Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
brief [2013/09/10 15:23] – [Linux] 127.0.0.1universal [2020/08/22 10:52] (current) – removed 127.0.0.1
Line 1: Line 1:
-**Brief How-tos** {{ :cp-logo-100x33.png?nolink|}} 
  
-This page briefly explains how to use various tools which enhance your privacy, anonymity and overall security.   
-The guides are written in an easy to understand, step-by-step manner. The difficulty & time required for most of them don't provide any reason to //not// secure your communications and blurring your digital traces. 
- 
-====== Security warning ====== 
- 
-Note however, that security is a process, not a tool. You need at least basic understanding to assess the degree of security or [[http://www.cryptoparty.in/resource#why_there_is_no_100_anonymity|anonymity]] a tool can give you. That said, treat it like a game. The worst thing which can happen if you use these tools for your everyday business is that you are just as unsecure, unencrypted or in the open as you are anyway. 
- 
-Usage for security sensitive activity (prohibited and persecuted by society and/or government) without deeper understanding is however **strongly** discouraged. 
-====== Guides to Crypto Tools ====== 
- 
-  * **[[documentation:handbook|The CryptoParty Handbook]]** 
-  * [[https://securityinabox.org/ |Tactical Technology Collective - Security-in-a-Box]] 
-  * [[https://flossmanuals.net/an-open-web/ |FLOSS Manuals - An Open Web]] 
- 
-====== Alternatives to common online services and programs ====== 
- 
-  * https://prism-break.org 
-  * https://alternatives.tacticaltech.org/ 
- 
-  
- 
- 
-"//Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on//."\\ 
-<wrap lo>~[[http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower|Edward Snowden]] (on [[http://www.theguardian.com/world/the-nsa-files|NSA surveillance]])</wrap> 
- 
-"//All the headlines saying #NSA breaks encryption are wrong; correct phrase is NSA works with vendors to sabotage security technology//."\\ 
-<wrap lo>~[[http://craphound.com/|Cory Doctorow]] (on [[https://twitter.com/doctorow/status/376011707643994112|NSA surveillance]])</wrap> 
- 
- 
-  
-  
-  
-  
- 
----- 
-====== Web Browsing ====== 
- 
-To get an idea of what web browsing actually is, read the chapter **[[http://cryptoparty.is/handbook/chapter_02_understanding_browsing/chapter_02_understanding_browsing.html|Understanding Browsing]]** of the CryptoParty Handbook. In brief: 
- 
-  * When you visit a website you give away information about yourself to the site owner, unless precautions are taken. 
-  * Your browsing on the Internet may be tracked by the sites you visit and partners of those sites. 
-  * Visiting a website on the Internet is never a direct connection. Many computers, owned by many different people are involved. Secure connections ensure that your browsing can not be read in between you and the server. 
-  * What you search for is of great interest to search providers (mostly for targeted advertising). 
- 
-Then you can see what you just learned by facing a virtual mirror to yourself on 
- 
-  * http://ip-check.info 
-  * http://ifconfig.me 
-  * http://smart-ip.net/geoip 
-  * https://panopticlick.eff.org 
- 
-===== Browser ===== 
- 
-[[https://www.mozilla.org/en-US/firefox/|Firefox]] is an open source web browser that respects your privacy. If you're not using it already you should do from now on. It's available for Winows, Mac & Linux. 
-===== Tor Browser Bundle ===== 
-  * Watch this Video: [[https://media.torproject.org/video/2012-10-21-cryptoparty/UsingTorByAndrewAndSteve.mov | "Using Tor"]] from CryptoParty Boston. 
-  * [[https://www.torproject.org/download/download-easy.html.en | Download the Tor Browser Bundle]] 
-  * Install & [[https://www.torproject.org/download/download-easy.html.en#warning | read the warning]]  
-  * Click on the {{:tj1jaio.png?28|}} in the upper left of the browser and choose "Forbid Scripts Globally". This prevents JavaScript from leaking potentionally personally identifiable information - disable for individual sites if needed. 
-  *  Use! (Instead of your normal browser) 
-  * [[https://www.eff.org/pages/tor-and-https|Here is an animated diagram to help explain more]] 
-===== Browser Plugins ===== 
- 
-==== HTTPS Everywhere ==== 
- 
-  * [[https://www.eff.org/https-everywhere|HTTPS Everywhere]] has a big list of websites that support encrypted connections, and whenever you connect to them silently switches to the encrypted variant. That little "s" in the URL is what it is about 
-   * Useful companion: [[https://addons.mozilla.org/en-US/firefox/addon/https-finder/|HTTPS Finder]] is another Firefox addon that tries HTTPS for sites that are not already listed in the HTTPS Everywhere addon 
-==== Block Advertising ==== 
- 
-  * [[https://adblockplus.org|Adblock Plus]] blocks banners, pop-ups and video ads. 
-  * For Firefox there also is [[https://addons.mozilla.org/en-us/firefox/addon/adblock-edge/|Adblock Edge]] which is a fork of AdBlock Plus without the [[https://adblockplus.org/en/acceptable-ads|'acceptable ads']] feature 
-==== Disconnect / Ghostery ==== 
- 
-See third-party sites tracking you and be able to stop them 
-  * [[https://disconnect.me/ | Disconnect.me]] (free and open source with GPLv3 license). [[https://github.com/disconnectme/disconnect |Code on GitHub]] 
-  * [[https://www.ghostery.com/ | Ghostery]] (proprietary) 
- 
- 
-==== Scripting ==== 
- 
-Advanced. Only enable JavaScript, and especially plugins like Java, and Flash for sites you //trust.// 
-  * Firefox: [[http://noscript.net/ | noscript.net]] 
-  * Chrome: [[https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn/details|notscripts]] 
- 
-==== Identifiable Browser configurations ==== 
- 
-  * [[https://addons.mozilla.org/en-us/firefox/addon/blender-1/|Blender]] lets you blend in the crowd by faking to be the most common Firefox browser version, operating system and other stuff. Test it with EFF's [[panopticlick.eff.org|panopticlick]] 
-==== Request Policy ==== 
- 
- Advanced. 
-  * [[https://www.requestpolicy.com/|Request Policy]] is an open source Firefox extension to control cross-site requests. 
-==== Certificate Patrol ==== 
- 
-Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. The Firefox AddOn [[https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/|Certificate Patrol]] reveals when certificates are updated, so you can ensure it was a legitimate change. 
