Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
brief [2013/09/10 15:40] – [Alternatives to common online services and programs] 127.0.0.1 | universal [2020/08/22 01:17] – old revision restored (2014/10/20 14:47) 127.0.0.1 | ||
---|---|---|---|
Line 20: | Line 20: | ||
* https:// | * https:// | ||
- | + | ====== Why is mass surveillance a problem ? ====== | |
+ | |||
+ | * **https:// | ||
+ | |||
+ | ====== Quotes ====== | ||
Line 30: | Line 34: | ||
- | + | | |
Line 54: | Line 58: | ||
===== Browser ===== | ===== Browser ===== | ||
- | [[https:// | + | [[https:// |
===== Tor Browser Bundle ===== | ===== Tor Browser Bundle ===== | ||
* Watch this Video: [[https:// | * Watch this Video: [[https:// | ||
Line 67: | Line 71: | ||
* [[https:// | * [[https:// | ||
- | * Useful companion: [[https:// | ||
==== Block Advertising ==== | ==== Block Advertising ==== | ||
Line 87: | Line 90: | ||
==== Identifiable Browser configurations ==== | ==== Identifiable Browser configurations ==== | ||
- | * [[https:// | + | * [[https:// |
==== Request Policy ==== | ==== Request Policy ==== | ||
Line 107: | Line 110: | ||
* https:// | * https:// | ||
* from the same people that run startpage.com, | * from the same people that run startpage.com, | ||
+ | * https:// | ||
+ | * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service | ||
* Though if you'd like to keep using google at least use its encrypted version: https:// | * Though if you'd like to keep using google at least use its encrypted version: https:// | ||
* In **Chrome** go to settings-> | * In **Chrome** go to settings-> | ||
- | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. | + | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. |
===== General Tips ===== | ===== General Tips ===== | ||
Line 118: | Line 123: | ||
* Opt out from various tracking advertising firms using http:// | * Opt out from various tracking advertising firms using http:// | ||
* Check the privacy settings of applications that you use | * Check the privacy settings of applications that you use | ||
+ | * If you use Windows do a File System Check once in a while by entering "sfc / | ||
+ | * Disable all Plugins in your Browser or set them to "Ask to Activate" | ||
* Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | ||
* Use antivirus software and a firewall. Do regular scans & updates | * Use antivirus software and a firewall. Do regular scans & updates | ||
Line 128: | Line 135: | ||
* Get SSL. First follow these instructions for [[https:// | * Get SSL. First follow these instructions for [[https:// | ||
- | FIXME | + | ======Closing Unused Ports (debian)====== |
+ | **Check open ports.** | ||
+ | |||
+ | From the command line, you can see your open ports by typing: | ||
+ | su | ||
+ | netstat -anltp | grep " | ||
+ | |||
+ | Must should be none, i.e no reply. | ||
+ | |||
+ | **Remove services, which open ports.** | ||
+ | |||
+ | su | ||
+ | apt-get remove dovecot-core openbsd-inetd bind9 samba cups apache2 postgres* | ||
+ | apt-get remove exim4 exim4-daemon-light rpcbind openssh-server apache2.2-bin | ||
+ | apt-get autoremove | ||
+ | |||
+ | **Check open ports again.** | ||
+ | |||
+ | su | ||
+ | netstat -anltp | grep " | ||
====== Email ====== | ====== Email ====== | ||
Line 134: | Line 161: | ||
With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | ||
- | Check https:// | + | Check https:// |
For more control over your email, you have to either [[run your own mail server]] or have a good // | For more control over your email, you have to either [[run your own mail server]] or have a good // | ||
Line 165: | Line 192: | ||
=== 1. Install a mailclient === | === 1. Install a mailclient === | ||
- | We recommend [[https:// | + | We recommend [[https:// |
=== 2. Install GnuPG === | === 2. Install GnuPG === | ||
Line 182: | Line 209: | ||
[[http:// | [[http:// | ||
- | Find the add-on manager in your Thunderbird (upper right side menu) and install enigmail there. On Linux, install it via your software manager. | + | Find the add-on manager in your Thunderbird (upper right side menu) and install enigmail there. On Linux, install it via your software manager. |
- | If you are using a Thunderbird derivative (e.g. Icedove) from Debian which doesn' | + | |
Line 193: | Line 219: | ||
=== 5. Generate Keypair === | === 5. Generate Keypair === | ||
- | | + | |
- | | + | |
- | | + | |
- | - Wait. | + | |
- | Afterwards, it will ask you if you want to make a revocation certificate. Do so, and store it on a save medium (that is either a print-out or a CD you burn it to and then put away in a safe place).\\ | + | Afterwards, it will ask you if you want to make a revocation certificate. Do so, and store it on a safe medium (that is either a print-out or a CD you burn it to and then put away in a safe place).\\ |
