Professional Documents
Culture Documents
Crypto Party Handbook PDF
Crypto Party Handbook PDF
ed. Version 1
COPYRIGHT
Contents
II
Contents
ċ ċ
CRYP T OPART Y HANDBOOK ċ 1
ċ ċ ċċ
A Cryp t oPart y His t ory: Party Like It's 1984 3
ċ ċ ċ ċ
A Cryp t oPart y Manifes t o 5
ċ ċ
How To Cryp t oPart y 7
ċ ċ
Why Priva cy Matt e rs 11
EMAIL 19
Basic Tips 21
Types of Email 27
Fears 31
BROWSI NG ċ 41
Basic Tips 43
Fears 47
ċ
What hap p ens when you brows e ċ 51
ċ
Accounts and Security ċ 57
ċ
Track ing 59
ċ
Anonym ity ċ 63
VPN 67
ċ ċ
PUBLISH I NG AND DIS T RIBU T ION ċ ċ 71
III
ċ ċ
Publishing Anonymous ly ċ ċ 73
ċ
Anonym ous Email ċ 77
File Sharing ċ 79
Secure Calls 89
ċ
Sett ing up secure connect ions ċ ċ 103
ċ ċ
Some Additiona l Security Sett ings ċ ċ 109
ċ ċ
Int roducing mail encryp t ion (PGP) ċ ċ 119
ċ ċ
Ins talling PGP on Windows ċ 121
ċ ċ
Ins talling PGP on OSX 125
ċ ċ
Ins talling PGP on Ubunt u ċ 133
ċ ċ
Ins talling GPG on Android ċ 135
ċ
Creat ing your PGP keys 137
PASSWORDS 171
ċ
Keep ing passwords safe 173
ċ ċ
Ins talling KeePass 177
ċ ċ
Encrypt ing Passwords with a Password Mana ge rċċ 187
IV
SAFER BROWSING 193
V
SECURE FILE SHARING 339
APPENDICES 345
Glossary 359
VI
ċ ċ ċ
CryptoParty Handbook
ċ ċ ċ
CryptoParty Hand book
2
Ò Ò
A CRYPTOPARTY HISTORY: PARTY LIKE IT'S Ò Ò
1984
ċ ċċ ċċ ċ ċ
Because everyth ing sounds better when someone prom ises there'll be beer.
Ò
What is Crypt oPart y? Ò
ċ ċ ċ ċ ċ ċ ċ ċ
In terested parties with com puters, devices, and the willingn ess to learn how
ċ ċ ċ ċ ċ
to use the most basic crypto programs and the fundamental con cepts of their
ċ ċ ċ ċ ċ ċ ċ ċ ċ
operation! CryptoParties are free to attend, public and com m ercially non-
aligned.
Ò Ò ċ ċ ċ ċ
Crypt oPart y is a decentralized, global in ititative to in troduce basic cryp ċČ
ċ ċ ċ ċ
tography tools - such as the Tor an onym ity network, public key en cryption ċ ċ ċ
ċ ċ ċ
(PGP/GPG), and OTR (Off The Record messaging) - to the general public. ċ ċ
ċ ċ ċ
The CryptoParty idea was con ceived on August 22nd 2012 as the result of a ċ
ċ ċ ċ ċċ ċ ċ ċ ċ ċċ
casu al Twitter con versation between in form ation activist and Twitter identity ċ ċ
ċ ċ ċ ċ
Asher Wolf and com puter security experts in the wake of the Australian
ċċ ċ
Cybercrime Legislation Amendm ent Bill 2011.
ċ ċ ċ
"The DIY, self-organizing movem ent im m ediately went viral, with a dozen
ċ ċ ċ ċ ċ ċ
auton om ous CryptoParties being organized with in hours in cities through out ċ ċ
ċ
Australia, the US, the UK, and Germ any."
ċ ċ ċċ ċ ċ
Currently sixteen CryptoParties have been held in a dozen different cou ntries ċ ċ ċ
ċ
worldwide, and many more are plan n ed. Tor usage in Australia has spiked
ċ ċ ċ ċ ċ
after four CryptoParties, and the Lon don CryptoParty had to be moved from
ċ ċ ċ ċ
Lon don Hackspace to the Google cam pus to accomodate for the large numb ċČ
ċ ċ ċ
ers of eager participants, with 120 ticketed participants and 30 people on a ċ
ċ ċ ċ ċ ċ ċ
wait list. Similarly, CryptoParty Melbourn e found in terest outstripped venue ċ
ċ ċ ċ ċ ċ
capacity - originally plan n ed for approximately 30 participants - over 70 people ċ
ċ
turn ed up.
ċ ċ ċ ċ ċ
CryptoParty has received messages of support from the Electronic Fron tier ċċ
ċċ ċ ċ ċ
Foun dation, An onyOps, NSA whistleblower Thomas Drake, form er Wikileaks ċ
3
ċ ċ ċ
CryptoParty Hand book
ċ ċ ċ ċ ċ
Central editor Heath er Marsh, and Wired reporter Quinn Norton. Eric Hug ċČ
ċ ß ß ß ċ ċ ċ
hes, the auth or of A Cypherpunk's Manifes to twen ty years before, delivered a
ċ ċ ċ
keynote address at Amsterdam's first CryptoParty.
4
A CRYPTOPARTY MAN IFESTO Ò Ò Ò Ò
Z
"Man is least hims elf when he talks in his own pers on. Give him a Z
mask, and he will tell you the truth." - Oscar Wilde
ß
version 1
ċ
In 1996, John Perry Barlow, co-founder of the Electronic Front ie r Founda t ion, wrote ċċ ċċ
ċ ċ ċ ċ
'A De clara t ion of the Independe nce of Cyberspace'. It includes the following pas ċ ċ ċ ċČ
sage:
ßß ßß ß
Cyberspace con sists of transac t ions, relationships, and thought it self, arrayed like a ß ß
ß ß
standing wave in the web of our communicat ions. Ours is a world that is both every ß ßà
ß
where and nowh ere, but it is not where bodies live. ß
ß
We are creat ing a world that all may enter with o ut privilege or prejudice ac c orded by ß ß ß
ß
race, economic power, military force, or stat ion of birth. ß
ß ß
We are creat ing a world where an yone, an ywh ere may express his or her beliefs, no ß ß ß ß
ß ß ß
matt er how sin gular, with o ut fear of being co erc ed into silence or con f ormity. ßß ß ß ß
ċċ ċ ċ
Sixt e e n years later, and the Int ernet has changed the way we live our lives. It has ċ
ċ ċ
given us the com bined knowlege of humank ind at our fingert ips. We can form ċ ċ ċ
ċ
new re lationships and share our thoughts and lives with friends worldwide. We
ċ ċ ċ ċ
can organise, com m unicate and collaborate in ways never thought pos s ible. This is ċ
the world we want to hand down to our childre n, a world with a free int ernet. ċ ċ ċ
ċ ċ ċ ċ
Unf ort unate ly, not all of John Perry Barlow's vis ion has come to pass. Without ac ċ ċ ċČ
ċ ċ ċ
cess to online anonym ity, we can not be free from privilege or pre judice. Without ċ ċ
ċ ċ ċ
priva cy, free exp ress ion is not pos s ible. ċ
ċ ċċ ċ
The problems we face in the 21st Cent ury re quire all of humanity to work togeth ċ Čċ
ċ ċ ċ ċċ
er. The is s ues we face are are serious: climate change, ene rgy crises, state cen ċČ
ċ ċ
sorship, mass surveillance and on-going wars. We must be free to com m unicate ċ
ċ ċ ċ ċċ ċ ċ
and as s ociate without fear. We need to sup p ort op e ns ource projects which aim to
ċ
increase the ċ com m ons' knowledge ċ ċ ċ of technologies that we all ċ
de p end on
ċ ċ
http://opens ourceecology.org/wiki Cont ribute! ċ
ċċ
To rea lise our right to priva cy ċ ċ ċ ċ
and anonym ity online, we need peer-reviewed,
ċċ
crowd-sourced solut ions. Cryp t o provides ċ ċ ċ ċ ċ the op p ort unity to meetup and learn
ċċ
how to use these solut ions to give us all the means with which to as s ert our right ċ
ċ ċ ċ
to priva cy and anonym ity online. ċ
We are all users, we fight for the user and we strive to em p owe r the user. ċ ċ
ċ ß ċ ċ
We as s ert user requests are why com p ut e rs exist. We trust in the collect ive ċ ċ
ċ
wis dom of human ċ
be ings, not software ċ ċ ċ
vendors, corp ora t ions or govern ċČ
5
ċ ċ
CryptoParty Hand bookċ
ċ ċċ
ments. We re f use the shackles of digit a l gulags, lorded over by vass a l in ċ ċ Čċ
terests of governm ents ċ and ċ ċ
corp ora t ions. We are the Cyp herPunk ċ ċČ
Re
volutiona ries. ċ
ß ß ß ß
The right to person al an o nymity, pseudonymity and privac y is a basic human ß ß
ċ ċ ċ ċċ
right. These rights include life, libert y, dignity, security, right to a family, ċ ċ
ċ ċ ċ
and the right to live without fear or int imida t ion. No governm ent, organisa ċ ċ ċČ
tion or ċ
individua l ċ should ċ ċ
pre vent peop le from ċ ċ
access ing the technologyċ
ċ
which underscores these basic human rights.
ċ ċ ċ
Priva cy is the abs olute right of the individua l. Trans p arency is a re quire ċ ċ ċ ċ Čċ
ċ ċ ċ
ment of governm ents and corp ora t ions who act in the name of the peop le. ċ
ċ ċ
The individua l alone owns the right to their ident ity. Only the individua l ċ ċ ċ
ċċ
may choose what they share. Coe rcive at t empts to gain access to pers ona lċ ċ ċ ċ
ċ ċ ċ ċ ċ ċ
inf orm a t ion without exp licit cons ent is a breach of human rights.
ċ ċċ ċ ċ
All peop le are ent it led to cryp t ogra p hy and the human rights cryp t o tools ċ
ċ ċ ċ ċ ċċ
af f ord, re gardless of race, colour, sex, language, re ligion, polit ical or other op ċ Čċ
ċ ċ ċ ċ ċ ċ
inion, nationa l or socia l origin, prop ert y, birth, polit ical, juris dictiona l or in ċ ċ ċČ
ċ ċ ċ ċ ċ ċ
ternationa l status of the count ry or territory in which a pers on re s ides. ċ ċ
ċ
Just as governm ents should exist only to serve their citizens - so too, cryp ċČ
ċ ċ ċ ċ
togra p hy should be long to the peop le.Technology should not be lock ed away ċ
ċ
from the peop le.
ċ ċ ċ ċ
Surveillance cannot be separated from cens orship, and the slave ry it ent ails. ċ ċ
ċ ċ ċ ċ
No machine shall be held in servitude to surveillance and cens orship. Cryp t o ċ ċ
ċ ċ
is a key to our collect ive freedom.
ċ
Code is speech: code is human created language. To ban, cens or or lock cryp ċ ċČ
ċ ċ ċ ċ
togra p hy away from the peop le is to de p rive human be ings from a human
Those who would seek to stop the spread of cryp t ogra p hy are akin to the ċ ċ
ċċ ċ ċ
15th cent ury clergy seek ing to ban the print ing press, af raid their monop olyċ ċ ċċ
ċ
on knowledge will be underm ined. ċ ċ
6
HOW TO CRYPTOPARTY Ò Ò
Throw a party. All you need is a time, a date and a loca t ion. Add it to the ċċ
ċ ċ
wiki: cryp t opart y.org.
ċ ċ ċ ċċ
Make sure you have Int ernet connect ivity and enough power sources for allċ ċ
ċ ċ ċ
de vices. If you do not have a place to hold a Cryp t oPart y, find a pub or park
ċ
where you can meet and squeeze the public bandwith. That will rea lly hone ċċ
your skills!
ċ ċ
Bring usb sticks and print ed handouts for those who need them, and set up
ċ ċ ċ
old com p ut e rs for peop le to fiddle with and try out new skills.
ċ
Talk about Linux to every one you meet at your Cryp t oPart y. If you are new ċ ċ
ċ ċ ċ
to Cryp t oPart ies - ask some one "what is Linux?" ASAP.
ċ ċ ċ
Make entry free for all if pos s ible - Cryp t oPart ies are not-for-profit, not
ċ ċ ċ ċċ ċ ċ ċ ċ
com m ercially aligned and es p ecially im p ort ant for those without other re ċ ċČ
ċ
sources.
ċ ċ ċ
Teach basic cryp t ograp hic tools to the mas s es. Crowd-source the best cryp ċČ
ċ
to. We suggest PGP, OTR, and Tor as the first tools to ins tall. ċ
ċ ċ
Invite exp erts and non-experts from all fields. Every one ċ is an exp ertċ on
ċċ
some t hing.
ċ ċ ċċ
If you want Cryp t oPart y to do some t hing, start doing it. Organise organical ċ ċ ċ ċČ
ċ
ly and chaotically. Have no clear leadership. Urge peop le to take on a sudo ċ
ċ ċ
leadership role - take a tutoria l, fix the wifi, up date the wiki, or organise the ċ ċ
ċ ċ ċ ċ
next Cryp t oPart y. If some one claims othe rs are doing it wrong - invite them ċ
ċ
to nominate them s elves to do it bet t e r. ċċ
ċ ċ
Ask for feedback. As s imilate critics - ask them for their help in creat ing a ċ
ċċ ċ ċ
bet t e r Cryp t oPart y. Do not be scared to troll the trolls back or boot them
ċ
from your space. Share feedback on the wiki. Iterate.
ċ ċ ċ ċ
A success f ul Cryp t oPart y can have as many or as few as two peop le. Size ċ
ċ
doesn't count, it's what you do with it that matt e rs. The criterion for success ċ ċ
ċ ċ ċċ
should be that every one had fun, learned some t hing and wants to come to
7
ċ ċ ċ
CryptoParty Hand book
ċ ċ ċ
Think of the Cryp t oPart y move m ent as a huge Twitt e r hive ready to swarm ċ
ċ
at any mom ent. Tweet a lot, and make your tweets are meaningf ul. Re ċ ċČ
ċ ċċ
tweet other Cryp t oPart ie rs frequent ly. ċ
ċ
Make sure the way cryp t o is taught at your party could be understood by a ċ
10 year old. Then have the 10 year old teach it to an 80 year old. Breach the
ċċ ċ ċ ċ
digit a l divide with random acts of awesome ness such as unf et t ered use of ċ ċ
ċ ċ ċ ċ ċ ċ
im a ges of kit t ehs in all Cryp t oPart y lit e ra t ure. Red underp ants on heads is ċ ċ
ċ ċ
only mandatory if you wish to bid in our spectrum auct ion. ċ
ċ ċ ċ ċ ċ
Cons ide r host ing private, off-the-radar Cryp t oPart ies for act ivists, journalists ċċ ċ ċ
ċ ċ ċ
and in individua ls work ing in dangerous loca t ions. ċ ċ ċċ
ċ
Don't scare non-technical peop le. Don't teach com m and lines be f ore peop le ċ ċ ċ
ċ ċ
know where the on-off but t ons are loca ted on their lap t ops. Every one learns ċ ċ
ċ
at their own pace - make sure there is sup p ort for those in need of help.
ċ ċ ċ ċ
Doing excellent stuff at Cryp t oPart y does not re quire perm iss ion or an of ċ ċ ċ Čċ
ċ ċ ċ ċċ ċ ċ
ficia l cons ens us de cis ion. If you're uncert ain about the excelle nce of some t h ċ ċ ċ ċČ
ing you want to do, you should ask some one else what they think. ċ
ċ ċ ċ ċ ċ ċ ċ ċ
Cons ide r the need for a bounce r, part icularly if your Cryp t oPart y exp ects
ċ ċ ċ ċ
over 50 peop le. Dress the bounce r up as a Sumo wrestle r. Do not be af raid
ċ ċ ċ ċ ċ
bounce peop le who breach Cryp t oPart y's anti-harrassment policy.
ċ ċ ċ ċ ċ ċ ċ ċ
Cryp t oPart y is de dicated to providing a harassment-free sharing exp erie nce
ċ ċ ċ ċ ċċ ċ ċ ċ ċČ
for every one, re gardless of gende r, sexua l orient a t ion, dis a bility, phys ical ap
ċ ċċ ċ ċ ċ
pearance, body size, heritage, or re ligion. Be having like an ars ehole may
ċ ċ ċ ċ ċ ċ ċ
mean you are perm anent ly univited to Cryp t oPart ies events. Harrass m ent
ċ
includes:
ċ ċ ċ ċ
hurt f ul or of f ens ive com m ents
ċ ċ ċ
de liberate int imida t ion
ċ ċ
direct or indirect threats
ċ
stalk ing
ċ ċ
following
ċ ċ ċ
ina pprop riate phys ical cont act ċ
ċ ċ ċ ċ ċ
unwelcome sexua l at t ent ion.
ċ ċ ċ ċ
Encourage a cult ure of sharing. Encourage advanced users to help not-so ad ċ ċČ
ċ
vanced ones. De legate.
8
How To CryptoParty ċ ċ
Use ċ
online ċ
meet ing ċ
plat f orms like mumble (e.g. ċ ċ
#cryp t opart y room on
ċ ċ
http://occupytalk.org/) when phys ical meetups are not pos s ible or im p ract ċ ċ ċČ
ical.
ċ ċ
Copy from other cryp t opart ies. Remix, Reuse and Share. Create a bas k et of ċ
ċ ċ ċ
old de vices peop le are willing to donate to more needy Cryp t oPart ie rs. ċ ċċ
ċ
Get the word out! Print post e rs and/or fly e rs and dis t ribute them in you ċ ċ
ċ ċ ċ
neighbourhood, post online vers ions to socia l net works and mail them to ċ ċ
ċ
friends, for them to dis t ribute the info even furthe r. ċ
ċ
Dont sell out to spons ors for pizza and beer money. Ask peop le to try and ċ
bring food and drink to share. Host Cryp t oPicnics as often as pos s ible. Make ċ ċ ċ
ċ
friends with librarians. They wield power over keys to local, public meet ing ċ ċ
ċ
rooms that may be free of charge to utilize. ċ
ċ ċ ċ
Invite all the peop le. Bring peop le togethe r who have a wide range of skills ċ
ċ ċ ċ ċċ
and int erests - musicians, polt ical pundits, act ivists, hack e rs, programm e rs, ċ ċ ċ
ċ ċ ċ ċ ċ
journalists, art ists and phils ophe rs. Spread the love.
ċ ċ ċ ċ ċ
Invite the grap hic de s igne rs and illustrators you know to cont ribute new ċ
ċ ċ ċ
ways to help peop le understand cryp t o.
ċ ċ ċ
Invite every one to share their knowledge and their skills. Individua ls with ċ ċ
ċ ċċ ċ ċ ċ
lit t le or no coding, programm ing, hack ing or cryp t o skills can change cul ċ ċ ċČ
ċ ċ ċ
tures by prom ot ing the idea that priva cy is a funda ment a l right. ċ ċ
Share music, beers, & chips. Bond togethe r over eclectic music, cheeseballs, ċ ċ
ċ ċ ċ
ins talling GPG, Truecrypt, OTR and Tor, as well as watching movies togeth ċ ċ ċČ
er. ċ ċ
We re com m end Hack e rs, ċ The ċ
Mat rix, Bladerunne r, ċ Tron, Wargames, ċ
ċ
Sneak e rs, and The Net.
phrases, memes.
ċ ċ ċ
When peop le at Cryp t oPart ies ask for advice on "hack ing the Gibs on" refer ċ ċ ċ
ċ
them to epis odes of 'My Lit t le Pony'. ċ
ċ ċ ċ
Create flie rs and advert ise using slogans like: "Crypt oPart ies: If there is hope, ß ß
ß ß ß
it lies in the pro les" and "Crypt oPart y like it's 1984." Cryp t oPart y all the th ċ ċ ċČ
ċ ċ
ings to avoid op p ress ion and de p ress ion. ċ ċ
9
ċ ċ
CryptoParty Hand book ċ
ċ
Seed Cryp t oPart ies ċ in your local com m unit ies ċ ċ - at ċ
nurs ing homes, scout
ċċ ċ ċċ
groups, music fes t iva ls, univers it ies, schools. Take Cryp t oPart y to isolated ċ ċ
and ċ
re m ote ċ ċ
com m unt ies. Make friends in far away places and travel
ċ ċ ċ
wheneve r pos s ible. Ask peop le in rural farm ing com m unit ies if they'd like ċ ċ ċ
ċ ċ
to Cryp t oPart y.
ċ ċ ċ ċ ċ
Share shim m ering op p ort unit ies of crowd-sourced priva cy: swap cheap, pre- ċ
ċ
paid sims, handsets and travel cards.
ċ
Create logos in bright pink and purp le, with hearts all over them. Prom ote ċ
ċ ċ ċ ċċ
Cryp t oPart ies to re bellious 13 year old girls. De clare success if re bellious 13 ċ ċ ċ ċċ
ċ ċ
year old girls de m and to at t end your part ies. ċ
ċ ċ ċ ċ
Be come friends with journalists. Invite them to your part ies. Teach them ċ
ċ ċ ċ
cryp t o. Do not scare them by dis cuss ing As s as s ina t ion Mark ets. ċ ċ ċ ċ
ċ ċ ċ
Strew Cryp t oPart y sigils across your city in 3am post-party raids. Make lots
ċ
of stick e rs, paste them every where. ċ
ċ ċ ċ ċ ċ
Exp erim ent, cons tant ly. Do not be af raid to make mis t akes. Encourage peo ċ ċ ċČ
ċ ċ ċ
ple to tink e r. As s ume all mis t akes are meant to made. Most peop le under ċ
ċ
intel agency scrutiny have electronic de vices already com p romised be f ore ċ ċ ċ ċ
ċ
they walk in the door. Teach peop le to ins tall tools from scratch, so they ċ
ċ
can do it on a new machine, away from pry ing eyes. ċ
ċ ċ ċ ċ
As s ume intel agencies send re p resent ative to Cryp t oPart ies. Acknowledge ċ ċ ċ
ċċ
their pre s e nce at the start of your meet ing, ask them to share their cryp t o ċ ċ
skills. Joke about ċ
para noia as often as ċ
pos s ible without ċ ċ ċ
ins tilling panic.
ċ
Wear tinf oil hats.
ċ ċ
Be excellent to each other and cryp t opart y on. ċ ċ
10
WHY PRIVA CY MATTERS Ò Ò
ċ ċ ċ
Privacy is a fundamental human right which is recogn ized in many cou ntries ċ ċ ċ ċ
ċ ċ ċ ċċ
to be a central part to in dividu al human dign ity and social values, much like ċ
ċ ċ
freedom of association and freedom of speech. Simply put, privacy is the ċ ċ
ċ ċ
border where we draw a line between how far a society can in trude into our ċ
ċ ċ
person al lives.
ċ ċ ċċ ċ ċ
Cou ntries differ in how they define privacy. In the UK for exam ple, privacy ċ ċ ċ
laws can be traced back to the 1300s when the En glish monarchy created laws ċ
ċ ċ ċ ċ
protecting people from eavesdroppers and peeping toms. These regulations ċ ċ ċ
ċ ċ ċ ċ
referred to the in trusion of a person K ċ
b s com fort and not even the King of ċ
ċ ċ
En gland could enter into a poor persons house with out their perm ission. ċ ċ ċ
From ċ ċ
this perspective, ċ
privacy is defined in ċ terms of ċ ċ
person al space and
ċ ċ ċ
private property. In 1880 American lawyers, Samuel Warren and Louis Bran ċ ċČ
ċ ċ
deis described privacy as the 'right to be left alone'. In this case, privacy is ċ
ċ ċ ċ ċ
syn onym ous with notions of solitude and the right for a private life. In 1948,
ċ ċ ċ ċ
the Universal Declaration of Human Rights specifically protected territorial ċ ċ ċ ċ ċ
ċ ċ
and com m unications privacy which ċ ċ
by that became part of con stitu tions ċ ċ
ċ ċ
worldwide. The European Com m ission on Human Rights and the European
ċ ċ ċ
Court of Human Rights also noted in 1978 that privacy en com passes the right
ċ ċ ċ ċ ċ ċ
to establish relationships with oth ers and develop em otion al well-being.
ċ ċ ċ ċ ċ
Today, a furth er facet of privacy in creasingly perceived is the person al data ċ ċ
ċ ċ ċ ċ ċ
we provide to organizations, on line as well as offline. How our person al data ċ ċ
ċ ċ
is used and accessed drives the debate about the laws that govern our be ċČ
ċ
havior and society. This in turn has knock-on effects on the public services ċ ċ
ċ ċ ċ ċ
we access and how businesses in teract with us. It even has effects on how we
ċ ċ ċ ċ
define ourselves. If privacy is about the borders which govern who we give
ċ ċ ċ
perm ission to watch us and track aspects of our lives, then the amount and
ċ ċ ċ ċ ċ ċ ċ ċ
type of person al in form ation gath ered, disseminated and processed is para ċ ċČ
ċ ċ
mount to our basic civil liberties.
ċċ ċ ċ ċ
An often heard argu m ent, when questions of privacy and an onym ity come ċ
ċ
up, goes along the lines of, "I only do boring stuff. Nobody will be in terested ċ ċ
11
ċ ċ ċ
CryptoParty Hand book
ċ ċ ċ
in it an yway" or, "I have noth ing to hide". Both of these statem ents are easily ċċ
ċ
defeated.
ċ ċ ċ ċ ċ ċ
Firstly, a lot of com pan ies are very in terested in what boring th ings you do ċ
ċ ċ ċ ċ ċ ċ ċ ċ
precisely so they have opportun ity to offer "excellent" products fitting in ċ ċČ
ċ ċ ċ ċ
terests. In this way their advertising becomes much more efficient - they are
ċ ċ ċ ċ
able to tailor specifically to assumed needs and desires. Secondly you do have
ċ ċ ċ
lots to hide. Maybe you do not express it in explicitly stated messages to ċ
ċ ċ ċ ċ
friends and colleagues, but your browsing - if not protected by the tech n iques ċ
ċ ċ
laid out in this book - will tell a lot about th ings you might rath er keep secret: ċ
ċ ċ ċ
the ex-partner you search for using Gogle, illnesses you research or movies ċ
ċ ċ
you watch are just few exam ples.
ċ ċ ċ ċ ċ
An oth er con sideration is that just because you might not have someth ing to ċċ
ċ ċ ċ
hide at this mom ent, you may very well in fu ture. Putting togeth er all theċ
ċ ċ ċ ċ ċ
tools and skills to protect yourself from surveillance takes practice, trust and a
ċ ċ ċ ċ
bit of effort. These are th ings you might not be able to ach ieve and con figure
right when you need them most and need not take the form of a spy movie.
ċ ċ ċċ ċ ċ ċ ċ ċ ċ
An obsessed, persistent stalker, for exam ple, is en ough to heavily disrupt your
ċ ċ ċ
life. The more you follow the suggestions given in this book, the less im pact ċ
ċ ċ ċ
attacks like this will have on you. Com pan ies may also stalk you too, fin ding ċċ
more and more ways to reach into your daily life as the reach of com puter ċ ċ
ċ ċ ċ ċ
networking itself deepens.
ċċ ċ ċ ċ ċ
Fin ally, a lack of an onym ity and privacy does not just affect you, but all the
ċ ċ ċ ċ
people around you. If a third party, like your in tern et service provider, reads ċ ċ
ċ ċ ċ
your email, it is also violating the privacy of all the people in your address
ċ
book. This problem starts to look even more dramatic when you look at the
ċ ċ ċ ċ ċ ċ
issues of social networking websites like Facebook. It is in creasingly com m on ċ ċ
ċ ċ ċ ċ
to see photos uploaded and tagged with out the knowlege or perm ission of the ċ ċ
ċ ċ
people affected.
ċ ċ ċ
While we en courage you to be active politically to main tain your right to ċ
ċ ċ ċ ċ
privacy, we wrote this book in order to em power people who feel that main ċČ
ċ ċ ċ ċ ċ ċ ċ ċ ċ
tain ing privacy on the In tern et is also a person al respon sibility. We hope
ċ
these chapters will help you reach a point where you can feel that you have
12
ċ ċ
Why Privac y Matters
ċ ċ
some con trol over how much other people know about you. Each of us has
ċ ċ ċ
the right to a private life, a right to explore, browse and com m unicate with
ċ ċ ċ ċċ ċ
oth ers as one wish es, with out living in fear of prying eyes.
13
ċ ċ ċ
CryptoParty Hand book
14
ABOUT THIS BOOK
ċ ċ ċ
The CryptoParty Han dbook was born from a suggestion by Marta Peirano ċ ċ
and Adam Hyde after the first ċ
Berlin ċ ċ
CryptoParty, held on the 29th of
ċ
August, 2012. Julian Oliver and Danja Vasiliev, co-organisers of the Berlin ċ
ċ ċ
CryptoParty along with Marta were very en thusiastic about the idea, seeing a ċ ċ ċ
ċ ċ
need for a practical working book with a low entry-barrier to use in sub ċČ
ċ
sequent parties. Asher Wolf, originator of the Crypto Party movem ent, was ċ ċ
ċ
then in vited to run along and the project was born. ċ
ċ
This book was written in the first 3 days of October 2012 at Studio Weise7, Be ċ ċ ċČ
rlin, ċ ċ
surroun ded by fine food, ċ
dubious wine and a small ocean of coffee ċ
ċ ċ
amidst a veritable snake pit of cables. Approximately 20 people were in volved ċ ċ ċ ċ
ċ
in its creation, some more than oth ers, some local and some far. ċ
ċ ċ
The writing system, Booksprint, prioritises minimising all obstruction to ex ċ ċ ċ ċČ
ċ ċ ċ ċ
pertise, making its way to the page and celebrating face-to-face discussion and ċ ċ
dynamic task-assignment. Just ċ ċ ċ
like Cryptoparties them selves.ċ The writing
ċ ċ ċ ċ
platform Booktype was chosen for the editing task, allowing such a ten tacular ċ ċ ċ
ċ ċ ċ ċ ċ
feat of parallel developm ent to happen with relative ease. Asher also opened a ċ
ċċ ċ ċ
cou ple of Titan P ad pages to crowdsource the Man ifesto and How to Cryp ċ ċ Čċ
ċ ċ ċ ċ ċ ċ ċ ċ
toParty chapters. All of it became the official Cryptoparty Han dbook at the
ċ ċ
end of October the 3rd.
The Book Sprint was 3 days in length long and the full list of on site par ċ ċČ
ċ
ticipants in cluded:
Adam Hyde (facilitator), Marta Peirano, Julian Oliver, Danja Vasiliev, Asher ċ
ċ
Wolf, Jan Gerber, Malte Dik, Brian Newbold, Bren dan Howell, AT, Carola ċ ċ
ċ
Hesse, Chris Pinch en with cover art (illustrations to come) by Emile Den icċ ċ ċ ċČ
haud.
ċ ċ
C RYPTOPARTY HANDB OOK C REDITS ċ 15
ċ ċ
CryptoParty Hand book ċ
ċ ċ
C RYPTOPARTY HANDB OOK C REDITS ċ
Facilitated by:
Adam Hyde
Core Team:
Marta Peirano
Asher Wolf
Julian Oliver ċ
Danja Vasiliev
Malte Dik
Jan Gerber ċ
Brian Newbold ċ
ß ß
As s is ted by:
ċ
Bren dan Howell
Teresa Dillon ċ
AT
Carola Hesse
Chris Pinch en ċ
'LiamO'
ċ
'l3lackEyedAn gels' ċ
'Story89'
Travis Tueffel ċ
Cover Image
ċ ċ
Emile Den ich aud
ċ
The manu als used in the second half of this book borrow from 2 books sprin ċ ċČ
ted by FLOSS Manu als : ċ
ċ ċ
"How to Bypass In tern et Cen sorship"2008 & 2010 ċ
Adam Hyde (Facilitator),Alice ċ ċ
Miller,Edward ċ
Cherlin,Freerk ċ
Oh ling,Janet
ċ ċ ċ ċ
Swish er,Niels Elgaard Larsen,Sam Ten n yson,Seth Schoen,Tomas Krag, Tom
16
About this book
ċ ċ ċ ċ
Boyle,Nart Villeneuve, Ronald Deibert,Zorrino Zorrinno, Austin Martin,Benċ ċ ċ ċ
Weissmann,Ariel Viera,Niels ċ
Elgaard ċ
Larsen,Steven ċ ċ
Murdoch,Ross ċ ċČ
An der
ċ
son,helen ċ
varley jamieson,Roberto ċ ċ
Rastapopoulos,Karen ċ ċċ
Reilly,Erinn
ċ
Clark,Samuel L. Ten n yson, A Ravi
ċ ċ ċ
"Basic In tern et Security" 2011
ċ ċ
Adam Hyde (Facilitator), Jan Gerber,DanHassan,Erik Stein, Sacha van Geffen, ċ
Mart van Santen,ċ Lon n ekeċ van der ċ
Velden, Emile den Tex and Douwe
Schmidt
ċ ċ ċ ċ ċ
All chapters © the con tributors un less oth erwise noted below.
17
ċ ċ ċ
CryptoParty Hand book
18
Email
Email
20
BASIC TIPS
ċ
Just as with other forms of com m unication on the web, some basic precau ċ ċ ċČ
ċ
tions always ought to be taken to en sure you have the best chan ce at protect ċ ċ ċ ċČ
ing your privacy. ċ
IN BRIEF :
ċ ċ ċ ċ ċ
Passwords shouldn't re late to pers ona l de t ails and should cont ain a mix of ċ
ċ
more than 8 lett e rs and other charact e rs. ċ
ċ ċ ċ
Always be sure your connect ion is secure when rea ding email on a wireless ċċ
ċ ċ ċ
net work, es p ecially in Int ernet cafes. ċ ċ
ċ ċ
Tem p ora ry files (the 'cache') on the com p uterthat you use to check your ċ
ċ
email can pre s ent some risks. Clear them often.
Create ċ
and maint ain separate ċ
email accounts ċ
for dif f erent tasks and in ċČ
terests.
ċ ċ ċ
Encrypt any mes s age you wouldn't feel com f ort a ble sending on a post card. ċ ċ ċċ
ċ
Be aware of the risks of having your email hos t ed by a com p any or or ċ ċ ċČ
ganiza t ion. ċ
PASSWORDS
ċ
Passwords are a primary point of vuln erability in email com m unication. Even ċ ċ ċ ċ
a secure password can be read in transit un less the con n ection is secure (see ċ ċ ċ ċ
HTTPS/SSL in the glossary). ċċ In ċċ
addition, ċ
just because a password is long
ċ ċ
doesn't mean it can n ot be guessed by using knowledge of you and your life to ċ
ċ ċ ċċ
determ ine likely words and numbers. ċ
ċ ċ
The general rule for creating passwords is that it should be long (8 characters ċ
ċ
or more) and have a mix of letters and other characters (numbers and sym ċ ċ ċČ
bols, which means you could just choose a short sen tence). Com bin ing your ċċ ċ ċ
ċ ċ
birthday with that of a family name is however a great exam ple of how not to ċ ċ ċ
do it. This kind of in form ation ċ ċ ċ is easy to find using public resources. ċ ċ ċ A
popular trick is to base it on a favourite phrase and then, just to throw people ċ
ċ
off, sprinkle it with a few numbers. Best of all is to use a password generator,
ċ
eith er on your local system or on line. ċ ċ
21
Email
ċ
Often such passwords are difficult to rem ember and a second point of vul ċ ċ Čċ
ċ ċ ċ
nerability is opened up physical discovery. Since there is no better means of ċ ċ ċċ
storing ċ a password than in your own brain, ċ
services like On ċČ
linepasswordgenerator ċ
(http://www.on linepasswordgenerator.com/) offer a
ċ ċ ċ ċ
great com prom ise by ran dom ly generating passwords that vaguely resemble ċ ċ ċ
ċ
words and present you with a list to choose from.
If you do choose to store your password outside your head, you have the ċ
ċ
choice to eith er write it down or use keychain software. This is always a risky ß ċ
ċċ ċ ċ
decision, especially if the email account and password are on the same deviceċ ċ
like your phone or com puter. ċ ċ
Keych ain ċ software, like Keepass, ċ
con solidates various ċ passwords and
password.
ċċ ċ
Fin ally, you should use a different password for different accounts. In that ċ ċ
ċ
way, if one of them gets hijacked, your other accounts rem ain safe. Never use ċ ċ
the same password for your work and private email accounts. See section ċ ċ
Passwords to learn more about how to scure yourself. ċ
ċċ
READING EMAIL IN ċ
PUBLIC PLACES
ċ ċ
One of the great con veniences of wireless networking and 'cloud com puting' ċ ċ ċ ċ
ċċ ċ ċ
is the ability to work an ywh ere. You may often want to check your email in
ċ ċ ċ ċċ
an In tern et cafe or public location. Spies, crimin als and mischievous types are ċ ċ ċ
ċċ
known to visit these locations in order to take advantage of the rich oppor ċ ċ ċČ
ċ ċ
tunities offered for ID theft, email snooping and hijacking bank accounts. ċ ċ ċ
ċ ċ
Here we find ourselves with in an often un derestimated risk of someone li ċ ċ ċ ċČ
ċ ċ ċ
sten ing in on your com m unications using network packet sniffing. It matters ß ß ß ċ
ċ ċ ċ
little if the network itself is open or password secured. If someone joins the ċ
ċ ċ ċ
same en crypted network, s/he can easily capture and read all uns ecured (see ċċ ċ ß
ċ Ò Ò ċ
chapter Secure Connect ion) traffic of all of other users with in the same net ċ ċČ
ċ
work. A wireless key can be acquired for the cost of a cup of coffee and gives ċ
22
Basic Tips
ċ
those that know how to capture and read network packets the chan ce to read ċ ċ ċ
your password while you check your email.
ċ ċ ċ
Here a sim ple general rule always applies: if the cafe offers a network cable ċ ċċ ċ
ċ ċ ċċ
con n ection, use it! Fin ally, just as at a bank mach ine, make sure no one ċ
ċ
watches over your shoulder when you type in the password.
C ACHE C UNNING ċ
ċ ċ ċ
Here again con venience quickly paves the road to bad places. Due to the
ċ ċ ċ ċ
general an n oyan ce of having to type in your password over and over again,
ċ
you ask the browser or local mail client to store it for you. This is not bad in
ċ ċ
itself, but when a laptop or phone gets stolen, it en ables the thief to access the ċ ċ ċ
ċ
owner's email account(s). The best practice is to clear this cache every time ċ
ċ
you close your browser. All popular browsers have an option to clear this ċ ċ
cache on exit.
ċ ċ ċ
One basic precau tion can justify you holding onto your con venient cache: ċ ċ
ċ ċ ċ
disk en cryption. If your laptop is stolen and the thief reboots the mach ine, ċ ċ ċ
ċ ċ
they'll be met with an en crypted disk. It is also wise to have a screen lock in ċ ċČ
ċ ċ ċ
stalled on your com puter or phone. If the mach ine is taken from you while ċ
ċ ċċ
still runn ing your existing browsing session, it can n ot be accessed. ċ ċ ċ ċ
SECURING ċ YOUR COM M UNICA TION ċ ċ
ċ
Whenever you write and send email in a browser or use an email program ċ ċ
ċ ċ ċ ċ
(Outlook Express, Mozilla Thun derbird, Mail.app or Mutt), you should always ċ
ċ ċ ċ
en sure to use en cryption for the en tire session. This is easily done due to the ċ ċ ċċ
popular use of TLS/SSL (Secure Socket Layer) con n ections by email servers ċ ċ ċ ċ
Ò Ò
(See glossary TLS/SSL).
