Differences

This shows you the differences between two versions of the page.

--- brief [2013/09/11 21:34] – [Retroshare] 127.0.0.1
+++ universal [2020/08/22 01:17] – old revision restored (2014/10/20 14:47) 127.0.0.1
@@ Line 20: / Line 20: @@
   * https://alternatives.tacticaltech.org/
+====== Why is mass surveillance a problem ? ======
+  * **https://www.cryptoparty.in/MassSurveillance**
+====== Quotes ======
@@ Line 30: / Line 34: @@
@@ Line 54: / Line 58: @@
 ===== Browser =====
-[[https://www.mozilla.org/en-US/firefox/|Firefox]] is an open source web browser that respects your privacy. If you're not using it already you should do from now on. It's available for Winows, Mac & Linux.
+[[https://www.mozilla.org/en-US/firefox/|Firefox]] is an open source web browser that respects your privacy. If you're not using it already you should do from now on. It's available for Windows, Mac & Linux.
 ===== Tor Browser Bundle =====
   * Watch this Video: [[https://media.torproject.org/video/2012-10-21-cryptoparty/UsingTorByAndrewAndSteve.mov | "Using Tor"]] from CryptoParty Boston.
@@ Line 67: / Line 71: @@
   * [[https://www.eff.org/https-everywhere|HTTPS Everywhere]] has a big list of websites that support encrypted connections, and whenever you connect to them silently switches to the encrypted variant. That little "s" in the URL is what it is about
-   * Useful companion: [[https://addons.mozilla.org/en-US/firefox/addon/https-finder/|HTTPS Finder]] is another Firefox addon that tries HTTPS for sites that are not already listed in the HTTPS Everywhere addon
 ==== Block Advertising ====
@@ Line 87: / Line 90: @@
 ==== Identifiable Browser configurations ====
-  * [[https://addons.mozilla.org/en-us/firefox/addon/blender-1/|Blender]] lets you blend in the crowd by faking to be the most common Firefox browser version, operating system and other stuff. Test it with EFF's [[panopticlick.eff.org|panopticlick]]
+  * [[https://addons.mozilla.org/en-us/firefox/addon/blender-1/|Blender]] lets you blend in the crowd by faking to be the most common Firefox browser version, operating system and other stuff. Test it with EFF's [[https://panopticlick.eff.org/|panopticlick]]
 ==== Request Policy ====
@@ Line 107: / Line 110: @@
   * https://ixquick.com/
     * from the same people that run startpage.com, searches many popular search engines simultaneously
+  * https://metager.de/tor/en/
+    * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service
   * Though if you'd like to keep using google at least use its encrypted version: https://encrypted.google.com.
   * In **Chrome** go to settings->Manage Search Engines and add a search engine (example url: https://encrypted.google.com/search?q=%s). For startpage go here: https://startpage.com/eng/download-startpage-plugin.html
-  * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. Enter //about:config// in the addressbar and search for //keyword.URL// if it exists enter https://encrypted.google.com/search?q= to change the search engine of the address bar.
+  * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. Go to the page you intend to make your search engine and select the logo to the right of your search bar (top right), and select Add "[searchEngineName]" to change search engines.
 ===== General Tips =====
@@ Line 118: / Line 123: @@
   * Opt out from various tracking advertising firms using http://www.networkadvertising.org/choices/ & http://www.aboutads.info/choices/
   * Check the privacy settings of applications that you use
+  * If you use Windows do a File System Check once in a while by entering "sfc /scannow" into the console
+  * Disable all Plugins in your Browser or set them to "Ask to Activate" (in Firefox)
   * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http://www.cryptoparty.in/documentation/password|More tips on good passwords]]
   * Use antivirus software and a firewall. Do regular scans & updates
@@ Line 128: / Line 135: @@
   * Get SSL. First follow these instructions for [[https://github.com/ioerror/duraconf/blob/master/startssl/README.markdown|getting the certificate]] then install it as in the appropiate tutorial [[https://www.globalsign.com/support/installcert.php|here]]. Secure Sockets Layer provides an encrypted connection between the client and the server/certificate holder.
-FIXME
+======Closing Unused Ports (debian)======
+**Check open ports.**
+From the command line, you can see your open ports by typing:
+        su
+        netstat -anltp | grep "LISTEN"
+Must should be none, i.e no reply.
