HO KK =J O<=G@JA>JIO@ION P @   P U =

?

?

=

P

?

E

? K

O

R



@ B = K  N  Diomj_p^odji 1  Oa_qnepuej)])^ktwas developed by the Tactical Technology Collective and Front in collaboration with: ,) Cjrojkmjo`^otjpm^jhkpo`m Coordination, writing & editing Wojtek Bogusz Dmitri Vitaliev  amjhh\gr\m`\i_c\^f`mn 9 Chris Walker  Viruses 10 Additional writing Cormac McGuire Benji Pereira Spyware 12

English proofreading Caroline Kraabel Firewalls 13 & copy editing Benji Pereira Keeping your sofware up-to-date 15 Lead tester Rosemary Warner Design Lynne Stuart -)Cjrojkmjo`^otjpmdiajmh\odji Curriculum development Pamela Teitelbaum Dmitri Vitaliev  amjhkctnd^\gocm`\on 21 Coordination of Louise Berthilson  Assessing your risks 21 localisation Alberto Escudero Pascual Protecting your information from Spanish team Translation Phol Edward Paucar Aguirre physical intruders 23 Editing Katitza Rodríguez Pereda Webmaster Angelin Venegas Ramírez Maintaining a healthy environment Localisation Diego Escalante Urrelo for your computer hardware 26 Proofreading Carlos Wertheman Creating your physical security policy 27 French Team Editing, translation & localisation Patrick Cadorette Translation & localisation Alexandre Guédon Proofreading Miriam Heap-Lalonde .)Cjroj^m`\o`\i_h\dio\di Editing Fabian Rodriguez  n`^pm`k\nnrjm_n 33 Russian Team  Selecting and maintaining secure passwords 33 Translation Emin Akhundov Translation Alexei Bebinov Remembering and recording secure passwords 35 Translation Alexander Lapidus Proofreading Ksenia Shiryaeva Editing, translation & localisation Sergei Smirnov /)Cjrojkmjo`^ooc`n`indodq`Ùg`n Arabic Team Editing, translation & localisation Ahmad Gharbeia  jitjpm^jhkpo`m 43 Editing Manal Hassan  Translation & localisation Khaled Hosny Encrypting your information 44 Translation Mahammad F Kalfat Hiding your sensitive information 46 Special Thanks to The Citizen Lab, Robert Guerra, Internews, RiseUp,The Tor Project & VaultletSoft Funder

ee eee 0)Cjrojm`^jq`mamjhdiajmh\odjigjnn 53  Identifying and organising your information 54 Defning your backup strategy 56 Creating a digital backup 58 Recovering from accidental fle deletion 61

1)Cjroj_`nomjtn`indodq`diajmh\odji 67  Deleting information 68 Wiping information with secure deletion tooll 69 Tips on using secure deletion tools efectively 71 Tips on wiping the entire contents of a storage device 72

2) Cjrojf``ktjpmDio`mi`o  ^jhhpid^\odjikmdq\o` 77  Securing your email 78 Tips on responding to suspected email surveillance 83 Securing other Internet communication tools 84 Advanced email security 85

3)Cjrojm`h\di\ijithjpn\i_  ]tk\nn^`injmncdkjioc`Dio`mi`o 93  Understanding Internet censorship 94 Understanding censorship circumvention 96 Anonymity networks and basic proxy servers 97 Specifc circumvention proxies 101

