Professional Documents
Culture Documents
, the FBI served a subpoena (with a gag order) for the services SSL keys. Having
the SSL keys would allow them to access communications (both metadata and unencr
ypted content) in real time for all of Lavabits customers, not just Snowden s.
Ultimately, Levison turned over the SSL keys and shut down the service at the sa
me time. The US government then threatened Levison with arrest, saying that shut
ting down the service was a violation of the court order.
Key disclosure law - Who is required to hand over the encryption keys to authori
ties?
Mandatory key disclosure laws require individuals to turn over encryption keys t
o law enforcement conducting a criminal investigation. How these laws are implem
ented (who may be legally compelled to assist) vary from nation to nation, but a
warrant is generally required. Defenses against key disclosure laws include ste
ganography and encrypting data in a way that provides plausible deniability.
Steganography involves hiding sensitive information (which may be encrypted) ins
ide of ordinary data (for example, encrypting an image file and then hiding it i
n an audio file). With plausible deniability, data is encrypted in a way that pr
events an adversary from being able to prove that the information they are after
exists (for example, one password may decrypt benign data and another password,
used on the same file, could decrypt sensitive data).
Related Information
Avoid all US and UK based services
Proof that warrant canaries work based on the surespot example.
http://en.wikipedia.org/wiki/UKUSA_Agreement
http://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_order
https://en.wikipedia.org/wiki/Key_disclosure_law
http://en.wikipedia.org/wiki/Portal:Mass_surveillance
VPN providers with extra layers of privacy
All providers listed here are outside the US, use encryption, accept Bitcoin, su
pport OpenVPN and have a no logging policy.
Sortable VPN Providers Table
Yearly Price
Free Trial
# Servers
Jurisdiction
Website
54
Yes
162
Italy AirVPN.org
45
No
5
Sweden AzireVPN.com
99
No
27
Hong Kong
blackVPN.com
$ 52
Yes
18
Iceland
Cryptostorm.is
$ 33
No
6
Seychelles
Doublehop.me
39,99 No
432
Northern Cyprus
EarthVPN.com
$ 36
No
27
Sweden FrootVPN.com
$ 65
Yes
88
Malaysia
hide.me
$ 100 Yes
21
Gibraltar
IVPN.net
60
Yes
23
Sweden Mullvad.net
$ 48
Yes
475
Panama NordVPN.com
84
Yes
24
Sweden oVPN.se
150 No
41
Panama Perfect-Privacy.com
$ 90
No
300
Seychelles
Proxy.sh
$ 35.88 Yes
48
Seychelles
Trust.Zone
$ 39.99 No
122
Hong Kong
VPN.ht
35,88 No
80
Sweden VPNTunnel.com
Note: Using a VPN provider will not make you anonymous. But it will give you a b
etter privacy. A VPN is not a tool for illegal activities. Don t rely on a "no l
og" policy.
Our VPN Provider Criteria
Operating outside the USA or other Five Eyes countries.
More: Avoid all US and UK based services.
OpenVPN software support.
Browser Bundle
Browser is your choice if you need an extra layer of anonymity. It s a modif
version of Firefox, it comes with pre-installed privacy add-ons, encryption
an advanced proxy.
Download: www.torproject.org
OS: Windows, Mac, Linux, iOS, Android, OpenBSD.
working. Some sites will not work properly until you have configured the add-on
s.
Stop cross-site requests with uMatrix
uMatrix
Many websites integrate features which let other websites track you, such as Fac
ebook Like Buttons or Google Analytics. uMatrix gives you control over the reque
sts that websites make to other websites. This gives you greater and more fine g
rained control over the information that you leak online.
https://addons.mozilla.org/firefox/addon/umatrix/
Be in total control with "NoScript Security Suite"
NoScript
Highly customizable plugin to selectively allow Javascript, Java, and Flash to r
un only on websites you trust. Not for casual users, it requires technical knowl
edge to configure.
https://addons.mozilla.org/firefox/addon/noscript/
Content control with "Policeman"
Policeman
This addon has purpose similar to RequestPolicy and NoScript. It s different fro
m the former in that it supports rules based on content type. For example, you c
an allow images and styles, but not scripts and frames for some sites. It can al
so be set up to act as a blacklist.
https://addons.mozilla.org/firefox/addon/policeman/
Firefox: Privacy Related "about:config" Tweaks
This is a collection of privacy related about:config tweaks. We ll show you how
to enhance the privacy of your Firefox browser.
