Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
brief [2013/12/19 10:25] – [Retroshare] please edit 127.0.0.1 | universal [2014/12/22 09:38] – 127.0.0.1 | ||
---|---|---|---|
Line 13: | Line 13: | ||
* **[[documentation: | * **[[documentation: | ||
* [[https:// | * [[https:// | ||
+ | * [[http:// | ||
* [[https:// | * [[https:// | ||
Line 20: | Line 21: | ||
* https:// | * https:// | ||
- | + | ====== Why is mass surveillance a problem ? ====== | |
+ | |||
+ | * **https:// | ||
+ | |||
+ | ====== Quotes ====== | ||
Line 30: | Line 35: | ||
- | + | | |
Line 67: | Line 72: | ||
* [[https:// | * [[https:// | ||
- | * Useful companion: [[https:// | ||
==== Block Advertising ==== | ==== Block Advertising ==== | ||
Line 105: | Line 109: | ||
* https:// | * https:// | ||
* partly proprietary, | * partly proprietary, | ||
+ | * https:// | ||
+ | * FIXME | ||
* https:// | * https:// | ||
* from the same people that run startpage.com, | * from the same people that run startpage.com, | ||
+ | * https:// | ||
+ | * from SuMa e.V., a german non-profit organisation that supports free access to knowledge, provides Web search as a TOR hidden service | ||
* Though if you'd like to keep using google at least use its encrypted version: https:// | * Though if you'd like to keep using google at least use its encrypted version: https:// | ||
* In **Chrome** go to settings-> | * In **Chrome** go to settings-> | ||
- | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. | + | * In **Firefox** you can do the same for startpage but might have problems with encrypted.google in recent versions of firefox. |
===== General Tips ===== | ===== General Tips ===== | ||
Line 118: | Line 126: | ||
* Opt out from various tracking advertising firms using http:// | * Opt out from various tracking advertising firms using http:// | ||
* Check the privacy settings of applications that you use | * Check the privacy settings of applications that you use | ||
+ | * If you use Windows do a File System Check once in a while by entering "sfc / | ||
+ | * Disable all Plugins in your Browser or set them to "Ask to Activate" | ||
* Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | * Don't use a password across multiple sites or the same as the one you use to encrypt ie your hard drive. Also don't google it or anything alike. [[http:// | ||
* Use antivirus software and a firewall. Do regular scans & updates | * Use antivirus software and a firewall. Do regular scans & updates | ||
Line 128: | Line 138: | ||
* Get SSL. First follow these instructions for [[https:// | * Get SSL. First follow these instructions for [[https:// | ||
- | FIXME | + | ======Closing Unused Ports (debian)====== |
+ | **Check open ports.** | ||
+ | |||
+ | From the command line, you can see your open ports by typing: | ||
+ | su | ||
+ | netstat -anltp | grep " | ||
+ | |||
+ | Must should be none, i.e no reply. | ||
+ | |||
+ | **Remove services, which open ports.** | ||
+ | |||
+ | su | ||
+ | apt-get remove dovecot-core openbsd-inetd bind9 samba cups apache2 postgres* | ||
+ | apt-get remove exim4 exim4-daemon-light rpcbind openssh-server apache2.2-bin | ||
+ | apt-get autoremove | ||
+ | |||
+ | **Check open ports again.** | ||
+ | |||
+ | su | ||
+ | netstat -anltp | grep " | ||
====== Email ====== | ====== Email ====== | ||
Line 134: | Line 164: | ||
With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | With email, you //always// have to trust the operator. So, no matter what, try to use real end-to-end encryption like OpenPGP. \\ | ||
- | Check https:// | + | Check https:// |
For more control over your email, you have to either [[run your own mail server]] or have a good // | For more control over your email, you have to either [[run your own mail server]] or have a good // | ||
Line 165: | Line 195: | ||
=== 1. Install a mailclient === | === 1. Install a mailclient === | ||
- | We recommend [[https:// | + | We recommend [[https:// |
=== 2. Install GnuPG === | === 2. Install GnuPG === | ||
Line 287: | Line 317: | ||
**[[: | **[[: | ||
+ | |||
