Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
brief [2013/09/18 08:55] – [Virtual Machines & Live Disc/USB] 127.0.0.1 | universal [2020/08/01 04:57] – old revision restored (2014/10/20 14:47) 127.0.0.1 | ||
---|---|---|---|
Line 20: | Line 20: | ||
* https:// | * https:// | ||
- | + | ====== Why is mass surveillance a problem ? ====== | |
+ | |||
+ | * **https:// | ||
+ | |||
+ | ====== Quotes ====== | ||
Line 30: | Line 34: | ||
- | + | | |
Line 54: | Line 58: | ||
===== Browser ===== | ===== Browser ===== | ||
- | [[https:// | + | [[https:// |
===== Tor Browser Bundle ===== | ===== Tor Browser Bundle ===== | ||
* Watch this Video: [[https:// | * Watch this Video: [[https:// | ||
Line 67: | Line 71: | ||
* [[https:// | * [[https:// | ||
- | * Useful companion: [[https:// | ||
==== Block Advertising ==== | ==== Block Advertising ==== | ||
Line 107: | Line 110: | ||
* https:// | * https:// | ||
* from the same people that run startpage.com, | * from the same people that run startpage.com, | ||
+ | * https:// | ||
+ | * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service | ||
* Though if you'd like to keep using google at least use its encrypted version: https:// | * Though if you'd like to keep using google at least use its encrypted version: https:// | ||
* In **Chrome** go to settings-> | * In **Chrome** go to settings-> | ||
- | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. | + | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. |
===== General Tips ===== | ===== General Tips ===== | ||
Line 118: | Line 123: | ||
* Opt out from various tracking advertising firms using http:// | * Opt out from various tracking advertising firms using http:// | ||
* Check the privacy settings of applications that you use | * Check the privacy settings of applications that you use | ||
+ | * If you use Windows do a File System Check once in a while by entering "sfc / | ||
+ | * Disable all Plugins in your Browser or set them to "Ask to Activate" | ||
* Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | ||
* Use antivirus software and a firewall. Do regular scans & updates | * Use antivirus software and a firewall. Do regular scans & updates | ||
Line 128: | Line 135: | ||
* Get SSL. First follow these instructions for [[https:// | * Get SSL. First follow these instructions for [[https:// | ||
- | FIXME | + | ======Closing Unused Ports (debian)====== |
+ | **Check open ports.** | ||
+ | |||
+ | From the command line, you can see your open ports by typing: | ||
+ | su | ||
+ | netstat -anltp | grep " | ||
+ | |||
+ | Must should be none, i.e no reply. | ||
+ | |||
+ | **Remove services, which open ports.** | ||
+ | |||
+ | su | ||
+ | apt-get remove dovecot-core openbsd-inetd bind9 samba cups apache2 postgres* | ||
+ | apt-get remove exim4 exim4-daemon-light rpcbind openssh-server apache2.2-bin | ||
+ | apt-get autoremove | ||
+ | |||
+ | **Check open ports again.** | ||
+ | |||
+ | su | ||
+ | netstat -anltp | grep " | ||
====== Email ====== | ====== Email ====== | ||
Line 134: | Line 161: | ||
With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | ||
- | Check https:// | + | Check https:// |
For more control over your email, you have to either [[run your own mail server]] or have a good // | For more control over your email, you have to either [[run your own mail server]] or have a good // | ||
Line 165: | Line 192: | ||
=== 1. Install a mailclient === | === 1. Install a mailclient === | ||
- | We recommend [[https:// | + | We recommend [[https:// |
=== 2. Install GnuPG === | === 2. Install GnuPG === | ||
Line 182: | Line 209: | ||
[[http:// | [[http:// | ||
- | Find the add-on manager in your Thunderbird (upper right side menu) and install enigmail there. On Linux, install it via your software manager. | + | Find the add-on manager in your Thunderbird (upper right side menu) and install enigmail there. On Linux, install it via your software manager. |
- | If you are using a Thunderbird derivative (e.g. Icedove) from Debian which doesn' | + | |
Line 193: | Line 219: | ||
=== 5. Generate Keypair === | === 5. Generate Keypair === | ||
- | | + | |
- | | + | |
- | | + | |
- | - Wait. | + | |
- | Afterwards, it will ask you if you want to make a revocation certificate. Do so, and store it on a save medium (that is either a print-out or a CD you burn it to and then put away in a safe place).\\ | + | Afterwards, it will ask you if you want to make a revocation certificate. Do so, and store it on a safe medium (that is either a print-out or a CD you burn it to and then put away in a safe place).\\ |