ß
If using a brows er to check your email, check to see if the mail server sup ċ Čċ
ċ ċ
ports SSL sessions by looking for https:// at the beginn ing of the URL. If not, ċ ċ
be sure to turn it on in your email account settings, such as Gmail or Hot ċ ċ ċČ
ċ
mail.This en sures that not just the login part of your email session is en cryp ċ ċ ċČ
ċ
ted but also the writing and sen ding of em ails. ċċ ċ
ċ ċ
At the time of writing, Google's GMail uses TLS/SSL by default whereas Hot ċ ċČ
23
Email
ċ
mail does not. If your email service does not appear to provide TLS/SSL, then ċ ċ
ċ
it is advised to stop using it. Even if your em ails are not im portant, you might ċ ċ ċ
ċ ċ ċ
find yourself 'locked out' of your account one day with a chan ged password! ċ
ċ
When using an email program to check your email, be sure that you are
ċ ċ
using TLS/SSL in the program options. For in stan ce in Mozilla Thun derbird ċ ċ ċ ċ
ċ ċ ċċ
the option for securing your outgoing email is found in Tools -> Account Ò
Ò Ò Ò Ò
Sett ings -> Out going Serve r (SMTP) and for in com ing email in Tools -> ċ ċ
Ò Ò Ò Ò
Account Sett ings -> Serve r Sett ings. This en sures that the downloading ċ ċ
ċċ ċ ċ
and sen ding of email is en crypted, making it very difficult for someone on ċ ċ ċ
ċ ċ
your network, or on any of the networks between you and the server, to read ċ ċ
or log your email.
ċ ċ
ENCRYPTING THE EMAIL ITSELF ċ
ċ ċ ċ
Even if the line itself is en crypted using a system such as SSL, the email ser ċ ċČ
ċ ċ ċ
vice provider still has full access to the email because they own and have full ċ
ċ ċ
access to the storage device where you host your email. If you want to use a
ċ
web service and be sure that your provider can n ot read your messages, then ċ ċ ċ ċ
ċċ
you'll need to use someth ing like GPG (Appendix for GnuPG) with which Ò
ċ
you can en crypt the email. The header of the email however will still con tainß ċ ċ
ċ ċ
the IP (In tern et address) that the email was sent from alongside other com ċ ċČ
ċ ċ ċ ċ
promising details. Worth men tion ing here is that the use of GPG in webm ail ċ
ċ ċ ċċ ċ ċ
is not as com fortable as with a locally in stalled mail client, such as Thun ßà
derbird or Outlook Ex press. ß ß
ċ
A CCOUNT SEPARATION ċ
ċ ċ ċ
Due to the con venience of services like Gmail, it is in creasingly typical for ċ ċ ċ
ċ
people to have only one email account. ċ ċ
This con siderably centralises theċ
ċċ ċ
poten tial damage done by a com promised account. More so, there is noth ing ċ ċ
ċ ċ ċ
to stop a disgruntled Google em ployee from deleting or stealing your email, ċċ ċ
ċ ċ ċ
let alone Google itself getting hacked. Hacks happen. ċ ċ
ċ
A practical strategy is to keep your person al email, well, person al. If you have ċ ċ ċ ċ
a work email then create a new account if your em ployers haven't already ċ ċ ċ ċ
done it for you. The same should go for any clubs or organisations you be ċ ċ ċČ
24
Basic Tips
ċ ċ
long to, each with a unique password. Not only does this im prove security, by ċ
ċ ċ ċ ċ ċ ċ
reducing the risk of whole identity theft, but greatly reduces the likelihood of
ċ
spam dominating your daily email.
A ċ
NOTE ABOUT HOSTED EMAIL
ċ ċ
Those that provide you with the service to host, send, download and read
ċ ċ
email are not en cum bered by the use of TLS/SSL. As hosts, they can read and
ċċ ċ
log your email in plain text. They can com ply with requests by local law en ċČ
ċċ ċ ċ
forcem ent agen cies who wish to access email. They may also study your
ċ ċċ
email for patterns, keywords or signs of sen tim ent for or against brands,
ċ ċ ċ ċ
ideologies or political groups. It is im portant to read the EULA (End-user li Čċ
ċ ċ ċ ċ ċ ċ
cen se agreem ent) of your email service provider and do some background re ċČ
ċ ċ ċ ċ ċ
search on their affiliations and in terests before choosing what kind of email
ċ ċ ċ
con tent they have access to. These con cerns also apply to the hosts of your
ċ ċ
messages' recipients.
25
Email
26
TYPES OF EMAIL
ċ ċ
The use of email alm ost always comes in two forms:
1. ċ
Email read, writt e n and sent in the browser (webm ail), or ß ċ
2. ċ
Email read, writt e n and sent using an email pro gram, like ß ċ
Mozilla Thun ċČ
derbird, Mail.App or Out look Exp ress. ċ ċ
ċ ċ
RE MOTE LY ċ
HOSTED EMAIL ('WEBMAIL'), ċ ċ ċ
RE S OURCED USING A WEB BROWS ċČ
ER
ß ċ
Email sent using the brows er, sometimes referred to as web m ail, typically as ċ ċ ß ċ ċČ
ċ ċ
sumes an account with a rem ote email host like Google (Gmail), Microsoft ċ ċ
ċ
(Hotm ail) or Yahoo (Yahoo Mail). The busin ess opportunities opened up by ċ ċ ċ ċ ċ
ċ ċ
hosting other people's email are many: con tact with other services offered by ċ ċ ċ
ċ ċ
the com pany, brand exposure and most im portantly, min ing your email for ċ ċ ċ ċ
ċ
patterns that can be used to evaluate your in terests someth ing of great value ċ ċċ
ċ ċ ċ ċ ċ
to the advertising in dustry (alongside certain Govern m ents). ċ ċ
ċ ċ ċ ċ ċ ċ
ċ
RE MOTE LY HOSTED EMAIL, RE SOURCED USING AN EMAIL PROG RAM OR
ß
Email sent using an email prog ram like Outlook, Thunderbird, Mail.App aso. ß ß
ċ ċ
can also be used with a webm ail service like Gmail or your com pany's email ċ
ċ ċ
service. In eith er case, email may still be downloaded onto your com puter but ċ ċ
ċ ċ
is retained on the email server (e.g. Gmail). Done this way, accessing email ċ ċ
ċ ċ
doesn't require the browser at all, but you are still using GMail, Hotm ail as a ċ
ċ ċ ċ ċ
service. The difference between storing email on your com puter with an ċ ċ ċ
ċ ċ ċ ċ
email program and having it stored rem otely on an email server (like Hotm ail, ċ ċ
ċ ċ ċ
GMail or your University's service) on the In tern et can appear con fusing at ċ ċ ċ ċ ċ
first.
ċ ċ
ċ ċ
EMAIL SENT AND RE CEIVED USING AN EMAIL PROG RAM , NOT STORED ON
ċċ ċ
Fin ally, email can also be sent to an email server but not stored there at all,
ċ ċ ċ ċ
merely volleyed onto its' destination as soon as the email reaches the email ċ
ċ ċ ċ ċ ċ
forwarding server. Google and Microsoft do not allow for this sort of setup.
ċ ċ ċċ ċ ċ
Rath er this is typically someth ing your university or com pany will provide for ċ ċ
you. Bear in mind that this comes with the risk of the email adm inistrator on ċ
ċ ċ ċ ċċ ċ
that system still secretly copying the email as it reaches and leaves the server. ċ
ċ ċ ċċ ċ
Generally, using webm ail alon gisde downloading it using an email program is ċ
ċ ċ ċ
the best approach. This approach adds redun dan cy (local backups) alongside ċ ċ
ċ ċ ċ ċ
the option to delete all email from the rem ote server once downloaded. The
ċ ċ ċ ċ ċ ċ ċ
latter option is ideal for con tent sen sitive in form ation where the possibility of ċ ċ
ċ ċ
account hijacking is high but risks total loss of email should the local mach ine ċ
ċċ ċ ċ ċ
go missing, with out backups. Secondly, when using an email program, we ċ
ċ ß ß
have the option of using Email Encryption such as the popular GPG, someth ċ ċČ
ċċ
ing not easily set up and used with browser-only webm ail services. In any ċ ċ
case, disk ċ ċen cryption on the local ċ
mach ine is high lyċ ċ ċ
advisable (Ap ÒÓ
pendixDisk Encrypt ion). Ò Ò
C ONTEXTċ ċ
CON SIDERA TIONS ċ
ċ ċ ċ
You may be a server adm inistrator yourself and run your own email service. ċ
ċ ċ
Or your email could be stored on your com pany or bosses' server. Fin ally you ċ ċċ
ċ ċ ċ ċ
may be using a service provided by a corporation, like Google (Gmail) or ċ
ċ ċ ċ ċ
Microsoft (Hotm ail). Each comes with its own in teresting mix of con sidera ċ ċČ
ċ ċ ċ ċ
tions that relates precisely to the basic fact that un less the email its elf is enß ċČ
ċ ċ ċ ċ ċ
crypted, the adm inistrator of the email server can still secretly copy the email
ċ ċ ċ ċ
the mom ent it reaches the server. It doesn't matter that you may be using
Ò
TSL/SSL (Appendix SSL) to login and check your email as this only protects ċ
ċ ċ ċ
the con n ection between your local mach ine and the server. ċ ċ
ċ ċ ċ
As always, if you know the risks and feel con cern ed it is wise to listen to ċċ
ċ ċ
them - don't send sen sitive email using a service you don't trust.
28
Ò Ò
Employer/Organisa tion Ò
Types of Email
Ò Ò
Employer/Organisa tion Ò
ċ ċ ċ ċ ċ ċ
Your em ployer or an organisation that you are in volved with is in a very good
ċ ċ
position to take advantage of your trust and read the em ails of your busin ess ċ ċ
ċ ċ
email account that is stored on their email server, perh aps in an effort to learn ċ ċ
ċ ċ ċ
about you, your motivations, agen das and in terests. Such cases of employer-
>employee ċ
spying are so ċ
typical they do not bear ċ
men tion. Your only
ċ ċ
measure against it is to use an email en cryption solu tion like GPG (Appendix ċċ Ò
GPG).
ċ ċ ċ ċ ċ
legally subject. A Malaysian GMail user, for in stan ce, risks exposing her in ċ ċ ċČ
ċ ċ
terests and in tents to a govern m ent she did not elect, not to men tion busin ess ċ ċ
ċ ċ ċ ċ ċ ċ
partn ers of Google in terested in expanding their market reach. ċ
29
Email
Non-profit
ċ ċ
Several non-profit web hosts offer free email accounts to organisations that ċ ċ
ċ
are them selves non-profit or philanthropic. Some of them even offer wikis,
ċ ċ ċ ċ
mailing lists, chats and social networks. A con sideration for organisations ċ ċ ċ
ċ ċ ċ ċ ċ ċ
working in a political field may be differences of in terests between the state in
ċ ċ ċ
which the email is hosted and the political in terests of the organisation using ċ ċ
ċ ċ ċ ċ
that service. Such risks would ideally be reflected in the End User Licen se Ag ċ ċ ċČ
ċ
reem ent.
Ò
Notes on email forward i ng Ò
Email forwarding ċ ċ ċ ċ
services provide the great ċ ċ
con venience of ċċ
'lin king' one
ċ ċ ċ ċċ
email account to an oth er as the user sees fit. This of cou rse is most com m on ċ Čċ
ċ ċ
ly used when an account holder is on holiday and would like email forwarded ċ
ċ ċ ċ ċ
from their work account to an oth er used during travel or oth erwise in ac ċ ċ ċ ċČ
ċ ċ ċ ċ
cessible outside the workplace. The risk with any extern al email forwarding ċ ċ
ċ ċ ċ ċ ċ
service is the same as with rem otely hosted em ails through Gmail for in stan ċ ċČ
ċ ċ ċ
ce: it can be copied and stored. Here email en cryption using a system such as ċ
Ò ċ ċ
GPG (Appendix GPG) will en sure that if it is copied at least it can n ot be ċ
read.
30
FEARS
ß
Who can read the email mes s ages that I have alr eady sent or received? ß ß
ß
Who can read the em ails I send when they travel acr oss the Inter net? ß ß ß
ß ß
Can the people I send em ails to share them with anybody? ß
ċ ċ ċ ċ
Em ails that are sent "in the clear" with out any en cryption (which means the
ċ ċ
vast majority of email sent and received today) can be read, logged, and in ċ ċČ
ċ ċ ċ
dexed by any server or router along the path the message travels from sen der ċċ
ċ ċ
to receiver. Assum ing you ċ ċ ċ ċ ċ ċ ċċ
use an en crypted con n ection (see glossary for
ċ ċ
TLS/SSL) between your devices and your email service provider (which everyċ ċ ċ ßà
ċ ċ ċ ċ
body should), this means in practice that the following people can still read
4. ċ
The re cipient's email service provide r ċ ċ ċ
5. ċ ċ
The int ended re cipient ċ
ċ ċ
### DI AGRAM HERE? ###
ċ ċ ċ ċċ ċ
Many webm ail providers (like Gmail) autom atically in spect all of the messages ċ
ċ
sent and received by their users for the purpose of showing targeted ad ċ ċ ċ ċČ
ċ ċ ċ
vertisem ents. While this may be a reason able com prom ise for some users ċ ċ
ċ ċ
most of the time (free email!), it is disturbing for many that even their most
ċ ċ ċ ċ ċ
private com m unications are in spected and in dexed as part of a hidden and ċ
ċ ċ ċ ċ ċ ċ
poten tially very in sightful profile main tained by a powerful corporate giant ċ ċ
ċ
with a profit motive.
ċ ċ ċ ċ
Additionally, somebody who can legally pressure the groups above could re ċ ċČ
ċ
quest or dem and:
1. ċ
logged meta-data about email (lists of mes s ages sent or re ceived by any ċ ċ
ċ ċ ċċ
user, subject lines, re cipients), in some juris t ict ions even without a warrant. ċ ċ
2. ċ ċ
mes s ages sent and re ceived by a specific user or group, with a warrant or ċ
31
Email
ċċ
court order in some juris t ict ions.
3. ċ ċ ċ ċ ċ ċ
a de dicated connect ion to sip hon off all mes s ages and traf f ic, to be ana lyzed ċ
ċ
and indexed off site.
ċ ċ ċ
In cases where a user has a busin ess or service relationship with their email
ċ ċ ċ ċ ċ
provider, most govern m ents will defend the privacy rights of the user against
ċ ċ ċ ċ ċċ ċ ċ
un auth orized and un warranted reading or sharing of messages, though often
ċ ċ ċ ċ ċ ċ ċ
it is the govern m ent itself seeking in form ation, and frequently users agree to
ċ ċ ċ ċ
waive some of these rights as part of their service agreem ent. However, when
ċ ċ ċ ċ ċ ċ
the email provider is the user's em ployer or academic in stitu tion, privacy ċ
ċ ċ ċ ċ ċ ċ
rights frequently do not apply. Depending on jurisdiction, businesses general ċČ
ċ ċ
ly have the legal right to read all of the messages sent and received by their
ċ ċ ċ ċ ċ
em ployees, even person al messages sent after hours or on vacation.
ċ ċ ċ
Historically, it was possible to "get away" with using clear text email because ċ
ċ ċ ċ
the cost and effort to store and index the growing volume of messages was
ċ ċ ċ ċ ċ
too high: it was hard en ough just to get messages delivered reliably. This is
ċ ċ ċċ ċ ċ ċ
why many email systems do not con tain mech an isms to preserve the privacy
ċ ċ ċ ċ
of their con tents.Now the cost of monitoring has dropped much faster than
ċ ċ ċ ċ ċ ċ
the growth of in tern et traffic and large-scale monitoring and in dexing of all
ċ ċ ċċ ċ ċ ċ ċ ċ
messages (eith er on the sen der or receiving side) is reason able to expect even
ċ ċ ċ
archiving/spying, blue coat, syrian monitoring, USA utah data center, USA
ċ ċ ċ
in tercept scandals]
ċ ċ ċ ċċ
For more about legal protections of email messages "at rest" (tech n ical term
ċ ċ ċ ċ ċ ċ ċČ
for messages stored on a server after having been delivered), especially re
ċ ċ ċ ċ
garding govern m ent access to your email messages, see:
https://ssd.eff.org/3rdparties/govt/stronger-protection(USA)
ċ ċ
http://en.wikipedia.org/wiki/ Data_Protect ion_Direct ive(EU) ċ
ċ ċ ċċ
Just like there are certain photos, letters, and creden tials that you would not
ċ ċ ċ
post "in the clear" on the In tern et because you would not want that in form a ċ ċ ċČ
ċ ċ ċċ
tion to get in dexed acciden tally and show up in search results, you should ċ
ċ
never send email messages in the clear that you would not want an em ployer ċ ċ
ċ ċ ċ ċċ
or disgruntled airport security officer to have easy access to. ċ
RANDOM
32
Ò ABUSE AND THEFT BY MALICIOUS HACKERSÒ Ò Ò
Fears
Ò
RANDOM ABUSE AND THEFT BY MALICIOUS HACKERS Ò Ò Ò
ß ß ß
What if someb ody gets com plete control of my email account? ß
ß ß ßß
I log g ed in from an ins ecure location... how do I know now if my account has ß
ß
been hacked?
ß
I've done nothing wrong... what do I have to hide?
ß
Why would anybody care about me?
ċ ċ ċ ċ ċ
Un fortunately, there are many practical, social, and economic in cen tives for ċ ċ
ċċ ċ ċ ċ
malicious hackers to break into the accounts of ran dom In tern et in dividu als. ċ ċ ċ ċ
ċċ ċ ċ ċ ċ ċċ
The most obvious in cen tive is identity and fin an cial theft, when the attacker ċ ċ
ċ ċ ċ
may be trying to get access to credit card numbers, shopping site creden tials, ċ ċċ
ċ ċ ċ ċ ċ
or banking in form ation to steal money. A hacker has no way to know ahead
ċċ ċ
of time which users might be better targets than oth ers, so they just try to ċ
ċ
break into all accounts, even if the user doesn't have an yth ing to take or is ċ ċ
ċ ċ ċ ċ ċ
careful not to expose his in form ation.
ċċ ċ ċ
Less obvious are attacks to gain access to valid and trusted user accounts to ċ ċ
ċ ċ ċ ċ
collect con tact email addresses from and then distribute mass spam, or to gain
ċ ċ ċ ċ
access to particular services tied to an email account, or to use as a "stepping ċ
ċ ċ ċ ċ ċ
stone" in soph isticated social en gineering attacks. For exam ple, once in con ċ ċ ċČ
ċ ċ ċ ċ
trol of your account a hacker could rapidly send em ails to your associates or ċ
ċ ċ ċċ ċ ċ
co-workers requesting em ergen cy access to more secured com puter systems. ċ ċ ċ
ċċ ċ ċ ċ
A final un expected problem affecting even low-profile email users, is the mass
ċ ċ ċ ċ ċ
hijacking of accounts on large service providers, when hackers gain access to ċ ċ
ċ ċ ċ ċ ċ
the hosting in frastructure itself and extract passwords and private in form a ċ ċ ċČ
ċ
tion in large chunks, then sell or publish lists of login in form ation in on line ċ ċ ċ ċ
ċ
markets.
Ò
TARG ETED Ò
ABUSE, HARASSM ENT, AND SPY ING Ò
ßß ß ß
Something I wrote infuriated a per s on in power... how do I protect myself? ß
ċ ċ ċ ċ ċ ċ
If you find yourself the in dividu al target of atten tion from powerful organiza ċ ċ ċČ
ċ ċ ċ ċ ċ
tions, govern m ents, or determ ined in dividu als, then the same tech n iques and ċ
ċċ ċ
prin ciples will apply to keeping your email safe and private, but addition al ċ ċ
ċ ċ
care must be taken to protect against hackers who might use soph isticated ċ
33
Email
ċ ċ ċ ċ ċ ċ ċ
tech n iques to un derm ine your devices and accounts. If a hacker gains con trol
ċ ċ ċ ċ ċČ
of any of your com puting devices or gets access to any of your email ac
ċċ ċ ċ ċ ċ ċČ
counts, they will likely gain im m ediate access both to all of your correspond
ċ ċ ċ ċ ċ
ence, and to any extern al services lin ked to your email account.
ċ ċ ċ ċ ċ
Efforts to protect against such attacks can quickly escalate into a battle of
ċ ċ
wills and resources, but a few basic guidelines can go a long way. Use specific
ċ ċ ċ
devices for specific com m unication tasks, and use them only for those tasks.
ċ ċ ċ ċ
Log out and shutdown your devices im m ediately when you are done using
ċ ċ ċ ċČ
them. It is best to use open software en cryption tools, web browsers, and op
ċ ċ ċċ ċ ċ ċ
erating systems as they can be publicly reviewed for security problems and
ċ
keep up to date with security fixes.
Ò Ò
Be wary of ope ning PDF files using Adobe Reade r or other proprieta ÒÒ Ò ÒÓ
ÒÒ ċ ċċ
ry PDF reade rs. Closed source PDF readers have been known to be used to
ċ ċ ċ
execute malign code em beded in the PDF body. If you receive a .pdf as an at ċ ċČ
ċ ċ ċ
tach m ent you should first con sider if you know the supposed sen der and if ċ ċċ
ċ ċ ċ
you are expecting a docu m ent from them. Secondly, you can use PDF readers ċ ċċ
ċ ċ
which have been tested for known vuln erabilities and do not execute code via ċ ċ
java script.
ċ
Linux: Evin ce, Sumatra PDF ċ
OS X: Preview ċ
ċ
Win dows: Evin ce ċ
ċ ċ ċ
Use short-term an onym ous throw away accounts with ran dom ly generated ċ ċ
passwords whenever possible. ċ ċ
Ò
WHEN ENCRYP TION GOES WRONG Ò
ß
What happens if I lose my "keys"? Do I lose my email?
ċ ċ ċ
Rigorous GPG en cryption of email is not with out it's own problems. ċ ċ
ċ ċ
If you store your email en crypted and lose all copies of your private key, you ċċ
ċ ċ ċ
will be absolutely un able to read the old stored em ails, and if you do not have ċ
ċ ċ ċ
a copy of your revocation certificate for the private key it could be difficult to ċ
34
Fears
"prove" that any new key you generate is truly the valid one, at least until the
ċ
origin al private key expires. ċ
ċ
If you sign a message with your private key, you will have great difficulty ċ ċ
ċ ċ ċ ċ
con vincing an ybody that you did not sign if the recipient of the message ever ċ
ċċ
reveals the ċ
message and ċċ
sign ature ċċ
publicly. The term for this is "non-
ċ ċ ċ ċ
deniability": any message you send sign ed is excellent evidence in court. Re ċċ ċČ
ċ ċ
latedly, if your private key is ever com promised, it could be used to read all
ċ ċ ċ
en crypted messages ever sent to you using your public key: the messages ċ ċ
ċ
may be safe when they are in transit and just when they are received, but any ċ
ċċ ċ ċ
copies are a liability and a gamble that the private key will never be revealed. ċ
ċ ċ ċ
In particular, even if you destroy every message just after reading it, an ybody ċċ ċ
ċ
who snooped the message on the wire would keep a copy and attempt to de ċ ċČ
ċ
crypt it later if they obtained the private key.
ċċ ċ ċ ċ
The solu tion is to use a messaging protocol that provides "perfect forward ċ ċ ċ
ċċ ċ ċ
secrecy" by generating a new unique session key for every con versation of ċ ċ ċċ
ċ ċ ċ ċ
exchan ge of messages in a ran dom way such that the session keys could not ċ
be re-generated after the fact even if the private keys were known. The OTR
ċ ċ ċ ċ ċċ
chat protocol provides perfect forward secrecy (http://en.wikipedia.org/wiki/ Čċ
ċ ċċ
Perfect_forward_secrecy) for real time in stant messaging, and the SSH pro ċ ċ ċ ċČ
ċ ċ ċ ċ
tocol provides it for rem ote shell con n ections, but there is no equivalent sys ċČ
tem for email at this time.
ċ ċ ċ ċ
It can be difficult to balan ce the con venience of mobile access to your private ċ
ċ
keys with the fact that mobile devices are much more likely to be lost, stolen, ċċ ċ
ċ ċ ċ ċ
or in spected and exploited than stationary mach ines. An em ergen cy or un ex ċ ċċ ċ ċ Čċ
ċ ċ
pected time of need might be exactly the mom ent when you would most ċ
ċ ċċ ċ
want to send a con fiden tial message or a sign ed message to verify your identċ ċ ċ ċČ
ċ
ity, but these are also the mom ents when you might be with out access to ċ ċ
ċ
your private keys if your mobile device was seized or not loaded with all your
keys.
35
Email
36
SECURE CON N ECTIONS Ò Ò
C AN ċ
OTHER PEOPLE READ ALONG WHEN I CHECK MY EMAIL?
ċ ċ ċ
As discussed in the Chapter Basic Tips, wheth er you use webm ail or anċ ċ
ċ ċ ċ ċ
email program you shold always be sure to use en cryption for the en tire sess ċ Čċ
ċ
ion, from login to logout. This will keep an yone from spying on your com ċ ċČ
ċ ċ ċ ċ
munication with your email provider. Thankfully, this is easily done due to ċċ
ċ ċ
the popular use of TLS/SSL con n ections on ċ
email servers (See appendix Ò
TLS/SSL).
ċ ċ ċ
A TLS/SSL con n ection in the browser, when using webm ail, will appear with ċ ċ
ċ ċ
'https' in the URL in stead of the stan dard 'http', like so:
https://gigglemail.com
ċ ċ
If your webm ail host does not provide a TLS/SSL service then you should ċ
ċ ċ ċ ċ ċ ċ
con sider discon tinu ing use of that account; even if your em ails them selves ċ ċ
ċ ċ ċ ċ ċ
are not especially private or im portant, your account can very easily be hac ċċ Čċ
ċ ċċ ċ
ked by "sniffing" your password! If it is not en abled already be sure to turn it
ċ ċ ċ ċ
on in your account options. At the time of writing, Google's GMail and Hot ċČ
ċ
mail / Microsoft Live both ċ ċ
autom atically switch your browser to using aċ
ċ ċ
secure con n ection.
ċ ċ
If you are using an email program like Thun derbird, Mail.app or Outlook, be ċ
ċ
sure to check that you are using TLS/SSL in the options of the program. See ċ
ċ Ò Ò Ò
the chapter Sett ing Up Secure Connect ions in the section Email Security. ċ Ò
N OTES
37
Email
N OTES
ċ ċ ċ
It's im portant to note that the adm inistrators at providers like Hotm ail or ċ ċ ċ
ċ ċ ċ
Google, that host, receive or forward your email, can read your email even if
ċ ċ
you are using secure con n ections. It is also worth noth ing that the private ċ
ċ ċ ċ
keys that Certificate Auth orities sell to web site own ers can sometimes end up ċ ċ
ċ ċ ċ
in the hands of govern m ents or hackers, making it much easier for a Man In ċċ
ċ ċ ċ ċ
The Middle Attack on con n ections using TLS/SSL (See Glossary for "Man in ċċ
ċ
the Middle Attack"). ċ An ċ ċ
exam ple is here, ċ ċ
im plicating America's NSA and
ċ ċ ċ
several email providers: http://cryptome.info/0001/nsa-ssl-email.htm
ßß ß
We also note here that a Vir tual Private Network also a good way of securing ċ
ċ ċ ċċ ċċ
your con n ections when sen ding and reading email but requires using a VPN ċ
ċ ċ ċ ċ
client on your local mach ine con n ecting to a server. See the chapter Virt u al ċ Ò Ò
Ò Ò
Private Net working in the Browsing section. Ò ċ
38
SECURE MESSAGE Ò
ċ ċ
It is possible to send and receive secure email using stan dard current email ċ ċ
ċ ċ
programs by adding a few add-ons. The essential function of these addons is ċ ċ ċ ċ
ċ
to make the message body (but not the To:, From:, CC: and Subject: fields) ċ
ċ ċ ċ ċ
un readable by any 3rd party that in tercepts or oth erwise gains access to your ċ ċ ċ
ċ ċċ
email or that of your con versation partn er. This process is known as encryp ċ ċ ß ßà
tion.
ċ ċ
Secure email is generally doneusing a tech n ique called Public-Key Cryptogra ċ ċ ß ßà
ċ ċ
phy. Public-Key Cryptography is a clever tech n ique that uses two code keys ċ ċ
ċ
to send a message. Each user has a pub lic key, which can only be used to en ß ċČ
ċ ċ
crypt a message but not to decrypt it. The public keys are quite safe to pass ċ
ċ ċċ
around with out worrying that somebody might discover them. The privateċ ċ ċ
ċ ċ
keys are kept secret by the person who receives the message and can be used ċ ċ
ċ ċ ċ
to decode the messages that are en coded with the match ing public key. ċ ċ
ċ
In practice, that means if Rosa wants to send Heinz a secure message, she ċ
ċ ċ
only needs his public key which en codes the text. Upon receieving the email, ċ ċ
Heinz then uses his private key to decrypt the message. If he wants to re ċ ċ ċČ
ċ
spond, he will need to use Rosa's public key to en crypt the respon se, and so ċ ċ ċ
on.
39
Email
ß ċ ċ
If you use a web m ail service and wish to en crypt your email this is more dif ċČ
ċ
ficult. You can use a GPG program on your com puter to en crypt the text ċ ċ ċ
using your publicċ key or you can use an add-on, like Lock The Text
ċ ċ
(http://lockthetext.sourceforge.net/). If you want to keep your ċ
messages
ċ ċ ċ
private, we suggest using a dedicated email program like Thun derbird in stead ċ ċ
ċ
of webm ail.
40
ċ
Browsing
ċ
Browsi ng
42
BASIC TIPS
IN B RIEF
ċ ċ ċ ċ
When you visit a webs ite you give away inf orm a t ion about yours elf to the ċ
ċ
site owner, unless pre caut ions are taken. ċ ċ
ċ ċ ċ ċ
Your brows ing on the Int ernet may be track ed by the sites you visit and
ċ
partne rs of those sites. Use anti-tracking software.
ċ ċ ċ ċ ċ
Visit ing a webs ite on the Int ernet is never a direct connect ion. Many comċ ċ Čċ
ċ ċ ċ ċ ċ
put e rs, owned by many dif f erent peop le are involved. Use a secure connec ċ ċČ
ċ ċ
tion to ens ure your brows ing can not be re corded. ċ ċ
ċ ċ ċ
What you search for is of great int erest to search provide rs. Use search an ċČ
ċ
onymis ing software to prot ect your priva cy. ċ ċ
ċ ċ ċ
It is wiser to trust Open Source brows e rs like Mozilla Firefox as they can be
ċċ
more rea dily security audited. ċ
YOUR ċ
BROWS E R TALKS ABOUT YOU BE HIND YOUR BACK ċ
ċ ċ ċ ċ ċ
All browsers com m unicate in form ation to the web server serving you a web ċ ċ
ċ ċ ċ ċ ċ
page. This in form ation in cludes name and version of the browser, referral in ċ ċ ċ Čċ
ċ ċ ċ ċ ċ ċ
form ation (a link on an oth er site, for in stan ce) and the operating system used. ċ ċ ċ
ċ ċ ċ ċ ċ
Websites often use this in form ation to custom ise your browsing experience,ċ ċ ċ ċ
ċ ċ
suggesting downloads for your operating system ċ ċ ċ ċ ċ
and form atting the web
ċċ ċ ċ
page to better fit your browser. Naturally however, this presents an issue as ċ ċ
ċ ċ ċ ċ ċ ċ
regards the user's own an onym ity as this in form ation becomes part of a larg ċ ċČ
ċ
er body of data that can be used to identify you in dividually. ċ ċ
ċ ċ ċ
Stopping the chatter of your browser is not easily done. You can, however, ċċ ċ
ċ ċ ċ ċ ċ
falsify some of the in form ation sent to web servers while you browse by alter ċ ċ ċČ
ċ
ing data con tained in the User Agent, the browser's identity. There is a veryċ ċ
ċ ċ ċ ċ
useful plugin for Firefox, for in stan ce, called User Agent Switcher that allows ß ċ
ċ ċ ċ ċ ċ
you to set the browser identity to an oth er profile selected from a drop down ċ
list of options.ċ
ċ Ò
See the section Tracking for guides as to how to stop web servers tracking ċ ċ
you.
SEARCHING ċ ċ
ON LINE CAN GIVE AWAY IN F ORM A TION ABOUT YOUċ ċ ċ
ċ ċ
When we search on line using services like Bing or Google our right to priva ċ ċČ
ċ ċ
cy is already at risk, vastly more so than asking a person at an In form ation ċċ ċ ċ ċ ċ
ċ
Desk in an airport, for in stan ce. ċ ċ
ċ ċċ
Com bined with the use of cookies and User Agent data this in form ation can ċ ċ ċ
ċ
be used to build an evolving portrait of you over time. Advertisers con sider ċ ċ ċ ċ
ċ ċ ċ ċ
this in form ation very valu able, use it to make assumptions about your in ċ ċ ċČ
ċ ċ
terests and market you products in a targeted fash ion. ċ ċ
ċ ċ ċ ċ
While some custom ers may sing the praises of targeted advertising and oth ers ċ ċ
ċ ċ ċ ċ ċ ċ ċČ
may not care, the risks are often misu n derstood. Firstly, the in form ation col
ċ ċ ċ ċ
lected about you may be requested by a govern m ent, even a govern m ent you ċ
ċ ċ ċ
did not elect (Google, for in stan ce, is an American com pany and so must ċ
ċċ ċ ċ ċ ċ ċ
com ply with American judicial processes and political in terests). Secondly ċ
ċ ċ ċ ċ ċ
there is the risk that merely search ing for in form ation can be misconstrued as ċ
ċ ċ ċċċ ċ ċ ċ ċ
in tent or political endorsem ent. For in stan ce an artist studying the aesthetics
ċ ċ ċ ċ ċ
of different forms of Religious Extrem ism might find him or herself in danger ċ ċ
ċ ċ ċ ċ
of being associated with support for the organisations studied. Fin ally there is ċċ
44
Basic Tips
ċ ċ
the risk that this hidden profile of you may be sold on to in suran ce agents, ċ ċ
ċ ċċ ċ ċ ċ ċ
provided to poten tial em ployers or other custom ers of the com pany whose ċ
ċ
search service you are using.
ċ ċċ
Even once you've en sured your cookies are cleared, your User Agent has been
ċ ċ Ò
chan ged (see above and chapter Tracking) you are still giving away one ċ
ċ ċ ċ ċ ċ ċ
crucial bit of in form ation: the In tern et Address you are con n ecting from (see ċ ċ
ċ Ò Ò
chapter What Happens When You Browse). To avoid this you can use an
ċ ċ ċ ċ Ò Ò
an onymising service like Tor (see chapter Anonymity). If you are a Firefox
ċ ċ ċ ċ ċ ß
user (recom m ended) be sure to in stall the excellent Goog le Shar ing addon, an ß
ċ ċ ċ
an onymiser for Google search. Even if you don't con sciously use Google, a ċ ċ ċ
ċ ċ ċ
vast number of web sites use a customised Google Search bar as a means of
ċ ċ ċ
exploring their con tent.
ċ
With the above said, there are no reasons to trust Google, Yahoo or Bing. Weċ
ċ ċ ċ ċ
recom m end switch ing to a search service that takes your right to privacy ċ
ċ
seriously: DuckDuckGo (http://duckduckgo. com/). ċ
MORE EYES THAN YOU CAN SEE
ċ ċ ċ
The In tern et is a big place and is not one network but a greater network of ċ ċ
ċ ċ ċ ċ ċ ċ ċ
many smaller in terconnected networks. So it follows that when you request a
ċ ċ ċ ċ ċČ
page from a server on the In tern et your request must traverse many mac ċ
ċ ċ ċ ċ ċ
hines before it reaches the server hosting the page. This journ ey is known as
ċ ċ ċ ċ
a route and typically in cludes at least 10 mach ines along the path. As packets
ċ ċ ċ ċ ċ ċ ċ ċČ
move from mach ine to mach ine they are necessarily copied into mem ory, re
ċ ċ
written and passed on.
ċ ċ ċ ċ ċ ċ
Each of the mach ines along a network route belongs to someone, norm ally a
ċ ċ ċ ċ ċ ċ ċ ċ
com pany or organisation and may be in en tirely different cou ntries. While
ċ ċ ċ ċ ċ ċ ċ ċ
there are efforts to stan dardise com m unication laws across cou ntries, the
ċ
situation ċ ċ ċ
is currently one of ċ ċ ċ
sign ificant jurisdiction al variation. So, while
ċ ċ ċ ċ
there may not be a law requiring the logging of your web browsing in your
ċ ċ ċ ċ
cou ntry, such laws may be in place elsewhere along your packet's route.
ċ ċ ċ ċ ċČ
The only means of protecting the traffic along your route from being recor
ċ ß ß ċ
ded or tam pered with is using end to end encryption like that provided by
45
Browsi ng ċ
ċ Ò Ò Ò ċċ
TSL/Secure Socket Layer (See chapt e r Encrypt ion) or a Virtu al Private Net ċČ
work (See chapt e r VPN). Ò
YOUR ċ
RIGHT TO BE UN KNOWN
ċ ċ ċ ċ ċ
Beyond the desire to minim ise privacy leakage to specific service providers, ċ ċ
ċ ċ ċ ċ ċ ċ ċ ċ
you should con sider obscuring the In tern et Address you are con n ecting from
ċ ċ Ò
more generally (see chapter What Happens When You Browse). The de Ò ċČ
ċ ċ ċ ċ
sire to achjieve such an onym ity spurred the creation of the Tor Project. ß
ċ ċ ċ ċ
Tor uses an ever evolving network of nodes to route your con n ection to a site
ċ
in a way that can n ot be traced back to you. It is a very robust means of en sur ċ Čċ
ċ ċ ċ ċ ċ ċ
ing your In tern et address can n ot be logged by a rem ote server. See the chapt ċČ
Ò Ò ċ ċ ċ
er Anonymity for more in form ation about how this works and how to get
ċ
started with Tor.
46
FEARS
ċ ċ
SOCAL N ETWORKING - WHAT ARE THE DANG E RS ? ċ
ċ ċ ċ ċ ċ
The phenomenon of In tern et based Social Networking has chan ged not just ċ
ċ ċ ċ
how people use the In tern et but its very shape. Large data centers around the ċ
ċ ċ
world, particularly in the US, have been built to cater to the sudden and vast ċ
ċ ċ ċ ċ ċ
desire for people to upload con tent about them selves, their in terests and their ċ
ċ ċ ċ
lives in order to participate in Social Networking. ċ
ċ ċ ċ
Social Networking as we know it with FaceBook, Twitter (and earlier Mys ċ ċċ Čċ
ċ ċ ċ
pace) are certain ly far from 'free'. Rath er, these are businesses that seek to de ċ ċČ
ċ ċ
velop upon, and then exploit, a very basic an xiety: the fear of social irrelevan ċ ċ ċČ
ċ ċċ ċċ
ce. As social an im als we can't bear the idea of missing out and so many find
ċ
them selves ċ
placing their ċ
most in timate ċ ċ
expressions onto a businessman's
ċ ċ ċ ċ ċ
hard-disk, buried deep in a data center in an oth er cou ntry - one they will
ċ
never be allowed to visit.
ċ ċ
Despite this many would argue that the social warmth and person al valida ċ ċ ċČ
ċ ċ ċ ċ ċ
tion acquired through en gagem ent with Social Networks well out-weighs the
ċċ ċ ċ ċ
poten tial loss of privacy. Such a statem ent however is only valid when the full
ċ
extent of the risks are known.
