Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
brief [2013/12/19 10:34] – [Mac] 127.0.0.1universal [2020/08/22 01:17] – old revision restored (2014/10/20 14:47) 127.0.0.1
Line 20: Line 20:
   * https://alternatives.tacticaltech.org/   * https://alternatives.tacticaltech.org/
  
- +====== Why is mass surveillance a problem ? ====== 
 + 
 +  * **https://www.cryptoparty.in/MassSurveillance** 
 + 
 +====== Quotes ======
  
  
Line 30: Line 34:
  
  
- +  
    
    
Line 67: Line 71:
  
   * [[https://www.eff.org/https-everywhere|HTTPS Everywhere]] has a big list of websites that support encrypted connections, and whenever you connect to them silently switches to the encrypted variant. That little "s" in the URL is what it is about   * [[https://www.eff.org/https-everywhere|HTTPS Everywhere]] has a big list of websites that support encrypted connections, and whenever you connect to them silently switches to the encrypted variant. That little "s" in the URL is what it is about
-   * Useful companion: [[https://addons.mozilla.org/en-US/firefox/addon/https-finder/|HTTPS Finder]] is another Firefox addon that tries HTTPS for sites that are not already listed in the HTTPS Everywhere addon 
 ==== Block Advertising ==== ==== Block Advertising ====
  
Line 107: Line 110:
   * https://ixquick.com/   * https://ixquick.com/
     * from the same people that run startpage.com, searches many popular search engines simultaneously     * from the same people that run startpage.com, searches many popular search engines simultaneously
 +  * https://metager.de/tor/en/
 +    * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service
  
   * Though if you'd like to keep using google at least use its encrypted version: https://encrypted.google.com.   * Though if you'd like to keep using google at least use its encrypted version: https://encrypted.google.com.
  
   * In **Chrome** go to settings->Manage Search Engines and add a search engine (example url: https://encrypted.google.com/search?q=%s). For startpage go here: https://startpage.com/eng/download-startpage-plugin.html     * In **Chrome** go to settings->Manage Search Engines and add a search engine (example url: https://encrypted.google.com/search?q=%s). For startpage go here: https://startpage.com/eng/download-startpage-plugin.html  
-  * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. Enter //about:config// in the addressbar and search for //keyword.URL// if it exists enter https://encrypted.google.com/search?q= to change the search engine of the address bar.+  * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. Go to the page you intend to make your search engine and select the logo to the right of your search bar (top right), and select Add "[searchEngineName]" to change search engines.
 ===== General Tips ===== ===== General Tips =====
  
Line 118: Line 123:
   * Opt out from various tracking advertising firms using http://www.networkadvertising.org/choices/ & http://www.aboutads.info/choices/   * Opt out from various tracking advertising firms using http://www.networkadvertising.org/choices/ & http://www.aboutads.info/choices/
   * Check the privacy settings of applications that you use   * Check the privacy settings of applications that you use
 +  * If you use Windows do a File System Check once in a while by entering "sfc /scannow" into the console
 +  * Disable all Plugins in your Browser or set them to "Ask to Activate" (in Firefox)
   * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http://www.cryptoparty.in/documentation/password|More tips on good passwords]]   * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http://www.cryptoparty.in/documentation/password|More tips on good passwords]]
   * Use antivirus software and a firewall. Do regular scans & updates   * Use antivirus software and a firewall. Do regular scans & updates
Line 128: Line 135:
   * Get SSL. First follow these instructions for [[https://github.com/ioerror/duraconf/blob/master/startssl/README.markdown|getting the certificate]] then install it as in the appropiate tutorial [[https://www.globalsign.com/support/installcert.php|here]]. Secure Sockets Layer provides an encrypted connection between the client and the server/certificate holder.   * Get SSL. First follow these instructions for [[https://github.com/ioerror/duraconf/blob/master/startssl/README.markdown|getting the certificate]] then install it as in the appropiate tutorial [[https://www.globalsign.com/support/installcert.php|here]]. Secure Sockets Layer provides an encrypted connection between the client and the server/certificate holder.
  