+**Remove services, which open ports.**
+        su
+        apt-get remove dovecot-core openbsd-inetd bind9 samba cups apache2 postgres*
+        apt-get remove exim4 exim4-daemon-light rpcbind openssh-server apache2.2-bin
+        apt-get autoremove
+**Check open ports again.**
+        su
+        netstat -anltp | grep "LISTEN"
 ====== Email ======
@@ Line 134: / Line 161: @@
 With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\
-Check https://prism-break.org/#email-service for recommendations
+Check https://prism-break.org/en/subcategories/web-services-email-accounts/ or http://prxbx.com/email/ for recommendations
 For more control over your email, you have to either [[run your own mail server]] or have a good //personal// trust relationship with the provider.\\
@@ Line 165: / Line 192: @@
 === 1. Install a mailclient ===
-We recommend [[https://www.mozilla.org/en-US/thunderbird/|Thunderbird]], but there are plenty of good ones out there! (see https://prism-break.org/#email-client for a list).
+We recommend [[https://www.mozilla.org/en-US/thunderbird/|Thunderbird]], but there are plenty of good ones out there! (see https://prism-break.org/en/subcategories/windows-email-clients/ [[[https://prism-break.org/en/subcategories/gnu-linux-email-clients/|or for Linux]]] for a list).
 === 2. Install GnuPG ===
@@ Line 182: / Line 209: @@
 [[http://www.enigmail.net/download/|Enigmail]] is a plugin for Thunderbird that brings thunderbird and GnuPG together.\\
-Find the add-on manager in your Thunderbird (upper right side menu) and install enigmail there. On Linux, install it via your software manager.
+Find the add-on manager in your Thunderbird (upper right side menu) and install enigmail there. On Linux, install it via your software manager. The package is usually called //enigmail//.
-If you are using a Thunderbird derivative (e.g. Icedove) from Debian which doesn't link in to the main Mozilla Add-On directory, download the .xpi file from the [[http://www.enigmail.net/download/|Enigmail website]] and on the 'Tools' option to the right of the search, select 'Install Add-On From File' and choose the downloaded .xpi file.
@@ Line 193: / Line 219: @@
 === 5. Generate Keypair ===
-  - Choose “OpenPGP” in the Thunderbird menu
+  * Click //OpenPGP// in the Thunderbird menu and
-  - Choose “Key management”
+  * choose //OpenPGP Setup Assistant// or //... Wizard// (depending on version).
-  - Choose “Generate”
+  * Follow the instructions. When not sure, the default value is usually safe.
-  - Wait.
-Afterwards, it will ask you if you want to make a revocation certificate. Do so, and store it on a save medium (that is either a print-out or a CD you burn it to and then put away in a safe place).\\
+Afterwards, it will ask you if you want to make a revocation certificate. Do so, and store it on a safe medium (that is either a print-out or a CD you burn it to and then put away in a safe place).\\
-Here is a great guide for [[https://alexcabal.com/creating-the-perfect-gpg-keypair/|creating the perfect GPG keypair]].\\
+If you have already generated a keypair or want to follow instructions like the ones given
-For a more detailed description of the mechanism of public-key encryption, refer to [[http://www.gnupg.org/gph/en/manual.html | The GNU Privacy Handbook]].
+[[https://alexcabal.com/creating-the-perfect-gpg-keypair/|by Alex Cabal]], you should run the //Setup Assistant// anyway and then choose the already generated keypair at the appropriate step of the wizard.
+For a more detailed description of the mechanism of public-key encryption, please refer to [[http://www.gnupg.org/gph/en/manual.html | The GNU Privacy Handbook]].
 === 6. Publish Public Key ===
@@ Line 208: / Line 234: @@
 To get a copy of a public key on Linux with GNUPG run the following command:
-	gpg --export -a <your GPG ID>
+	gpg --export --armor <your GPG ID>
-this will generate output starting with '-----BEGIN PGP PUBLIC KEY BLOCK-----' and ending with '-----END PGP PUBLIC KEY BLOCK-----'. The '-a' option applies the 'ascii armor' (base64 encoding) since cryptographic keys will often contain non-printable characters.
+this will generate output starting with '-----BEGIN PGP PUBLIC KEY BLOCK-----' and ending with '-----END PGP PUBLIC KEY BLOCK-----'. '--armor' makes the key read- and printable.
