You are on page 1of 29

Encryption Works

How to Protect Your Privacy in the Age of NSA Surveillance
Micah Lee Chief Technology Officer July 2013

Freedom of the Press Foundation

1/2

pressfreedomfoundation org

Dedicated to cypherpunks who write code. Your skills are needed now more than ever.

Author! Micah Lee ! pu"lication of the "ree#o$ of the Press "oun#ation# 2013 %opyright! $ncryption %or&s' (o) to Protect *our Pri+acy in the !ge of ,-! -ur+eillance is licensed under a Creati+e Commons !ttri"ution 3 0 .nported License

https'//creati+ecommons org/licenses/"y/3 0/
Freedom of the Press Foundation 2/2 pressfreedomfoundation org

&a'le of %ontents
(ntro#uction &hreat )o#el %rypto Syste$s Software You %an &rust Anony$i*e Your +ocation with &or ,ff-the-.ecor# /,&.0 %hat -er+ice Pro+iders and Ja""er OT4 Clients *our 5ey -essions OT4 Fingerprint 6erification Logs 1Pretty 2oo# Privacy3 /P2P0 E$ail Encryption 5eypairs and 5eyrings Passphrases -oft)are $ncrypting# 9ecrypting# -ignatures P:P ;sn<t Just For $mail ;dentity 6erification !ttac&s &ails! &he A$nesic (ncognito +ive Syste$ P:P and $mail in Tails %or&flo) A "ighting %hance 0 0 1 2 3 10 11 11 11 12 13 11 12 12 17 18 18 20 21 23 20 21 27 23

Freedom of the Press Foundation

4/2

pressfreedomfoundation org

Encryption Works
How to Protect Your Privacy in the Age of NSA Surveillance
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. – Edward Snowden, answering questions live on the Guardian's website1 The NSA is the biggest, best funded spy agen y the world has ever seen! They spend billions upon billions of dollars ea h year doing everything they an to va uu" up the digital o""uni ations of "ost hu"ans on this planet that have a ess to the #nternet and and the phone networ$! And as the re ent reports in the Guardian and %ashington &ost show, even do"esti A"eri an o""uni ations are not safe fro" their net! 'efending yourself against the NSA, or any other govern"ent intelligen e agen y, is not si"ple, and it's not so"ething that an be solved (ust by downloading an app! )ut than$s to the dedi ated wor$ of ivilian ryptographers and the free and open sour e software o""unity, it's still possible to have priva y on the #nternet, and the software to do it is freely available to everyone! This is espe ially i"portant for (ournalists o""uni ating with sour es online!

&hreat )o#el
The NSA is a powerful adversary! #f you are its dire t target, you have to go to great lengths to o""uni ate in private, and even if you're not, billions of inno ent #nternet users get aught in the NSA's dragnet too! *hanging so"e basi software pra ti es ould award you a great deal of priva y, even if it doesn't $eep you se ure against targeted atta $s by the +S govern"ent! This paper e,plores "ethods you an use in both ases! %hile the tools and advi e in this paper are ai"ed at prote ting your priva y fro" the NSA's olle tion "ethods, the sa"e advi e an be used to in rease your o"puter se urity against any adversary! #t's i"portant to re"e"ber that other govern"ents, in luding *hina and -ussia, spend "assive a"ounts of "oney of their own high.te h surveillan e equip"ent and are $nown to spe ifi ally target (ournalists and sour es! #n the +S, bad digital se urity an ost whistleblowers their freedo", but in other ountries it an ost both (ournalists and sour es their lives! A re ent e,a"ple fro" Syria/ illustrates how areless digital se urity an have tragi results!

1 /

Edward Snowden0 NSA whistleblower answers reader questions, http011www!guardian! o!u$1world1/2131(un1141edward.snowden.nsa.files.whistleblower The spy who a"e in fro" the ode, http011www! (r!org1feature1the5spy5who5 a"e5in5fro"5the5 !php6page7all Freedom of the Press Foundation 5/2 pressfreedomfoundation org

%rypto Syste$s
We disco ered something. !ur one hope against total domination. A hope that with courage, insight and solidarity we could use to resist. A strange property of the physical uni erse that we li e in. "he uni erse #elie es in encryption. $t is easier to encrypt information than it is to decrypt it. 8 9ulian Assange, in the introdu tion of *ypherpun$s0 :reedo" and the :uture of the #nternet En ryption is the pro ess of ta$ing a plainte,t "essage and a rando"ly generated $ey and doing "athe"ati al operations with the two until all that's left is a s ra"bled, ipherte,t version of the "essage! 'e ryption is ta$ing the ipherte,t and the right $ey and doing "ore "athe"ati al operations until the plainte,t is re overed! This field is alled ryptography, or rypto for short! A rypto algorith", what "athe"ati al operations to do and how to do the", is alled a ipher! To en rypt so"ething you need the right $ey, and you need the right $ey to de rypt it too! #f the rypto software is i"ple"ented properly, if the "ath is sound, and if the $eys are se ure, all of the o"bined o"puting power on Earth annot brea$ this en ryption! %e build rypto syste"s that depend on proble"s in "athe"ati s that we believe to be hard, su h as the diffi ulty in fa toring large nu"bers! +nless there are "athe"ati al brea$throughs that "a$e these proble"s easier8and the NSA is $eeping the" se ret fro" the rest of the world8brea$ing rypto that relies on the" for se urity is unfeasible! The design of rypto syste"s and iphers should be o"pletely publi ! The only way to ensure that the ipher itself doesn't have a riti al flaw is to publish how it wor$s, to have "any eyes s rutini;ing it in detail, and to let it weather real.world atta $s in the wild to wor$ out the bugs! The inner wor$ings of "ost rypto that we use on a daily basis, li$e <TT&S3, the te hnology that "a$es it possible to safely type redit ard nu"bers and passwords into website for"s, is o"pletely publi ! An atta $er that $nows every single detail about how the en ryption wor$s should still fail to brea$ the en ryption without possessing the $ey! *rypto that is proprietary, and its underlying ode se ret, annot be trusted to be se ure! <ere's an i"portant question to as$ when assessing if a servi e or app that uses en ryption is se ure0 #s it possible for the servi e provider itself to ir u"vent the en ryption6 #f so, you annot trust the se urity of the servi e! =any servi es li$e S$ype> and <ush"ail? pro"ise @end.to.end@ en ryption, but often ti"es it still "eans that the servi es the"selves have the $eys to de rypt the produ t! True end.to. end en ryption "eans that the servi e provider annot loo$ at your o""uni ations even if they wanted to!
3 > ? <TT& Se ure, https011en!wi$ipedia!org1wi$i1<ttps Thin$ your S$ype "essages get end.to.end en ryption6 Thin$ again, http011arste hni a! o"1se urity1/21312?1thin$. your.s$ype."essages.get.end.to.end.en ryption.thin$.again1 <ush"ail To %arn +sers of Aaw Enfor e"ent )a $door, http011www!wired! o"1threatlevel1/2241111hush"ail.to.war1 Freedom of the Press Foundation 6/2 pressfreedomfoundation org

Another i"portant fa t to $now about en ryption is that it's about "u h "ore than prote ting the priva y of o""uni ations! #t an be used to @digitally sign@ "essages in a way that proves that the "essage originated fro" the person you e,pe ted it to! #t an be used to build digital urren ies li$e )it oin, and it an be used to build anony"ity networ$s li$e Tor! En ryption an also be used to prevent people fro" installing i&hone apps that didn't o"e fro" the App Store, to prevent people fro" re ording "ovies dire tly fro" Netfli,, and to prevent people fro" installing Ainu, on a %indows B tablet! And it an also be used to prevent "an.in.the."iddleC D=#T=E atta $ers fro" adding "alware to otherwise legiti"ate software updates! #n short, en ryption en o"passes a whole host of uses, but here we are fo used on how we an use it to se urely and privately o""uni ate!