- | Here is a great guide for [[https:// | + | If you have already generated |
- | For a more detailed description of the mechanism of public-key encryption, refer to [[http:// | + | [[https:// |
+ | For a more detailed description of the mechanism of public-key encryption, | ||
=== 6. Publish Public Key === | === 6. Publish Public Key === | ||
Line 208: | Line 234: | ||
To get a copy of a public key on Linux with GNUPG run the following command: | To get a copy of a public key on Linux with GNUPG run the following command: | ||
- | gpg --export -a <your GPG ID> | + | gpg --export --armor |
- | this will generate output starting with ' | + | this will generate output starting with ' |
Line 235: | Line 261: | ||
You can use the command line to encrypt a file or a message: | You can use the command line to encrypt a file or a message: | ||
- | gpg -e -r < | + | gpg -ase -r < |
- | This will produce a file that you can attach or paste into an email. If you omit the -a argument, the output is a binary file which should not be pasted, but should still work fine as an attachment. | + | This will produce a file (ending in .asc) that you can attach or paste into an email. |
To send encrypted mail with Thunderbird/ | To send encrypted mail with Thunderbird/ | ||
- | - Make sure auto-saving of drafts is disabled. | ||
- | - Compose a message as you normally would. | ||
- | - Click on OpenPGP, and check Encrypt Message (and, optionally, Sign Message). | ||
- | - Click Send. | ||
- | - Depending on how Thunderbird is set up, it may give you a list of keys to choose from at this point, or it may select keys automatically based on email addresses. | ||
- | - If you see the list of keys, make sure the recipient' | ||
- | To decrypt a message from the command line, export | + | * Make sure auto-saving of drafts is disabled (Tools -> Options -> Composition -> General, uncheck Auto Save, or Edit -> Preferences -> Composition -> General, uncheck Auto Save). |
- | gpg -d < | + | * Compose a message as you normally would. |
+ | * Click on OpenPGP, and check Encrypt Message (and, optionally, Sign Message). | ||
+ | * Click Send. | ||
+ | |||
+ | Depending on how Thunderbird is set up, it may give you a list of keys to choose from at this point, or it may select keys automatically based on email addresses (This behavior is configurable: | ||
+ | |||
+ | To decrypt a message from the command line, save the encrypted message to a file, and type: | ||
+ | gpg < | ||
To decrypt mail with Thunderbird/ | To decrypt mail with Thunderbird/ | ||
- | | + | |
- | | + | |
- | - The decrypted message should be readable now. | + | |
To verify a signature: | To verify a signature: | ||
Line 287: | Line 314: | ||
**[[: | **[[: | ||
+ | |||
+ | === 9. Use Tor Birdy === | ||
+ | |||
+ | You can make your communication extra safe by using Tor Birdy, a Thunderbird add-on for the Tor Browser | ||
+ | |||
+ | * If you don't have Thunderbird, | ||
+ | * Then you need to install Tor, so follow this [[http:// | ||
+ | * Next, [[https:// | ||
+ | * in Thunderbirds, | ||
+ | * then you need to adjust your Proxy to 9150 which you can do at Tools (// | ||
+ | * install it and restart Thunderbird | ||
+ | * NOTE: You now always have to open your Tor Browser to use Tor Birdy in Thunderbird. Otherwise e-mails fail to be sent instead. | ||
+ | * for troubleshooting, | ||
+ | |||
+ | |||
====== Chat ====== | ====== Chat ====== | ||
Line 356: | Line 398: | ||
* Enter 127.0.0.1 for the host and 9150 for the port | * Enter 127.0.0.1 for the host and 9150 for the port | ||
* Leave user/pass blank | * Leave user/pass blank | ||
+ | See also: https:// | ||
+ | =====Securing pidgin on GNU/ | ||
+ | * For information on how to secure pidgin on GNU/Linux https:// | ||
+ | * For information on how to properly install Apparmor: https:// | ||
===== Other ===== | ===== Other ===== | ||
Line 362: | Line 408: | ||
* [[https:// | * [[https:// | ||
* [[http:// | * [[http:// | ||
+ | * [[https:// | ||
====== VoIP ====== | ====== VoIP ====== | ||
Line 374: | Line 421: | ||
A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | ||
+ | More accurately all of them share being //anonymous overlay networks//. | ||
===== Tor Hidden services ===== | ===== Tor Hidden services ===== | ||
Line 382: | Line 430: | ||
===== I2P ===== | ===== I2P ===== | ||
- | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), | + | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), |
==== Step 1 ==== | ==== Step 1 ==== | ||
Line 404: | Line 452: | ||
* On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | ||
* Then go here (also optionally): | * Then go here (also optionally): | ||
- | * Now you can either always use a second browser/ | + | * Now you can either always use a second browser/ |
---- | ---- | ||
Line 415: | Line 463: | ||
- Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | ||
- | | + | |
+ | * **Alternatively** (and recommended for optimal security) | ||
HTTP-Proxy: 127.0.0.1 | HTTP-Proxy: 127.0.0.1 | ||
* Click OK. You can also run 2 firefox instances at the same time using [[http:// | * Click OK. You can also run 2 firefox instances at the same time using [[http:// | ||
+ | * Enter // | ||
+ | |||
+ | javascript.enabled | ||
+ | browser.safebrowsing.enabled | ||
+ | browser.safebrowsing.malware.enabled | ||
+ | |||
+ | * Disable all Plugins. Alternatively to setting javascript.enabled to false you can also use [[https:// | ||
---- | ---- | ||
Line 447: | Line 503: | ||
All you need to do is install the software and generate a PGP/GPG key, which will be used to encrypt and decrypt your network traffic. The hard part is getting at least 5 of your friends to also install the software and [[http:// | All you need to do is install the software and generate a PGP/GPG key, which will be used to encrypt and decrypt your network traffic. The hard part is getting at least 5 of your friends to also install the software and [[http:// | ||
- | FIXME //Please add tutorial | + | FIXME //Please add info for "The degree of anonymity can still be improved by deactivating the DHT and IP/ |
====== Meshnet ====== | ====== Meshnet ====== | ||
Line 462: | Line 518: | ||
* And [[http:// | * And [[http:// | ||
+ | ===== Tribler ===== | ||
+ | |||
+ | Tribler is an open source peer-to-peer decentralized torrent client with various features for watching, streaming & sharing videos online. | ||
+ | |||
+ | //Soon//(!) **[[http:// | ||
===== Frost with Freenet ===== | ===== Frost with Freenet ===== | ||
[[http:// | [[http:// | ||
Line 496: | Line 557: | ||
Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | ||
==== Windows ==== | ==== Windows ==== | ||
- | * [[http:// | + | * [[http:// |
- | * With [[http:// | + | * With [[http:// |
- | * With [[https:// | + | |
+ | * With [[https:// | ||
==== Linux ==== | ==== Linux ==== | ||
Line 506: | Line 568: | ||
as root/ | as root/ | ||
- | [[http:// | + | [[http:// |
[[http:// | [[http:// | ||
Line 512: | Line 574: | ||
sfill does a secure overwriting of the unused diskspace on the harddisk.\\ | sfill does a secure overwriting of the unused diskspace on the harddisk.\\ | ||
sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\ | sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\ | ||
- | smem does a secure overwriting of unused memory (RAM) | + | smem does a secure overwriting of unused memory (RAM) |
To install the tools on ubuntu issue the command: | To install the tools on ubuntu issue the command: | ||
sudo apt-get install secure-delete | sudo apt-get install secure-delete | ||
- | or through your appropriate package manager, if the tool isn't on the package managers repositories, | ||
- | wget http:// | ||
- | tar -vzxf secure_delete-3.1.tar.gz | ||
- | cd secure_delete-3.1 | ||
- | make && sudo make install | ||
- | FIXME | ||
==== Mac ==== | ==== Mac ==== | ||
- | FIXME | + | Beginning with Mac OS 10.3, Apple enhanced its security by introducing the [[http://safecomputing.umich.edu/ |
+ | |||
+ | [[http:// | ||
====== Photos & Videos ====== | ====== Photos & Videos ====== | ||
Line 544: | Line 601: | ||
* Verify the checksums as described here: [[: | * Verify the checksums as described here: [[: | ||
- | Alternatives to Tails such as Liberté Linux [[https:// | + | Alternatives to Tails such as Liberté Linux [[https:// |
===== Virtual Machine ===== | ===== Virtual Machine ===== | ||
Line 552: | Line 609: | ||
* Start Virtual Box click " | * Start Virtual Box click " | ||
* FIXME | * FIXME | ||
+ | * | ||
+ | | ||
===== Live Disc/USB ===== | ===== Live Disc/USB ===== | ||
Line 565: | Line 623: | ||
====== Operating system ====== | ====== Operating system ====== | ||
- | [[https:// | + | [[https:// |
- | FIXME //Please add tutorial for a new OS or 2nd OS// | + | FIXME //Please add tutorial/s for a new OS or 2nd OS// |
- | If you (keep) using Windows [[http:// | + | If you (keep) using Windows [[http:// |
