtube.com/watch?v=cCN25hxjFjE|Full step by step guide for I2P over mIRC on youtube]]// 
- 
-===== Pidgin over Tor ===== 
- 
-  * Go to the Accounts, select your Account 
-  * Select Edit Account 
-  * Go to the Advanced Tab 
-  * Under Proxy Options select proxy type SOCKS v5 
-  * Enter 127.0.0.1 for the host and 9150 for the port 
-  * Leave user/pass blank 
- 
-See also: [[https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration|https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration]] 
- 
-===== Securing pidgin on GNU/Linux ===== 
- 
-  * For information on how to secure pidgin on GNU/Linux [[https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux|https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux]] 
-  * For information on how to properly install Apparmor: [[https://wiki.debian.org/AppArmor/HowTo|https://wiki.debian.org/AppArmor/HowTo]] 
- 
-===== Other ===== 
- 
-  * [[http://retroshare.sourceforge.net/|Retroshare]] lets you //securely//  chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. It provides filesharing, chat, messages, forums and channels. 
-  * [[https://github.com/agl/pond|pond]] is a heavily encrypted replacement for email 
-  * [[https://​github.com/​prof7bit/TorChat/​downloads|TorChat]] is a peer to peer instant messenger with a completely decentralized design, built on top of [[:learn:how-tos#​tor_hidden_services|Tor' s hidden services]], giving you extremely strong // anonymity//  while being very easy to use without the need to install or configure anything. 
-  * [[http://echelon.i2p.to/qti2pmessenger/|I2P Messenger]] is an end-to-end encrypted serverless communication application over [[:learn:how-tos#i2p|I2P]]. It supports file transfer and has a search for other users. 
-  * [[https://bitmessage.org/wiki/Main_Page|BitMessage]] is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. [[http://cryptojunky.com/blog/2013/03/09/setting-up-and-using-bitmessage-an-encrypted-communications-platform-based-on-bitcoin/|Tutorial for setting up and using Bitmessage – an encrypted communications platform based on Bitcoin]] 
-  * Using Tor Messenger: [[https://www.bestvpn.com/blog/30751/tor-project-releases-secure-encrypted-tor-messenger-how-to-use-it/]] 
  
 ====== VoIP ====== ====== VoIP ======
Line 445: Line 563:
 A darknet is an internet or private network, where information and content are shared by darknet participants anonymously. More accurately all of them share being //anonymous overlay networks//. A darknet is an internet or private network, where information and content are shared by darknet participants anonymously. More accurately all of them share being //anonymous overlay networks//.
  
-===== Tor Hidden Services =====+===== Tor Onion Services =====
  
-Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server's IP address (and thus its network location), an hidden service is accessed through its .onion address. The Tor network understands these addresses and can route data to and from hidden services, while preserving the anonymity of both parties.+Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called Onion Services (hidden services by their former name). Rather than revealing a server's IP address (and thus its network location), an Onion Service is accessed through its .onion address. The Tor network understands these addresses and can route data to and from Onion Services, while preserving the anonymity of both parties.
  
   * Follow the [[:learn:how-tos#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]   * Follow the [[:learn:how-tos#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]
-  * That's it already. [[http://pastebin.com/zRLGDRCM|You can find some hidden services (.onion sites) here]] that you can now open up with the TorBrowser+  * That's it already. [[http://pastebin.com/zRLGDRCM|You can find some Onion Services (.onion sites) here]] that you can now open up with the Tor Browser.
  
 ===== I2P ===== ===== I2P =====
Line 610: Line 728:
   * [[https://www.youtube.com/watch?v=Um63OQz3bjo|Short animated introduction to Bitcoin]]   * [[https://www.youtube.com/watch?v=Um63OQz3bjo|Short animated introduction to Bitcoin]]
   * [[https://en.bitcoin.it/wiki/Using_Bitcoin|Tutorial for Using Bitcoin]]   * [[https://en.bitcoin.it/wiki/Using_Bitcoin|Tutorial for Using Bitcoin]]
-  * To anonymize your bitcoins further you can use the [[http://fogcore5n3ov3tui.onion|BitcoinFog]] laundering service over [[#tor_hidden_services|tor]]+  * To anonymize your bitcoins further you can use the [[http://fogcore5n3ov3tui.onion|BitcoinFog]] Or Helix laundering service over [[#tor_hidden_services|Tor]]
  
 ====== File Deletion ====== ====== File Deletion ======
Line 669: Line 787:
 ====== Virtual Machines & Live Disc/USB ====== ====== Virtual Machines & Live Disc/USB ======
  
-The Amnesic Incognito Live System or **Tails**  is a Debian-based Linux distribution aimed at preserving privacy and anonymity. All its outgoing connections are forced to go through Tor, and direct (non-anonymous) connections are blocked. The OS is designed to be booted as a live CD or USB, and leaves no trace on the machine unless explicitly told to do so.+The Amnesic Incognito Live System or **Tails**  is a Debian-based Linux distribution aimed at preserving privacy and anonymity. All its outgoing connections are forced to go through Tor, and direct (non-anonymous) connections are blocked. The OS is designed to be booted as a live CD or USB, and leaves no trace on the machine unless explicitly told to do so. 
  