Preparation:
Enter "about:config" in the firefox address bar and press enter.
Press the button "I ll be careful, I promise!"
Follow the instructions below...
Getting started:
privacy.trackingprotection.enabled = true
This is Mozillas new built in tracking protection.
geo.enabled = false
Disables geolocation.
browser.safebrowsing.enabled = false
Disable Google Safe Browsing and phishing protection. Security risk, but privacy
improvement.
browser.safebrowsing.malware.enabled = false
Disable Google Safe Browsing malware checks. Security risk, but privacy improvem
ent.
dom.event.clipboardevents.enabled = false
Disable that websites can get notifications if you copy, paste, or cut something
from a web page, and it lets them know which part of the page had been selected
.
network.cookie.cookieBehavior = 1
Disable cookies
0 = Accept all cookies by default
1 = Only accept from the originating site (block third party cookies)
2 = Block all cookies by default
network.cookie.lifetimePolicy = 2
cookies are deleted at the end of the session
0 = Accept cookies normally
1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days
browser.cache.offline.enable = false
Disables offline cache.
browser.send_pings = false
The attribute would be useful for letting websites track visitors clicks.
webgl.disabled = true
WebGL is a potential security risk. Source
dom.battery.enabled = false
Website owners can track the battery status of your device. Source
browser.sessionstore.max_tabs_undo = 0
Even with Firefox set to not remember history, your closed tabs are stored tempo
rarily at Menu -> History -> Recently Closed Tabs.
Related Information
ffprofile.com - Helps you to create a Firefox profile with the defaults you like
.
mozillazine.org - Security and privacy-related preferences.
user.js Firefox hardening stuff - This is a user.js configuration file for Mozil
la Firefox that s supposed to harden Firefox s settings and make it more secure.
Privacy Settings - A Firefox addon to alter built-in privacy settings easily wit
h a toolbar panel.
Privacy-Conscious Email Providers - No Affiliates
All providers listed here are operating outside the US and support SMTP TLS. The
table is sortable. Never trust any company with your privacy, always encrypt.
Email Service
Own Domain
Since
Bitcoin Encryption
OpenMailBox.org 2013
No
France 1 GB
Free
Accepted
ProtonMail.ch
Yes
2013
Switzerland
500 MB Free
Accepted
Tutanota.com
Yes
2011
Germany
1 GB
No
Mailfence.com
Yes
2013
Belgium
200 MB Free
Accepted
Built-in
mailbox.org
Yes
2014
Germany
2 GB
12
Accepted
Built-in
Posteo.de
No
2009
Germany
2 GB
12
No
Built-in
Runbox.com
1999
Norway 1 GB
$ 19.95 No
No
Yes
Neomailbox.com 2003
Yes
Switzerland
1 GB
CounterMail.com 2010
Yes
Sweden 500 MB $ 59
Accepted
Built-in
StartMail.com
No
2014
Netherlands
10 GB
$ 59.95 No
Built-in
KolabNow.com
Yes
2010
Switzerland
2 GB
$ 60
Free
Built-in
Built-in
Built-in
$ 49.95 Accepted
Built-in
Accepted
No
CryptoHeaven.com
2001
Canada 200 MB $ 66
No
Built-in
Yes
Interesting Email Providers Under Development
Confidant Mail - An open-source non-SMTP cryptographic email system optimized fo
a "Star System" to rank its results by awarding one star for every result that h
as been returned from a search engine. Based in the USA and the Netherlands.
Google search link fix - Firefox extension that prevents Google, Yahoo and Yande
x search pages from modifying search result links when you click them. This is u
seful when copying links but it also helps privacy by preventing the search engi
nes from recording your clicks. (Open Source)
Encrypted Instant Messenger
If you are currently using an Instant Messenger like WhatsApp, Viber, LINE or Th
reema you should pick an alternative here.
