Differences

This shows you the differences between two versions of the page.

Link to this comparison view

learn:how-tos [2020/06/12 21:59] – Add general information about E2EE for communication 127.0.0.1learn:how-tos [2022/05/08 11:42] (current) – external edit 127.0.0.1
Line 95: Line 95:
 ==== Firefox Browser ==== ==== Firefox Browser ====
  
-For browsing that doesn'require anonymity (i.e. browsing that requires you to log in), switch to Mozilla Firefox. It's as good as Chrome, fast and the most extendible browser with most add-ons. It's available for Windows, Mac, and Linux. Firefox supports many useful security privacy enhancing plugins discussed next.+For browsing that can'be done anonymously (i.e. browsing that requires you to log in -- think banking, shopping, social media), switch to Mozilla Firefox. It's as good as Chrome, fast and the most extendible browser with most add-ons. It's available for Windows, Mac, and Linux. Firefox supports many useful security privacy enhancing plugins discussed next.
  
 **Ad block plugins** **Ad block plugins**
Line 222: Line 222:
     * This is equally important, whether we're talking about email, instant messaging, calls, or video calls.     * This is equally important, whether we're talking about email, instant messaging, calls, or video calls.
  
-**End-to-end encryption requires two **equally** important parts**+**End-to-end encryption requires two equally important parts**
  
     * Private key(s) must never leave the user's device without password protection that only the user knows     * Private key(s) must never leave the user's device without password protection that only the user knows
     * Public keys from contact's must be verified to actually originate from contact's device, otherwise end-to-end encryption can be eavesdropped with something called a man-in-the-middle attack. Verification is done in almost all applications by comparing public key fingerprints, also called safety numbers, and security codes.     * Public keys from contact's must be verified to actually originate from contact's device, otherwise end-to-end encryption can be eavesdropped with something called a man-in-the-middle attack. Verification is done in almost all applications by comparing public key fingerprints, also called safety numbers, and security codes.
  