   * Download [[https://tails.boum.org/download/index.en.html|Tails]]   * Download [[https://tails.boum.org/download/index.en.html|Tails]]
   * Verify the checksums as described here: [[:learn:how-tos#integrity_checks|Integrity Checks]]   * Verify the checksums as described here: [[:learn:how-tos#integrity_checks|Integrity Checks]]
   * [[:learn:tails|Configuration notes from a CryptoParty]]   * [[:learn:tails|Configuration notes from a CryptoParty]]
 +
 +If you don't want to create these yourself, you can [[https://www.osdisc.com/index.html|purchase]] them.
  
 Alternatives to Tails such as Liberté Linux [[https://prism-break.org/en/subcategories/windows-operating-systems-live/|can be found here]]. The following tutorials also pretty much apply to them as well. Alternatives to Tails such as Liberté Linux [[https://prism-break.org/en/subcategories/windows-operating-systems-live/|can be found here]]. The following tutorials also pretty much apply to them as well.
Line 696: Line 816:
   * Make sure the DVD is inserted (or the USB plugged in) then restart your PC   * Make sure the DVD is inserted (or the USB plugged in) then restart your PC
   * Tails should boot automatically. Make sure you "press any key" when asked to do so. If it doesn't work you have to [[http://www.wikihow.com/Boot-a-Computer-from-a-CD|change the boot order in BIOS]]   * Tails should boot automatically. Make sure you "press any key" when asked to do so. If it doesn't work you have to [[http://www.wikihow.com/Boot-a-Computer-from-a-CD|change the boot order in BIOS]]
 +
 +If you don't want to create these yourself, you can [[https://www.osdisc.com/index.html|purchase]] them.
  
 ====== Operating system ====== ====== Operating system ======
Line 703: Line 825:
 FIXME //Please add tutorial/s for a new OS or 2nd OS// FIXME //Please add tutorial/s for a new OS or 2nd OS//
  
-If you (keep) using Windows [[http://xp-antispy.org/en/about/|xp-AntiSpy]] lets you disable some built-in update and authentication ‘features’ in Windows 2000/XP/Vista/7 that are calling home.+If you (keep) using Windows [[http://xp-antispy.org/en/about/|xp-AntiSpy]] lets you disable some built-in update and authentication ‘features’ in Windows 7 that are calling home. [[http://www.ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools/|For Windows 10]].
  
 ====== VPN ====== ====== VPN ======
Line 711: Line 833:
 Make sure that.. Make sure that..
  
-  * …you pay for the VPN (don't use one of the free ones!)+  * …you pay for the VPN (don't use free ones, [[https://www.turnonvpn.org/blog/never-use-free-vpns/|here]]'s why)
   * …you do the above anonymously (ie using [[:learn:how-tos#currency|Bitcoins]])   * …you do the above anonymously (ie using [[:learn:how-tos#currency|Bitcoins]])
-  * …the VPN doesn't keep logs (!)+  * …the VPN [[https://www.expressvpn.com/what-is-vpn/policy-towards-logs|doesn't keep logs]](!)
   * …the VPN doesn't use [[https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol|PPTP]]   * …the VPN doesn't use [[https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol|PPTP]]
 +  * …you can also install your own VPN [[https://anonymster.com/setup-openvpn-server-digitalocean|Setup OpenVPN Server]]
  
 **Windows**: **Windows**:
Line 722: Line 845:
   * You can then connect to and disconnect from VPNs using the network icon in the system tray - the same one where you manage the Wi-Fi networks you’re connected to.   * You can then connect to and disconnect from VPNs using the network icon in the system tray - the same one where you manage the Wi-Fi networks you’re connected to.
  