Mobile: Signal
Open Whisper SystemsSignal is a mobile app developed by Open Whisper Systems. Th
e app provides end-to-end encrypted instant messaging. Signal is free and open s
ource, enabling anyone to verify its security by auditing the code. Encrypted gr
oup chats are also supported. The development team is supported by community don
ations and grants. There are no advertisements, and it doesn t cost anything to
use.
Android: google.com iOS: apple.com
OS: Android, iOS.
Desktop: Ricochet
Ricochet uses the Tor network to reach your contacts without relying on messagi
ng servers. It creates a hidden service, which is used to rendezvous with your c
ontacts without revealing your location or IP address. Instead of a username, yo
u get a unique address that looks like ricochet:rs7ce36jsj24ogfw. Other Ricochet
users can use this address to send a contact request - asking to be added to yo
ur contacts list.
Download: www.ricochet.im
OS: Windows, Mac, Linux.
Off-the-Record: ChatSecure
ChatSecure is a free and open source messaging app that features OTR encryption
over XMPP. You can connect to your existing account on Google, create new accoun
ts on public XMPP servers (including via Tor), or even connect to your own serve
r for extra security. ChatSecure only uses well-known open source cryptographic
libraries to keep your conversations private.
Download: www.chatsecure.org
OS: iOS, Android, other OTR Clients.
Worth Mentioning
Cryptocat - Encrypted open source messenger. Supports file sharing and multiple
devices. Available for Windows, Linux and Mac.
Kontalk - A community-driven instant messaging network. Supports end-to-end encr
yption. Both client-to-server and server-to-server channels are fully encrypted.
Conversations - An open source Jabber/XMPP client for Android 4.0+ smart phones.
Supports end-to-end encryption with either OTR or openPGP.
Related Information
Ricochet, the Messenger That Beats Metadata, Passes Security Audit | Motherboard
Secure Messaging Scorecard | Electronic Frontier Foundation
Which apps and tools actually keep your messages safe?
Chatting in Secret While We re All Being Watched - firstlook.org
Encrypted Video & Voice Messenger
If you are currently using an Video & Voice Messenger like Skype, Viber or Googl
e Hangouts you should pick an alternative here.
Signal for Mobile
SyncanySyncany allows users to backup and share certain folders of their worksta
tions using any kind of storage. Syncany is open-source and provides data encryp
tion and incredible flexibility in terms of storage type and provider. Files are
encrypted before uploading.
Website: syncany.org
OS: Windows, Mac, Linux.
Syncthing
SyncthingSyncthing replaces proprietary sync and cloud services with something o
pen, trustworthy and decentralized. Your data is your data alone and you deserve
to choose where it is stored, if it is shared with some third party and how it
s transmitted over the Internet.
Website: syncthing.net
OS: Windows, Mac, Linux, Android, BSD, Solaris.
Worth Mentioning
git-annex - Allows managing files with git, without checking the file contents i
nto git. While that may seem paradoxical, it is useful when dealing with files l
arger than git can currently easily handle, whether due to limitations in memory
, time, or disk space.
Password Manager Software
If you are currently using a password manager software like 1Password, LastPass,
Roboform or iCloud Keychain you should pick an alternative here.
Master Password - Cross-platform
Master PasswordMaster Password is based on an ingenious password generation algo
rithm that guarantees your passwords can never be lost. Its passwords aren t sto
red: they are generated on-demand from your name, the site and your master passw
ord. No syncing, backups or internet access needed.
Website: masterpasswordapp.com
OS: Windows, Mac, Linux, iOS, Android, Web.
KeePass / KeePassX - Local
KeePassKeePass is a free open source password manager, which helps you to manage
your passwords in a secure way. All passwords in one database, which is locked
with one master key or a key file. The databases are encrypted using the best an
d most secure encryption algorithms currently known: AES and Twofish. See also:
KeePassX.
Website: keepass.info
OS: Windows, Mac, Linux, iOS, Android, BSD.