- | Here is a great guide for [[https:// | + | If you have already generated |
- | For a more detailed description of the mechanism of public-key encryption, refer to [[http:// | + | [[https:// |
+ | For a more detailed description of the mechanism of public-key encryption, | ||
=== 6. Publish Public Key === | === 6. Publish Public Key === | ||
Line 208: | Line 234: | ||
To get a copy of a public key on Linux with GNUPG run the following command: | To get a copy of a public key on Linux with GNUPG run the following command: | ||
- | gpg --export -a <your GPG ID> | + | gpg --export --armor |
- | this will generate output starting with ' | + | this will generate output starting with ' |
Line 220: | Line 246: | ||
The key will now be available to be accessed through GNUPG and thus through Enigmail or other programs that utilise GNUPG. | The key will now be available to be accessed through GNUPG and thus through Enigmail or other programs that utilise GNUPG. | ||
- | FIXME: //Please write how to do that// | + | From the command line, you can see your local collection of keys by typing: |
+ | gpg -k | ||
+ | To find a particular key, type: | ||
+ | gpg -k <part of name/email/key ID> | ||
+ | |||
+ | To display or search keys in Thunderbird/Enigmail: | ||
+ | - Choose “OpenPGP” in the Thunderbird menu | ||
+ | - Choose “Key management” | ||
+ | - Type part of a name or email in the search box, or check “Display All Keys by Default” | ||
=== 8. Write your first encrypted email === | === 8. Write your first encrypted email === | ||
Line 226: | Line 260: | ||
Only encrypt //plain text// and note that subject lines are not encrypted. | Only encrypt //plain text// and note that subject lines are not encrypted. | ||
- | FIXME: //Please write how to do that and how to receive/decrypt | + | You can use the command line to encrypt a file or a message: |
+ | gpg -ase -r < | ||
+ | |||
+ | This will produce a file (ending in .asc) that you can attach or paste into an email. | ||
+ | |||
+ | To send encrypted mail with Thunderbird/Enigmail: | ||
+ | |||
+ | * Make sure auto-saving of drafts is disabled (Tools -> Options -> Composition -> General, uncheck Auto Save, or Edit -> Preferences -> Composition -> General, uncheck Auto Save). | ||
+ | * Compose a message as you normally would. | ||
+ | * Click on OpenPGP, and check Encrypt Message (and, optionally, Sign Message). | ||
+ | * Click Send. | ||
+ | |||
+ | Depending on how Thunderbird is set up, it may give you a list of keys to choose from at this point, or it may select keys automatically based on email addresses (This behavior is configurable: | ||
+ | |||
+ | To decrypt a message from the command line, save the encrypted message | ||
+ | gpg < | ||
+ | |||
+ | To decrypt | ||
+ | * Click on the messge. | ||
+ | * After a moment, the passphrase entry box should appear; enter your passphrase. | ||
+ | |||
+ | |||
+ | To verify a signature: | ||
+ | |||
+ | If the message was signed, there should be a “Good signature” message (visible in the output of the command-line client, or a green bar above the sender information in Thunderbird). | ||
==== GPG with Outlook 2010/2013 ==== | ==== GPG with Outlook 2010/2013 ==== | ||
Line 256: | Line 314: | ||
**[[: | **[[: | ||
+ | |||
+ | === 9. Use Tor Birdy === | ||
+ | |||
+ | You can make your communication extra safe by using Tor Birdy, a Thunderbird add-on for the Tor Browser | ||
+ | |||
+ | * If you don't have Thunderbird, | ||
+ | * Then you need to install Tor, so follow this [[http:// | ||
+ | * Next, [[https:// | ||
+ | * in Thunderbirds, | ||
+ | * then you need to adjust your Proxy to 9150 which you can do at Tools (// | ||
+ | * install it and restart Thunderbird | ||
+ | * NOTE: You now always have to open your Tor Browser to use Tor Birdy in Thunderbird. Otherwise e-mails fail to be sent instead. | ||
+ | * for troubleshooting, | ||
+ | |||
+ | |||
====== Chat ====== | ====== Chat ====== | ||
Line 325: | Line 398: | ||
* Enter 127.0.0.1 for the host and 9150 for the port | * Enter 127.0.0.1 for the host and 9150 for the port | ||
* Leave user/pass blank | * Leave user/pass blank | ||
+ | See also: https:// | ||
+ | =====Securing pidgin on GNU/ | ||
+ | * For information on how to secure pidgin on GNU/Linux https:// | ||
+ | * For information on how to properly install Apparmor: https:// | ||
===== Other ===== | ===== Other ===== | ||
Line 331: | Line 408: | ||
* [[https:// | * [[https:// | ||
* [[http:// | * [[http:// | ||
+ | * [[https:// | ||
====== VoIP ====== | ====== VoIP ====== | ||
Line 343: | Line 421: | ||