- 
-//FIXME Please review AddOns such as [[https://addons.mozilla.org/en-us/firefox/addon/betterprivacy/|BetterPrivacy]], [[https://addons.mozilla.org/en-us/firefox/addon/beef-taco-targeted-advertising/|BeefTaco]], [[https://addons.mozilla.org/en-us/firefox/addon/smart-referer/?src=dp-dl-othersby|SmartReferer]], [[https://addons.mozilla.org/en-us/firefox/addon/anonymox/|anonymoX (proxies!)]]// 
-===== Web search ===== 
- 
-Another thing you might do often on the web is use Google to search things. There are plenty of alternatives to Google who all state that they keep minimal or no IP logs. Most popular ones are: 
- 
-  * https://startpage.com/  
-    * proprietary, hosted in the USA/Netherlands, and provides you with anonymized Google search results (including images) 
-  * https://duckduckgo.com/ 
-    * partly proprietary, hosted in the USA, and provides you with anonymized Yahoo search results 
-  * https://ixquick.com/ 
-    * from the same people that run startpage.com, searches many popular search engines simultaneously 
- 
-  * Though if you'd like to keep using google at least use its encrypted version: https://encrypted.google.com. 
- 
-  * In **Chrome** go to settings->Manage Search Engines and add a search engine (example url: https://encrypted.google.com/search?q=%s). For startpage go here: https://startpage.com/eng/download-startpage-plugin.html   
-  * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. Enter //about:config// in the addressbar and search for //keyword.URL// if it exists enter https://encrypted.google.com/search?q= to change the search engine of the address bar. 
-===== General Tips ===== 
- 
-  * Regularly run [[https://www.piriform.com/ccleaner|CCleaner]] (Windows & Mac) or [[http://bleachbit.sourceforge.net/|BleachBit]] (Windows & Linux) for deleting cookies and various other junk. 
-  * Check the privacy settings of websites. For example if you have a google account you can deactivate the logging of your searches and the personalized advertisements. Log in to your account (android phones come with google accounts) and change [[http://www.google.com/goodtoknow/online-safety/security-tools/|various settings]] on the [[https://www.google.com/dashboard/|dashboard]] 
-  * Opt out from various tracking advertising firms using http://www.networkadvertising.org/choices/ & http://www.aboutads.info/choices/ 
-  * Check the privacy settings of applications that you use 
-  * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http://www.cryptoparty.in/documentation/password|More tips on good passwords]] 
-  * Use antivirus software and a firewall. Do regular scans & updates 
-  * Regularly update all of the software you find on this page 
-====== Own Website ====== 
- 
-The following is for people running their own website. 
- 
-  * If your website has facebook-like buttons, see [[http://www.h-online.com/features/Two-clicks-for-more-privacy-1783256.html|2-clicks for more privacy]] 
-  * Get SSL. First follow these instructions for [[https://github.com/ioerror/duraconf/blob/master/startssl/README.markdown|getting the certificate]] then install it as in the appropiate tutorial [[https://www.globalsign.com/support/installcert.php|here]]. Secure Sockets Layer provides an encrypted connection between the client and the server/certificate holder. 
- 
-FIXME 
-====== Email ====== 
- 
-===== Which provider? ===== 
- 
-With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ 
-Check https://prism-break.org/#email-service for recommendations 
- 
-For more control over your email, you have to either [[run your own mail server]] or have a good //personal// trust relationship with the provider.\\ 
-There are some ways to get a new email account with a bit more privacy: 
- 
-  * Ask a geek/nerd friend 
-  * Pay for the service (instead of paying with your data) 
-  * Combine the above (actually the very best option) 
-  * Use email from a non-profit organization (and donate money if you can) 
-    * See [[https://we.riseup.net/riseuphelp+en/radical-servers|radical servers]] for some options. 
-===== Crypto! ===== 
- 
-As you may know, your email goes through the data traffic like a postcard in snailmail: Everyone can read it! So, like snailmail, it would make sense to put your emails in a closed envelope. One possible envelope is called **GPG**. \\ 
-The Pretty Good Privacy software was originally written by Phil Zimmermann, and is now owned by Symantec. The means of encryption defined by that software are also called PGP - these standarts are now freely available as OpenPGP which derived from the original PGP. \\ 
-The GPG software is an independent implementation of the OpenPGP standards, so you can use it to exchange encrypted messages with people using other OpenPGP implementations (and Symantec's PGP). 
-==== Understand ==== 
- 
-For your first time, you should get a basic understanding at least of the concept of asymmetric encryption (often called **public key encryption**). Please watch one of those videos before you begin using it:  
- 
-  * [[http://www.bbc.co.uk/blogs/webwise/2012/04/secrets-of-online-security.shtml|3 minutes]]: BBC science presenter Dr Yan Wong explains (without mathematics) the principle of how Alice and Bob can use "digital padlocks" to protect their messages from being read by Ed the eavesdropper 
-  * [[https://www.youtube.com/watch?v=CR8ZFRVmQLg|2 minutes]]: explaining symmetcric and asymmetric 
-  * [[https://www.youtube.com/watch?v=M0K4ddNzmTw|4 minutes]]: maybe watch the whole series! 
-  * [[https://www.youtube.com/watch?v=csmYb99gTY8  | 6 minutes]]: using the most powerful analogy of seeing the public-key as an open lock and the private key as the key for that lock. That is a pretty easy way to understand! 
-  * [[https://www.youtube.com/watch?feature=player_embedded&v=V9k0mnIFuOI | 5 minutes]]: PGP benutzen Stopmotion-Film 
- 
-==== Use a Mailclient with GPG support ==== 
- 
-A Mailclient is an application for your mail on your computer. It makes mailing even more convenient! 
- 
-=== 1. Install a mailclient === 
- 
-We recommend [[https://www.mozilla.org/en-US/thunderbird/|Thunderbird]], but there are plenty of good ones out there! (see https://prism-break.org/#email-client for a list).  
- 
-=== 2. Install GnuPG === 
- 
-  * **Windows**: 
-    * http://gpg4win.org/ 
-  * **Mac**: 
-    * https://gpgtools.org/ 
-    * [[https://www.youtube.com/watch?v=Rt4MFkbr6co|GPGTools on Mac screencast]] 
-    * http://sourceforge.net/projects/macgpg/ 
-  * **Linux (e.g. Ubuntu)**: 
-    * comes with GPG installed by default 
- 
- 
-=== 3. Plugin Enigmail === 
- 
-[[http://www.enigmail.net/download/|Enigmail]] is a plugin for Thunderbird that brings thunderbird and GnuPG together.\\ 
-Find the add-on manager in your Thunderbird (upper right side menu) and install enigmail there. On Linux, install it via your software manager. 
