“In order to make sure the mobile phone frequencies are not being tracked, I would fill up a washbasin with water and put the lid of a rice cooker over my head while I made a phone call. I don’t know if it worked or not, but I was never caught.” -- North Korean user
A Note of Caution
Please only add resources and tools to this page. Inasmuch as anyone can edit this wiki, some skepticism is warranted —crowd-sourcing has the defects of its virtues! For good, concrete, peer-reviewed advice, we recommend the Electronic Frontier Foundation's tutorials at https://ssd.eff.org/ That said, your privacy is already more configurable than you might think...
Cryptography is Powerful, but not your only line of defense
The theory behind cryptography is solid and proven, but solid crypto will fail if:
- Implemented incorrectly - if the tool claims to have certain crypto implemented, they may be truthful but the implementation may be unsound. Try to use the tools that have a large user base and large communities, as they are generally safer (but not always).
- Misused - encrypted a file but didn't secure-delete the plain-text? Initiated an SSL tunnel but didn't verify the remote certificate? Use top notch crypto software but didn't protect the OS or the physical computer? It is so easy to make mistakes, doing it right requires consistency, vigilance, and a modicum of paranoia. Assume that you do not know anything about a tool, learn everything you can about it, then use it. Carefully. Mistakes may render your state-of-the-art crypto useless against a knowledgeable adversary.
Why is cryptography dangerous? Because it can give you a false sense of security.
Come to a crypto-party and talk to experts, learn from each other, and continue to learn over time. Take responsibility for your communication, privacy, and security. Don't let anyone scare you out of experimenting and implementing crypto, but please be aware it takes time and effort to learn that crypto is necessary, but not sufficent; it is not a panacea.
Learn and Use
Video: Encrypt to Live from Cryptoparty Boston (Andrew) via @torproject
Committee to Protect Journalists Journalists Security Guide - Information Security by Danny O’Brien - hopefully a CryptoParty will clearly explain most of the software and techniques mentioned in this guide.
Your emphasis should be on simplicity. There’s no point in surrounding yourself with computer security that you don’t use, or that fails to address a weaker link elsewhere. Take advantage of what you know well: the people who are most likely to take offense or otherwise target your work, and what they may be seeking to obtain or disrupt. Use that knowledge to determine what you need to protect and how.
Ask yourself: What information should I protect? What data is valuable to me or a potential adversary? It might not be what you think of at first. Many journalists feel that what they are doing is largely transparent, and that they have nothing to hide. But think about the dangers to sources if the information they have provided to you was more widely known. What may seem innocuous personal information to you might be incriminatory to others.
Kerckhoffs's principle A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
This principle should apply to all of the tools and resources mentioned on this page.
Public Key Cryptography
Public Key Cryptography has only become practical with the use of computers. It offers a mathematically secure way of sending encrypted messages or files between computers and their users, without necessarily having to set up a separate Secure Channel e.g. a face to face meeting, to agree upon or exchange the secret key to the cryptographic algorithm they are using to protect the privacy of the message or data from snoopers.
Public Key Cryptography also offers a method of detecting attempts at forgery through the use of Digital Signatures.
Learn and Use
BBC science presenter Dr Yan Wong explains (without mathematics) the principle of how Alice and Bob can use "digital padlocks" to protect their messages from being read by Ed the eavesdropper - Public Key Encryption video clip (3 minutes)
Slides: Introduction to Public Key Cryptography from CryptoParty Oakland (U.S.) via @micahflee
Secure Socket Layer is a multi-cypher protocol used to create an encrypted connection across the internet from your device to a destination server; it is widely used in commercial applications. The precursor to Transport Layer Security (TLS), many systems which actually use TLS anachronistically claim that they are using SSL inasmuch as it far more widely known.
Website links which begin with https:// signify the use of SSL or TLS encrypted sessions
Check how well a public internet webserver is configured for SSL / TLS via the Qualsys SSL Labs Server Test
By default most webserver configurations allow old protocols and weak cryptographic ciphers. See the Server side security tweaks page (now deleted) for how this was improved for this website https://CryptoParty.org running on an Apache webserver.
The Qualsys SSL Labs Server Test score for CryptoParty.org of "A" 85 is now back to being as good as most internet banking websites etc.
For Microsoft IIS 7.x on Windows 2008 or IIS 6.x on Windows 2003, the free Nartac Software IISCrypto tool will allow you to conveniently disable the weak SSL ver 2 protocol and to pick and order the Cipher Suites, to ignore weak 40 bit and 56 bit key lengths and to include the RC4 algorithm to resist the BEAST man-in-the-middle attack, without having to wade through the complexities of various Registry Keys etc.
Adding the HTTP Strict Transport Security header which allows the latest versions of browsers like Google Chrome to always choose the SSL encrypted version of a website, again to resist man-in-the-middle attacks:
- Windows 2008 IIS 7.x
- Windows 2003 IIS 6.x
- Apache Server side security tweaks
The Digital Certificate Fingerprints for https://CryptoParty.org are:
Serial No: 0008 35C2 SHA1: 13:10:16:5D:8E:19:3F:E9:58:A0:A5:D0:38:B1:BB:59:C8:75:B2:2C MD5: EF:07:FB:C6:AF:D9:CC:25:72:43:0A:05:B4:AB:14:65
You can choose to trust the colour changes in your web browser navigation bar or other symbols and the lack of pop up warning messages, that signify a "good" SSL / TLS encrypted session connection to the website. Alternatively, you can check these Cryptographic Hash Fingerprints manually each time you visit this website, e.g. in Firefox on a Windows computer, right mouse click on the web page / View Page Info / Security / View Certificate
If they do not match what you are expecting, do not enter any sensitive data into any web form e.g a login username or password or your credit card details, without checking further.
You can also make use of say, a Firefox web browser addon like Certificate Patrol, which will notify you if the current Digital Certificate has changed since the previous time you visited the website - this may be indicative of a man-in-the-middle hijack attempt or it may be a normal rotation due certificate expiry or load balancing between different computers on high volume websites.
Using SSL by no means guarantees that your connection is "secure". It only indicates that the connection is encrypted between you and the server, and if the certificate system behind it is not manipulated (which has happened in the past) that the remote server is what it claims it is. The use of SSL does not imply that the remote web site is secure (or that your computer is secure). "Using SSL to deliver data between a desktop PC and a typical website is like using an armored car to deliver money from your sock drawer to a paper bag taped under a park bench." -- Alan Batie (whoever that is).
Learn and Use
- Moserware: The First Few Milliseconds of an HTTPS Connection with pics and wiresharks etc
- Video: "SSL and Authentication" from Boston Cryptoparty (John) via @torproject
Install a Free Cert (not self-signed!)
This page guides you through the process of obtaining an HTTPS certificate for your site. This is a real certificate, not a self-signed certificate, and works in all major browsers. The CA which we'll use is StartSSL. They provide basic certificates for free, although will charge for other types, such as wildcard certificates...*Read More
The Advanced Encryption Standard is a popular symmetric cypher. This means that the key used to encrypt the information is the same as the key to decrypt it. AES is a standard form of encryption for governments and large organisations, and has formed the basis for many other derivative cryptosystems (such as PGP, as discussed below).
Symmetric ciphers such as AES are useful because they are fast, reliable and nonspecific. A file encrypted via AES can be shared widely and decrypted by everyone with the same key. This is in stark contrast to public-key encryption methods, where encryption is targeted to the owner of a private key only. A real-world example of this approach is the distribution by Wikileaks of an "insurance" file, which appears to be AES encrypted. The distribution of this file means that Wikileaks have leverage over more powerful enemies, as they can release a small key to unlock a large, and presumably high-impact, file.
Is is normal for public-key (asymmetric) and symmetric cipher methods to be combined to take advantage of the strengths of both. In the popular PGP encryption format, a message or file is encrypted first with a symmetric cipher (usually AES), and the AES encryption key is then encrypted with the recipients' public keys. The encrypted AES key for each recipient is then attached to the message and the entire block can be sent. Because AES is faster at encrypting and decrypting large files or bodies of text, this saves considerable time and bandwidth compared to encrypting entire messages with public keys and distributing a different copy of the message to each recipient. For recipients, only the AES key needs to be decrypted with the private key, saving time, and the rest can be decrypted with AES; a faster cipher.