-FIXME //Please add how to set up a VPN + [[http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/|recommendations]] + improve description above//+FIXME //Please add how to set up a VPN + [[https://thebestvpn.com/118-vpns-logging-policy/|recommendations ]]+ improve description above// 
  
 ====== Android ====== ====== Android ======
-For many of the below Apps you need to have root-access to your phoneGaining such isn't hard to dojust google your device name and firmware (both to be found in the settings under "info to device"​) + "root tutorial"​ as it's different for each device and firmware-version. ). Root is required for many apps to work. Such as firewalls that allow you to restrict which of your apps are allowed to establish a connection to the internet.+=====General===== 
 +   * Make sure your device firmware and apps remain updated. 
 +   * [[https://play.google.com/store/apps/details?id=com.oasisfeng.greenify&hl=en|Greenify]] keeps some apps from running in the background 
 +   * Check all the settings and disable things like location tracking etc. 
 + 
 +=====Antivirus===== 
 +You should definitely have an anti-virus software running on your device.
  
-===== Messengers ===== +=====Root===== 
-Signal, Wire, Conversations +Many apps require root-access to your phone. Gaining such isn't //that// hard to do: just google your device name and firmware (both to be found in the settings under "info to device"​) + "root tutorial"​ as it's different for each device and firmware-version. However there are also [[http://www.makeuseof.com/tag/security-reasons-never-root-android/|multiple reasons]] of security to //not// root your device.
- * See [[:​how-tos#​otr|otr]]+
  
 ===== Encryption ===== ===== Encryption =====
  
-[[http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/|How to encrypt your android phone]]+    * [[http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/|How to encrypt your android phone]] (to easily and quickly unlock it set fingerprints) 
 +   * Make sure to also encrypt your SD card
  
 ===== Permissions ===== ===== Permissions =====
Line 746: Line 876:
 ===== GPG ===== ===== GPG =====
  
-  * [[https://play.google.com/store/apps/details?id=info.guardianproject.gpg|Gnu Privacy Guard]] gives you command line access to the entire GnuPG suite of encryption software which is a tool for end-to-end secure communication and encrypted data storage (also issued [[:learn:how-tos#crypto|earlier]]). +  * [[https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain|Open Keychain]] gives you access to PGP keys allowing end-to-end secure communication and encrypted data storage (also mentionied [[:learn:how-tos#crypto|earlier]]).  Additionally, this software supports the YubiKey hardware token for storing your private keys.  
-  * FIXME // [[http://booki.cc/cryptoparty-handbook/installing-gpg-on-android/|http://booki.cc/cryptoparty-handbook/installing-gpg-on-android/]] and should it rather be [[https://play.google.com/store/apps/details?id=org.thialfihar.android.apg|APG]] instead [[https://securityinabox.org/en/k9_apg_main|?]] What about [[https://play.google.com/store/apps/details?id=com.fsck.k9|K-9 Mail]]//+  * You can use [[https://play.google.com/store/apps/details?id=com.fsck.k9|K-9 Mail]] together with Open Keychain for encrypting/decrypting, signing/verifying emails.
  
 ===== Firewall ===== ===== Firewall =====
- +A firewall is an absolute //must//. 
-  * [[https://play.google.com/store/apps/details?id=com.googlecode.droidwall.free|Droidwall]] allows you allows you to block applications from accessing the Internet. It requires root access. Google the name of your phone + "root" to find out how to root it (it's not that hard).+  * [[https://play.google.com/store/apps/details?id=app.greyshirts.firewall&hl=en|NoRoot Firewall]] 
 +  * [[https://adguard.com/en/adguard-android/overview.html|Adguard for Android]], Firewall AND Adblocker for non-rooted phones (not free) 
 +  * [[https://play.google.com/store/apps/details?id=com.googlecode.droidwall.free|Droidwall]] allows you allows you to block applications from accessing the Internet. It requires root access.
  
 ===== Superuser ===== ===== Superuser =====
Line 757: Line 889:
   * [[https://play.google.com/store/apps/details?id=com.koushikdutta.superuser|Superuser]] for Android allows you to grant and manage Superuser rights for your phone. It also requires root.   * [[https://play.google.com/store/apps/details?id=com.koushikdutta.superuser|Superuser]] for Android allows you to grant and manage Superuser rights for your phone. It also requires root.
  