-If you are using a Thunderbird derivative (e.g. Icedove) from Debian which doesn't link in to the main Mozilla Add-On directory, download the .xpi file from the [[http://www.enigmail.net/download/|Enigmail website]] and on the 'Tools' option to the right of the search, select 'Install Add-On From File' and choose the downloaded .xpi file. 
- 
- 
-=== 4. Passphrase === 
- 
-Now you want to give yourself some time to think about a nice [[documentation:password | passphrase]] and making sure you remember it.  
- 
- 
-=== 5. Generate Keypair === 
- 
-  - Choose “OpenPGP” in the Thunderbird menu 
-  - Choose “Key management” 
-  - Choose “Generate” 
-  - Wait.  
- 
-Afterwards, it will ask you if you want to make a revocation certificate. Do so, and store it on a save medium (that is either a print-out or a CD you burn it to and then put away in a safe place).\\ 
-Here is a great guide for [[https://alexcabal.com/creating-the-perfect-gpg-keypair/|creating the perfect GPG keypair]].\\ 
-For a more detailed description of the mechanism of public-key encryption, refer to [[http://www.gnupg.org/gph/en/manual.html | The GNU Privacy Handbook]]. 
- 
-=== 6. Publish Public Key === 
- 
-If you now think "//WTF publish my KEY!!11!!!//" please watch the above videos again :P \\ 
-Link it on your website/message it your friend and/or get it up a keyserver such as [[https://keyserver.pgp.com/vkd/GetWelcomeScreen.event|this one]] 
- 
-To get a copy of a public key on Linux with GNUPG run the following command: 
- gpg --export -a <your GPG ID> 
-this will generate output starting with '-----BEGIN PGP PUBLIC KEY BLOCK-----' and ending with '-----END PGP PUBLIC KEY BLOCK-----'. The '-a' option applies the 'ascii armor' (base64 encoding) since cryptographic keys will often contain non-printable characters. 
- 
- 
-=== 7.  Get your recipient's Public Key === 
- 
-If your intended recipient doesn't already use PGP get him to work through this tutorial first.   
-Then get his public key which you can find on a keyserver/website if he doesn't message you it directly. 
-On Linux using GNUPG, your intended recipient should follow the process in step 6 and output it to a file, once you've received this file use the command: 
- gpg --import /path/to/file.key 
-The key will now be available to be accessed through GNUPG and thus through Enigmail or other programs that utilise GNUPG. 
- 
-FIXME: //Please write how to do that// 
- 
-=== 8.  Write your first encrypted email === 
- 
-Only encrypt //plain text// and note that subject lines are not encrypted. 
- 
-FIXME: //Please write how to do that and how to receive/decrypt & sign emails// 
-==== GPG with Outlook 2010/2013 ==== 
- 
-GPG also works with Outlook if that's what you're using. 
-  * Get [[http://www.gpg4win.org/download.html|GPG4Win]]. You should check GPA & Kleopatra during installation. 
-  * Open up Kleopatra and go to File->New Certificate->Create a personal OpenPGP key pair. 
-  * Fill in a name and your email address. Open up "Advanced" and also check "Authentication". Then click Next & Create Key. 
-  * Enter a [[http://www.cryptoparty.in/documentation/password|passphrase]]. Make sure you don't forget it! 
-  * (Optional) make a backup of it somewhere and upload it to directory service. 
-  * Now get the [[https://code.google.com/p/outlook-privacy-plugin/|Outlook Privacy Plugin]]. 
-  * Install it and if you need to do so get the [[http://www.microsoft.com/en-us/download/details.aspx?id=30653|.NET Framework 4.5]]. If there's a problem also [[http://www.microsoft.com/en-us/download/details.aspx?id=39290|this]]. 
-  * Start up Outlook and make a new email. In the right upper panel you can encrypt (and also sign) your email. 
-  * Before you send an encrypted email you need your recipients public key block. For testing purposes you can create another account (with a trashmail address) which you delete later. Otherwise you find such keys on websites/directory services or elsewise. 
-  * Once you have the recipients public key copy it (from & including "-----BEGIN PGP PUBLIC KEY BLOCK-----" until end), open up GPA and simply press ctrl+v (paste). 
-  * Now make a new email in outlook and fill in the recipients' email address. 
-  * Enter whatever text you want to send. And then click "encrypt" in the right upper corner. 
-  * Make sure your recipient has your public key as well. 
- 
-To decrypt a message you received double click the email and then coose "decrypt" in the right upper corner and enter your password. 
-==== More Information ==== 
- 
-Maybe it wasn't that easy for you to do it, or maybe you want to know more. In either case, please have a look at the following links to some guides and more information: 
- 
-  * http://www.enigmail.net/documentation/quickstart-ch1.php 
-  * Slides: [[https://github.com/micahflee/slides/blob/master/2012/10/oakland_cryptoparty_intro_to_public_key_crypto.pdf?raw=true|Introduction to Public Key Cryptography]] from CryptoParty Oakland (U.S.) 
-  * There is an excellent visual explanation of [[http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange|Diffie-Hellman key exchange]] on [[https://www.youtube.com/watch?feature=player_detailpage&v=YEBfamv-_do#t=126s|YouTube]]. Please watch! 
-  * [[https://securityinabox.org/en/chapter_7_1|Wonderful tutorial explaining everything!]] 
- 
- 
-**[[:gpgtroubles|Having troubles? Go here]]** 
-====== Chat ====== 
- 
-===== OTR ===== 
- 
-Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: 
- 
-=== 1. Encryption === 
-No one else can read your instant messages. 
- 
-=== 2. Authentication === 
-You are assured the correspondent is who you think it is. 
- 
-=== 3. Deniability === 
-The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. 
- 
-=== 4. Perfect forward secrecy === 
-If you lose control of your private keys, no previous conversation is compromised. 
- 
-A variety of chat clients are available which use OTR: 
- 
-  * [[https://www.pidgin.im/ | Pidgin]] (Cross-platform) 
-    * + [[http://www.cypherpunks.ca/otr/index.php#downloads|OTR-Plugin]] 
-  * [[http://www.bitlbee.org/ | BitlBee]] (Cross-platform), since 3.0 (optional at compile-time) 
-  * [[http://adium.im/ | Adium]] (Mac OS X) 
-  * [[http://itunes.apple.com/us/app/chatsecure/id464200063?mt=8|ChatSecure]] (Mac) 
-  * [[http://www.xabber.com/ | Xabber]] (Android) 
-  * [[https://guardianproject.info/howto/chatsecurely/ | Gibberbot]] (Android) 
- 
- 
-===How to use === 
- 
-  * [[https://www.youtube.com/watch?v=aV6-s9o9bVw|'Off-the-Record' Instant Messaging Tutorial (using Pidgin)]] 
-  * [[https://docs.google.com/presentation/pub?id=1cfGdFSxzygHqEGO450ZAu8Zmkmi8ghViqAqdSg9_0-E&start=false&loop=false&delayms=3000|Slides: "Private Conversations over Instant Messaging (OTR/Pidgin/Adium)]] from CryptoParty London 
-  * Gibberbot features a full tutorial on the link above. 