Software You %an &rust
%hen Snowden uses the ter" @endpoint se urity@ he "eans the se urity of the o"puters on either end of the onversation that are doing the en rypting and the de rypting, as opposed to the se urity of the "essage when itFs in transit! #f you send an en rypted e"ail to a friend but you have a $eylogger on your o"puter that's logging the entire "essage, as well as the passphrase that's prote ting your en ryption $eys, your en ryption isn't worth very "u h! Sin e :reedo" of the &ress :oundation board "e"bers Glenn Greenwald and Aaura &oitras bro$e the NSA dragnet surveillan e stories, a lot "ore infor"ation about +S spy agen ies has been "ade publi ! Spe ifi ally, )loo"berg wrote about voluntary infor"ation sharing progra"s between +S o"panies and +S spy agen ies4! So far the "ost sho $ing revelation about these infor"ation sharing progra"s is that =i rosoft has a poli y of giving infor"ation about vulnerabilities in its software to the +S govern"ent before it releases se urity updates to the publi ! The arti le says0 %icrosoft &orp. '%S("), the world*s largest software company, pro ides intelligence agencies with information a#out #ugs in its popular software #efore it pu#licly releases a fi+, according to two people familiar with the process. "hat information can #e used to protect go ernment computers and to access the computers of terrorists or military foes. This "eans that it's li$ely that NSA has been handed the $eys to any o"puter running %indows, Gffi e, S$ype, or other =i rosoft software! #f you're running this software on your o"puter, it's li$ely that, with enough effort, the NSA ould o"pro"ise your o"puter, and thus your en rypted o""uni ations, if you be a"e a target! %e've also learned fro" the New Hor$ Ti"esB that S$ype, software that outside the se urity o""unity
C 4 B =an.in.the."iddle atta $, https011en!wi$ipedia!org1wi$i1=an.in.the."iddle5atta $ +!S! Agen ies Said to Swap 'ata %ith Thousands of :ir"s, http011www!bloo"berg! o"1news1/213.2C.1>1u.s. agen ies.said.to.swap.data.with.thousands.of.fir"s!ht"l %eb's -ea h )inds N!S!A! and Sili on Ialley Aeaders, http011www!nyti"es! o"1/21312C1/21te hnology1sili on.valley. Freedom of the Press Foundation 7/2 pressfreedomfoundation org

has long had a reputation of being a se ure way to o""uni ate, has been feeding private onversations to the +S govern"ent for the last five years! Skype, the $nternet,#ased calling ser ice, #egan its own secret program, Pro-ect &hess, to e+plore the legal and technical issues in making Skype calls readily a aila#le to intelligence agencies and law enforcement officials, according to people #riefed on the program who asked not to #e named to a oid trou#le with the intelligence agencies. Pro-ect &hess, which has ne er #een pre iously disclosed, was small, limited to fewer than a do.en people inside Skype, and was de eloped as the company had sometimes contentious talks with the go ernment o er legal issues, said one of the people #riefed on the pro-ect. "he pro-ect #egan a#out fi e years ago, #efore most of the company was sold #y its parent, e/ay, to outside in estors in 0112. %icrosoft acquired Skype in an 34.5 #illion deal that was completed in !cto#er 0166. A Skype e+ecuti e denied last year in a #log post that recent changes in the way Skype operated were made at the #ehest of %icrosoft to make snooping easier for law enforcement. $t appears, howe er, that Skype figured out how to cooperate with the intelligence community #efore %icrosoft took o er the company, according to documents leaked #y Edward 7. Snowden, a former contractor for the N.S.A. !ne of the documents a#out the Prism program made pu#lic #y %r. Snowden says Skype -oined Prism on (e#. 8, 0166. &roprietary software, su h as "u h of what's released by =i rosoft, Apple, and Google, has another flaw! #t's "u h "ore diffi ult for users to independently verify that se ret ba $doors don't e,ist at the landestine de"ands of the surveillan e state! Though re ent reports have shown that "any o"panies hand over an un$nown a"ount of infor"ation in response to :#SA requests, none have been shown to have dire t ba $doors into their syste"s! There is other software that's "ore reliable in this regard! :ree and open sour e softwareJ is not always user friendly and it's not always se ure! <owever when it's developed in the open, with open bug tra $ers, open "ailing lists, open governing stru tures, and open sour e ode, it's "u h "ore diffi ult for these pro(e ts to have a poli y of betraying their users li$e =i rosoft has! GN+1Ainu, is an operating syste" that's o"posed entirely of free and open sour e software! E,a"ples of GN+1Ainu, distributions in lude +buntu12, 'ebian11, and :edora *ore1/! #t's the "ost popular free software alternative to %indows and =a GS K! %hile free software pro(e ts still "ight in lude "ali ious ode Dsee the +nderhanded * *ontest13E, the person writing the ode needs to hide it leverly and hope none of the other developers, or downstrea" GN+1Ainu, pa $age "aintainers who prepare and o"pile the sour e ode of pro(e ts to in lude in their distributions, noti e!
J 12 11 1/ 13 and.spy.agen y.bound.by.strengthening.web!ht"l :ree Software :oundation, https011www!fsf!org1about1what.is.free.software +buntu, http011www!ubuntu! o"1 'ebian, http011www!debian!org1 :edora *ore, https011fedorapro(e t!org1 The +nderhanded * *ontest, http011underhanded!, ott! o"1 Freedom of the Press Foundation 8/2 pressfreedomfoundation org