 Bgjnn\mt 107

er r Diomj_p^odji

Advocates are increasingly concerned about their digital security, and with good reason. While computers and the Internet can be extremely powerful tools for advocacy, they also expose groups (that may already be quite vulnerable) to new risks. As more advocates have begun to rely on digital technology to achieve their outreach, data-collection, information design, communication and mobilisation objectives, these risks have become greater. If you are an advocate who focuses on sensitive issues, or you work closely with such people, then you have probably experienced (or heard stories about) digital security and privacy threats. Computers and backup drives that were confscated, passwords that changed mysteri- ously, local websites that were hacked or overloaded by malicious Inter- net trafc, foreign websites that can no longer be accessed and emails that appear to have been forged, blocked, modifed or read by someone other than the intended recipient. Tese are true stories, and many of them are set in an environment that makes maters even worse, one in which computer operating systems are frequently out-of-date, sofware is ofen pirated and viruses run rampant. Tis toolkit provides explanations of, and solutions for, threats like these. It was created by a diverse team of experts who understand not only the conditions under which advocates work, but also the resource restrictions they face. While Security in-a-box is designed primarily to address the grow- ing needs of advocates in the global South, particularly human rights defenders, the sofware and strategies in this toolkit are relevant to digital security in general. It has something to ofer anyone who works with sensitive information. Tis may include vulnerable minorities and independent journalists or ‘whistle-blowers’, in addition to advocates working on a range of issues, from environmental justice to anti-corrup- tion campaigns.

CJROJPN@OC@N@>PMDOTDI(<(=JSOJJGFDO Tis toolkit has three major components: j the How-to Booklet j the Hands-on Guide j a selection of and Open Source sofware Tis How-to Booklet is designed to explain the issues that you must understand in order to safeguard your own digital security. It seeks to identify and describe the risks you face and help you make informed

re - decisions about how best to reduce those risks. To this end, it answers order. Security is a process, and there is ofen litle point in trying to eight broad questions related to basic security, data protection and com- defend yourself against an advanced threat to your communication munication privacy. privacy, for example, if you have not yet ensured that your computer At the beginning of each chapter, you will fnd a background is free of viruses and other malware. In many cases, this would be like scenario populated by fctional characters who will reappear in brief locking your door afer a burglar is already in your home. Tis is not to conversations throughout the chapter in order to illustrate certain say that any one of these eight topics is more important than any other, points and answer common questions. You will also fnd a short list it is simply that the later chapters make certain assumptions about what showing what you can learn fom this chapter. It is a good idea to scan you already know and about the state of the computer on which you are through this list before you begin reading. As you work through a chap- about to install sofware. ter, you will encounter a number of technical terms that are highlighted Of course, there are many good reasons why you might want to in green and defned in the glossary at the end of the booklet. You will work through these chapters out of sequence. You might need advice also fnd references to the specifc sofware discussed in the toolkit’s on how to back up your important fles before you begin installing the Hands-on Guides. tools described in the frst Hands-on Guide. You might fnd yourself Tese Hands-on Guides are included, along with an electronic faced with an urgent privacy threat that justifes learning How to protect copy of the How-to Booklet, on the accompanying CD (or USB the sensitive fles on your computer, which is covered in Chapter 4, as memory stick, if you have a version of the toolkit that contains one). quickly as possible. Perhaps you are working from an Internet café, on Each guide explains how to use a particular freeware or Open Source a computer whose security is not your responsibility and from which sofware tool. Te Hands-on Guides highlight potential difculties, sug- you do not intend to access any sensitive information. If you want to use gest helpful tips and, most importantly, walk you through the process this computer to visit a website that is blocked in your country, there of confguring and using these tools securely. Tey include screenshots is nothing to prevent you from skipping ahead to Chapter 8: How to and step-by-step instructions for you to follow as you go along. remain anonymous and bypass censorship on the Internet. All of this sofware can be installed directly from the toolkit or Whatever path you take through the toolkit, we hope it answers downloaded free of charge from the Internet. In most cases, you can some of your questions, helps you understand some of your vulnerabili- install a tool simply by clicking on the appropriate link at the begin- ties and shows you where to look for solutions. ning of whichever guide explains that tool, then telling your browser to Open or Run the install program. If a Hands-on Guide provides special <=JPOOC@N@>PMDOTDI(<(=JSKMJE@>O installation instructions, you may have to save a fle to your Desktop, or Digital security and privacy threats are always unique to the work that some other location, in order to install that tool. Te Security in-a-box an advocate does and the environment in which that person operates. disc also includes a section called Portable Security, where you will fnd Furthermore, the collection of sofware that might help address those ‘portable’ versions of a few Security in-a-box tools. Tese versions are threats is constantly changing, and the tools themselves are frequently meant to be installed directly onto a USB memory stick so that you can updated. For these reasons, it is extremely difcult to create an ‘of- use them on any computer. the-shelf’ toolkit like Security in-a-box. Nothing stated in this toolkit Any single chapter or guide in this toolkit can be read individually, is absolute, and there is no replacement for a trusted, local expert who or formated in your browser for easy printing, or shared electronically. understands the environment you work in, is sympathetic to your cause However, you will get more out of Security in-a-box if you can follow and can help you identify the most up-to-date tools with which to the relevant links and references that are scatered throughout both the protect yourself. booklet and the sofware guides. Ideally, you will have this booklet in Nevertheless, we hope that Security in-a-box will give you an idea front of you while you work through the Hands-on Guides. You should of the relevant issues and the right solutions for your own particular also remember to fnish reading the How-to Booklet chapter covering situation. We have worked with experts from all over the globe to a particular tool before you begin relying on that tool to protect your peer-review the tools and tactics that make up this toolkit. Tis booklet digital security. ofers the very best advice that we could assemble without being able to Where possible, you should read the chapters of this booklet in look at and respond to your unique circumstances.