-FIXME+======Closing Unused Ports (debian)====== 
 +**Check open ports.** 
 + 
 +From the command line, you can see your open ports by typing: 
 +        su 
 +        netstat -anltp | grep "LISTEN" 
 + 
 +Must should be none, i.e no reply. 
 + 
 +**Remove services, which open ports.** 
 + 
 +        su 
 +        apt-get remove dovecot-core openbsd-inetd bind9 samba cups apache2 postgres*  
 +        apt-get remove exim4 exim4-daemon-light rpcbind openssh-server apache2.2-bin 
 +        apt-get autoremove 
 + 
 +**Check open ports again.** 
 + 
 +        su 
 +        netstat -anltp | grep "LISTEN" 
 ====== Email ====== ====== Email ======
  
Line 134: Line 161:
  
 With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\
-Check https://prism-break.org/#email-service for recommendations+Check https://prism-break.org/en/subcategories/web-services-email-accounts/ or http://prxbx.com/email/ for recommendations
  
 For more control over your email, you have to either [[run your own mail server]] or have a good //personal// trust relationship with the provider.\\ For more control over your email, you have to either [[run your own mail server]] or have a good //personal// trust relationship with the provider.\\
Line 165: Line 192:
 === 1. Install a mailclient === === 1. Install a mailclient ===
  
-We recommend [[https://www.mozilla.org/en-US/thunderbird/|Thunderbird]], but there are plenty of good ones out there! (see https://prism-break.org/#email-client for a list). +We recommend [[https://www.mozilla.org/en-US/thunderbird/|Thunderbird]], but there are plenty of good ones out there! (see https://prism-break.org/en/subcategories/windows-email-clients/ [[[https://prism-break.org/en/subcategories/gnu-linux-email-clients/|or for Linux]]] for a list). 
  
 === 2. Install GnuPG === === 2. Install GnuPG ===
Line 287: Line 314:
  
 **[[:gpgtroubles|Having troubles? Go here]]** **[[:gpgtroubles|Having troubles? Go here]]**
 +
 +=== 9. Use Tor Birdy ===
 +
 +You can make your communication extra safe by using Tor Birdy, a Thunderbird add-on for the Tor Browser
 +
 +  * If you don't have Thunderbird, get it for free here: [[http://www.getnow.com/windows/communications/e-mail-clients/mozilla-thunderbird/?refid=659&gclid=CNHhn7r4o7wCFUNd3god0hsAsA|Thunderbird e-mail client]]
 +  * Then you need to install Tor, so follow this [[http://www.cryptoparty.in/brief?&#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]]
 +  * Next, [[https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/|download Tor Birdy]] or choose the [[​https://addons.mozilla.org/thunderbird/downloads/file/199062/|direct link to the latest version]] and save it somewhere on your computer
 +  * in Thunderbirds, go to Extras or Tools --> Add-ons --> install add-on from file (//in German: das Zahnrad wählen und dann Add on aus Datei installieren//)
 +  * then you need to adjust your Proxy to 9150 which you can do at Tools (//Extras//) --> Settings (//Einstellungen//) --> Network (//Netzwerk & Speicherplatz//) --> Settings (//Einstellungen//) --> Manual Proxy Configuration (//Manuelle Proxy-Konfiguration//). Type "9150" in the field "Port" at SOCKS-Host
 +  * install it and restart Thunderbird
 +  * NOTE: You now always have to open your Tor Browser to use Tor Birdy in Thunderbird. Otherwise e-mails fail to be sent instead.
 +  * for troubleshooting, refer to [[https://trac.torproject.org/projects/tor/wiki/torbirdy#SetupSteps|the Tor Project Wiki]]
 +
 +
 ====== Chat ====== ====== Chat ======
  
Line 356: Line 398:
   * Enter 127.0.0.1 for the host and 9150 for the port   * Enter 127.0.0.1 for the host and 9150 for the port
   * Leave user/pass blank    * Leave user/pass blank 
 +See also: https://help.riseup.net/en/chat/clients/pidgin#tor-with-pidgin-configuration
  
 +=====Securing pidgin on GNU/Linux=====
 +  * For information on how to secure pidgin on GNU/Linux https://help.riseup.net/en/chat/clients/pidgin#securing-pidgin-on-gnulinux
 +  * For information on how to properly install Apparmor: https://wiki.debian.org/AppArmor/HowTo
 ===== Other ===== ===== Other =====
  