#n the 1JJ2s, when ivilian ryptography was be o"ing popular and the +S govern"ent was doing everything they ould to prevent it1>, the @ ypherpun$@ "ove"ent was born! =any pie es of software intended to bring en ryption to the people grew out of that "ove"ent! &ypherpunks write code. We know that someone has to write software to defend pri acy, and since we can*t get pri acy unless we all do, we*re going to write it. We pu#lish our code so that our fellow &ypherpunks may practice and play with it. !ur code is free for all to use, worldwide. We don*t much care if you don*t appro e of the software we write. We know that software can*t #e destroyed and that a widely dispersed system can*t #e shut down. 8 Eri <ughes, in his 1JJ3 *ypherpun$ =anifesto That ode, that's open and publi so that fellow ypherpun$s "ay pra ti e and play with it, whi h anyone in the world an freely use, "a$es the basis of the software and proto ols that we an trust0 TAS Dthe en ryption that powers <TT&SE, A+LS Ddis$ en ryption1? built.in to GN+1Ainu,E, Gpen&G&, Gff.the.-e ord, and Tor! The Ta ti al Te hnology *olle tive1C has built a great guide to open sour e se urity software that you an trust14 to $eep your o""uni ations private fro" surveillan e! #t's i"portant to re"e"ber that (ust using this software, and even using it perfe tly, annot guarantee the se urity of your rypto! :or e,a"ple, we have no idea if Apple has handed over ;ero day vulnerabilities to the NSA for iGS li$e =i rosoft is reported to have done! *hatSe ure, whi h lets you have en rypted hat onversations on iGS devi es, is only as se ure as the operating syste" that it's running on! #t's i"portant to re"e"ber that (ust be ause you use free software doesn't "ean you an't get ha $ed! &eople find ;ero day1B e,ploits for free software all the ti"e, and so"eti"es sell the" to govern"ents and other "ali ious atta $ers! :ree software users still download "ali ious atta h"ents in their e"ail, and they still often have badly onfigured and easily e,ploited servi es on their o"puters! And even worse, "alware is often very good at hiding! #f a free software user gets "alware on their o"puter, it "ight stay there until the user for"ats their hard drive! Tails, whi h is a live 'I' and live +S) GN+1Ainu, distribution that # will dis uss in detail below, solves "any of these proble"s!

1> See &hil Mi""er"ann's ri"inal investigation, https011en!wi$ipedia!org1wi$i1&hil5Mi""er"annN*ri"inal5investigation and *lipper hip, https011en!wi$ipedia!org1wi$i1*lipper5 hip 1? 'is$ en ryption, https011en!wi$ipedia!org1wi$i1'is$5en ryption 1C Ta ti al Te hnology *olle tive, https011ta ti alte h!org1 14 %orried about surveillan e online6 A olle tion of our tips and how to's on alternatives, https011alternatives!ta ti alte h!org1 1B Mero.day atta $, https011en!wi$ipedia!org1wi$i1Mero.'ay5Atta $ Freedom of the Press Foundation 9/2 pressfreedomfoundation org

Anony$i*e Your +ocation with &or
Tor1J is a software servi e that allows you to use the #nternet while on ealing your #& address, whi h is, in general, a fairly a urate representation of your lo ation! The Tor networ$ is "ade up of over 3,C22 volunteer servers alled nodes! %hen so"eone uses the Tor networ$ to visit a website their onne tion gets boun ed through three of these nodes D alled a ir uitE before finally e,iting into the nor"al #nternet! Anyone inter epting traffi will thin$ your lo ation is the final node whi h your traffi e,its fro"! #t's i"portant to re"e"ber that (ust be ause your onne tion to the #nternet "ay be anony"ous that doesn't "agi ally "a$e it se ure! E:: has "ade a great visuali;ation/2 of how Tor and <TT&S an wor$ together to prote t your priva y! Ai$e all good ryptography software, Tor is free software, o"plete with an open bug tra $er, "ailing lists, and sour e ode/1! 'o u"entation for Tails, the live GN+1Ainu, distribution that for es all of the user's networ$ traffi to go through the Tor networ$, has this to say about global adversaries//0 A glo#al passi e ad ersary would #e a person or an entity a#le to monitor at the same time the traffic #etween all the computers in a network. /y studying, for e+ample, the timing and olume patterns of the different communications across the network, it would #e statistically possi#le to identify "or circuits and thus matching "or users and destination ser ers. %e still don't $now whether or not NSA or G*<O ounts as a global adversary, but we do $now that they "onitor a large portion of the #nternet! #t's too early to $now for sure how often these intelligen e agen ies an defeat the anony"ity of the Tor networ$! Even if they an, using Tor still gives us "any advantages! #t "a$es their (ob "u h harder, and we leave "u h less identifying data on the servers we onne t to through the Tor networ$! #t "a$es it "u h harder to be the vi ti" of a =#T= atta $ at our lo al networ$ or #S& level! And even if so"e Tor ir uits an be defeated by a global adversary, if enough people are getting their traffi routed through the sa"e Tor nodes at the sa"e ti"e, it "ight be diffi ult for the adversary to tell whi h traffi belongs to whi h ir uits! The easiest way to start using Tor is to download and install the Tor )rowser )undle/3!

1J The Tor &ro(e t, https011www!torpro(e t!org1 /2 Tor and <TT&S, https011www!eff!org1pages1tor.and.https /1 Tor's bug tra $er0 https011tra !torpro(e t!org1pro(e ts1torP "ailing list0 https011www!torpro(e t!org1do s1do u"entationN=ailingAistsP and sour e ode0 https011gitweb!torpro(e t!org1tor!git6 a7treePhb7<EA' // Tor doesn't prote t you fro" a global adversary, https011tails!bou"!org1do 1about1warning1inde,!en!ht"lNinde,4h1 /3 'ownload the Tor )rowser )undle, https011www!torpro(e t!org1download1download.easy!ht"l!en Freedom of the Press Foundation /2 pressfreedomfoundation org

%hen Snowden was answering questions on Guardian's website/> fro" a @se ure #nternet onne tion@, he was probably routing his traffi through the Tor networ$! <e "ay have also been using a bridge/? to onne t to the Tor networ$ to "a$e the fa t that he was using Tor fro" his #& address less obvious to eavesdroppers!

,ff-the-.ecor# /,&.0 %hat
Gff.the.-e ord/C DGT-E is a layer of en ryption that an be added to any e,isting instant "essage hat syste", provided that you an onne t to that hat syste" using a hat lient that supports GT-, su h as &idgin or Adiu"/4! %ith GT- it's possible to have se ure, end.to.end en rypted onversations over servi es li$e Google Tal$ and :a eboo$ hat without Google or :a eboo$ ever having a ess to the ontents of the onversations! Note0 this is different than the @off.the.re ord@ option in Google, whi h is not se ure! And re"e"ber0 while Google and :a eboo$Fs <TT&S onne tion is very valuable for prote tion against your "essage while itFs in transit, they still have the $eys to your onversations so they an hand the" over to authorities!
/> Edward Snowden0 NSA whistleblower answers reader questions, http011www!guardian! o!u$1world1/2131(un1141edward.snowden.nsa.files.whistleblower /? )ridge'), https011bridges!torpro(e t!org1 /C Gff.the.-e ord =essaging, http011www! ypherpun$s! a1otr1 /4 &idgin, https011pidgin!i"1P Adiu", http011adiu"!i"1 Freedom of the Press Foundation 1: / 2 pressfreedomfoundation org