@@ Line 220: / Line 246: @@
 The key will now be available to be accessed through GNUPG and thus through Enigmail or other programs that utilise GNUPG.
-FIXME: //Please write how to do that//
+From the command line, you can see your local collection of keys by typing:
+        gpg -k
+To find a particular key, type:
+        gpg -k <part of name/email/key ID>
+To display or search keys in Thunderbird/Enigmail:
+  - Choose “OpenPGP” in the Thunderbird menu
+  - Choose “Key management”
+  - Type part of a name or email in the search box, or check “Display All Keys by Default”
 === 8.  Write your first encrypted email ===
@@ Line 226: / Line 260: @@
 Only encrypt //plain text// and note that subject lines are not encrypted.
-FIXME: //Please write how to do that and how to receive/decrypt & sign emails//
+You can use the command line to encrypt a file or a message:
+        gpg -ase -r <recipient's key ID> -r <your key ID> <input file name>
+This will produce a file (ending in .asc) that you can attach or paste into an email.
+To send encrypted mail with Thunderbird/Enigmail:
+  * Make sure auto-saving of drafts is disabled (Tools -> Options -> Composition -> General, uncheck Auto Save, or Edit -> Preferences -> Composition -> General, uncheck Auto Save).
+  * Compose a message as you normally would.
+  * Click on OpenPGP, and check Encrypt Message (and, optionally, Sign Message).
+  * Click Send.
+Depending on how Thunderbird is set up, it may give you a list of keys to choose from at this point, or it may select keys automatically based on email addresses (This behavior is configurable:   OpenPGP -> Preferences -> Key Selection.). If you see the list of keys, make sure the recipient's key and your key are checked, and click OK.
+To decrypt a message from the command line, save the encrypted message to a file, and type:
+        gpg <encrypted file name>
+To decrypt mail with Thunderbird/Enigmail:
+  * Click on the messge.
+  * After a moment, the passphrase entry box should appear; enter your passphrase.
+To verify a signature:
+If the message was signed, there should be a “Good signature” message (visible in the output of the command-line client, or a green bar above the sender information in Thunderbird).  If there is a “signature verification failed” message instead, it could mean that the message was tampered with, or it could just mean that you don't have the sender's public key.
 ==== GPG with Outlook 2010/2013 ====
@@ Line 256: / Line 314: @@
 **[[:gpgtroubles|Having troubles? Go here]]**
+=== 9. Use Tor Birdy ===
+You can make your communication extra safe by using Tor Birdy, a Thunderbird add-on for the Tor Browser
+  * If you don't have Thunderbird, get it for free here: [[http://www.getnow.com/windows/communications/e-mail-clients/mozilla-thunderbird/?refid=659&gclid=CNHhn7r4o7wCFUNd3god0hsAsA|Thunderbird e-mail client]]
+  * Then you need to install Tor, so follow this [[http://www.cryptoparty.in/brief?&#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]
+  * Next, [[https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/|download Tor Birdy]] or choose the [[https://addons.mozilla.org/thunderbird/downloads/file/199062/|direct link to the latest version]] and save it somewhere on your computer
+  * in Thunderbirds, go to Extras or Tools --> Add-ons --> install add-on from file (//in German: das Zahnrad wählen und dann Add on aus Datei installieren//)
+  * then you need to adjust your Proxy to 9150 which you can do at Tools (//Extras//) --> Settings (//Einstellungen//) --> Network (//Netzwerk & Speicherplatz//) --> Settings (//Einstellungen//) --> Manual Proxy Configuration (//Manuelle Proxy-Konfiguration//). Type "9150" in the field "Port" at SOCKS-Host
+  * install it and restart Thunderbird
+  * NOTE: You now always have to open your Tor Browser to use Tor Birdy in Thunderbird. Otherwise e-mails fail to be sent instead.