Line 375: Line 421:
  
 A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously.
 +More accurately all of them share being //anonymous overlay networks//.
 ===== Tor Hidden services ===== ===== Tor Hidden services =====
  
Line 383: Line 430:
 ===== I2P ===== ===== I2P =====
  
-I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), webserving, mail and more. See the [[http://www.i2p2.de/how_networkcomparisons|comparison between Tor and I2P]]+I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), webserving, mail and more. See the [[https://geti2p.net/en/comparison/tor|comparison between Tor and I2P]]
  
 ==== Step 1 ==== ==== Step 1 ====
Line 405: Line 452:
   * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly.   * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly.
   * Then go here (also optionally): http://127.0.0.1:7657/susidns/subscriptions and remove the textbox's contents, replace with [[http://pastebin.com/raw.php?i=U5jJTrbp|this]] &save.   * Then go here (also optionally): http://127.0.0.1:7657/susidns/subscriptions and remove the textbox's contents, replace with [[http://pastebin.com/raw.php?i=U5jJTrbp|this]] &save.
-  * Now you can either always use a second browser/profile for using I2P or use the following:+  * Now you can either always use a second browser/profile for using I2P **or** FoxyProxy wildcards:
  
 ---- ----
Line 416: Line 463:
   - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //"eepsites"// hosted within I2P.   - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //"eepsites"// hosted within I2P.
  
-  * Alternatively you can create another Firefox profile (ie "I2P") go to Extras->Options->Network->Connection Settings->check Manual Proxy Configuration and then enter the following:+ 
 +  * **Alternatively** (and recommended for optimal security) you can create another Firefox profile (ie "I2P") go to Extras->Options->Network->Connection Settings->check Manual Proxy Configuration and then enter the following:
  
         HTTP-Proxy: 127.0.0.1    Port: 4444         HTTP-Proxy: 127.0.0.1    Port: 4444
  
   * Click OK. You can also run 2 firefox instances at the same time using [[http://www.mouserunner.com/FF_Tips_Multiple_Fx.html|this neat batch]]   * Click OK. You can also run 2 firefox instances at the same time using [[http://www.mouserunner.com/FF_Tips_Multiple_Fx.html|this neat batch]]
 +  * Enter //about:config// and confirm that you're being careful. Search for the following entries and set them all to //false//:
 +
 +      javascript.enabled
 +      browser.safebrowsing.enabled
 +      browser.safebrowsing.malware.enabled
 +
 +  * Disable all Plugins. Alternatively to setting javascript.enabled to false you can also use [[https://addons.mozilla.org/en-US/firefox/addon/noscript/|NoScript]]
  
 ---- ----
Line 463: Line 518:
   * And [[http://www.youtube.com/watch?v=SvQOU3BA0ng|this one for learning how to upload a torrent]]   * And [[http://www.youtube.com/watch?v=SvQOU3BA0ng|this one for learning how to upload a torrent]]
  
 +===== Tribler =====
 +
 +Tribler is an open source peer-to-peer decentralized torrent client with various features for watching, streaming & sharing videos online.
 +
 +//Soon//(!) **[[http://tribler.org/anonymity.html|Tribler]]** will also feature anonymous downloading by including support for a subset of the Tor onion routing protocol (independent from the existing Tor network).
 ===== Frost with Freenet ===== ===== Frost with Freenet =====
 [[http://sourceforge.net/projects/jtcfrost/|Frost]] is a Freenet client that provides newsgroup-like messaging, private encrypted messages, file upload/download functionality and a file sharing system. [[http://sourceforge.net/projects/jtcfrost/|Frost]] is a Freenet client that provides newsgroup-like messaging, private encrypted messages, file upload/download functionality and a file sharing system.
Line 497: Line 557:
 Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is //[[:brief#disc_encryption|full disk encryption]]//. Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is //[[:brief#disc_encryption|full disk encryption]]//.
 ==== Windows ==== ==== Windows ====
-  * [[http://www.dban.org/download|DBAN]] is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.\\ This method can help prevent identity theft before recycling a computer. DBAN prevents all known techniques of hard disk forensic analysis. Warning to make this perfectly clear: it will erase //all data on all hard drives// it detects (including external ones)".+  * [[http://www.dban.org/download|DBAN]] is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.\\ This method can help prevent identity theft before recycling a computer. DBAN prevents all known techniques of hard disk forensic analysis. Warning to make this perfectly clear: it will erase //all data on all hard drives// it detects (including external ones(**!**))"
 + 
 +  * With [[http://eraser.heidi.ie/download.php|Eraser]] you can securely delete individual files on Windows
  