 +
 +====== Chat ======
 +
 +===== Signal protocol =====
 +
 +Signal-protocol is a modernized version of OTR-protocol that is designed to work in asynchronous environments such as on smartphones. This is because on smartphones apps open and close so frequently, OTR-sessions (that need to be established for each time they're used) become inconvenient.
 +
 +More information
 +  * [[https://www.youtube.com/watch?v=tOMiAeRwpPA#t=12m45s|Next Generation Threats]] by Moxie Marlinspike
 +  * [[https://whispersystems.org/docs/|Technical documentation]]
 +
 +Applications that use Signal protocol or similar (so called [[https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm|double-ratchet algorithm]] based) protocols
 +
 +  * [[https://signal.org/|Signal]] (iOS, Android, Chromium)
 +  * [[https://wire.com|Wire]] (iOS, Android, Linux, Mac OS, Windows)
 +  * [[https://conversations.im/|Conversations]]
 +
 +
 +===== OTR =====
 +
 +**Warning, the OTRv3 is starting to show its age, e.g. wrt. the key size used (1536-bits). The [[https://github.com/otrv4/otrv4|OTRv4]] standardization is still a work-in-progress, thus Signal protocol should be favoured until the next gen OTR is ready to deploy.**
 +
 +Off-the-Record (OTR) messaging allows you to have private conversations over instant messaging by providing:
 +
 +  * **End-to-end encryption**: No one else can read your instant messages.
 +  * **Authentication**: You can verify that end-to-end encryption is not under [[https://en.wikipedia.org/wiki/Man-in-the-middle_attack|man-in-the-middle-attack]].
 +  * **Deniability**: The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
 +  * **Forward secrecy**: If you lose control of your private keys, no previous conversation is compromised (assuming control of log files was not lost at the same time).
 +
 +A variety of chat clients are available which use OTR:
 +
 +Clients that support the [[https://otr.cypherpunks.ca/|OTR-plugin]]
 +  * [[https://gajim.org|Gajim]] (Windows, Linux, MacOS)
 +  * [[https://pidgin.im|Pidgin]] (Windows, Linux, MacOS)
 +  * [[https://adium.im/about/|Adium]] (MacOS only)
 +
 +Clients with built in support for OTR
 +
 +  * ChatSecure ([[https://itunes.apple.com/us/app/chatsecure/id464200063?mt=8|iOS]], Android: [[https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im|Play Store]], [[https://guardianproject.info/releases/chatsecure-latest.apk|APK]])
 +  * [[https://github.com/siacs/Conversations#conversations|Conversations]] (Android)
 +  * [[https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger#Downloads|Tor Messenger]] (Windows, Linux, MacOS)(**In beta!**)
 +
 +=== How to use ===
 +  * [[https://theintercept.com/2015/07/14/communicating-secret-watched/|Chatting in Secret While We’re All Being Watched ]] (fantastic article by Micah Lee)
 +  * [[https://ssd.eff.org/en/module/how-use-otr-mac|How to: Use OTR for Mac]]
 +  * [[https://www.bestvpn.com/blog/30751/tor-project-releases-secure-encrypted-tor-messenger-how-to-use-it/|Tor Messenger how-to]]
 +
 +Advanced:
 +
 +  * [[https://www.calyxinstitute.org/education/how-to-using-jabber.calyxinstitute.org-server-via-its-tor-hidden-service-with-pidgin-and-off-the-record|Routing messages via public Tor Hidden Service XMPP servers]]
 +
 +
 +===== IRC =====
 +
 +==== IRC over Tor ====
 +
 +Note that if you don't use the Tor Browser Bundle (but just tor) replace 9150 with **9050**
 +
 +For the **XChat**  IRC Client (or [[http://hexchat.github.io/downloads.html|Hexchat]]):
 +
 +  * Start Tor.
 +  * In Xchat go to Settings→Options→Network Setup and enter the following:
 +
 +<code>
 +      Hostname: 127.0.0.1
 +      Port: 9150
 +      Type: Socks5
 +      Use Proxy for: both
 +</code>
 +
 +  * Save and make sure you don't connect with the nickname you use without tor.
 +
 +For the **irssi**  IRC Client go here: [[https://www.cryptoparty.in/documentation/irssi_plus_tor|https://www.cryptoparty.in/documentation/irssi_plus_tor]]
 +
 +For the **mIRC**  Client:
 +
 +  * Press Alt+O to open the options dialog
 +  * Go to Connect → Proxy section
 +  * Under Connection select Both
 +  * Under Protocol select Socks
 +  * Under Hostname enter "127.0.0.1"
 +  * Under Port enter 9150 & press OK.
 +
 +There are also tor-internal IRC servers to which you can only connect once you set up the above. [[http://www.reddit.com/r/onions/comments/15kvb3/anyone_have_a_list_of_currently_working_onion_irc/|You can find most of them here]]
 +
 +==== IRC with I2P ====
 +
 +  * Set up I2P [[:learn:how-tos#i2p|as described further below]]
 +  * Start it, as well as your IRC-Client (ie mIRC or Xchat)
 +  * Connect to a new server: 127.0.0.1 Port 6668
 +  * Done. There are also more IRC servers than the default one above. For learning how to join them read the bottom of [[http://pastebin.com/xWzw10wW|this page]] but the above is the most active one.
 +  * //[[http://www.youtube.com/watch?v=cCN25hxjFjE|Full step by step guide for I2P over mIRC on youtube]]//
 +
 +===== Pidgin over Tor =====
 +
 +  * Go to the Accounts, select your Account
 +  * Select Edit Account
 +  * Go to the Advanced Tab
 +  * Under Proxy Options select proxy type SOCKS v5
 +  * Enter 127.0.0.1 for the host and 9150 for the port
 +  * Leave user/pass blank
 +
 +See also: [[https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration|https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration]]
 +
 +===== Securing pidgin on GNU/Linux =====
 +
 +  * For information on how to secure pidgin on GNU/Linux [[https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux|https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux]]
 +  * For information on how to properly install Apparmor: [[https://wiki.debian.org/AppArmor/HowTo|https://wiki.debian.org/AppArmor/HowTo]]
 +
 +===== Other =====
 +
 +  * [[http://retroshare.sourceforge.net/|Retroshare]] lets you //securely//  chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. It provides filesharing, chat, messages, forums and channels.
 +  * [[https://github.com/agl/pond|pond]] is a heavily encrypted replacement for email
 +  * [[http://echelon.i2p.to/qti2pmessenger/|I2P Messenger]] is an end-to-end encrypted serverless communication application over [[:learn:how-tos#i2p|I2P]]. It supports file transfer and has a search for other users.
 +  * [[https://bitmessage.org/wiki/Main_Page|BitMessage]] is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. [[https://wastun.tem.li/howto_bitmessage|Tutorial for setting up and using Bitmessage – an encrypted communications platform based on Bitcoin]]
  