. / Te sofware that we selected was researched, tested and, in many cases, localised into additional languages by a diverse team of security experts, advocates, human rights defenders, translators and sofware engineers in collaboration with the Tactical Technology Collective and Front Line. Tese tools featured prominently in a number of security trainings that were held as part of the Security in-a-box project, train- ings that served not only to strengthen the security and privacy of advo- cates throughout the world, but also to confrm the appropriateness of the tools selected and to verify the accuracy of the Hands-on Guides. As of this booklet’s publication, the entire toolkit is available in fve languages: English, Arabic, French, Russian and Spanish. It exists both as a printed toolkit, and on the Security in-a-box website, at www.security.ngoinabox.org. Please write to [email protected] if you would like to request additional copies, distribute or translate the toolkit or talk to us about training. Tactical Tech and Front Line are dedicated to making this toolkit as useful as possible for advocates, and to ensuring that future versions are even beter. To do so, we rely heavily on your feedback. Your stories about the toolkit – how you use it, what you fnd useful and what you don’t fnd useful – will help us get it right. Tey will also help us raise funds for the further development of this project. Please send us your comments, stories and ideas to [email protected].

0 1 - Dkspklnkpa_pukqn _kilqpanbnkii]hs]na ]j`d]_gano

2 3 ,)Cjrojkmjo`^otjpm^jhkpo`mamjh  h\gr\m`\i_c\^f`mn

Regardless of your broader objectives, keeping your computer healthy is a critical frst step down the path toward beter security. So, before you begin worrying too much about strong passwords, private communi- cation and secure deletion, for example, you need to make sure that your computer is not vulnerable to c\^f`mn or plagued by malicious sofware, ofen called h\gr\m`, such as viruses and spyware. Other- wise, it is impossible to guarantee the efectiveness of any other security precautions you might take. Afer all, there is no in point locking your door if the burglar is already downstairs, and it doesn’t do you much good to search downstairs if you leave the door wide open. Accordingly, this chapter explains how to maintain your sofware and use tools like jhj_jAdm`r\ggto protect your computer against the ever-present dangers of malware infection and c\^f`m atacks. Although the tools recommended in this chapter are for Windows, which is the most vulnerable to these threats, BIP*Gdipsand Apple OS X users are also at risk and should still adopt the tactics presented below.

=\^fbmjpi_n^`i\mdj

Rc\otjp^\ig`\miamjhocdn^c\ko`m j More about the nature of a few of the specifc threats that h\gr\m` poses to the privacy and integrity of your information, the stability of your computer and the reliability of other security tools j How you can use a number of recommended tools to help protect yourself from these threats j How to keep your computer secure by updating your sofware frequently j Why you should use am``r\m` tools, to avoid the dangers associated with expired licenses or pirated sofware, and popular AJNNtools, where possible, to enhance your security.