-  * With [[http://eraser.heidi.ie/download.php|Eraser]] you can securely delete individual files on Windows.   +  * With [[https://www.piriform.com/ccleaner|Ccleaner]] you can do the same for partitionsdrives as well as seemingly "free space" [which in reality consists of restorable data] on Windows & Mac. For this go to //Tools->Drive Wiper//.
-  * With [[https://www.piriform.com/ccleaner|Ccleaner]] you can do the same for partitions/drives on Windows & Mac.+
 ==== Linux ==== ==== Linux ====
  
Line 540: Line 601:
   * Verify the checksums as described here: [[:brief#Integrity_Checks|Integrity Checks]]   * Verify the checksums as described here: [[:brief#Integrity_Checks|Integrity Checks]]
  
-Alternatives to Tails such as Liberté Linux [[https://prism-break.org/#live-cd|can be found here]]. The following tutorials also pretty much apply to them as well.+Alternatives to Tails such as Liberté Linux [[https://prism-break.org/en/subcategories/windows-operating-systems-live/|can be found here]]. The following tutorials also pretty much apply to them as well.
 ===== Virtual Machine ===== ===== Virtual Machine =====
  
Line 562: Line 623:
 ====== Operating system ====== ====== Operating system ======
  
-[[https://prism-break.org/#operating-system|Recommended OS]]+[[https://prism-break.org/en/subcategories/windows-operating-systems/|Recommended OS]]
  
-FIXME //Please add tutorial for a new OS or 2nd OS//+FIXME //Please add tutorial/s for a new OS or 2nd OS//
  
-If you (keep) using Windows [[http://xp-antispy.org/en/about/|xp-AntiSpy]] lets you disable some built-in update and authentication ‘features’ in Windows 2000/XP/Vista/7.+If you (keep) using Windows [[http://xp-antispy.org/en/about/|xp-AntiSpy]] lets you disable some built-in update and authentication ‘features’ in Windows 2000/XP/Vista/that are calling home.
 ====== VPN ====== ====== VPN ======
  
Line 606: Line 667:
  
   * Users of newer versions of Android and up can use the built-in system encryption: [[http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/|How to encrypt your android phone]]   * Users of newer versions of Android and up can use the built-in system encryption: [[http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/|How to encrypt your android phone]]
 +
 +===== Permissions =====
 +
 +FIXME Check & review the following Apps:\\  
 +[[https://play.google.com/store/apps/details?id=com.lara.pakage|Who is Tracking Free]] \\
 +[[https://play.google.com/store/apps/details?id=com.stericson.permissionfix|Fix Permissions]] \\
 +[[https://play.google.com/store/apps/details?id=com.appz.fake|Fake Permissions (User Apps)]] \\
 +[[https://play.google.com/store/apps/details?id=de.struse.apewatch|App Permission Watcher]] \\
 +[[https://play.google.com/store/apps/details?id=com.fsecure.app.permissions.privacy|F-Secure App Permissions]] \\
 +[[http://beste-apps.chip.de/android/app/srt-appguard-android-app,cxo.56552140/|SRT AppGuard]] 
 +
 +
 +
 ===== GPG ===== ===== GPG =====
  