+ | === 9. Use Tor Birdy === | ||
+ | |||
+ | You can make your communication extra safe by using Tor Birdy, a Thunderbird add-on for the Tor Browser | ||
+ | |||
+ | * If you don't have Thunderbird, | ||
+ | * Then you need to install Tor, so follow this [[http:// | ||
+ | * Next, [[https:// | ||
+ | * in Thunderbirds, | ||
+ | * then you need to adjust your Proxy to 9150 which you can do at Tools (// | ||
+ | * install it and restart Thunderbird | ||
+ | * NOTE: You now always have to open your Tor Browser to use Tor Birdy in Thunderbird. Otherwise e-mails fail to be sent instead. | ||
+ | * for troubleshooting, | ||
+ | |||
+ | |||
====== Chat ====== | ====== Chat ====== | ||
Line 356: | Line 401: | ||
* Enter 127.0.0.1 for the host and 9150 for the port | * Enter 127.0.0.1 for the host and 9150 for the port | ||
* Leave user/pass blank | * Leave user/pass blank | ||
+ | See also: https:// | ||
+ | =====Securing pidgin on GNU/ | ||
+ | * For information on how to secure pidgin on GNU/Linux https:// | ||
+ | * For information on how to properly install Apparmor: https:// | ||
===== Other ===== | ===== Other ===== | ||
Line 375: | Line 424: | ||
A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | A darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. | ||
+ | More accurately all of them share being //anonymous overlay networks//. | ||
===== Tor Hidden services ===== | ===== Tor Hidden services ===== | ||
Line 383: | Line 433: | ||
===== I2P ===== | ===== I2P ===== | ||
- | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), | + | I2P is a secure, anonymous network resistant to censorship and monitoring and both distributed and dynamic, with no trusted parties. It offers a range of services by default (including an active IRC Chat) and with full support for streaming, anonymous file sharing (BitTorrent), |
==== Step 1 ==== | ==== Step 1 ==== | ||
Line 405: | Line 455: | ||
* On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | * On the left panel you will see bandwidth of 96KBps and 40KBps for the In and Out speeds. Your most likely have an Internet speed far greater than this. Therefore, you should raise the speeds significantly. | ||
* Then go here (also optionally): | * Then go here (also optionally): | ||
- | * Now you can either always use a second browser/ | + | * Now you can either always use a second browser/ |
---- | ---- | ||
Line 416: | Line 466: | ||
- Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | - Press Ok twice & close. Firefox will now send all .i2p requests through the local proxy. You can now access the //" | ||
- | | + | |
+ | * **Alternatively** (and recommended for optimal security) | ||
HTTP-Proxy: 127.0.0.1 | HTTP-Proxy: 127.0.0.1 | ||
* Click OK. You can also run 2 firefox instances at the same time using [[http:// | * Click OK. You can also run 2 firefox instances at the same time using [[http:// | ||
+ | * Enter // | ||
+ | |||
+ | javascript.enabled | ||
+ | browser.safebrowsing.enabled | ||
+ | browser.safebrowsing.malware.enabled | ||
+ | |||
+ | * Disable all Plugins. Alternatively to setting javascript.enabled to false you can also use [[https:// | ||
---- | ---- | ||
Line 455: | Line 513: | ||
* [[http:// | * [[http:// | ||
- | ====== File Sharing ====== | + | ====== File Sharing, Torrenting, Warez ====== |
+ | For anonymous downloading the absolute minimum is making use of a [[: | ||
===== Torrenting with I2P ===== | ===== Torrenting with I2P ===== | ||
Line 463: | Line 522: | ||
* And [[http:// | * And [[http:// | ||
+ | ===== Tribler ===== | ||
+ | |||
+ | Tribler is an open source peer-to-peer decentralized torrent client with various features for watching, streaming & sharing videos online. | ||
+ | |||
+ | //Soon//(!) **[[http:// | ||
===== Frost with Freenet ===== | ===== Frost with Freenet ===== | ||
[[http:// | [[http:// | ||
Line 470: | Line 534: | ||
* Create a directory where you want Frost to reside, and uncompress the zip file in there. | * Create a directory where you want Frost to reside, and uncompress the zip file in there. | ||