-===== Web Browsing =====+===== Web browsing =====
  
-  * [[https://play.google.com/store/apps/details?id=org.mozilla.firefox|Firefox]] is an open source web browser that respects your privacy. It also allows you to use AddOns, such as the following.+  * [[https://play.google.com/store/apps/details?id=org.mozilla.firefox|Firefox]] is an open source web browser that respects your privacy. It also allows you to use AddOns, such as the following
 +   * [[https://addons.mozilla.org/en-US/android/addon/adblock-plus/|Adblock Plus AddOn]] 
 +   * [[https://addons.mozilla.org/en-US/android/addon/https-everywhere/|HTTPS Everywhere AddOn]] 
 +  * [[https://adguard.com/en/adguard-android/overview.html|Adguard for Android]], Firewall AND Adblocker for non-rooted phones (not free) 
 +  * Alternatives: [[https://​f-droid.org/​repository/​browse/?​fdid=org.adaway|AdAway]] (requires root), [[https://​adblockplus.org/​en/​android|Adblock Plus]] (does not require root) and more
   * [[https://play.google.com/store/apps/details?id=org.torproject.android|Orbot]] is a free proxy application that empowers other applications to use the Internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world.   * [[https://play.google.com/store/apps/details?id=org.torproject.android|Orbot]] is a free proxy application that empowers other applications to use the Internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world.
-  * [[https://​f-droid.org/​repository/​browse/?​fdid=org.adaway|AdAway]] blocks banners, pop-ups and video ads. If you have a non-rooted phone [[https://​adblockplus.org/​en/​android|Adblock Plus]] is an alternative. +  * [[https://play.google.com/store/apps/details?id=mobi.infolife.eraser|History Eraser]] allows you to delete your search history and various other things (just like [[:learn:how-tos#general_tips|Ccleaner/BleachBit]] for your mobile). It also guides you to some settings that ought to be changed or switched off such as google data syncing. There also is [[https://play.google.com/store/apps/details?id=com.piriform.ccleaner&hl=en|CCleaner for Android]].
- +
-===== History Eraser ===== +
- +
-  * [[https://play.google.com/store/apps/details?id=mobi.infolife.eraser|History Eraser]] allows you to delete your search history and various other things (just like [[:learn:how-tos#general_tips|Ccleaner/BleachBit]] for your mobile). It also guides you to some settings that ought to be changed or switched off such as google data syncing.+
  
 ===== Notes ===== ===== Notes =====
Line 773: Line 905:
 ====== iOS ====== ====== iOS ======
 iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https://prism-break.org/en/subcategories/android-operating-systems/|these alternatives]]). iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https://prism-break.org/en/subcategories/android-operating-systems/|these alternatives]]).
- 
-===== Messenger ===== 
- 
-Signal, Wire, ChatSecure 
  
 ===== Calls ===== ===== Calls =====
  
-  * [[https://itunes.apple.com/app/id874139669|signal]] provides ZRTP / end-to-end encryption for your calls, securing your conversations so that nobody can listen in.+  * [[https://itunes.apple.com/app/id874139669|Signal]] provides ZRTP / end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
   * The app "Wire" offers encrypted calls with excellent quality and the option to have video chats.    * The app "Wire" offers encrypted calls with excellent quality and the option to have video chats. 
   * More information: [[https://whispersystems.org/blog/signal|https://whispersystems.org/blog/signal]]   * More information: [[https://whispersystems.org/blog/signal|https://whispersystems.org/blog/signal]]
Line 786: Line 914:
 ===== Web Browsing ===== ===== Web Browsing =====
  
-  * [[https://itunes.apple.com/us/app/ghostery/id472789016|Ghostery]] stops third-party sites from tracking you. + * [[https://itunes.apple.com/au/app/onion-browser/id519296448?mt=8|Onion browser]] is a Tor-capable web browser that lets you access the internet privately and anonymously.
-  * [[https://itunes.apple.com/au/app/onion-browser/id519296448?mt=8|Onion browser]] is a Tor-capable web browser that lets you access the internet privately and anonymously.+
  
 ===== Chat ===== ===== Chat =====
Line 806: Line 933:
   * [[https://media.torproject.org/video/2012-10-21-cryptoparty/TruecryptByKevin.mov|Video: "Truecrypt"]] (old) from CryptoParty Boston (Kevin) via @torproject   * [[https://media.torproject.org/video/2012-10-21-cryptoparty/TruecryptByKevin.mov|Video: "Truecrypt"]] (old) from CryptoParty Boston (Kevin) via @torproject
   * [[http://www.randyjensenonline.com/blog/using-truecrypt-to-encrypt-your-entire-hard-drive|How To Encrypt Your Entire Hard Drive with Truecrypt (Windows)]] (old)   * [[http://www.randyjensenonline.com/blog/using-truecrypt-to-encrypt-your-entire-hard-drive|How To Encrypt Your Entire Hard Drive with Truecrypt (Windows)]] (old)
 +  * [[https://www.youtube.com/watch?v=i_WkMELC790|VeraCrypt Full Disk Encryption Guide for Windows]]
  
 ===== FileVault ===== ===== FileVault =====