Encryptr - Cloud Based
EncryptrEncryptr is simple and easy to use. It stores your sensitive data like p
asswords, credit card data, PINs, or access codes, in the cloud. However, becaus
e it was built on the zero knowledge Crypton framework, Encryptr ensures that on
ly the user has the ability to access or read the confidential information.
Website: spideroak.com
OS: Windows, Mac, Linux, Android.
Worth Mentioning
Secure Password Generator - generates a unique set of custom, high quality, cryp
secure your most sensitive files. For Windows, Mac, Linux and Android.
DiskCryptor - A full disk and partition encryption system for Windows including
the ability to encrypt the partition and disk on which the OS is installed.
Self-contained Networks
If you are currently browsing the Clearnet and you want to access the Dark web t
his section is for you.
I2P Anonymous Network
I2PThe Invisible Internet Project (I2P) is a computer network layer that allows
applications to send messages to each other pseudonymously and securely. Uses in
clude anonymous Web surfing, chatting, blogging and file transfers. The software
that implements this layer is called an I2P router and a computer running I2P i
s called an I2P node. The software is free and open source and is published unde
r multiple licenses.
Website: geti2p.net
OS: Windows, Mac, Linux, Android, F-Droid.
GNUnet Framework
GNUnetGNUnet is a free software framework for decentralized, peer-to-peer networ
king and an official GNU package. The framework offers link encryption, peer dis
covery, resource allocation, communication over many transports (such as tcp, ud
p, http, https, wlan and bluetooth) and various basic peer-to-peer algorithms fo
r routing, multicast and network size estimation.
Website: gnunet.org
OS: GNU/Linux, FreeBSD, NetBSD, OpenBSD, Mac, Windows.
The Freenet Project
FreenetFreenet is a peer-to-peer platform for censorship-resistant communication
. It uses a decentralized distributed data store to keep and deliver information
, and has a suite of free software for publishing and communicating on the Web w
ithout fear of censorship. Both Freenet and some of its associated tools were or
iginally designed by Ian Clarke, who defined Freenet s goal as providing freedom
of speech on the Internet with strong anonymity protection.
Website: freenetproject.org
OS: Windows, Mac, Linux.
Worth Mentioning
Tor Project - Provides anonymity to websites and other servers. Servers configur
ed to receive connections only through Tor are called hidden services.
RetroShare - Open Source cross-platform, Friend-2-Friend and secure decentralise
d communication platform.
Decentralized Social Networks
If you are currently using Social Networks like Facebook, Twitter or Google+ you
should pick an alternative here.
diaspora*
diaspora* diaspora* is based on three key philosophies: Decentralization, freedo
m and privacy. It is intended to address privacy concerns related to centralized
social networks by allowing users set up their own server (or "pod") to host co
ntent; pods can then interact to share status updates, photographs, and other so
cial data.
Website: diasporafoundation.org
Friendica
FriendicaFriendica has an emphasis on extensive privacy settings and easy server
rity for desktop computing. Qubes is based on Xen, the X Window System, and Linu
x, and can run most Linux applications and utilize most of the Linux drivers.
Website: qubes-os.org
Warning
Don t use Windows 10 - It s a privacy nightmare
Worth Mentioning
OpenBSD - A project that produces a free, multi-platform 4.4BSD-based UNIX-like
operating system. Emphasizes portability, standardization, correctness, proactiv
e security and integrated cryptography.
Arch Linux - A simple, lightweight Linux distribution. It is composed predominan
tly of free and open-source software, and supports community involvement. Parabo
la is a completely open source version of Arch Linux.
Whonix - A Debian GNU/Linux based security-focused Linux distribution. It aims t
o provide privacy, security and anonymity on the internet. The operating system
consists of two virtual machines, a "Workstation" and a Tor "Gateway". All commu
nication are forced through the Tor network to accomplish this..
Live CD Operating Systems
Tails
TailsTails is a live operating system, that starts on almost any computer from a
DVD, USB stick, or SD card. It aims at preserving privacy and anonymity, and he
lps to: Use the Internet anonymously and circumvent censorship; Internet connect
ions go through the Tor network; leave no trace on the computer; use state-of-th
e-art cryptographic tools to encrypt files, emails and instant messaging.
