Beruflich Dokumente
Kultur Dokumente
https://ssd.e.org/en/playlist/want-security-start...
(/en)
1. An Introduction to
Threat Modeling
(/en/playlist
/want-securitystarterpack#introductionthreat-modeling)
2. Communicating
with Others
(/en/playlist
/want-securitystarterpack#communicatingothers)
6. Protecting Yourself
on Social
How Does End-to-End Encryption Work?
Networks
1 din 6
10.11.2014 21:50
https://ssd.e.org/en/playlist/want-security-start...
End-to-end encryption involves some effort, but it's the only way that users
can verify the security of their communications without having to trust the
platform that they're both using. Some services, such as Skype, have claimed
(https://support.skype.com/en/faq/fa10983/what-are-p2p-communications)
to offer end-to-end encryption when it appears that they actually don't. For
end-to-end encryption to be secure, users must be able to verify that the
crypto key they're encrypting messages to belongs to the people they believe
they do. If communications software doesn't have this ability built-in, then any
encryption (/en/glossary/encryption) that it might be using can be
intercepted by the service provider itself, for instance if a government
compels
to
1. An Introduction
Threat
Modeling
it to.
(/en/playlist
/want-securityYou can read Freedom of the Press Foundation's whitepaper, Encryption
Works
starterpack#introduction(https://pressfreedomfoundation.org/encryption-works) for detailed
threat-modeling)
Voice Calls
4. What Is
Encryption?
When you make a call from a landline or a mobile phone, your call
is not
(/en/playlist
end-to-end encrypted. If you're using a mobile phone, your call/want-securitymay be
starter(weakly) encrypted between your handset and the cell phone towers.
However
pack#whatencryption) to
as your conversation travels through the phone network, it's vulnerable
5. Keeping Your Data
interception by your phone company and, by extension, any governments
or
Safe (/en/playlist
organizations that have power over your phone company. The easiest
way to
/want-securitystarterensure you have end-to-end encryption on voice conversationspack#keepingis to use VoIP
your-data-safe)
instead.
6. Protecting Yourself
on Social
Beware! Most popular VoIP providers, such as Skype and
Google
Networks
(/en/playlist
Hangouts, offer transport encryption (/en/glossary/transport/want-securityencryption) so that eavesdroppers cannot listen in, but
the
starterpack#protectingproviders themselves are still potentially able to listenyourself-socialin .
networks)
Depending on your threat model (/en/glossary/threat-model),
7. Choosing Your
Tools (/en/playlist
/want-securitystarterinclude:
pack#choosingyour-tools)
Ostel (https://ostel.co/)
RedPhone (/en/module/how-use-redphone-android)
2 din 6
10.11.2014 21:50
https://ssd.e.org/en/playlist/want-security-start...
Text Messages
Standard text messages do not offer end-to-end encryption. For end-to-end
1. An Introduction to
encryption capabilities on your Android, you can install TextSecure
Threat Modeling
(/en/playlist
(https://whispersystems.org/#privacy). As with VoIP, in order to
have
/want-securityencrypted text messages both parties must be using TextSecure.
starter-
pack#introduction-
threat-modeling)
If you want to use encrypted text messages with a variety of people
using
Communicating
different types of phones, you may consider using encrypted2.instant
message
with Others
software over the Internet instead of text messages.
(/en/playlist
/want-securitystarterpack#communicatingothers)
3. Creating Strong
Passwords
(/en/playlist
/want-securityOff-the-Record (OTR (/en/glossary/record-otr)) is an end-to-end
encryption
starterpack#creatingprotocol (/en/glossary/protocol) for real-time text conversations
that can be
strong-passwords)
Instant Messages
4. What Is
Encryption?
Some tools that incorporate OTR with instant messaging include:
(/en/playlist
Pidgin (/en/module/how-use-otr-windows) (for Windows/want-securityor Linux)
starterpack#whatAdium (/en/module/how-use-otr-mac) (for OS X)
encryption)
6. Protecting Yourself
on Social
Networks
Most email providers give you a way of accessing your email using
a web
(/en/playlist
/want-securitybrowser (/en/glossary/web-browser), such as Firefox or Chrome.
