Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
brief [2013/12/19 10:25] – [Retroshare] please edit 127.0.0.1 | universal [2020/08/22 01:17] – old revision restored (2014/10/20 14:47) 127.0.0.1 | ||
---|---|---|---|
Line 20: | Line 20: | ||
* https:// | * https:// | ||
- | + | ====== Why is mass surveillance a problem ? ====== | |
+ | |||
+ | * **https:// | ||
+ | |||
+ | ====== Quotes ====== | ||
Line 30: | Line 34: | ||
- | + | | |
Line 67: | Line 71: | ||
* [[https:// | * [[https:// | ||
- | * Useful companion: [[https:// | ||
==== Block Advertising ==== | ==== Block Advertising ==== | ||
Line 107: | Line 110: | ||
* https:// | * https:// | ||
* from the same people that run startpage.com, | * from the same people that run startpage.com, | ||
+ | * https:// | ||
+ | * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service | ||
* Though if you'd like to keep using google at least use its encrypted version: https:// | * Though if you'd like to keep using google at least use its encrypted version: https:// | ||
* In **Chrome** go to settings-> | * In **Chrome** go to settings-> | ||
- | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. | + | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. |
===== General Tips ===== | ===== General Tips ===== | ||
Line 118: | Line 123: | ||
* Opt out from various tracking advertising firms using http:// | * Opt out from various tracking advertising firms using http:// | ||
* Check the privacy settings of applications that you use | * Check the privacy settings of applications that you use | ||
+ | * If you use Windows do a File System Check once in a while by entering "sfc / | ||
+ | * Disable all Plugins in your Browser or set them to "Ask to Activate" | ||
* Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | ||
* Use antivirus software and a firewall. Do regular scans & updates | * Use antivirus software and a firewall. Do regular scans & updates | ||
Line 128: | Line 135: | ||
* Get SSL. First follow these instructions for [[https:// | * Get SSL. First follow these instructions for [[https:// | ||
- | FIXME | + | ======Closing Unused Ports (debian)====== |
+ | **Check open ports.** | ||
+ | |||
+ | From the command line, you can see your open ports by typing: | ||
+ | su | ||
+ | netstat -anltp | grep " | ||
+ | |||
+ | Must should be none, i.e no reply. | ||
+ | |||
+ | **Remove services, which open ports.** | ||
+ | |||
+ | su | ||
+ | apt-get remove dovecot-core openbsd-inetd bind9 samba cups apache2 postgres* | ||
+ | apt-get remove exim4 exim4-daemon-light rpcbind openssh-server apache2.2-bin | ||
+ | apt-get autoremove | ||
+ | |||
+ | **Check open ports again.** | ||
+ | |||
+ | su | ||
+ | netstat -anltp | grep " | ||
====== Email ====== | ====== Email ====== | ||
Line 134: | Line 161: | ||
With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | ||
- | Check https:// | + | Check https:// |
For more control over your email, you have to either [[run your own mail server]] or have a good // | For more control over your email, you have to either [[run your own mail server]] or have a good // | ||
Line 165: | Line 192: | ||
=== 1. Install a mailclient === | === 1. Install a mailclient === | ||
- | We recommend [[https:// | + | We recommend [[https:// |
=== 2. Install GnuPG === | === 2. Install GnuPG === | ||
Line 287: | Line 314: | ||
**[[: | **[[: | ||
+ | |||
+ | === 9. Use Tor Birdy === | ||
+ | |||
+ | You can make your communication extra safe by using Tor Birdy, a Thunderbird add-on for the Tor Browser | ||
+ | |||
+ | * If you don't have Thunderbird, | ||
+ | * Then you need to install Tor, so follow this [[http:// | ||
+ | * Next, [[https:// | ||
+ | * in Thunderbirds, | ||
+ | * then you need to adjust your Proxy to 9150 which you can do at Tools (// | ||
+ | * install it and restart Thunderbird | ||