Ciphers such as AES are often also used for session encryption between clients or servers, using a similar format; first, a session key is sent via asymmetric/public-key methods, and this is thereafter used by both parties (as a "shared secret") to encrypt and decrypt communications. Again, this saves considerable bandwidth and time over public-key encrypting every communication sent.
PGP / GPG
Pretty Good Privacy is a data encryption and decryption computer program. PGP is often used for signing, encrypting and decrypting texts, e-mails, files, directories, and disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.
Its variant GNU Privacy Guard is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. A part of the Free Software Foundation's GNU software project, GnuPG has also received major funding from the German government.
Seemingly in order to remain interoperable with older, possibly proprietary software, GnuPG still allows signatures using insecure hashes like SHA-1. If you don't know what this means, suffice to say it's a bad idea. There are instructions here detailing how to fix this after installing GPG, so that only secure hashes are used; this protects you from others falsifying messages in your name, and is definitely worth doing if you use any software that uses GPG, like Enigmail. The android port of GnuPG, APG (below), does not seem to use outdated message hashes and needs no further tweaking to use securely (provided you trust the channel through which you received APG, like the Android Play Market).
- Multiple Operating Systems - GNU Privacy Guard
- Apple Macintosh - GPG Tools
- Microsoft Windows - GPG4Win
- Android - APG Android Privacy Guard GnuPG
- iOS - oPenGP
- Enigmail plugin for Mozilla Thunderbird email - Enigmail
GNU Privacy Guard, or GnuPG/GPG for short, is an open source, feature rich implementation of the popular and well-trusted OpenPGP standard for public-key encryption. This is the form of encryption most often used for email between individuals, and can be used to sign, verify, encrypt and decrypt anything from email messages to files.
GPG is highly recommended, but the default settings are designed to be backwards compatible with slower-moving proprietary software, and use some insecure settings that should (by now) be phased out entirely. This backwards compatibility is not necessary for Cryptopartiers, who are all hip, awesome people using the latest in open-source cryptography.
Chief among the problems is the default usage of the SHA-1 hash family, which is by now known to be insecure and can lead to signature falsification, allowing an attacker to make it seem as if you have personally signed and attested to the contents of an arbitrary, perhaps malicious, message or program. A good guide for how to migrate an installed copy of GPG to more secure modern settings is here (for linux users). It shouldn't take more than a minute in the Terminal to perform these changes, and it will vastly improve the security of your GPG encrypted messages (this includes messages encrypted with GPG-based crypto suites like Enigmail in Thunderbird).
It is absolutely vital that you cryptographically verify the version of GPG that you install.
- On GNU/Linux systems, the package manager does this for you. You don't need to worry about it.
- On Windows and Mac, you very likely need to download something from a website - see the #Links section. Make sure that the web address you download it from is HTTPS, not HTTP.
Many websites provide cryptographic checksums that the more technically-inclined can use to verify their downloads. However, in many cases this information is provided via HTTP, which is not secure. If you decide to go down this route, make sure that your get your checksums in a secure way as well! For example, use HTTPS instead of HTTP, if possible.
PGP Public Keyservers
PGP Public Keyservers are central directories of published PGP / GPG Public Keys.
They are useful for finding a backup copy of a PGP Public Key, especially if your main website is under DDoS or attack or has been seized by the authorities. They they should not be relied on as the only method of distributing such keys, especially since anybody can upload a plausible looking PGP Key.
Because of this threat of key falsification, keys on keyservers are often identified by their "Fingerprint", or "ID". A key fingerprint is a truncated hash function of the public key, and is considered unique enough to be used in verification of the key. This is only useful if you know the fingerprint/id of the recipient's true key when searching for it, and the fingerprint must also be verified after downloading and importing the key into the appropriate software. Most good key management software will list the key fingerprint/id next to imported keys, allowing easy verification against the fingerprint given by the recipient.
Many Public PGP Keyservers are networked together, so a PGP / GPG Public Key submitted to one of them, will eventually be published on several (but not all) of them automatically. This is in keeping with the popular mindset that a public key is better off very public, so that if someone seeks a key for a recipient, they are more likely to encounter the legitimate key, rather than a potentially false key. At worst, then, they will encounter two keys, and be inspired to verify which one is correct.
Play the 6 degrees of key separation http://pgp.cs.uu.nl/
Import our keys
Before sending us email for the first time, you need to import our keys. You only need to do this once per email address (per computer that you wish to use to do the encryption).
- 16.1 Key server configuration: select OpenPGP, then keep the default server (hkp://keys.gnupg.net) and save without making further changes. You only need to do this one per installation; you can skip it for any other future keys that you need to import.
- 16.2 Search and import certificates from certificate servers: use the appropriate email address from #Keys
- 11 Certificate inspection: the appropriate fingerprint is given in #Keys
Mac OS X
Follow the same instructions as for GNU/Linux below. Type each command into a Terminal window (/Applications/Utilities/Terminal), then hit Return. (The dollar sign represents the command prompt you'll see at the beginning of any command line: don't type it in.) If you need further instructions on using the Terminal, see the Help menu, this O'Reilly intro or Google.
Import from a keyserver:
$ gpg --search-keys --keyserver pgp.mit.edu OUR_EMAIL_ADDRESS
You may get asked to "Enter number(s), N)ext, or Q)uit >". Usually this means press 1 and enter - i.e. the first key found, which should also be the only key found.
Encrypt your message
Please only encrypt plain text. Some of the methods here may not work with other formats, and it's safer for us too. This means that if your email client allows you to use graphical smileyfaces, bold/italic/other fonts, and other pretty text features, it's probably best not to use these, and to try to switch your email compose window to "plain text" rather than HTML if you can find a setting to do so. In Thunderbird, the setting is found in the "Account Settings" Dialog, found in the "Edit" menu: Go to the "Composition and Addressing" tab of the desired account, and uncheck "Compose Messages in HTML Format".
Email encryption is primarily a way to prevent people between sender and recipient from reading the mail. However, you may also be concerned about people accessing your personal computer, either by hacking into it from a network or by physically seizing the computer from you and forcing you to decrypt the contents (assuming they are encrypted at all). If you're concerned that this might happen, then don't keep copies of any important emails you send or receive in plain-text. If drafting an email, do so in a program like gedit (Linux) or Notepad (Windows), don't save the file at any time, and copy/paste the text directly into the encryption scheme you plan to use. Also, remember to turn off message draft autosaving, which in many cases uploads a copy of your draft, unencrypted, to the central email server, defeating the purpose of encryption entirely.
In all cases, email Subject: lines are NOT encrypted. Don't put sensitive information there. If you don't even want to reveal your email address, get a friend to send it.
If you know how to, please cryptographically sign your message as well! This will assure us that your message was truly written by you, and not forged. But this has the effect of revealing your identity as well, so it's up to you.
Automatic Encryption Using Enigmail/Thunderbird
Enigmail is a "frontend" for GnuPG that offers a nice plugin-like interface for Thunderbird. When configured correctly, it removes much of the work/hassle of encrypting email to supported recipients (i.e. those with keypairs), and allows you to get back to the business of communicating with a reasonable degree of security in mind.
However, Enigmail has a number of gotchas that need to be considered when setting it up. For example, you need to set Enigmail to automatically encrypt email to recipients whose email addresses have matching public keys in the local key store; otherwise it may leave it up to you to remember to check "encrypt" in the compose window, which is easy to forget. You can also set up Enigmail to automatically sign all outgoing email, or only to sign when also encrypting; this is up to you.
Enigmail's security is dependent on GPG itself, and so you need to ensure your GPG installation is secure; see above for information on this process, which (at present) includes changing some settings through the command line/terminal; sorry to new users, this is seemingly the fault of the prevelant distributors of GPG for not updating the software to match changing security threats, and can't be helped.
One key consideration when setting up Enigmail is to change the settings of the email client itself, to turn off drafts. This is because to norm for remote email management these days is "IMAP", a system that works through synchronising remote mail folders with the local client and vice versa. In other words, when your email client automatically saves a draft of an email you are composing to a "drafts" folder (even one you think you've only made locally), odds are it's uploading that unencrypted draft directly to the server. So, by simply turning off automatic message drafting in Thunderbird, you improve your privacy and allow Enigmail to act as gatekeeper between you and the mail server. You'll find the appropriate setting in "Thunderbird Settings"->Composition->General->"Auto-save every XX Minutes". Just uncheck the option, the number of minutes is then irrelevant.