  
Line 431: Line 546:
  
   * [[https://www.youtube.com/watch?v=m56dsDc2808|How to use GPG Encryption (with GPA)]]   * [[https://www.youtube.com/watch?v=m56dsDc2808|How to use GPG Encryption (with GPA)]]
- 
-====== Chat ====== 
- 
-===== OTR ===== 
- 
-Off-the-Record (OTR) messaging allows you to have private conversations over instant messaging by providing: 
- 
-  * **End-to-end encryption**: No one else can read your instant messages. 
-  * **Authentication**: You can verify that end-to-end encryption is not under [[https://en.wikipedia.org/wiki/Man-in-the-middle_attack|man-in-the-middle-attack]]. 
-  * **Deniability**: The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. 
-  * **Forward secrecy**: If you lose control of your private keys, no previous conversation is compromised (assuming control of log files was not lost at the same time). 
- 
-A variety of chat clients are available which use OTR: 
- 
-Clients that support the [[https://otr.cypherpunks.ca/|OTR-plugin]] 
-  * [[https://gajim.org|Gajim]] (Windows, Linux, MacOS) 
-  * [[https://pidgin.im|Pidgin]] (Windows, Linux, MacOS) 
-  * [[https://adium.im/about/|Adium]] (MacOS only) 
- 
-Clients with built in support for OTR 
- 
-  * ChatSecure ([[https://itunes.apple.com/us/app/chatsecure/id464200063?mt=8|iOS]], Android: [[https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im|Play Store]], [[https://guardianproject.info/releases/chatsecure-latest.apk|APK]]) 
-  * [[https://github.com/siacs/Conversations#conversations|Conversations]] (Android) 
-  * [[https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger#Downloads|Tor Messenger]] (Windows, Linux, MacOS)(**In beta!**) 
- 
-=== How to use === 
-  * [[https://theintercept.com/2015/07/14/communicating-secret-watched/|Chatting in Secret While We’re All Being Watched ]] (fantastic article by Micah Lee) 
-  * [[https://ssd.eff.org/en/module/how-use-otr-mac|How to: Use OTR for Mac]] 
-  * [[https://www.bestvpn.com/blog/30751/tor-project-releases-secure-encrypted-tor-messenger-how-to-use-it/|Tor Messenger how-to]] 
- 
-Advanced: 
- 
-  * [[https://www.calyxinstitute.org/education/how-to-using-jabber.calyxinstitute.org-server-via-its-tor-hidden-service-with-pidgin-and-off-the-record|Routing messages via public Tor Hidden Service XMPP servers]] 
- 
-===== Signal protocol ===== 
- 
-Signal-protocol is a modernized version of OTR-protocol that is designed to work in asynchronous environments such as on smartphones. This is because on smartphones apps open and close so frequently, OTR-sessions (that need to be established for each time they're used) become inconvenient. 
- 
-More information 
-  * [[https://www.youtube.com/watch?v=tOMiAeRwpPA#t=12m45s|Next Generation Threats]] by Moxie Marlinspike 
-  * [[https://whispersystems.org/docs/|Technical documentation]] 
- 
-Applications that use Signal protocol or similar (so called [[https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm|double-ratchet algorithm]] based) protocols 
- 
-  * [[https://signal.org/|Signal]] (iOS, Android, Chromium) 
-  * [[https://wire.com|Wire]] (iOS, Android, Linux, Mac OS, Windows, Web) 
-  * [[https://conversations.im/|Conversations]] 
- 
-===== IRC ===== 
- 
-==== IRC over Tor ==== 
- 
-Note that if you don't use the Tor Browser Bundle (but just tor) replace 9150 with **9050** 
- 
-For the **XChat**  IRC Client (or [[http://hexchat.github.io/downloads.html|Hexchat]]): 
- 
-  * Start Tor. 
-  * In Xchat go to Settings→Options→Network Setup and enter the following: 
- 
-<code> 
-      Hostname: 127.0.0.1 
-      Port: 9150 
-      Type: Socks5 
-      Use Proxy for: both 
-</code> 
- 
-  * Save and make sure you don't connect with the nickname you use without tor. 
- 
-For the **irssi**  IRC Client go here: [[https://www.cryptoparty.in/documentation/irssi_plus_tor|https://www.cryptoparty.in/documentation/irssi_plus_tor]] 
- 
-For the **mIRC**  Client: 
- 
-  * Press Alt+O to open the options dialog 
-  * Go to Connect → Proxy section 
-  * Under Connection select Both 
-  * Under Protocol select Socks 
-  * Under Hostname enter "127.0.0.1" 
-  * Under Port enter 9150 & press OK. 
- 
-There are also tor-internal IRC servers to which you can only connect once you set up the above. [[http://www.reddit.com/r/onions/comments/15kvb3/anyone_have_a_list_of_currently_working_onion_irc/|You can find most of them here]] 