+ | * NOTE: You now always have to open your Tor Browser to use Tor Birdy in Thunderbird. Otherwise e-mails fail to be sent instead. | ||
+ | * for troubleshooting, | ||
+ | |||
+ | |||
====== Chat ====== | ====== Chat ====== | ||
Line 356: | Line 398: | ||
* Enter 127.0.0.1 for the host and 9150 for the port | * Enter 127.0.0.1 for the host and 9150 for the port | ||
* Leave user/pass blank | * Leave user/pass blank | ||
+ | See also: https:// | ||
+ | =====Securing pidgin on GNU/ | ||
+ | * For information on how to secure pidgin on GNU/Linux https:// | ||
+ | * For information on how to properly install Apparmor: https:// | ||
===== Other ===== | ===== Other ===== | ||
Line 375: | Line 421: | ||
A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | ||
+ | More accurately all of them share being //anonymous overlay networks//. | ||
===== Tor Hidden services ===== | ===== Tor Hidden services ===== | ||
Line 383: | Line 430: | ||
===== I2P ===== | ===== I2P ===== | ||
- | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), | + | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), |
==== Step 1 ==== | ==== Step 1 ==== | ||
Line 405: | Line 452: | ||
* On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | ||
* Then go here (also optionally): | * Then go here (also optionally): | ||
- | * Now you can either always use a second browser/ | + | * Now you can either always use a second browser/ |
---- | ---- | ||
Line 416: | Line 463: | ||
- Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | ||
- | | + | |
+ | * **Alternatively** (and recommended for optimal security) | ||
HTTP-Proxy: 127.0.0.1 | HTTP-Proxy: 127.0.0.1 | ||
* Click OK. You can also run 2 firefox instances at the same time using [[http:// | * Click OK. You can also run 2 firefox instances at the same time using [[http:// | ||
+ | * Enter // | ||
+ | |||
+ | javascript.enabled | ||
+ | browser.safebrowsing.enabled | ||
+ | browser.safebrowsing.malware.enabled | ||
+ | |||
+ | * Disable all Plugins. Alternatively to setting javascript.enabled to false you can also use [[https:// | ||
---- | ---- | ||
Line 463: | Line 518: | ||
* And [[http:// | * And [[http:// | ||
+ | ===== Tribler ===== | ||
+ | |||
+ | Tribler is an open source peer-to-peer decentralized torrent client with various features for watching, streaming & sharing videos online. | ||
+ | |||
+ | //Soon//(!) **[[http:// | ||
===== Frost with Freenet ===== | ===== Frost with Freenet ===== | ||
[[http:// | [[http:// | ||
Line 497: | Line 557: | ||
Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | ||
==== Windows ==== | ==== Windows ==== | ||
- | * [[http:// | + | * [[http:// |
- | * With [[http:// | + | * With [[http:// |
- | * With [[https:// | + | |
+ | * With [[https:// | ||
==== Linux ==== | ==== Linux ==== | ||
Line 510: | Line 571: | ||
[[http:// | [[http:// | ||
- | |||
srm does secure deletion of files.\\ | srm does secure deletion of files.\\ | ||
sfill does a secure overwriting of the unused diskspace on the harddisk.\\ | sfill does a secure overwriting of the unused diskspace on the harddisk.\\ | ||
sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\ | sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\ | ||
- | smem does a secure overwriting of unused memory (RAM) | + | smem does a secure overwriting of unused memory (RAM) |
To install the tools on ubuntu issue the command: | To install the tools on ubuntu issue the command: | ||
sudo apt-get install secure-delete | sudo apt-get install secure-delete | ||
- | FIXME | ||
==== Mac ==== | ==== Mac ==== | ||
- | FIXME | + | Beginning with Mac OS 10.3, Apple enhanced its security by introducing the [[http://safecomputing.umich.edu/ |
+ | |||
+ | [[http:// | ||
====== Photos & Videos ====== | ====== Photos & Videos ====== | ||
Line 541: | Line 601: | ||
* Verify the checksums as described here: [[: | * Verify the checksums as described here: [[: | ||