Learn and Use
Slides: "Encrypting Email with PGP/Enigmail/Thunderbird” from CryptoParty London
Manual Encryption Using Command Lines/Terminals and GPG
Assuming that you are not using a graphical interface to GnuPG such as Enigmail (for the Thunderbird email client), you can use GPG in the Terminal or a Windows command line, to manually encrypt your files or to run combinations of GPG commands as scripts or batch files.
12 Encrypting e-mails: should be fairly self-explanatory. Make sure you have already imported the right key; see previous section.
N.B. even experienced users make mistakes with the Windows command line, especially as some GPG options use double dashes -- and others just single ones -
C:\Users\CryptoParty> gpg -? | more
will display the available options, one page at a time.
Mac OS X
Follow the same instructions as for GNU/Linux below. Type each command into a Terminal window (/Applications/Utilities/Terminal), then hit Return. (The dollar sign represents the command prompt you'll see at the beginning of any command line: don't type it in.) If you need further instructions on using the Terminal, see the Help menu, this O'Reilly intro or Google.
The best way is to run:
$ gpg -ae -r OUR_EMAIL_ADDRESS > OUTPUT_FILE
Start typing your message. (Or right-click and "Paste" from the clipboard.) When you are done, press Ctrl-D and the program will exit. You will find the encrypted form of your message in OUTPUT_FILE.
Alternatively, you can draft the message on your computer (we prefer .txt plain text files), then run this:
$ gpg -ae -r OUR_EMAIL_ADDRESS INPUT_FILE
This will produce an encrypted form of INPUT_FILE in INPUT_FILE.asc. Be careful though, the unencrypted form still exists in INPUT_FILE. If you want to delete this (i.e. if you are concerned that someone may access your local file system without your permission), you can securely delete this file in Linux with the shred command, like so (the -u option in Shred means "remove the file after you shred it"; otherwise, the file remains as a shredded bunch of random 1s and 0s):
$ shred -u INPUT_FILE
N.B. this is not necessarily true on, say a journalling file system (e.g. OSX) or on many USB flash memory devices which use wear-leveling algorithms. See the Resources section on Securely Deleting data.
- Example: firstname.lastname@example.org Fingerprint: 62FE 7D6C A74F A35D A61C 63DD 0EBC 8BDB 31DE 7EF1
The last 8 characters of the PGP / GPG Fingerprint are often published or displayed as the PGP Key ID e.g. 31DE7EF1 which is usually enough to distinguish between entries listed on a PGP Key Server. For no human friendly reason at all, some software insists on a prefix of 0x, presumably to signify hexadecimal data, like this 0x31DE7EF1
- GPG home page
- Source of this Howto on OccupyWiki.org
- GPG for Windows
- GPGTools for Mac OSX
- HTTPS download page - you want to pick the topmost one that ends with ".dmg" and not ".dmg.sig".
- Mailing lists
Learn and Use
Video: "PGP/GnuPG Key Generation and Use" from Boston Cryptoparty (Ross and Kevin) via @torproject
Verifying Software Downloads & Files: Hashing
The main purpose of file hashing in context of crypto is to ensure that a) the file you've downloaded has not been corrupted during transfer and b) the file you have downloaded has not been tampered with by, for example, an threat agent wishing to eavesdrop on your activities. File hashing also makes it easier to verify that one has a particular file in one's possession by not having to make the file availeble, only the hash; comparing the hashes is sufficient to prove authenticity and possession.
A 'hash' is a unique number generated using a published algorithm on a particular file. For example, if I have file1.txt, which has no text in it, and I run it through a hashing (formally, a message digest) algorithm, I will get mathematical_value_1. If I then add text to the file, it has now changed and if I hash it again I will get a different result, mathematical_value_2.
Hashing, which can use a variety of methods, such as MD5 and SHA1, is commonly used to compare two files to see if they are the same. So if you want download a file from the Interwebbytubes and a hash is provided, after you download it you can hash it, compare the two values and be certain that the file is complete, uncorrupted and unchanged.
A secure hash is a hash algorithm where it is thought to be nigh-impossible to design an input to get a desired hash output, and it is therefore nigh-impossible to generate what is known as a hash collision between an authentic copy of an input and a modified form. As an example; if one were to offer you a piece of software that was signed using an insecure hash (such as MD5), it would be easy for a malicious agent between you and the server to provide malicious software with a colliding hash; that is, the hash of the authentic and malicious software is the same, so the signature seems to verify that the malicious software is legitimate according to the developer.
By contrast, a secure hashing function such as one of the SHA-2 family of functions is, so far, thought to be resistant to collisions and therefore is computationally impractical to use for this sort of attack. An attacker would have to expend unreasonable (read: hundreds of years of computer processing) computational power to find a variant of their malicious code that generated a matching hash to one which the developer has signed.
Bottom Line: Demand SHA-2 (i.e. SHA-224, SHA-256, SHA-384, SHA-512) or better. SHA-1 hashes aren't entirely trustworthy anymore, and MD5 sums are entirely insecure, only useful for verifying unimportant downloads (which are seldom important enough to hash-check in the first place).
Microsoft File Checksum Integrity Verifier
WARNING: this is closed source software, developers cannot see the source code, but that should not matter too much, if it verifies the same checksums as other software does.
Microsoft File Checksum Integrity Verifier Use this tool to ensure to compare the checksum of the tool you've downloaded with the publishers checksum. If the two values do not match then the tool should be treated as compromised.
Hashtab & Hash My Files
Two other useful utilities are HashTab and Hash My Files. These utilities add extra tabs to the file properties windows as well as an automated hash verification function. Hash My Files also allows the user to compute and store message digests for every file on a system to detect whether or not they have changed (and possibly tampered with).
WARNING: these are also closed source software, so developers cannot see the source code, but that should not matter too much, if they verify the same checksums as other, software does.
Checking Hashes on Linux / Mac
sha1sum and md5sum are included in most Unix/Linux based operating systems (including MacOSX) To use go to 'Terminal' in Applications>Utilities, navigate to the file you wish to use and type 'md5sum <filename>' where 'filename' is the filename, to get the md5sum. Compare with expected values from the site you downloaded from.
Checking GPG Digitally Signed Software Package Signatures
The Tor Project has a clear example of how and why you should check the integrity of their software packages, which have been signed using GPG Digital Signatures.
It is worth noting that one (possibly more) individuals on the Internet have set up slightly dodgy Tor Browser Bundle look- and sound-alike projects on Sourceforge under usernames that are easy to mistake for those of known Tor Project members. Beginning of discussion thread.
TrueCrypt is an on-the-fly disk encryption system. The software is freely available, runs on multiple operating systems, and is very easy to learn how to use. TrueCrypt also plays nicely with dual-boot systems (such as Windows and Linux).
TrueCrypt options include either full disk encryption or the creation of cryptographic container files, which mount as additional drive volumes. These functions are by no means mutually exclusive. By default such encrypted volumes automatically dismount themselves, e.g. when your screensaver kicks in or your laptop computer goes into power saving sleep mode, and so on.
TrueCrypt can also be used to encrypt USB flash memory sticks or digital camera or mobile phone memory cards. The caveat is that it is almost impossible to guarantee to securely wipe or overwrite the data from these devices due to their wear leveling algorithms. Therefore you should use a fresh USB device to re-encrypt the data with a new secret key.
TrueCrypt also includes a few options which theoretically provide plausible deniability to the user —not to be recommended if you are seriously in danger of rubber hose cryptanalysis, since your torturers will not necessarily believe you that there are no more hidden partitions apart from the ones you have already revealed to them. That said, as of 2008-2009 neither the Brazilian National Institute of Criminology (NIC) nor the American Federal Bureau of Investigation (FBI) have been able to crack several hard drives seized from of Brazilian banker Dantas who was suspected of financial crime. Furthermore, in 2012 the 11th Circuit Court of Appeals ruled that that a John Doe TrueCrypt user could not be compelled (due to Fifth Amendment concerns) to decrypt several of his hard drives.
Learn and Use
Slides: "Disk Encryption (TrueCrypt)" from CryptoParty London
Video: ”Truecrypt" from CryptoParty Boston (Kevin) via @torproject
Since version 10.6 of Mac OS X, Apple have offered users the ability to encrypt the home directory of their system. And from 10.7 onwards, Full Disk Encryption has been an option (technically referred to as FileVault 2). Enabling FileVault requires the user to have admin privileges on the computer, and will prompt the user to restart. At the next boot, as soon as the user logs in, FileVault will start doing online encryption of the main system drive. Other drives connected to the computer can also be encrypted by selecting them in Finder and choosing "Encrypt" from the File menu.