Of these
starterpack#protectingproviders, most of them provide support for HTTPS (/en/glossary/https),
or
yourself-socialYou can tell
transport-layer encryption (/en/glossary/transport-encryption).
networks)
that your email provider supports HTTPS if you log in to your webmail
Your the
7. Choosing and
Tools
(/en/playlist
URL at the top of your browser begins with the letters HTTPS instead of HTTP
/want-security(for example: https://mail.google.com (https://mail.google.com)).
starterpack#choosing-
your-tools)
If your email provider supports HTTPS, but does not do so by default,
try
replacing HTTP with HTTPS in the URL and refresh the page. If youd like to
3 din 6
10.11.2014 21:50
https://ssd.e.org/en/playlist/want-security-start...
make sure that you are always using HTTPS on sites where it is available,
download the HTTPS Everywhere (https://www.eff.org/https-everywhere)
browser add-on for Firefox or Chrome.
Some webmail providers that use HTTPS by default include:
Gmail
Riseup
Yahoo
Some webmail providers that give you the option of choosing to use HTTPS by
default by selecting it in your settings. The most popular service that still does
1. An Introduction to
this is Hotmail.
Threat Modeling
(/en/playlist
/want-securityHTTPS is the most basic level of encryption for your web browsing
that we
starterrecommend for everybody. It is as basic as putting on your seatpack#creatingbelt when you
strong-passwords)
drive.
4. What Is
Encryption?
But there are some things that HTTPS does not do. When you send
email using
(/en/playlist
HTTPS, your email provider still gets an unencrypted copy of your
/want-securitystartercommunication. Governments and law enforcement may be able
to access this
pack#whatdata with a warrant. In the United States, most email providersencryption)
have a policy
Your Data
5. Keeping
that says they will tell you when you have received a government
request
for
Safe (/en/playlist
your user data as long as they are legally allowed to do so, but /want-securitythese policies
starterare strictly voluntary, and in many cases providers are legally prevented
from
pack#keepingyour-data-safe)
informing their users of requests for data. Some email providers, such as
Yourself
6. Protecting
Google, Yahoo, and Microsoft, publish transparency reports, detailing
the
on Social
number of government requests for user data they receive, which
countries
Networks
(/en/playlist
make the requests, and how often the company has complied by turning over
/want-securitystarterdata.
pack#protectingyourself-socialnetworks)
enforcement,
or
4 din 6
10.11.2014 21:50
https://ssd.e.org/en/playlist/want-security-start...
1. An Introduction to
Threat Modeling
(/en/playlist
/want-securityEnd-to-end encryption only protects the content of your communication,
not
starterpack#introductionthe fact of the communication itself. It does not protect your metadata
threat-modeling)
(/en/playlist
/want-securitystarterMetadata can provide extremely revealing information
about you
pack#communicatingothers)
even when the content of your communication remains
secret.
3. Creating Strong
Passwords
(/en/playlist
give away some very intimate
and
/want-securitystarterpack#creatingstrong-passwords)
service at 2:24 am and spoke
for 18
5 din 6
10.11.2014 21:50
https://ssd.e.org/en/playlist/want-security-start...
Protecting your metadata will require you to use other tools, such as Tor
(/en/module/how-use-tor-windows#overlay=en/node/57/), at the same time
as end-to-end encryption.
For an example of how Tor and HTTPS work together to protect the contents of
your communications and your metadata from a variety of potential attackers,
you may wish to take a look at this explanation (https://www.eff.org/pages
/tor-and-https).
1. An Introduction to
Threat Modeling
(/en/playlist
A PROJECT OF THE ELECTRONIC FRONTIER FOUNDATION (HTTPS://WWW.EFF.ORG/)
ABOUT
(/EN/ABOUT/want-securitystarterSURVEILLANCE-SELF-DEFENSE)
CREDITS (/EN/CREDITS)
PRIVACY (HTTPS://WWW.EFF.ORG/POLICY)
pack#introductionthreat-modeling)
(https://www.eff.org/copyright)
2. Communicating
with Others
(/en/playlist
/want-securitystarterpack#communicatingothers)
3. Creating Strong
Passwords
(/en/playlist
/want-securitystarterpack#creatingstrong-passwords)
4. What Is
Encryption?
(/en/playlist
/want-securitystarterpack#whatencryption)
5. Keeping Your Data
Safe (/en/playlist
/want-securitystarterpack#keepingyour-data-safe)
6. Protecting Yourself
on Social
Networks
(/en/playlist
/want-securitystarterpack#protectingyourself-socialnetworks)
7. Choosing Your
Tools (/en/playlist
/want-securitystarterpack#choosingyour-tools)
6 din 6
10.11.2014 21:50