A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | ||
+ | More accurately all of them share being //anonymous overlay networks//. | ||
===== Tor Hidden services ===== | ===== Tor Hidden services ===== | ||
Line 351: | Line 430: | ||
===== I2P ===== | ===== I2P ===== | ||
- | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), | + | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), |
==== Step 1 ==== | ==== Step 1 ==== | ||
Line 373: | Line 452: | ||
* On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | ||
* Then go here (also optionally): | * Then go here (also optionally): | ||
- | * Now you can either always use a second browser/ | + | * Now you can either always use a second browser/ |
---- | ---- | ||
Line 384: | Line 463: | ||
- Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | ||
- | | + | |
+ | * **Alternatively** (and recommended for optimal security) | ||
HTTP-Proxy: 127.0.0.1 | HTTP-Proxy: 127.0.0.1 | ||
* Click OK. You can also run 2 firefox instances at the same time using [[http:// | * Click OK. You can also run 2 firefox instances at the same time using [[http:// | ||
+ | * Enter // | ||
+ | |||
+ | javascript.enabled | ||
+ | browser.safebrowsing.enabled | ||
+ | browser.safebrowsing.malware.enabled | ||
+ | |||
+ | * Disable all Plugins. Alternatively to setting javascript.enabled to false you can also use [[https:// | ||
---- | ---- | ||
Line 414: | Line 501: | ||
* Voice over IP | * Voice over IP | ||
- | All you need to do is install the software and generate a PGP/GPG key, which will be used to encrypt and decrypt your network traffic. The hard part is getting at least 5 of your friends to also install the software and to share their public keys with you. Once that is done, you have your very own DarkNet. | + | All you need to do is install the software and generate a PGP/GPG key, which will be used to encrypt and decrypt your network traffic. The hard part is getting at least 5 of your friends to also install the software and [[http:// |
- | FIXME //Please add tutorial | + | FIXME //Please add info for "The degree of anonymity can still be improved by deactivating the DHT and IP/ |
====== Meshnet ====== | ====== Meshnet ====== | ||
Line 431: | Line 518: | ||
* And [[http:// | * And [[http:// | ||
+ | ===== Tribler ===== | ||
+ | |||
+ | Tribler is an open source peer-to-peer decentralized torrent client with various features for watching, streaming & sharing videos online. | ||
+ | |||
+ | //Soon//(!) **[[http:// | ||
===== Frost with Freenet ===== | ===== Frost with Freenet ===== | ||
[[http:// | [[http:// | ||
Line 465: | Line 557: | ||
Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | ||
==== Windows ==== | ==== Windows ==== | ||
- | * [[http:// | + | * [[http:// |
- | * With [[http:// | + | * With [[http:// |
+ | * With [[https:// | ||
==== Linux ==== | ==== Linux ==== | ||
Line 475: | Line 568: | ||
as root/ | as root/ | ||
- | [[http:// | + | [[http:// |
+ | [[http:// | ||
+ | srm does secure deletion of files.\\ | ||
+ | sfill does a secure overwriting of the unused diskspace on the harddisk.\\ | ||
+ | sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\ | ||
+ | smem does a secure overwriting of unused memory (RAM) | ||
+ | To install the tools on ubuntu issue the command: | ||
+ | sudo apt-get install secure-delete | ||
==== Mac ==== | ==== Mac ==== | ||
- | FIXME | + | Beginning with Mac OS 10.3, Apple enhanced its security by introducing the [[http://safecomputing.umich.edu/ |
+ | |||
+ | [[http:// | ||
====== Photos & Videos ====== | ====== Photos & Videos ====== | ||
Line 499: | Line 601: | ||
* Verify the checksums as described here: [[: | * Verify the checksums as described here: [[: | ||
- | Alternatives to Tails such as Liberté Linux [[https:// | + | Alternatives to Tails such as Liberté Linux [[https:// |
===== Virtual Machine ===== | ===== Virtual Machine ===== | ||
Line 507: | Line 609: | ||
* Start Virtual Box click " | * Start Virtual Box click " | ||
* FIXME | * FIXME | ||
+ | * | ||
+ | | ||
===== Live Disc/USB ===== | ===== Live Disc/USB ===== | ||
Line 520: | Line 623: | ||
====== Operating system ====== | ====== Operating system ====== | ||
- | [[https:// | + | [[https:// |
- | FIXME //Please add tutorial for a new OS or 2nd OS// | + | FIXME //Please add tutorial/s for a new OS or 2nd OS// |
+ | |||
+ | If you (keep) using Windows [[http:// | ||
====== VPN ====== | ====== VPN ====== | ||
Line 538: | Line 643: | ||
* You can then connect to and disconnect from VPNs using the network icon in the system tray - the same one where you manage the Wi-Fi networks you’re connected to. | * You can then connect to and disconnect from VPNs using the network icon in the system tray - the same one where you manage the Wi-Fi networks you’re connected to. | ||