Website: tails.boum.org
KNOPPIX
KNOPPIXKnoppix is an operating system based on Debian designed to be run directl
y from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first of
its kind for any operating system. When starting a program, it is loaded from t
he removable medium and decompressed into a RAM drive. The decompression is tran
sparent and on-the-fly.
Website: knopper.net
Puppy Linux
Puppy LinuxPuppy Linux operating system is a lightweight Linux distribution that
focuses on ease of use and minimal memory footprint. The entire system can be r
un from RAM with current versions generally taking up about 210 MB, allowing the
boot medium to be removed after the operating system has started.
Website: puppylinux.org
Worth Mentioning
Tiny Core Linux - A minimal Linux operating system focusing on providing a base
system using BusyBox and FLTK. The distribution is notable for its size (15 MB)
and minimalism, with additional functionality provided by extensions.
Mobile Operating Systems
CyanogenMod
CyanogenModCyanogenMod is an open-source operating system for smartphones and ta
blets, based on Android. It is developed as free and open source software based
on the official releases of Android by Google.
Website: cyanogenmod.org
Firefox OS
Firefox OSFirefox OS is a Linux kernel-based open-source operating system for sm
artphones and tablet computers and is set to be used on smart TVs. It is being d
eveloped by Mozilla.
Website: mozilla.org
Ubuntu Touch
Ubuntu TouchUbuntu Touch is a mobile version of the Ubuntu operating system deve
loped by Canonical UK Ltd and Ubuntu Community. It is designed primarily for tou
chscreen mobile devices such as smartphones and tablet computers.
Website: ubuntu.com
Worth Mentioning
Replicant - A free and open-source operating system based on the Android, which
aims to replace all proprietary Android components with their free software coun
terparts.
Copperhead - Another free and open-source mobile OS based on Linux. Currently on
ly supports a few devices, all in the Nexus line.
OmniROM - OmniROM was created in response to the perceived commercialization of
CyanogenMod. The directors of Cyanogen Inc. refuse to make signature spoofing a
default feature of Cyanogen OS, making it harder to stay anonymous, and in parti
cular to hide your identity from Google. OmniROM has signature spoofing enabled
as a default feature. It supports more devices than Copperhead, but fewer than C
yanogenMod.
Open Source Router Firmware
OpenWrt
OpenWrtOpenWrt is an operating system (in particular, an embedded operating syst
em) based on the Linux kernel, primarily used on embedded devices to route netwo
rk traffic. The main components are the Linux kernel, util-linux, uClibc and Bus
yBox. All components have been optimized for size, to be small enough for fittin
g into the limited storage and memory available in home routers.
Website: openwrt.org
pfSense
pfSensepfSense is an open source firewall/router computer software distribution
based on FreeBSD. It is installed on a computer to make a dedicated firewall/rou
ter for a network and is noted for its reliability and offering features often o
nly found in expensive commercial firewalls. pfSense is commonly deployed as a p
erimeter firewall, router, wireless access point, DHCP server, DNS server, and a
s a VPN endpoint.
Website: pfsense.org
LibreWRT
LibreWRTLibreWRT is a GNU/Linux-libre distribution for computers with minimal re
sources, such as the Ben Nanonote, ath9k based wifi routers, and other hardware
that respects your freedom with emphasis on free software. It is used by the Fre
e Software Foundation on their access point and router which provides network co
nnectivity to portable computers in their office.
Website: librewrt.org
Worth Mentioning
OpenBSD - A project that produces a free, multi-platform 4.4BSD-based UNIX-like
operating system. Emphasizes portability, standardization, correctness, proactiv
e security and integrated cryptography.
DD-WRT - A is Linux-based firmware for wireless routers and wireless access poin
ts. It is compatible with several models of routers and access points.
Don t use Windows 10 - It s a privacy nightmare
Microsoft introduced a lot of new features in Windows 10 such as Cortana. Howeve