-===== IRC ===== 
- 
-==== IRC over Tor ==== 
- 
-Note that if you don't use the Tor Browser Bundle (but just tor) replace 9150 with **9050** 
- 
-For the **XChat** IRC Client (or [[http://hexchat.github.io/downloads.html|Hexchat]]): 
-  * Start Tor. 
-  * In Xchat go to Settings->Options->Network Setup and enter the following: 
- 
-        Hostname: 127.0.0.1 
-        Port: 9150 
-        Type: Socks5 
-        Use Proxy for: both 
- 
-  * Save and make sure you don't connect with the nickname you use without tor. 
- 
-For the **irssi** IRC Client go here: https://www.cryptoparty.in/documentation/irssi_plus_tor 
- 
-For the **mIRC** Client: 
- 
-  * Press Alt+O to open the options dialog 
-  * Go to Connect -> Proxy section 
-  * Under Connection select Both 
-  * Under Protocol select Socks 
-  * Under Hostname enter "127.0.0.1" 
-  * Under Port enter 9150 & press OK. 
- 
-There are also tor-internal IRC servers to which you can only connect once you set up the above. [[http://www.reddit.com/r/onions/comments/15kvb3/anyone_have_a_list_of_currently_working_onion_irc/|You can find most of them here]] 
-==== IRC with I2P ==== 
- 
-  * Set up I2P [[:brief#i2p|as described further below]] 
-  * Start it, as well as your IRC-Client (ie mIRC or Xchat) 
-  * Connect to a new server: 127.0.0.1 Port 6668 
-  * Done. There are also more IRC servers than the default one above. For learning how to join them read the bottom of [[http://pastebin.com/xWzw10wW|this page]] but the above is the most active one. 
-  * //[[http://www.youtube.com/watch?v=cCN25hxjFjE|Full step by step guide for I2P over mIRC on youtube]]// 
- 
-===== Pidgin over Tor ===== 
- 
-  * Go to the Accounts, select your Account 
-  * Select Edit Account 
-  * Go to the Advanced Tab 
-  * Under Proxy Options select proxy type SOCKS v5 
-  * Enter 127.0.0.1 for the host and 9150 for the port 
-  * Leave user/pass blank  
- 
-===== Other ===== 
- 
-  * [[http://retroshare.sourceforge.net/|Retroshare]] lets you //securely// chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. It provides filesharing, chat, messages, forums and channels. 
-  * [[https://github.com/prof7bit/TorChat/downloads|TorChat]] is a peer to peer instant messenger with a completely decentralized design, built on top of [[http://www.cryptoparty.in/brief#tor_hidden_services|Tor's hidden services]], giving you extremely strong //anonymity// while being very easy to use without the need to install or configure anything. 
-  * [[http://echelon.i2p.to/qti2pmessenger/|I2P Messenger]] is an end-to-end encrypted serverless communication application over [[brief:#i2p|I2P]]. It supports file transfer and has a search for other users. 
-====== VoIP ====== 
- 
-  * [[https://jitsi.org/|Jitsi]] is a open source multiplatform Voice over IP, videoconferencing and instant messaging application for Windows, Linux and Mac OS X. 
-  * [[http://pillowfortress.wordpress.com/2013/08/01/how-to-encrypt-chat-and-voip-with-jitsi-and-xmpp/|How To Encrypt VoIP With Jitsi]] 
-  * Jitsi may request non-secure information during encrypted chat if you paste a link into it. This can be disabled in "//Preferences/Options > Chat > Enable Image/Video replacement//" 
- 
-  * [[https://play.google.com/store/apps/details?id=com.csipsimple|CSipSimple]] is an open source android app for end-to-end encrypted VoIP calls. 
- 
-  * Get a free SIP account for Jitsi and/or CSipSimple with The Guardian Project’s [[https://ostel.co/|Ostel]] service. 
-====== Darknet ====== 
- 
-A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. 
-===== Tor Hidden services ===== 
- 
-Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server's IP address (and thus its network location), a hidden service is accessed through its onion address. The Tor network understands these addresses and can route data to and from hidden services, while preserving the anonymity of both parties. 
- 
-  * Follow the [[http://www.cryptoparty.in/brief?&#tor_browser_bundle|guide for setting up the Tor Browser Bundle above]] 
-  * That's it already. [[http://pastebin.com/zRLGDRCM|You can find some hidden services (.onion sites) here]] that you can now open up with the TorBrowser 
-===== I2P ===== 
- 
-I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), webserving, mail and more. See the [[http://www.i2p2.de/how_networkcomparisons|comparison between Tor and I2P]] 
- 
-==== Step 1 ==== 
- 
-  * **Ubuntu**: 
-  Open a terminal (Ctrl+Alt+T) and issue the following commands: 
- 
-        sudo apt-add-repository ppa:i2p-maintainers/i2p 
-        sudo apt-get update 
-        sudo apt-get install i2p 
- 
-And then '//'i2prouter start//'' to launch I2P. 
- 
-  * **Windows**: 
-  Get the latest installer from http://i2p2.de/download.html & install. 
-Make sure you also install [[http://java.com/en/download/index.jsp|java]] if you get asked to do so.   
-Then double click on //Start I2P (no window)// 
-==== Step 2 ==== 
- 
-  * The I2P router console should open by this. You can reach it here: http://127.0.0.1:7657/home 
-  * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. 
-  * Then go here (also optionally): http://127.0.0.1:7657/susidns/subscriptions and remove the textbox's contents, replace with [[http://pastebin.com/raw.php?i=U5jJTrbp|this]] &save. 
-  * Now you can either always use a second browser/profile for using I2P or use the following: 
- 
----- 
- 
-  - Get the [[https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/|FoxyProxy AddOn]] ([[https://chrome.google.com/webstore/detail/foxy-proxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp|Chrome here]]) 
-  - When installed click the FoxyProxy logo next to the URL bar. And then change “Select Mode:” to “Use proxies based on their pre-defined patterns and priorities” 
-  - Click “Add a new proxy” and on the “General” tab, make sure “Enabled” is checked. Also give it a name like "I2P" there. 
-  - One the “Proxy Details” tab, select “Manual Proxy Configuration” and enter “localhost” in the “Host or IP Address” field and “4444″ in the port field. 