* Start frost.jar (or .bat) (if you are on Windows) or frost.sh (if you are on *nix) and enter a nick. | * Start frost.jar (or .bat) (if you are on Windows) or frost.sh (if you are on *nix) and enter a nick. | ||
+ | |||
+ | ===== Retroshare ===== | ||
+ | [[: | ||
+ | |||
+ | ===== Other ===== | ||
+ | |||
+ | ===== Anonymous Upload & Download of Youtube-Videos ===== | ||
+ | Videos from Youtube have unique metadata embedded into them via our friends at Google (on a per download basis). If that same file is seen elsewhere Google can check their logs to see when that file was downloaded and everything your computer sent, such as your IP address, user-agent and other fingerprinting info. | ||
+ | |||
+ | When using **[[https:// | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | You can also put these settings into a file "// | ||
+ | |||
+ | Use [[: | ||
+ | |||
+ | If you plan to reupload or share the video and wish for google to not know which of the downloaders is uploading the file do the following from a Linux terminal: | ||
+ | |||
+ | $ ffmpeg -i originalvideo.mp4 -acodec copy -vcodec copy newvideo.mp4 | ||
+ | |||
+ | That will strip the video to only the video and audio (removing the metadata). You can verify this by downloading the same video twice and checking the sha256sum' | ||
====== DNS ====== | ====== DNS ====== | ||
Line 497: | Line 584: | ||
Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | Right now, there is no secure way to delete files from flash memory. This includes usb sticks, memory cards and solid state hard disks (SSDs). The only responsible way to prevent theft of data on these media is // | ||
==== Windows ==== | ==== Windows ==== | ||
- | * [[http:// | + | * [[http:// |
- | * With [[http:// | + | * With [[http:// |
- | * With [[https:// | + | |
+ | * With [[https:// | ||
==== Linux ==== | ==== Linux ==== | ||
Line 510: | Line 598: | ||
[[http:// | [[http:// | ||
- | |||
srm does secure deletion of files.\\ | srm does secure deletion of files.\\ | ||
sfill does a secure overwriting of the unused diskspace on the harddisk.\\ | sfill does a secure overwriting of the unused diskspace on the harddisk.\\ | ||
sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\ | sswap does a secure overwriting and cleaning of the swap filesystem. (note that sswap was only tested on linux so far. you must unmount your swap first!)\\ | ||
- | smem does a secure overwriting of unused memory (RAM) | + | smem does a secure overwriting of unused memory (RAM) |
To install the tools on ubuntu issue the command: | To install the tools on ubuntu issue the command: | ||
sudo apt-get install secure-delete | sudo apt-get install secure-delete | ||
- | FIXME | ||
==== Mac ==== | ==== Mac ==== | ||
- | FIXME | + | Beginning with Mac OS 10.3, Apple enhanced its security by introducing the [[http://safecomputing.umich.edu/ |
+ | |||
+ | [[http:// | ||
====== Photos & Videos ====== | ====== Photos & Videos ====== | ||
Line 540: | Line 627: | ||
* Download [[https:// | * Download [[https:// | ||
* Verify the checksums as described here: [[: | * Verify the checksums as described here: [[: | ||
+ | * [[tails|Configuration notes from a CryptoParty]] | ||
- | Alternatives to Tails such as Liberté Linux [[https:// | + | Alternatives to Tails such as Liberté Linux [[https:// |
===== Virtual Machine ===== | ===== Virtual Machine ===== | ||
Line 563: | Line 651: | ||
====== Operating system ====== | ====== Operating system ====== | ||
- | [[https:// | + | [[https:// |
- | FIXME //Please add tutorial for a new OS or 2nd OS// | + | FIXME //Please add tutorial/s for a new OS or 2nd OS// |
- | If you (keep) using Windows [[http:// | + | If you (keep) using Windows [[http:// |
====== VPN ====== | ====== VPN ====== | ||
Line 586: | Line 674: | ||
====== Android ====== | ====== Android ====== | ||
+ | For many of the below Apps you need to have root-access to your phone. Gaining such isn't hard to do: just google your device name and firmware (both to be found in the settings under "info to device" | ||