GT- is used for two things0 encrypting the contents of real.ti"e instant "essage onversations and verifying the identity of people that you hat with! #dentity verifi ation is e,tre"ely i"portant and so"ething that "any GT- users negle t to do! %hile GT- is "u h "ore user friendly that other for"s of publi $ey en ryption, if you wish to use it se urely you still need to understand how it wor$s and what atta $s against it are possible! Service Provi#ers an# ;a''er +sing GT- only en rypts the ontents of your hat onversations but not the "etadata related to the"! This "etadata in ludes who you tal$ to and when and how often you tal$ to the"! :or this reason # re o""end using a servi e that isn't $nown to ollaborate with intelligen e agen ies! %hile this won't ne essarily prote t your "etadata at least you have a han e of $eeping it private! # also re o""end you use an K=&& Dalso $nown as 9abberE servi e! Ai$e e"ail, 9abber is a federated, open proto ol! +sers of riseup!net's 9abber servi e an hat with users of (abber! !de's servi e as well as (abber!org's servi e/B! ,&. %lients To use GT- you'll need to download software! #f you use %indows you an download and install &idgin and separately the GT- plugin/J! #f you use GN+1Ainu, you an install the pidgin and pidgin. otr pa $ages! Hou an read through do u"entation on how to set up your &idgin a ounts with GT-32! #f you use =a GS K you an download and install Adiu", whi h is a free software hat lient that in ludes GT- support! Hou an read the offi ial do u"entation on how to get set up with GTen ryption with Adiu"31! There are also 9abber and GT- lients available for Android, alled Gibberbot3/, and for iGS, alled *hatSe ure33! Your <ey %hen you start using GT-, your hat lient generates an en ryption $ey and stores it in a file in your user's ho"e folder on your hard drive! #f your o"puter or s"artphone get lost, stolen, or infe ted with "alware, it's possible that your GT- $ey an get o"pro"ised! #f this happens, it would be possible for an atta $er with ontrol over your 9abber server to be able to "ount a =#T= atta $ against you while you're hatting with people who have previously verified your identity!

/B :ind infor"ation about these free 9abber servi es here0 https011www!riseup!net1en1 hat, https011web!(abber! !de1, http011www!(abber!org1 /J After downloading and installing &idgin fro" https011pidgin!i"1 you "ust download and install the GT- plugin fro" http011www! ypherpun$s! a1otr1 32 'o u"entation for using &idgin with GT-, http011www! ypherpun$s! a1otr1inde,!phpNdo s 31 Adiu", whi h you an download at http011adiu"!i"1, o"es with GT-! Hou an find do u"entation for it at http011adiu"!i"1help1pgs1Advan ed:eatures.GT-En ryption!ht"l! 3/ Gibberbot, GT- 9abber lient for Android, https011guardianpro(e t!info1apps1gibber1 33 *hatSe ure, GT- 9abber lient for iGS, http011 hrisballinger!info1apps1 hatse ure1 Freedom of the Press Foundation 11 / 2 pressfreedomfoundation org

Sessions #f you want to use GT- to tal$ privately with your friends, your friends also need to be using it! An en rypted session between two people requires two en ryption $eys! :or e,a"ple, if you and your friend are both logged into :a eboo$ hat using Adiu" or &idgin and you have both onfigured GT-, you an hat in private! <owever if you are logged into #= using Adiu" or &idgin but your friend is hatting dire tly fro" fa eboo$! o" in a web browser, you annot have an en rypted onversation! #f you wish to use :a eboo$ or Google's servi es to hat with your friends, # re o""end disabling hat within the web interfa e of these servi es and only using Adiu" and &idgin to onne t, and en ouraging all of your friends to do the sa"e thing3>! %hen you start an en rypted GT- session, your lient software will tell you so"ething li$e this0
Attempting to start a private conversation with username@jabberservice... Unverified conversation with username@jabberservice/ChatClient started.

#f you have already verified the GT- fingerprint of the person you're tal$ing with D"ore on this belowE your session will loo$ li$e this0
Attempting to start a private conversation with username@jabberservice... Private conversation with username@jabberservice/ChatClient started.

%hen you start a new GT- session, your GT- software and your friend's GT- software send a series of "essages ba $ and forth to agree upon a new session $ey! This te"porary en ryption $ey, whi h is only $nown by your #= lients and is never sent over the #nternet, is then used to en rypt and de rypt "essages! %hen the session is finished both lients forget the $ey! #f you start hatting with the sa"e person later, your lients generate a brand new session $ey! #n this way, even if an eavesdropper is logging all of your en rypted GT- onversations8whi h NSA believes it is legally allowed to do3?, even if you're a +S iti;en and they don't have a warrant or probable ause8and later they o"pro"ise your GT- $ey, they annot use it to go ba $ and de rypt your old onversations! This property is alled forward se re y, and it is a feature that GT- has whi h &G& does not! #f your &G& se ret $ey D"ore on this belowE gets o"pro"ised, and the atta $er has a ess to all the en rypted "essages you've re eived, they an go ba $ and de rypt the" all! -ead "ore about how forward se re y wor$s, and why all "a(or #nternet o"panies should adopt it for their websites3C! The good news is Google has already adopted forward se re y, and :a eboo$ will i"ple"ent it soon as well34!

3> Hou an find instru tions for doing so for :a eboo$ at https011www!fa eboo$! o"1help1/1?BBB>C?12//?31, and for Google at https011support!google! o"1 hat1bin1answer!py6hl7enQanswer71C1B/3 3? #n 'epth -eview0 New NSA 'o u"ents E,pose <ow A"eri ans *an )e Spied on %ithout A %arrant, https011www!eff!org1deeplin$s1/21312C1depth.review.new.nsa.do u"ents.e,pose.how.a"eri ans. an.be.spied.without. warrant 3C Aong Ter" &riva y with :orward Se re y, https011www!eff!org1deeplin$s1/2111111long.ter".priva y.forward.se re y 34 &erfe t forward se re y, https011www!fa eboo$! o"1pages1&erfe t.forward.se re y1121BJ?/1C?1JC?? Freedom of the Press Foundation 12 / 2 pressfreedomfoundation org

,&. "ingerprint =erification %hen you start a new GT- session with so"eone, your #= software re eives the fingerprint of her en ryption $ey, and your GT- software re"e"bers this fingerprint! As long as so"eone uses the sa"e en ryption $ey when she tal$s to you, presu"ably be ause she's onsistently using the sa"e devi e, she will have the sa"e fingerprint! #f her fingerprint hanges then either she is using a different GT- $ey or you are both the target of a =#T= atta $! %ithout verifying $eys you have no way to $now that you're not falling vi ti" to an undete ted, su essful =#T= atta $! Even if the person you're talking to is definitely your real friend because she know things that only she would know, and you're using OTR encryption, an attacker might still be reading your conversation. This is be ause you "ight a tually be having an en rypted GT- onversation with the atta $er, who is then having a separate en rypted GT- onversation with your real friend and (ust forwarding "essages ba $ and forth! -ather than your friend's fingerprint your lient would be seeing the atta $er's fingerprint! All you, as a user, an see is that the onversation is @+nverified@! The following s reenshots show &idgin's visual indi ations of fingerprint verifi ation! #f you have verified GT- fingerprints your onversation is private, and if you haven't, your onversation is en rypted but you "ight be under atta $! Hou an't $now for sure without verifying!