+  * for troubleshooting, refer to [[https://trac.torproject.org/projects/tor/wiki/torbirdy#SetupSteps|the Tor Project Wiki]]
 ====== Chat ======
@@ Line 325: / Line 398: @@
   * Enter 127.0.0.1 for the host and 9150 for the port
   * Leave user/pass blank
+See also: https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration
+=====Securing pidgin on GNU/Linux=====
+  * For information on how to secure pidgin on GNU/Linux https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux
+  * For information on how to properly install Apparmor: https://wiki.debian.org/AppArmor/HowTo
 ===== Other =====
@@ Line 331: / Line 408: @@
   * [[https://github.com/prof7bit/TorChat/downloads|TorChat]] is a peer to peer instant messenger with a completely decentralized design, built on top of [[http://www.cryptoparty.in/brief#tor_hidden_services|Tor's hidden services]], giving you extremely strong //anonymity// while being very easy to use without the need to install or configure anything.
   * [[http://echelon.i2p.to/qti2pmessenger/|I2P Messenger]] is an end-to-end encrypted serverless communication application over [[brief:#i2p|I2P]]. It supports file transfer and has a search for other users.
+  * [[https://bitmessage.org/wiki/Main_Page|BitMessage]] is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. [[http://cryptojunky.com/blog/2013/03/09/setting-up-and-using-bitmessage-an-encrypted-communications-platform-based-on-bitcoin/|Tutorial for setting up and using Bitmessage – an encrypted communications platform based on Bitcoin]]
 ====== VoIP ======
@@ Line 343: / Line 421: @@
 A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously.
+More accurately all of them share being //anonymous overlay networks//.
 ===== Tor Hidden services =====
@@ Line 351: / Line 430: @@
 ===== I2P =====
-I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), webserving, mail and more. See the [[http://www.i2p2.de/how_networkcomparisons|comparison between Tor and I2P]]
+I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), webserving, mail and more. See the [[https://geti2p.net/en/comparison/tor|comparison between Tor and I2P]]
 ==== Step 1 ====
@@ Line 373: / Line 452: @@
   * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly.
   * Then go here (also optionally): http://127.0.0.1:7657/susidns/subscriptions and remove the textbox's contents, replace with [[http://pastebin.com/raw.php?i=U5jJTrbp|this]] &save.
-  * Now you can either always use a second browser/profile for using I2P or use the following:
+  * Now you can either always use a second browser/profile for using I2P **or** FoxyProxy wildcards:
 ----
@@ Line 384: / Line 463: @@
   - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //"eepsites"// hosted within I2P.
-  * Alternatively you can create another Firefox profile (ie "I2P") go to Extras->Options->Network->Connection Settings->check Manual Proxy Configuration and then enter the following:
+  * **Alternatively** (and recommended for optimal security) you can create another Firefox profile (ie "I2P") go to Extras->Options->Network->Connection Settings->check Manual Proxy Configuration and then enter the following:
         HTTP-Proxy: 127.0.0.1    Port: 4444
   * Click OK. You can also run 2 firefox instances at the same time using [[http://www.mouserunner.com/FF_Tips_Multiple_Fx.html|this neat batch]]
+  * Enter //about:config// and confirm that you're being careful. Search for the following entries and set them all to //false//:
+      javascript.enabled
+      browser.safebrowsing.enabled
+      browser.safebrowsing.malware.enabled
+  * Disable all Plugins. Alternatively to setting javascript.enabled to false you can also use [[https://addons.mozilla.org/en-US/firefox/addon/noscript/|NoScript]]
 ----
@@ Line 416: / Line 503: @@
 All you need to do is install the software and generate a PGP/GPG key, which will be used to encrypt and decrypt your network traffic. The hard part is getting at least 5 of your friends to also install the software and [[http://retroshare.wikidot.com/en:adding-friends|to share their public keys with you]]. Once that is done, you have your very own DarkNet.
-FIXME //Please add tutorial for "The degree of anonymity can still be improved by deactivating the DHT and IP/certificate exchange services"//
+FIXME //Please add info for "The degree of anonymity can still be improved by deactivating the DHT and IP/certificate exchange services"//
 ====== Meshnet ======
@@ Line 431: / Line 518: @@
   * And [[http://www.youtube.com/watch?v=SvQOU3BA0ng|this one for learning how to upload a torrent]]
+===== Tribler =====
+Tribler is an open source peer-to-peer decentralized torrent client with various features for watching, streaming & sharing videos online.
+//Soon//(!) **[[http://tribler.org/anonymity.html|Tribler]]** will also feature anonymous downloading by including support for a subset of the Tor onion routing protocol (independent from the existing Tor network).
