Communicating With Others: Want A Security Starter Pack? - Surveillance Sel..

Want a security starter pack? | Surveillance Sel...
https://ssd.e.org/en/playlist/want-security-start...
(/en)
1. An Introduction to
Threat Modeling
(/en/playlist
/want-securitystarterpack#introductionthreat-modeling)
2. Communicating
with Others
(/en/playlist
/want-securitystarterpack#communicatingothers)
Communicating with Others
Telecommunication networks and the Internet have made communicating

3. Creating Strong
with people easier than ever, but have also made surveillance more
prevalent
Passwords
(/en/playlist
than it has ever been in human history. Without taking extra steps to protect
/want-securitystarteryour privacy, every phone call, text message, email, instant message,
pack#creatingvoice over IP (VoIP (/en/glossary/voice-over-ip-voip)) call, video
chat, and
strong-passwords)
social media message may be vulnerable to eavesdroppers. 4. What Is
Encryption?
Often the safest way to communicate with others is in person, (/en/playlist

without
/want-securitycomputers or phones being involved at all. Because this isnt always
starter-possible,
pack#whatthe next best thing is to use end-to-end encryption (/en/glossary/end-endencryption)
encryption) while communicating over a network if you need to protect the
5. Keeping Your Data
content of your communications.
Safe (/en/playlist
/want-securitystarterpack#keepingyour-data-safe)
6. Protecting Yourself
on Social
How Does End-to-End Encryption Work?
Networks
When two people want to communicate securely (for example,(/en/playlist

Akiko and
/want-securityBoris) they must each generate crypto keys. Before Akiko sendsstartera message to
pack#protectingBoris she encrypts it to Boris's key (/en/glossary/key) so thatyourself-socialonly Boris can
networks)
decrypt (/en/glossary/decrypt) it. Then she sends the already-encrypted
7. Choosing
message across the Internet. If anyone is eavesdropping on Akiko
and Your
Tools (/en/playlist
Boriseven if they have access to the service that Akiko is using
to send this
/want-securitystartermessage (such as her email account)they will only see the encrypted
data
pack#choosingyour-tools)
and will be unable read the message. When Boris receives it, he must use his
key to decrypt it into a readable message.
1 din 6
10.11.2014 21:50
End-to-end encryption involves some effort, but it's the only way that users
can verify the security of their communications without having to trust the
platform that they're both using. Some services, such as Skype, have claimed
(https://support.skype.com/en/faq/fa10983/what-are-p2p-communications)
to offer end-to-end encryption when it appears that they actually don't. For
end-to-end encryption to be secure, users must be able to verify that the
crypto key they're encrypting messages to belongs to the people they believe
they do. If communications software doesn't have this ability built-in, then any
encryption (/en/glossary/encryption) that it might be using can be
intercepted by the service provider itself, for instance if a government
compels
to
1. An Introduction
Threat
Modeling
it to.
(/en/playlist
/want-securityYou can read Freedom of the Press Foundation's whitepaper, Encryption
Works
starterpack#introduction(https://pressfreedomfoundation.org/encryption-works) for detailed
threat-modeling)
instructions on using end-to-end encryption to protect instant messages and

2. Communicating
email. Be sure to check out the following SSD modules as well:with Others
(/en/playlist
/want-securityAn Introduction to Public Key Cryptography and PGP (/en/module

starter/introduction-public-key-cryptography-and-pgp)
pack#communicatingothers)
How to: Use OTR for Windows (/en/module/how-use-otr-windows)
3. Creating Strong
How to: Use OTR for Mac (/en/module/how-use-otr-mac)
Passwords
(/en/playlist
/want-securitystarterpack#creatingstrong-passwords)
Voice Calls
4. What Is
Encryption?
When you make a call from a landline or a mobile phone, your call
is not
(/en/playlist
end-to-end encrypted. If you're using a mobile phone, your call/want-securitymay be
starter(weakly) encrypted between your handset and the cell phone towers.
However
pack#whatencryption) to
as your conversation travels through the phone network, it's vulnerable
interception by your phone company and, by extension, any governments
or
Safe (/en/playlist
organizations that have power over your phone company. The easiest
way to
/want-securitystarterensure you have end-to-end encryption on voice conversationspack#keepingis to use VoIP
your-data-safe)
instead.
on Social
Beware! Most popular VoIP providers, such as Skype and
Google
Networks
(/en/playlist
Hangouts, offer transport encryption (/en/glossary/transport/want-securityencryption) so that eavesdroppers cannot listen in, but
the
starterpack#protectingproviders themselves are still potentially able to listenyourself-socialin .
networks)
Depending on your threat model (/en/glossary/threat-model),
this may or may not be a problem.