#f you li $ the +nverified lin$ Din Adiu" it's a lo $ i onE you an hoose @Authenti ate buddy@! The GT- proto ol supports three types of verifi ation0 the so ialist "illionaire3B proto ol, a shared se ret3J, and "anual fingerprint verifi ation! All GT- lients support "anual fingerprint verifi ation, but not all lients support other types of verifi ation! %hen in doubt, hoose "anual fingerprint verifi ation!

3B So ialist "illionaire, https011en!wi$ipedia!org1wi$i1So ialist5"illionaire 3J Shared se ret, https011en!wi$ipedia!org1wi$i1Shared5se ret Freedom of the Press Foundation 14 / 2 pressfreedomfoundation org

#n the s reenshot above, you an see the GT- fingerprints for both users in the session! The other person should see the e,a t sa"e fingerprints! #n order to be sure that both parties are seeing the orre t fingerprints you both need to "eet up in person, or tal$ on the phone if you an re ogni;e their voi e, or find so"e other out.of.band but se ure "ethod to verify fingerprints, su h as sending a &G& en rypted and signed e"ail! GT- fingerprints are >2 he,ade i"al hara ters! #t's statisti ally i"possible to generate two GT- $eys that have the sa"e fingerprint, whi h is alled a ollision! <owever it is possible to generate an GT$ey that isn't a ollision but loo$s li$e one on ursory inspe tion! :or e,a"ple, the first few hara ters and last few hara ters ould be the sa"e with different hara ters in the "iddle! :or this reason, it's i"portant to o"pare ea h of the >2 hara ters to be sure you have the orre t GT- $ey! )e ause you generally set up a new GT- $ey ea h ti"e you set up a new devi e Dfor e,a"ple, if you want to use the sa"e 9abber a ount to hat fro" your Android phone with Gibberbot as you use on your %indows &* with &idginE, you often end up with "ultiple $eys, and therefore "ultiple fingerprints! #t's i"portant to repeat the verifi ation step on ea h devi e with ea h onta t you tal$ to! #t's still "u h better pra ti e to use GT- without verifying fingerprints than to not use GT- at all! An atta $er that atte"pts a =#T= atta $ against an GT- session runs the very real ris$ of getting aught, so li$ely this atta $ will only be used autiously!
Freedom of the Press Foundation 15 / 2 pressfreedomfoundation org

+ogs <ere is an e, erpt fro" the hat logs, published by %ired>2, of a onversation between )radley =anning and Adrian Aa"o, who turned hi" in to authorities0 '69:1956 P%) #radass4; has not #een authenticated yet. <ou should authenticate this #uddy. '69:1956 P%) Un erified con ersation with #radass4; started. '69:6960 P%) #radass4;9 hi '69::91: P%) #radass4;9 how are you= '69:;916 P%) #radass4;9 im an army intelligence analyst, deployed to eastern #aghdad, pending discharge for >ad-ustment disorder> in lieu of >gender identity disorder> '695890: P%) #radass4;9 im sure you*re pretty #usy... '69549?6 P%) #radass4;9 if you had unprecedented access to classified networks 6: hours a day ; days a week for 4@ months, what would you do= '69549?6 P%) infoAadrianlamo.com 9 "ired of #eing tired '096;902 P%) #radass4;9 = '891;902 P%) infoAadrianlamo.com9 What*s your %!S= As you an see fro" @+nverified onversation with bradassB4 started,@ they were using GT- to en rypt their onversation, yet it still ended up getting published on %ired's website and used as eviden e against )radley =anning! %hile it's possible their onversation was under a =#T= atta $, it's very unli$ely! #nstead both )radley =anning's and Adrian Aa"o's GT- lients were logging a opy of their onversation to their hard drives, unen rypted! %hile it an so"eti"es be useful to $eep logs of onversations, it also greatly o"pro"ises your priva y! #f &idgin and Adiu" didn't log GT- onversations by default, it's li$ely that these hat logs would never have be o"e part of the publi re ord! %ith the release of GT- >!2 in Septe"ber /21/, &idgin stopped logging GT- onversations by default! Adiu" still logs GT- onversations by default so you "ust "anually turn off logging yourself, whi h is a bug in Adiu">1!

>2 =anning.Aa"o *hat Aogs -evealed, http011www!wired! o"1threatlevel1/2111241"anning.la"o.logs >1 )e ause Adiu" is free software with an open bug tra $er, you an follow and ontribute to the onversations about fi,ing this bug https011tra !adiu"!i"1ti $et11?4// and https011tra !adiu"!i"1ti $et11?4/J Freedom of the Press Foundation 16 / 2 pressfreedomfoundation org

>Pretty 2oo# Privacy> /P2P0 E$ail Encryption
#n 1JJ1, &hil Mi""er"ann developed e"ail en ryption software alled &retty Good &riva y>/, or &G&, whi h he intended pea e a tivists to use while organi;ing in the anti.nu lear "ove"ent! Today, &G& is a o"pany that sells a proprietary en ryption progra" by the sa"e na"e! Gpen&G&>3 is the open proto ol that defines how &G& en ryption wor$s, and Gnu&G>> DG&G for shortE is free software, and is 122R o"patible with the proprietary version! G&G is "u h "ore popular than &G& today be ause it's free for everyone to download, and ypherpun$s trust it "ore be ause it's open sour e! The ter"s &G& and G&G are often used inter hangably! +nfortunately, &G& is notoriously hard to use, as e,e"plified by Greenwald e,plaining how he ould not initially tal$ to Edward Snowden be ause it was so diffi ult to set up>?! <eypairs an# <eyrings As with GT-, ea h person who wishes to send or re eive en rypted e"ail needs to generate their own &G& $ey, alled a $eypair! &G& $eypairs are split into two parts, the publi $ey and the se ret $ey! #f you have so"eone's publi $ey, you an do two things0 encrypt messages that an only be de rypted with their se ret $ey, and verify signatures that were generated with their se ret $ey! #t's safe to give your publi $ey to anyone who wants it! The worst anyone an do with it is en rypt "essages that only you an de rypt! %ith your se ret $ey you an do two things0 decrypt messages that were en rypted using your publi $ey, and digitally sign messages! #t's i"portant to $eep your se ret $ey se ret! An atta $er with your se ret $ey an de rypt "essages intended only for you, and he an forge "essages on your behalf! Se ret $eys are generally en rypted with a passphrase, so even if your o"puter gets o"pro"ised and your se ret $ey gets stolen, the atta $er would need to get your passphrase before he would have a ess to it! +nli$e GT-, &G& does not have forward se re y! #f your &G& se ret $ey is o"pro"ised and the atta $er has opies of any histori al en rypted e"ails you have re eived, he an go ba $ and retro. a tively de rypt the" all! Sin e you need other people's publi $eys in order to en rypt "essages to the", &G& software lets you "anage a $eyring with your se ret $ey, your publi $ey, and all of the publi $eys of the people you o""uni ate with! +sing &G& for e"ail en ryption an be very in onvenient! :or e,a"ple, if you set up &G& on your o"puter but have re eived an en rypted e"ail on your phone, you won't be able to de rypt it to read
>/ >3 >> >? &retty Good &riva y, https011en!wi$ipedia!org1wi$i1&retty5Good5&riva y The Gpen&G& Allian e, http011openpgp!org1 GN+ &riva y Guard, http011www!gnupg!org1 <ow Glenn Greenwald )egan *o""uni ating %ith NSA %histleblower Edward Snowden, http011www!huffingtonpost! o"1/21312C1121edward.snowden.glenn.greenwald5n53>1CJ4B!ht"l61342BJ?B1B Freedom of the Press Foundation 17 / 2 pressfreedomfoundation org

