Coders are the new Communists?
The Heartbleed bug is a programming
error in the OpenSSL library which
undergirds most of the
encrypted traffic on the Internet.
(speaking of encrypted traffic,
even once the bug is fixed,
you should be using
from the EFF).
They know you're pregnant,
Maybe even before your family does.
(you should install Privacy Badger from the EFF).
Creeps can use your own computer
Sherlock Holmes reveals your IP, specs on your system
easy to find your location based on your IP
before even analysing the content of your unencrypted messages
Download and install the package.
Start the TOR browser, click Connect.
Use *only* the TOR browser
Use HTTPS (enabled by default)
Use bridges and/or find company
Don't enable or install browser plugins
Don't open documents through TOR while online
Explore the Deep, Dark, Mysterious Net.
Host your own hidden services on a virtual machine.
Host your own torrents while you're at it, too.
Mac: Finder -> Applications -> Utilities -> Terminal
Linux: Browse to your Terminal application
(you probably already know where it is)
Windows: Install and use Cygwin
or partition your hard drive and dual boot to Linux
Linux Installfest @ PhreakNIC, Halloween weekend at the Maxwell House Hotel in Nashville.
A short introduction on the Web.
The man(ual) pages.
In the Beginning Was the Command Line by Neal Stephenson.
Mac: GPG Tools
gpg --version sudo apt-get install gnupg
--edit-key 12345678 adduid
gpg --armor --output mykeyname.asc --export
gpg --import pubkeyfile.asc
gpg --keyserver http://www.KeyServerUrl.com --keyserver-options honor-http-proxy --search-keys Email@Address.com
user@desktop$ cp -r ~/.gnupg /media/jumpdrive/ user@laptop$ cp -r /media/jumpdrive/.gnupg ~/
gpg --encrypt commies.list > commies.list.gpg gpg --decrypt pink.list > pink.list
Evolution Mail: Edit -> Preferences -> Accounts -> Security Tab -> Key ID
gpg --output revoke.asc --gen-revoke 12345678
No one else can read your instant messages.
You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are checkable by a third party.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
sudo apt-get install pidgin sudo apt-get install pidgin-otr
Enable OTR plugin & generate key.
All software is configured to connect to the Internet through Tor. If an application tries to connect to the Internet directly, the connection is automatically blocked.
Use Anywhere, Leave No Trace
"Amnesic" because the only storage space it uses is the RAM on your computer, which is automatically erased when the computer shuts down.
LUKS, Linux standard for disk encryption
encrypt and sign emails, documents with OpenPGP
protect IMs with OTR
securely delete files with Nautilus Wipe
Download and verify the Tails signing key.
Burn the ISO image to a disc.
Boot your computer from the disc.