- 
-==== IRC with I2P ==== 
- 
-  * Set up I2P [[:learn:how-tos#i2p|as described further below]] 
-  * Start it, as well as your IRC-Client (ie mIRC or Xchat) 
-  * Connect to a new server: 127.0.0.1 Port 6668 
-  * Done. There are also more IRC servers than the default one above. For learning how to join them read the bottom of [[http://pastebin.com/xWzw10wW|this page]] but the above is the most active one. 
-  * //[[http://www.youtube.com/watch?v=cCN25hxjFjE|Full step by step guide for I2P over mIRC on youtube]]// 
- 
-===== Pidgin over Tor ===== 
- 
-  * Go to the Accounts, select your Account 
-  * Select Edit Account 
-  * Go to the Advanced Tab 
-  * Under Proxy Options select proxy type SOCKS v5 
-  * Enter 127.0.0.1 for the host and 9150 for the port 
-  * Leave user/pass blank 
- 
-See also: [[https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration|https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration]] 
- 
-===== Securing pidgin on GNU/Linux ===== 
- 
-  * For information on how to secure pidgin on GNU/Linux [[https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux|https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux]] 
-  * For information on how to properly install Apparmor: [[https://wiki.debian.org/AppArmor/HowTo|https://wiki.debian.org/AppArmor/HowTo]] 
- 
-===== Other ===== 
- 
-  * [[http://retroshare.sourceforge.net/|Retroshare]] lets you //securely//  chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. It provides filesharing, chat, messages, forums and channels. 
-  * [[https://github.com/agl/pond|pond]] is a heavily encrypted replacement for email 
-  * [[https://​github.com/​prof7bit/TorChat/​downloads|TorChat]] is a peer to peer instant messenger with a completely decentralized design, built on top of [[:learn:how-tos#​tor_hidden_services|Tor' s hidden services]], giving you extremely strong // anonymity//  while being very easy to use without the need to install or configure anything. 
-  * [[http://echelon.i2p.to/qti2pmessenger/|I2P Messenger]] is an end-to-end encrypted serverless communication application over [[:learn:how-tos#i2p|I2P]]. It supports file transfer and has a search for other users. 
-  * [[https://bitmessage.org/wiki/Main_Page|BitMessage]] is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. [[https://wastun.tem.li/howto_bitmessage|Tutorial for setting up and using Bitmessage – an encrypted communications platform based on Bitcoin]] 
  
  
Line 560: Line 563:
 A darknet is an internet or private network, where information and content are shared by darknet participants anonymously. More accurately all of them share being //anonymous overlay networks//. A darknet is an internet or private network, where information and content are shared by darknet participants anonymously. More accurately all of them share being //anonymous overlay networks//.
  
-===== Tor Hidden Services =====+===== Tor Onion Services =====
  
-Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server's IP address (and thus its network location), an hidden service is accessed through its .onion address. The Tor network understands these addresses and can route data to and from hidden services, while preserving the anonymity of both parties.+Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called Onion Services (hidden services by their former name). Rather than revealing a server's IP address (and thus its network location), an Onion Service is accessed through its .onion address. The Tor network understands these addresses and can route data to and from Onion Services, while preserving the anonymity of both parties.
  
   * Follow the [[:learn:how-tos#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]   * Follow the [[:learn:how-tos#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]
-  * That's it already. [[http://pastebin.com/zRLGDRCM|You can find some hidden services (.onion sites) here]] that you can now open up with the TorBrowser+  * That's it already. [[http://pastebin.com/zRLGDRCM|You can find some Onion Services (.onion sites) here]] that you can now open up with the Tor Browser.
  
 ===== I2P ===== ===== I2P =====