Some services that offer end-to-end encrypted VoIP calls
7. Choosing Your
Tools (/en/playlist
/want-securitystarterinclude:
Ostel (https://ostel.co/)
RedPhone (/en/module/how-use-redphone-android)
2 din 6
10.11.2014 21:50
Silent Phone (https://silentcircle.com/services#mobile)

Signal (/en/module/how-use-signal-%E2%80%93-private-messenger)
In order to have end-to-end encrypted VoIP conversations, both parties must
be using the same (or compatible) software.
Text Messages
Standard text messages do not offer end-to-end encryption. For end-to-end
encryption capabilities on your Android, you can install TextSecure
Threat Modeling
(/en/playlist
(https://whispersystems.org/#privacy). As with VoIP, in order to
have
/want-securityencrypted text messages both parties must be using TextSecure.
starter-
pack#introduction-
threat-modeling)
If you want to use encrypted text messages with a variety of people
using
Communicating
different types of phones, you may consider using encrypted2.instant
message
with Others
software over the Internet instead of text messages.
(/en/playlist
3. Creating Strong
Passwords
(/en/playlist
/want-securityOff-the-Record (OTR (/en/glossary/record-otr)) is an end-to-end
encryption
starterpack#creatingprotocol (/en/glossary/protocol) for real-time text conversations
that can be
strong-passwords)
Instant Messages
used on top of a variety of services.
4. What Is
Encryption?
Some tools that incorporate OTR with instant messaging include:
(/en/playlist
Pidgin (/en/module/how-use-otr-windows) (for Windows/want-securityor Linux)
starterpack#whatAdium (/en/module/how-use-otr-mac) (for OS X)
encryption)
ChatSecure (/en/module/how-install-and-use-chatsecure) (for iPhone

and Android)
Safe (/en/playlist
Email
on Social
Networks
Most email providers give you a way of accessing your email using
a web
(/en/playlist
/want-securitybrowser (/en/glossary/web-browser), such as Firefox or Chrome.
Of these
starterpack#protectingproviders, most of them provide support for HTTPS (/en/glossary/https),
or
yourself-socialYou can tell
transport-layer encryption (/en/glossary/transport-encryption).
networks)
that your email provider supports HTTPS if you log in to your webmail
Your the
7. Choosing and
Tools
(/en/playlist
URL at the top of your browser begins with the letters HTTPS instead of HTTP
/want-security(for example: https://mail.google.com (https://mail.google.com)).
starterpack#choosing-
your-tools)
If your email provider supports HTTPS, but does not do so by default,
try
replacing HTTP with HTTPS in the URL and refresh the page. If youd like to
3 din 6
10.11.2014 21:50
make sure that you are always using HTTPS on sites where it is available,
download the HTTPS Everywhere (https://www.eff.org/https-everywhere)
browser add-on for Firefox or Chrome.
Some webmail providers that use HTTPS by default include:
Gmail
Riseup
Yahoo
Some webmail providers that give you the option of choosing to use HTTPS by
default by selecting it in your settings. The most popular service that still does
this is Hotmail.
Threat Modeling
(/en/playlist
/want-securityWhat does transport-layer encryption do and why might you need

it? HTTPS,
starteralso referred to as SSL or TLS, encrypts your communications so
that it cannot
pack#introductionthreat-modeling)
be read by other people on your network. This can include the other people
2. Communicating
using the same Wi-Fi in an airport or at a caf, the other people
at your office
with Others
(/en/playlist or
or school, the administrators at your ISP, malicious hackers, governments,
/want-securitylaw enforcement officials. Communications sent over your webstarterbrowser,
pack#communicatingincluding the web pages that you visit and the content of your others)
emails, blog
posts, and messages, using HTTP rather than HTTPS are trivial for an attacker
3. Creating Strong
Passwords
to intercept and read.
(/en/playlist
/want-securityHTTPS is the most basic level of encryption for your web browsing
that we
starterrecommend for everybody. It is as basic as putting on your seatpack#creatingbelt when you
strong-passwords)
drive.
4. What Is
Encryption?
But there are some things that HTTPS does not do. When you send
email using
(/en/playlist
HTTPS, your email provider still gets an unencrypted copy of your
/want-securitystartercommunication. Governments and law enforcement may be able
to access this
pack#whatdata with a warrant. In the United States, most email providersencryption)
have a policy
Your Data
5. Keeping
that says they will tell you when you have received a government
request
for
Safe (/en/playlist
your user data as long as they are legally allowed to do so, but /want-securitythese policies
starterare strictly voluntary, and in many cases providers are legally prevented
from
pack#keepingyour-data-safe)
informing their users of requests for data. Some email providers, such as
Yourself
6. Protecting
Google, Yahoo, and Microsoft, publish transparency reports, detailing
the
on Social
number of government requests for user data they receive, which
countries
Networks
(/en/playlist
make the requests, and how often the company has complied by turning over
/want-securitystarterdata.
pack#protectingyourself-socialnetworks)
enforcement,
or
If your threat model includes a government or law