ċ ċ ċ ċ
The risks of Social Networking on a person's basic right to privacy are defined ċ ċ
by:
ċ ċ ċ
The scope and in timacy of the user's in dividu al con tribu tions. ċ ċ ċ
ċ ċ ċ ċ
A user post ing frequent ly and including many pers ona l de t ails con ċ ċ ċ ċČ
ċ ċ ċ ċ ċ
structs a body of inf orm a t ion of great e r use for targetted mark et ing. ċ ċ
ċ ċ
The preparedn ess of the user to take social risks. ċ
ċ ċ
ċ ċ ċ ċ
A user mak ing socia l connect ions uncritically is at great e r risk from ċ
ċ ċ ċ ċ ċ
pre dators and socia l engineering at t acks.
ċ ċ
The economic in terests and partn ers of the organisation providing the ċ ċ ċ ċ
ċ
service.
47
Browsi ng ċ
ċ ċ ċ
Com m is s ioned studies from clients, data mining, sent im ent ana lysis. ċ ċċ ċ
ċ ċ ċċ
Political/legal dem ands exerted by the State against the organisation in ċ ċ
ċ
the jurisdiction(s) in which it is resident. ċ
ċ ċ
Court orde rs for data on a part icular user (whethe r civilian or foreign ċ Čċ
er).
ċ ċ ċ ċ ċċ
Surveillance agendas by law enf orce m ent or partne rs of the organisa ċ ċ ċČ
tion.
ċċ ċ ċ ċ
Sent im ent ana lysis: project ions of polit ical int ent. ċ ċ
ċ
With these th ings in mind it is possible to chart a sliding scale between pro ċ ċ ċ Čċ
jects like ċċ
Diaspora and Facebook: the ċ
form er ċ
prom ises some level of or ċČ
ċ ċ ċ ċ ċ
ganisation al transparen cy, a com m itm ent to privacy and a general open n ess, ċ ċ ċċ
ċ
whereas Facebook proves to be an opaque com pany economically able to ċ ċ ċ
ċ
gamble with the privacy of their users and man age civil lawsuits in the in ċ ċ ċČ
ċ
terests of looking after their clients. As such there is more likelihood of your ċ
ċ ċ ċ ċ ċ
in teractions with a large Social Network service affecting how an In suran ce ċ ċ ċ ċ
ċ ċċ ċ ċ ċ ċ
com pany or poten tial em ployer con siders you than a smaller, more trans ċ ċČ
parent com pany. ċ
W HO CAN STEAL MY IDENTITY? ċ
ċ ċ
This question depends on the con text you are working with in as you browse. ċ ċ ċ ċ
ċ ċ
A weak and universal password presents a danger of multiple services from ċ ċ ċ ċ
ċ ċ ċ ċ
Social Networking, Banking, WebMail etc being account hijacked. A strong ċ ċ ċ
ċ ċ
and universal password on a wireless network shared with oth ers (wheth er ċ ċ ċ
ċ ċ ċ ċ
open or en crypted) is just as vuln erable. The general rule is to en sure you ċ ċ
have a strong password (see section on Passwords). ċ
Wireless net works Ò
ċ
Here we find ourselves amidst an often un derestimated risk of someone li ċ ċ ċ ċČ
ċ ċ ċ
sten ing in on your com m unications using network packet sniffing. It matters ß ß ß ċ
ċ ċ ċ
little if the network itself is open or password secured. If someone uses the ċ
ċ ċ ċ
same en crypted network, he can easily capture and read all un secured traffic ċċ ċ ċ ċ
ċ
of other users with in the same network. A wireless key can be acquired for ċ ċ
ċ
the cost of a cup of coffee and gives those that know how to capture and read ċ
48
Fears
ċ ċ ċ
network packets the chan ce to read your password while you check your
email.
ċ ċ ċ
A sim ple rule always applies: if the cafe offers a network cable con n ection, ċċ ċ ċ ċ
ċċ ċ
use it! Fin ally, just as at a bank mach ine, make sure no one watches over
ċ
your shoulder when you type in the password.
ċ ċ
in itself, but when a laptop or phone gets stolen, this en ables the thief to ac ċ ċ ċČ
ċ
cess the owner's email account(s). The best practice is to clear this cache ċ
ċ
every time you close your browser. All popular browsers have an option to ċ ċ
clear this cache on exit.
ċ ċ ċ ċ
One precau tion can justify you holding onto your con venient cache: disk en ċ ċČ
ċ ċ ċ
cryption. If your laptop is stolen and the thief reboots the mach ine, they'll be ċ ċ
ċ ċ
met with an en crypted disk. It is also wise to have a screen lock in stalled on ċ ċ ċ
ċ ċ ċ
your com puter or phone. If the mach ine is taken from you while still runn ing ċ
ċċ ċ
your existing user session, it can n ot be accessed. ċ ċ
Ò
Securing your line
ċ ċ
Whenever you log into any service you should always en sure to use en cryp ċ ċ ċ ċČ
ċ ċ
tion for the en tire session. This is easily done due to the popular use of ċċ
TSL/SSL (Secure Socket Layer). ċ
ċ
Check to see the service you're using (wheth er EMail, Social Networking or ċ ċ ċ ċ
ċ ċ
online-banking) supports TSL/SSL sessions by looking for https:// at the be ċ ċČ
ċ
ginn ing of the URL. If not, be sure to turn it on in any settings provided by ċ ċ
ċ ċċ ċ
the service. To better un derstand how browsing the World Wide Web works, ċ
ċ Ò
see the chapter What Happens When I Browse? Ò
ċ ċ ċ
Google and other search com pan ies may com ply with court orders and war ċċ ċ ċČ
ċ ċ ċ ċ ċ
rants targeting certain in dividu als. A web site using a customised Google ċ ċ
ċ
Search field to find con tent on their site may be forced to log and supply all ċ ċċ
ċ ċ ċ ċ
search queries to organisations with in their local juristiction. Academics, art ċċ ċČ
ċ ċ ċ ċ
ists and research ers are particularly at risk of being misu n derstood, assumed ċ ċ ċ
ċ ċ
to have motivations just by virtue of their apparent in terests. ċ ċ
W HO IS KEEPING ċ A ċ
RE CORD OF MY BROWSING ċ AND AM I ċ
ALLOWED TO
It is ċ
absolutely ċ ċ
with in your basic human rights, and ċ ċ
com m on ly con ċČ
ċ ċ ċ ċ
stitutionally protected, to visit web sites an onymously. Just as you're allowed ċ ċ
ċ ċ ċ
to visit a public library, skim through books and put them back on the shelf
ċ ċ ċ ċ
with out someone noting the pages and titles of your in terest, you are free to ċ
ċ ċ ċ
browse an onymously on the In tern et. ċ ċ
HOW ċċ
TO NOT RE VE A L MY IDENTITY?ċ
ċ
See the chapter on Anonymity. Ò Ò
HOW TO AVOID BEING TRACKED? ċ
ċ
See the chapter on Tracking. Ò
50
WHAT Ò
HAPPENS WHEN YOU BROW S E Ò
ċ ċ
Browsing the web is com m unicating. You might not send as much text inċ
ċ
terms of number of words, but it is always the browser which in itiates and ċ ċ ċ
ċ ċ ċ
main tains the com m unication by requesting the bits and pieces which are ċ ċ
ċ ċ ċ
woven into what is even tually displayed on your screen. ċ
ċ ċ
Browsers like Mozilla Firefox, Google Chrome, Opera, Safari & In tern et Ex ċ ċ ċ Čċ
ċ ċċ
plorer all work in a similar man n er. When we type a URL (e.g. "http://hap ċČ
ċ ċ
pybun n ies.com") in the adress bar, the browser requests the website (which is ċ ċ ċ
ċ
just a special kind of text) from a rem ote server and then transforms it into ċ ċ ċ
ċ ċ
colored blocks, text and im ages to be displayed in the browser win dow. To ċ ċ ċ
ċ
see the text the way the browser sees it, one just has to click on the View -->
ß
Page sour ce menu entry in the browser. What comes up is the same webpage ċ ċ
ċ ċ ċ ċ
but in HTML a lan guage main ly con cern ed with con tent, con text and links to ċ ċ
ċ ċ
other resources (CSS and JavaScript) which govern the way these con tents ċ
ċ
are displayed and beh ave. ċ
ċ
When the browser tries to open a webpage and assum ing there are no proxies ċ ċ ċ ċċ
ċ ċ
in volved the first thing it does is to check its own cache. If there is no past
ċċ ċ
mem ories of such website, it tries to resolve the name into an address it can ċ ċ
ċ ċ
actually use. It is an ċ ċ
in tern et program, ċ so it needs an ċ ċ
In tern et ċ
Protocol
address (IP address or just IP). To get this address it asks a DNS Server (kind ċ
ċ ċ ċ ċ
of a teleph one book for in tern et programs) which is in stalled in the router of ċ ċ ċ
ċ ċ ċ ċ
your in tern et access by default. The IP address is a numerical label assign ed ċ ċ ċ
ċ ċ
to every device in the (global) network, like the address of a house in theċ
ċ ċ
postal system and as the address of your home, you should be very careful to ċ
whom you hand out the IP address you are browsing from (by default this is: ċ ċ
ċ
to everyone). Once the IP address has been received, the browser opens a ċ ċ
ċ ċ ċ
TCP (just a com m unication protocol) con n ection to the destination host and ċ ċ ċ ċ
ċċ ċ
starts sen ding packages to a port at this address, typically no. 80 (ports are like ċ
ċ
doors to the servers, there are many but usually only a few are open), un less ċ ċ
ċ ċ ċ
an oth er path is specified. These packages travel through a number of servers ċ ċ
ċ ċ ċċ
on the in tern et (up to a cou ple of dozens depending on were the target ċ ċ ċ
ċ ċ
address is located). The server then looks for the requested page and, if found, ċ ċ
51
ċ
Browsi ng
ċċ ċ ċ ċ ċċ
delivers it using the HTTP protocol. (To prevent oth ers from reading or alter ċ ċČ
ing the data,TLS/SSL can be used to below HTTP to secure the con n ection) ċ ċ
ċ ċ ċ ċ
When the HTTP respon se arrives, the browser can close the TCP con n ection ċ ċ
ċ ċ ċ ċ
or reuse it for subsequent requests. The respon se can be one of many th ings, ċ
ċ ċ ċ ċ ċ ċ
from some sort of redirection or a classic In tern al Server Error (500). Providedċ
ċ ċ ċ ċ ċ ċ
the respon se proceeds as expected the browser will store the page in a cache
ċ ċ ċ ċ ċ ċ
for furth er use, decode it (un compress it if com pressed, ren dered if video
ċ ċ ċ ċ ċ
codec, etc) and display/play it according to in structions.
ċ ċ ċ ċ ċċ ċ
Now, the process can be illustrated in a little con versation between browser ċ
ċ
(B) and server (S):
B: "Hallo."
S: "Hey!"
ċ
B: "May I get that page with the happy bunn ies, please?"
ċ
B: "Oh, maybe you could also give me a big version of that picture of thatċ
ċ
bunny baby cuddling a teddy bear."
[...]
ċ ċ ċ ċ ċ
Note that there are lots of activities happen ing parallel to this TCP/IP exchan ċ ċČ
ċ ċ ċ ċ
ge. Depending on how you have con figured its options, your browser might ċ
ċ ċ ċċ ċ ċ ċ ċ
be adding the page to browser history, saving cookies, checking for plugins,
ċ ċ ċ ċ
checking for RSS updates and com m unicating with a variety of servers, all ċ
ċċ
while you're doing someth ing else.
Ò Ò
A topography of you: footprints
ċ ċ
Most im portant: you will leave footprints. Some of them will be left on your
52
ċ
What happens when you browse ċ
ċ ċ ċ ċ
own com puter a collection of cache data, browsing history and naughty little ċ ċċ ċ
ċ ċċ ċ ċċ
files with eleph antic mem ory called cookies. They are all very con venient; ċ
speed up your browser's perform ance, ċ ċ ċ ċ reduce your data download or re ċČ
ċ ċ ċ
member your passwords and preferences from Social Networks. They also ċ ċ
ċ ċ
snitch on your browsing habits and com pile a record of everywhere you go ċ ċ
ċċ
and everyth ing you do there. This should both er you if you are using a public ċ ċ
ċ ċ ċ ċ ċ
com puter station at a library, work at a cybercafe, or share your appartm ent ċ ċ ċ
with a nosey partn er! ċ
ċ ċ
Even if you con figure your browser to not keep a history record, reject cook ċċ ċ ċ ċ Čċ
ċ ċ ċ
ies and delete cach ed files (or allocate zero MB of space for the cache), you
ċ ċ
would still leave breadcrumbs all over the In tern et. Your IP address is recor ċ ċČ
ċ ċ ċ ċ
ded by default everywhere, by everyone and the packets sent are monitored
ċ ċ ċ ċċ ċ ċċ ċ
by an in creasing number of en tities - com m ercial, governmental or crimin al, ċ
along with some creeps and poten tial stalkers. ċċ ċ
ċ ċ ċ ċ ċ ċ ċ ċ
Dem ocratic goverm ents everywhere are redesign ing regulations to require ċ
ċ ċ ċ ċ ċċ
In tern et providers to keep a copy of everyth ing so they can have later access ċ
ċ ċ ß
to it. In the USA, section 215 of the American PAT RIOTact 'prohibits an in ßà
ß ß ß ß ß
dividual or or g anization from rev ealing that it has given records to the feder al ß ß
ß ß ß ß ß ß
governm ent, following an inv es tigation'. That means that the com pany you ċ
ċ ċ ċ
pay every month as a custom er to provide you with In tern et access can be or ċ ċ ċ ċČ
ċ
dered to turn over your browsing and email records with out your knowledge. ċ ċ ċ
ċ ċ
Most of the time, though, surveillance is not a 1984 affair. Google collects ċ ċ ċ
ċ
your searches along with your browser iden tification (user agent), your IP ċ ċ
ċ ċ
and a whole bunch of data that can even tually lead to your doorstep, but the
ċ ċ ċ ċ ċ
ultimate aim is usually not political repression but market research. Advertis ċ ċ ċ Čċ
ċ ċ
ers don't fuss about advertising space any more, they just want to know
ċċ
everyth ing about you. They want to know your ċ ċ
dietary and medicationċ
ċ
habits, how many children you have and where you take them on holidays;
how you make your money, how much you earn and how you like to spend
it. Even more: they want to know how you feel about stuff. They want to
ċ ċ
know if your friends respect those feelings en ough so that you can con vin ce ċ ċ ċ
ċ ċ ċ
them to chan ge their con sumption habits. This is not a con spiracy, but rath er ċ ċ ċ
ċ ċ ċ ċ ċ
the nature of In form ation Age capitalism. To paraphrase a fam ous observa ċ ċ ċ ċ Čċ
53
Browsi ng ċ
ċ ċ
tion of the current situation, the best minds of our generation are thinking ċ ċ
about how to make people click ads. ċ 4
ċ
Some people think ads can be ign ored or that having advertisers cater for ourċ ċ ċ ċ
ċ
specific needs is a win-win situation, because at least they are spam m ed with ċ ċ
ċ ċ ċ
th ings they may actually want. Even if that was the case (it isn't): should we
ċ ċ
trust Google with such in timate details of our life? Even if we trust Google to ċ ċ
'do no evil', it can still be bought by someone we do not trust; ben evolentLar ċ ċ ċČ
ċ ċ
ry Page an dSergey Brin could be overruled by their own Board, or their data ċ
ċ ċ
base be sequestered by a fascistic goverm ent. One of their 30,000 em ployees ċ ċ
worldwide could cut loose and run with our data. Their servers can be hac ċ ċČ
ked. And in the end, they are just in terested in their custom ers, the com panies ċ ċ ċ ċ ß ß
ß ß ß
paying for adv ertis ing. We are just the product being sold. ċ
ċ ċ ċ
Moreover; in the Social Networks our browsing habits are generating a Per ċ ċ ċČ
manent ċ
Record, a ċ ċ
collection of data so vast that the ċ ċ ċ
in form ation that
Facebook keeps about a given user alone can fill 880 pages. Nobody will be
ċ
surprised to learn that Facebook's purpose is not to make us happy again: if ċ
ċ
you are not paying for it, you're not the custom er, you're the product. But ċ ċ ċ
even if you don't care about their com m ercial goals, con sider this: the plat ċ ċċ ċ ċ ċČ
form ċċ ċ
has publicly adm itted hackers break into hundreds of thousands ofċ
ċ
Facebook accounts every day.
ċ
For a taste of what lurks beh ind the curtains of the websites you visit, in stall a ċ ċ ċ
ċ
plugin/add-on called Ghos ter y to your browser. ßß ċ It's like an x-ray-machine
ċċ ċ ċ
which reveals all the surveillance tech n ology which might be (and often is) ċ
ċ ċ ċ ċ ċ ċ
em bedded in a web page, norm ally in visible to the user. In the same line, Do
ß
Not Track Plus and Trackerblock will give you furth er con trol over on line ċ ċ ċ
ċ ċ ċ ċċ
tracking, through cookie blocking, persistent opt-out cookies, etc. Our follow ċċ ċ ċČ
ċ ß
ing chapter Tracking will equip you with expertise in such topics. ċ ċ
ċ ċ ċ
Even in between your com puter and the router, your packages can easily be ċ ċ
ċċ
ċ ċ ċ
in tercepted by an yone using the same wireless network in the casu al en viro ċ ċ ċ Čċ
ment of a cafe. It is a jungle out there, but still we choose passwords like
ċ ċ ċ ċ ċ
that right against the in trusions of goverm ents, corporations and an yone who ċ
ċ ċ ċ ċ ċ
attempts to disposses us. If we do not exercise those rights today, we deserve ċ ċ
ċ ċ
whatever happens tomorrow. ċ
1. ċ
If you are a Unix user, you can use the tcpdump com m and in the bash and
ċ
view real time dns traf f ic. It's loads of fun! (and dis t urbing)ċ ċ
2. See list of TCP and UDP port ċ
numbe rs(http://en.wikipedia.org/wiki/ ċČ
List_of_TCP_and_UDP_port_numbe rs) ċ
3. ċ ċ ċ ċ ċ ċ
If this exchange is hap p ening under an HTTPS connect ion, the process is ċ
ċ
much more com p licated and also much safer, but you will find out more
ċ ċ ċ ċ
about that in a most fas cinat ing chapt e r called Encryp t ion. ċ ċ
4. This Tech Bubble Is ß
Dif f erent(http://www.businessweek.com/magazine/ ßà
content/11_17/b4225060960537.htm), ċ
As hlee Vance (Businessweek
magazine)
55
ċ
Browsi ng
56
ACCOUNTS Ò AND SECURITY Ò
ċ ċ
When you browse, you may be logged into various services, sometimes at the ċ ċ ċ
ċ
same time. It may be a com pany website, your email or a social networking ċ ċ ċ ċ
ċ ċ ċ
site. Our accounts are im portant to us because high ly sen sitive in form ation ċ ċ ċ ċ ċ ċ
ċ
about us and oth ers is stored on mach ines elsewhere on the In tern et. ċ ċ ċ ċ
ċ ċ ċ
Keeping your accounts secure requires more than just a strong password (see
ċ
section Passwords) and a secure com m unication ċ ċ link with the server ċ via
ċ
browsers will store your login data in tiny files called cookies, reducing the ċ ß ß ċ ċ
need for you re-type your password when you recon n ect to those sites. This ċ ċ
ċ ċ
means that someone with access to your com puter or phone may be able to ċ ċ
ċ
access your ċ
accounts with out ċ having ċ to steal your password or do sop ċČ
histicated snooping. ċ
ċ
As smart phones have become more popular there has been a dramatic rise in
ċ ċ ċ
account hijacking with stolen phones. Laptops theft presents a similar risk. If ċ ċ
ċ
you do choose to have the browser save your passwords then you have a few
ċ ċ
options to protect yourself: ċ
ċ
Use a scre e n lock. If you have a phone and pre f e r an unlock pat t ern sys t em ċċ ċ ċ ċ
ċ ċ
get in the habit of wip ing the scre e n so an at t ack e r can not guess the pat ċ ċ ċČ
ċċ ċ
tern from finge r smears. On a Lap t op, you should set your screens ave r to re ċ ċ ċČ
quire a password as well as a password on start-up.
ċ ċ
Encrypt your hard disk. TrueCrypt is an open and secure disk encryp t ion ċ ċ
ċ ċ
sys t em for Windows 7/Vista/XP, Mac OS X and Linux. OSX and most Linux
ċ ċ ċ ċ
dis t ribut ions provide the opt ion for disk encryp t ion on ins tall. ċ ċ ċ
ċ ċ ċ ċ
Android De velop e rs: do not ena ble USB de bugging on your phone by de f ault. ċ ċ ċ
ċ ċ ċ ċ
This allows an at t ack e r using the Android adb shell on a com p ut e r to access ċ ċ ċ
ċ
your phone's hard disk without unlock ing the phone. ċ ċ
C AN ċċ
MALICIOUS WEB SITES TAKE OVER MY ACCOUNTS?
57
ċ
ċ
Browsi ng
C AN ċċ
MALICIOUS WEB SITES TAKE OVER MY ACCOUNTS? ċ
ċ ċċ ċ ċ
Those special cookies that con tain your login data are a primary point of vul ċČ
ċ ċ ċ ċ ċ ċ
nerability. One particularly popular tech n ique for stealing login data is called
ċ ċ ċ ċ ċ
click-jacking, where the user is tricked into clicking on a seemingly in n ocu ous
ċ ċ ċ ċ
link, executing a script that takes advantage of the fact you are logged in. The
ċ ċ ċ ċ ċ ċ ċČ
login data can then be stolen, giving the rem ote attacker access to your ac
ċ ċ ċċ ċ
count. While this is a very com plicated tech n ique, it has proven effective on
ċ ċ ċ ċ
several occassions. Both Twitter and Facebook have seen cases of login sessċČ
ċ ċ
ions being stolen using these tech n iques.
ċ ċ ċ ċ ċ
It's im portant to develop a habit for thinking before you click on links to sites
ċ ċ ċ ċ ċ ċ Čċ
while logged into your accounts. One tech n ique is to use an oth er browser en
ċ ċ ċ ċ
tirely that is not logged into your accounts as a tool for testing the safety of a
ċ ċ ċ
link. Always con firm the address (URL) in the link to make sure it is spelled
ċ ċ ċ
correctly. It may be a site with a name very similar to one you already trust.
ċ ċ
Note that links using URL shorten ers (like http://is.gd and http://bit.ly) preċČ
ċ ċċ ċ ċ
sent a risk as you can n ot see the actu al link you are requesting data from.
ċ
If using Firefox on your device, use the add-on NoScript http://noscript.netas
ß ċ
it mitigates many of the Cross Site Scripting tech n iques that allow for your co ċČ
ċ ċ ċ
okie to be hijacked but it will disable many fancy features on some web sites.
58
TRACKING Ò
ċ ċċ
When you browse the web tiny digital traces of your presence are left beh ind. ċċ ċ
ċ ċ
Many web sites harmlessly use this data to com pile statistics and see how ċ
ċ ċ
many people are looking at their site and which pages are popular, but some
ċ ċ ċ
sites go furth er and use various tech n iques to track in dividu al users, even ċ ċ
ċ ċ ċ ċ
going as far as trying to identify them personally. It doesn't stop there howev ċČ
ċ
er. Some firms store data in your web browser which can be used to track
ċ ċ ċ
you on other web sites. This in form ation can be com piled and passed on to ċ ċ
ċ ċ ċ
other organizations with out your knowledge or perm ission.ċ ċ ċ
ċċ ċ
This all sounds omin ous but really who cares if some big com pany knows ċ
about a few web sites that we have looked at? Big web sites com pile and use ċ
ċ ċ ċ ċ
this data for "beh avioral advertising" where ads are tailored to fit your in Čċ
ċ ċ ċ
terests exactly. That's why after looking at say, the Wikipedia entry for Major ċČ
ċ ċ ċ ċ
ca, one may sudden ly start seeing lots of ads for packaged vacations and party ċ
ċċ ċ
hats. This may seem in n ocent en ough, but after doing a search for "Herpes ċ
ċ
Treatm ents" or "Fetishċ ċ ċ ċ ċ
Com m unities" and sudden ly seeing listings for re ċċ ċČ
ċ ċ
levant products, one may start to feel that the web is getting a bit too familiar.
ċ ċ ċ ċ ċ
Such in form ation is also of in terest to other parties, like your in suran ce com ċ ċ Čċ
ċ
pany. If they know you have been looking at skydiving sites or forums for ċ
ċ ċ ċ ċ ċ ċ
con genital diseases, your prem iums may mysteriously start going up. Poten ti ċ ċČ
ċ ċ
al em ployers or landlords may turn you down based on their con cerns about ċ
ċ ċ ċ ċ
your web in terests. In extreme in stan ces, the police or tax auth orities may de ċ ċ ċČ
ċ ċ ċ ċ ċ
velop an in terest with out you ever having com m itted a crime, simply based ċ
ċ ċ ċċ
on suspicious surfing.
Every time you load a web page, the server ċ software on the web site
ċ
generates a record of the page viewed in a log file. This is not always a bad ċ
ċ
thing. When you log in to a website, there is a need for a way to establish ċ
ċ
your identity and keep track of who you are in order to save your prefer ċ ċČ
ċ ċ
ences, or present you with customized in form ation. It does this by passing a ċ ċ ċ ċ
ċ ċ
small file to your browser and storing a corresponding reference on the web ċ ċ ċ ċ ċ
ċ ċ ß
server. This file is called a cookie. It sounds tasty but the problem is that this ċ
ċ ċ ċ ċ ċ
in form ation stays on your com puter even after leaving the web site and may ċ
phone home to tell the owner of the cookie about other web sites you are ċ
ċ
visiting. Some major sites, like Facebook and Google have been caught using ċ
them to keep track of your browsing even after you have logged out. ċ ċ
ċ ċ ċ
Supercookies / Evercookie / Zom bie Cookies? ċ ċċ
HOW CAN I Ò
PREVENT TRACKING ? Ò
ċ
The simplest and most direct way to deal with tracking is to delete the cookie ċ ċ ċ
files in your browser: ċ
[show how in Firefox (tools->Clear Recent History...), chrome, IE, etc. ] ċ ċċ
ċ ċ
The lim itation to this approach is that you will receive new cookies as soon as ċ ċċ
ċ
you return to these sites or go to any other pages with tracking com ponents. ċ ċ
ċċ
The other disadvantage is that you will lose all of your current login sessions ċ ċ
ċ
for any open tabs, forcing you to type in usern ames and passwords again. A ċ
ċ ċ ċ ċ
more con venient option, supported by current browsers is private brows ing ċ ċ ß
ß ß
or incog nito mode. This opens a tem porary browser win dow that does not ċ ċ ċ ċ
ċċ
save the history of pages viewed, passwords, downloaded files or cookies. ċċ
ċ ċ ċ
Upon closing the private browsing win dow, all of this in form ation is deleted. ċ ċ ċ ċ
ċ
You can en able private browsing: ċ
[show how in Firefox (tools->Start Private Browsing), chrome, IE, etc. ] ċ
ċċ ċ ċ
This solu tion also has it's lim itations. We can n ot save bookm arks, rem ember ċ ċ ċ ċ
ċ
passwords, or take advantage of much of con venience offered by modern ċ ċ ċ
ċ ċ ċ
browsers. Thankfully, there are several plugins specially design ed to address ċ ċ ċ
60
ċ
Tracki ng
ċ ċċ ċ
flexibility, is Ghostery. The plugin allows you to block categories or in dividu ċ ċ ċ ċČ
ċ
al services that track users. Here's how you in stall Ghostery: ċ ċċ
ċ ċ
[screenshots here in stalling the plugin]
ċ ċ ċ ċ
An oth er option is to in stall an ad-blocking plugin like AdBlockPlus. This will
ċ ċ ċ
autom atically block many of the tracking cookies sent by advertising com pan ċċ ċ ċ ċ ċČ
ċ
ies but not those used by Google, Facebook and other web an alytics com pan ċ ċ ċČ
ċ
ies. [expand on this maybe, explain "web an alytics"] ċ ċ
HOW CAN I SEE WHO IS TRACKING ME? Ò
ċ ċ
The easiest way to see who is tracking you is to use the Ghostery plugin. ċċ
There is a small icon on the upper right or lower right corn er of your brows ċċ ċČ
ċ
er win dow that will tell you which services are tracking you on particular ċ ċ ċ
web sites.
ċ ċ
{ Suggestion: Add Abine.com's Do Not Track add-on. I suggest using both ċ
ċ ċ ċ ċ
Ghosterly and DNT, as occasionally they block a different cookie. Abine also ċ ċ
ċ ċ ċ ċ
has Privacy Suite, recently developed which can give a proxy teleph one and ċ
proxy email, similar to 10 Minute Mail or Guerilla Mail for fill- in em ails for ċ ċ
forms. }
A WORD OF WARNING . Ò
ċ
If you block trackers, you will have a high er level of privacy when surfing theċ ċ ċċ
ċ ċ ċ
net. However, govern m ent agen cies, bosses, hackers and un scrupulous net ċ ċ ċ ċ ċČ
ċ
work adm inistrators will still be able to in tercept your traffic and see what ċ ċ ċ
ċ
you are looking at. If you want to secure your con n ections you will need to ċ ċ
ċ ċ ċ
read the chapter on en cryption. Your identity may also be visible to other ċ ċ
ċ ċ ċ
people on the in tern et. If you want to thorough ly protect your identity while ċ ċ ċ
ċ
browsing, you will need to take steps toward on line an onym ity which is ex ċ ċ ċ ċČ
ċ ċ ċ
plained in an oth er section of this book.
61
ċ
Browsi ng
62
Ò
AN ONYMITY Ò
INTRO
ċ ċ ċ ċ ċ
Article 2 of the Universal Declaration of Human Rights states:
ċ ċċ
"Everyone is en titled to all the rights and freedoms set forth in this Declara ċ Čċ
ċ ċ ċ ċ
tion, with out distinction of any kind, such as race, colour, sex, lan guage, reċ ċČ
ċ ċ ċċ ċ ċ ċ ċ
ligion, political or other opin ion, nation al or social origin, property, birth or
other status.
ċ ċ ċ
Furtherm ore, no distinction shall be made on the basis of the political, juris ċ ċČ
ċ ċ ċ ċ ċ ċ ċ ċ
diction al or in tern ation al status of the cou ntry or territory to which a person ċ
ċ ċ ċ ċ
belongs, wheth er it be in depen dent, trust, non-self-governing or under any
ċ ċ
other lim itation of sovereignty.".
ċ ċ ċ ċ ċ
One way of en forcing this basic right in hostile en viron m ents is by means of
ċ ċ ċ ċ ċ
an onym ity, where attempts to con n ect an active agent to a specific person are ċ
ċ
blocked.
ċ ċ ċ ċ
Acting an onymously is also a great way to help oth ers with a high need for
ċ ċ ċċ ċ ċ
protection the bigger the herd of sheep, the harder it is to target a specific
ċ
one. An easy way to do so is by using TOR, a tech n ique which routes in tern etċ ċ
ċ ċ ċ ċ ċ ċ
traffic between users of a special software, thus making it un traceable to any
ċ ċ ċ ċ
specific IP address or person with out having con trol over the whole network ċ
ċ ċ ċ ċ ċ
(and nobody has that yet in the case of the in tern et). A high ly function al
ċ ċ ċ ċ
means to protect ones own identity is by using an onym ous proxy servers and ċ
ċċ ċ
Virtu al Private Networks (VPN).
PROXY
63
ċ
Browsi ng
PROXY
Z Z Z
"An ano nymize r or an ano nymo us proxy is a tool that attempts to Z ß
ß ß ß ß ß
make activ ity on the Inter net untraceable. It is a proxy [serv er] com puter ß ß ß ß
ß ß ß
that acts as an inter m ediar y and privacy shield between a client com puter ß ß ß ß
ß ß ß
and the rest of the Inter net. It accesses the Inter net on the user's behalf, ß ß ß
ß ß ß ß ß ß ß
protecting per s onal infor m ation by hiding the client com puter's identifying ß ß ß ß
ß ß ß
infor m ation." (http://en.wikipedia.org/wiki/Anonymizer) ß
ċ ċ
The main purpose beh ind using a proxy is to hide or to chan ge In tern et ċ ċ ċ
ċ ċ
address (IP address) assign ed to user's com puter. There can be a few reasons ċ ċ ċ
ċ
for needing to do so, for exam ple: ċ ċ
ċ ċ ċ ċ
To anonym ize access to part icular server(s) and/or to obf us cate traces left in ċ ċ ċ
the log files of a web-server. For ins tance a user might need/want to access ċ ċ ċ
ċ ċ ċ ċ
sens itive materia ls online (specia l materia ls, re s earch topics or else) without ċ ċ ċ
ċ ċ ċ ċ ċ ċ
triggering aut horit ies at t ent ion.
ċ ċ ċ ċ ċ ċ ċ
poration/governm ent can limit or com p lete ly re s trict Int ernet access for a
ċ ċ ċ ċ
part icular IP address or a range of IP addres s es. Hiding be hind a proxy will
ċ ċ ċ ċ ċ ċ
help to trick these filt e rs and access ot herwise forbidde n sites.
ċ ċ ċ ċ ċČ
To watch online video and streams banned in your count ry due to legal is
sues.
ċ ċ ċ ċ ċ ċ ċČ
To access webs ites and/or materia ls availa ble only for IP addres s es be long
ċ ċ ċ ċ
ing to a specific count ry. For exa m p le, a user wants to watch a BBC video
ċ ċ
stream (UK-only) while not re s iding in the UK.
ċ ċ ċ ċ ċ ċ ċ ċ
To access the Int ernet from a part ially banned/block ed IP address. Public IP
ċ ċ ċ ċ Čċ
addres s es can often have "bad re p uta t ion" (bandwidth abuse, scam or un
ċ ċ ċ ċ
solicited email dis t ribut ion) and be block ed by some web-sites and serve rs.
While a usual scenario would be to use proxy for accessing the Web (HTTP), ċ ċ
ċ ċ ċ ċ ċ
practically In tern et protocol can be proxied - i.e. sent via a rem ote server. Unċ ċ ċ ċČ
ċ ċ
like a router, proxy server is not directly forwarding rem ote user requests butċ ċ ċ ċ ċ ċ
ċ ċ
rath er mediates those requests and echos respon ses back to rem ote user's ċ ċ ċ
ċ ċ
com puter.
ċ ċ
Proxy (un less setup as "transparent") does not allow direct com m unication to ċ ċ ċ
64
ċ
Ano nym i ty ċ
ċ ċ ċ
the In tern et thus applications such as browsers, ċ chat-clients or download
ċ
applications need to be made aware of the proxy server (see Safer ċ Brow ßà
ß
sing/Proxy settings chapter) ċ
T OR
ß ß ß
"- Tor prev ents anyone from learning your location or brows ing habits. ßß ß
ß ß ß ß
- Tor is for web brows ers, ins tant mes s ag ing clients, rem ote logins, and ß
more.
ß
- Tor is free and open sour ce for Windows, Mac, Linux/Unix, and Anß ßà
droid."
(https://www.torproject.org)
ċ ċ ċ ċ ċ
Tor is a system in ten ded to en able on line an onym ity, com posed of client ċ ċ ċ
ċ ċ
software and a network of servers which can hide in form ation about users' ċ ċ ċ
ċċ ċ
locations and other factors which might identify them. Im agine a message ċ ċ ċ
ċ ċ ċ ċ ċ
being wrapped in several layers of protection: every server needs to take off ċ
ċ ċ ċċ
one layer, thereby im m ediately deleting the sen der in form ation of the previ ċċ ċ ċ ċ ċ ċČ
ous server.ċ
ċ ċ
Use of this system makes it more difficult to trace In tern et traffic to the user, ċ ċ ċ
ċ ċ ċ
in cluding visits to Web sites, on line posts, in stant messages, and other com ċ ċ Čċ
ċ ċ ċ ċ
munication forms. It is in ten ded to protect users' person al freedom, privacy, ċ ċ ċ
ċċ ċ ċ ċċ ċ
and ability to con duct con fiden tial busin ess, by keeping their in tern et activit ċ ċ ċ ċ ċČ
ies from being monitored. The software is open-source and the network is ċ
ċ
free of charge to use.
ċ ċ ċ
Tor can n ot and does not attempt to protect against monitoring the traffic en ċ ċ ċČ
ċ ċċ ċ
tering and exiting the network. While Tor does provide protection against ċ ċ ċ
ċ ċ ċ ċ ċ ċċ ċ
traffic an alysis, it can n ot prevent traffic con firm ation (also called end-to-end ċ
ċ ċ ß ß
correlation). End-to-End Cor r elation is a way of match ing an on line identity ċ ċ ċ
ċ
with a real person.
ċ ċ ċ
A recent case of this in volved the FBI wanting to prove that the man Jeremy ċ
ċ ċ
Ham m on was beh ind an alias known to be reson sible for several An onym ous ċ ċ ċ ċ ċ
ċ ċ ċ
attacks. Sitting outside his house, the FBI were monitoring his wireless traffic ċ ċ
ċ ċ
alongside a chat chan n el the alias was known to visit. When Jeremy went on ċČ
65
ċ
Browsi ng
ċ ċ ċ ċ ċ
line in his apartm ent, in spection of the wireless packets revealed he was using
ċ ċ ċ ċ
Tor at the same mom ent the suspected alias associated with him came on line ċ
ċ ċ ċ ċ ċ
in the surveilled chat chan n el. This was en ough to in criminate Jeremy and he
ċ
was arrested.
ċ ß ß ċ ċ
See section Safer Brows ing/Us ing Tor for setup in structions.
66
VPN
ċ
The way your data makes it to the desired server and back to your laptop ċ ċ
ċ ċ ċ
com puter or a mobile device is not as straightforward as it might first seem. ċ
Say, you are ċ ċ
con n ected to a wireless network ċ at home and ċċ
open ing a
ċ
wikipedia.org page. The path your request (data) takes will con sist of multiple ċċ ċ
ċ
middle points or "hops" - in network-architect term inology. At each of these ċ
ċċ
hops (which are likely to be more then 5) your data can be scooped, copied ċ
ċ ċ
and poten tially modified.
ċ
Your wireless net work (your data can be snif f ed from the air) ċ
ċ ċ ċ
Your ISP (in most count ries they are obliged to keep de t ailed logs of user ac ċ ċČ
ċ
tivity)
ċ ċ
Int ernet ċ ċ
Exchange Point (IXP) some where ċ on ċ ċ ċ
anothe r cont inent (usually ċ
more secure then any other hop)
ċ ċ
ISP of the host ing com p any that hosts the site (is probably keep ing logs) ċ ċ ċ
ċ ċ ċ ċ
Int erna l net work to which the serve r is connect ed ċ ċ
ċ
And multip le hops bet ween...ċ
ċ ċ ċ
ċ ċ ċ
Any person with physical access to the com puters or the networks which are
ċ ċ ċ ċ ċ ċ
on the way from you to the rem ote server, in ten tionally or not, can collect
ċċ ċ ċ ċ
and reveal the data that's passing from you to the rem ote server and back.
ċ ċ ċ ċ
This is especially true for so called 'last mile' situations - the few last leaps that
ċ ċ ċ ċ ċ ċ
an in tern et con n ection makes to reach a user. That in cludes domestic and
ċ ċ ċ ċ ċ
public wireless or wired networks, teleph one and mobile networks, networks
ċ ċ ċ
in libraries, homes, schools, hotels. Your ISP can not be con sidered a safe, or
ċ ċ ċ ċ ċ ċ
'data-neutral' in stan ce eith er - in many cou ntries state agen cies do not even
ċ ċ ċ ċ ċ ċ
require a warrant to access your data, and there is always the risk of in trusion
ċ ċ ċ ċ ċ
by paid attackers working for a deep-pocketed adversaries.