When enabling FileVault, in addition to admin users being able to unlock the drive at login, a Recovery Key is also generated, with the option of escrowing this key with Apple. If you choose to do that, you'll have to provide various additional security questions/answers along with your Apple ID.
Given the ease of use of FileVault, it should be almost the first thing you should enable on setting up a new Mac. Unfortunately, it doesn't currently work on RAID drives.
A detailed analysis of the internal workings of FileVault can be found in Infiltrate the Vault, and additional deployment reading can be found at Apple's Best Practices. (Note the invalid certificate on that web server–even big companies find it hard to keep all their certificates straight!)
LUKS is the Linux system for encrypted disks. It can be selected as an install option on most distributions. (Available in Ubuntu as of version 12.10). This is so-called "full disk encryption" - the system prompts for a password at boot, and if you don't have it, you can't get anything from the hard drives. For Debian or Ubuntu-based servers which need unattended reboots, there's a program called Mandos and tutorials for busybox/dropbear.
Learn and Use
"The Dog Ate My Crypto Keys" (Whole-Disk Encryption) from CryptoParty London
Video: "Truecrypt/LUKS, OTR, Secure VoIP/SIP w/ Jitsi, Bitcoin & data liberation" from CryptoParty Boston (@ageis)
Secure Data Deletion
As technology progresses, it is getting harder to Securely Delete sensitive data such as log on credentials or cryptographic keys etc.
Suppose that you wish to destroy a copy of the sensitive documents or emails or logfiles etc. that you have on a particular computer. Doing so in a hurry, when your enemies are battering down your door, is almost impossible to do quickly enough, because the data storage capacity of modern hard disks is huge.
This is one of the advantages of using Encrypted Container Files or Whole Disk Encryption - only a small Cryptographic Keyring needs to be securely deleted or physically removed and destroyed, to leave the bulk of the encrypted data unrecoverable forensically.
It can take hours or days or weeks to overwrite the multi-Terabyte sized hard disks which are common today, with multiple passes of random data , as specified in many outdated military and government standards
Eraser - open source secure deletion software for Windows, which helpfully also lists many of these standards.
Exactly the same problem of the length of time it takes to erase a big hard disk, with multiple passes, is faced by users of dban or built in Linux utilities like shred.
Apple Macintosh OSX users also have some Secure Erase options built in e.g. Applications / Utilities and double-click Disk Utility, then select the Volume, then click the Erase tab. A dialog box with three options should appear: zero-out, 7-pass erase, and 35-pass erase.
However, as has been shown in the pre-Court Martial hearings of the accused WikiLeaks source Bradley Manning, the quick "zero-out" option i.e. one pass of zeros, is not sufficient to trouble standard digital forensics tools like Encase.
For ATA hard disks, there are secure erase commands built into the disk controller chipset, which can securely erase data with a single pass, but even that takes hours rather than minutes or seconds on modern hard disks.
How to REALLY erase a hard drive - ZDnet article
Secure Erase by one of the inventors of the hard disk at Center for Magnetic Recording Research (CMRR), UCSD (sponsored originally by the NSA)
When it comes to flash memory devices, these to are meant to have secure delete built into them, but it has been recently shown that this does not always work as claimed. CMRR researchers have recently been forensically testing secure erasure and recovery of a large variety of Solid State Disks, with very mixed results
Flash Memory is also used for removable media like USB pen drives, digital camera SD cards and mobile phone microSD cards, most types of which use wear leveling algorithms to spread the large but limited number read/writes that they can take, without the data blocks being permanently burned into a read only fixed state. This means that a deletion or overwrite of a Cryptographic Key on such media may well leave all or part of it still forensically readable by equipment which accesses the flash memory cells directly, beneath the Flash Abstraction Layer (FAL) device driver, which hides such low level operations from the computer or camera or mobile phone operating system.
For those people who claim that all you need is a "big magnet" to wipe a hard disk, it comes as a shock when they discover that many , especially laptop computer hard disks, now have quite a bit of Flash Memory in their disk controller buffers, which is impervious to magnetic fields and which has a good chance of retaining sensitive data.
Unless your CryptoParty is being held outdoors, you should not try to demonstrate the other technique favoured by some people, to securely destroy hard disks i.e. Thermite
Encrypted Mobile Communications
N.B. Mobile Phone Network CDR (GSM Call Detail Records or 3GPP Charging Detail Records) will still show your cell location, which numbers you are communicating with, how often, for how long and how much data is being sent or received, regardless of any encryption Apps. Communications Data traffic analysis can be as intrusive, or sometimes more intrusive, than being able to read or hear the contents of a data or voice call.
Use dedicated devices and cut-outs (e.g. pay in cash, choose and vary nondescript connection locations, avoid leaving other electronic traces). Consider anonymous snail mail and uninvolved third parties. Don't create patterns of behaviour. Plan well in advance: include plenty of redundancy. Allow for the added stress of maintaining this deliberately different behaviour: plan for (non-patterned) time out. Keep focussed on what you are trying to achieve, and before starting, be sure it is worth this kind of risk.
See, for example, the Wired-reporter-disappears articles, and this one.
Gibberbot is a secure chat client for Android, capable of firewall and filter circumvention, surveillance blocking and end-to-end encryption. It works with Google, Facebook, any Jabber or XMPP server, such as OpenFire or eJabberD. Unlike Blackberry BBM’s broken single key security, Gibberbot uses the Off-the-Record encryption standard to enable true verifiable end-to-end encrypted communications. It is interoperable with OTR chat clients on other platforms.
TextSecure for Android phones encrypts your text messages on your phone, and allows sending encrypted messages to other phones using TextSecure. Unless you submit your passphrase, the spooks only know which people have sent messages, no more spying/retention of message content.
RedPhone Provides End To End Encryption For Your Calls, Securing Your Conversations So That Nobody Can Listen In. Only Available For Android Smart Phones
Chat Secure for iOS is a free, open-source, encrypted messaging application that uses Cypherpunks' Off-the-Record protocol to secure a communication channel over XMPP (Google Talk, Jabber, etc) or Oscar (AIM). It is interoperable with secure clients on other platforms.
Note: since iOS is a closed, proprietary system, it is wise to create a separate key for use on iOS devices only. If you're really keen, you could create a separate key for each client, device or situation.
Privacy Protected Browsing
Tor An essential tool for anonymous browsing & anonymity, Tor is available for Mac, Linux, and Windows (and for Android devices under its Orbot distribution, and for iOS devices as the Onion browser: see entries below). In order to make your surfing via Onion Routing as safe as possible, you will need to change your habits a bit; fortunately the website and its blog are very informative about your options for enabling anonymity for yourself and/or providing it for the world at large. The community support is excellent. (Run a Tor relay long enough, and the Tor Project shall give you a free Tor t-shirt!) In August 2012 the Electronic Frontier Foundation awarded The Tor Project a Pioneer Award.
You can use this visual explanation as a teaching tool when introducing people to Tor and https.
Check out the Tor Documentation
- Gaim / Pidgin
Go to the Accounts, select your Account Select Edit Account Go to the Advanced Tab Under Proxy Options select proxy type SOCKS v5 Enter 127.0.0.1 for the host Enter 9050 for the port Leave user/pass blank
Thunderbird has native SOCKS5 support that can be enabled through the Tools / Options / Advanced / Network & Disc Space Tab. Click on the Connection button and then select Manual Proxy Configuration. Enter the details for your running Tor process: host: 127.0.0.1 port: 9050 Thunderbird should now be working. It's best to test it at this point, although bear in mind that it might be leaking DNS information. Assuming you now have Thunderbird working through Tor, the last step is to ensure that DNS resolves aren't leaking information. Select the Tools / Options / Advanced / General Tab and then click on Config Editor. This will present you with a huge list of all the potential configuration options in Thunderbird. The list can be narrowed by typing proxy into the filter box. Find the option: network.proxy.socks_remote_dns and make sure it's set to true. If not, double-click it to toggle the setting. That's it, Thunderbird should now be fully configured for use with Tor.