Your
7. Choosing
you have some other reason for wanting to make sure
that your
Tools (/en/playlist
email provider is not able to turn over the contents of/want-securityyour email
startercommunications to a third party, you may want to consider
using
end-to-end encryption for your email communications.
4 din 6
10.11.2014 21:50
PGP (/en/glossary/pgp) (or Pretty Good Privacy (/en/glossary/pgp)) is the

standard for end-to-end encryption of your email. Used correctly, it offers very
strong protections for your communications. For detailed instructions on how
to install and use PGP encryption for your email, see:
How to: Use PGP for Mac OS X (/en/module/how-use-pgp-mac-os-x)
How to: Use PGP for Windows (/en/module/how-use-pgp-windows-pc)
How to: Use PGP for Linux (/en/module/how-use-pgp-linux)
Threat Modeling
(/en/playlist
/want-securityEnd-to-end encryption only protects the content of your communication,
not
starterpack#introductionthe fact of the communication itself. It does not protect your metadata
threat-modeling)
What End-To-End Encryption Does Not Do
(/en/glossary/metadata)which is everything else, including2.the

subject line
Communicating
with
Others
of your email, or who you are communicating with and when.
(/en/playlist
/want-securitystarterMetadata can provide extremely revealing information
about you
pack#communicatingothers)
even when the content of your communication remains
secret.
Metadata about your phone calls can

sensitive information. For example:
3. Creating Strong
Passwords
(/en/playlist
give away some very intimate
and
service at 2:24 am and spoke
for 18
They know you rang a phone sex

4. What Is
minutes, but they don't know what you talked about.
Encryption?
They know you called the suicide prevention hotline from the
Golden Gate
(/en/playlist
/want-securityBridge, but the topic of the call remains a secret.
starterpack#whatThey know you spoke with an HIV testing service, then your
doctor, then
encryption)
your health insurance company in the same hour, but they don't know
what was discussed.
Safe (/en/playlist
/want-securityThey know you received a call from the local NRA office while
it was
starterhaving a campaign against gun legislation, and then calledpack#keepingyour senators
your-data-safe)
and congressional representatives immediately after, but the content of
those calls remains safe from government intrusion.
on Social
They know you called a gynecologist, spoke for a half hour,Networks
and then called
(/en/playlist
the local Planned Parenthood's number later that day, but /want-securitynobody knows
starterwhat you spoke about.
pack#protectingyourself-socialIf you are calling from a cell phone, information about your location
is
networks)
metadata. In 2009, Green Party politician Malte Spitz sued Deutsche Telekom
7. Choosing Your
to force them to hand over six months of Spitzs phone data, which
he made
Tools (/en/playlist
/want-securityavailable to a German newspaper. The resulting visualization starterpack#choosing(http://www.zeit.de/datenschutz/malte-spitz-data-retention/)
showed a
your-tools)
detailed history of Spitzs movements.
5 din 6
10.11.2014 21:50
Protecting your metadata will require you to use other tools, such as Tor
(/en/module/how-use-tor-windows#overlay=en/node/57/), at the same time
as end-to-end encryption.
For an example of how Tor and HTTPS work together to protect the contents of
your communications and your metadata from a variety of potential attackers,
you may wish to take a look at this explanation (https://www.eff.org/pages
/tor-and-https).
Threat Modeling
(/en/playlist
A PROJECT OF THE ELECTRONIC FRONTIER FOUNDATION (HTTPS://WWW.EFF.ORG/)
ABOUT
(/EN/ABOUT/want-securitystarterSURVEILLANCE-SELF-DEFENSE)
CREDITS (/EN/CREDITS)
PRIVACY (HTTPS://WWW.EFF.ORG/POLICY)
pack#introductionthreat-modeling)
(https://www.eff.org/copyright)
2. Communicating
with Others
(/en/playlist
3. Creating Strong
Passwords
(/en/playlist
4. What Is
Encryption?
(/en/playlist
/want-securitystarterpack#whatencryption)
Safe (/en/playlist
on Social
Networks
(/en/playlist
/want-securitystarterpack#protectingyourself-socialnetworks)
7. Choosing Your
Tools (/en/playlist
/want-securitystarterpack#choosingyour-tools)
6 din 6
10.11.2014 21:50

Communicating With Others: Want A Security Starter Pack? - Surveillance Sel..

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Communicating With Others: Want A Security Starter Pack? - Surveillance Sel..

Hochgeladen von

Copyright:

Verfügbare Formate

Want a security starter pack? | Surveillance Sel...