the e"ail until you get to your o"puter! Ai$e GT-, ea h &G& $ey has a unique fingerprint! Hou an find a opy of "y publi $ey on :reedo" of the &ress :oundation's website>C, and "y fingerprint is ?*14 C1C3 C1)' J:J/ >//A *2B) )>'/ ?A1E JJJJ JCJ4! #f you loo$ at "y publi $ey you'll see that it's quite long and would be hard to read out over the phone! A fingerprint is a short and "ore onvenient way to uniquely represent a $ey! %ith "y publi $ey you an en rypt "essages that only # an de rypt, provided that "y se ret $ey has not been o"pro"ised! Passphrases The se urity of rypto often relies on the se urity of a password! Sin e passwords are very easily guessed by o"puters, ryptographers prefer the ter" passphrase>4 to en ourage users to "a$e their passwords very long and se ure!

*o"i

ourtsey KL*', https011,$ d! o"1J3C1

:or tips on hoosing good passphrases, read the passphrase se tion of E::'s 'efending &riva y at the
>C #t's too long to publish in print0 https011pressfreedo"foundation!org1$eys1"i ah!as >4 &assphrase, https011en!wi$ipedia!org1wi$i1&assphrase Freedom of the Press Foundation 18 / 2 pressfreedomfoundation org

+!S! )order0 A Guide for Travelers *arrying 'igital 'evi es whitepaper>B, and also the 'i eware &assphrase <o"e &age>J! #n addition to prote ting &G& se ret $eys, you also need to hoose good passphrases for dis$ en ryption and password vaults?2! Software To install G&G, %indows users an download Gpg>win?1, and =a GS K users an download G&GTools?/! #f you run GN+1Ainu, you should already have G&G installed! G&G is a o""and line progra", but there's software that interfa es with e"ail lients that "a$es it "u h easier to use! Hou'll have to download an e"ail lient to use &G& orre tly! An e"ail lient is a progra" on your o"puter that you open to he $ your e"ail, as opposed to using your web browser! The "ost popular &G& setup is the e"ail lient Thunderbird with the Enig"ail add.on?3! Thunderbird and Enig"ail are free software and run on %indow, =a , and GN+1Ainu,! -ight now &G& is very diffi ult to use se urely fro" a web browser! %hile so"e browser e,tensions e,ist that help with this, # would re o""end sti $ing to a des$top e"ail lient until the field of browser rypto "atures! #t's possible to use &G& en ryption with G"ail, but the easiest way is to set up an e"ail lient li$e Thunderbird and run your G"ail a ount through it! Encrypting? @ecrypting? an# Signatures Hou an send en rypted e"ails and digitally sign the" using the graphi al user interfa e provided by Thunderbird and Enig"ail! <ere's an e,a"ple of an en rypted e"ail that #'" sending to "yself! %hen # hit send, "y software too$ the body of the "essage and en rypted it using "y publi $ey, "a$ing the ontent unintelligible to eavesdroppers, and indeed to "y e"ail provider too!

>B >J ?2 ?1 ?/ ?3

https011www!eff!org1wp1defending.priva y.us.border.guide.travelers. arrying.digital.devi esNpassphrase The 'i eware &assphrase <o"e &age, http011world!std! o"1Sreinhold1di eware!ht"l &assword "anager, https011en!wi$ipedia!org1wi$i1&assword5"anager Gpg>win, http011www!gpg>win!org1 G&GTools, https011gpgtools!org1 Hou an download Thunderbird at https011www!"o;illa!org1en.+S1thunderbird and Enig"ail at http011enig"ail!net1ho"e1inde,!php Freedom of the Press Foundation 19 / 2 pressfreedomfoundation org

%hen # opened this e"ail # was pro"pted to type in "y en ryption passphrase to de rypt it! Sin e it was en rypted using "y publi $ey, the only way # ould de rypt it is with "y se ret $ey! Sin e "y se ret $ey is prote ted with a passphrase, # needed to type "y passphrase to te"porarily de rypt "y se ret $ey in order to use it to de rypt the "essage!

Freedom of the Press Foundation

1 /2

pressfreedomfoundation org

P2P (snAt ;ust "or E$ail %hile &G& is often used for e"ail en ryption, nothing stops you fro" using it to en rypt anything and publish it using any "ediu"! Hou an post &G& en rypted "essages on blogs, so ial networ$s, and foru"s! Levin &oulsen published a &G& en rypted "essage on %ired's website?> intended for Edward Snowden to read! As long as %ired has a opy of Snowden's real publi $ey, only so"eone in possession of Snowden's se ret $ey an de rypt this "essage! %e don't $now how %ired got a opy of Snowden's publi $ey!

?> Gur Top.Se ret =essage to NSA %histleblower Edward Snowden, http011www!wired! o"1threatlevel1/21312C1signed. bda2df3 1 Freedom of the Press Foundation 2: / 2 pressfreedomfoundation org

<ere's a "essage that was en rypted to "y publi $ey! %ithout having a ess to "y asso iated se ret $ey, NSA should not be able to brea$ the en ryption! DNSA, let "e $now if you get it!E
-----B !"# P!P $ %%A! ----&ersion' !nuP! v(.).(* +!#U/,inu-. h/"$A01$2&3og456A///7ep86iiC$%m,9/Pt4)d*w/9:;fj-")c(rw5jf9</Ai)n 1=>r38?"bg@u9uv/:Bjl5Ap2Bcm**n1B/m95P/2Cb-o5b72gsB4C,D#en/C2E$#$ i8EC5BF0*sgP331i8&/<s>#-AAfegb$seo78DcDw&iG()giB/wA;#Gw2"Cm08P@j A5?B$A4:iEBd rmAC>:f=fA/ d4Au4cC&&a0GG(*/up@>-;i:mm9A-ws<i9t a</ vg0i(gv>BeAm7?nc9!onA:0eCC"6Dc;0CeuhCGA:5$3ArnBEP8p55fc/ ;/!sp<o %b-&@2evw@*U9ebe>/@*5A,4;# nEsF>sg/$)E:s$gv6";"19f7<erhD$t2im%t( /!ph3m<6PEv<Bib48U4;!s6U(/*C$"l?B&$@6"p?<Eh1#g 0itAaa)gehFGl(1-a p60>2G$#t2CED0hB7mF#UfGwUv3B 90d/0,9h28/"D=b7B#Fh1cgB25Cip3=4=j, i&h;t>!PfB1An5E @>c6jes6=t>)hDudC-@$&:?n@"v:D!tf-sf /e;6&mmfB!#! gl- : fb3t:ps,3ngD$ne6?BFB3!Ds<2r4b=jEm1wpC8 GA>3p5@b5j/gs0t4e7& -i/dBp#6njn!i"CA%C-Fr"Eu>b@jo208102#f,vPE?0e3(i w40ebj,vGhvG6*j% pw!u7uF/0/#6ou(EfU4/,:$:% e2ACm)wP4>fU!n70o(v<?8r<4/8ev"iA/G$AF5 gD*:?17>!g)ll!8BCAnB9c2!gC;<(>93U4#(&G4:?:B,o#s<A1eeng3vmi,4 9D< En,tP)49G*rn1i6B2/Pnj("fPonsda#ttb5*fhpD7a/r(sUA?ad7e=s;*v=02$gB "1h2Ae8ilD4t?,s*m1u0r<D$0>6hi-%h Ha0DE ----- #G P!P $ %%A! -----