Tor Browser Bundle: https://www.torproject.org/projects/torbrowser.html.en#downloadtbb What is the Tor Browser Bundle(TBB)? Quick videos on how to use TBB. Download TBB. What is the Tor Browser Bundle (TBB)? The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked. The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained. Quick videos on how to use TBB How to download and use Tor Browser in different operating systems: Microsoft Windows Apple OSX Linux How to verify the digital signatures of Tor Browser in different operating systems: Microsoft Windows Apple OSX Linux How to find and use bridges and unpublished relays in Tor Browser in all operating systems: Download Tor Browser Bundle To start using the Tor Browser Bundle download the file for your preferred language. This file can be saved wherever is convenient, e.g. the Desktop or a USB flash drive.
If you run IRSSI on GNU Screen, open a new window (ctrl+a C). If not, you'll have to open a new tab or windows to connect to the proxy: socat TCP4-LISTEN:5000,fork SOCKS4A:localhost:irc.oftc.net:6667,socksport=9050 On IRSSI, connect to localhost, on port 5000: /connect localhost 5000 To ignore information leakage (client and time zone) run on IRSSI: /ignore * CTCPSDescribe your new note here.
Right-click in the window and select Settings-> Preferences -> Network -> Network setup -> Proxy server Use the following settings: Hostname: 127.0.0.1 Port: 9050 Type: Socks5
Learn and Use
Video: "Using Tor" from CryptoParty Boston (Andrew and Steve) via @torproject
How to set up an obfsproxy Tor bridge on Debian and Ubuntu via @torproject
29C3 Hamburg talk : "Tor ecosystem"
Tor Browser Bundle
Or, in other words, the basics you need, including the browser. Once installed and operated correctly this will allow you to browse the web using Tor. It does not provide Tor for other applications such as IRC or chat clients (these have to be configured on their own).
Visit the Tor Browser Bundle webpage at Tor Project Tor Browser Bundle:
- Before you download scroll down and read the installation instructions for your operating system (in English).
- Click on the download link for your operating system and language and follow prompts.
- If you are having problems, scroll up the Tor Project Tor Browser Bundle page to 'Quick videos on how to use TBB'
Tor does not provide 'anonymity' - you have to change your browsing habits as well. For more information on Tor read Tor: Overview.
Onion browser on iOS
This app is a Tor-capable browser for iPhone/iPad.
Orbot: Tor On Android
Orbot The official port of Tor to Android, Orbot was originally developed By The The Guardian Project InSync With The Tor Project Orbot only has full functionality on rooted Android smartphones, but is quite easy to set up.
OnionKit (also developed by the Guardian Project) gives you greater control over SSL use on Android (including Orbot). via @droidfeed
Orweb: Proxy+Privacy Browser
Ghostery is a privacy browser extension which enables you to track the trackers and to configure the plethora of third-party apps and scripts to which web browsing is heir. Ghostery renders the invisible web visible by making tags, web bugs, pixels and beacons apparent. If you want selected third-parties to analyze your browsing data, you may do so. If you want to view their privacy policies, now that you can see who they are, you may do that as well. Ghostery is free to download, quite easy to set up, and can be quite the eye opener. Ghostery screenshots You too can opt in to provide data via GhostRank for the Better Business Bureau and the Direct Marketing Association!
Learn and Use
Protect the privacy and anonymity of visitors to your website (referred by CryptoParty Philadelphia (US).
A "Darknet" is an encrypted intranet of files, discussion fora, or html pages, which is available only to persons running the software or part of a secret or restricted usergroup within that network. Darknets are often friend-to-friend, in which cases connection is mediated/routed through trusted persons' connections (although central "trusted" servers are often provided by default by the developers) (examples of this "F2F" approach are Freenet and Retroshare), or are routed through anonymity tunnels in a network of mutual-distrust, an inversion of the friend-to-friend philosophy where no person is assigned total trust over a user's browsing (Tor).
Discussed above, Tor is an anonymous browsing network, but it supports a form of internal darknet known as Tor Hidden Services. This system attempts to ensure that no person can determine the location or IP/identity of the hidden-service server, provided the service/server is secure. It also allows for free "domain" hosting, provided that a long hash-like key ending in ".onion" is an acceptable substitute to a dot-com address. Many popular websites in the hacker or activist scenes have alternative .onion addresses for access through Tor in case of DNS blocking or ISP filtering in certain places, or to provide a more rigorous level of connection security to visitors.
With Tor Hidden Services there is end-to-end encryption, from your web browser, etc., through the cloud of Tor routers, right through to the final computer which is running the hidden service or services, so there is no extra security to be gained by specifying a SSL/TLS link, e.g. https://123456789012345.onion.
Tribler is a p2p file sharing system with expanding development into darknet social media and p2p hosted collaborative files. Tribler supports all known video and audio formats and can deal with all Torrent sites on the Internet. Click-and-play functionality, which enables you to begin viewing immediately, will shortly be extended with the addition of a Live function for viewing live channels or webcams. Beta Android as well as Linux, Windows and OS/X. Over one million downloads and very strong community participation.
i2P (Invisible Internet Project) is a darknet implementation built atop java, with full support for streaming, anonymous file sharing (BitTorrent), webserving, mail and more. i2p is a secure, anonymous network offering a range of services by default. Resistant to censorship and monitoring. Has an active IRC which you can access after installing i2p @ 127.0.0.1, 6668 Please see the comparison between Tor and i2p from i2p. In general, Tor has had more peer review than i2p and is likely more secure.
Freenet is a java-based distributed darknet that operates best when given a large amount of space to work with (from 5GB to 1TB or more). Think of it like a grassroots usenet service: the more data you allocate, the faster your node becomes. Unlike Tor, static websites can be distributed to these datastores and preserved even if the authors go offline. Websites are maintained with private keys to maintain updates. With a security-concious setup, you can go as far as having a session-based encrypted datastore and using multiple trusted connections to reach the rest of the network(like a "bridge" on Tor, connecting to friends or family before strangers).
Frost is a bulletin-board style addon for Freenet that supports topic-threading and attachments.
Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:
No one else can read your instant messages.
You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
A variety of chat clients are available which use OTR.
These clients support Off-the-Record Messaging out of the box.
- Adium (Mac OS X)
- climm (Unix-like), since (mICQ) 0.5.4
- Cryptocat (Cross-platform), since 2.0
- MCabber (Unix-like), since 0.9.4
- CenterIM (Unix-like), since 4.22.2
- Jitsi (Cross-platform)
- BitlBee (Cross-platform), since 3.0 (optional at compile-time)
- Gibberbot (Android)
- ChatSecure (iOS)
The following clients require a plug-in to use Off-the-Record Messaging. Plugin support allows use of OTR with all of a client's implemented instant messaging protocols (e.g. OSCAR, XMPP, MSN, YIM/YMSG etc.).
- Pidgin (Cross-platform), with a plugin available from the OTR homepage<ref>Template:Cite web</ref>
- Kopete (Unix-like), either with a third-party plugin<ref>Template:Cite web</ref> or, since the addition of Kopete-OTR on 12th of March 2008, with the version of Kopete shipped with KDE 4.1.0 and later releases.<ref>Template:Cite web</ref><ref>Template:Cite web</ref>
- Miranda IM (Microsoft Windows), with a third-party plugin<ref>Template:Cite web</ref>
- Psi (Cross-platform), with a third-party plugin and build,<ref>Psi-Patches and OTR-Plugin on tfh-berlin.de</ref> in Psi+<ref>Website of the Psi-Developperversion Psi+</ref> native usable
- Trillian (Microsoft Windows), with a third-party plugin<ref>Template:Cite web</ref>
- irssi, with a third-party plugin<ref>Template:Cite web</ref>
- Gajim, with a third-party plugin<ref>http://gajim-otr.pentabarf.de/ OTR plugin for Gajim</ref>
For those clients which have no native OTR support, a GUI proxy is available. That means that the messages are sent to the proxy unencrypted and get encrypted while they "flow" through this locally installed and running application called a proxy. Currently, the proxy provided by the OTR-project supports only the OSCAR-protocol, thus it can be used for .Mac, ICQ, Sametime, and AIM. The OTR proxy is capable of SOCKS5, HTTPS, and HTTP.
Chat Log Files
Some of the Chat Clients listed above e.g. Adium, store plaintext, unencrypted Chat Logs, often by default, even when the OTR "security / privacy" plug-in is installed.