ċċ ċ ċċ
VPN - a Virtu al Private Network - is a solu tion for this 'last-mile' leakage. VPN
ċ ċ ċċ ċ ċ Čċ
is a tech n ology that allows the creaton of a virtu al network on top of an exist
ċ ċ ċ ċ ċ
ing in frastructure. Such a VPN network operates using the same protocols
ċ ċ ċċ ċ ċ ċ
and stan dards as the un derlying physical network. Programs and OS use it
ċ ċ ċ ċ ċ
transparently, as if it was a separate network con n ection, yet its topology or
ċ ċ ċ ċ
the way how network nodes (you, the VPN server and, poten tially, other
67
Browsi ng ċ
ċċ ċ ċ
mem bers or services available on VPN) are in terconnected in relation to the ċ ċ ċ ċċ
ċ
physical space is en tirely redefined. ċ ċ ċ
ċ ċ ċ
Im agine that in stead of having to trust your data to every single middle-man
ċ
(your local network, ISP, the state) you have a choice to pass it via a server of ċ
ċ ċ
a VPN provider whom you trust (after a recom m endation or research) - from ċ ċ ċ ċ
ċ
which your data will start its journ ey to the rem ote location. VPN allows you ċ ċċ ċ
ċ
to recreate your local and geo-political con text all togeth er - from the mo ċ ċ ċČ
ment your data leaves your com puter and gets into the VPN network it is ċ ċ ċ
fully secured with TSL/SSL type en cryption. And as such it will appear as ċ ċ ċ
ċ
pure ran dom noise to any node who might be spying after you. It is as if your ċ
ċ ċ
data was traveling in side a titanium-alloy pipe, un breakable on all the way ċ ċ
ċ ċ
from your laptop to the VPN server. Of cou rse one could argue that even tual ċċ ċ Čċ
ċ
ly, when your data is outside the safe harbour of VPN it becomes just as vul ċ ċ ċČ
ċ ċ ċ
nerable as it was - but this is only partially true. Once your data exits the VPN
ċ
server it is far away from you - way beyond the reach of some creeps sniffing ċ ċ
ċ
on the local wireless network, your venal ISP or a local govern m ent obsessed ċ ċ ċ
ċ
with anti-terrorism laws. A serious VPN provider would have their servers in ċ ċ ċ ċČ
ċ ċ ċ ċ ċ
stalled at a high-security In tern et exchan ge location, ren dering any physical ċċ ċ ċ ċ
ċ ċ
human access, tapping or logging a difficult task. ċ ċ
ßß ß ß
"Today everyt h ing you do on the In t ern et is monitored and we want to chan ge ß
ß
that. With our fast VPN service you get totally an o nymo us on the In t ern et. It's ß ß ß ß ß
ß ß
also possible to surf cen sored web sites, that your school, ISP, work or co u nt ry ß ß
ß
are blocking. [DarkVPN] will not only help peo ple to surf an o nymously, it also ß ß ß
ß ß ß
helps peo ple in co u nt ries like China to be able to surf cen sored web pages. ß
ß ß
Which is your democ ratic right. DarknetVPN gives all VPN users an an o nym ß ßà
ous IP address. All electronic tracks will end up with us. We do not save any
ß ß ß
log files in order to ac h ieve maximum an o nymity. With us you always surf ing ß ß ßß
ß ß
an o nymously, secure and en c rypt ed." ß ß
(http://www.darknetvpn.com/about.php) ß
ċ ċ ċ ċ ċ ċ
An oth er in teresting and often un derrated features of VPN is en coded in its ċ ċ
ċ ċċ
name - besides being Virtu al and Private it is also a Network. VPN allows one ċ ċ
ċ
not only to con n ect via the VPN server to the rest of the world but also to ċ
ċ ċċ
com m unicate to other mem bers of the same VPN network with out ever hav ċ ċ ċČ
ċ ċ
ing to leave the safety of en crypted space. Through this functionality Virtu al ċ ċ ċċ
68
VPN
ċ ċ ċċ
Private Network becomes someth ing like a DarkNet (in a broader sense of the ċ
ċ ċ ċ ċ ċ
definition) - a network isolated from the In tern et and in accessible to "oth ers". ċċ ċ ċ
ċ ċ ċ
Since a con n ection to VPN server, and thus the private network it facilitates, ċ
ċ ß ċ
require a key or a cer tificate, only "in vited" users are allowed. There is no ċ
ċ ċ ċ ċ
chan ce that In tern et stranger would gain access to what's on a VPN with out ċ ċ
ċ ċ ċ ċ
en rolling as a user or stealing someones keys. While not referred to as such, ċ ċ
ċ ß ċ
any corporate Intranet type of network is a DarkNet too.
ßß ß ß
"A vir tual private network (VPN) is a technology for using the Inter net or ß ß
ß ß ß ß
another ß
inter m ediate network to connect ß ß ß
com puters to isolated rem ote ß
ß ß
com puter ß networks that would ß ß
otherwise be ßß
inaccessib le.." ß
ß
(http://en.wikipedia.org/wiki/ V irtual_private_network) ß
ċ ċċ ċ ċ ß
Many com m ercia l VPN provide rs stress the an o nymity that their service provides. ß ċ ċ
ċ ċ ċ ċ ċ
Quot ing Ip redator.org page (a VPN service start ed by the peop le be hind The Pirate ċ ċ
ċ ß ß
Bay project): "You'll exc han ge the IP address you get from your ISP for an an o nymo us ß ß
ß ß ß ß
IP address. You get a safe/encrypt ed con n ec t ion bet ween your comput er and the In t er ß ß ß ßà
ċ ċ ċ ċ
net". Indeed, when you access the Int ernet via a VPN connect ion it does ap p ear as ċ ċ ċ
ċ ċ ċ
if the connect ion is originat ing from the IP address of IPredator serve rs. ċ ċ
ß ß
"You'll exc han ge the IP address you get from your ISP for an an o nymo us IP ß ß
ß ß ß
address. You get a safe/encrypt ed con n ec t ion bet ween your comput er and theß ß ß
ß ß
In t ern et."
ß
(https://www.ipredator.se)
69
ċ
Browsi ng
70
ċ ċ ċ ċ
Publishing and Distribution
ċ ċ ċ ċ
Pub l ishi ng and Distribution
72
Ò Ò
PUBLISHING AN ONYMOUSLY Ò Ò
ċ ċċ ċ ċ ċ
Wheth er you are an activist operating under a totalitarian regime, an em ċČ
ċ ċ ċ ċ ċ
ployee determ ined to expose some wrongdoings in your com pany or a ven ge ċ ċČ
ċ ċ ċ ċ
ful writer com posing a bitchy portrait of your ex-wife, you need to protect ċ
ċ ċ ċ ċ
your identity. If you are not collaborating with oth ers, the focus lies on an ċČ
ċ ċ ċ
onym ity and not en cryption or privacy. ċ
ċ ċ
If the message is urgent and the stakes are high, one easy way to just get it
ċ ċ ċ ċ
out quickly is going to an in tern et cafe one usually does not frequent, create
ċ ċ ċċ ċ
accounts specifically set up for the task, deliver the data and discard those ac ċČ
counts right after that. If you are in a ċ ċ
hurry, con sider MinċČ
ċ
tEmail(http://www.min temail.com/)or FilzMail(http://www.filzmail.com/),
ċ ċ ċ ċ
where your address will expire from 3 to 24 hours respectively. Do not do an ċČ
ċ ċ
yth ing else while you're there; don't check your gmail account, do not have a
ċċ ċċ
quick one on Facebook and clear all cache, cookies and history and close the
ċ ċ
browser before you leave.
ċ ċ ċ
If you keep these basic rules, the worst though high ly im probable thing that
ċ ċ ċ ċ ċ
could happen would be that the offered com puter is com promised and logg ċČ
ċ ċ
ing keystrokes, revealing passwords or even your face, in case an attached ċ
ċ ċ ċ ċ
webcam is rem otely operated. Don't do this at work or in a place where you
ċ ċ ċċ ċ ċ ċ
are a registered mem ber or a regular visitor, like a club or a library.
ċ ċ ċ ċ
If you want to main tain a con stant stream of com m unication and maybe even
ċ ċ ċ ċ ċ ċ ċ
establish an audience, this meth od quickly becomes quite cum bersome, and
ċ ċ ċ
you might also run out of un u sed in tern et cafes. In this case you can use a
ċ ċ ċ ċ ċ
mach ine you own, but, if you can n ot dedicate one especially to this purpose, ċ
ċ ċ ċ ċ ċ ċ
boot your com puter with a different operating system (OS). This can be easily ċċ
ċ ċ ċ
done by using a USB stick to boot a live operating system like TAILS, which
ċċ ċ ċ
comes with TOR en abled by default and in cludes state-of-the-art cryptograp ċ ċČ
ċċ
hic tools. In any case, use Tor to disgu ise your IP.
ċ ċ ċċ ċ
Turn off all cookies, history and cache options and never use the same profile ċ
ċ ċ ċ
or the same browser for other activities. Not only would that add data to your
ċċ
topography as a user in the Net, but it also opens a very wide win dow for ċ
73
ċ ċ
Pub l ishi ng and Distribution ċ ċ
ċ ċ
Today there are many publish ing possibilites, from cost-free blogging sites ċ ċ
(Blogspot, Tumblr, Wordpress, Iden ti.ca) to pastebins (see glossary) and some ċ ċ ċċ
ċ ċ ċ ċ
specifical l y catered to ano nym o us users like BlogACause. Glob al Voices Ad v ocac y rec om ċ ċ ċ ċ Čċ
ċ
mends using Wordpress through the Tor network. Keep a sane level of cynic i sm; they all act ċ
ċ ċċ ċ
in com m erc i al interests that you use for 'free' and so cannot be trusted at all, especial l y in ċ ċ ċ ċ
ċ
that they may be bound to the dem ands of a legal juristic tion that is not your own. All pro ċċ ċČ
ċ
vid ers are, when it comes down to it, traitors.
ċ ċ ċ ċ ċ
If reg istration with these serv ices req uires a worki ng email address, create one ded icated sol ċ ċČ
ċ ċ
el y to this purpose. AvoidGmail, Yahoo, Hotm ail and other big c om m ercial ċ ċ ċ platforms ċ
ċċ ċ
with a history of turn ing over their users and go for an specialized service li ċ ċČ
keHushmail(https://www.hushmail.com/). For more on ċ
an onym ous email,ċ
ċ ċ
please find the chapter An onym ous email in the previous section. ċ ċċ ċ
ċ
SEVERAL DON'TS
74
ċ ċ ċ
Pub l ishi ng Ano nymousl y ċ
ċ
SEVERAL DON'TS
Ò Ò
Don't re gist e r a domain. There are services that will protect your identity ċ ċ ċ
ċ
from a sim ple who is query, like An onym ous Speech or Silent Register, but ċ ċ ċ ċ
they will know who you are through your paym ent data. Un less you have ċ ċ
ċ ċ
the chan ce to purchase one in Bitcoins, limit yourself to one of the domains ċ
ċ
offered by your blogging ċ ċ
platform like ċ
yourblogn ame.blogspot.com and
ċ ċ
choose a setting outside your native cou ntry. Also, find a name that doesn't ċ ċ
give you away easily. ċċ If you have problems with ċ that, use a blog name
generator on line. ċ
Ò Ò
Don't open a social net work account associated to your blog. If you Ò Ò
ċ
must, keep the level of hygiene that you keep for blogging and never ever ċ
ċ
login while using your regular browser. If you have a public social network ċ ċ ċ ċ
ċ
life, avoid it all togeth er. You will even tually make a mistake. ċ ċ ċ
Ò
Don't upload video, photo or audio files with out using an editor to mod ċ Čċ
ify or erase all the meta data (photos con tain in form ation up to the GPS coor ċ ċ ċ ċ ċ ċČ
ċċ
dinates of the location the photo was taken at) that stan dard digital cameras, ċ ċċ
ċ ċ
smarphones, recorders and other devices add by default. The Metadata An ċ ċ ßà
ß ß
onymisation Toolkit might help you with that.
Ò Ò
Don't leave a hist ory. Add X-Robots-Tag to your http headers to stop the ċ
ċ ċ ċ ċ
search ing spiders from in dexing your website. That should in clude reposito ċ ċ ċ ċČ
ċ
ries like the Wayback Mach ine from archive.org. If you don't know how to do
Ò
Don't leave comments. If you must, man tain the levels of hygiene that you ċ ċ
ċ ċ
use for blogging and always logout when you're done and for god sakes do
not troll around. Hell hath no fury like a blogger scorn ed. ċ ċ
Ò
Don't expect it to last. If you hit the pot and become a blogging sen sation ċ ċ ċċ
(like Belle de Jour, the british PHD can didate that became a sen sation and soldċ ċ ċċ
a book and mused two TV shows about her double life as a high escort) there ċ ċ
ċ ċ ċ
will be a legion of journ alists, tax auditors and obsessive fans scrutinizing ċ ċ ċ
your every move. You are only human: they will get to you.
Ò Ò ċċ
Don't linge r. If you realize you have already made any mistakes but nobody ċ ċ
75
ċ ċ ċ ċ
Pub l ishi ng and Distribution
ċ ċ ċ
has caught you yet, do close all your accounts, un cover your tracks and start
ċ
a totally new identity. ċ ċ ċ ċ ċċ
The In tern et has in finite mem ory: one strike, and
76
Ò
AN ONYMOUS EMAIL Ò
ċ ċ
Every data packet traveling through the In tern et con tains in form ation about ċ ċ ċ ċ ċ ċ
ċċ ċ ċ
its sen der and its recipient. This applies to email as well as any other network ċ
ċ ċ ċ
com m unication. There are several ways to reduce iden tifying in form ation but ċ ċ ċ ċ ċ ċ
ċ
no way to rem ove it com pletely. ċ ċ
ċċ
SENDING FROM T HROW- AWAY EMAIL A CCOUNTS ċ
ċ
One option is to use a throw-away email account. This is an account set up at ċ ċ
ċ ċ
a service like Gmail or Hotm ail, used once or twice for an onym ous exchan ge. ċ ċ ċ ċ
ċ ċ
When sign ing up for the account, you will need to provide fake in form ation ċ ċ ċ ċ
ċċ
about your name and location. After using the account for a short amount of ċ
time, say 24 hours, you should never log in again. If you need to com ċČ
ċ
municate furth er, then create a new account. ċ
ċ ċ
It is very im portant to keep in mind that these services keep logs of the IP ċ
ċ
addresses of those using them. If you are sen ding high ly sen sitive in form a ċċ ċ ċ ċ ċ ċČ
ċ
tion, you will need to com bine a throw away email account with Tor in order ċ
keep your IP address hidden. ċ
ċ ċ
If you are not expecting a reply, then an an onym ous rem ailer like An onEmail ċ ċ ċ ċ ċ
ċ ċ ċċ
or Silentsender may be a useful solu tion. A rem ailer is a server that receives ċ ċ ċ ċ
ċ ċ ċ
messages with in structions on where to send the data and acts as a relay, for Čċ
ċ ċ
warding it from a generic address with out revealing the identity of the origin ċ ċ ċ ċČ
al sen der. ċċ This works best when com binedċ with an email ċ ċ
provider like
ċ
Hushmail or RiseUp who are specially set up for secure email con n ections. ċ ċ
ċ ċ
Both of these meth ods are useful, but only if you always rem ember that the ċ ċ ċ
ċ ċ ċ ċ
in term ediary him self knows where the origin al message came from and can ċ ċ
ċ
read the messages as they come in. Despite their claims to protect your ident ċ ċ ċČ
ċ ċ ċ
ity, these services often have user agreem ents that in dicate their right "to dis ċ ċČ
ċ ċ ċ ċ
close to third parties certain registration data about you" or they are suspected ċ ċ
ċ ċ ċ
to be com promised by secret services. The only way to safely use this tech ċ Čċ
ċ
nique is to not trust these services at all, and apply extra security measures: ċ
send via Tor using a throw-away email address.
77
ċ ċ
Pub l ishi ng and Distribution ċ ċ
ċ ċ
If you only need to receive email, services like Mailinator and Min tEmail give ċ
ċ ċ
you an email address that destroys itself after a few hours. When sign ing up ċ
ċ ċ
for any account, you should provide fake in form ation about your name andċ ċ ċ
ċċ ċ
location and protect yourself by using Tor. ċ
B E C ARE F UL ċ ABOUT WHAT YOU SAY!
ċ ċ
The con tent of your message can give away your identity. If you men tion de ċ ċ ċČ
ċċ ċ ċċ
tails about your life, your geography, social relations or person al appearan ce, ċ ċ ċ ċ
ċ ċ ċ
people may be able to determ ine who is sen ding the message. Even word ċċ ċ
ċ
choice and style of writing can be used to guess who might be beh ind an ċ ċČ
ċ
onym ous em ails. ċ
You should not use the same user name for different accounts or use a name ċ ċ
ċ ċ
that you are already lin ked to like a childhood nickname or a favorite book
ċ ċ
character. You should never use your secret email for norm al person al com ċ ċ ċ ċČ
ċ ċ ċ
munication. If someone knows your secrets, do not com u nicate with that ċ
ċ ċ
person using this email address. If your life depends on it, chan ge your secret ċ ċ
email address often as well as between providers. ċ ċ ċ
ċċ
Fin ally, once you have your whole your email set up to protect your identity, ċ ċ
ċ
van ity is your worst enemy. You need to avoid being distinct. Don't try to be ċ
ċ ċ ċ
clever, flam boyant or unique. Even the way you break your paragraphs is ċ
ċ ċ ċ ċ ċ
valu able data for iden tification, especially these days when every school essay
ċ ċ
and blog post you have written is available in the In tern et. Powerful or ċ ċ ċ Čċ
ċ ċ ċ
ganizations can actually use these texts to build up a database that can "fin ċČ
gerprint" writing. ċ
78
FILE SHARING Ò
ß ċċ ċ ċ
The term File Shar ing refers to the practice of sharing files on a network, ċ
ċ ċ ċ ċ ċ ċ ċ
often with widest possible distribu tion in mind. Un fortunately in recent years
ċ ċ ċ ċ
the term has come to be popularly associated with the distribu tion of con tent ċ
ċ ċ ċ ċ ċ ċ ċċ ċ ċ
registered under certain copyright licen ses that disallow the distribu tion of
ċċ ċ ċ ċċ ċ ċ ċ
copies (eg. supposed crimin al activity). Regardless of this new association, file
ċ ċ
sharing rem ains a vital tool for many world wide: from academic groups to
ċ ċ ċ ċ ċ
scien tific networks and open source software com m unities.
ċ ċ
In this book we wish to help you learn to privately distribute files, with other
ċ ċ ċ ċ ċ ċ ċ
con senting people, with out the con tent of that exchan ge known to oth ers or ċ
ċċ ċ ċ ċ
the transaction stopped by an extern al party. Your basic right to an onym ity ċ ċ
ċ ċ ċ
and to not be spied upon protects that. Suspicions that those th ings might ċ
ċ ċ ċ
have been stolen and are not yours to give does not un derm ine that same and
ċ
origin al right to privacy.ċ
ċċ ċ ċ ċ ċ ċ
The history of the in tern et is littered with attacks of different types on pub ċČ
ċ ċ ċ ċ ċ ċ
lication and distribu tion nodes, con ducted by different means (court order,
ċ ċċ ċ ċ ċ
Distributed Den ial of Service attacks). What such events have dem onstrated is
ċ ċ ċ ċċ ċ ċ
that if one wants in form ation to be persistently available and robust against
ċ ċ
attack, it is a mistake to rely upon a single node which can be neutralised.ċ
ċ ċ ċ ċ
This has recently been dem onstrated by the takedown of the direct download
ċ ċ ċċ ċ ċ
service Megaupload, whose disappearan ce led to the loss of massive amounts
ċċ ċ ċ ċ ċ ċČ
of its users' data, much of it extran eous even to the alleged copyright in fin ge
ċ ċ
ments which form ed the pretext for its closure. In similar vein ISPs will often
ċ ċ ċ ċ ċ ċ
take down web sites con tain ing disputed material merely because it is cheaper ċ
ċ
for them to do so than to go to court and have a judge decide. Such policies ċ
ċċ ċċ
leave the door open to groundless bullying by all man n er of com pan ies, or ċ ċ ċČ
ċ ċ ċ ċ ċ
ganisations and in dividu als ready and willing to make aggressive use of legal
ċ ċ ċ ċ ċ
letters. Both direct download services and ISPs are exam ples of centralised
ċ ċ ċ ċ
structures which can n ot be relied upon both because they are a single point
ċ ċ ċ ċ ċ
of failure for attack, and because their com m erical in terests are not align edċċ
with those of their users.
79
ċ ċ
Pub l ishi ng and Distribution ċ ċ
ċ ċ ċ ċ ċ
Spreading files through distribu tion, decentralising the data, is the best way
ċ ċ ċ ċ ċ
to defend against such attacks. In the following section two realms of filesh ar ċ ċ Čċ
ċ ċ ċ ċ
ing are profiled. The first are stan dard p2p tech n ologies whose tech n ical de ċ ċ ċČ
ċ ċ ċ ċ ċ ċ
sign is determ ined by the efficien cy of the networks in en abling speed of dis ċ ċČ
ċ ċ ċ ċ ċ
tribu tion and discovery of con tent through associated search mech an isms. ċċ
ċ ċ
The second focuses on I2P as an exam ple of a so-called darknet, its design ċ
ċ ċ ċ ċ ċ
prioritises security and an onym ity over other criteria offering a robust, if less
ċ ċ ċ
resource efficient, path to persistent availability. ċċ ċ
ċ ċ
The means of sharing files men tioned below are just some exam ples of the ċ ċ
ċ ċ ċ
many P2P tech n ologies that were developed since 1999. BitTorrent and Soul ċ ċ ċČ
ċ ċ
seek have very different approach es, both however were design ed for easy ċ ċ ċ
ċ ċ ċ
usability by a wide public and have sign ificant user com m unities. I2P is of ċ ċ
ċ ċ ċ
more recent developm ent, has a small user base.
Ò Ò ċ
Bit Torrent has become the most popular P2P file-sharing system. The con ċ ċČ
ċ ċ ċ
troversy that surrounds it nowadays ironically seems to help the com m un ity ċ ċ ċ
grow, while police, ċ
lobbied by powerfulċ ċ
copyright ċ
holdersseize ċ torrent-
ċ ċ
tracker server hardware and pursue their operators, sometimes to the point of ċ ċ
ċ
jailing them as in the case of The Pirate Bay.
Ò
Soulseek - while it has never been the most popular file-sharing platform, ċ
ċ ċċ
neith er did it ever have the am bition. Soulseek focuses on the exchan ge of ċ ċ ċ
ċ ċ ċ
music between en thusiasts, un derground producers, fans and research er. The ċ ċ ċ ċ
ċ ċ ċ
system and the com m un ity around it is com pletely isolated from the Web: ċ ċ
ċ ċ
Soulseek files can't be lin ked to. They are kept exclusively on the hard-disks ċ ċ
ċ ċ
of Soulseek users. The con tent of the network fully depends on how many ċ ċ
ċċ ċ ċ
mem bers are con n ected and what they share. Files are transferred only bet ċ ċ Čċ
ween two users at a time and nobody but those two users are in volved. Be ċ ċ ċČ
ċ ċ ċ
cause of this 'in troverted' character - and the specificity of its con tent - Soul ċ ċ ċČ
ċċ
seek has stayed out of sight of legislation and non-pro-copy copyright ad ċ ċČ
vocates.
ċ ċ ċ
I2P is one of several systems developed to resist cen sorship (oth ers in clude ċċ ċ ċ ċ
FreeNet and Tor) and has a much smaller user com m un ity, it is highlighted ċ ċ ċ
ċ ċ ċ ċ
here because of its in clusion of Bit Torrent functionality with in its basic in ċ ċ ċ ċČ
ċċ ċ
stallation. These systems can also be used to provide hidden services, amongst ċ ċ ċ
80
ċ
File Shari ng
ċ ċ ċ ċ ċ ċ ċ
oth ers, en abling you to publish web pages with in their en viron m ents.
ċ ċ
B ITT ORRENT
ċ ċ ċ ċ ċ
BitTorrent is a peer-to-peer (P2P) protocol that facilitates distribu tion of data
ċ ċ ċ ċ
stored across multiple nodes/participants of the network. There are no central ċ
ċ ċ ċ ċ
servers or hubs, each node is capable of exchanging data with any other
ċ ċ ċ
node, sometimes hundreds of them simultaneously. The fact that data is ex ċČ
ċ ċ ċ ċ
chan ged in parts between numerous nodes allows for great download speeds
ċ ċ ċ ċ ċ
for popular con tent on BitTorrent networks, making it quickly the defacto ċ ċ ċ
ċ
P2P file-sharing platform.
ċ ċ ċ ċ ċ
If you are using BitTorrent to circulate material of am biguouslegality, youċ ċ
ċ ċċ ċ ċ ċ ċ ċ
should know that en forcem ent agents typically collect in form ation on al ċČ
ċ ċ ċ ċ ċ ċ
legedly in fringing peers by participating in torrent swarms, observing and ċ ċ
ċ ċ ċ
documenting the beh aviour of other peers. The large number of users creates
ċ ċ ċ ċċ ċ ċ ċ
a difficulty for the en forcem ent system simply at the level of scaling up- there
ċ ċ ċ ċ
simply are not the resources to pursue every user.Any court case will require ċ
ċ ċ ċċ ċċ ċ ċ ċ
actu al evidence of data transfer between your client and an oth er (and usually ċ
ċċ ċ ċ ċ ċ
evidence of you uploading), it is en ough that you provide even part of the
ċ ċ ċ ċċ
file, not the file in its en tirety, for a prosecu tion to have legs.But if you prefer
ċ ċ
to lean towards greater cau tion, you should use a VPN to route your BitTor ċ ċČ
ċ ċ
rent traffic, as detailed in the Using VPN chapter. ċ
ċ ċ ċ ċ ċ ċ
Leech ing (downloading) of a file from BitTorrent network begins with a tor ßà
ß ċ ċ ċ ċ ċ ċ
rent file ormag net link. A torrent file is a small file con tain ing in form ation on
ċ ċ ċ
the larger files you want to download. The torrent file tells your torrent client
ß
the names of the files being shared, a URL for the tracker and a hash code,
ċ ċ ċ ċ ċ ċċ
which is a unique code representing, and derived from, the un derlying file -
ċ ċ
kind of like an ID or catalog number. The client can use that hash to find oth ċČ
ċ ċ ċ
ers seeding (uploading) those files, so you can download from their com put ċ ċČ
ċ ċ
ers and check the auth enticity of the chunks as they arrive. ċ
ß ċ
AMag net Linkdoes away with the need for a torrent file and is essentially a ċ ċ
ċ ċ ċ ċ ċ ċ ċ ċ
hyperlink con tain ing a description for that torrent, which your torrent client
ċ ċ ċċ ċ ċ ċ
can im m ediately use to start fin ding people sharing the file you are willing to
download. ċ ċ
Magn et links don't require a tracker, ċ ċ in stead they rely onDis ßà
81
ċ ċ ċ ċ
Pub l ishi ng and Distribution
tributed Hash Table(DHT) -which you can read more about inthe Glossary-
ß ß ċ
and Peer Ex chang e.Magn et links do not refer to a file by its location (e.g. by IP ċċ
ċ ċ
addresses of people who have the file, or URL) but rath er defines search para ċ ċ Čċ
ċ
meters by which this file can be found. When a magn et link is loaded, the tor ċ ċČ
ċ ċ ċ
rent client in itiates an availability searchwhich is broadcast to other nodes and ċ
ċ ċ ċ
is basically a shout-out "who's got an yth ing match ing this hash?!". Torrent ċ ċ
ċ
client then con n ects to the nodes which respon ded to the shout-out and be ċ ċ ċČ
gins to download the file.
ċ ċ ċ ċ ċ ċ ċ
BitTorrent uses en cryption to prevent providers and other man-in-the-middle
ċ ċ ċ
from blocking and sniffing your traffic based on the con tent you exchan ge. ċ ċ ċ
ċ ċ ċ
Since BitTorrent swarms (flocks of seeders and leech ers) are free for everyone ċ ċ
ċ ċ
to join it is possible for an yone to join a swarm and gath er in form ation about ċ ċ ċ ċ
ċ ċ ċ
all con n ected peers. Using magn et links will not prevent you from being seen ċ
ċ
in a swarm; any of the nodes sharing the same file must com m unicate bet ċ ċČ
ween each-other and thus, if just one of the nodes in your swarm is rogue, it
will be able to see your IP address. It will also be able to determ ine if you are ċ ċ
ċ ċċ
seeding the data by sen ding your node a download request. ċ
ċ ċ ċ ċ ċ
One im portant aspect of using BitTottent is worth a special men tion. Every ċ ċ
ċ
chunk of data that you receive (leech) is being in stantly shared (seeded) with ċ ċ
ċ ċ ċ
other BitTorrent users. Thus, a process of downloading transforms into a pro ċ ċ ċČ
ċ ċċ ċ ċ
cess of (in volun tary) publish ing, using a legal term -making available of that ß ß
ċ ċ
data, before the download is even com plete. While BitTorrent is often used to ċ ċ
ċ ċ
re-distribute freely available and legitimate software, moves, music and other
ċ ċ ċ ċ
materials, its "making available" capacity created a lot of con troversy and led ċ ċ
ċ ċ ċ ċ
to endless legal battles between copyright holders and facilitators of BitTor ċ Čċ
ċ ċ ċ
rent platforms. At the mom ent of writing this text, the co-founder of The
ċ
Pirate Bay Gottfrid Svartholm is being detained by Swedish policeafter an in ċ ċČ
ċ ċ ċ ċ
tern ation al warrant was issued against him.
ċ ċ ċċ ċ ċ
For these reasons, and a public relations cam paign by copyright holders, use ċ
of ċ ċ
BitTorrent ċ ċ ċ ċ ċ ċ
platforms has become practically an alogous to ċ
piracy. And
ċ ß ß
while the mean ing of terms such aspiracy, copyright and ownership in digital ß ċċ
ċ ċ ċ ċ ċ
con text is yet to be settled, many ordinary BitTorrent users have been already ċ
ċ ċ ċ
prosecuted on the basis of breaking copyright laws.
82
File Shari ng ċ
ċ
Most torrent clients allow you to block IP addresses of known copyright trolls ċ ċ
using blacklists. ċ ċ ċ
In stead of using public torrents one can also join closed ċ
ċ ċ ċ
trackers or use BitTorrent over VPN or Tor.
ċ
In situations when you feel that you should be worried about your BitTorrent ċ ċ ċ
ċ ċ ċ
traffic and it's an onym ity go through the following check-list: ċ ċ
ċ
Check if your torrent client sup p orts peer-blacklists. ċ
ċ ċ
Check if the peer-blacklist de f init ions are up dated on a daily basis. ċ
ċ
Make sure your client sup p orts all re cent prot ocols - DHT, PEX and Magnet ċ ċ ċ
links.
ċ ċ
Choose a torrent client that sup p orts encryp t ed peers and ena ble it. ċ ċ ċ
ċ ċ
Upgrade or change your torrent client if any of the above ment ioned opt ions ċ ċ
is not availa ble. ċ
ċ ċ ċċ
Use VPN connect ion to dis guise your Bit Torrent traf f ic from your ISP. Make ċ ċ ċ
ċ ċ ċ
sure your VPN provide r allows P2P traf f ic. See more tips and re com m enda ċ ċ ċ ċČ
tions in Using VPN chapt e r. ċ
Do not leech and seed stuff you don't know much about.
ċ ċ ċ
Be sus p icious of high rat ings and overly-positive com m ents re garding par ċ ċ ċ ċČ
ċ
ticular torrent link.
SOULSEEK ċ
ċ ċ
As a peer to peer (P2P) file sharing program, the con tent availableis deter ċ ċ
ċ Čċ
ċ
mined by the users of the Soulseek client, and what files they choose to share.
The ċ
network has historically had ċ ċ ċ ċ a diverse mix of music, ċ ċ ċČ
in cluding un
ċ ċ
derground and in depen dent artists, ċ ċ un released music, such as demos and
ċ ċ ċ ċ ċċ
mixtapes, bootlegs, etc. It is is en tirely fin an ced by donations, with no ad ċ ċČ
ċ
vertising or user fees.
ß ßß ß
"Souls eek does not endor s e nor condone the shar ing of copyrighted materi ß ß àß
als. You should only share and download files which you are legally al ß ßà
lowed to, or have ß
otherwise ß ß
received ß
per m iss ion ß to,
share."(http://www.souls eekqt.net) ß
ċ ċ ċ
Soulseek network depends on a pair of central servers. One server supports ċ ċ ċ ċ
ċ ċ
the origin al client and network, and the other supporting the newer network. ċ ċ ċ
ċ ċ
While these central servers are key to coordinating searches and hosting chat ċċ ċ ċ
83
ċ ċ
Pub l ishi ng and Distribution ċ ċ
ċ ċ
rooms, they do not actually play a part in the transfer of files between users, ċċ ċ
ċ ċ ċ
which takes place directly between the users con cern ed. ċ ċ
Users can search for items; the results return ed being a list of files whoseċ ċ ċ
names match the search term used. Searches may be explicit or may use ċ
ċ
wildcards/patterns or terms to be excluded. A feature specific to the Soulseekċ ċ ċ
ċ ċ ċ
search en gine is the in clusion of the folder names and file paths in the search ċ
ċ
list. This allows users to search by folder name. ċ
ċ ċ
The list of search results shows details, such as the full name and path of the
ċ
file, its size, the user who is hosting the file, togeth er with that users' average ċ
ċċ
transfer rate, and, in the case of mp3 files, brief details about the en coded ċ ċ
ċ
track itself, such as bit rate, length, etc. The resulting search list may then be ċ ċ
ċ
sorted in a variety of ways and ċ
in dividu al ċ files (or ċ
folders) chosen ċ for
download.
ċ ċ ċ ċ
Un like BitTorrent, Soulseek does not support multi-source downloading or ċ ċ
ċ
"swarm ing" like other post-Napster clients, and must fetch a requested file ċ ċ
from a single source. ċ
ċ
While the Soulseek software is free, a donation scheme exists to support the ċ ċ ċ
ċ ċ ċ
programm ing effort and cost of main tain ing the servers. In return for dona ċ ċ ċ ċ ċČ
ċ
tions, users are gran ted the privilege of being able to jump ahead of non-
donating users in a queue when downloading files (but only if the files are ċ
not shared over a local ċ
area network). The Soulseekċ ċ
protocol search al ċČ
ċ
gorithms are not published, as those algorithms run on the server. However ċ ċ ċ
ċ ċ ċ ċċ
several Open Source im plemen tations of server and client software exits for ċ
Linux, OS X and Win dows. ċ
ċ ċ ċ ċ
Regarding privacy and copyright issues Soulseek stand quite far away from ċ ċ
ċ ċ ċ
BitTorrent too. Soulseek has been taken to court only once, in 2008, but even
ċ ċ
that did not go an ywh ere. There are no in dications of Soulseek users ever ċ ċ ċ
being brought to court or ċ
accused of ċ ċ ċ ċ
illegal distribu tion of ċ
copyrighted
ċ
materials or any other 'digital-millenium' crimes.
ċ ċ
If you want to use the Soulseek network with some degree of real an onym ity, ċ ċ ċ
you will need to use it over a VPN.
I2P
84
ċ
File Shari ng
I2P
ċ ċ ċ
I2P began as a fork from the Freenet project, originally con ceived as a math od ċ
ċ ċ ċ ċ
for censorship-resistant publish ing and distribu tion. From their website: ċ
ċ ċ ċ ċ
The I2P project was form ed in 2003 to support the efforts of those try Čċ
ċ ċ ċ ċ ċ ċČ
ing to build a more free society by offering them an un cen sorable, an
ċ ċ ċ ċ ċ ċ ċČ
onym ous, and secure com m unication system. I2P is a developm ent ef
ċ ċ ċ ċ ċ ċ ċ
fort producing a low laten cy, fully distributed, auton om ous, scalable,
ċ ċ ċ ċ ċ
an onym ous, resilient, and secure network. The goal is to operate suc ċČ
ċ ċ ċ ċ ċ ċ
cessfully in hostile en viron m ents - even when an organization with
ċ ċċ ċ ċċ ċ ċ ċ ċ ċ
substan tial fin an cial or political resources attacks it. All aspects of the
ċ ċ ċ ċ
network are open source and available with out cost, as this should both
ċ ċ
assure the people using it that the software does what it claims, as well
ċ ċ ċ ċ ċ
as en able oth ers to con tribute and im prove upon it to defeat aggressive ċ
ċ ċ
attempts to stifle free speech.
http://www.i2p2.de/
ċ ċ ċ ċ
For a guide to in stalling the software and con figuring your browser see sec ċ ċČ
ċ ċ ċ ċ ċ
tion on Secure Filesh aring - In stalling I2P. Once com plete, on launch you will
ċ ċ ċ
be brought to a con sole page con tain ing links to popular sites and services. In ċ
ċċ ċ ċ ċ ċ
addition to the usual webpages (referred to as eeP sites) there are a range of
ċ ċ ċ ċ ċ ċ
applications services available ranging from the blogging tool Syn die to a built
ċ ċ ċ
in BitTorrent client which functions through a web in terface. ċ ċ
85
ċ ċ ċ ċ
Pub l ishi ng and Distribution
86
Secure Calls and SMS
Secure Calls and SMS
88
SECURE CALLS
ċ ċ ċ
Phone calls made over the norm al telecom m unications system have some ċ
ċ ċ ċ ċ ċ
forms of protection from third party in terception, i.e. GSM mobile phones
ċ ċ ċ ċ ċ ċ
teleph one providers are in creasingly forced to give govern m ents and law en ċ ċČ
ċ ċ ċ ċ ċċ
forem ent organisations access to your calls. In addition to this the en cryption ċ ċ
ċ ċ
used in GSM has been cracked and now an yone with en ough in terest and ċ ċ
capital ċ can buy the ċ
equipm ent ċ ċ
to in tercept calls. A GSM ċ ċ
In terceptor
ċ ċ
(http://en . intercept.ws/catalog/2087.html) is an off the shelf device to record ċ ċ
ċ ċċ ċ
mobile phone con versations when in the vicin ity of the call.Centralised or
ċ ċ ċ ċ
proprietary systems like Skype also en cryptcalls but have built in backdoors
ċ ċ ċ
for secret services and govern m ents and are at the beh est of their owner (in ċ
ċ
Skype's case Microsoft).
ċċ ċ ċ ċ
A solu tion to this problem is to make en crypted calls using Voice over IP
ċ ċ ċ ċ
(VoIP) through an In tern et con n ection. Both WiFi or mobile data networks ċ
ċ
can be used: cracking the GSM or Wireless password will not mean that your
ċ ċ
call can be in tercepted.
As ċ ċ
regards ċ
platforms, An droid has a wider range of open sourceċ VoIP
ċċ ċ ċ ċ
software, largely because Apple's AppStore licensing model proh ibits distribu ċ ċ Čċ
ċ ß ß
tion of software released under the Gener al Pub lic Licens e (approximately 60% ß ß ċ
ċ ċ
of all open source software released). The GPL is very popular in the security ċ
ċ ċ ċ ċ
and networking com m un ity.