====== VPN ====== | ====== VPN ====== | ||
Line 609: | Line 667: | ||
* Users of newer versions of Android and up can use the built-in system encryption: [[http:// | * Users of newer versions of Android and up can use the built-in system encryption: [[http:// | ||
+ | |||
+ | ===== Permissions ===== | ||
+ | |||
+ | FIXME Check & review the following Apps: | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[http:// | ||
+ | |||
+ | |||
+ | |||
===== GPG ===== | ===== GPG ===== | ||
Line 636: | Line 707: | ||
* [[https:// | * [[https:// | ||
====== iOS ====== | ====== iOS ====== | ||
- | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// | + | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// |
+ | ===== Calls ===== | ||
+ | |||
+ | * [[https:// | ||
+ | * More information: | ||
===== Web Browsing ===== | ===== Web Browsing ===== | ||
* [[https:// | * [[https:// | ||
Line 673: | Line 749: | ||
==== Learn and Use ==== | ==== Learn and Use ==== | ||
- | LUKS can be set up using the program ' | + | LUKS can be set up using the program ' |
+ | In the following examples I will be using the device '/ | ||
+ | To format | ||
cryptsetup luksFormat /dev/sdxN | cryptsetup luksFormat /dev/sdxN | ||
- | where ' | + | Next, it will ask you to confirm, as this will *wipe any data on the partition*, then, you will be prompted to enter and confirm the password to access the drive. |
- | cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdxN | + | |
- | Next, it will ask you to confirm, as this will *wipe any data on the partition*. Then, you will be prompted to enter and confirm the password to access the drive, ensure that you pick a secure password, as there is no protection against brute-force password attacks if the drive is physically compromised. | + | |
- | Once it's confirmed completion of the process, you will be able to add the encrypted part of the drive as if it were a blockdevice, | + | |
- | cryptsetup open /dev/sdxN volume-name | + | |
- | The ' | + | |
- | mkfs -t ext4 / | + | |
- | It will now format the blank encrypted partition to an ext4 filesystem, you may choose any other supported filesystem you require by replacing the ' | + | |
- | Okay, so now you have an encrypted volume. If you're using a modern desktop environment like Unity, | + | |
- | If your desktop environment doesn' | + | |
- | mount / | + | |
- | And you'll be able to read and write data to your encrypted volume, to unmount and close the encrypted device simply use: | + | |
- | umount / | + | |
- | cryptsetup close volume-name | + | |
- | You can use this method | + | Once you have a LUKS partition, |
+ | cryptsetup luksOpen /dev/sdxN volume-name | ||
+ | You will be asked for the password to decrypt the device, then it will be available like a normal drive or parition located at '/ | ||
+ | If you are finished using the device, you can remove it by typing the command: | ||
+ | cryptsetup luksClose volume-name | ||
- | For further | + | The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further |
+ | |||
+ | If you're unsure about choosing a cipher or concerned about performance the latest version of cryptsetup | ||
+ | cryptsetup benchmark | ||
+ | |||
+ | Note: The above section is written assuming that the user is running the latest version of cryptsetup, for older versions the command structure differs slightly. | ||
===== Ubuntu ===== | ===== Ubuntu ===== | ||
Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | ||
- | |||
- | FIXME //better description^// | ||
==== Learn and Use ==== | ==== Learn and Use ==== | ||
+ | * [[https:// | ||
* [[http:// | * [[http:// | ||
====== Integrity Checks ====== | ====== Integrity Checks ====== | ||
Line 733: | Line 806: | ||
* Compare with expected values from the site you downloaded from. | * Compare with expected values from the site you downloaded from. | ||
- | FIXME //Please add variations for Linux& | + | FIXME |
+ | //Please add variations for Linux& | ||
====== About ====== | ====== About ====== | ||
- | If these tutorials helped you please pass it on - share this page! | + | Also available as an eepsite on [[brief:# |
+ | http:// | ||
+ | And as a hidden service on [[brief:# | ||
+ | http:// | ||
+ | |||
+ | FIXME | ||
+ | //These 2 sites need to be updated to the present state of this tutorial-series.\\ | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | |||
+ | If these tutorials helped you please pass it on - **share this page** (or its contents)! |