If you are taking OTR precautions to protect your chats from snoopers over the wire or over the air, you should either double check that you have manually switched off Chat Session Logging, or ensure that the Chat Logs you deliberately intend to keep are created on an encrypted disk drive or volume (see the Disk Encryption section above), in case your computer is lost, stolen or seized. It is also worth asking the person you are chatting with if they are inadvertently logging the chat with their Chat Client software.
Learn and Use
Slides: "Private Conversations over Instant Messaging (OTR/Pidgin/Adium) from CryptoParty London
Video: "Truecrypt/LUKS, OTR, Secure VoIP/SIP w/ Jitsi, Bitcoin & data liberation" from CryptoParty Boston (@ageis)
Need a hardware encrypted 16GB USB flash drive that'll self-destruct if an incorrect password is entered a select consecutive number of times?
Yubikeys are small USB tokens with a button that has two "slots" (short/long press). These slots can be used as 128-bit AES "One Time Password" generators (verification by a server component) or for static passwords. Software and spec are open (source).
OpenPGP Smartcards can safely store PGP/GPG keys and perform operations (signing, encryption).
Tahoe-LAFS (Least Authority File System) is a Free and Open cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire filesystem continues to function correctly, including preservation of your privacy and security.
Learn and Use
Intrusion detection systems
AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies.
DistrRTgen is a distributed rainbow table project which runs on the BOINC platform. The generation of huge rainbow tables enables security experts to avoid weak cryptographic hash functions by providing evidence of same.
Operating System and Host Environment
Home directory encryption
Ubuntu Linux v8.04 has an option to set up a transparently encrypted private directory in your home directory. Later releases of Ubuntu added an option to encrypt your entire home directory, not just a private subdirectory. When you log in, you will be prompted not only for your login passphrase but your passphrase for your home directory. Note that the presence of your files is not obscured, only their filenames and contents. The system used to do this is called EcryptFS, and it uses the AES-128 algorithm by default. It has been compared to integrating GnuPG with a file system. Here is the official Ubuntu documentation. Due to the fact that there are stronger and better documented whole-disk encryption subsystems available in Linux, the user may wish to consider installing the entire system to a LUKS encrypted hard drive.
Full Disk Encryption
On a Linux operating system the entire disk or a disk partition can be encrypted with crypto-LUKS
On Mac OS X 10.7 and 10.8 the built-in security feature FileVault can be used to encrypt the entire boot drive. Previous versions of Mac OS X (10.3 to 10.6) can encrypt your user directory, but not your whole hard drive. FileVault is very easy to setup (System Prefs > Security > FileVault > Turn on), so any Mac user can make this a routine step. (While there is a port of TrueCrypt for MacOSX it is not capable of full-disk encryption, only encrypted volume (file) encryption.)
With full-disk encryption enabled, the operating system will not boot until a passphrase is entered. Documents stored on the same encrypted disk or partition will also be inacessible without the passphrase. Full-disk encryption is another layer of security, and can be used in combination with home-directory encryption and encrypted containers.
The more detailed Disk Encryption section above.
Tails Linux: The Amnesic Incognito Live System
Tails Linux or The Amnesic Incognito Live System is a live Linux distribution designed for preserving privacy and anonymity. It is the next iteration of the Incognito Linux Distribution. It is based on Debian Linux, and uses IPtables to route all outgoing traffic through Tor. TAILS is designed to be booted as a live CD or USB and no data is left on local storage media unless the user explicitly configures this. It also writes random data to memory if it detects a power off to defend against the cold boot attack.
If you are interested in using Linux in a more general way than Tails allows, please see http://www.cryptoparty.org/wiki/Linux_Operating_Systems
Liberté Linux is not a generic live Linux distribution with anonymity features. Its primary focus is to let you communicate, stealthily and securely, with other people in a hostile environment. Here, hostile environment is one where someone resourceful seeks to find out your identity because of something you do. You might be a dissident in an oppressive Islamic regime, perhaps, or an anti-government cell coordinator in China. A highly-ranked mole in the US intelligence service, passing information to his handler in the Belarusian embassy. Or, a whistle-blower in an international petroleum corporation. All these possibilities have something in common: high technological capacity of the authority in place, and willingness to use this capacity to find out who you are in order to stop you. Of course, you might just consider using Liberté because you dislike the idea of a bureaucrat somewhere deciding whether something you do online is legitimate or not. You are welcome.
(The above is a website summary.)
"Whonix (called TorBOX or aos in past) is an anonymous, general-purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. This is because Whonix consists of two virtual machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible." (Project summary)
Use a proxy or public computer to use these services safely. Best to encrypt messages with the recipient's public key (perhaps using Zerobin with a burn-after-reading setting).
- https://www.zeta-uploader.com - A little shady but works. Attachments are sent as a link.
- http://jhiwjjlqpyawmpjx.onion/ (onion link) Tor Mail is a Tor Hidden Service that allows you to send and receive email anonymously
- https://www.hushmail.com Hushmail offers private, secure free email accounts. Email is encrypted and spam/virus scanned
Edit: Not entirely safe? https://en.wikipedia.org/wiki/Hushmail . Need more guys, https://www.networkworld.com/community/blog/hunting-email-service-extreme-wishlist-privac not sure
- http://anonymouse.org/anonemail.html - Random delay up to 12 hours.
- http://send-email.org/ - 500 character limit; sends quickly; cuts off the first letter of the message body.
- http://deadfake.com - Formatting issues at line breaks.
- http://www.dropsend.com/ - A little intrusive for the recipient but allows attachments. Attachments downloaded from website link.
Privacybox.de provides non-tracked (and also anonymous) contact forms. It is run primarily for journalists, bloggers and other publishers, but it is open for others as well. It is powered by the German Privacy Foundation e.V.
Uses a combination of encryption and anonymization techniques, e.g. SSL/TLS encrypted web forms, Tor or I2P, GPG email encryption; the service promises not to keep log files, etc.
The source code to the web application is available for download and review.
Got a lot of your personal/professional life tied up in one email account, in Facebook, LinkedIn or Twitter? According to the Data Liberation Front, every online service should offer you a quick and easy way to move your data elsewhere.
This is becoming increasingly important, as we log more and more of our day-to-day lives into proprietary networks. If you put it in, you need to know how to get it out. How do we do that? Can we do that?
Who "owns" our data, including music, videos and ebooks we obtain by pressing the Buy button? Who "owns" all our photos, home videos, blog posts and comments? When we create something, don't we have rights over how it is used?
This is why you need to read the ToS (terms of service, terms and conditions). This is why corporations need to stop making the damned things long enough to choke a elephant. This is why we need to look at distributed, open-source and privacy-friendly alternatives like Diaspora.
Learn and Use
Video: "Truecrypt/LUKS, OTR, Secure VoIP/SIP w/ Jitsi, Bitcoin & data liberation" from CryptoParty Boston (@ageis)
Virtual Private Networks (VPNs)
Virtual Private Networks (VPNs) are a technology specifically for connecting computers (or computer networks) securely across the Internet. VPNs effectively make an encrypted tunnel through which otherwise unencrypted network traffic can transit securely.
VPNs are most often used for securely connecting to a local network or office/workplace network from a remote location.
VPN services exist (often commercial) which are often used to access the Internet from a remote location, this can be useful to circumvent geoblocking restrictions (appearing to be accessing the Internet from the UK to watch iPlayer when one is actually using a UK based VPN from elsewhere) or for circumventing web filter technologies in the same way. VPNs can also be useful in this way for examining your own network connections to the Internet from an outside perspective.
Microsoft bundles Point to Point Tunneling protocol in with its Windows operating system. It is offered by many commercial VPN providers and is used by lots of organisations to provide remote access to corporate networks for home office or mobile users.
Microsoft PPTP Problems
- There are serious questions about the security and encryption of PPTP, even though it uses the still secure RC4 stream cipher algorithm. The authentication pass phrase is effectively only single DES 56bit encrypted (which used to be secure enough years ago). This can now be brute forced in a feasible time, using distributed cloud based computing resources i.e in under a day.