-  - On the “URL Patterns” tab, click “Add New Pattern”, make sure “Enabled” is checked and “Whitelist” and “Wildcards” are selected. Give it a Pattern Name (ie. "I2P") and in the “URL Pattern” field, enter “*.i2p/*” 
-  - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //"eepsites"// hosted within I2P. 
- 
-  * Alternatively you can create another Firefox profile (ie "I2P") go to Extras->Options->Network->Connection Settings->check Manual Proxy Configuration and then enter the following: 
- 
-        HTTP-Proxy: 127.0.0.1    Port: 4444 
- 
-  * Click OK. You can also run 2 firefox instances at the same time using [[http://www.mouserunner.com/FF_Tips_Multiple_Fx.html|this neat batch]] 
- 
----- 
- 
-  * [[http://pastebin.com/xWzw10wW|You can find some eepsites and additional info here]] 
- 
-  * [[http://www.cryptoparty.in/brief#torrenting_with_i2p|How to torrent via I2P]]  
-  * [[http://www.cryptoparty.in/brief#irc|How to connect to IRC via I2P]] 
-===== Freenet ===== 
- 
-Freenet is a peer-to-peer platform for censorship-resistant communication. It is more or less a decentralized distributed data storage. Freenet works by storing small encrypted snippets of content distributed on the computers of its users and connecting only through intermediate computers which pass on requests for content and sending them back without knowing the contents of the full file, similar to how routers on the Internet route packets without knowing anything about files—except with caching, a layer of strong encryption, and without reliance on centralized structures. This allows users to publish anonymously or retrieve various kinds of information. So called "//freesites//" allow you to browse such content. Other types of usage include chat, email & microblogging. 
- 
-  * [[http://freesocial.draketo.de/freenet_en.html|Tutorial for installing and configuring Freenet]] 
- 
-===== Retroshare ===== 
- 
-[[http://retroshare.sourceforge.net/downloads.html|RetroShare]] is free software for encrypted, serverless email, Instant messaging, BBS and filesharing based on a friend-to-friend network built on GPG.   
-Unlike most P2P networks where your computer will connect to the network and share information with a huge number of unknown peers, RetroShare will only connect to other peers that you have explicitly allowed into your network, and all communications are private.  
- 
-Communication services in RetroShare: 
-  * Private chat with friends 
-  * Private or public chat lobbies, that allow chatting with friends and friends of friends 
-  * Messages to friends 
-  * Forums 
-  * Voice over IP 
- 
-All you need to do is install the software and generate a PGP/GPG key, which will be used to encrypt and decrypt your network traffic. The hard part is getting at least 5 of your friends to also install the software and to share their public keys with you. Once that is done, you have your very own DarkNet. 
- 
-FIXME //Please add tutorial for "The degree of anonymity can still be improved by deactivating the DHT and IP/certificate exchange services"// 
-====== Meshnet ====== 
- 
-**Advanced**. A meshnet is a decentralized peer-to-peer network, with user-controlled physical links (usually wireless).   
-The most popular meshnet refers to the transitional CJDNS Internet overlay network currently known as //Hyperboria//. 
- 
-  * [[http://hyperboria.net/#join|How to set up Hyperboria (no Mac/Windows yet)]] 
-====== File Sharing ====== 
- 
-===== Torrenting with I2P ===== 
- 
-  * Follow [[http://www.cryptoparty.in/brief?&#i2p|the guide for setting up I2P above]] 
-  * Watch [[http://www.youtube.com/watch?v=B3EGhm6hqLg|this great step by step guide on youtube]] 
-  * And [[http://www.youtube.com/watch?v=SvQOU3BA0ng|this one for learning how to upload a torrent]] 
- 
-===== Frost with Freenet ===== 
-[[http://sourceforge.net/projects/jtcfrost/|Frost]] is a Freenet client that provides newsgroup-like messaging, private encrypted messages, file upload/download functionality and a file sharing system. 
- 
-  * Follow [[http://www.cryptoparty.in/brief?&#freenet|the guide for setting up Freenet above]] 
-  * Download Frost from the link above or via its freesite: //USK@oyjm9tEWQ1fYbYDsBfJ017-ip9uTPzPLB52QHMduBIc,HE~wfG205QnSscK-U9FX7hAtGVkJg1~GRjkU1qkceTE,AQABAAE/frost/-1/// 
-  * Create a directory where you want Frost to reside, and uncompress the zip file in there. 
-  * Start frost.jar (or .bat) (if you are on Windows) or frost.sh (if you are on *nix) and enter a nick. 
-====== DNS ====== 
- 
-The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide.  
-An oft-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses.   
-For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2001:500:88:200::10 (IPv6)....which you probably can't remember as good as a name such as "example.com".   
-[[https://www.youtube.com/watch?v=72snZctFFtA|Here is a video explaining DNS]] 
- 
-[[http://www.opennicproject.org/|OpenNIC]] is an alternative DNS root which lists itself as an alternative to ICANN and its registries. By using it your connection to the Internet can't get censored by your DNS server. It also allows you to use DNS servers which don't run logs improving your anonymity. 
- 
-  * Go [[http://www.opennicproject.org/configure-your-dns/|here]] and choose the tutorial for you OS 
-  * Follow the step by step guide. And then repeat the process for IPv6. 
-  * [[http://wiki.opennicproject.org/Tier2|Make sure you use DNS servers that don't run logs (or anonymize them)]] 
-====== Currency ====== 
- 
-Bitcoin is a decentralised, anonymous digital currency. 
- 
-  * [[https://www.youtube.com/watch?v=Um63OQz3bjo|Short animated introduction to Bitcoin]] 
-  * [[https://en.bitcoin.it/wiki/Using_Bitcoin|Tutorial for Using Bitcoin]] 
-  * To anonymize your bitcoins further you can use the [[http://fogcore5n3ov3tui.onion|BitcoinFog]] laundering service over [[:brief#tor_hidden_services|tor]] 
- 
-====== File Deletion ====== 
-If you want to delete files on your PC the normal way, they can be easily restored with tools freely available on the Internet (such as Recuva). Because of this you might want to make sure to truly delete files in certain circumstances (ie if you want to sell your PC). 
- 
-===== Warning ===== 
- 
-Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is //[[:brief#disc_encryption|full disk encryption]]//. 
-==== Windows ==== 
-  * [[http://www.dban.org/download|DBAN]] is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.                    This method can help prevent identity theft before recycling a computer. DBAN prevents all known techniques of hard disk forensic analysis. Warning to make this perfectly clear: it will erase //all data on all hard drives// it detects (including external ones)". 