Line 633: Line 707:
   * [[https://play.google.com/store/apps/details?id=info.guardianproject.notepadbot|NoteCipher]] allows you to create notes secured using industry standard 256-bit AES encryption. Tap "Lock Notes" after finishing.   * [[https://play.google.com/store/apps/details?id=info.guardianproject.notepadbot|NoteCipher]] allows you to create notes secured using industry standard 256-bit AES encryption. Tap "Lock Notes" after finishing.
 ====== iOS ====== ====== iOS ======
-iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https://prism-break.org/#android|these alternatives]]).+iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https://prism-break.org/en/subcategories/android-operating-systems/|these alternatives]]). 
 +===== Calls ===== 
 + 
 +  * [[https://itunes.apple.com/app/id874139669 | signal]] provides ZRTP / end-to-end encryption for your calls, securing your conversations so that nobody can listen in. 
 +  * More information: https://whispersystems.org/blog/signal 
 ===== Web Browsing ===== ===== Web Browsing =====
   * [[https://itunes.apple.com/us/app/ghostery/id472789016|Ghostery]] stops third-party sites from tracking you.   * [[https://itunes.apple.com/us/app/ghostery/id472789016|Ghostery]] stops third-party sites from tracking you.
Line 677: Line 756:
  
 Once you have a LUKS partition, to make the drive accessible for formating or mounting, use the command, type the command: Once you have a LUKS partition, to make the drive accessible for formating or mounting, use the command, type the command:
- cryptsetup open /dev/sdxN volume-name+ cryptsetup luksOpen /dev/sdxN volume-name
 You will be asked for the password to decrypt the device, then it will be available like  a normal drive or parition located at '/dev/mapper/volume-name'. From here, you can interact with it as you would any other drive or partition. You will be asked for the password to decrypt the device, then it will be available like  a normal drive or parition located at '/dev/mapper/volume-name'. From here, you can interact with it as you would any other drive or partition.
 If you are finished using the device, you can remove it by typing the command: If you are finished using the device, you can remove it by typing the command:
- cryptsetup close volume-name+ cryptsetup luksClose volume-name
  
 The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further software is required however you will likely not be able to access LUKS formatted partitions or drives from a Microsoft or Apple device. The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further software is required however you will likely not be able to access LUKS formatted partitions or drives from a Microsoft or Apple device.
Line 691: Line 770:
  
 Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up.
- 
-FIXME //better description^// 
  
 ==== Learn and Use ==== ==== Learn and Use ====
  
 +  * [[https://www.eff.org/deeplinks/2012/11/privacy-ubuntu-1210-full-disk-encryption|How to install Ubuntu >12.10 with enabled full disk encryption]] - just check the "Encrypt the new Ubuntu installation for security" checkbox at "Installation Type"
   * [[http://besva.de/ubuntu_12.04.1_tutorial.pdf|How to install Ubuntu 12.04.1 LTS (and similiar systems) with enabled full disk encryption]]   * [[http://besva.de/ubuntu_12.04.1_tutorial.pdf|How to install Ubuntu 12.04.1 LTS (and similiar systems) with enabled full disk encryption]]
 ====== Integrity Checks ====== ====== Integrity Checks ======
Line 728: Line 806:
        * Compare with expected values from the site you downloaded from.        * Compare with expected values from the site you downloaded from.
  
-FIXME //Please add variations for Linux&Mac. And add tutorials for [[http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html|this stuff]] //+FIXME   
 +//Please add variations for Linux&Mac and add tutorials for [[http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html]]// 
 ====== About ====== ====== About ======
  
-Also available as an eepsite on [[brief:#i2p|I2P]]: http://jisko.i2p/wiki/index.php/Tutorials \\ +Also available as an eepsite on [[brief:#i2p|I2P]]:\\ 
-And as a hidden service on [[brief:#tor_hidden_services|Tor]]: http://bx7zrcsebkma7ids.onion/wiki/index.php/Tutorials+http://crzh6busgh4v2kon66ant2fgscq6scj4apceqii2rstglaztfk2q.b32.i2p/en/wiki/Tutorials \\ 
 +And as a hidden service on [[brief:#tor_hidden_services|Tor]]: \\ 
 +http://5nklpqfgczvtjrlg.onion/wiki/index.php/Tutorials 
 + 
 +FIXME   
 +//These 2 sites need to be updated to the present state of this tutorial-series.\\ 
 + 
 + 
 +---- 
  
-If these tutorials helped you please pass it on - share this page!+If these tutorials helped you please pass it on - **share this page** (or its contents)!