ċ ċ
At the time of writing iP h one users have only non-open-source options avail ċ ċČ
able for purchase, like Groundwire (http://www.acrobits.cz/11/acrobits-
Ò
Groundwire cannot be assured! Ò
ċ ċ
An droid users head over to the section Call Encrypt ion to get started makÒ Ò ċ ċČ
ing secure VoIP calls.
89
Secure Calls and SMS
90
SECURE MESSAGING Ò Ò
ċ ċ
SMS are short messages sent between mobile phones. The text is sent with out ċ
ċ ċ ċ ċ
en cryption and can be read and stored by mobile phone providers and other
ċ ċ ċ ċ ċ
parties with access to the network in frastructure to which you're con n ected. ċ ċ
ċ ċ ċ ċ ċ
To protect your messages from in terception you have to use a chat protocol ß
ċ ċ ċ ċ
over your data con n ection. Thankfully this is not at all difficult. Many In stant ċ
ċ ċ ċ ċ ß ß ß ß ßß ß
Messaging providers use theEx tens ible Mes s ag ing and Pres ence Protocol(XMPP)
ċ ċ ċ
that allows users to use various clients to send and receive messages and exċ ċČ
ċ ċ ċ ċ
chan ge message with other providers.
ċ ċċ
Although XMPP uses TLS/SSL (see glossary entry TLS/SSL) en cryption to ċ ċ
ċ ċ ċ ċ ċ ċ
prevent 3rd party in terception, your provider can still read your messages and ċ
ċċ ċ ċ
hand them over to other en tities. Off-the-Record (OTR) Messaging however al ċ Čċ
ċ ċ ċ
lows you en crypt your messages.The messages you send donothave digital ċċ
ċċ ċ ċ
sign atures that can be verified by a third party, con sequently the identity of ċ
ċ ß ß ß ċ ċ
their auth or is repudiable afterwards. An yone can forge messages after a con ċČ
ċċ ċ
versation to make them look like they came from you. However,dur inga con ß ċČ
ċċ ċ ċ ċ ß ß
versation, your correspondent is assured of the integr ity of the messages - ċ
ċ ċ
what s/he sees is auth entic and un m odified.
ċ Ò Ò Ò Ò Ò
See the section Instant Messaging Encrypt ion
91
Secure Calls and SMS
92
ċ
Basic Email Security
ċ
Basic Email Securi ty
94
START USING THUN DERBIRD Ò
ċ ċ ċ
In upcom ing sections, we will be using Mozilla's Thun ċ ċČ
ċ
derbird e-mail program to show you how to con figure ċ
your e-mail client for maxim um ċ security. ċ Similar to
ċ ċ
Mozilla's Firefox browser, Thun derbird has many secur ċ ċČ
ċ ċ ċ
ity advantages over its cou n terparts like Apple Mail and
Outlook. ċ
ċ
Thun derbird is a so-called "mail user agent" (MUA). This is different from ċ
ċ
web-based e-mail services like Google's Gmail. You must in stall the Thun ċ ċ ċČ
ċ ċ ċ
derbird application on your com puter. Thun derbird has a nice in terface and ċ ċ ċ
ċ ċ ċ
features that en able you to man age multiple mailboxes, organ ize messages ċ ċ ċ ċ ċ
ċ
into folders, and search through mails easily. ċċ
ċ ċ
Thun derbird can be con figured to work with your existing e-mail account, ċċ ċ
ċ ċ
wheth er that account is through your In tern et Service Provider (such as ċ ċ ċ ċ ċ
ċ
Com cast) or through an web-based email provider (such as Gmail). ċ ċ
ċ ċ
Using Thun derbird has many advantages over using web-based e-mail in ter ċ ċČ
faces. These will be ċ ċ
discussed in the ċ ċ
following chapter. ċ To ċ ċ
sum m arize,
ċ ċ
though, Thun derbird en ables much greater privacy and security than web- ċ ċ ċ
based e-mail services. ċ
ċ ċ ċ ċ ċ
This section provides in form ation on how to in stall Thun derbird on Win ċ ċ ċČ
dows, Mac OS X, and Ubun tu. ċ
ċ ċ
INSTALLING T HUNDERBIRD ċ ON W INDOWS ċ
ċ ċ ċ ċ ċ
In stalling Thun derbird in volves two steps: first, download the software and
ċ ċċ
then run the in stallation program. ċ
1. Use your web ċ
brows e r to visit the Thunderbird ċ download page at
ċ ċ ċ ċ
your com p uter's op e rat ing sys t em and language, and re com m ends the best ċ ċ ċ
ċ ċ
vers ion of Thunderbird for you to use.
95
ċ
Basic Email Securi ty
ċ ċ ċ
If you want to use Thun derbird in a different lan guage or with a dif ċČ
ċ ċ ċ ß ß
ferent operating system, click the Other Sys tems and Lang uages link on
ċ
the right side of the page and select the version that you need.
2. ċ ċ ċċ ċ ċ ċČ
Click the download but t on to save the ins talla t ion program to your com p ut
er.
ċ ċ
Click the Save button to save the Thun derbird Setup file to your com ċČ
puter.ċ
3. ċ ċ ċ ċ
Close all applica t ions running on your com p ut e r.
4. ċ ċ ċ ċ
Find the setup file on your com p ut e r (it's usually in the Downloads folde r or
ċ ċ ċċ
on your desk t op) and then double-click it to start the ins talla t ion. The first
ċ ċ ċ Ò Ò
thing that the ins talle r does is dis p lay the Wel c ome to the Mozil l a Thun ÒÓ
derbird Setup Wizardscre e n. ċ
96
ċ
Start Using Thund erbird
ċ ċ ċċ
Click the Next button to start the in stallation. If you want to can cel it, ċ
Ò
click the Cancel button. ċ
5. ċ
The next thing that you see is the Setup Type scre e n. For most users the
ċ ċ ċ
Standard setup opt ion is good enough for their needs. The Cus t om setup ċ
ċ ċ ċ ċ ċ
opt ion is re com m ended for exp erienced users only. Note that Thunderbird ċ
ċ ċ ċ ċ
ins talls it s elf as your de f ault mail applica t ion. If you do not want this, clear
Ò Ò
the checkbox labeled Use Thunderbird as my def ault mail application. Ò
97
ċ
Basic Email Securi ty
ċ ċ ċ ċċ
Click the Next button to con tinue the in stallation.
6. ċ ċ ċ Ò ċ
After Thunderbird has been ins talled, click the Fini shbut t on to close the
setup wizard.
Ò Ò
If the Launch Mozilla Thunderbird now checkbox is selected, Thun ċ ċČ
ċ ċ
derbird starts after it has been in stalled.
ċ ċ
INSTALLING T HUNDERBIRD
98
ċ ON UBUNTUċ
Start Using Thund erbird ċ
ċ ċ
INSTALLING T HUNDERBIRD ċ ON UBUNTU ċ
ċ ċ
There are two different procedures for in stalling Thun derbird on Ubun tu: ċ ċ ċ ċ
ċ
one for version 10.04 or later, and one for earlier versions of Ubun tu. We de ċċ ċ ċ ċČ
scribe both below.
ċ ċ ċ ċ ċ ċ
Thun derbird will not run with out the following libraries or packages in stalled ċ ċ ċ
ċ ċ
on your com puter:
ċ ċ
Net workManage r 0.7 or highe r ċ
DBus 1.0 or highe r ċ
HAL 0.5.8 or highe r ċ
GNOME 2.16 or highe r ċ
ċ ċ
INSTALLING T HUNDERBIRD ċ ON UBUNTU 12.04ċ OR NEWER
ċ ċ
If you're using Ubun tu 12.04 or newer, the easiest way to in stall Thun derbird ċ ċ
ċ
is through the Ubun tu Software Center. ċ
1. TypeSoftwarein the Untiy search window. ċ
2. ċ
Click on 'Ubunt u Software Cent e r' ċ
3. ċ
Type "Thunderbird" in the search box and press the Enter on your keyboard.
The ċ
Ubunt u Software Cent e rċ finds ċ
Thunderbird in its list of ċ
availa ble
99
Basic Email Securi ty ċ
software.
4. Ò ċ ċ ċ
Click the Install but t on. If Thunderbird needs any additiona l libra ries, the ċ ċ ċ
ċ
Ubunt u Software ċ ċ
Cent e r ale rts you ċ
and ins talls them along with Thun ċČ
derbird.
ċ
You can find the shortcut to start Thun derbird in the In tern et option under ċ ċ ċ
ċ
the Applications menu:
ċ ċ
INSTALLING T HUNDERBIRD ċ ON MAC OS X
ċ ċ
To in stall Thun derbird on your Mac, follow these steps: ċ
1. Use your web ċ
brows e r to visit the ċ
Thunderbird download page at
ċ ċ ċ
your com p uter's op e rat ing sys t em ċ ċ
and language, and it ċ ċ
re com m ends the
ċ ċ
best vers ion of Thunderbird for you to use.
100
Start Using Thund erbird ċ
2. ċ
Download the Thunderbird disk image. When the download is com p lete, theċ
ċ ċ
disk image may autom atically open and mount a new volume called Thun ċ ßà
derbird.
ċ ċ
If the volume did not mount autom atically, open the Download folder ċ
ċċ ċ
and double-click the disk image to mount it. A Fin der win dow appears: ċ
3. ċ ċ ċ
Drag the Thunderbird icon into your Applica t ions folde r. You've ins talled ċ ċ
ċ
Thunderbird!
4. ċ ċ ċ ċ ċ
Opt ionally, drag the Thunderbird icon from the Applica t ions folde r into the
ċ ċ
Dock. Choos ing the Thunderbird icon from the Dock lets you quick ly open ċ
ċ
Thunderbird from there.
101
ċ
Basic Email Securi ty
ċ ċ
Note: When you run Thun derbird for the first time, newer versions of Mac
ċ ċ
OS X (10.5 or later) will warn you that the application Thun derbird.app was
ċ ċ
downloaded from the In tern et.
ċ ċ ċ
If you downloaded Thun derbird from the Mozilla site, click the Open button.
Ò
STARTING THUNDERBIRD Ò FOR THE FIRST TIME
ċ ċ ċ
After you have in stalled Thun derbird for the first time you will be guided
ċ ċ ċ ċ ċ
through the con figuration of your mail account. These settings are defined
ċ ċ ċ ċ ċ ċ ċ
by your e-mail provider (your In tern et Service Provider or web-based e-mail
ċ ċ ċ ċ ċ ċ
service provider). The next chapter describes how to set up your account and
ċ ċ
con figure it for maxim um security. ċ
102
SETTING Ò UP SECURE CON N ECTIONS Ò Ò
There is a right (secure) way to con figure your con n ec ċ ċ Čċ
tion to your ċ ċ
provider's mail servers and a wrong (inċČ
secure) way. The most ċ ċ ċ
fundamental aspect of e-mail
ċ ċ ċ
security is the type of con n ection that you make to your
ċ
e-mail provider's mail server. ċ
ċ ċ
Whenever possible, you should con n ect using the SSL ċ
(Secure Socket ċ Layer) and TLS ċ
(Transport Layer ċ
Security) protocols. ċ
(STARTTLS, which ċ ċ
is an oth er ċ
option ċ
available when ċ ċ
con figuring an ac ċČ
ċ
count, is a variation of SSL / TLS.) These protocols prevent your own systemċ ċ ċ
ċ ċ
(beyond Thun derbird) and any points between your system and the mail ċ ċ
ċ ċ ċ ċ ċ ċ
server from in tercepting and obtain ing your password. SSL / TLS also prevent ċ
ċċ ċ
eavesdroppers from reading the con tent of your messages. ċ ċ
ċ ċ ċ
These protocols, however, only secure the con n ection between your com put ċ ċ ċ ċČ
ċ
er and the mail server. They do not secure the in form ation chan n el all the ċ ċ ċ ċ
ċ ċ
way to the message recipient. Once the mail servers forward the message for ċ ċ ċ
ċ ċ ċ ċ ċ
delivery, the message may be in tercepted and read by points in between the ċ
ċ ċ
mail server and the recipient.
ċ ċ
This is where PGP (Pretty Good Privacy) comes in, which is described in the ċ
ċ
next chapter.
ċ ċ ċ
The first step in establish ing e-mail security is a secure con n ection between ċ ċ ċ
ċ ċ ċ
your system and the mail servers. This chapter describes how to set up your ċ
ċ
e-mail account the right way.
ċ
C ONF IGURATION ċ ċ ċ
RE QUIRE M ENTS
103
Basic Email Securi ty ċ
ċ
C ONF IGURATION ċ ċ ċ
RE QUIRE M ENTS
ċ ċ
When you con figure an account, Thun derbird attempts to determ ine (from ċ ċ ċ ċ
ċ ċ
the email account and the account details that you provide) the con n ection ċ ċ ċ ċ
ċ ċ ċ ċ
param eters to your email provider. While Thun derbird knows the con n ection ċ ċ ċ
ċ ċ ċ ċ
param eters for many email providers, it does not know them all. If the para Čċ
ċ ċ
meters are not known to Thun derbird, you will need to provide the following ċ ċ ċ
ċ ċ ċ ċ
in form ation to con figure your account: ċ
Your username Ò
Your password
Ò
Inc omi ng Ò Ò
serv er: name (such as ċċ
"im a p .example.com"), ċ ċ
prot ocol (POP or
ċ
IMAP), port (by de f ault, 110), and security prot ocol ċ ċ
Ò Ò Ò
Outg oi ng serv er: name (such as "smtp.example.com"), port (by de f ault, 25), ċ ċ
ċ
and security prot ocol ċ
ċ ċ ċ ċ
You should have received this in form ation from your hosting provider. Alter ċ ċ ċ ċ ċČ
ċ ċ ċ ċ ċ
natively, you can usually find this in form ation on the support pages on the ċ
ċ ċ ċ ċ ċ ċ
website of your hosting provider. In our exam ple we will be using the Gmail
ċ ċ ċ ċ
server con figuration. You can use Thun derbird with your Gmail account. To ċ
ċ ċ ċ ċ
do so, you must chan ge a con figuration setting in your account. If you are ċ
ċ
not using a Gmail account, skip the next section. ċ
ċ ċ
PRE PARING A G MAIL ċ
ACCOUNT FOR USE WITH T HUNDERBIRD ċ
ċ
Log in to your Gmail account in your browser. Select Sett ings from options ċ Ò ċ
in the top right, then go to the tab Forwarding and POP/IMAP. Click En Ò Ò ÒÓ
able IMAP and then Save Changes. Ò
104
ċ ċ
C ONF IGURING T HUNDERBIRD ċ TO USE SSL/TLS
ċ ċ ċ
Setti ng up secure connec tions
ċ ċ
C ONF IGURING T HUNDERBIRD ċ TO USE SSL/TLS
ċ
When you start up Thun derbird for the first time, you will enter a step-by-
ċ ċ ċ ċ
step con figuration procedure for setting up your first account. (You can in ċ ċČ
ċ ċ ċ
voke the account setup in terface any time by selecting File | New | Mail Ac ċ ÒÓ
ċ
count). On the first screen, you will be asked for your name, your email-
address and your password. The value you enter for your name does not have
ċ ċ ċ
On the next screen, Thun derbird will attempt to determ ine the server names ċ ċ ċ
based on your email address. This may take some time, and will only work if
ċ ċ
Thun derbird knows the settings for the mail servers for your email provider. ċ ċ ċ
ċ ċ ċ ċ
In eith er case you will be presen ted with a win dow where you can modify the ċ
ċ ċ ċ ċ
settings. In the exam ple below, Thun derbird has detected the settings auto ċ ċ ċ ċČ
ċ ċ
matically. You can see the protocol at the right side of the server names. This ċ
ß ß ß
should be either SSL/TLS or STARTTLS. Otherwise your connection is ins ecure ß ß ß
ß
and you should attempt manual setup. ß
105
Basic Email Securi ty ċ
ċċ Ò ċ
When you are fin ish ed, click Create account. If Thun derbird could not de ċČ
ċ ċ ċ Ò ċ
term ine your server settings, click on Manu al setup to con figure the server ċ
names yourself. ċ
MANUAL ċ SETUP
ċ ċ ċ ċ ċċ ċ ċ
Use the Account Settings in terface to manu ally con figure accounts in Thun Čċ
ċ ċ ċ ċ ċ
derbird. The Account Settings dialog will autom atically open if you select
Ò ċ ċ
Manu al setup in the con figuration wizard. In this case we are only in teres ċ ċČ
ċ ċ ċċ ċ ċ
ted in the in com ing and outgoing mail server names, and the protocol we use
ċ ċ ċ
to con n ect with them. As you can see in the exam ples below, we enter the
ċ
Gmail server names and we force them to use TLS/SSL, a secure meth od to ċ
ċ
con n ect to the servers. ċ
106
ċ ċ ċ
Setti ng up secure connec tions
ċ ċ ċ ċ ċ
Under 'Server Settings', we will find only the in com ing (IMAP) server and its
ċ ċ
settings for that specific account.
107
Basic Email Securi ty ċ
mail.gmail.com
ß ß ß
As you can see we have selected 'SSL/TLS' under the connection secur ity setting. ß ß
This ß ß
enfor ces ß ß
encryption. Do not be scared by the ċ ċ
auth entication ċ
meth od
Ò ċ
Normal password. The password will be autom atically en crypted due to our ċ ċ ċ
ċ ċ
secured con n ections to the server. ċ
ċċ ċ ċċ ċ ċ
Fin ally, con figure the outgoing server for the account. Click on Out going Ò Ò
Ò
Serve r (SMTP) in the left panel.
108
SOME ADDITION A L SECURITY SETTINGSÒ Ò Ò Ò
ċ
Thun derbird providesċ ċ
addition al ċ security ċ measures to
ċ
protect you from junk mail, identity theft, viruses (with ċ
the help of your anti-virus software, of cou rse), ċċ in tel ċ ċČ
ċ ċ ċ
lectu al property theft, and malicious web sites. ċċ
ċ ċ
We will look at the following Thun derbird security fea ċ ċ Čċ
ċ
tures. First a little background on why you need to con ċČ
ċ
sider some of these measures:
Ò
Adap tive junk mail controls Ò
ċ ċ
Adap t ive junk mail cont rols allow you to train Thunderbird to ident ify junk ċ ċ
ċ
email (SPAM) and re m ove it from your inbox. You can also mark mes s ages ċ
ċċ
as junk mail manua lly if your email provider's sys t em mis s es the junk mail ċ ċ ċ
and lets it go through.
Ò Ò Ò
Integ ration with anti-virus software
ċ
If your anti-virus software sup p orts Thunderbird, you can use that software ċ
ċ ċ ċ
to quarant ine mes s ages that cont ain viruses or other malicious cont ent. If ċċ ċ
ċ ċ
you're wondering what anti-virus software works with Thunderbird, you can ċ
find a list here: http://kb.mozillazine.org/Ant ivirus_software. ċ ċ
Ò
Master password
ċ ċ
For your convenie nce, you can have Thunderbird re m embe r each of your in ċ ċ ċ ċČ
ċ
dividua l passwords of your e-mail ċ
accounts. You can ċ
specify a mast e r ċ
password that you enter each time you start Thunderbird. This will ena ble ċ ċ
ċ
Thunderbird to open all your email accounts with your saved passwords. ċ
Ò Ò
Restric tions on cooki es Ò Ò
ċ ċ
Some blogs and webs ites at t empt to send cook ies (a piece of text that stores ċċ
ċ ċ ċ
inf orm a t ion from Web sites on your com p ut e r) with their RSS feeds. These ċ ċ
ċċ ċ
cook ies are often used by cont ent provide rs to provide targeted advertis ing. ċ ċ ċ ċ ċ ċ
ċ ċ ċċ ċ
Thunderbird re jects cook ies by de f ault, but you can conf igure Thunderbird ċ ċ
ċ
to accept some or all cook ies. ċċ
ċ ċ ċ ċ
In the Security Preferences section of Thun derbird's Options/Preferences di ċ ċ ċ ċČ
alog box you can set up the preferences for these features. ċ ċ ċ
ċ
In Windows and Mac OS X, go to the 'Tools' menu and click 'Opt ions'. ċ
ċ ċ
On Ubunt u or other vers ions of Linux, go to the 'Edit' menu and click 'Pre ċČ
109
Basic Email Securi ty ċ
ċ
fere nces'.
'Junk' tab.
2. ċ ċ
Do the following:
ċ ċ
To tell Thunderbird that it should handle mes s ages mark ed as junk,ċ ċ
ċ
select the check box labelled 'When I mark mes s age as junk'. ċ
ċ ċ
To have Thunderbird move these mes s ages to a junk folde r, select the ċ
ċ ċ
'Move them to account's 'Junk' folde r' radio but t on. ċ
ċ ċ
To have Thunderbird de lete junk mail upon re ceiving it, select the ċ ċ
ċ
'De lete them'radio but t on. ċ
3. ċ ċ
Thunderbird will mark junk mes s age as read if you select the check box
ċ ċ ċ
labeled 'Mark mes s ages de t erm ined to be Junk as read'.
4. ċ
If you want to keep a log of junk mail re ceived, select the'Ena ble junk filt e r ċ ċ
ċ
logging'check box.
5. ċ ċ
Click the 'OK' but t on to close the'Opt ions/Prefere nces' dia log box.ċ ċ
SCAM
110
ċ ċ
DE TECTION AND WARN ING SYSTEM ċ ċ
ċ ċ ċ ċ
Some Ad d itional Securi ty Setti ngs
SCAM ċ ċ
DE TECTION AND WARN ING SYSTEM ċ ċ
1. ċ ċ ċ ċ ċ
In the Pre f erences/Op t ions dia log box, click 'Security' and then click the'E-
mail Scams'tab.
2. ċ ċ
To have Thunderbird warn you about pos s ible email scams, select the check
ċ ċ ċ ċ
box labelled 'Tell me if the mes s age I'm read is a sus p ect ed email scam'. To
ċ ċ
turn off this fea t ure, de s elect this check box.
3. ċ ċ ċ ċ
Click the 'OK' but t on to close the 'Opt ions/Prefere nces' dia log box.
A NTI- VIRUS ċ ċċ
IN TEG RA TION
111
Basic Email Securi ty ċ
A NTI- VIRUS ċ ċċ
IN TEG RA TION
1. In the ċ ċ ċ ċ
Pre f erences/Op t ions dia log box, click ċ
'Security' and then click the
'Anti-Virus' tab.
2. ċ ċċ ċ
To turn on anti-virus int egra t ion, select the check box labeled'Allow anti-
ċ ċ ċ ċ ċ ċ
virus clients to quarant ine individua l incom ing mes s ages'. To turn off this
ċ ċ
fea t ure, de s elect this check box.
3. ċ ċ ċ ċ
Click the 'OK' but t on to close the 'Opt ions/Prefere nces' dia log box.
SET ċ
A MASTE R PASSWORD
1. In the ċ ċ ċ ċ
Pre f erences/Op t ions dia log box, click ċ
'Security' and then click the
'Passwords' tab.
112
ċ ċ ċ ċ
Some Ad d itional Securi ty Setti ngs
2. ċ
Select the check box labeled 'Use a mast e r password'.
3. Enter your password into the 'Enter new password' and 'Re-enter password'
fields.
4. ċ ċ ċ ċ
Click the 'OK' but t on to close the Change Mast e r Password dia log box.
5. ċ
If you want to see the passwords that you have saved in Thunderbird, click
ċ
the 'Saved Passwords' but t on. This will open the 'Saved Passwords' dia log ċ
box.
113
Basic Email Securi tyċ
7. ċ ċ
Click the 'Close' but t on to close 'Saved Passwords' dia log box.
8. ċ ċ ċ ċ
Click the 'OK' but t on to close the 'Opt ions/Prefere nces' dia log box.
A DAPTIVE
114
ċ JUNK MAIL CON TROLS ċ
ċ ċ ċ
Some Ad d itional Securi ty Setti ngs ċ
ċ
A DAPTIVE JUNK MAIL CON TROLSċ
ċ ċ ċ
You need to first open Account Settings win dow. Note that settings con ċ ċČ
ċ ċ ċ
figured in the Account Settings win dow apply only to the account that you ċ
ċ ċ
select in the Folders pane. You must con figure local folders separately. ċ ċ
1. ċ ċ
In the Folde rs pane right-click on an account name and select 'Sett ings'. ċ
2. ċ
In Windows or Mac go to the 'Tools' menu and select'Account Sett ings'. In ċ ċ
ċ
Linux, go to the 'Edit menu' and select 'Account Sett ings'. ċ
1. ċ ċ ċ
To set adap t ive junk mail cont rols for a specific account, pick an account ċ
ċ
and click 'Junk Sett ings'.
115
Basic Email Securi ty ċ
2. ċ ċ
To turn on the cont rols, select the check box labeled 'Ena ble adap t ive junkċ
ċ ċ ċ
mail cont rols for this account'. To turn them off, de s elect this check box.
3. ċ ċ ċċ
If you want the cont rols to ignore mail from sende rs in your Address Book,
ċ
select the check boxes next to any of the lis ted address books.
4. ċ ċ ċ
To use a mail filt e r such as SpamAs s assin or SpamPa l, select the check box
ċ ċ ċ
labelled 'Trust junk mail heade rs sent by:' and pick a filt e r from the menu.
5. ċ
Select the check box labeled 'Move new junk mes s ages to' if you want to
ċ ċ ċ ċ
move junk mail to a specified folde r. Then select the de s tina t ion folde r to be
ċ ċ ċ ċ ċ ċ
eithe r at your email provide r or a local folde r on your com p ut e r.
6. ċ ċ ċ
Select the 'Autom atically de lete junk mail other 14 days' check box to have
ċ ċ ċ ċ ċ ċ
Thunderbird re gularly re m ove junk mail. To change the time period for this
ċ ċ ċ
process, enter a dif f erent numbe r (in days) in the text box.
7. ċ
Click 'OK' to save your changes.
116
ċ ċ
Email Encryption
ċ ċ
Email Enc ryption
118
Ò
IN TRODUCING Ò Ò
MAIL EN CRYPTION Ò (PGP)
ċ ċ
This chapter will in troduce you to some basic con cepts ċ
ċ ċ ċ
beh ind mail en cryption. ċ ċ
It is im portant to read to get
ċ ċ ċ ċ ċ
some feeling of how mail en cryption actually works and
ċ ċ
what its caveats and lim itations are. PGP (Pretty Goodċ
ċ ċ
Privacy) is the protocol we shall use for e-mail en cryp ċ ċČ
ċ ċ ċ ċ
tion. This protocol allows us to digitally sign and en cryptċ
ċ
mail messages. It works on an end-to-end basis: messages ċ
ċ ċ ċ ċ ċ ċ
will be en crypted on your own com puter and will only be decrypted by the
ċ ċ ċ ċ
recipient of the message. There is no possibility for a 'man-in-the-middle' to
ċ ċ ċ ċ ċ ċ ß
deciph er the con tents of your en crypted message. This ex cludes the subject ċ
ċ ċ ċ ċ ċ ċ
lines and the 'from' and 'to' addresses, which un fortunately are not en crypted
ċ
in this protocol.
ċ ċ ċ ċ
After having in troduced these basic con cepts, the next chapters will give you
ċ ċċ ċ ċ ċ
a hands-on guide to in stall the necessary tools on your operating system and
ċ ċ ċ ċċ
get en cryption up and runn ing. We will focus on using En igm ail which is an
ċ ċ ċ ċ ċ ċ
extension for Thun derbird that helps you man age PGP en cryption for your
ċ ċċ ċ ċ ċ
email. The in stallation process for En gimail / PGP is different for Mac OSX,
ċ ċ ċ ċ ċ
Win dows and Ubun tu so please see the appropriate chapters in this section
ċ ċ
for in structions.
USING ċ
A KEY- PAIR TO EN CRYPT YOUR MAIL
119
ċ ċ
Email Enc ryption
USING ċ
A KEY- PAIR TO EN CRYPT YOUR MAIL
ċ ċ ċ ċ
A crucial con cept in mail en cryption is the usage of so-called key-pairs. A
key-pair is just two separate files sitting on ċ your harddisk or USB stick.
ċ ċ
Whenever you want to en crypt mails for a certain mail-account, you will ċ
ċ ċ
need to have these files available to yourself in some form. If they are sitting ċ
ċ ċ
at home on your com puter, you will not be able to decrypt mail at the office. ċ ċ
ċ ċ
Putting them on a USB stick should provide a solu tion to this problem. ċċ ċ
ċċ ċ
A key-pair con sists of the two different keys: a public key and a secret key. ċ ċ
ċ
The public key: you can give this key to other people, so they can send you ċ
ċ ċ
en crypted mails. This file does not have to be kept secret. ċ
ċ ċ ċ
The secret key: this basically is your secret file to decrypt em ails people send ċ ċ ċ
to you. It should never be given to someone else. ċ
ċċ
SENDING ċ ċ
EN CRYPTED MAILS TO OTHER ċ
PEOPLE : YOU NEED THEIR PUBLICċ
KEY
ċ
I have five colleagues at work and I want to send en crypted mails to them. I ċ ċ
ċ
need to have public keys for each of their addresses. They can send me these ċ
ċ ċ
keys using ordinary mail, or they can give them to me in person, or put them ċ
on a USB stick, or they can have their keys on a website. It doesn't matter, as ċ ċ
ċċ ċ
long as I can trust those keys really belong to the person I want to correspond ċ ċ ċ
with. My software puts the keys on my `keyring', so my mail application ċ ċ
knows how to send them en crypted mails. ċ ċ
ċ ċ
RE CEIVING ċ ċ
EN CRYPTED MAILS FROM OTHER PEOPLE : THEY NEED MY PUBLIC ċ ċ
KEY
ċ ċ
For my five (or thirty) colleagues to be able to send me en crypted mails, the ċ ċ
ċ
process goes the other way around. I need to distribute my public key to each ċ ċ
of them.
ċ ċ
C ONCLUSION: ċ ċ ċ
EN CRYPTION RE QUIRES PUBLIC KEY DISTRIBUTION !ċ ċ ċ
ċ ċ
All the people in a network of friends or colleagues wanting to send each ċ ċ
ċ ċ ċ ċ
other en crypted em ails, need to distribute their public keys to each other, ċ
ċ ċ ċ
while keeping their secret keys a closely guarded secret. The software de ċ ċ ċČ
120
ċ
scribed in this chapter will help you do this key man agem ent. ċ ċ
Ò
IN STALLING PGP Ò ON WIN DOWS Ò
ċ ċ ċ ċ
To com plicate matters a little - PGP is the protocol used for en crypting e-mail ċ ċ
ċ
by various softwares. To get PGP to work with Thun derbird we need to in ċ Čċ
ċ ċċ
stall GPG - a free software im plemen tation of PGP and En igm ail - an extens ċċ ċ ċČ
ċ ċ
ion of Thun derbird that allows you to use GPG... Con fused?! Don't worry ċ
ċ
about it, all you have to know is how to en crypt your email with PGP and
ċ ċċ
you need to in stall both GPG and En igm ail. Here is how to do it...
ċ ċ
INSTALLING PGP (GPG) ON ċ
MICROSOFT W INDOWS ċ
ċ
The GNU Privacy Guard (GnuPG) is software which is required to send PGP ċ
ċ ċ ċ ċ ċċ ċ
en crypted or sign ed em ails. It is necessary to in stall this software before being ċ
ċ ċ
able to do any en cryption.
ċ ċ
Head to the website of the Gpg4win project. Go to http://gpg4win . org/ ċ
ċ
On the left side of the website, you will find a 'Download' link. Click on it.
This will take you to a page where you can download the Gpg4Win. Click on
ċ ċċ ċ ċ
the button which offers you the latest stable version (not beta) of Gpg4Win.
ċ ċ
This will download you an .exe file. Depending on your browser, you may ċ
have to double-click on this downloaded file (which will be called someth ing ċ ċċ
ċ ċċ ċ
like gpg4qin-2.1.0.exe) before someth ing happens. Win dows will ask you if ċ
121
ċ ċ
Email Enc ryption
ċ ċ ċ ċ
you are sure you want to in stall this program. An swer yes.
ċ ċ ċċ ċ ċ ċ ċ
Then com plete the in stallation by agreeing to the licen se, choosing approp ċ ċČ
ċ ċ ċ ċ ċ ċ
riate lan guage and accepting the default options by clicking 'Next', un less you ċ
ċ ċ
have a particular reason not to.
ċ ċ ċ
The in staller will ask you where to put the application on your com puter. ċ ċ
ċ ċ
The default setting should be fine but make a note of it as we may need this
ċ ċ
INSTALLING WITH THE ċċ
ENIGMAIL ċ ċ
EXTENSION
ċ ċ ċ ċ
After you have successfully in stalled the PGP software as we described above ċ
ċ ÒÒ
you are now ready to in stall the Enigmail add-on.
ċċ ċ ċ
En igm ail is a Thun derbird add-on that lets you protect the privacy of your ċ
ċ ċċ ċċ ċ ċ ċ
email con versations. En igm ail is simply an in terface that lets you use PGP en ċČ
ċ ċ ċ
cryption from with in Thun derbird.
ċċ ċ ċ ċ
En igm ail is based on public-key cryptography. In this meth od, each in dividu al ċ ċ
ċ ċ
must generate her/his own person al key pair. The first key is known as the
ċ ċ
private key. It is protected by a password or passphrase, guarded and never ċ
ċ
shared with an yone.
ċ
The second key is known as the public key. This key can be shared with any
ċ ċ ċ ċ
of your correspondents. Once you have a correspondent's public key you can ċ
ċċ ċ ċ ċ
begin sen ding en crypted e-mails to this person. Only she will be able to de ċČ
ċ ċ ċ
crypt and read your em ails, because she is the only person who has access to ċ
ċ
the match ing private key.
ċ ċ
Similarly, if you send a copy of your own public key to your e-mail con tacts ċ
ċ ċ
and keep the match ing private key secret, only you will be able to read en ċČ
ċ ċ ċ
crypted messages from those con tacts.
ċċ ċ ċċ ċ ċ
En igm ail also lets you attach digital sign atures to your messages. The re ċ ċČ
ċ
cipient of your message who has a genuine copy of your public key will be ċ
ċ
able to verify that the e-mail comes from you, and that its con tent was not ċ
ċ ċ ċ ċ
tam pered with on the way. Similarly, if you have a correspondent's public ċ
122
ċ ċ ċ
Install i ng PGP on Wind ows
ċ ċċ ċċ
key, you can verify the digital sign atures on her messages. ċ
ċ ċċ
INSTALLATION STEPS
ċ ċ ÒÒ ċ ċ ċ
To begin in stalling Enigmail, perform the following steps:
Ò
Step 1. Open Thunderbird, then Select Tools > Add-ons to activate the ċ
ċ ċ ċ
Add-ons win dow; the Add-ons win dow will appear with the default Get Add- ċ
ċċ
ons pane en abled.
ċċ
Step 2. Enter en igm ail in the search bar, like below, and click on the search
icon.
ċ ċ ċ
Step 3. Simply click on the 'Add to Thun derbird' button to start the in stalla ċ ċ ċČ
tion.
ċ ċ
Step 4. Thun derbird will ask you if you are certain you want to in stall this ċ
ċ ċ
add-on. We trust this application so we should click on the 'In stall now' but ċČ
ton.
123
ċ ċ
Email Enc ryption
ċ ċċ ċ
Step 5. After some time the in stallation should be com pleted and the followċ ċČ
ċ ċ ċ ċ ċ
ing win dow should appear. Please click on the 'Restart Thun derbird' button.
124
Ò
IN STALLING PGP Ò ON OSX
ċ
The GNU Privacy Guard (GnuPG) is software which en ċČ
ċ ċ ċ ċ
ables you to send PGP en crypted or sign ed em ails. It is
ċċ ċ ċ
necessary to in stall this software before being able to do
ċ ċ ċ ċċ ċ ċċ
any en cryption. This chapter covers the in stallation steps
ċ ċ
required to in stall GnuPG on Mac OSX.
ċ
Getting started ċ
ċ ċ
For this chapter we assume you have the latest version of: ċ
ċ ċ
OSX ins talled (10.6.7)
ċ
Thunderbird (3.1.10)
ċ
Note on OSX Mail: It is possible to use PGP with the
ċ
build-in mail program of OSX. But we do not recom m end ċ ċ
ċ ċ ċċ
this because this option relies on a hack of the program ċ
ċ ċ ċ
which is neith er open or supported by its developer and ċ ċ
ċ
breaks with every update of the mail program. So un less ċ ċ
ċċ ċ
you really have no other option we advice you to switch ċ
ċ ċ ċ
to Mozilla Thun derbird as your default mail program if ċ
you want to use PGP.
DOWNLOADING ċ ċ ċ
AND IN STALLING THE SOFTWARE
ċ
For OSX there is a bundle available which will in stall everyth ing you need inċ ċċ
one ċ ċċ
in stallation. You can get it by ċ ċ
directing your browser ċ to
ċ
http://www.gpgtools.org/ and clicking on the big blue disk with "Download
ċ ċ ċ ċ
GPGTools In staller" written under it. It will redirect you to an oth er page on ċ ċ
ċ ċ
http://www.gpgtools.org/installer/in dex.html where you can ċ ċ
actually
ß
(nb. We are using the latest vers ion Firefox for this manual, so the screens might ß
ß ß
look a little bit different if you are using a different brows er) ß ß
125
ċ ċ
Email Enc ryption
ċ ċ ċČ
2. Download the software by choosing 'Save File' and clicking 'OK' in the di
alogue.
126
ċ ċ
Install i ng PGP on OSX
ċ ċ ċ
3. Navigate to the folder where you norm ally store your downloads (Mostly ċ
ċ ċ ċ ċ ċ
the desktop or the downloads folder surprisingly) en double click the '.DMG'
ċċ ċ ċ ċ ċ
file to open the virtu al disk con tain ing the in staller.
ċ ċ
4. Open the in staller by double-clicking on the icon.
127
ċ ċ
Email Enc ryption
ċ ċ ċ
5. The program will check your com puter to see if it can run on the com put ċ ċČ
er.
ß ß ßà
(Note, if you're Mac is bought before 2006 it will not have an intel proces
ß ß ßß
sor required to run this software and the ins tallation will fail. Sadly it is
ß ß ß ß ß
beyond the scope op this manual to also take into account com puters over
ċ ċ ċ
You will be guided by the program through the next steps like accepting the
ċ ċ ċ ċ ċċ ċ
licen se agreem ent. But stop pressing all the OK's and Agrees as soon as you
ċ ċċ
come to the 'In stallation Type' screen: ċ
128
ċ ċ
Install i ng PGP on OSX
ċ ċ ċ ċ ċ
6. Clicking 'Custom ize' will open this screen where you several options of ċ
ċ ċ
programs and software to in stall. You can click on each one of them to get a
ċ ċ ċ ċ
little bit of in form ation on what is is, what it does and why you might need it.
ċ ċ ċ
As said in the intro; we advice against using Apple Mail in com bination with
ċ ċ
PGP. Therefore you won't be needing 'GPGMail', as this en ables PGP on
ċ
Apple Mail, and you can un check it.
129
ċ ċ
Email Enc ryption
ÒÒ ċ ċ
'Enigmail' on the other hand is very im portant as it is the com ponent that ċ
ċ ċ ċ
will en able Thun derbird to use PGP. In the screen shot here it is greyed out
ċ ċ ċ ċ ċċ
as the in staller wasn't able to identify my in stallation of Thun derbird. Since ċ
ċ ċċ
this seems to be a bug. You can also in stall En igm ail from with in Thun ċ ċČ
ċ
derbird as is explained in an oth er chapter. ċ ċ ċ
ċ ċ ċċ
If the option is not greyed out in your in stallation, you should tick it.