- 
-  * With [[http://eraser.heidi.ie/download.php|Eraser]] you can securely delete individual files on windows. 
- 
-==== Linux ==== 
- 
-If you want to erase a hard disk (now, because //everything// is overwritten, this works with flash memory, too), you can simply do so by finding out the file representation of the disk, e.g. /dev/sdx and then executing 
-  dd if=/dev/urandom of=/dev/sdx 
-as root/superuser. This command is irrevocable, so please double-check before executing it! \\To find a list of current 'block devices' you can use the 'lsblk' program, this will provide a list of the current available block devices by their name. Please note that if you want to properly purge the data you want to overwrite the root device, ie ///dev/sda// rather than ///dev/sda1//. as ///dev/sda1// is a partition within the block device. 
- 
-[[http://bleachbit.sourceforge.net/|BleachBit]] provides a means of clearing common caches and other meta information left behind by processes and also includes a 'Free disk space' option, which will attempt to obscure the contents of free disk space by overwriting available disk space with random data (it creates a file, and lets it grow till it consumes all free space) and a 'Memory' option which will do the same for RAM and Swap. 
-==== ATA Secure Erase ==== 
- 
-Most modern hard-disk drives are ATA based, most ATA drives manufactured after 2001 have a built-in Secure Erase command builtin to the firmware with tools available for [[http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml|Windows]] and [[https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase|Linux]]. Since this command is executed on the hardware itself, it is a much faster process than that of running DBAN or similar software based drive wiping tools. 
- 
-FIXME  //Please fill in: tools for linux & mac// 
-====== Photos & Videos ====== 
- 
-===== Photo EXIF Data Removal ===== 
- 
-EXIF (Exchangeable Image File) data is a record of what camera settings were used to take a photograph. This data is recorded into the actual image file. Therefore each photograph has its own unique data. EXIF data stores information like camera model, exposure, and sometimes even GPS-data. While there are many image-hosting services such as imgur.com that strip away the exif data most sites keep it, leaking private information ie for grab to the NSA's XKeyscore program which [[http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation#text/p32|is planned to]] mine for the exif data of all pictures getting uploaded. 
- 
-  * **Windows**: [[http://www.exiferaser.com/|Free EXIF Eraser]] allows you to easily delete entire EXIF/IPTC/XMP information from image files. 
- 
-  * **Ubuntu**: [[http://blog.techfun.org/2009/11/how-to-remove-exif-data-from-jpeg-files-in-ubuntu/|How to Remove EXIF Data from JPEG Files in Ubuntu]] 
-===== Other ===== 
- 
-[[https://play.google.com/store/apps/details?id=org.witness.sscphase1|ObscuraCam]] is a secure camera app for android phones that can obscure (ie for face blurring), encrypt or destroy pixels within an image. 
- 
-====== Virtual Machines & Live Disc/USB ====== 
- 
-The Amnesic Incognito Live System or **Tails** is a Debian-based Linux distribution aimed at preserving privacy and anonymity. All its outgoing connections are forced to go through Tor, and direct (non-anonymous) connections are blocked. The OS is designed to be booted as a live CD or USB, and leaves no trace on the machine unless explicitly told to do so. 
- 
-  * Download [[https://tails.boum.org/download/index.en.html|Tails]] 
-  * Verify the checksums as described here: [[:brief#Integrity_Checks|Integrity Checks]] 
- 
-Alternatives to Tails such as Liberté Linux [[https://prism-break.org/#live-cd|can be found here]]. The following tutorials also pretty much apply to them as well. 
-===== Virtual Machine ===== 
- 
-A virtual machine is a software based, fictive computer. Virtual machines may be based on specifications of a hypothetical computer or emulate the computer architecture and functions of a real world computer. 
- 
-  * Download & install [[https://www.virtualbox.org/wiki/Downloads|Virtual Box]] 
-  * Start Virtual Box click "New" in the upper left corner 
-  * FIXME 
- 
-===== Live Disc/USB ===== 
- 
-A live disc is a complete bootable computer operating system which runs in the computer's memory, rather than loading from the hard disk drive. It allows users to experience and evaluate an operating system without installing it or making any changes to the existing operating system on the computer.   
-Live USBs are closely related to live discs, but sometimes have the ability to persistently save settings and permanently install software packages back onto the USB device. 
- 
-  * Burn the ISO onto a DVD You can use [[http://www.imgburn.com/|ImgBurn]] for that.    
-  * If you want to have it on a USB stick you first need another stick with tails preinstalled or a DVD, then follow [[https://tails.boum.org/doc/first_steps/usb_installation/index.en.html|this guide]]. 
-  * Make sure the DVD is inserted (or the USB plugged in) then restart your PC 
-  * Tails should boot automatically. Make sure you "press any key" when asked to do so. If it doesn't work you have to [[http://www.wikihow.com/Boot-a-Computer-from-a-CD|change the boot order in BIOS]] 
- 
-====== Operating system ====== 
- 
-[[https://prism-break.org/#operating-system|Recommended OS]] 
- 
-FIXME //Please add tutorial for a new OS or 2nd OS// 
-====== VPN ====== 
- 
-A Virtual Private Network (VPN), is a private network of computers within a public network (the internet). When you connect to a VPN, the computer acts as if it’s on the same local network as the VPN. All your network traffic is sent over a secure connection to the VPN. Unlike a Proxy, a VPN service provider encrypts all of your traffic, replacing your ISP and routing ALL traffic through the VPN server, including all programs and applications while being faster as each client gets dedicated resources (a single proxy often has thousands of users). 
- 
-Make sure that.. 
-  * ...you pay for the VPN (don't use one of the free ones!) 
-  * ...you do the above anonymously (ie using [[:brief#Currency|Bitcoins]]) 
-  * ...the VPN doesn't keep logs (!) 
-  * ...the VPN doesn't use [[https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol|PPTP]] 
- 
-**Windows**: 
-  * Press the Windows key, type VPN, and click the Set up a virtual private network (VPN) connection option.  
-  * Use the wizard to enter the address and login credentials of the VPN service you want to use. 
-  * You can then connect to and disconnect from VPNs using the network icon in the system tray - the same one where you manage the Wi-Fi networks you’re connected to. 
- 
-FIXME //Please add how to set up a VPN + recommendations + improve description above// 
-====== Android ====== 
- 
-===== SMS ===== 
- 
- 
- 
-  * [[https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms|TextSecure]] for Android phones encrypts your text messages on your phone, and allows sending encrypted messages to other phones using TextSecure. Unless you unlock your inbox with your passphrase, someone with access to your phone will only know which people have sent messages and when, but not the contents of the message. 