 ===== Frost with Freenet =====
 [[http://sourceforge.net/projects/jtcfrost/|Frost]] is a Freenet client that provides newsgroup-like messaging, private encrypted messages, file upload/download functionality and a file sharing system.
@@ Line 465: / Line 557: @@
 Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is //[[:brief#disc_encryption|full disk encryption]]//.
 ==== Windows ====
-  * [[http://www.dban.org/download|DBAN]] is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.                    This method can help prevent identity theft before recycling a computer. DBAN prevents all known techniques of hard disk forensic analysis. Warning to make this perfectly clear: it will erase //all data on all hard drives// it detects (including external ones)".
+  * [[http://www.dban.org/download|DBAN]] is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.\\ This method can help prevent identity theft before recycling a computer. DBAN prevents all known techniques of hard disk forensic analysis. Warning to make this perfectly clear: it will erase //all data on all hard drives// it detects (including external ones(**!**))".
-  * With [[http://eraser.heidi.ie/download.php|Eraser]] you can securely delete individual files on windows.
+  * With [[http://eraser.heidi.ie/download.php|Eraser]] you can securely delete individual files on Windows.
+  * With [[https://www.piriform.com/ccleaner|Ccleaner]] you can do the same for partitions, drives as well as seemingly "free space" [which in reality consists of restorable data] on Windows & Mac. For this go to //Tools->Drive Wiper//.
 ==== Linux ====
@@ Line 475: / Line 568: @@
 as root/superuser. This command is irrevocable, so please double-check before executing it! \\To find a list of current 'block devices' you can use the 'lsblk' program, this will provide a list of the current available block devices by their name. Please note that if you want to properly purge the data you want to overwrite the root device, ie ///dev/sda// rather than ///dev/sda1//. as ///dev/sda1// is a partition within the block device.
-[[http://bleachbit.sourceforge.net/|BleachBit]] provides a means of clearing common caches and other meta information left behind by processes and also includes a 'Free disk space' option, which will attempt to obscure the contents of free disk space by overwriting available disk space with random data (it creates a file, and lets it grow till it consumes all free space) and a 'Memory' option which will do the same for RAM and Swap.
+[[http://bleachbit.sourceforge.net/|BleachBit]] provides a means of clearing common caches and other meta information left behind by applications and also includes a 'Free disk space' option, which will attempt to obscure the contents of free disk space by overwriting available disk space with random data (it creates a file, and lets it grow till it consumes all free space) and a 'Memory' option which will do the same for RAM and Swap.
 [[http://www.thc.org/releases.php|THC Secure Delete]] provides a set of tools for surely erasing files, swap and memory.
@@ Line 481: / Line 574: @@
 sfill does a secure overwriting of the unused diskspace on the harddisk.\\
 sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\
 smem does a secure overwriting of unused memory (RAM)
 To install the tools on ubuntu issue the command:
 	sudo apt-get install secure-delete
-or through your appropriate package manager, if the tool isn't on the package managers repositories, you can install it from source by issuing the commands:
-	wget http://www.thc.org/download.php?t=r&f=secure_delete-3.1.tar.gz
-	tar -vzxf secure_delete-3.1.tar.gz
-	cd secure_delete-3.1
-	make && sudo make install
-FIXME
 ==== Mac ====
-FIXME  //Please fill in: tools for mac//
+Beginning with Mac OS 10.3, Apple enhanced its security by introducing the [[http://safecomputing.umich.edu/protect-personal/encrypt-mac.php#delete|Secure Empty Trash]] feature, which follows the U.S. DoD pattern of overwriting data seven times.
+[[http://www.edenwaith.com/downloads/permanent%20eraser.php|Permanent Eraser]] provides an even stronger level of security by implementing the Gutmann Method. This utility overwrites your data thirty-five times, scrambles the original file name, and truncates the file size to nothing before Permanent Eraser finally unlinks it from the system. Once your data has been erased, it can no longer be read through traditional means.
 ====== Photos & Videos ======
@@ Line 513: / Line 601: @@
   * Verify the checksums as described here: [[:brief#Integrity_Checks|Integrity Checks]]
-Alternatives to Tails such as Liberté Linux [[https://prism-break.org/#live-cd|can be found here]]. The following tutorials also pretty much apply to them as well.