(#entity =erification As with GT-, it's i"portant that you verify the &G& $eys of the people you o""uni ate with! #n &G& you do this by using your se ret $ey to digitally sign so"eone else's publi $ey! :ro" inside Thunderbird you an li $ the Gpen&G& "enu and open Ley =anage"ent! Hou an he $ the @'isplay All Leys by 'efault@ he $bo, to see all of the $eys in your $eyring! :ro" here you an i"port $eys fro" files, fro" your lipboard, or fro" $ey servers! Hou an also generate new $eypairs, and view details of all the $eys in your $eyring! As with GT- $eys, ea h &G& $ey has a unique fingerprint! And as with GT-, you need to read out the entire fingerprint to be sure the publi $ey you're loo$ing at a tually belongs to the person you believe it belongs to! Hou an right. li $ on a $ey in this list and hoose Iiew 'etails to see its fingerprint! <ere are the details of the &G& $ey that the dis$ en ryption software True*rypt?? uses to digitally digitally sign releases of its software!

?? True*rypt, http011www!true rypt!org1 Freedom of the Press Foundation 21 / 2 pressfreedomfoundation org

Also li$e GT-, you need to "eet in person, tal$ on the phone, or use an already verified GT- session to o"pare ea h hara ter of the fingerprint! After you have verified that the publi $ey you have belongs to the person you thin$ it does, you an li $ @Sele t a tion@ and hoose @Sign Ley@!

Freedom of the Press Foundation

22 / 2

pressfreedomfoundation org

#n the s reenshot above # he $ed the @Ao al signatures D annot be e,portedE@ bo,! #n this way, you an sign &G& $eys, whi h is ne essary for Enig"ail and other &G& software to display se urity "essages that "a$e sense, but you don't run the ris$ of a identally publishing who you o""uni ate with to a &G& $ey server?C! #f you re eive an en rypted e"ail fro" so"eone you $now but the e"ail is not digitally signed, you an't be o"pletely sure that it was a tually written by the person you thin$! #t's possible it ould be so"eone who spoofed their e"ail address or o"pro"ised their e"ail a ount! #f your friend tells you in this e"ail that she generated a new $ey, you need to "eet up in person or tal$ to her on the phone and read out your fingerprints before you an be sure that you're not under atta $! Attacks #f you don't verify identities you have no way of $nowing whether or not you are the vi ti" of a =#T= atta $!

?C &riva y on erns of $ey servers, https011en!wi$ipedia!org1wi$i1Ley5server5R/B ryptographi R/JN&riva y5 on erns Freedom of the Press Foundation 24 / 2 pressfreedomfoundation org

%ashington &ost (ournalist )arton Gell"an, who Edward Snowden trusted with infor"ation about the NSA's &-#S= progra", wrote about his e,perien e using &G&?4! !n "hursday, #efore "he Post pu#lished its first story, $ made contact on a new channel. Be was not e+pecting me there and responded in alarm. >Co $ know you=> he wrote. $ sent him a note on another channel to erify my digital >fingerprint,> a precaution we had #een using for some time. "ired, $ sent the wrong one. >"hat is not at all the right fingerprint,> he wrote, preparing to sign off. ><ou*re getting %$"%*d.> Be was talking a#out a >man in the middle> attack, a standard NSA technique to #ypass encryption. $ hastily corrected my error. Snowden was right to be autious and to insist that he he $ Gell"an's new &G& fingerprint! &G&, if used right, provides the tools ne essary to prevent =#T= atta $s! )ut these tools only wor$ if the users are vigilant about identity verifi ation!

&ails! &he A$nesic (ncognito +ive Syste$
+sing @properly i"ple"ented strong rypto syste"s@ has a huge learning urve and requires dedi ated users who are willing to put in e,tra wor$ to ta$e ontrol of their own priva y, whi h is the "ain reason why GT- and &G& are not urrently in widespread use! )ut even when you use these tools, how an you ensure @endpoint se urity@ when you an't ne essarily trust your operating syste" or other software that you depend on every day6 The solution is to use an entirely different operating syste" o"prised o"pletely of @software you an trust@ when you have a serious need for real priva y! Tails?B helps solve this proble"! "ails is a li e system that aims at preser ing your pri acy and anonymity. $t helps you to use the $nternet anonymously almost anywhere you go and on any computer #ut lea e no trace using unless you ask it e+plicitly. $t is a complete operating,system designed to #e used from a CDC or a US/ stick independently of the computer*s original operating system. $t is (ree Software and #ased on Ce#ian ENUFGinu+. "ails comes with se eral #uilt,in applications pre,configured with security in mind9 we# #rowser, instant messaging client, email client, office suite, image and sound editor, etc. Tails is not for everyone! #t's still diffi ult to use o"pared to nor"al operating syste"s, it's slow, it doesn't have all the software you "ay want! )ut Tails has all of these properties be ause it's spe ifi ally designed to "a$e it harder for users to "ess up their endpoint se urity! #f you're in a position where you
?4 *ode na"e TIera,F0 Snowden, in e, hanges with &ost reporter, "ade lear he $new ris$s, http011www!washingtonpost! o"1world1national.se urity1 ode.na"e.vera,.snowden.in.e, hanges.with.post.reporter. "ade. lear.he.$new.ris$s1/21312C12J1 Ja/?b?>.d1> .11e/.Jf1a.1a4 dee/2/B45story!ht"l ?B Tails0 The A"nesi #n ognito Aive Syste", https011tails!bou"!org1about1inde,!en!ht"l Freedom of the Press Foundation 25 / 2 pressfreedomfoundation org