- "Microsoft PPTP is very broken, and there's no real way to fix it without taking the whole thing down and starting over. This isn't just one problem, but six different problems, any one of which breaks the protocol. " - Bruce Schenier (1998)
- Moxie Marlnspike recently demonstrated serious problems with the primary authentication method MS-CHAPv2 used by PPTP 
N.B. You may still choose to use PPTP VPN connections where they allow you to circumvent censorship, but then use another, more secure VPN tunnel method (e.g. OpenVPN or Tor) or encrypted https:// web browsing session, through the PPTP tunnel.
Open VPN uses strong encryption and is also available as an option from some commercial VPN providers.
Open VPN is already a topic at some CryptoParties - please add resources here
VPN apps for iOS which don't require jailbreaking
An App Store search brings up quite a few VPN apps: check ratings and features carefully. Be aware that most, if not all VPN providers will charge you money (per month and amount of data) for the privilege. ;)
VPN in meatspace
If you're shifting something other than electronic data around the world, you may find it appropriate to use a remailer or mail-forwarding service. Again, this will cost you a bit, but it gets you past some of the barbed wire fences which countries/corporations have recently erected.
If your (or others') personal safety is at risk, plan carefully, using a combination of remailers, local postal forwarding and casual/courier drops. More cut-outs can be safer, but simple is faster. Look at what's available.
Secure Shell (SSH) can be used to effectively create a VPN between two computers. This is not particularly user-friendly, but is powerfully flexible and strongly encrypted.
Note: like your PGP keys, your SSH keys should be kept in a safe place. These keys identify you, so make sure nobody else gets their sticky hands on the private part of each key pair. If you leave your keys lying around, someone else will drive off with your car, house or crucial data. (Never heard of mobile homes? Mobile data? I rest my case.)
- SSHKeychain is an app which manages and authenticates your SSH keys.
- SSH Agent "is a graphical front-end to some of the OpenSSH tools included with Mac OS X. Specifically, it allows you to start an ssh-agent, generate identities, and add identities to an agent. Additionally, it allows you to make the ssh-agent global so that, e.g., Xcode can use it to do version control over SSH, and it has some functionality to set-up a secure tunnel." (from the website)
Without jailbreaking, there is currently no terminal access to the iDevice, but there are a range of remote-use apps which allow you to establish and manage connections to other devices (via SSH, Telnet, VNC etc.). Here are a couple of examples:
Learn and Use
Video: VPNs from Cryptoparty Boston (David) via @torproject
Lifehacker: Why You Should Use a VPN and How to Choose the Best One for Your Needs via @MylesPeterson
Bitcoin is an alternative and virtual currency, obviating the need to use personally-identifying information (e.g. credit card, PayPal account) when paying for goods or services online. If donating money to a good cause, or sending money to friends or family, would bring the corporate/government hammer down on you, Bitcoin protects your privacy. Bitcoin is not difficult to use, and using it does not make you a criminal (criminals drive cars, but that doesn't make car-driving a criminal act: Bitcoin is just another tool, so drive carefully and spend your Bitcoins wisely ;) ).
Learn and Use
RFID (Radio Frequency IDentification) is a near-field technology increasingly used to track people and property (in the eyes of the trackers, the two appear to be indistinguishable). NFID chips can be embedded in ID cards, in many day-to-day objects (e.g. paper or clothing) and under the skin. These chips can be passive, thus undetectable without being triggered by the set frequency.
Credit cards and multi-tickets containing RFID chips can be "waved" past a scanner to pay for something. To avoid someone activating your RFID chip without your consent (e.g. while it's in your pocket, to pay for something you don't receive), you can block access to the chip by putting it inside barrier material (for example, that used in these RFID sleeves). In effect, you're "jamming" the radio signal.
The OpenAMD Project explores the potential of large-scale human tracking.
RFID is currently being used to track employees and students, including minors. Although tracking may initially be described as "opt-in", in large, regimented work or learning environments considerable pressure is placed on people to conform. It is particularly worrying that children are being socialized to accept tracking (and its egregious invasion of privacy), while not understanding its ubiquity and how the data can be abused.
Remote Desktop software
- History of vulnerabilities
Microsoft Windows computers have built in support for Remote Desktop Protocol (RDP) access from other Windows computers. These sessions are 128 bit encrypted with the RC4 encryption algorithm, but you need to be careful about credential stealing and man-in-the-middle attacks (common to all remote access schemes), so , if possible, you should restrict it to specific IP addresses through your firewall / router.
- By default members of the Administrators group on the remote computer are allowed to authenticate via Remote Desktop, but this is switched off by default on a workstation. On servers e.g. Windows 2008, Remote Desktop is usually on but by default restricted to Network Level Authentication. You might need to "Allow connections from computers running any version of Remote Desktop (less secure)"
- To add extra Users (surely you were not thinking of connecting over the public internet as Administrator, were you ?)
- Start button / Computer - right mouse click /Properties / Remote Settings
- to start the Remote Desktop Client
- on Windows 7 - Start / enter mstsc in the Search programs and files box or on older versions of Windows - Start /Run / mstsc
- Enter the full Domain Name or IP address or WINS name or NetBIOS hostname of the remote computer
- Enter your Windows credentials on the remote machine in the "DOMAIN\User Name" format then Password (note the direction of the "\" character, often the "/" works as well in Windows, but not in this case)
- If the remote computer is not a member of a Domain, you may need to enter "HOSTNAME\User" to authenticate as a local user.
If you want to control a Windows Desktop via RDP from a Macintosh then the CoRD client works well.
Apple Remote Desktop ARD
Apple Remote Desktop ARD is built in to Apple Macintosh OSX computers.
Prior to version 3, ARD encrypted only passwords, mouse events and keystrokes, not desktop graphics (or file transfers). Apple therefore recommended that ARD traffic crossing a public network should be tunnelled through a VPN, Version 3 now uses AES 128 bit encryption:
Voice over IP
Asterisk open source PABX etc.
There are a lot of VoIP providers out there, varying in quality and hype, but the big question (apart from CAN YOU HEAR ME?) is whether you can encrypt the conversation at both ends. Look for VoIP clients equipped with encryption standards (ZRTP, SRTP) but make sure the conversation is encrypted before it leaves your device, not on the VoIP provider's server (which can be decidedly shonky).
- Zfone (ZRTP integrated), runs on OSX, Linux and Windows
- Jitsi (ZRTP integrated), FLOSS with LGPL licence, does voice, video, file transfer and desktop sharing: runs on OSX, Linux, Windows and you can build it for FreeBSD
The following services either aren't open source, have restrictions, or use a pay model:
- KeyWe FREE! (SRTP), runs on iOS - <color=red>Offers a free SIP server for a limited time</color>
- VoIP One Click (SRTP), runs on iOS - <color=red>Free app-to-app only, offers halfway encrypted app-to-phone on purchased credits.</color>
- Bria (SRTP), softphone to use with existing VoIP services, runs on iOS - <color=red>Costs $8.49 + seperate video, text, and codec purchases.</color>
Note that you can use a VPN to encrypt VoIP conversations, but this method is data-heavy, so it's only suitable for use with fast connections (i.e. not on cellular/mobile networks).
Learn and Use
is a Open Source cross-platform, Friend-2-Friend and decentralised communication platform. It is using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides filesharing, chat, messages, forums and channels
After installation, the user either generates a pair of GPG keys with RetroShare, or selects an existing keypair to use. After authentication and exchanging an asymmetric key, ssh is used to establish a connection. End to end encryption is done using OpenSSL.
Mobile Phones / Smartphones
The Rules of Beeping: Exchanging Messages Via Intentional "Missed Calls" on Mobile Phones by Jonathan Donner, Technology for Emerging Markets Group, Microsoft Research India
The Guardian Project provides multiple layers of security for your Android smartphone. It's free and well-designed: check it out!
(via CryptoParty Frankfurt (Germany) and @guardianproject)
Big Brother is watching you, but there's a lot you can do about it. Protect your privacy as above. Record and upload abusive government/corporate behaviour. There are some excellent apps for keeping track of what's happening to you, and making sure other people know when wrong has been done. We have more eyes, ears and voices than they do. Use what you have.
(Thanks to Utah Liberty Watch for some of the suggestions below.)
Stop and Frisk Watch (iOS-en and Android-en/es) from the ACLU (New York)
History Eraser (Android)
Whapee (iOS) — anonymous location-based image/video upload with text
Cop Watch (iOS)
iSpy Cameras (iOS)
Network Camera (iOS)
Hidden Spy Cam (iOS)
Learn and Use
Each nation-state has its own laws (and international treaties) regarding encryption and communications data. Some of these can legally force you to either hand over your de-cryption key(s) or to hand over de-crypted plaintext. Other laws can force fixed line, mobile phone and internet service providers to retain the communications data of millions of innocent people, for periods of time in excess of what they need for business purposes, which then puts such data at risk of abuse by corrupt or unscrupulous privileged insiders.