ċ ċ
After you checked all the com ponents you want to in stall click 'In stall' to pro ċ ċ ċČ
ċ ċ
ceed. The in staller will ask you for your password and after you enter that the
ċ ċċ
in stallation will run and com plete; Hooray! ċ
ċ ċ
INSTALLING UP ċ
ENGIMAIL
Ò
Step 1. Open Thunderbird, then Select Tools > Add-ons to activate the ċ
ċ ċ
Add-ons win dow; the Add-ons win dow will appear with the default Get Add-ċ ċ
ons pane en abled. ċċ
ċ
In the Add-On win dow, you can search for 'En igm ail' and in stall the extensċċ ċ ċ ċČ
ċ
ion by clicking 'Add to Thun derbird ...' ċ
ċ
2. After you open the Add-On win dow, you can search for 'En igm ail' and in ċċ ċČ
ċ ċ ċ
stall the extension by clicking 'Add to Thun derbird ...' ċ
130
ċ ċ
Install i ng PGP on OSX
ċ ċ ċ ċ
3. Click on 'In stall Now' to download and in stall the extension.
Ò Ò
Be aware that you will have to re start Thunderbird to use the func ÒÓ
131
ċ ċ
Email Enc ryption
Ò Ò Ò
tionality of this ext ension!
ċ ċ ċ ċ ċċ
Now that you have successfully downloaded and in stalled En igm ail and PGP
ċ ċ
you can go on to the Chapter that deals with setting up the software for use.
132
Ò
IN STALLING PGP Ò ON UBUN TU Ò
ċ ċ ċ ċċ
We will use the Ubun tu Software Centre for in stalling PGP (En igm ail and ac ċČ
ċ ċ ċ
cessories). First open the Ubun tu Software Center through the Unity menu
ċ
by typing 'software' into the Unity search area
ċ
Cllick on the 'Ubun tu Software Center'. ċ
ċċ ċ
Type into the search field 'En igm ail' and search results should be return ed ċ ċ
ċ ċ
autom atically:
ċċ ċ
Highlight the En igm ail item (it should be highlighted by default) and click
ċ ċ ċ ċċ ċ
'In stall' and you will be asked to auth enticate the in stallation process.
ċ ċ ċċ
Enter your password and click 'Auth enticate'. The in stallation process will ċ
begin.
133
ċ ċ
Email Enc ryption
ċ ċ ċ ċ ċ
When the process is com pleted you get very little feedback from Ubun tu. The
ċ ċċ ċ
progress bar at the top left disappears. The 'In Progress' text on the right also
ċċ ċċ ċ ċ
disappears. En igm ail should now be in stalled.
ċ ċ ċ
With the growing usage of mobile phones for e-mail, it's in teresting to be able
to use GPG also on your mobile. This way you can still read the messages ċ
sent to you in GPG on your phone and not only on your com puter.ċ ċ
134
Ò
IN STALLING GPG Ò ON Ò
AN DROID
ċ ß ß
In stall the Android Privacy Guard (APG) and K-9 Mail applications to your ċ
ċ ċ ċ
An droid device from the Google Play Store or an oth er trusted source. ċ ċ ċ ċ
1. Generate a new private key that uses DSA-Elgamal with your PC's GPG in Čċ
ċċ
stalla t ion (You can only create keys with up to 1024bit keylength on An ċČ
droid it s elf). ċ
2. Copy the private key to your Android de vice. ċ ċ
3. ċ
Im p ort the private key to APG. You may wish to have APG autom atically ċ ċ
ċ ċ
de lete the plaint ext copy of your private key from your Android de vice's ċ ċ
filesys t em. ċ
4. ċ
Set-up your e-mail accounts in K-9 Mail.
5. ċ ċ ß
In the sett ings for each account, under Crypt ography, make sure that K-9 ß
Mail knows to use APG. You can also find opt ions here to make K-9 Mail ċ
ċ ċ ċ ċ
autom atically sign your mes s ages and/or encrypt them if APG can find a
ċ
public key for the re cipient(s). ċ
6. Try it out.
APG
This is a small tool which makes GPG en cryption possible on the phone. You ċ ċ ċ
ċ
can use APG to man age your private and public keys. The options in the ċ ċ
ċ ċ
application are quite straightforward if you are a little knowledge of GPG in ċ ċ
general. ċ
ċ ċ ċ ċ
Man agem ent of keys is not very well im plemen ted yet. The best way is to
ċċ ċ
manu ally copy all your public keys to the SD card in the APG folder. Then it's ċ
ċ ċ ċ ċ
easy to im port your keys. After you've im ported your public and private keys,
ċ ċ ċ ċ ċ ċ
GPG en crypting, sign ing and decrypting will be available for other applica ċČ
ċ ċ ċ ċ ċ
tions as long as these applications have in tegrated en cryption/GPG.
GPG ċċ
EN A BLED E - MAIL ON ċ
A NDROID: K-9 MAIL
135
ċ ċ
Email Enc ryption
GPG ċċ
EN A BLED E - MAIL ON ċ
A NDROID: K-9 MAIL
ċ ċ ċ ċċ
The default mail application does not support GPG. Luckily there is an excel ċ ċČ
ċ ċ ċ
lent altern ative: K-9 Mail. This application is based on the origin al An droidċ ċ
ċ ċ ċ ċ
mail application but with some im provem ents. The application can use APG
ċ ċ ċ ċ
as it's GPG provider. Setting up K-9 Mail is straightforward and similar to sett ċČ
ċ ċ ċ
ing up mail in the An droid default mail application. In the settings menu ċ
ċ ċ ċ ċ
there is an option to en able "Cryptography" for GPG mail sign ing. ċ
ċ
If you want to access your GPG mails on your phone this application is a ċ
must have.
Please note, due to some small bugs in K-9 Mail and/or APG, it's very advis ċ Čċ
ċ
able to disable HTML mail and use only Plain text. HTML mails are not en ċČ
ċ ċ
crypted nicely and are often not readable.ċċ
136
CREATING Ò YOUR PGP KEYS
ċ ċ
You are now ready to start en cryption your mails with PGP. You can do this
ċċ ß ċ ċċ
by using En igm ail within Thun derbird. En igm ail comes with a nice wizard to
ċċ ċ ċ ċ ċ
help you with the in itial setup and the im portant aspect of creating a pub ċČ
ċ ċ ċ ċ ċ
lic/private key pair (see the chapter in troducing PGP for an explanation). You
ċ ċ ċ Ò
can start the wizard at any time with in Thun derbird by selecting Ope nPGP
Step 1. This is what the wizard looks like. Please read the text on every win Čċ
ċ ċ ċ ċ ċ ċ
dow carefully. It provides useful in form ation and helps you setup PGP to
ċ ċ ċ ċ ċ
your person al preferences. In the first screen, click on Next to start the con ċČ
ċ
figuration.
ċ ċċ
Step 2. The wizard asks you wheth er you want to sign all your outgoing mail
ċ ċ
messages. If you do not chose to sign all your messages, you will have to
ċ ċ ċ
specify per recipient if you want to sign your e-mail. Sign ing all your mes Čċ
ċ ċ ċČ
sages is a good choice. Click on the 'Next' button after you have made a decis
137
ċ ċ
Email Enc ryption
ion.
ċ ċ ċ ċ
Step 3. On the following screen, the wizard asks you wheth er you want to
ċ ċċ ċ ċ ċ ċ ċ
en crypt all your outgoing mail messages. Un like sign ing of mails, en cryption
ċ ċ ċ ċ
requires the recipient to have PGP software in stalled. Therefore you should
ċ ċ ċ ċ
an swer 'no' to this question, to make sure you can still send norm al mails.
ċ ċ ċ ċ ċċ
Only an swer 'yes' here if you want to prevent Thun derbird from ever sen ding
ċ ċ ċċ
un encrypted mails. After you have made your decision, click on the 'Next'
ċ
button.
138
ċ
Creati ng your PGP keys
ċ ċ ċ ċ
Step 4: On the following screen the wizard asks if he can chan ge some of
ċ ċ ċ ċċ
your mail form atting settings to better work with PGP. It is a good choice to
ċ ċ ċ ċ
an swer 'Yes' here. The only serious thing is that it will prevent you from
ċċ ċ ċ
doing is sen ding HTML mail messages. Click on the 'Next' button after you
ċċ
have made your decision.
139
ċ ċ
Email Enc ryption
ċ ċ ċ
Step 5: Now it is time to start creating the keys. In the following screen you ċ
ċ ċ ċ
can select one of your mail accounts, or the default one is selected for you if
ċ
you have only one mail account. In the 'Passphrase' text box you have to give
ċ
a password. This is a new password which is used to protect your private key.
Ò Ò ċ ċ ċ
It is very import ant both to rem ember this password, because you can n ot ċ
ċ ċ ċ
read your own en crypted em ails any more when you lose it, and to make it a
ċ
strong password. It should be at least 8 characters long, not con tain any di ċ ċČ
ċ ċ ċ Ò
ctionary words and it should preferably be a unique password. Using the
ċ ċ ċ ċ ċ
same password for multiple purposes severely in creases the chan ce of it being
ċ ċ ċ ċ
in tercepted at some point. After you have selected your account and created a
140
ċ
Creati ng your PGP keys
ċ ċ ċ ċ ċ
Step 6: In the following screen the wizard basically wraps up what actions it
ċ ċ ċ ċ ċ
will take to en able PGP en cryption for your account. If you are satisfied with
ċ ċċ ċ ċ
the options you chose in the previous win dows, click on the 'Next' button.
141
ċ ċ
Email Enc ryption
ċ
Step 7: Your keys are being created by the wizard. Have some patience. The
ċ ċ
progress bar should slowly fill up to the right. The wizard will tell you when
ċ ċ
the keys have been successfully created, then you can click on the 'Next' butċČ
ton again.
142
ċ
Creati ng your PGP keys
Step 8: You now have your own PGP key-pair. The wizard will ask you if
ċ ċ ċ ċ ċ
you also want to create a special file, called a 'Revocation certificate'. This file
ċ ċ ċ
allows you to in form oth ers that your key-pair should no longer be conċ ċČ
ċ
sidered valid. Think of it as a 'kill switch' for your PGP identity. You can use
ċ
this certificate in case you have generated a new set of keys, or in case your
ċ
old key-pair has been com promised. It is a good idea to create the file and
ċ ċ
keep it somewhere in a safe place. Click on the 'Generate Certificate' button if ċ
ċ ċ
you want to create the file, oth erwise 'Skip'.
ċ ċ ċ ċ ċ
Step 9: Assum ing you have decided to generate a revocation certificate, the ċ
ċ
wizard will ask you where the file should be saved. The dialog may appear a ċ
ċ ċ ċ ċ ċ
bit different on your particular operating system. It is a good idea to ren ame ċ
ċċ ċ ċ ċ ċ
the file to someth ing sen sible like my_revocation_certificate. Click on 'Save'
ċ
when you you have decided on a location. ċċ
143
ċ ċ
Email Enc ryption
ċ ċ ċ ċ ċ ċ
Step 10: Assum ing you have decided to generate a revocation certificate, the
ċ ċ ċ
wizard in forms you it has been successfully stored.
ċ ċ
Step 11: The wizard will in form you it has com pleted its setup.
ċ ċ
Con gratulations, you now have a fully PGP-configured mail client. In the
144
ċ
Creati ng your PGP keys
ċ ċ ċ ċ
next chapter we will explain how to man age your keys, sign messages and do
ċ ċ ċ ċ ċ ċ
en cryption. Thun derbird can help you do a lot of these th ings autom atically.
145
ċ ċ
Email Enc ryption
146
D AILY PGP USAGE
ċċ ċ ċ
In the previous chapters we have have explained how to set up a secure mail
ċ ċ ċ ċċ
en viron m ent using Thun derbird, GPG and En igm ail. We assume you have ċ
ċ ċ ċ ċ ċ
in stalled the software and have successfully followed the wizard in structions ċ ċ
ċ ċ ċ
to generate an en cryption key-pair as described in the previous chapter. This ċċ ċ
ċ ċ
chapter will describe how to use your secured Thun derbird in daily life to ċ
ċ ċ ċ
protect your e-mail com m unication. In particular we will focus on: ċ
1. ċ ċ ċ ċ
Encrypt ing at t achm ents
2. ċ ċ
Ent ering your pass-phrase
3. ċ ċ ċ ċ
Re ceiving encryp t ed e-mail
4. ċċ ċ ċ ċ
Sending and re ceiving public keys
5. ċ ċ ċ ċ
Re ceiving public keys and adding them to your key ring
6. ċ ċ
Using public key serve rs
7. ċ ċ ċ
Signing e-mails to an individua l
8. ċċ ċ ċ ċ ċ
Sending encryp t ed e-mails to an individua l
9. ċ ċ ċ ċ ċ ċ
Autom at ing encryp t ion to cert ain re cipients
10. ċ ċ ċ
Verify ing incom ing e-mails
11. ċ ċ
Re vok ing your GPG key pair
12. ċ
What to do when you have lost your secret key, or forgot your passphrase ċ
13. ċ
What to do when your secret key has been stole n, or com p romised ċ ċ
14. ċ
Back ing up your keys
ċ ċ ċ
First we shall explain two dialog win dows that will in evitably appear after you ċ ċ ċ
ċ
start using Thun derbird to en crypt your em ails. ċ ċ
ċ ċ
ENCRYPTING ċ ċ
ATTACHM ENTS
ċ ċ
The dialog win dow below will pop-up whenever you are sen ding an en cryp ċ ċċ ċ Čċ
ċ ċ
ted email with attach m ents for the first time. Thun derbird asks a tech n ical ċ ċċ
ċ ċ ċ ċ
question on how to en crypt attach m ents to your mail. The second (default) ċ
ċ ċ ċ
option is the best choice, because it com bines security with the high est com ċ ċ ċČ
ċ ċ
patibility. You should also select the 'Use the selected meth od for all fu ture at ċ ċ ċČ
ċ ċ
tach m ents' option. Then click 'OK' and your mail should be sent with no
ċ
furth er delay.
147
ċ ċ
Email Enc ryption
ċ ċ
ENTERING YOUR PASS- PHRASE
ċ ċ ċ
For security reasons, the pass-phrase to your secret key is stored tem porarily ċ ċ
in mem ory. ċċ Every now and then ċ
the dialog ċ
win dow below will pop-up.
ċ ċ
Thun derbird asks you for the pass-phrase to your secret key. This should be
ċ ċ
different from your norm al email password. It was the pass-phrase you have
ċ ċ ċċ
en tered when creating your key-pair in the previous chapter. Enter the pass- ċ
phrase in the text-box and click on 'OK'
ċ ċ
RE CEIVING ċ ċ
EN CRYPTED E - MAILS
ċ ċ ċ ċ ċ ċċ
The decryption of e-mails is han dled autom atically by En igm ail, the only ac ċČ
ċ
tion that may be needed on your beh alf is to enter the pass-phrase to your
ċ ċ ċ ċ ċ ċ ċ
secret key. However, in order to have any kind of en crypted correspondence
ċ ċ ċ
with somebody, you will first need to exchan ge public keys. ċ
SENDING
148
ċċ ċ ċ
AND RE CEIVING PUBLIC KEYS ċ
Daily PGP usage
ċċ
SENDING ċ ċ
AND RE CEIVING PUBLIC KEYS ċ
ċ ċ
There are multiple ways to distribute your public key to friends or colleagues. ċ ċ
ċ
By far the simplest way is to attach the key to a mail. In order for your friend
ċ ċ ċ
to be able to trust that the message actually came from you, you should in ċČ
ċ ċ ċ
form them in person (if possible) and also require them to reply to your mail.
ċ ċċ
This should at least prevent easy forgeries. You have to decide for yourself ċ ċ
ċ ċċ
what level of validation is necessary. This is also true when receiving em ails ċ ċ ċ
from third-parties ċ ċ ċ
con tain ing ċ public keys. Con tact your ċ ċ
correspondent
ċ ċ
through some means of com m unication other than e-mail. You can use a
ċ ċ ċ ċ ċ
teleph one, text messages, Voice over In tern et Protocol (VoIP) or any other
ċ ċ ċ ċ
meth od, but you must be absolutely certain that you are really talking to the ċċ ċ
ċ ċ ċ ċ ċċ
right person. As a result, teleph one con versations and face-to-face meetings ċ
ċ ċ
work best, if they are con venient and if they can be arranged safely. ċ
ċċ
Sen ding your public key is easy.ċ
ċ
1. In Thun derbird, click on the icon.
ċ ċ
2. Com pose a mail to your friend or colleague and tell them you are sen ding ċċ
ċ
them your PGP public key. If your friend does not know what that means,
ċ
you may have to explain them and point them to this documen tation. ċċ
ċ ċ ċ ċċ
3. Before actually sen ding the mail, click to Ope nPGP > At t ach My Pub lic Ò Ò Ò
ċ
Key option on the menu bar of the mail com pose win dow. Next to this opt ċ ċ ċČ
ion a marked sign ċ ċ
will appear. See the exam ple below. ċ ċ
149
ċ ċ
Email Enc ryption
ċ
4. Send your mail by clicking on the ċ
button.
ċ ċ
RE CEIVING ċ ċ
PUBLIC KEYS AND ADDING THEM TO YOUR KEYRING ċ
ċ ċ
Lets say we receive a public key from a friend by mail. The key will show up
ċ ß ċ
in Thun derbird as an attached file. Scroll down the message and below you
ċ ċ
will find tabs with one or two file names. The extension of this public key file ċ
ċ ċ ċ ċ
will be .asc, different from the extension of an attached GPG sign ature, whichċċ
ends with .asc.sig
ċ ċ ċ
Look at the exam ple email in the next image, which is a received, sign ed GPG ċ
ċ ċ ċ ċ ċ
message con tain ing an attached public key. We notice a yellow bar with a ċ
ċ ċ ċ ċ ċċ
warn ing message: 'OpenPGP: Un verified sign ature, click on 'Details' button ċ ċ
ċ ċ ċ ċ ċċ
for more in form ation'. Thun derbird warns us that the sen der is not known
ċ ċ ċ
yet, which is correct. This will chan ge once we have accepted the public key. ċ
ċ ċ
What are all those stran ge characters doing in the mail message? Because ċ ċ
ċ ċ ċ ċċ
Thun derbird does not yet recogn ize the sign ature as valid, it prints out the
ċ ċċ ċ
en tire raw sign ature, just as it has received it. This is how digitally sign ed ċ ċ ċ
150
Daily PGP usage
ċ ċ ċ
GPG messages will appear to those recipients who do not have your public ċ
key.
ċ ċ ċ ċ ċ
The most im portant thing in this exam ple is to find the attached GPG public ċ
ċ ċ ċ
key. We men tioned it is a file that ends with .asc. In this exam ple it's the first
ċ ċ ċ ċ ċ
attach m ent on the left, in the red circle. Double-clicking on this attach m ent
ċ ċ ċ
will make Thun derbird recogn ize the key.
ċ ċ ċ ċ ċ
After we have clicked on the attach m ent, the following pop-up will appear. ċ
ċ ċ ċ ċ ċ
Thun derbird has recogn ized the GPG public key file. Click on 'Im port' to add
ċ ċ ċ ċ
this key to your keyring. The following pop-up should appear. Thun derbird ċ
ċ ċ ċ ċ ċ
says the operation was successful. Click on 'OK' and you are alm ost done.
151
ċ ċ
Email Enc ryption
ċ ċ
We are back in the main Thun derbird screen and we refresh the view on this ċ
ċ ċ ċ ċ ċ
particular exam ple message, by clicking on some other message and back for ċ
ċ ċ ċ ċ
exam ple. Now the body of the message looks different (see below). This time
ċ ċ ċ ċċ ċ
Thun derbird does recogn ize the sign ature, because we have added the public ċ
ċċ
key of the sen der.
ċ ċ
There is still one thing that rem ains. While Thun derbird now recogn izes the ċ ċ
ċċ ċ ċ ċ
sign ature, we should explicitly trust that the public key really belongs to the ċċ ċ
ċċ ċċ ċ
sen der in real life. We realize this when we take a closer look at the green bar
ċċ
(see below). While the sign ature is good, it is still UNT RUS T ED. ċ ċ
ċ ċ ċ
We will now decide to trust this particular public key and the sign atures ċċ
ċ ċ ċ
made by it. We can do this im m ediately by clicking on 'Details'. A small menu ċ
ċ
will appear (see below). From this menu we should click on the option 'Sign ċ
152
Daily PGP usage
ċ
Sen der's Key ...'.
ċ ċ ċ ċ
After we have selected 'Sign Sen der's Key ...' we will get an oth er selection ċ
ċ ċ ċ ċ
win dow (see below). We are requested to state how carefully we have chec Čċ
ċ ċ ċ
ked this key for validity. The explanation of levels of trust and trust networks ċ
ċ ċ ċ ċ ċČ
in GPG falls outside the scope of this docu m ent. We will not use this in form a
ċ ċ ċ
tion, therefore we will just select the option 'I will not an swer'. Also select the
ċ ċċ ċ ċ ċ ċ
option 'Local sign ature (can n ot be exported)'. Click on the 'OK' button to fin ċČ
ċ ċ ċċ ċ ċ ċ
ish ing sign ing this key. This fin ish es accepting the public key. You can now
ċ ċ ċ ċ
send en crypted mail to this in dividu al.
USING ċ
PUBLIC KEY SERVE RS ċ
ċ ċ ċ ċ ċ ċ ċ
An oth er meth od of distributing public keys is by putting them on a public ċ
ċ ċ ċ ċ
key server. This allows an yone to check wheth er your email address has GPG
ċ
support, and then download your public key.ċ
ċ ċ ċ
To put your own key on a keyserver, take the following steps.
153
ċ ċ
Email Enc ryption
ċċ ċ
1. Head to the key man ager by using the Thun derbird menu and click on Op ÒÓ
enPGP > Key Manage ment Ò Ò
ċ ċ ċ ċ
2. The key man agem ent win dow will be displayed and looks like this:
ċ ċ ċ ċ
3. You need to have selected the 'Display All Keys by Default' option to get a
list of all your keys. Lookup your own email address in the list and right click
ċ ċ ċ ċ
on the address. A selection win dow will appear with some options. Select the
ċ ċ ċ
option 'Upload Public Keys to Keyserver'. ċ
154
Daily PGP usage
ċ ċ ċ ċ
4. You will see a small dialog win dow like below. The default server to dis ċČ
ċ ċ
tribute your keys to is good. Press 'OK" and distribute your public key to the
world.
ċ ċ ċ
To look up wheth er some email address has a public key available on a server, ċ
ċ ċ
take the following steps.
ċċ ċ
1. Head to the key man ager by using the Thun derbird menu and click on Op ÒÓ
Ò Ò
enPGP > Key Manage ment
ċċ ċ Ò
2. In the key man ager win dow menu bar, select Keyserve r > Search for
Keys
155
ċ ċ
Email Enc ryption
ċ ċ
3. In this exam ple we will look-up up the key for the creator of PGP software,
ċ ċ
Philip Zim m ermann. After we have en tered the email address, we click on
'OK'.
ċ ċ ċ
4, The next win dow displays the result of our search. We have found the
ċ ċ ċ ċ ċ
public key. It is autom atically selected. Just click on 'OK' to im port the key.
156
Daily PGP usage
ċ ċ ċ ċ
5. Im porting the key will take some time. On com pletion you should see a
ċ
pop-up win dow like below.
ċċ ċ
6. The final step is to locally sign this key, to in dicate that we trust it. When
ċċ ċ
you are back in the key man ager, make sure you have selected the 'Display ċ
ċ ċ ċ ċ
All Keys by Default' option. You should now see the newly im ported key in
ċ
the list. Right-click on the address and select the option 'Sign Key' from the
list.
157
ċ ċ
Email Enc ryption
ċ ċ ċ ċċ ċ ċ Čċ
7. Select the options 'I will not an swer' and 'Local sign ature (can n ot be expor
ċċ
ted)', then click on 'OK'. You are now fin ish ed and can send Philip Zim ċČ
ċ ċ
mermann en crypted mail.
ċ
SIGNING ċ ċ
EM A ILS TO AN IN DIVIDUA L ċ
ċ ċ ċ ċ ċ
Digitally sign ing email messages is a way to prove to recipients that you are
ċ ċ ċċ ċ ċ ċ
the actu al sen der of a mail message. Those recipients who have received your
ċ ß ċ ċ
public key will be able to ver ify that your message is auth entic.
ċ ċ ċ
1. Offer your friend your public key, using the meth od described earlier in ċċ
ċ
this chapter.
ċ
2. In Thun derbird, click on the icon.
158
Daily PGP usage
ċ ċ ċ ċċ ċ
3. Before actually sen ding the mail, en able the Ope nPGP > Sign Message Ò Ò
ċ ċ
option via the menu bar of the mail com pose win dow, if it is not en able al ċ ċ ċČ
ċċ ċ
ready. Once you have en abled this option, by clicking on it, a marked sign ċ ċ
ċ ċ ċ ċ ċ
will appear. Clicking again should disable en cryption again. See the ex ċČ
ċ
am ple below.
4.Click on the ċ ċ
button and your sign ed mail will be sent.
SENDING ċċ ċ ċ
EN CRYPTED MAILS TO AN IN DIVIDUA L ċ ċ
ċ ċ
1. You should have received the public key from the friend or colleague you ċ
ċ
want to email and you should have accepted their public key, using the met ċ ċČ
ċ ċċ
hod describe earlier in this chapter. ċ
ċ
2. In Thun derbird, click on the icon.
ċ ċ
3. Com pose a mail to the friend or colleague, from who you have previously ċ ċ
ċ ċ Ò Ò Ò
received their public key. Re memb e r the sub ject line of the message will Ò
159
ċ ċ
Email Enc ryption
Ò Ò ċ
not be encrypt ed, only the message body itself, and any attach m ents. ċ ċ ċ
ċ ċ ċ ċċ ċ
4. Before actually sen ding the mail, en able the Ope nPGP > Encrypt Mes Ò Ò ÒÓ
ċ ċ
sage option via the menu bar of the mail com pose win dow, if it is not en abled ċ ċċ
ċ ċċ ċ
already. Once you have en abled this option, by clicking on it, a marked sign ċ ċ
ċ ċ ċ
will appear. Clicking again should disable en cryption again. See the ex ċ ċ ċČ
ċ
am ple below.
5.Click on the ċ ċ ċ
button and your en crypted mail will be sent.
A UTOMATING ċ ċ ċ ċ ċ
EN CRYPTION TO CERTAIN RE CIPIENTS ċ
You will often want to make sure all your messages to a certain colleague or ċ ċ ċ
ċ ċ ċ
friend are sign ed and en crypted. This is good practice, because you may for ċ ċ ċČ
ċ ċ ċ ċċ
get to en able the en cryption manu ally. You can do this by editing the per- ċ
ċ ċ
recipient rules. To do this we access the OpenPGP per-recipient rule editor.
Ò Ò Ò
Select Ope nPGP > Pre fere nces from the Thun derbird menu bar. ċ
160
Daily PGP usage
ċ ċ ċ ċ ċ
The preferences win dow will appear like below. We need to click on 'Display
ċ ċ
Expert Settings'.
ċ ċ ċ
New menu tabs will appear in the win dow. Go to the tab 'Key Selection' and
ċ
then click on the button labeled 'Edit Rules ...'
161
ċ ċ
Email Enc ryption
We are now shown the per-recipient rules editor (see below). This editor can
ċ ċ ċ ċ
be used to specify the way how messages to certain recipients are sent. We
ċ ċ ċ
will now add a rule saying we want to en crypt and sign all mail messages to
maildemo@greenhost.nl
ċ
First click on the 'Add' button.
ċ
Now the win dow to add a new rule will be shown.
ċ
The first thing we should enter is the email address of the recipient. In the ex ċČ
ċ ċ
am ple below we have en tered maildemo@greenhost.nl
162
Daily PGP usage
ċ ċ ċ
Now we will set the en cryption defaults by using the drop-downs below. For
ċ ċ ċ ċ ċ
Sign ing select 'Always'. For En cryption also select 'Always'.
163
ċ ċ
Email Enc ryption
ċċ ß ċ
Fin ally we have to select the pub lic key of the recipient, with which to en ċČ
ċ ċ ċ ċ ċ ċ
crypt our messages. Do not forget this im portant step, oth erwise the e-mail
ċ ċ ċ
will not be en crypted. Click on the button labeled 'Select Key(s)...'. The key
ċ ċ ċċ ċ
selection win dow will show up. The most obvious key will be selected by de ċČ
ċ ċ ċ ċ
fault. In the exam ple below, we only have one public key available. We can
ċ
select keys by clicking on the small box next to the address. Then we click
ċ ċ ċċ
'OK' and close all relevant win dows and we are fin ish ed.
164
Daily PGP usage
ċ ċ ċ
Decrypting email messages sent to you will be fully autom atic and trans ċ ċČ
ċ ċ ċ ċ ċ
parent. But it is obviously im portant to see wheth er or not a message to you ċ
ċ ċ ċ ċ ċ ċ
has in fact been en crypted or sign ed. This in form ation is available by looking ċ ċ
ċ ċ
at the special bar above the message body.
ċċ ċ ċ
A valid sign ature will be recogn ized by a green bar above the mail message ċ
ċ ċ
like the exam ple image below.
ċ ċ ċ ċ ċ ċ
The last exam ple message was sign ed but not en crypted. If the message had ċ
ċ ċ
been en crypted, it would show like this:
ċ ċ ċ
When a message which has been en crypted, but not sign ed, it could have ċ
ċċ ċ ċ
been a forgery by someone. The status bar will become gray like in the image
ċ ċ
below and tells you that while the message was sent securely (en crypted), the ċ ċ
ċċ
sen der could have been ċ
someone else than ċ
the person ċ
beh ind the email
ċ ċċ ċ
address you will see in the 'From' header. The sign ature is neccessaty to ver ċČ
ċċ ċ ċċ ċ ċ ċ
ify the real sen der of the message. Of cou rse it is perfectly possible that you
ċ ċ ċ ċ
have published your public key on the In tern et and you allow people to send ċ
165
ċ ċ
Email Enc ryption
ċ ċ ċ ċ
you em ails an onymously. But is it also possible that someone is trying to im ċ ċ ċČ
ċ
personate one of your friends.
ċ ċ ß
Similarly if you receive a sig ned email from somebody you know, and you ċ
ċ ċ
have this persons public key, but still the status bar becomes yellow and dis ċ ċ ċČ
ċ ċ ċċ ċ
plays a warn ing message, it is likely that someone is attempting to send you ċ ċ
ċ
forged em ails! ċ
ċ ċ ċ
Sometimes secret keys get stolen or lost. The owner of the key will in form his ċ
ċ ċ
friends and send them a so-called revocation certificate (more explanation of ċ ċ ċ
ċ ċ ċ
this in the next paragraph). Revocation means that we no longer trust the old ċ
ċ
key. The thief may afterwards still try his luck and send you a falsely sign ed ċċ ċ
ċ
mail message. The status bar will now look like this:
ċċ ċ ċ ċ
Stran gely en ough Thun derbird in this situation will still display a green status ċ
ċ ċ ċ
bar! It is im portant to look at the con tents of the status bar in order to un Čċ
ċ ċ ċ ċ
derstand the en cryption aspects of a message. GPG allows for strong security ċ ċ
ċ
and privacy, but only if you are familiar with its use and con cepts. Pay atten ċ ċ ċČ
ċ
tion to warn ings in the status bar.
ċ ċ
RE VOKING YOUR GPG KEY- PAIR
ċ ċ ċ
Your secret key has been stolen by somebody. Your harddisk crash ed and you ċ
have lost all your data. If your key is lost, you can no longer decrypt mes ċ ċ Čċ
ċ
sages. If your key has been stolen, somebody else can decrypt your com ċ ċ ċČ
ċ
munication. You need to make a new set of keys. The process of creating ċ ċ
ċ ċ
keys, using the OpenPGP wizard in Thun derbird, has been described in this ċ
ċ
manu al. But first you want to tell the world that your old public key is now ċ
worthless, or even dan gerous to use. ċ ċ
W HAT
166
TO DO WHEN YOU HAVE LOST YOUR SECRET KEY, OR FORG OT YOUR ċ ċ
Daily PGP usage
W HAT TO DO WHEN YOU HAVE LOST YOUR SECRET KEY, OR FORG OT YOUR ċ ċ
PASSPHRASE
ċ ċ ċ
During the creation of your key-pair, the OpenPGP wizard offered you the ċ
ċ ċ ċ ċ ċ
possibility to create a so-called revocation certificate. This is a special file you ċ
ċ ċ ċ
send to oth ers in the advent you have to disable your key. If you have a copy
ċċ ċ ċ ċ ċċ
of this file, sen ding the revocation key is simply sen ding the file as an attach ċ Čċ
ċ ċ
ment to all your friends. You can no longer send sign ed mails (obviously, be ċ ċ ċČ
ċ
cause you have lost your secret key). That doesn't matter. Send it as a norm al ċ ċ
mail. ċ ċ
The revocation ċ
certificate file could only have been created by the
ċ ċ
owner of the secret key and proofs he or she wants to revoke it. That's why it ċ
ċ ċ
should norm ally be kept hidden from oth ers. ċ ċ
ċ ċ ċ ċ
If you do not have the revocation certificate, there exists no other option than ċ
ċ ċ ċ ċ ċ
for you to con tact your friends personally and con vin ce them your key is lost
If you ċ ċ ċ
have reason to believe your secret key has been com promised, or ċ
ċ ċ ċ
worse your secret key and passphrase, it is very im portant to con tact oth ers ċ ċ
ċċ ċ ċ ċ
that they should stop sen ding you en crypted messages. With your secret key, ċ
ċ ċ ċ
other persons will be able to break the en cryption of your e-mail messages if ċ
they also have your passphrase. This is also true for those messages you haveċ
ċ ċċ
send in the past. Cracking the passphrase is not trivial, but it may be possible ċ
ċ ċ ċ ċ
if the party has lots of resources, like a state or a big organization for exam ple, ċ ċ
or if your passphrase is too weak. In any case you should assume the worst ċ
ċ ċ
and assume your passphrase may have been com promised. Send a revocation ċ ċ
ċ ċ ċ ċ
certificate file to all your friends or con tact them personally and in form themċ
of the situation.ċ
ċ
Even after you have revoked your old key pair, the stolen key may still be ċ
ċ ċċ ċ ċ ċ
used to decrypt your previous correspondence. You should con sider other ċ ċ
ċ ċ ċ ċ ċ ċ
ways to protect that old correspondence, for in stan ce by re-encrypting it with
ċ ċ ċ ċ ċ
a new key. The latter operation will not be discussed in this manu al. If you ċ
ċ ċ ċċ ċ
are un certain you should seek assistance from experts or lookup more in for ċ ċČ
167
ċ ċ
Email Enc ryption
ċ
mation on the web.
ċ ċ
RE CEIVING ċ ċ ċ
A RE VOCA TION CERTIFICATE
ċ ċ ċ
If one of your friends sends you a revocation certificate, s/he asks you to dis Čċ
ċ ċ
trust his public key from now on. You should always accept such a request ċ ċ
ċ ċ ċ ċ
and 'im port' the certificate to disable their key. The process of accepting a re ċ ċ ċČ
ċ ċ ċ ċ ċ ċ
vocation certificate is exactly the same as accepting a public key, as has al ċ ċČ
ċ ċ ċ
ready been described in the chapter. Thun derbird will ask you if you want to
ċ ċ
im port the 'OpenPGP key file'. Once you have done so, a con firm ation pop-up ċċ ċ
ċ
should be displayed like below.
PRE PARINGċ ċ ċ
FOR THE WORST: BACKUP YOUR KEYS
ċ
Your keys are usually stored on your hard disk as norm al files. They may getċ
ċ ċ ċ ċ
lost if your com puter gets damaged. It is strongly advised to keep a backup of ċ
ċ ċ
your keys in a safe place, like a vault. Making a a backup of your secret key ċ
ċ ċ ċ ċ ċ
has an oth er security advantage as well. Whenever you fear your laptop or ċ
ċ ċ ċ ċ ċċ
com puter is in im m ediate danger of being con fiscated, you can safely delete ċ ċ
ċ ċ ċ ċ
your key-pair. Your email will be ren dered un readable im m ediately. At a later ċ
ċ
stage, you can retrieve your keys from the vault and re-import them in Thun ċČ
derbird.
ċ
To make a backup of your key-pair, first head to the key man ager by using ċċ
ċ Ò
the Thun derbird menu and click on Ope nPGP > Key Manage ment. Ò Ò
ċ ċ ċ
You need to have selected the 'Display All Keys by Default' option to get a list ċ
of all your keys. Lookup your own email address in the list and right click on
ċ ċ ċ
the address. A selection win dow will appear with some options. Select the ċ
ċ ċ
option 'Export Keys to File'.
168
Daily PGP usage
ċ
Now we will save the key-pair to a file. Thun derbird asks us if we want to in ċČ
ċ ċ ċ
clude the secret key as well. We do want to in clude the secret key, therefore
ċ
we select 'Export Secret Keys'.ċ
ċċ ċ ċċ
Fin ally Thun derbird asks us for the location of the key file. You can store the
ċ ċ ċ ċ ċ
file an ywh ere you like, network disk, USB-stick. Just rem ember to hide it
ċ ċċ ċċ ċ
website of the En igm ail plugin. The En igm ail han dbook is the guide you will
want to use.
ċ ċ ċ
http://enigm ail.mozdev.org/documen tation/handbook.php.html
169
ċ ċ
Email Enc ryption
170
Passwords
Passwords
172
KEEPING Ò PASSWORDS SAFE
ċ ċ
Passwords are for the com puter world basically what keys are in the physical ċ ċ
world. If you lose a password you will not be able to get in, and if oth ers copy ċ
or steal it they can use it to enter. As a minim um measure a good password ċ
ċ
should not be easy to guess by people and not easy to crack by com puters, ċ ċ
ċ
while still easy en ough for you to rem ember. ċ ċ
PASSWORD LENGTH AND COM PLEXITY ċ ċ
ċ
To protect your passwords from being guessed, length and com plexity are theċ ċ ċ
ċ
key factors. Passwords like the name of your pet or a birth date are very un Čċ
ċ ċ ċ ċċ
safe; also any word that appears in a dictionary is easily guessed by a com put ċ ċ ċČ
er. You should also never use a password con tain ing only numbers. You ċ ċ ċ
ċ ċ ċ ċ
should use a password con tain ing a com bination of lower case letters, capit ċ ċČ
ċ ċ ċ
als, numbers and special characters and it should have a minim um length of 8 ċ
ċ
characters for basic security. ċ
MINIMIZING ċ DAMAGE
ċ
If your password is leaked or guessed, it is very im portant to minim ize the ċ ċ ċ
ċ
damage as much as possible. To this end there are two measures you can
ċ ċ
take. Firstly, be sure to keep different passwords for different sites, oth erwise ċ ċ ċ
ċ
if your password for one site is com promised it is very easy for the attacker to ċ ċ
ċ ċ
gain access to your other accounts. You can for exam ple do this by choosing ċ ċ ċ
a few basic passwords to which you add a unique suffix per site. Secondly, ċ ċ ċ
ċ
chan ge your password from time to time, at least for th ings you con sider to ċ ċ ċ
ċ ċ ċ
be sen sitive. In that way, if an attacker has got access to your account with ċ ċ ċČ
ċ ċ
out you noticing, you effectively block him out. ċ
ċ
PHYSICAL ċ ċ
PROTECTION
173
Passwords
PHYSICAL ċ ċ ċ
PROTECTION
ċ ċ ċ
Especially if you are traveling and using in tern et cafes, or ċ ċ
ċ ċ ċ ċ
other un trusted com puters, you have to be aware that
ċ ċ
browsing). A second typical threat is the presence of key ċċ
ċ ċ
loggers. Key loggers are software or hardware devices that record keystrokes, ċ ċ
ċ ċ ċ ċ
they can be hidden in side a com puter or keyboard and hence totally in visible ċ ċ ċ
ċ
to you. Be very careful what you do in those places and which sites you visit
ċċ
there. If you really have to use such a place be sure to chan ge your passwords ċ
ċ ċ ċ
as soon as possible. For more tips on In tern et Cafes read the chapter on them. ċ
EASY- TO- REMEMBER AND SECURE PASSWORDS
ċċ
"this book really helps for securing my digital life!" ċ ċċ
Take for ċ ċ
in stan ce the first ċ
letter of every word:
"tbrhfsmdl" and now add some more substitu tions, the "f" can be the 4 (for ċ ċ
ċ
"for") and we can add some capitals and special characters. The end result ċ ċ ċ
ċċ
might be someth ing like "TbRh4$mdL!" Which is secure and easy to rem emb ċ ċČ
er. Just try to think of a system ċ that works for you to ċ
rem ember ċ the
ċ ċ ċ
passwords. Altern atively you might want to use one strong password that is
ċ ċ
easy to rem ember and keep all your other secure (less easy to rem ember) ċ ċ
passwords by using a tool that keeps them securely on your com puter or ċ ċ ċ
phone.