- | Alternatives to Tails such as Liberté Linux [[https:// | + | Alternatives to Tails such as Liberté Linux [[https:// |
===== Virtual Machine ===== | ===== Virtual Machine ===== | ||
Line 563: | Line 623: | ||
====== Operating system ====== | ====== Operating system ====== | ||
- | [[https:// | + | [[https:// |
- | FIXME //Please add tutorial for a new OS or 2nd OS// | + | FIXME //Please add tutorial/s for a new OS or 2nd OS// |
- | If you (keep) using Windows [[http:// | + | If you (keep) using Windows [[http:// |
====== VPN ====== | ====== VPN ====== | ||
Line 607: | Line 667: | ||
* Users of newer versions of Android and up can use the built-in system encryption: [[http:// | * Users of newer versions of Android and up can use the built-in system encryption: [[http:// | ||
+ | |||
+ | ===== Permissions ===== | ||
+ | |||
+ | FIXME Check & review the following Apps: | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[http:// | ||
+ | |||
+ | |||
+ | |||
===== GPG ===== | ===== GPG ===== | ||
Line 634: | Line 707: | ||
* [[https:// | * [[https:// | ||
====== iOS ====== | ====== iOS ====== | ||
- | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// | + | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// |
+ | ===== Calls ===== | ||
+ | |||
+ | * [[https:// | ||
+ | * More information: | ||
===== Web Browsing ===== | ===== Web Browsing ===== | ||
* [[https:// | * [[https:// | ||
Line 678: | Line 756: | ||
Once you have a LUKS partition, to make the drive accessible for formating or mounting, use the command, type the command: | Once you have a LUKS partition, to make the drive accessible for formating or mounting, use the command, type the command: | ||
- | cryptsetup | + | cryptsetup |
You will be asked for the password to decrypt the device, then it will be available like a normal drive or parition located at '/ | You will be asked for the password to decrypt the device, then it will be available like a normal drive or parition located at '/ | ||
If you are finished using the device, you can remove it by typing the command: | If you are finished using the device, you can remove it by typing the command: | ||
- | cryptsetup | + | cryptsetup |
The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further software is required however you will likely not be able to access LUKS formatted partitions or drives from a Microsoft or Apple device. | The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further software is required however you will likely not be able to access LUKS formatted partitions or drives from a Microsoft or Apple device. | ||
Line 692: | Line 770: | ||
Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | ||
- | |||
- | FIXME //better description^// | ||
==== Learn and Use ==== | ==== Learn and Use ==== | ||
+ | * [[https:// | ||
* [[http:// | * [[http:// | ||
====== Integrity Checks ====== | ====== Integrity Checks ====== | ||
Line 729: | Line 806: | ||
* Compare with expected values from the site you downloaded from. | * Compare with expected values from the site you downloaded from. | ||
- | FIXME //Please add variations for Linux& | + | FIXME |
+ | //Please add variations for Linux& | ||
====== About ====== | ====== About ====== | ||
- | Also available as an eepsite on [[brief:# | + | Also available as an eepsite on [[brief:# |
- | And as a hidden service on [[brief:# | + | http://crzh6busgh4v2kon66ant2fgscq6scj4apceqii2rstglaztfk2q.b32.i2p/en/ |
+ | And as a hidden service on [[brief:# | ||
+ | http://5nklpqfgczvtjrlg.onion/ | ||
+ | |||
+ | FIXME | ||
+ | //These 2 sites need to be updated to the present state of this tutorial-series.\\ | ||
+ | |||
+ | |||
+ | ---- | ||
- | If these tutorials helped you please pass it on - share this page! | + | If these tutorials helped you please pass it on - **share this page** (or its contents)! |