Typically such big data laws are justified for the laudable purpose of investigating serious crime such as terrorism, human trafficking, sexually exploitive material or drugs smuggling (some of the Four Horsemen of the Infopocalypse) but they soon get extended to routinely cover all types of crime, no matter how trivial, and then routine activity, whereupon they impinge on civil socity and threaten fundamental political and human rights freedoms as part of an omnibus national-surveillance complex.
Australia is currently undergoing a National Security Enquiry, where the government insists it needs to make our ISPs keep all our online data for two years (the Australian Federal Police actually said they would prefer it be kept "indefinitely"). In other words, everyday users would pay extra ISP costs to have their personal data stored and made available to any government agency and any European government (including the thinly-disguised dictatorships). Inevitably (following the well-established pattern of Big Data), this personal information would be left in taxis or bus shelters, it would be hacked and it would be abused.
Every phone call, every email, every website you visit, every word you say in chat... the Australian government wants it and wants you to pay to provide it, apparently under the assumption that our harmless and law-abiding vast majority will suddenly become criminals. Or is everyone guilty before proven innocent now? For further info, follow #ozlog and #NatSecInquiry on Twitter and/or see the EFA (Electronic Frontiers Australia) site.
It should be noted that the Australian Greens party, the Australian Pirate party, the EFA, various civil liberties organizations and many individuals have represented us very well at this enquiry. Unfortunately, anything labelled (accurately or not) "national security" just gets waved through by the two main parties. And they ask why so many Australian voters are disillusioned with politics...
Web censorship is apparently more common than direct surveillance in Ireland at present. Out-of-court settlements by IRMA (Irish Recorded Music Association) and Eircom, and others, have lead to widespread censorship of The Pirate Bay. A "statutary instrument" was used by TD Sean Sherlock of East Cork (against massive public outcry) to place court-order censorship of websites into the power of lobbying bodies; the wording was very loose, and it is not clear if any oversight will be employed. It is also not clear whether there will be a right to contest or to seek restitution for false censorship. The order makes no mention of requiring notice or warning to be given to site operators.
Given that censorship is widespread at the DNS level, DNS records are logged at least and could be further inspected. There is little evidence of more concerted efforts at surveillance as yet.
Uniquely in Europe, Ireland is in a significant position of power over multinational companies such as Google and Facebook, who establish primary offices in Ireland to take advantage of a tax loophole known as the "Dutch-Irish Sandwich". A small and underfunded, but apparently well-intentioned, office known as the "Data Protection Commissioner" has previously struck blows to privacy standards at many companies, including Facebook, who flagrantly abuse customer privacy. Citizens can appeal to the DPC to take action on cases of perceived injustice and privacy violation, but the office has few resources to deal with all issues under their remit, and primarily focus on "big issues".
The Electronic Commerce Act 2000 (nr. 27), which was enacted on 19 July 2000, contains a decryption order in article 27 (2) (c). A judge can issue a search warrant if there are reasonable grounds to suspect an offence under the Act has been committed. Such a warrant authorises investigation officers, among other things, "when the thing seized is or contains information or an electronic communication that cannot readily be accessed or put into intelligible form, to require the disclosure of the information or electronic communication in intelligible form". Persons or public bodies who fail or refuse to comply are guilty of a summary offence (art. 27 (4)). (source Crypto Law Survey)
United Kingdom Regulation of Investigatory Powers Act 2000 Part III Investigation of electronic data protected by encryption etc. penalty of up to 2 years in prison or up to 5 years in prison if the words "national security" or "child indecency" are invoked by the investigators through a Section 49 notice. There is also a "tipping off" secrecy power, which if invoked, has a penalty of up to 5 years in prison for telling someone that they are the subject of such a Section 49 notice.
RIPA Part 1 Chapter II Acquisition and disclosure of communications data is in the process of being extended to cover not only designated, Communications Service Providers (regulated telephone and internet and postal delivery companies) but potentially every web click in a search engine like Google, all Twitter and FaceBook activity or Voice over IP conversation etc. using Deep Packet Inspection black boxes and filters, only seen so far in repressive dictatorships.
Open Rights Group wiki on the Communications Data Bill
N.B. there are a few legal loopholes in this repressive legislation, which UK CryptoParty experts will be able to advise on.
Organizations and Legal Support
Electronic Frontier Foundation
The EFF is the premiere American advocacy group for digital rights. Chockful of useful information ranging from proposed international treaties and amicus curiæ briefs with the United States Supreme Court to whether the cops can search your smartphone without a warrant and surveillance self-defense. Highly recomended.
Courses and Education
Coursera: Cryptography taught by Dan Boneh, 27 August 2012 to 1 October 2012
Where to go for more information
The EFF has some excellent resources for those still trying to get their head around things here: https://ssd.eff.org/tech
A great and very complete tutorial on how to use various tools is Peter Guttman's epic slide deck http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html Folks who are running a cryptoparty might want to look for these to get what they need for teaching how to use certain programs.
If you are interested in foundations Applied Cryptography by Bruce Schneier is a great book to read.
If you complete all the exercises on http://crypto-class.org you'll reach a point where you have a good idea of how hard it can be to get crypto right.
- 1. Break ciphers... crypto-class has some great exercises for this also if you find yourself addicted to breaking stuff here are >100 puzzles. There is a fine line between secure and radically insecure, you'll learn about this by making and breaking ciphers.
- 2. If you are thinking of writing your own software, by all means do, make it open source and prepare to learn. But beware of making grandiose claims about security and the Dunning-Kruger effect. Cryptoschemes take years to be considered 'secure'. Combining schemes can often interact in ways that weaken the two systems, some combinations are often weaker than their parts.
- Security Basics (.onion Tor Hidden Service)
- Slide Stack from CryptoParty Perth AU (incl. some good visual intros for beginners)
- Internet Security 101 — the evolving CryptoParty Guide (don't panic, and bring your towel)
- Why Johnny Can't Encrypt - famous PGP usability study; very useful for Cryptoparty mindset preparation and gotchas
Some Relevant Quotes from Twitter and Elsewhere
- "BREAKING: "corrupted nerds" cited as the reason for sweeping expansion of surveillance powers http://aph.gov.au/live #CorruptedNerds" ~ @SenatorLudlam 21/8/12
- "Encrypt your data, the Cybercrime Bill has passed: http://bit.ly/TTq8bN #natsecinquiry #ozlog #cybercrime #corruptednerds" ~ @PiratePartyAu
- "ain't no party like a crypto apps install party." ~ @m1k3y 22/8/12
- "I want a HUGE Melbourne crypto party! BYO devices, beer, & music. Let's set a time and place :) Who's in?" ~ @Asher_Wolf 22/8/12
- "12:29pm Senate passes #CyberCrime amendment 7:19pm @m1k3y ain't no party like a crypto apps install party 7:24pm @Asher_Wolf .. #CryptoParty" ~ @mylespeterson 23/8/12
- "Am I the only one thinking #cryptoparty sounds like something scandalous teen girls are doing these days? (& wouldn't it rock if they did?)" ~ @lex_is 23/8/12
- "Ain't no party like a #cryptoparty 'cuz a #cryptoparty don't MbqwR5+eqstXjRY5lwjkzo7qXVzSwVYJ82" ~ @quinnnorton 24/8/12
- "There's a #CryptoParty in my pants, but only Alice and Bob are invited" ~ @xntrik 25/8/12
Sir Humphrey: "Can you keep a secret?" Bernard: "Of course" Sir Humphrey: "So can I" - Yes Minister, episode 1 Open Government, 25th February 1980
- "Surely, as we reflect on the consequences of the digital shift from a default of forgetting to one of perpetual memory, we should be seeking to restore, as far as possible, the individual's right —not simply to their privacy, but to having the right to delete that which they have created, in the same way as can be done in the analogue world." ~Shadow Communications Minister Malcolm Turnbull
- "The Street finds its own uses for things -uses the manufacturers never imagined." ~William Gibson
Presentations or talks at a CryptoParty should, of course, be leavened with some humour...