- | FIXME //Please add how to set up a VPN + recommendations + improve description above// | + | FIXME //Please add how to set up a VPN + [[http:// |
====== Android ====== | ====== Android ====== | ||
Line 562: | Line 667: | ||
* Users of newer versions of Android and up can use the built-in system encryption: [[http:// | * Users of newer versions of Android and up can use the built-in system encryption: [[http:// | ||
+ | |||
+ | ===== Permissions ===== | ||
+ | |||
+ | FIXME Check & review the following Apps: | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[http:// | ||
+ | |||
+ | |||
+ | |||
===== GPG ===== | ===== GPG ===== | ||
Line 589: | Line 707: | ||
* [[https:// | * [[https:// | ||
====== iOS ====== | ====== iOS ====== | ||
- | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// | + | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// |
+ | ===== Calls ===== | ||
+ | |||
+ | * [[https:// | ||
+ | * More information: | ||
===== Web Browsing ===== | ===== Web Browsing ===== | ||
* [[https:// | * [[https:// | ||
Line 626: | Line 749: | ||
==== Learn and Use ==== | ==== Learn and Use ==== | ||
- | LUKS can be set up using the program ' | + | LUKS can be set up using the program ' |
+ | In the following examples I will be using the device '/ | ||
+ | To format | ||
cryptsetup luksFormat /dev/sdxN | cryptsetup luksFormat /dev/sdxN | ||
- | where ' | + | Next, it will ask you to confirm, as this will *wipe any data on the partition*, then, you will be prompted to enter and confirm the password to access the drive. |
- | cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdxN | + | |
- | Next, it will ask you to confirm, as this will *wipe any data on the partition*. Then, you will be prompted to enter and confirm the password to access the drive, ensure that you pick a secure password, as there is no protection against brute-force password attacks if the drive is physically compromised. | + | |
- | Once it's confirmed completion of the process, you will be able to add the encrypted part of the drive as if it were a blockdevice, | + | |
- | cryptsetup open /dev/sdxN volume-name | + | |
- | The ' | + | |
- | mkfs -t ext4 / | + | |
- | It will now format the blank encrypted partition to an ext4 filesystem, you may choose any other supported filesystem you require by replacing the ' | + | |
- | Okay, so now you have an encrypted volume. If you're using a modern desktop environment like Unity, | + | |
- | If your desktop environment doesn' | + | |
- | mount / | + | |
- | And you'll be able to read and write data to your encrypted volume, to unmount and close the encrypted device simply use: | + | |
- | umount / | + | |
- | cryptsetup close volume-name | + | |
- | You can use this method | + | Once you have a LUKS partition, |
+ | cryptsetup luksOpen /dev/sdxN volume-name | ||
+ | You will be asked for the password to decrypt the device, then it will be available like a normal drive or parition located at '/ | ||
+ | If you are finished using the device, you can remove it by typing the command: | ||
+ | cryptsetup luksClose volume-name | ||
- | For further | + | The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further |
+ | |||
+ | If you're unsure about choosing a cipher or concerned about performance the latest version of cryptsetup | ||
+ | cryptsetup benchmark | ||
+ | |||
+ | Note: The above section is written assuming that the user is running the latest version of cryptsetup, for older versions the command structure differs slightly. | ||
===== Ubuntu ===== | ===== Ubuntu ===== | ||
Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | ||
- | |||
- | FIXME //better description^// | ||
==== Learn and Use ==== | ==== Learn and Use ==== | ||
+ | * [[https:// | ||
* [[http:// | * [[http:// | ||
====== Integrity Checks ====== | ====== Integrity Checks ====== | ||
Line 686: | Line 806: | ||
* Compare with expected values from the site you downloaded from. | * Compare with expected values from the site you downloaded from. | ||
- | FIXME //Please add variations for Linux& | + | FIXME |
+ | //Please add variations for Linux& | ||
====== About ====== | ====== About ====== | ||
- | If these tutorials helped you please pass it on - share this page! | + | Also available as an eepsite on [[brief:# |
+ | http:// | ||
+ | And as a hidden service on [[brief:# | ||
+ | http:// | ||
+ | |||
+ | FIXME | ||
+ | //These 2 sites need to be updated to the present state of this tutorial-series.\\ | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | |||
+ | If these tutorials helped you please pass it on - **share this page** (or its contents)! |