thin$ that NSA, or any other potential atta $er, "ay want to target you and your olleagues Dthe (ournalist1whistleblower relationship o"es to "indE it's one of the best tools available! )e ause Tails is not pra ti al for daily o"puter use, it's a good idea to get into the habit of using GTand &G& in your nor"al operating syste" as well! Tails won't help blunt the effe ts of dragnet surveillan e by itself, but en rypting as "u h as we an on a daily basis will! Every ti"e you boot Tails you start fro" a lean slate! Anything you did in your previous session on Tails gets erased and the syste" is reverted ba $ to the default state! This "eans that even if you get infe ted with "alware while using Tails, the ne,t ti"e you boot into it the "alware will be gone! Hou an get started using Tails by downloading?J the 'I' i"age and burning it to a 'I'! Hou then need to boot to this 'I'! This step is different depending on what "odel o"puter you have, but it often involves entering your )#GS and hanging your boot order so your o"puter tries booting fro" 'I' before it tries your hard drive! Gn newer &*s you "ight need to disable +E:# @se ure boot@C2 in the )#GS as well, whi h is the rypto that's used to "a$e sure your o"puter will only boot to digitally signed versions of %indows Dwhi h, in affe t, "a$es it harder for people to boot into non.%indows operating syste"sE! The Tails website has "ore infor"ation on booting Tools fro" a 'I' or +S) sti $C1! After booting to the 'I' you have the option to install Tails on a +S) sti $, whi h is espe ially useful be ause it allows you to onfigure a persistent volu"eC/, an en rypted se tion of your +S) sti $ to store your data! 'espite starting fro" a lean slate ea h ti"e you boot up, it's i"portant for you to be able to have a ess to your GT- and &G& $eys, your *laws =ail D"ore belowE and &idgin settings, and any do u"ents you're wor$ing with! Hour persistent volu"e allows you to do this! P2P an# E$ail in &ails # dis ussed using Thunderbird with the Enig"ail add.on to a ess your e"ail and use &G&, however this software doesn't o"e with Tails! Tails o"es with *laws =ailC3 whi h in ludes a &G& plugin!

?J 'ownload Tails fro" https011tails!bou"!org1download1inde,!en!ht"l, and be sure to verify the &G& signature C2 +nified E,tensible :ir"ware #nterfa e, )ooting, https011en!wi$ipedia!org1wi$i1+nified5E,tensible5:ir"ware5#nterfa eN)ooting C1 Start TailsU, https011tails!bou"!org1download1inde,!en!ht"lNstart C/ &ersisten e in Tails, https011tails!bou"!org1do 1first5steps1persisten e1inde,!en!ht"l C3 *laws =ail, http011www! laws."ail!org1 Freedom of the Press Foundation 26 / 2 pressfreedomfoundation org

#nstead of using Enig"ail's &G& $ey "anage"ent graphi al user interfa e to i"port, e,port, generate, view details about, and sign $eys, you an li $ on the lipboard i on in the top right of the s reen and hoose =anage Leys to open SeahorseC>, whi h provides these sa"e features!

C> Seahorse, https011wi$i!gno"e!org1Seahorse Freedom of the Press Foundation 27 / 2 pressfreedomfoundation org

Workflow To get started having private o""uni ations with your friends and olleagues with very high endpoint se urity, here are the steps you need to ta$e! • • • =eet up with your friends fa e.to.fa e! Ea h person should bring their own laptop and +S) sti $! 'ownload and burn a Tails 'I'! )oot to Tails and reate Tails +S) sti $s for ea h person! %hen everyone has a Tails +S) sti $, ea h person should boot to Tails on her own laptop and onfigure a persisten e volu"e on her +S) sti $! Sin e this volu"e is en rypted, ea h person should o"e up with her own se ure passphrase that she will need to enter ea h ti"e she boots to Tails! Everyone should reboot their laptops into Tails again and this ti"e "ount the persistent volu"e! Ea h person should reate a new pseudony"ous 9abber a ount! Gne way to do this is to go to https011register!(abber!org1 in # eweasel! Sin e Tails "a$es all #nternet traffi go over Tor, this is effe tively "a$ing an anony"ous 9abber a ount! Ea h person should open &idgin and onfigure it to use their new 9abber a ount and reate a new GT- $ey! Everyone should add ea h other to their buddy lists and start GT- sessions with
Freedom of the Press Foundation 28 / 2 pressfreedomfoundation org

• •

ea hother! Sin e everyone is in the sa"e roo", this is the perfe t ti"e to o"pare fingerprints and verify the identity of all parties so that you'll able to o""uni ate se urely over the #nternet in the future! Ea h person should reate a new pseudony"ous e"ail address as well! So"e e"ail providers, su h as G"ail, "a$e it very diffi ult to reate new a ounts while using Tor and staying anony"ous, so find another e"ail provider to use instead! =a$e sure your e"ail provider supports #=A& Dso you an use a des$top e"ail lientE over SSA Dso your e"ail lient uses en ryption when o""uni ating with the e"ail sreverE! #f everyone hooses the sa"e e"ail provider, sending e"ails between a ounts should never leave that e"ail server, whi h redu es the "etadata about your e"ail usage available to anyone ondu ting dragnet surveillan e of the #nternet! Ea h person should generate a new &G& $ey for their e"ail address! Ai$e with dis$ en ryption, it's i"portant to hoose a strong passphrase when generating a &G& $ey! The &G&.enabled e"ail lient that o"es with Tails is alled *laws =ail! Ea h person should onfigure *laws =ail to use their new e"ail address, and then e"ail a opy of their publi $ey to all other people in the roo"! Ea h person should i"port everyone else's publi $ey into their $eyring, and should "anually verify the &G& fingerprints! 'on't s$ip this step! #n the end, ea h person should have a $eyring ontaining signed $eys of ea h other person!

#f a "ali ious atta $er physi ally steals your Tails +S) sti $, "odifies it, and gives it ba $, he an o"pro"ise all of the se urity of Tails! :or this reason, it's i"portant to $eep your +S) sti $ with you at all ti"es! <ad *#A 'ire tor and retired four.star general 'avid &etraeus and his biographer &aula )roadwell de ided to use Tails, Tor, GT-, and &G&, their e,tra"arital affairC? li$ely would have re"ained se ret! A :ighting *han e

C? &etraeus s andal, https011en!wi$ipedia!org1wi$i1&etraeus5s andal Freedom of the Press Foundation 29 / 2 pressfreedomfoundation org

A "ighting %hance
&rote ting your priva y in the age of ubiquitous NSA surveillan e is in redibly o"ple,! Gaining a basi understanding of the on epts involved, "u h less a tually using the software that's available, has an enor"ous learning urve! )ut even with dire t a ess to all the data traveling at the speed of light through the #nternet's ba $bone fiber.opti ablesCC, even with ooperation of the "a(or +nited States te h o"paniesC4 Dwhi h are e,tre"ely diffi ult for people to boy ottE, the largest, "ost powerful, and best funded surveillan e apparatus that hu"anity has ever seen annot defeat "athe"ati s! The hallenge of the new ypherpun$ "ove"ent is to "a$e se ure and verified end.to.end en ryption a essible to everyone, and turned on by default!

CC G*<O taps fibre.opti ables for se ret a ess to world's o""uni ations, http011www!guardian! o!u$1u$1/2131(un1/11g hq. ables.se ret.world. o""uni ations.nsa C4 NSA slides e,plain the &-#S= data. olle tion progra", http011www!washingtonpost! o"1wp.srv1spe ial1politi s1pris". olle tion.do u"ents1 Freedom of the Press Foundation 2 /2 pressfreedomfoundation org