- 
- 
- 
-===== Calls ===== 
- 
-  * [[https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone|RedPhone]] gives you the opportunity to upgrade to encrypted calls over the Internet whenever the person you're calling also has RedPhone installed. 
-  * See [[brief:#voip|CSipSimple here]] for an alternative VoIP solution 
-===== Chat ===== 
- 
-  * See [[:brief#otr|Xabber & Gibberbot here]] 
- 
-===== Encryption ===== 
- 
-  * The [[https://play.google.com/store/apps/details?id=com.paranoiaworks.unicus.android.sse|SSE - Universal Encryption App]] is a Password Manager, Message (Text) Encryption and File Encryption in one. \\ //FIXME Should it rather be [[https://play.google.com/store/apps/details?id=org.thialfihar.android.apg|APG]] [[https://securityinabox.org/en/apg_main|?]]// 
- 
-  * Users of newer versions of Android and up can use the built-in system encryption: [[http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/|How to encrypt your android phone]] 
-===== GPG ===== 
- 
-  * [[https://play.google.com/store/apps/details?id=info.guardianproject.gpg|Gnu Privacy Guard]] gives you command line access to the entire GnuPG suite of encryption software which is a tool for end-to-end secure communication and encrypted data storage (also issued [[:brief#crypto|earlier]]). 
-  * FIXME // http://booki.cc/cryptoparty-handbook/installing-gpg-on-android/ and should it rather be [[https://play.google.com/store/apps/details?id=org.thialfihar.android.apg|APG]] instead [[https://securityinabox.org/en/k9_apg_main|?]] What about [[https://play.google.com/store/apps/details?id=com.fsck.k9|K-9 Mail]]) // 
-===== Firewall ===== 
- 
-  * [[https://play.google.com/store/apps/details?id=com.jtschohl.androidfirewall|Android Firewall]] allows you allows you to block applications from accessing the Internet. It requires root access. Google the name of your phone + "root" to find out how to root it (it's not that hard). 
- 
-===== Superuser ===== 
- 
-  * [[https://play.google.com/store/apps/details?id=com.koushikdutta.superuser|Superuser]] for Android allows you to grant and manage Superuser rights for your phone. It also requires root. 
-===== Web Browsing ===== 
- 
-  * [[https://play.google.com/store/apps/details?id=org.mozilla.firefox|Firefox]] is an open source web browser that respects your privacy. It also allows you to use AddOns, such as the following. 
-         * [[https://addons.mozilla.org/en-US/android/addon/ghostery|Ghostery AddOn]] 
-         * [[https://addons.mozilla.org/en-US/android/addon/adblock-plus/|Adblock Plus AddOn]] 
-         * [[https://addons.mozilla.org/en-US/android/addon/blender-1/|Blender]] 
-         * //FIXME Review AddOns such as [[https://addons.mozilla.org/en-US/android/addon/startpage-ssl/|Startpage]], [[https://addons.mozilla.org/en-US/android/addon/smart-referer/|Smart Referer]], [[https://addons.mozilla.org/en-US/android/addon/self-destructing-cookies/|Self-Destructing Cookies]] & [[http://noscript.net/nsa/|NoScript Anywhere]]// 
-  * [[https://play.google.com/store/apps/details?id=org.torproject.android|Orbot]] is a free proxy application that empowers other applications to use the Internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. 
-  * [[https://adblockplus.org/en/android|Adblock Plus]] blocks banners, pop-ups and video ads. 
-===== History Eraser ===== 
- 
-  * [[https://play.google.com/store/apps/details?id=mobi.infolife.eraser|History Eraser]] allows you to delete your search history and various other things (just like [[brief:#general_tips|Ccleaner/BleachBit]] for your mobile). It also guides you to some settings that ought to be changed or switched off such as google data syncing. 
-===== Notes ===== 
- 
-  * [[https://play.google.com/store/apps/details?id=info.guardianproject.notepadbot|NoteCipher]] allows you to create notes secured using industry standard 256-bit AES encryption. Tap "Lock Notes" after finishing. 
-====== iOS ====== 
-iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https://prism-break.org/#android|these alternatives]]). 
-===== Web Browsing ===== 
-  * [[https://itunes.apple.com/us/app/ghostery/id472789016|Ghostery]] stops third-party sites from tracking you. 
-  * [[https://itunes.apple.com/au/app/onion-browser/id519296448?mt=8|Onion browser]] is a Tor-capable web browser that lets you access the internet privately and anonymously. 
- 
-===== Chat ===== 
-  *  See [[:brief#otr|ChatSecure here]] 
- 
-====== Disc Encryption ====== 
-===== TrueCrypt ===== 
- 
-[[http://www.truecrypt.org/|TrueCrypt]] is an on-the-fly disk encryption system. The software is freely available, runs on **multiple operating systems**, and is very easy to learn how to use. TrueCrypt also plays nicely with dual-boot systems (such as Windows and Linux). TrueCrypt options include either full disk encryption or the creation of cryptographic container files, which mount as additional drive volumes. 
- 
-TrueCrypt can also be used to encrypt USB flash memory sticks or digital camera or mobile phone memory cards. The caveat is that it is almost impossible to guarantee to securely wipe or overwrite the data from these devices due to their [[http://www.truecrypt.org/docs/?s=wear-leveling|wear leveling]] algorithms. Therefore you should use a fresh USB device to re-encrypt the data with a new secret key. TrueCrypt also includes a few options which theoretically provide [[http://www.truecrypt.org/docs/?s=plausible-deniability|plausible deniability]] to the user. 
-==== Learn and Use ==== 
- 
-  * [[https://docs.google.com/presentation/pub?id=1iASaNi7T4v8jg8cHd984V_i_xbDx76fTUv0YVSuFJg4&start=false&loop=false&delayms=3000|Slides: "Disk Encryption (TrueCrypt)"]] from CryptoParty London 
-  * [[https://media.torproject.org/video/2012-10-21-cryptoparty/TruecryptByKevin.mov|Video: "Truecrypt"]] from CryptoParty Boston (Kevin) via @torproject  
-  * [[http://www.randyjensenonline.com/blog/using-truecrypt-to-encrypt-your-entire-hard-drive|How To Encrypt Your Entire Hard Drive with Truecrypt (Windows)]] 
-===== FileVault =====  
- 
-Since version 10.6 of //Mac OS X//, Apple has offered users the ability to encrypt the home directory of their system. And from 10.7 onwards, Full Disk Encryption has been an option (technically referred to as FileVault 2). Enabling FileVault requires the user to have admin privileges on the computer, and will prompt the user to restart. At the next boot, as soon as the user logs in, FileVault will start doing online encryption of the main system drive. Other drives connected to the computer can also be encrypted by selecting them in Finder and choosing “Encrypt” from the File menu.  