USING
174
ċ
AN APPLICA TION TO KEEP YOUR PASSWORDS
ċ
Keepi ng passwords safe
USING ċ
AN APPLICA TION TO KEEP YOUR PASSWORDS
Even easy-to-remember passwords might be difficult to man age. One solu tion ċ ċ ċċ
ċ ċ
is to use a dedicated application to man age most of your passwords. The ċ
ċ ċ
application we will discuss is Keepass which is a free and open password man ċČ
ċ ċ
ager that is con sidered to be secure (given that you chose a sane and secure
ċ
"master password" for the keepass application). ċ
ċ ċ
For website passwords a more con venient solu tion that is probably safe en ċċ ċ ċ ċČ
ough for most of your passwords is to use the built-in password man ager of ċċ
ċ ċ
the Firefox browser. Be sure to set a master password as is explained in the ċ
ċ ċ ċ ċ
chapter on safe browsing, oth erwise this is very in secure! Other browsers ċ ċ
might also come with built-in password man agers, but rem ember that if you ċċ ċ ċ
ċ ċ
don't have to un lock them with a master password they are mostly un safe ċ ċ
ċċ ċ ċ ċ ċ ċ
and easily retrievable by attackers having access to your com puter. ċ ċ ċ
ċ
PROTECT YOUR ċ
W EBSITE PASSWORDS
ċ ċ ċ ċ
Browsers offer to save the login in form ation and passwords for websites you ċ
use. If you choose to save the passwords, you should make sure that the
passwords are stored in a safe way. See the chapter about Keeping your in ter ċ ċ ċ ċČ
net passwords safe in Firefox.
C AVEATS
ċ ċ ċ
If an applica t ion on your com p ut e r, like a chat or mail pro ċČ
gram, stores the password it uses, and you are not asked for
ċ ċ ċ
it after re opening the program, it often means that it can be
ċċ ċ ċ ċ
eas ily re t rieved from your com p ut e r by some one having ac ċ ċ Čċ
ċ ċ ċ
cess (phys ical or ot herwise) to it.
ċ ċ ċ ċ
If your login inf orm a t ion is sent over an ins ecure connect ion ċ ċ
ċ
or channel, it might fall into the wrong hands. (see the chapt ċČ
ċ ċ ċ ċ
ers on secure brows ing for more inf orm a t ion)
passwords.
175
Passwords
176
Ò Ò
IN STALLING KEEPASS
ċ ċ
We will cover in stalling KeePass on Ubun tu and Win dows. ċ ċ
ċ ċ
Mac OSX comes with an excellent built-in password man Čċ
ċ ċ Ò
ager called Keychain that is just as safe. Downsides are
ċ
that it isn't Open Source and doesn't work on other sys ċČ
tems. If you'd need to take your passwords from one Op ċČ
ċ
erating System ċ to ċ ċ
an oth er it is better ċċ to stick with
ċ
Enter your password and press 'Auth enticate' the in stallation process will ċ ċċ ċ
then begin.
ċ ċ
Ubun tu does not offer very good feedback to show the software is in stalled. If ċ ċ
177
Passwords
ċ ċ ċ
the green progress in dicator on the left has gone and the progress bar on the
ċ
right has gone then you can assumed the software is in stalled.ċ ċ
ċ ċ
INSTALLING KEE PASS ON W INDOWS ċ
ċ ċ
First visit the KeePass download webpage (http://keepass.in fo/download.html)
ċ ċ ċ ċ ċ
and choose the appropriate in staller. For this chapter we are using the current
ċ ċ ċ ċ
in staller (KeePass-2.15-Setup.exe which can also be directly downloaded from
here http://downloads.sourceforge.net/keepass/KeePass-2.15-Setup.exe).
ċ ċ ċ ċ ċ
Download this to your com puter then double click on the in staller. You will
ċ ċ
first be asked to select a lan guage, we will choose En glish:
ċ ċ
Press 'OK' and you will be shown the following screen: ċ
178
ċ ċ
Install i ng KeePass
ċ
Just press 'Next >' and go to the next screen :
ċ ċ ċ ċ ċ ċ
In the screen shown above we must select 'I accept the agreem ent' oth erwise
ċ ċ
we will not be able to in stall the software. Choose this option and then press
ċ ċ ċ ċ ċ ċ Čċ
'Next >'. In the next screen you will be asked to determ ine the in stallation loc
ċ ċ ċ
ation. You can leave this with the defaults un less you have good reason to ċ
ċ
chan ge them.
179
Passwords
ċ
Click on 'Next >' and con tinue.
ċ
The above image shows the KeePass com ponents you can choose from. Just
ċ ċČ
leave the defaults as they are and press 'Next >'. You will come to a new scre
en:
180
ċ ċ
Install i ng KeePass
ċ ċ ċ ċ ċ
This doesn't do an yth ing but give you a sum m ary of your options. Press 'In ċČ
ċ ċċ ċ
stall' and the in stallation process will begin.
ċ ċ
INSTALLING KEE PASS ON MAC OS X
181
Passwords
ċ ċ
INSTALLING KEE PASS ON MAC OS X
ċ
Although Keych ainċ in Mac OS X does an ċ ċ
excellent job of ċ
storing your
passwords, you may want to run your own password database and man ager. ċċ
ċ ċ
KeePass allows this added flexibility. First visit the KeePass download web ċČ
ċ
page (http://keepass.in fo/download.html) and choose the appropriate in staller. ċ ċ ċ
ċ ċ ċ ċ ċ ċ
Although the official in stallers are listed at the top of the page, there are un of ċ ċČ
ċ ċ ċ
ficial/contributed in stallers furth er down. Scroll down to findKeePass 2.x for
Mac OS X:
As this is an ċ ċ
extern al link, your ċ
browser will be ċ ċ
redirected
tohttp://keepass2.openix.be/:
182
ċ ċ
Install i ng KeePass
ċ
Note here that you must in stall the Mono framework first, so that KeePass
ċ ċ
DMGs in your downloads folder to un pack the volumes to your desktop. ċ
The Mono ċ
Package ċ ċ
in staller is ċ
called 'MonoFramework-MRE-
ċ
2.10.5_0.macos10.xamarin.x86.pkg', so double-click on this docu m ent in the
ċ
MonoF ramework volume on your desktop: ċ
183
Passwords
ċ ċ
The in staller will open and run:
ċ ċ ċ
Follow each of the steps by clicking 'Con tinue', the next step being 'Read Me'.
ċ ċ ċ ċ ċ ċ ċ
In h ere is im portant in form ation such as all of the files that the package will
ċ ċ ċ ċ ċ ċ ċ
in stall, in cluding in form ation on how to unin stall Mono:
184
ċ ċ
Install i ng KeePass
ċ ċ
ċ ċ ċ ċ
Click 'Con tinue' to the next screen, the licen se. Clicking 'Con tinue' on the li Čċ
ċ ċ ċ ċ ċ ċ
cen se screen pops up the agree/disagree dialogue box. If you agree with the li ċČ
ċ ċċ ċ ċċ ċ
cen se con ditions, the in stallation will con tinue:
ċ ċ ċ ċċ ċ ċċ
The following two steps in the in stallation ask you to choose an in stallation
ċ ċ ċ ċ
destination, and check there is en ough space on the in stall disk. When the in ċČ
ċċ ċ ċ
stallation has com pleted, you will see this screen:
185
Passwords
186
Ò Ò
EN CRYPTING PASSWORDS WITH A PASSWORD
MAN A GER Ò Ò
ċ ċ
To en crypt password we use KeePass on Win dows and KeePassX Ubun tu, ċ
ċ ċċ
and Keych ain on OSX. The basic prin ciple is the same; you have a file on
ċ ċ ċ ċ
your com puter which is en crypted with one single very secure password. This
ċ ċ ċ ċ
is sometimes referred to as a 'Master Password', 'Admin-Password', 'Root-
ß
Password' etc. but they are all the ultimate key to all your other keys and
ċ ċ
secure data. For this reason you can't and shouldn 't think to light about creat ċČ
ing this password.
ċċ
If a password man ager is part of your OS (like it is with OSX) it un locks auto ċ Čċ
ċ ċ
matically for you after you login to your account and so open ing secure in ċċ ċČ
ċ ċ ċ
form ation like passwords. For this, and other, reasons you should disable ċ
ċ ċ ċ ċ
'Autom atically Login'. When you start-up your com puter you should always ċ
ċċ ċ ċ ċ
have to login and, even better, set your com puter to autom atically logout or ċ
ċ
lock the screen after a set amount of time.
ċ ċ
ENCRYPTING PASSWORDS WITH KEE PASSX ON UBUNTU ċ
First open KeePassX from the Applications->Accessories -> KeePassX menu.
The first time you use KeePassX you need to set up a new database to store
ċ
You will be asked to set a master key (password).
ċ
Choose a strong password for this field - refer to the chapter about passwords
if you would like some tips on how to do this. Enter the password and press
'OK'. You then are asked to enter the password again. Do so and press 'OK'. If
the passwords are the same you will see a new KeePassX 'database' ready for
you to use.
187
Passwords
ċ
Now you have a place to store all your passwords and protect them by the
ċ ċ ċ ċ ċ ċ
'master' password you just set. You will see two default categories 'In tern et'
ċ ċ
and 'Email' - you can store passwords just under these two categories, you
ċ ċ ċ ċ ċ
can delete categories, add sub-groups, or create new categories. For now we
just want to stay with these two and add a password for our email to the
ċ ċ
email group. Right click on the email category and choose 'Add New Entry...':
ċ ċ ċ
So now fill this form out with the details so you can correctly identify which ċ
ċ ċ
email account the passwords are associated with. You need to fill out the
ċ ċ
fields 'Title' and the password fields. All else is option al.
ċ ċ
KeePassX gives some in dication if the passwords you are using are 'strong' or
ċ
'weak'...you should try and make passwords stronger and for advice on this ċ
ċ ċ
read the chapter about creating good passwords. Press 'OK' when you are
ċċ
done and you will see someth ing like this:
ċ ċ ċ
To recover the passwords (see them) you must double click on the enter and
ċ ċ ċ ċ ċ ċ
you will see the same win dow you used for recording the in form ation. If you
click on the 'eye' icon to the right of the passwords they will be con verted ċ ċ
from stars (***) to the plain text so you can read it.
Now you you can use KeePassX to store your passwords. However before ċ ċ
ċ ċ
getting too excited you must do one last thing. When you close KeePassX
ċ
(choose File->Quit) it asks you if you would like to save the chan ges you have
made.
188
ċ ċ
Enc rypti ng Passwords with a Password Manag er ċċ
Press 'Yes'. If it is the first time you used KeePassX (or you have just created a
new database) you must choose a place to store your passwords. Oth erwise it ċ ċ
ċ ċ ċ ċ
will save the updated in form ation in the file you have previously created. ċ ċ
ċ
When you want to access the passwords you must then open KeePassX and
ċ ċ
you will be asked for the master key. After typing this in you can add all your
ċċ
passwords to the database and see all your en tries. It is not a good idea to open
ċ ċ ċ
passwords if they can access your com puter. In stead get into the practice of ċ ċ
ċċ
just open ing it when you need it and then closing it again. ċ
ċ ċ
ENCRYPTING PASSWORDS WITH KEE PASS ON W INDOWS ċ
ċ ċ ċ
After you in stalled KeePass on Win dows you can find it in the application ċ
ċ ċ ċ
menu. Launch the application and the following win dow should appear. ċ ċ
ċ
You start by making a database, the file which will con tain your key. From ċ
the menu select File > New. You have to chose the name and the location of ċċ
ċ ċ
the file in the dialog win dow below. In this exam ple we call our database ċ ċ
ċ
'my_password_database'.
ċ ċ
The next screen will ask you for the master password. Enter the password
and click on 'OK'. You will not need to select an yth ing else. ċ ċ
ċ ċ ċ
The next win dow allows you to add special con figuration settings for your ċ ċ ċ
ċ ċ
new database. We do not need to edit an yth ing. Just click on 'OK'.
ċ ċ
Now the main win dow appears again and we see some default password cat ċ ċČ
189
Passwords
ċ
egories on the left side. Lets add a new password in the category 'In tern et'. ċ ċ ċ ċ
ċ ċ
First click on the word 'In tern et', then click on the add entry icon under
ċ
A widow will appear like below. Use the fields to give a description of this ċ ċ
ċ ċċ
particular password, and of cou rse, enter the password itself. When done, ċ
click on 'OK'.
ċ ċ
ENCRYPTING PASSWORDS WITH ċ
KEYCHAIN ON MAC OSX
Mac OSX comes pre-installed with the build in password man ager 'Keych ain'. ċċ ċ
ċ ċ ċċ
Because of it's tight in tegration with the OS most of the time you will hardly ċ
ċ
know it exists. But every now and then you will have a pop-up win dow in al ċ Čċ
ċ ċċ
most any application asking 'do you want to store this password in your keyc ċČ
ċ
hain?'. This happens when you add new email accounts to your mail client, ċ
ċ ċ ċ
login to a protected wireless network, enter your details in your chat client ċ
etc. etc. etc.
ċ ċ ċċ
Basically what happens is that Mac OSX offers you to store all that login data
ċ ċ ċ
and different passwords in an en crypted file which it un locks as soon as you ċ
ċ
login to your account. You can then check your mail, logon to your WiFi and
ċ ċ
use your chat client with out having to enter your login data all the time over
ċ ċ
and over again. This is a fully autom ated process, but if you want to see what
is stored where and alter passwords, or lookup a password you will have to
ċ
open the Keych ain program. ċ
ċ ċ ċ
You can find the Keych ain program in the Utilities folder which lives in the ċ
ċ
Applications folder. ċ
When you open it you will see that your 'Login' keych ain is un locked and see ċ ċ ċ
190
ċ ċ ċċ
Enc rypti ng Passwords with a Password Manag er
ċ ċ
all the items con tained in it on the right bottom side of the win dow.ċ
ċ ċ ċ ċ
(note: the win dow here is empty because it seemed to be deceiving the pur ċČ
ċ ċ ċ ċ
pose of this manu al to make a screenshot of my person al keych ain items and
ċ ċ ċ
You can double click any of the items in the Keych ain to view it's details and
ċ
tick 'Show password:' to see the password associated with the item.
ċ
You will note that it will ask you for your master or login password to view
the item.
ċ ċ ċ
You can access modify any of the items and also use the Keych ain to securely ċ
save any bits and pieces of text using the notes. To do this click on notes and
than choose 'New secure Note item' from the file menu.
That's it
191
Passwords
192
Safer Browsing
Safer Browsing
194
ACCESSING FIREFOX ON UBUNTU
Ubuntu system (or other GNU/Linux systems) that is also possible and is
explained below.
Accessing it is easy. Click on the Unity side bar where you see the Firefox
icon:
If you want to upgrade the version of Firefox included with Ubuntu to the
https://help.ubuntu.com/community/FirefoxNewVersion
195
Safer Browsing
196
INSTALLING ON MAC OS X
green button labeled "Firefox Free Download.", and the download starts. If it
197
Safer Browsing
3. Click and hold the Firefox icon, then drag it on top of the Applications
icon. When it is on top of the Applications icon, release the mouse button.
This starts copying the program files to the Applications directory on your
computer.
4. When the installation step is finished, close the two small Firefox windows.
5. Eject the Firefox disk image. If this does not work by normal means, select
the disk image icon and then, in the Finder menu, select File > Eject Firefox.
6. Now, open the Applications directory and drag the Firefox icon to the
dock:
198
Installing on Mac OS X
7. Click either icon (in the Dock or the Applications folder) to start Firefox. The
8. To import your bookmarks, passwords and other data from Safari, click
199
Safer Browsing
screen, which tells you about your rights under the Mozilla
10. Close the Welcome to Firefox page (click the x in the tab at the top of the
If you have permission problems when trying to copy Firefox from the disk
200
Installing on Mac OS X
image to your Applications folder, first try deleting your old Firefox copy,
then proceeding.
If you're installing a beta and that you want to keep your former Firefox
copy, first rename your old Firefox copy to something like "Firefox old" and
201
Safer Browsing
202
INSTALLING FIREFOX ON WINDOWS
http://www.mozilla.com/firefox/system-
requirements.html
and recommends the best edition(s) of Firefox for you. If you want to
than the one detected, click "Other Systems and Languages" to see a list of
203
Safer Browsing
2. Click the download button and the setup file will begin to download to your
clicking Continue.
4. Click Next to continue. The Setup Type screen appears. A "Standard" setup
204
Installing Firefox on Windows
experienced users).
5. Firefox installs itself as your default browser. If you do not want Firefox to
be your default browser, clear the check box Use Firefox as my default
web browser.
205
Safer Browsing
6. Click Next.
7. Firefox asks whether to import the settings, like bookmarks, from other
browsers. Select the browser you are currently using, then click on Next.
8. Firefox will confirm you have imported the setting and continue the
206
Installing Firefox on Windows
If the Launch Firefox now check box is checked, Firefox will start after you
click Finish.
If at any time throughout the installation process you are prompted with a
T ROUBLESHOOTING
http://support.mozilla.com/kb/Firefox+will+not+start
207
Safer Browsing
208
EXTENDING FIREFOX
power.
also collect and transmit information about you. Before you install any add-
on, keep in mind to choose add-ons from trusted sources. Otherwise, an add-
on might share information about you without your knowing, keep a record
Plugins help Firefox handle things it normally can't process (i.e. Flash
For the topics covered in this book we are only going to need extensions. We
will look at some add-ons that are particularly relevant for dealing with
add dictionaries for different languages, track the weather in other countries,
get suggestions for Web sites that are similar to the one you are currently
viewing, and much more. Firefox keeps a list of current extensions on its site
https://addons.mozilla.org/firefox/browse.
209
Safer Browsing
While no tool can protect you completely against all threats to your online
privacy and security, the Firefox extensions described in this chapter can
significantly reduce your exposure to the most common ones, and increase
HTTPS EVERYWHERE
text. Many sites on the Web offer some support for encryption over HTTPS,
but make it difficult to use. For instance, they may connect you to HTTP by
default, even when HTTPS is available, or they may fill encrypted pages with
links that go back to the unencrypted site. The HTTPS Everywhere extension
HTTPS on a particular list of sites and can only use HTTPS on sites that have
chosen to support it. It cannot make your connection to a site secure if that
Please note that some of those sites still include a lot of content, such as
images or icons, from third party domains that is not available over HTTPS.
mark, you may remain vulnerable to some adversaries that use active attacks
210
Extending Firefox
Some Web sites (such as Gmail) provide HTTPS support automatically, but
attacks, in which an attacker hides the HTTPS version of the site from your
everywhere.
Installation
First, download the HTTPS Everywhere extension from the official Web site:
https://www.eff.org/https-everywhere
Select the newest release. In the example below, version 2.2 of HTTPS
211
Safer Browsing
Click on "Allow". You will then have to restart Firefox by clicking on the
C ONFIGURATION
the Tools menu at the top of your screen and then select Add-ons. (Note that
A list of all supported Web sites where HTTPS redirection rules should be
rule, you can uncheck it here. In that case, HTTPS Everywhere will no
Usage
http://www.google.com).
212
Extending Firefox
action is needed.
213
Safer Browsing
Your network operator may decide to block the secure versions of Web sites
in order to increase its ability to spy on what you do. In such cases, HTTPS
Everywhere could prevent you from using these sites because it forces your
browser to use only the secure version of these sites, never the insecure
version. (For example, we heard about an airport Wi-Fi network where all
HTTP connections were permitted, but not HTTPS connections. Perhaps the
Wi-Fi operators were interested in watching what users did. At that airport,
users with HTTPS Everywhere were not able to use certain Web sites unless
In this scenario, you might choose to use HTTPS Everywhere together with a
214
Extending Firefox
You can add your own rules to the HTTPS Everywhere add-on for your
favorite Web sites. You can find out how to do that at:
that they teach HTTPS Everywhere how to ensure that your access to these
sites is secure. But remember: HTTPS Everywhere does not allow you to
access sites securely unless the site operators have already chosen to make
their sites available through HTTPS. If a site does not support HTTPS, there
If you are managing a Web site and have made an HTTPS version of the site
available, a good practice would be to submit your Web site to the official
A DBLOCK PLUS
that may try to track you. To keep current with the latest threats, Adblock
policies) and any extension can register one. So all that Adblock Plus has to
do is to register its content policy, other than that there is only application
logic to decide which addresses to block and user interface code to allow
215
Safer Browsing
configuration of filters.
1. Download the latest version of Adblock Plus from the Add-On database of
Firefox
3. After Adblock Plus has been installed, Firefox will ask to restart.
Adblock Plus by itself doesn't do anything. It can see each element that a Web
site attempts to load, but it doesn't know which ones should be blocked. This
is what Adblock's filters are for. After restarting Firefox, you will be asked to
Which filter subscription should you choose? Adblock Plus offers a few in its
216
Extending Firefox
dropdown menu and you may wish to learn about the strengths of each. A
http://easylist.adblockplus.org/en).
As tempting as it may seem, don't add as many subscriptions as you can get,
But it collides with Fanboy's List (another list with main focus on English-
language sites).
You can always change your filter subscriptions at any time within
AdBlock Plus also lets you create your own filters, if you are so inclined. To
add a filter, start with Adblock Plus preferences and click on "Add Filter" at
the bottom left corner of the window. Personalized filters may not replace the
benefits of well-maintained blacklists like EasyList, but they're very useful for
blocking specific content that isn't covered in the public lists. For example, if
you wanted to prevent interaction with Facebook from other Web sites, you
||facebook.*$domain=~facebook.com|~127.0.0.1
The first part (||facebook.*) will initially block everything coming from
an exception that tells the filter to allow Facebook requests only when you
are in Facebook or if the Facebook requests come from 127.0.0.1 (your own
A guide on how to create your own Adblock Plus filters can be found at
http://adblockplus.org/en/filters.
Web sites
You can see the elements identified by AdBlock Plus by clicking on the ABP
icon in your browser (usually next to the search bar) and selecting
you can disable AdBlock Plus for a specific domain or page by clicking on the
ABP icon and ticking the option "Disable on [domain name]" or "Disable on
Below is a short list of extensions that are not covered in this book but are
Flagfox - puts a flag in the location bar telling you where the server
US/firefox/addon/flagfox/
Some of them are used to track the sites you are visiting by advertisers.
https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
https://addons.mozilla.org/en-us/firefox/addon/googlesharing/
218
PROXY SETTINGS
A proxy server allows you to reach a Web site or other Internet location even
when direct access is blocked in your country or by your ISP. There are
Web proxies, which only require that you know the proxy Web site's
bin/nph-proxy.cgi
HTTP proxies, which require that you modify your Browser settings. HTTP
proxies only work for Web content. You may get the information about a
SOCKS proxies, which also require that you modify your Browser settings.
mail and instant messaging tools. The SOCKS proxy information looks just
You can use a Web proxy directly without any configuration by typing in the
URL. The HTTP and SOCKS proxies, however, have to be configured in your
Web browser.
In Firefox you can change the settings for using a proxy you'll have to open
the Options or Preferences window of Firefox. You can find this in the menu,
by clicking on the top of the Window and selecting Edit > Preferences.
219
Safer Browsing
information of the proxy server you want to use. Please remember that
HTTP proxies and SOCKS proxies work differently and have to be entered in
the corresponding fields. If there is a colon (:) in your proxy information, that
is the separator between the proxy address and the port number. Your screen
220
Proxy Settings
After you click OK, your configuration will be saved and your Web browser
you get an error message such as, "The proxy server is refusing connections"
or "Unable to find the proxy server", there is a problem with your proxy
configuration. In that case, repeat the steps above and select "No proxy" in the
221
Safer Browsing
222
USING TOR?
previous server.
Use of this system makes it more difficult to trace internet traffic to the user,
including visits to Web sites, online posts, instant messages, and other
Like all current low latency anonymity networks, Tor cannot and does not
network, i.e., the traffic entering and exiting the network. While Tor does
parties. So: the location of the user remains hidden; however, in some cases
content is vulnerable for analysis through which also information about the
223
Safer Browsing
The Tor Browser Bundle lets you use Tor on Windows, OSX and/or Linux
without requiring you to configure a Web browser. Even better, it's also a
portable application that can be run from a USB flash drive, allowing you to
You can download the Tor Browser Bundle from the torproject.org Web site
that is multiple files of 1.4 MB each which may proof easier to download on
slow connections.
If the torproject.org Web site is filtered from where you are, type "tor
mirrors" in your favorite Web search engine: The results probably include
readhttps://www.torproject.org/docs/verifying-
signatures
(You can also download the GnuPG software that you will need to
http://www.gnupg.org/download/index.en.html#auto-ref-2)
224
Using Tor?
1. In your Web browser, enter the download URL for Tor Browser:
https://www.torproject.org/download/download
2. Click the link for your language to download the installation file.
3. On windows double-click the .EXE file you just downloaded. A "7-Zip self-
4. Choose a folder into which you want to extract the files and click "Extract".
225
Safer Browsing
Note: You can choose to extract the files directly onto a USB key or
5. When the extraction is completed, open the folder and check that the
1. In your Web browser, enter the URL for the split version of the Tor Browser
link for your language to get to a page that looks like the one for English
below:
226
Using Tor?
2. Click each file to download it (one ending in ".exe" and nine others ending in
".rar"), one after the other, and save them all in one folder on your hard- or
USB-drive.
3. Double-click the first part (the file whose name ends in ".exe"). This runs a
4. Choose a folder where you want to install the files, and click "Install". The
227
Safer Browsing
program displays messages about its progress while it's running, and then
quits.
5. When the extraction is completed, open the folder and check that the
USING T OR B ROWSER
currently running.
Close Tor. If Tor is already installed on your computer, make sure it is not
currently running.
In the "Tor Browser" folder, double-click "Start Tor Browser". The Tor control
panel ("Vidalia") opens and Tor starts to connect to the Tor network.
228
Using Tor?
TorCheck page and then confirms if you are connected to the Tor network.
This may take some time, depending on the quality of your Internet
connection.
229
Safer Browsing
If you are connected to the Tor network, a green onion icon appears in the
Try viewing a few Web sites, and see whether they display. The sites are
likely to load more slowly than usual because your connection is being routed
If the onion in the Vidalia Control Panel never turns green or if Firefox
opened, but displayed a page saying "Sorry. You are not using Tor", as in the
If you see this message, close Firefox and Tor Browser and then repeat the
steps above. You can perform this check to ensure that you are using tor, at
If Firefox browser does not launch, another instance of the browser may be
1. Open the Windows Task Manager. How you do this depends on how your
computer is set up. On most systems, you can right-click in the Task Bar
231
Safer Browsing
4. If you find one, select the entry and click "End Process".
If Tor Browser still doesn't work after two or three tries, Tor may be partly
blocked by your ISP and you should try using the bridgefeature of Tor.
A LTERNATIVES
There are two other projects that bundle Tor and a browser:
(http://xerobank.com/xB_Browser.php)
(http://archetwist.com/en/opera/operator)
232
Using VPN
Using VPN
234
GETTING, SETTING- UP AND TESTING A VPN
ACCOUNT
In all the VPN systems, there is one computer set up as a server (in an
unrestricted location), where one or more clients connect to. The set up of
the server is out of the scope of this manual and the set up of this system is in
general covered by your VPN provider. This server is one of the two ends of
the encrypted tunnel. It is that important the company running this server
Please keep in mind that an account can often only be used on one device
concurrently. If you want to login on a VPN with both your mobile and
There are multiple VPN providers out there. Some will give you free trial
time, others will begin charging right away at an approximate rate of 5 ¬ per Ė
month. Look for a VPN provider that offers OpenVPN accounts - it is an Open
When choosing an VPN provider you need to consider the following points:
needed the better. A truly privacy concerned VPN provider would only ask
you for email address (make a temporary one!), username and password.
More isn't required unless the provider creates a user database which you
probably the most privacy-prone method, however slow it does not link
your bank account and your VPN network ID. Paypal can also be an
acceptable option assuming that you can register and use a temporary
account for every payment. Payment via a bank transfer or by a credit card
Avoid VPN providers that require you to install their own proprietary client
235
Using VPN
software. There is a perfect open source solution for any platform, having to
Look for a VPN provider that's using OpenVPN - an open source, multi-
come from a different part of the world. You need to be aware of legislation
Anonymity policy regarding your traffic - a safe VPN provider will have a
Allowed protocols to use within VPN and protocols that are routed to the
Any known issues in regard to anonymity of the users the VPN provider
might have had in the past. Look online, read forums and ask around. Don't
There are several VPN-review oriented places online that can help you make
http://www.bestvpnservice.com/vpn-providers.php
http://vpncreative.com/complete-list-of-vpn-providers
http://en.cship.org/wiki/VPN
"OpenVPN [..] is a full featured SSL VPN software solution that integrates
control." (http://openvpn.net/index.php/access-server/overview.html)
236
Getting, setting-up and testing a VPN account
level of security they provide, and which operating systems they are available
exchange algorithm. For this to work and in order to communicate, both the
server and the client need to have public and private RSA keys.
Once you got access to your VPN account the server generates those keys
and you simply need to download those from the website of your VPN
provider or have them sent to your email address. Together with your keys
you will receive a root certificate (*.ca) and a main configuration file (*.conf or
*.ovpn). In most cases only the following files will be needed to configure and
parameters and settings. NOTE: in some cases certificates and keys can
come embedded inside the main configuration file. In such a case the below
server, used to sign and check other keys issued by the provider.
In most cases, or unless necessary you don't need to change anything in the
configuration file and (surely!) do not edit key or certificate files! All VPN
providers have thorough instructions regarding the setup, read and follow
237
Using VPN
NOTE: Usually it's only allowed to use one key per one connection, so you
probably shouldn't be using the same keys on different devices at the same
time. Get a new set of keys for each device you plan to use on VPN network
Download your OpenVPN configuration and key files copy them to a safe
In the following chapters some examples are given for setting up OpenVPN
238
VPN ON UBUNTU
If you use Ubuntu as your operating system, you can connect to a VPN by
L2TP interface is not available in Ubuntu. (It can be done manually, but it
The following example will explain how to connect with a PPTP-server and
an OpenVPN-server.
This document is divided in three parts. The first part covers the general
tunnels. The second and third part describe the configuration for PPTP and
OpenVPN parts.
Under all situations we assume you already have a VPN account as described
the same utility you use to set up your Wireless (or wired) network and is
normally in the upper right corner of your screen (next to the clock). This
tools is also capable of managing your VPNs, but before it can do so, it's
To install the plugins for Network Manager we will use the Ubuntu Software
Center.
1. Open the Ubuntu Software Center by typing software in the Unity search
bar
239
Using VPN
2. The Ubuntu Software Center enables you to search, install and remove
software on your computer. Click on the search box at the top right of the
window.
gnome" (which is the extension for PPTP). It's necessary to type the full
names because the packages are classified as "technical" and don't pop-up
earlier.
These packages include all the files you need to establish a VPN connection
successfully. You can decide to install both extensions or only the one you
need.
240
VPN on Ubuntu
4. Ubuntu may ask you for additional permissions to install the program. If
that is the case, type in your password and click Authenticate. Once the
NetworkManager (the icon at the left of your system clock) and select VPN
241
Using VPN
7. If you see a pop-up asking for the type of VPN and the tunnel technology
(OpenVPN or PPTP) option is available, this means that you have installed
the VPN extension in Ubuntu correctly. If you have your VPN login
information ready, you can continue right away, else you first have to get a
VPN account from a VPN-provider. If this is the case, click cancel to close
242
VPN on Ubuntu
If you want to set up OpenVPN, you skip this section and jump to "3. Set up
OpenVPN on Ubuntu"
Let's assume have your credentials from your VPN provider for PPTP ready.
1. Before getting started, please be sure you have read the paragraph "testing
before and after account set up". In this way you will be able to validate if
2. If you have installed all software in the previous chapter, we are now ready
to go. Setting up PPTP is very simple in Ubuntu: first we open the VPN
system clock (were you also set your WiFi setting), just click on it and the
following menu pops up. Choose Configure VPN (under VPN Connections).
243
Using VPN
3. A new window will pop-up, showing your VPN connection. This list is
empty if you have not configured a VPN before. Simple choose: Add
4. The next window will show you the available options. In This case make
244
VPN on Ubuntu
5. In the next pop-up fill out the required information. The connectname is just
the name to identify this connection with. The gateway is the server address
enabled, the VPN will be always online (if available). This setting is
Also it's needed to enable encryption. This can be done with the advanced
245
Using VPN
(MPPE)". The utility will give you a warning that some authentication
methods are not possible with MPPE. This is the expected behaviour. You
can confirm the settings with "OK" to return to the previous window. Please
246
VPN on Ubuntu
7. Now you will return to the overview. If everything went fine, you will have
a new connection now. Here it's called "VPN to Greenhost". You can close
8. Now, let's activate the VPN. Hit the Network Utility Tool again, browse to
247
Using VPN
9. If everything went fine, look at the small change in the notification icon:
this should now give you a "lock" icon next to the WiFi signal.
Let's assume you received your configuration files and credentials from your
The file: ca.crt (this file is specific for every OpenVPN provider)
The file: user.crt (this file is your personal certificate, used for encryption of
data)
The file: user.key (this file contains your private key. It should be protected
in a good manner. Loosing this file will make your connection insecure)
248
VPN on Ubuntu
In most cases your provider will send these files to you in a zip file.
1. Before getting started, please be sure you've read the paragraph "testing
before and after account set up", this way you will be able to validate if
2. Unzip the file you have downloaded to a folder on your hard drive (e.g.:
NetworkManager.
249
Using VPN
5. Locate the file air.ovpn that you have just unzipped. Click Open.
250
VPN on Ubuntu
appear on the list of connections under the VPN tab. You can now close
NetworkManager.
251
Using VPN
the OpenVPN client, you can use your new VPN connection to circumvent
Connections.
252
VPN on Ubuntu
that you are now using a secure connection. Move your cursor over the icon
4. To disconnect from your VPN, select VPN Connections > Disconnect VPN in
the NetworkManager menu. You are now using your normal (filtered)
connection again.
253
Using VPN
254
VPN ON MACOSX
Setting up a VPN on MacOSX is very easy once you have your account details
ready, Let's assume have your credentials from your VPN provider for
A Pre-Shared-Key or Machine-certificate
1. Before getting started, please be sure you've read the paragraph "testing
before and after account set up", this way you will be able to validate if
2. A VPN is configured in the network settings, that are accessible via "System
255
Using VPN
4. OSX uses this nifty system to lock windows. To add a VPN it is necessary to
unlock the screen: you can do this by clicking on the lock on the left bottom
of the screen.
256
VPN on MacOSX
6. Now we can add a new network. Do this by clicking on the "+" sign
257
Using VPN
7. In the pop-up you need to specify the type of connection. In this case
choose an VPN interface with L2TP over IPSec. This is the most common
8. Next comes the connection data. Please fill in the provided server name and
258
VPN on MacOSX
9. In the new pop-up you can specify connection specific information. This is
the way the user is authenticated and how the machine is authenticated.
certficate. In this case we use the Shared Secret method. When this is done
click OK.
259
Using VPN
10. Now you return back to the network screen. The next step is very
260
VPN on MacOSX
11. In the new pop up you will see an option to route all traffic through the
13. A pop-up appears. You need to confirm your changes, just hit "Apply"
261
Using VPN
14. After a few seconds, on the left side the connection should turn green. If so,
262
VPN ON WINDOWS
Setting up a VPN on Windows is very easy once you have your account
details ready. Let's assume have your credentials from your VPN provider for
A Pre-Shared-Key or Machine-certificate
1. Before getting started, please be sure you've read the paragraph "testing
before and after account set up", this way you will be able to validate if
new VPN connection. We can access this center easily by clicking on the
Sharing Center"
3. The "Network and Sharing Center" will popup. You will see some
263
Using VPN
4. The wizard to setup a connection will popup. Choose the option to "connect
264
VPN on Windows
5. The next screen asks us if we want to use our Internet connection or an old-
skool phone line to connect to the VPN. Just choose the first option then.
6. The next screen asks for the connection details. Enter here the server of
265
Using VPN
please check the box "Don't connect now; just set it up". Using this option
the connection will be automatially saved and it's easier to control extra
7. Next up are your username and password. Just give them like you received
them. So keep them with you, you maybe need them later. If this is done.
Click "create".
266
VPN on Windows
8. Your connection is now available, if you click the the network icon again,
you will see a new option in the network menu, the name of your VPN
267
Using VPN
268
VPN on Windows
10. A VPN connection dialog appears. This give us the opportunity to review
our settings and to connect. You can try to connect, Windows will try to
always work, so if this is not working for you, hit the "properties" button.
269
Using VPN
11. The properties windows appear. The most important page is the "Security"
270
VPN on Windows
12. In the security tab you can specify VPN type, normally L2TP/IPSec or PPTP.
271
Using VPN
13. In the Advanced Settings window, you can specify if you are using a
have received a pre-shared-key, Select this option and fill in this key. Hit ok
afterwards. You will return to the previous window, click ok there also
272
VPN on Windows
14. Back in to connection window try to connect now. Please be sure your
273
Using VPN
274
MAKE SURE IT WORKS
Probably one of the first things that you would like to make sure of right after
your VPN connection has been set upis whether your data is actually passing via
the VPN network. The simplest (and reliable) test is to check what your "external"
IP address is, the address which you are exposing to the Internet. There are
numerous websites online that can report your IP address and its geo-location.