===== SMS ===== | ===== SMS ===== | ||
Line 607: | Line 696: | ||
* Users of newer versions of Android and up can use the built-in system encryption: [[http:// | * Users of newer versions of Android and up can use the built-in system encryption: [[http:// | ||
+ | |||
+ | ===== Permissions ===== | ||
+ | |||
+ | FIXME Check & review the following Apps: | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | [[http:// | ||
+ | |||
+ | |||
+ | |||
===== GPG ===== | ===== GPG ===== | ||
Line 613: | Line 715: | ||
===== Firewall ===== | ===== Firewall ===== | ||
- | * [[https:// | + | * [[https:// |
===== Superuser ===== | ===== Superuser ===== | ||
Line 626: | Line 728: | ||
* //FIXME Review AddOns such as [[https:// | * //FIXME Review AddOns such as [[https:// | ||
* [[https:// | * [[https:// | ||
- | * [[https://adblockplus.org/en/android|Adblock Plus]] blocks banners, pop-ups and video ads. | + | * [[https://f-droid.org/repository/browse/? |
===== History Eraser ===== | ===== History Eraser ===== | ||
Line 634: | Line 736: | ||
* [[https:// | * [[https:// | ||
====== iOS ====== | ====== iOS ====== | ||
- | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// | + | iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device (better use android or any of [[https:// |
+ | ===== Calls ===== | ||
+ | |||
+ | * [[https:// | ||
+ | * More information: | ||
===== Web Browsing ===== | ===== Web Browsing ===== | ||
* [[https:// | * [[https:// | ||
Line 678: | Line 785: | ||
Once you have a LUKS partition, to make the drive accessible for formating or mounting, use the command, type the command: | Once you have a LUKS partition, to make the drive accessible for formating or mounting, use the command, type the command: | ||
- | cryptsetup | + | cryptsetup |
You will be asked for the password to decrypt the device, then it will be available like a normal drive or parition located at '/ | You will be asked for the password to decrypt the device, then it will be available like a normal drive or parition located at '/ | ||
If you are finished using the device, you can remove it by typing the command: | If you are finished using the device, you can remove it by typing the command: | ||
- | cryptsetup | + | cryptsetup |
The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further software is required however you will likely not be able to access LUKS formatted partitions or drives from a Microsoft or Apple device. | The advantage of this method is that dm-crypt, the system that cryptsetup interacts with, it part of the Linux kernel and no further software is required however you will likely not be able to access LUKS formatted partitions or drives from a Microsoft or Apple device. | ||
Line 692: | Line 799: | ||
Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | Ubuntu allows you to encrypt your whole drive as an option when you freshly set it up. | ||
- | |||
- | FIXME //better description^// | ||
==== Learn and Use ==== | ==== Learn and Use ==== | ||
+ | * [[https:// | ||
* [[http:// | * [[http:// | ||
====== Integrity Checks ====== | ====== Integrity Checks ====== | ||
Line 729: | Line 835: | ||
* Compare with expected values from the site you downloaded from. | * Compare with expected values from the site you downloaded from. | ||
- | FIXME //Please add variations for Linux& | + | FIXME |
+ | //Please add variations for Linux& | ||
====== About ====== | ====== About ====== | ||
- | Also available as an eepsite on [[brief:# | + | Also available as an eepsite on [[brief:# |
- | And as a hidden service on [[brief:# | + | http://crzh6busgh4v2kon66ant2fgscq6scj4apceqii2rstglaztfk2q.b32.i2p/en/ |
+ | And as a hidden service on [[brief:# | ||
+ | http://5nklpqfgczvtjrlg.onion/ | ||
+ | FIXME | ||
+ | //These 2 sites need to be updated to the present state of this tutorial-series.// | ||
+ | |||
+ | |||
+ | ---- | ||
- | If these tutorials helped you please pass it on - share this page! | + | If these tutorials helped you please pass it on - **share this page** (or its contents)! |