- 
-When enabling FileVault, in addition to admin users being able to unlock the drive at login, a Recovery Key is also generated, with the option of escrowing this key with Apple. If you choose to do that, you'll have to provide various additional security questions/answers along with your Apple ID. Given the ease of use of FileVault, it should be almost the first thing you should enable on setting up a new Mac. Unfortunately, it doesn't currently work on RAID drives.  
- 
-[[http://support.apple.com/kb/HT4790|FileVault 2]] requires OS X Lion or Mountain Lion and Recovery HD installed on your startup drive, which the OS X Lion installer will attempt to create at installation.   
- 
-==== Learn and Use ==== 
- 
-  * [[https://www.youtube.com/watch?v=cb7g9FlJ7XU|FireVault Tutorial on youtube]] 
-  * Additional deployment reading can be found at Apple's [[http://training.apple.com/pdf/WP_FileVault2.pdf|Best Practices]]. 
-===== LUKS ===== 
- 
-LUKS is the //Linux// system for encrypted disks. It can be selected as an install option on most distributions. (Available in Ubuntu as of version 12.10). 
- 
-==== Learn and Use ==== 
- 
-LUKS can be set up using the program '[[https://code.google.com/p/cryptsetup/|cryptsetup]]', to create a LUKS formatted drive, first partition the drive using fdisk,cfdisk or your prefered partitioning program, at this point do not format it to a specific filesystem, we will do this after it's been formatted for LUKS. Once you've created the partition you want to encrypt, use the following command as the root account: 
- cryptsetup luksFormat /dev/sdxN 
-where 'x' is the drive letter and 'N' the partition number, eg /dev/sdc2, you can at this stage also specify other options to specify the cryptographic cipher, keysize and hashing algorithm, for example if we wanted to ensure it used aes-xts-plain64 with 512bit keysize and sha512 hashing, we could use the command: 
- cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdxN 
-Next, it will ask you to confirm, as this will *wipe any data on the partition*. Then, you will be prompted to enter and confirm the password to access the drive, ensure that you pick a secure password, as there is no protection against brute-force password attacks if the drive is physically compromised. 
-Once it's confirmed completion of the process, you will be able to add the encrypted part of the drive as if it were a blockdevice, we will want to do this to format it to an appropriate filesystem, to do this use the command: 
- cryptsetup open /dev/sdxN volume-name 
-The 'volume-name' will be the name available as and is at the users discretion. You will be prompted for the password you entered earlier and if all was successful you will now be able to access the encrypted partition as a block device localted at /dev/mapper/volume-name (replacing volume-name with whichever name you chose). However, right now it's just a blank parition, so we want to format it to a usable filesystem to store content on it. To do this use the command: 
- mkfs -t ext4 /dev/mapper/volume-name 
-It will now format the blank encrypted partition to an ext4 filesystem, you may choose any other supported filesystem you require by replacing the '-t' option argument. 
-Okay, so now you have an encrypted volume. If you're using a modern desktop environment like Unity,KDE,XFCE or LXDE your volume manager should support volume management, just mount it, supply the password and you will be able to store and read data from your encrypted volume. 
-If your desktop environment doesn't do volume management, instead run: 
- mount /dev/mapper/volume-name /mnt 
-And you'll be able to read and write data to your encrypted volume, to unmount and close the encrypted device simply use: 
- umount /dev/mapper/volume-name 
- cryptsetup close volume-name 
- 
-You can use this method to create an encrypted USB drive for your personal files, however since LUKS is Linux specific, support on Mac or Windows is unlikely. 
- 
-For further information see 'man 8 cryptsetup' FIXME 
-===== Ubuntu ===== 
- 
-Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. 
- 
-FIXME //better description^// 
- 
-==== Learn and Use ==== 
- 
-  * [[http://besva.de/ubuntu_12.04.1_tutorial.pdf|How to install Ubuntu 12.04.1 LTS (and similiar systems) with enabled full disk encryption]] 
-====== Integrity Checks ====== 
-In order to check that you're actually using the right program and not a fake or modified/backdoor'ed one it's recommended to do integrity checks (for things such as the Tor Browser Bundle at least).   
-A 'hash' is a unique number generated using a published algorithm on a particular file. For example, if I have file1.txt, which has no text in it, and I run it through a [[https://en.wikipedia.org/wiki/Cryptographic_hash_function|hashing algorithm]], I will get mathematical_value_1. If I then add text to the file, it has now changed and if I hash it again I will get a different result, mathematical_value_2. 
- 
-**Windows**: 
-     * Download [[http://www.nirsoft.net/utils/hash_my_files.html|HashMyFiles]] (scroll down a bit) 
-     * Extract and open it. 
-     * Now drag and drop the file you want to check into it. We're checking GPG4win as an example here. So download the .exe from [[http://www.gpg4win.org/download.html|here]] and then drag&drop it into HashMyFiles. 
-     * Now go to http://www.gpg4win.org/package-integrity.html and compare the SHA1 checksum & the File length. Usually you can find such checksums right on the download pages of files or linked somewhere. 
- 
-     * Now to also check the PGP signature open up a command prompt by going to start->entering "cmd"->enter->"cd desktop" and make sure you got the file you want to check on your desktop. 
-     * Download the .sig file on the [[http://www.gpg4win.org/download.html|page]] to your desktop (works the same with .asc files) 
-     * Import their public key by entering: 
- 
-         gpg --recv-keys EC70B1B8 
-         (You can find the last few numbers on the website) 
- 
-     * //Or// for .key files (first download to desktop): 
- 
-         gpg --import tails-signing.key 
-         (the last bit is the filename of the .key file of course) 
- 
-     * Then enter this and check the result: 
- 
-        gpg2 --verify gpg4win-2.1.1.exe.sig gpg4win-2.1.1.exe 
-        (first the .sig/.asc key then the corresponding file) 
-         
-**Linux**: 
-       * sha1sum and md5sum are included in most Unix/Linux based operating systems (including MacOSX) -> Go to 'Terminal' in Applications->Utilities, navigate to the file you wish to use and type 'md5sum <filename>' where 'filename' is the filename, to get the md5sum. 
-       * Compare with expected values from the site you downloaded from. 
- 
-FIXME //Please add variations for Linux&Mac. And add tutorials for [[http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html|this stuff]] // 
-====== About ====== 
- 
-If these tutorials helped you please pass it on - share this page!