+Alternatives to Tails such as Liberté Linux [[https://prism-break.org/en/subcategories/windows-operating-systems-live/|can be found here]]. The following tutorials also pretty much apply to them as well.
 ===== Virtual Machine =====
@@ Line 521: / Line 609: @@
   * Start Virtual Box click "New" in the upper left corner
   * FIXME
+  *
+ [[https://www.youtube.com/watch?v=qPWIA6D5Odg&hd=1|Here is a full tutorial for Whonix]]
 ===== Live Disc/USB =====
@@ Line 534: / Line 623: @@
 ====== Operating system ======
-[[https://prism-break.org/#operating-system|Recommended OS]]
+[[https://prism-break.org/en/subcategories/windows-operating-systems/|Recommended OS]]
-FIXME //Please add tutorial for a new OS or 2nd OS//
+FIXME //Please add tutorial/s for a new OS or 2nd OS//
-If you (keep) using Windows [[http://xp-antispy.org/en/about/|xp-AntiSpy]] lets you disable some built-in update and authentication ‘features’ in Windows 2000/XP/Vista/7.
+If you (keep) using Windows [[http://xp-antispy.org/en/about/|xp-AntiSpy]] lets you disable some built-in update and authentication ‘features’ in Windows 2000/XP/Vista/7 that are calling home.
 ====== VPN ======
@@ Line 578: / Line 667: @@
   * Users of newer versions of Android and up can use the built-in system encryption: [[http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/|How to encrypt your android phone]]
+===== Permissions =====
+FIXME Check & review the following Apps:\\
+[[https://play.google.com/store/apps/details?id=com.lara.pakage|Who is Tracking Free]] \\
+[[https://play.google.com/store/apps/details?id=com.stericson.permissionfix|Fix Permissions]] \\
+[[https://play.google.com/store/apps/details?id=com.appz.fake|Fake Permissions (User Apps)]] \\
+[[https://play.google.com/store/apps/details?id=de.struse.apewatch|App Permission Watcher]] \\
+[[https://play.google.com/store/apps/details?id=com.fsecure.app.permissions.privacy|F-Secure App Permissions]] \\
+[[http://beste-apps.chip.de/android/app/srt-appguard-android-app,cxo.56552140/|SRT AppGuard]]
 ===== GPG =====
@@ Line 605: / Line 707: @@
   * [[https://play.google.com/store/apps/details?id=info.guardianproject.notepadbot|NoteCipher]] allows you to create notes secured using industry standard 256-bit AES encryption. Tap "Lock Notes" after finishing.
 ====== iOS ======
-iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https://prism-break.org/#android|these alternatives]]).
+iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https://prism-break.org/en/subcategories/android-operating-systems/|these alternatives]]).
+===== Calls =====
+  * [[https://itunes.apple.com/app/id874139669 | signal]] provides ZRTP / end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
+  * More information: https://whispersystems.org/blog/signal
 ===== Web Browsing =====
   * [[https://itunes.apple.com/us/app/ghostery/id472789016|Ghostery]] stops third-party sites from tracking you.
@@ Line 642: / Line 749: @@
 ==== Learn and Use ====
-LUKS can be set up using the program '[[https://code.google.com/p/cryptsetup/|cryptsetup]]', to create a LUKS formatted drive, first partition the drive using fdisk,cfdisk or your prefered partitioning program, at this point do not format it to a specific filesystem, we will do this after it's been formatted for LUKS. Once you've created the partition you want to encrypt, use the following command as the root account:
+LUKS can be set up using the program '[[https://code.google.com/p/cryptsetup/|cryptsetup]]', to create, open and close a LUKS partition.
+In the following examples I will be using the device '/dev/sdxN' as a generic name, where x in the drive letter and N is the partition number. You will want to use your own device name (IE, /dev/sda1).
+To format a partition to a LUKS partition, type the command:
 	cryptsetup luksFormat /dev/sdxN
-where 'x' is the drive letter and 'N' the partition number, eg /dev/sdc2, you can at this stage also specify other options to specify the cryptographic cipher, keysize and hashing algorithm, for example if we wanted to ensure it used aes-xts-plain64 with 512bit keysize and sha512 hashing, we could use the command:
+Next, it will ask you to confirm, as this will *wipe any data on the partition*, then, you will be prompted to enter and confirm the password to access the drive.