Hoping that you have followed our advice and chose a VPN provider from a foreign
country (rather then the country you are in) you will see that your IP geo-location
reported as a remote location. Nowadays, almost any online search engine will
report your IP address if you search for "my ip". To be absolutely sure that your
traffic is redirected via the VPN simply search for "my ip" before connecting to
Once you know that your external IP has been changed to the IP of your VPN
server you can rest assured your communication is encrypted - VPN connection
275
Using VPN
276
Disk Encryption
Disk Encryption
278
INSTALLING TRUECRYPT
INSTALLING ON UBUNTU
you cannot use the Ubuntu Software Center or apt-get (a command line
method for installing software on Ubuntu) to install it. Instead you must first
From the '(Select a package)' drop down menu you can choose from four
options:
This is a little technical - the console version is the one you choose if you are
either very technical and don't like Graphical User Interfaces or you wish to
run this on a machine that you have only a terminal (command line or 'shell')
Assuming you are running this in your laptop its best to choose the easy
'standard' option - this will give you a nice user interface to use. From these
279
Disk Encryption
two options you need to choose the one most suitable for the architecture of
your machine. Don't know what this means? Well, it basically comes down to
the type of hardware (processor) running on your computer, the options are
32-bit or 64-bit. Unfortunately Ubuntu does not make it easy for you to find
this information if you don't already know it. You need to open a 'terminal'
uname -a
SMP Tue Mar 1 21:30:46 UTC 2011 x86_64 GNU/Linux'. In this instance you
can see the architecture is 64-bit ('x86_64'). In this example I would choose
the 'Standard - 64-bit (x64)' option. If you see 'i686' somewhere in the output
of the uname command then you would choose the other standard option to
download.
Once selected press the 'download' button and save the file to somewhere on
your computer.
So the installation process is still not over. The file you downloaded is a
compressed file (to make downloading it is faster) and you need to first de-
compress the file before you install it. Fortunately Ubuntu makes this easy -
simply browse to the file on your computer and right click on it and choose
'Extract Here'.
280
Installing TrueCrypt
You will see a new file appear next to the compressed file:
Nearly done! Now right click on the new file and choose 'open' :
281
Disk Encryption
282
Installing TrueCrypt
displayed a user agreement. At the bottom press 'I accept and agree to be
bound by the license terms' (sounds serious). You will then be shown another
info screen telling you you can uninstall TrueCrypt. Press 'OK' then you will
be asked for your password to install software on your computer. Enter your
password and then you will finally see a screen like this:
Believe it or now your are done...TrueCrypt is installed and you can access it
INSTALLING ON OSX
283
Disk Encryption
INSTALLING ON OSX
2. Download this to your computer find the .dmg file and open it to acces the
installation package.
3. Open the installation package, and click away through the dialogues.
284
Installing TrueCrypt
installation and deselect FUSE, but why would you? You need it!)
6. After the installation finishes you can find the program in your
Applications folder
285
Disk Encryption
INSTALLING ON W INDOWS
Download this to your computer and then double click on the file. You will
286
Installing TrueCrypt
Click on 'I accept and agree to be bound by the license terms' and then click
'Accept'.
Leave the above screen with the defaults and press 'Next >' and you will be
You can leave this with the defaults. If you want to set up TrueCrypt just for
yourself then consider not selecting the 'Install for all users'. However if you
are installing this on your own machine and no one else uses the computer
then this is not necessary. You may also wish to consider installing TrueCrypt
in a folder other than the default. In which case click 'Browse' and choose
another location. When you are done click 'Install' and the process will
proceed:
When the installation is complete you will get a verification popup that it was
successful. Close this window and click 'Finish' and all is done. Now proceed
287
Disk Encryption
288
USING TRUECRYPT
The following are step-by-step instructions on how to create, mount, and use
a TrueCrypt volume.
Step 1:
Step 2:
289
Disk Encryption
Step 3:
You should see the TrueCrypt Volume Creation Wizard window appear on
screen.
Where do you
want to create the TrueCrypt volume? You need to choose now. This can be
290
Using TrueCrypt
steps will take you through the first option creating a TrueCrypt volume
within a file.
Step 4:
volume. We will walk you through the former option and create a standard
TrueCrypt volume.
Step 5:
Now you have to specify where to have the TrueCrypt volume (file
container) created. Note that a TrueCrypt container behaves like any normal
291
Disk Encryption
The standard file selector will now appear on screen (the TrueCrypt Volume
Creation Wizard remains open in the background). You need to browse to the
folder that the file should be created in and then type into the 'name' field the
292
Using TrueCrypt
We will create our TrueCrypt volume in the folder 'adam/true' and the
course, choose any other filename and location you like (for example, on a
USB stick). Note that the file 'myencryptedfile' does not exist yet - TrueCrypt
will create it. Press 'Save' when you are ready. The file selector window
should close.
IMPORTANT: Note that TrueCrypt will not encrypt any existing files. If an
existing file is selected in this step, it will be overwritten and replaced by the
newly created volume (the contents of the existing file will be lost). You will
Step 6:
Step 7:
Here you can choose an encryption algorithm and a hash algorithm for the
volume.
293
Disk Encryption
The TrueCrypt manual suggests that if you are not sure what to select here,
you can use the default settings and click Next (for more information about
Step 8:
Now choose the size of your container. You should be fine with 1 megabyte
but for this example we will enter '20' into the available field.
You may, of course, specify a different size. After you type the desired size in
Step 9:
Choose a strong password, type it in the first input field. Then re-type it in
294
Using TrueCrypt
Step 10:
Now you must choose the format of your partition (this step may not be
available for you under windows or OSX). If using Ubuntu you can choose a
Linux file type or FAT (Windows) for simplicity leave it at the default.
295
Disk Encryption
Step 11:
the Volume Creation Wizard window. Move the mouse as much as possible
TrueCrypt will now create a file in the folder you selected with the name you
TrueCrypt volume. This may take some time depending on the size of the
296
Using TrueCrypt
Step 11:
container).
Step 1:
Step 2:
Make sure one of the 'Slots' is chosen (it doesn't matter which - you can leave
297
Disk Encryption
Step 3:
In the file selector, browse to the container file (which we created earlier) and
select it.
298
Using TrueCrypt
Step 4:
299
Disk Encryption
Step 5:
Step 6:
TrueCrypt will now attempt to mount the volume. If the password is correct,
300
Using TrueCrypt
TrueCrypt will notify you and you will need to repeat the previous step (type
Step 7:
container will appear on your Desktop or you will see it in your file browser.
The disk that you have just created is completely encrypted and behaves like
a real disk. Saving (moving, copying, etc) files to this disk will allow you to
will automatically be decrypted to RAM while it is being read, and you won't
need to enter your password each time. You'll only need to enter this when
REMEMBER TO DISMOUNT!
To do this right click on the drive and select unmount. This will
automatically happen when you turn off your computer but will not happen
302
SETTING UP A HIDDEN VOLUME
TrueCrypt always fills the empty space of an encrypted volume with random
To create and use a hidden volume you need two passwords - one each for
the outer and inner (hidden) volumes. When you mount (open) the volume
you can use either password and that will determine which of the two is
opened. If you want to open just the hidden volume you use one password,
and if you want to access just the non-hidden encrypted volume you use the
other password.
To create a hidden volume open TrueCrypt and press the 'Create Volume'
button:
303
Disk Encryption
The options for half of this process are almost the same as for setting up a
standard TrueCrypt volume and then the process continues for setting up the
hidden volume but lets go through the entire process step by step anyway. In
the screen shown below you just want to stay with the default setting 'Create
In the above screen you want to be sure that you choose the second option
'Hidden TrueCrypt Volume'. Select this and click on 'Next >' you will then be
asked to choose the location and name of the TrueCrypt outer volume.
304
Setting up a hidden volume
Click 'Select File...' and browse to a location for a new TrueCrypt volume. We
will use the name 'myencryptedfile' in this example. Its the same name as we
used in the last example so be aware that if you have just followed those
instructions you must now create a new volume with a new name.
Browse to the directory where you want to put the outer volume and enter
305
Disk Encryption
the name of the volume in the field named 'Name' as in the example above.
When you are satisfied all is well click on 'Save'. The file browser will close
and you return to the Wizard. Click 'Next >'. Here you are presented with
some very technical choices. Don't worry about them. Leave them at the
defaults and click 'Next >'. The next screen asks you to determine the size of
the outer volume. Note that when you do this the maximum inner 'hidden'
be smaller that the size you are setting on this screen. If you are not sure
what the ratio of outer volume size to inner (hidden) volume size is then go
through the process now as a 'dummy' run - you can always trash the
So choose the size of the outer volume, I will choose 20MB as shown below:
You cannot set the outer volume size to be larger than the amount of free
space you have available on your disk. TrueCrypt tells you the maximum
possible size in bold letters so create a volume size saller than that. Then click
'Next >' and you will be taken to a screen asking you to set a password for the
306
Setting up a hidden volume
Enter a password that is strong (see the chapter on creating good passwords)
and press 'Next >'. Next TrueCrypt wants you to help it create the random
data it will fill the volume up with. So wave your mouse around, browse the
web, and do whatever you want for as long as you can. When you feel
TrueCrypt should be happy then press 'Format'. You will see a progress bar
zip by and then you will be presented with the next screen:
You can open the outer volume if you like but for this chapter we will skip
that and go ahead to create the hidden volume. Press 'Next >' and TrueCrypt
will work out how the maximum possible size of the hidden volume.
When you see the above screen just press 'Next >'. Now you must choose the
encryption type for the hidden volume. Leave it at the defaults and press
'Next >'.
Now you will be asked to choose the size of the hidden volume.
307
Disk Encryption
I have set (as you see above) the maximum size as 10MB. When you have set
your maximum size press 'Next >' and you will be promoted to create a
When creating the password for the hidden volume make sure you make it
substantially different fro the password for the outer volume. If someone
really does access your drive and finds out the password for the outer volume
they might try variations on this password to see if there is also a hidden
Enter your password in the two fields and press 'Next >'.
Leave this window at the defaults and press 'Next >' and you will be presented
with the same screen you have seen before to generate random data for
TrueCrypt. When you are happy click 'Format' and you should see the
following :
The TrueCrypt manual it is referring to is not this manual. They mean this
manual : http://www.truecrypt.org/docs/
308
Setting up a hidden volume
Click 'OK' and keep and exit TrueCrypt. You can now mount the volume as
309
Disk Encryption
310
SECURELY DESTROYING DATA
Just hit the delete button and you are done! No it's not that easy. To
follows:
Assume you have a small notebook with 10 pages and you want to write
some data in this notebook. You just start writing on the first page up to the
end of the notebook. Maybe you decide the information on page 5 must be
destroyed. Probably you will just take out the page and burn it.
not ten but thousands or maybe even millions of pages. Also it's impossible to
take out a "page" of a harddisk and destroy it. To explain how a harddisk
work, we will continue with our 10-page notebook example. But now we will
work a little bit different with it. We will work in a way similar to how a
harddisk works.
This time we use the first page of our notebook as an index. Assume we write
a piece about "WikiLeaks", then on the first page we write a line "piece about
WikiLeaks: see page 2". The actual piece is then written on page 2.
For the next document, a piece about "Goldman Sachs" we add a line on page
1, "Goldman Sachs: see page 3". We can continue this way till our notebook is
full. Let's assume the first page will look like this:
311
Disk Encryption
Now, let's decide you want to wipe the "Goldman Sachs" piece, what a
harddisk will do, it will only remove the entry on the first page, but not the
What we did, we removed only the reference to the article, but if we open
page 3, we will still able to read the Goldman Sachs piece. This is exactly the
way what a harddisk does when your "delete" a file. With specialized software
Well you will be surprised by the similarity between this example and the real
world. You know when you removed the article on page 3 with an eraser, it is
still possible to read the article slightly. The pencil leaves a track on the paper
because of the pressure of the pencil on the paper and also you will be unable
to erase all of the graphite. Small traces are left behind on the paper. If you
really need this article, you can reconstruct (parts) of it, even if it's erased.
With a harddisk this is very similar. Even if you erased every piece of data, it
the data. If the data is very confidential and must be erased with the greatest
care, you can use software to "overwrite" all pieces of data with random data.
When this is done multiple times, this will make the data untraceable.
The instructions below explain how to use file deletion tools to securely
delete files from your hard drives. These tools rely on the Operating System
you are using being able to directly address every byte on the hard drive in
order to tell the drive "set byte number X to 0". Unfortunately, due to a
TRIM, it is not always possible to ensure with 100% certainty that every part
For Windows there is a good open source tool called "File Shredder". This tool
install it by hitting the next button. After installation this application will
automatically start. You can then start using it for shredding files. However
the best part of the program is that you can use it from within windows itself
1. Click right on the file you want to shred, and choose File Shredder -> Secure
delete files
313
Disk Encryption
3. After confirming, there your file goes. Depending on the size of the file this
There are basically to build-in steps to make to securely delete your data on
Mac OSX.
1. Erase the free-space on your hard-drive containing all the data of items
2. Make sure that every file from then on is always securely deleted.
Applications folder.
315
Disk Encryption
3. Three options will appear, from top to bottom more secure, but also they
take much more time to complete. Read the descriptions on each one of them
to get an idea from what will happen if you use them and then choose which
one might suite your needs the best and click 'Erase free Space'.
If time is no issue, then use the most secure method and enjoy your free time
to get a good coffee while you Mac crunches away on this task. If the crooks
are already knocking on your front-door you might want to use the fastest
way.
Now that your previously deleted data is once and for ever securely erased
you should make sure that you don't create any new data that might be
316
Securely destroying data
2. Go to the advanced tab and tick 'Empty trash securely'. This will make sure
that every time you empty your trash all the items in it will be securely
Note 1: Deleting your files securely will take longer then just deleting them. If
you have to erase big portions of unimportant data (say your movie and mp3
collection) you may wanna untick this option before doing so.
available though.
shred
wipe
Shred is installed in Ubuntu by default and can delete single files. Wipe is not
installed by default but can easily be installed with using Ubuntu Software
Center or if you understand the command line you can install it with apt-get
install wipe. Wipe is a little more secure and has nicer options.
menu option
add the securely wipe option, it's required to install these two
If the two programs are installed follow the following steps. If they
are not installed use the Ubuntu Software Center to install them or
Preferences menu
318
Securely destroying data
4. Next is describing the new action. You can give the action every name
you wish. Fill out this title in the "Context label" field. In this
319
Disk Encryption
320
Securely destroying data
With this option you can wipe both files and folders securely. If done,
click the save button (second item on the icon bottom toolbar) or use
after this, you have to re-login into your system, so ether reboot or
logout/login.
8. Now browse to the file you want to securely delete and right click:
321
Disk Encryption
Choose 'Delete File Securely'. The file will then be wiped 'quietly' - you do not
get any feedback or notice that the process has started or stopped. However
the process is underway. It takes some time to securely delete data and the
bigger the file the longer it takes. When it is complete the icon for the file to
be wiped will disappear. If you would like to add some feedback you can
-rf %M | zenity --info --text "your wipe is underway please be patient. The
322
Securely destroying data
The above line will tell you the process is underway but you will not know
323
Disk Encryption
324
Call Encryption
Call Encryption
326
INSTALLING CSIPSIMPLE
encrypted calls. Naturally the calling software isn't enough on its own and we
If you already know about OSTN and have an account, you can skip this
section.
Voice over IP (VoIP) setup using the Session Initiation Protocol (SIP) that
choose their service provider while still being able to call each other even if
they are not using the same provider. Yet, not all SIP providers offer OSTN
and both providers have to support OSTN for the call to be secure. Once a
directly between the two parties. Data is encrypted according to the Secure
Transport Layer Security (TLS) to exchange secret master keys for SRTP.
This method is not end-to-end secure as the SRTP keys are visible in plaintext
encryption between two parties. ZRTP end points use the media stream
rather than the signaling stream to establish the SRTP encryption keys. Since
the media stream is a direct connection between the calling parties, there is
no way for the SIP providers or proxies to intercept the SRTP keys. ZRTP
327
Call Encryption
reading and comparing a word pair, users can be certain that the key
can sign up and create an account. You can also check the OSTN page listed
CSIPSIMPLE
CSipSimple is a free and open source client for Android that works well with
id=com.csipsimple
To use CSipSimple with ostel.me, select OSTN in the generic wizards when
Once you call another party with CSipSimple you see a yellow bar with ZRTP
and the verification word pair. You now have established a secure voice
connection that cannot be interscepted. Still, you should be aware that your
phone or the phone of the other party could be set up to record the
conversation.
Basic steps:
2. Start it up and choose if you want to make SIP calls via data connection or
only WiFi
To use CSipSimple with ostel.me, select OSTN in the Generic Wizards section
when creating an account. You can toggle off the "United States" providers by
328
Installing CSipSimple
Now you canenter your username (number), password and server (ostel.me)
329
Call Encryption
Now you can make a call. The first time you connect to someone withZRTP
you have to verify that the key exchange was successfull. In the example
below the confirmation word is "cieh", you can already talk to the other party
and make sure you both see the same word. Once done, press ok.
330
Installing CSipSimple
intercepted. Beware that your or the phone of the other party could be
331
Call Encryption
332
Instant Messaging
Encryption
Instant Messaging Encryption
334
SETTING UP ENCRYPTED INSTANT
MESSAGING
https://guardianproject.info/apps/gibber/
with Google, Facebook, any Jabber or XMPP server. Gibberbot uses the Off-
encrypted communications.
You can install Gibberbot through the Google Play store or from another
trusted source.
You can securely chat with other programs with OTR support such as
http://chrisballinger.info/apps/chatsecure/
with Google, Facebook, any Jabber or XMPP server. ChatSecure uses the Off-
encrypted communications.
You can securely chat with other programs with OTR support such as
http://pidgin.in/
335
Instant Messaging Encryption
communications.
You can install viaUbuntu Software Center, search for pidgin-otr to install
Once installed you can enable otr for any account you setup in pidgin.
You can securely chat with other programs with OTR support such as
OS X - INSTALLING A DIUM
http://www.adium.im/
communications.
downloaded file
5. The Adium disk image will still be present in your download folder
(probably on your desktop). You can drag this file to the trash, as it is no
longer needed.
You can securely chat with other programs with OTR support such as
http://pidgin.in/
336
Setting up Encrypted Instant Messaging
communications.
To use Pidgin with OTR on Windows, you have to install Pidgin and the OTR
fromhttp://www.pidgin.im/download/windows/
Pidgin"fromhttp://www.cypherpunks.ca/otr/#downloads
Now you can use OTR with any account you setup in Pidgin.
You can securely chat with other programs with OTR support such as
337
Instant Messaging Encryption
338
Secure File Sharing
Secure File Sharing
340
INSTALLING I2P ON UBUNTU
key that the repository has been signed with. The GPG key ensures that
the packages have not been tampered with since being built.
that is enabled on your system, including the I2P PPA that was added with
i2p domains you have to configure your browser to use the i2p proxy. Also
check your connection status on the left side on the router console. If your
time you start I2P it may take a few minutes to integrate you into the
patient.
From the Tools menu, select Options to bring up the Firefox settings panel.
the following:
341
Secure File Sharing
configuration, then enter 127.0.0.1, port 4444 in the HTTP Proxy field. Enter
127.0.0.1, port 4445 in the SSL Proxy field. Be sure to enter localhost and
342
Installing I2P on Ubuntu
For more information and proxy settings for other browsers check
http://www.i2p2.de/htproxyports.htm
343
Secure File Sharing
344
Appendices
Appendices
346
THE NECESSITY OF OPEN SOURCE
The last 20 years have seen network technology reaching ever more deeply
into our lives, informing how we understand and communicate within the
world. With this come inherent risks: the less we understand about the
control. This flagrant and often covert denial of human rights breaches the
Closed source software has been a great boon to such exploitation primarily
due to the barrier the lack of code for open, decentralised security auditing by
the community raises. Under the auspices of hiding trade secrets, closed-
how their programs work. This might not always be an issue were it not for
the stakes at risk: identity theft, the distribution of deeply personal opinion
and sentiment, a persons diverse interests and even his/her home increasingly
such, many people use software for intimate purposes with full trust that
they are secure. The Windows operating system is the most obvious real-
world example. Apple's OS X follows close behind, with large portions of the
Auguste Kerckhoff (hence named after him) which demands that "[the
fall into the hands of the enemy without inconvenience". While this principle
has been taken further by most scientific and (of course) open source
potential weaknesses can be pointed out and fixed before distribution most
weaknesses of their software. As such they are often known to address newly
347
Appendices
Of course it must be said that Open Source Software is as secure as you make
it (and there is a lot of OSS written by beginners), there are many good
large (and concerned) user base, that even tiny mistakes are quickly found
and dealt with. This is especially the case with software depended upon in a
concerned researchers and specialists that have your privacy and safety in
mind.
348
CRYPTOGRAPHY AND ENCRYPTION
Cryptography and encryption are similar terms, the former being the science
and latter the implementation of it. The history of the subject can be traced
themselves into groups. This was driven in part by the realisation that we
could read. The word cryptography stems from the Greek words kryptos
in their simplest form refer to the writing of hidden messages, which require
a system or rule to decode and read them. Essentially this enables you to
(a key).
(ciphers). The goal is to use the right key to unlock the ciphertext and return
it back into its original plain text form so it becomes readable again.
Although most encryption methods refer to written word, during World War
Two, the US military used Navajo Indians, who traveled between camps
sending messages in their native tongue. The reason the army used the
Navajo tribe was to protect the information they were sending from the
Japanese troops, who famously could not decipher the Navajo's spoken
that you do not want people to listen into or know what you're discussing.
W HY IS ENCRYPTION IMPORTANT?
349
Appendices
W HY IS ENCRYPTION IMPORTANT?
what was (and still is) considered private information in exchange for what is
presented as more personalised and tailored services, which might meet our
But how do we protect who sees, controls and uses this information?
Lets consider a scenario whereby we all thought it was fine to send all our
your doctor, to intimate moments with our lovers, to legal discussions you
letters in sealed envelopes, tracking methods for sending post, closed offices
private. However given the shift in how we communicate, much more of this
through online spaces, which are not private by default and open to people
with little technical skills to snoop into the matters that can mean the most to
our lives.
and practice daily. In the same way we would put an important letter into an
ENCRYPTION EXAMPLES
A W ARNING!
350
Cryptography and Encryption
A W ARNING!
"There are two kinds of cryptography in this world: cryptography that will stop
your kid sister from reading your files, and cryptography that will stop major
1996
modern computers. They can be fun to learn, but please don't use them for
anything sensitive!
HISTORICAL CIPHERS
Classical ciphers refer to historical ciphers, which are now out of popular use
In a transposition cipher, the letters themselves are kept unchanged, but the
ancient Rome and Greece. A paperstrip was wrapped around a stick and the
message written across it. That way the message could not be read unless
351
Appendices
letters are systematically replaced throughout the message for other letters
they use more than one alphabet and rotate them. For example, TheAlberti
cipher, which was the first polyalphabetic cipher was created by Leon Battista
number (e.g. 1-26). The message is then encrypted by writing down the
and key are summed up (with numbers exceeding the alphabet being dragged
352
Cryptography and Encryption
During World War 2 there was a surge in crypography, which lead to the
development of new algorithms such as the one-time pad (OTP). The OTP
plaintext so that each character is only used once. To use it you need two
copies of the pad, which are kept by each user and exchanged via a secure
channel.Once the message is encoded with the pad, the pad is destroyed and
the encoded message is sent. On the recipient's side, the encoded message has
a duplicate copy of the pad from which the plaintext message is generated.A
good way to look at OTP is to think of it as a 100% noise source, which is used
to mask the message. Since both parties of the communication have copies of
the noise source they are the only people who can filter it out.
OTP lies behind modern day stream ciphers, which are explained below.
353
Appendices
MODERN CIPHERS
Post the World Wars the field of cryptography became less of a public service
and fell more within the domain of governance. Major advances in the field
developed at IBM in 1977 and later adopted by the U.S government). Since
2001 we now use the AES, Advanced Encryption Standard), which is based
the same key is used to both encrypt and decrypt the text or information
involved. In this class of ciphersthe key is shared and kept secret within a
open gate, which is shared by the community. You cannot open the gate,
unless you have the key. Obviously the issue here with the garden key and
with symmetric cryptography is if thekey falls into the wrong hands, then an
intruder or attacker can get in and the security of the garden, or the data or
Despite this limitation symmetric key methods are considerably faster than
asymmetric methods and so are the preferred mechanism for encrypting large
chunks of text.
ciphers.
354
Cryptography and Encryption
a time and spreading the input and key within those blocks. Different modes
of operation are performed on the data in order to transform and spread the
data between blocks. Such ciphers use asecret key to convert a fixed block of
plain text into cipher text. The same key is then used to decrypt the cipher
text.
then produces the ciphertext. Although this method is very secure,it is not
always practical, since the key of the same length as the message needs to be
transmitted in some secure way so that receiver can decypher the message.
Another limitation is that the key can only be used once and then its
discarded. Although this can mean almost watertight security, it does limit
data. They also work on fixed data sizes,typically 1024-2048 bits andand 384
bits. What makes them special is that they help solve some of the issues with
key distribution by allocatingone public and one private pair per person, so
ciphers are also used for digital signatures. Where as symmetric ciphers are
repudiation signatures (i.e., signatures that you cannot later deny that you
cryptography. They are similar to wax seals in that they verify who the
message is from and like seals are unique to that person. Digital signatures are
one of the methods used within public key systems, which have transformed
the field of cryptography are central to modern day Internet security and
online transactions.
QUANTUM C RYPTOGRAPHY
355
Appendices
QUANTUM C RYPTOGRAPHY
that is now necessary to deal with the speed at which we now process
information and the related security measures that are necessary. Essentially
and its associated distribution. As the machines we use become faster the
becomes easier to break and quantum cryptography deals with the types of
algorithms that are necessary to keep pace with more advanced networks.
The main goal and skill of encryption is to apply the right methods to support
strengths and weaknesses of different cipher methods and how they relate to
the level of security and privacy required.Getting this right depends on the
the challenge was to address how 'Bob' could speak to 'Alice' in a private and
secure manner.
Our lives are now heavily mediated via computers and the Internet.So the
boundaries between Bob, Alice + the 'other' (Eve, Oscar, Big Brother, your
boss, ex-boyfriend or the government) are a lot more blurred. Given the
quantum leaps in computer processing, in order for 'us', Bob's and Alice's to
have trust in the system, we need to know who we are talking too, we need
to know who is listening and importantly who has the potential to eavesdrop.
356
Cryptography and Encryption
control and secure, so that you can enage and communicate in a trustful
357
Appendices
358
GLOSSARY
AGGREGATOR
ANONYMITY
Anonymity on the Internet is the ability to use services without leaving clues
to one's identity or being spied upon. The level of protection depends on the
each link has access to only partial information about the process. The first
knows the user's Internet address (IP) but not the content, destination, or
information are encrypted. The last knows the identity of the site being
contacted, but not the source of the session. One or more steps in between
prevents the first and last links from sharing their partial knowledge in order
ANONYMOUS REMAILER
instructions for delivery, and sends them out without revealing their sources.
Since the remailer has access to the user's address, the content of the
message, and the destination of the message, remailers should be used as part
information.
BACKBONE
BADWARE
See malware.
BANDWIDTH
B ITT ORRENT
BLACKLIST
360
Glossary
BLACKLIST
blacklists; censorware may allow access to all sites except for those
a list of permitted things. A whitelist system blocks access to all sites except
for those specifically listed on the whitelist. This is a less common approach
list.
BLUEBAR
The blue URL bar (called the Bluebar in Psiphon lingo) is the form at the top
of your Psiphon node browser window, which allows you to access blocked
BLOCK
methods.
BOOKMARK
choosing the bookmark you can quickly load the Web site without needing to
BRIDGE
password until you find the right one. These are some of the most trivial
hacking attacks.
CACHE
used or frequently used data to speed up repeated access to it. A Web cache
CENSOR
CENSORWARE
installed on the client machine (the PC which is used to access the Internet).
Sometimes the term censorware is also used to refer to software used for the
CGI is a common standard used to let programs on a Web server run as Web
applications. Many Web-based proxies use CGI and thus are also called "CGI
proxies". (One popular CGI proxy application written by James Marshall using
CHAT
362
Glossary
CHAT
Microsoft, Google, and others) and publicly defined protocols. Some chat
client software uses only one of these protocols, while others use a range of
popular protocols.
CIPHER
encryption or decryption
CIRCUMVENTION
censorship.
See CGI.
COOKIE
A cookie is a text string sent by a Web server to the user's browser to store on
sessions across multiple Web pages, or across multiple sessions. Some Web
sites cannot be used without accepting and storing a cookie. Some people
Each country has a two-letter country code, and a TLD (top-level domain)
based on it, such as .ca for Canada; this domain is called a country code top-
level domain. Each such ccTLD has a DNS server that lists all second-level
domains within the TLD. The Internet root servers point to all TLDs, and
CRYPTOGRAPHY
electronic commerce.
DARPA is the successor to ARPA, which funded the Internet and its
DECRYPTION
DISK ENCRYPTION
encrypt every bit of data that goes on a disk or disk volume. Disk encryption
364
Glossary
DOMAIN
Internet.
secondary domain.
The Domain Name System (DNS) converts domain names, made up of easy-
DNS LEAK
A DNS leak occurs when a computer configured to use a proxy for its
Internet connection nonetheless makes DNS queries without using the proxy,
thus exposing the user's attempts to connect with blocked sites. Some Web
DNS SERVER
A DNS server, or name server, is a server that provides the look-up function
DNS TUNNEL
Because you "abuse" the DNS system for an unintended purpose, it only
allows a very slow connection of about 3 kb/s which is even less than the
speed of an analog modem. That is not enough for YouTube or file sharing,
but should be sufficient for instant messengers like ICQ or MSN Messenger
365
Appendices
On the connection you want to use a DNS tunnel, you only need port 53 to
The main problem is that there are no public modified nameservers that you
can use. You have to set up your own. You need a server with a permanent
connection to the Internet running Linux. There you can install the free
software OzymanDNS and in combination with SSH and a proxy like Squid
http://www.dnstunnel.de.
EAVESDROPPING
E - MAIL
E-mail, short for electronic mail, is a method to send and receive messages
over the Internet. It is possible to use a Web mail service or to send e-mails
with the SMTP protocol and receive them with the POP3 protocol by using
government.
EMBEDDED SCRIPT
ENCRYPTION
the secret key to decrypt it. It is possible to encrypt data on your local hard
366
Glossary
EXIT NODE
An exit node is a Tor node that forwards data outside the Tor network.
FILE SHARING
File sharing refers to any computer system where multiple people can use the
same information, but often refers to making music, films or other materials
A file spreading engine is a Web site a publisher can use to get around
censorship. A user only has to upload a file to publish once and the file
spreading engine uploads that file to some set of sharehosting services (like
Rapidshare or Megaupload).
FILTER
permit communications.
FIREFOX
Firefox is the most popular free and open source Web browser, developed by
FORUM
On a Web site, a forum is a place for discussion, where users can post
contrast, typically display messages one per page, with navigation pages
FRAME
367
Appendices
FRAME
A frame is a portion of a Web page with its own separate URL. For example,
frames are frequently used to place a static menu next to a scrolling text
window.
The FTP protocol is used for file transfers. Many people use it mostly for
downloads; it can also be used to upload Web pages and scripts to some Web
servers. It normally uses ports 20 and 21, which are sometimes blocked. Some
blocking.
A popular free and open source FTP client for Windows and Mac OS is
FileZilla. There are also some Web-based FTP clients that you can use with a
GATEWAY
go through it.
GPG
HONEYPOT
368
Glossary
HONEYPOT
users to use it, and to capture information about them or their activities.
HOP
or any computer along the route. The number of hops between computers
them. Each individual hop is also an entity that has the ability to eavesdrop
methods for requesting and serving Web pages, querying and generating
HTTP messages. Messages between client and server are encrypted in both
every packet, so HTTPS cannot hide the fact of the communication, just the
top-level domains and licensing domain registrars for ccTLDs and for the
generic TLDs, running the root name servers of the Internet, and other
duties.
N UMBERS)
manage the highest levels of the Internet. Its technical work is performed by
IANA.
INTERMEDIARY
INTERNET
four bytes (32 bits), often represented as four integers in the range 0-255
switching to, an IP address is four times longer, and consists of 16 bytes (128
2001:0db8:85a3:0000:0000:8a2e:0370:7334.
IRC is a more than 20-year-old Internet protocol used for real-time text
JAVASCRIPT
interactive functions.
KEYCHAIN SOFTWARE
KEYWORD FILTER
A keyword filter scans all Internet traffic going through a server for
LATENCY
transmission to the start of packet reception, between one network end (e.g.
you) to the other end (e.g. the Web server). One very powerful way of Web
LOG FILE
For example, Web servers or proxies may keep log files containing records
about which IP addresses used these services when and what pages were
accessed.
such as advertising and images from a Web page and otherwise compresses it,
MALWARE
Malware is a general term for malicious software, including viruses, that may
MIDDLEMAN NODE
middleman node will not show up in third parties' log files. (A middleman
MONITOR
traffic going out from the router then uses the router's IP address, and the
general public, such as a Web site or public proxy. On a network where NAT
NETWORK OPERATOR
NODE
NON-EXIT NODE
OBFUSCATION
matches. Web proxies often use obfuscation to hide certain names and
addresses from simple text filters that might be fooled by the obfuscation. As
another example, any domain name can optionally contain a final dot, as in
OPEN NODE
373
Appendices
OPEN NODE
An open node is a specific Psiphon node which can be used without logging
conversations.
PACKET
communicated from one point to another. Messages are broken into pieces
that will fit in a packet for transmission, and reassembled at the other end of
the link.
PASSWORD MANAGER
PIN codes. The software typically has a local database or a file that holds the
encrypted password data for secure logon onto computers, networks, web
password manager.
PASTEBIN
A web service where any kind of text can be dumped and read without
sharing programs like BitTorrent, eMule and Gnutella. But also the very old
to-peer systems.
cryptography, perfect forward secrecy (or PFS) is the property that ensures
that a session key derived from a set of long-term public and private keys will
the future.
texts, e-mails, files, directories and whole disk partitions to increase the
PGP and similar products follow the OpenPGP standard (RFC 4880) for
PHP
PHP is a scripting language designed to create dynamic Web sites and web
PLAIN TEXT
375
Appendices
PLAIN TEXT
PLAINTEXT
PRIVACY
person has sought or received information that has been blocked or is illegal
PRIVATE KEY
POP3
Post Office Protocol version 3 is used to receive mail from a server, by default
PORT
USB connector.
Software ports also connect computers and other devices over networks
using various protocols, but they exist in software only as numbers. Ports are
somewhat like numbered doors into different rooms, each for a special service
PROTOCOL
376
Glossary
PROTOCOL
PROXY SERVER
connects to the proxy server to request a Web page from a different server.
Then the proxy server accesses the resource by connecting to the specified
server, and returns the information to the requesting site. Proxy servers can
PSIPHON NODE
private.
PRIVATE NODE
means that you have to register before you can use it. Once registered, you
will be able to send invitations to your friends and relatives to use this specific
node.
PUBLIC KEY
separate keys, one of which is secret and one of which is public. Although
different, the two parts of the key pair are mathematically linked. One key
locks or encrypts the plaintext, and the other unlocks or decrypts the
ciphertext. Neither key can perform both functions. One of these keys is
cryptography."
Some IP addresses are private, such as the 192.168.x.x block, and many are
unassigned.
REGULAR EXPRESSION
A regular expression (also called a regexp or RE) is a text pattern that specifies
the UNIX grep utility. A text string "matches" a regular expression if the
each RE syntax, some characters have special meanings, to allow one pattern
to match multiple other strings. For example, the regular expression lo+se
matches lose, loose,and looose.
REMAILER
anonymously. The remailer receives messages via e-mail and forwards them
to their intended recipient after removing information that would identify the
original sender. Some also provide an anonymous return address that can be
used to reply to the original sender without disclosing her identity. Well-
378
Glossary
ROUTER
uses address information in the packet header and cached information on the
A root name server or root server is any of thirteen server clusters run by
IANA to direct traffic to all of the TLDs, as the core of the DNS system.
content from a Web page, and receive updates as soon as they are posted.
SCHEME
HTTP scheme maps URLs that begin with HTTP: to the Hypertext Transfer
Protocol. The protocol determines the interpretation of the rest of the URL, so
SHELL
A UNIX shell is the traditional command line user interface for the
UNIX/Linux operating systems. The most common shells are sh and bash.
SOCKS
operates between the application layer and the transport layer. The standard
port for SOCKS proxies is 1080, but they can also run on different ports.
Many programs support a connection through a SOCKS proxy. If not you can
install a SOCKS client like FreeCap, ProxyCap or SocksCap which can force
programs to run through the Socks proxy using dynamic port forwarding. It
is also possible to use SSH tools such as OpenSSH as a SOCKS proxy server.
SCREENLOGGER
379
Appendices
SCREENLOGGER
on the screen. The main feature of a screenlogger is to capture the screen and
log it into files to view at any time in the future. Screen loggers can be used
SCRIPT
bash. Many Web pages include scripts to manage user interaction with a Web
page, so that the server does not have to send a new page for each change.
SMARTPHONE
SPAM
discussion groups. Most spam advertises products or services that are illegal
server.
The standard SSH port is 22. It can be used to bypass Internet censorship
with port forwarding or it can be used to tunnel other programs like VNC.
380
Glossary
SSL (or Secure Sockets Layer), is one of several cryptographic standards used
to make Internet transactions secure. It is was used as the basis for the
creation of the related Transport Layer Security (TLS). You can easily see if
you are using SSL by looking at the URL in your Browser (like Firefox or
encrypted.
STEGANOGRAPHY
methods of sending hidden messages where not only the content of the
message is hidden but the very fact that something covert is being sent is also
being transmitted, steganography does not attract attention to the fact that
SUBDOMAIN
domain for the Wikipedia, "en.wikipedia.org" is the subdomain for the English
THREAT ANALYSIS
In Internet names, the TLD is the last component of the domain name.
There are several generic TLDs, most notably .com, .org, .edu, .net, .gov, .mil,
.int, and one two-letter country code (ccTLD) for each country in the system,
such as .ca for Canada. The European Union also has the two-letter code .eu.
PROTOCOL)
TCP and IP are the fundamental protocols of the Internet, handling packet
transmission and routing. There are a few alternative protocols that are used
T OR BRIDGE
A bridge is a middleman Tor node that is not listed in the main public Tor
directory, and so is possibly useful in countries where the public relays are
blocked. Unlike the case of exit nodes, IP addresses of bridge nodes never
appear in server log files and never pass through monitoring nodes in a way
TRAFFIC ANALYSIS
TUNNEL
UDP is an alternate protocol used with IP. Most Internet services can be
accessed using either TCP or UDP, but there are some that are defined to use
The URL (Uniform Resource Locator) is the address of a Web site. For
example, the URL for the World News section of the NY Times is
can block a single URL. Sometimes an easy way to bypass the block is to
obscure the URL. It is for example possible to add a dot after the site name, so
If you are lucky with this little trick you can access blocked Web sites.
USENET
Usenet is a more than 20-year-old discussion forum system accessed using the
NNTP protocol. The messages are not stored on one server but on many
often blocked, and any particular server is likely to carry only a subset of
calling over telephone company voice networks. It is not subject to the kinds
endpoints of the communication can look at the data traffic. There are
various standards like IPSec, SSL, TLS or PPTP. The use of a VPN provider is
a very fast, secure and convenient method to bypass Internet censorship with
WHITELIST
everything but the sites on the list), a blacklist (allow everything but the
The World Wide Web is the network of hyperlinked domains and content
pages accessible using the Hypertext Transfer Protocol and its numerous
extensions. The World Wide Web is the most famous part of the Internet.
W EBMAIL
Webmail is e-mail service through a Web site. The service sends and receives
mail messages for users in the usual way, but provides a Web interface for
W EB PROXY
384
Glossary
W EB PROXY
proxy/gateway. Users can access such a Web proxy with their normal Web
browser (like Firefox) and enter any URL in the form located on that Web
site. Then the Web proxy program on the server receives that Web content
and displays it to the user. This way the ISP only sees a connection to the
WHOIS
WHOIS (who is) is the aptly named Internet function that allows one to
performing a simple WHOIS search you can discover when and by whom a
A WHOIS search can also reveal the name or network mapped to a numerical
IP address
385
Appendices
386