-	cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdxN
-Next, it will ask you to confirm, as this will *wipe any data on the partition*. Then, you will be prompted to enter and confirm the password to access the drive, ensure that you pick a secure password, as there is no protection against brute-force password attacks if the drive is physically compromised.
-Once it's confirmed completion of the process, you will be able to add the encrypted part of the drive as if it were a blockdevice, we will want to do this to format it to an appropriate filesystem, to do this use the command:
-	cryptsetup open /dev/sdxN volume-name
-The 'volume-name' will be the name available as and is at the users discretion. You will be prompted for the password you entered earlier and if all was successful you will now be able to access the encrypted partition as a block device localted at /dev/mapper/volume-name (replacing volume-name with whichever name you chose). However, right now it's just a blank parition, so we want to format it to a usable filesystem to store content on it. To do this use the command:
-	mkfs -t ext4 /dev/mapper/volume-name
-It will now format the blank encrypted partition to an ext4 filesystem, you may choose any other supported filesystem you require by replacing the '-t' option argument.
-Okay, so now you have an encrypted volume. If you're using a modern desktop environment like Unity,KDE,XFCE or LXDE your volume manager should support volume management, just mount it, supply the password and you will be able to store and read data from your encrypted volume.
-If your desktop environment doesn't do volume management, instead run:
-	mount /dev/mapper/volume-name /mnt
-And you'll be able to read and write data to your encrypted volume, to unmount and close the encrypted device simply use:
-	umount /dev/mapper/volume-name
-	cryptsetup close volume-name
-You can use this method to create an encrypted USB drive for your personal files, however since LUKS is Linux specific, support on Mac or Windows is unlikely.
+Once you have a LUKS partition, to make the drive accessible for formating or mounting, use the command, type the command:
+	cryptsetup luksOpen /dev/sdxN volume-name
+You will be asked for the password to decrypt the device, then it will be available like  a normal drive or parition located at '/dev/mapper/volume-name'. From here, you can interact with it as you would any other drive or partition.
+If you are finished using the device, you can remove it by typing the command:
+	cryptsetup luksClose volume-name
-For further information see 'man 8 cryptsetup' FIXME
+The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further software is required however you will likely not be able to access LUKS formatted partitions or drives from a Microsoft or Apple device.
+If you're unsure about choosing a cipher or concerned about performance the latest version of cryptsetup has a benchmark command that will CPUs data throughput for the available ciphers, for maximum security of cipher it is recommended that you choose the XTS mode with a 512 bit key (with XTS the 512 bit key is equivalent in terms of keyspace to a 256 bit CBC mode), to see how the ciphers perform on your CPU type the following into the terminal
+	cryptsetup benchmark
+Note: The above section is written assuming that the user is running the latest version of cryptsetup, for older versions the command structure differs slightly.
 ===== Ubuntu =====
 Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up.
-FIXME //better description^//
 ==== Learn and Use ====
+  * [[https://www.eff.org/deeplinks/2012/11/privacy-ubuntu-1210-full-disk-encryption|How to install Ubuntu >12.10 with enabled full disk encryption]] - just check the "Encrypt the new Ubuntu installation for security" checkbox at "Installation Type"
   * [[http://besva.de/ubuntu_12.04.1_tutorial.pdf|How to install Ubuntu 12.04.1 LTS (and similiar systems) with enabled full disk encryption]]
 ====== Integrity Checks ======
@@ Line 702: / Line 806: @@
        * Compare with expected values from the site you downloaded from.
-FIXME //Please add variations for Linux&Mac. And add tutorials for [[http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html|this stuff]] //
+FIXME
+//Please add variations for Linux&Mac and add tutorials for [[http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html]]//
 ====== About ======
-If these tutorials helped you please pass it on - share this page!
+Also available as an eepsite on [[brief:#i2p|I2P]]:\\
+http://crzh6busgh4v2kon66ant2fgscq6scj4apceqii2rstglaztfk2q.b32.i2p/en/wiki/Tutorials \\
+And as a hidden service on [[brief:#tor_hidden_services|Tor]]: \\
+http://5nklpqfgczvtjrlg.onion/wiki/index.php/Tutorials
+FIXME
+//These 2 sites need to be updated to the present state of this tutorial-series.\\
+----
+If these tutorials helped you please pass it on - **share this page** (or its contents)!