4 5 QDMPN@N viruses are writen and distributed every day, and your computer Tere are many diferent ways to classify viruses, and each of these will quickly become vulnerable if you do not keep up with new virus methods comes with its own set of colorfully-named categories. Worms, defnitions. Avast will automatically look for updates when you are macroviruses, trojans and backdoors are some of the more well-known connected to the Internet. examples. Many of these viruses spread over the Internet, using email, jEnable your anti-virus sofware’s ‘always on’ virus-detection feature malicious webpages or other means to infect unprotected computers. if it has one. Diferent tools have diferent names for it, but most of Others spread through removable media, particularly devices like USB them ofer a feature like this. It may be called ‘Realtime Protection,’ memory sticks and external hard drives that allow users to write infor- ‘Resident Protection,’ or something similar. Take a look at Section mation as well as reading it. Viruses can destroy, damage or infect the in- 3.2.1 of the Avast Guide to learn more about that tool’s ‘Resident formation in your computer, including data on external drives. Tey can Scanner.’ also take control of your computer and use it to atack other computers. jScan all of the fles on your computer regularly. You don’t have to do Fortunately there are many anti-virus tools that you can use to protect this every day (especially if your anti-virus sofware has an ‘always on’ yourself and those with whom you exchange digital information. feature, as described above) but you should do it from time to time. How ofen may depend on the circumstances. Have you connected 

Km`q`iodibqdmpndia`^odji C\i_n(ji5B`ono\mo`_rdoc jBe extremely cautious when opening email atachments. It is best to oc`g\hRdi is a AJNN alternative to Avast and the various well-known on your computer, then open the appropriate application (such as commercial anti-virus programs. Although it lacks certain features Microsof Word or Adobe Acrobat) yourself. If you use the program’s that are important for a primary anti-virus program, Clam Win has the File menu to open the atachment manually, rather than double-click- advantage that it can be run from a USB memory stick in order to scan ing the fle or allowing your email program to open it automatically, a computer on which you are not allowed to install sofware. Tis is you are less likely to contract a virus. extremely helpful when you have no choice but to use public computers jConsider the possible risks before inserting removable media, such as or Internet cafes for sensitive work. CDs, DVDs and USB memory sticks, into your computer. You should frst check that your anti-virus program has the latest updates and that Odknjipndib\iod(qdmpnnjaor\m``aa`^odq`gt its scanner is running. It is also a good idea to disable your operating jDo not run two anti-virus programs at the same time, as this might system’s ‘AutoPlay’ feature, which can be used by viruses to infect cause your computer to run extremely slowly or to crash. Uninstall your computer. Under Windows XP, this can be done by going inside one before installing another. My Computer, right-clicking on your CD or DVD drive, selecting jMake sure that your anti-virus program allows you to receive updates. Properties and clicking on the AutoPlay tab. For each content type, Many commercial tools that come pre-installed on new computers select the Take no action or Prompt me each time to choose an action must be registered (and paid for) at some point or they will stop options then click OK. receiving updates. All of the sofware recommended here supports jYou can also help prevent some virus infections by switching to free free updating. and open source sofware, which is ofen more secure, and which jEnsure that your anti-virus sofware updates itself regularly. New virus writers are less likely to target.

-, --

Hpcdi_j5 Believe it or not, it’s really common. If those programs you ADM@R

-. -/ into your computer. In this regard, a frewall provides both a second line F@@KDIBTJPMNJAORjhj_jAdm`r\gg' which does a jhj_j to learn more about this. Adm`r\ggBpd_` No\tdibpk(oj(_\o`rdocam``r\m`\i_AJNNojjgn Kmjkmd`o\mtnjaor\m`

-0 -1 type of program, you can still exchange fles and share information with them quite easily. In particular, you might consider replacing Internet Explorer, Outlook or Outlook Express and Microsof Ofce with Firefox, Tunderbird and OpenOfce, respectively. In fact, you could even move away from the Microsof Windows operating system entirely, and try using a more secure FOSS alternative called BIP*Gdips. Te best way to fnd out if you’re ready to make the switch is simply to give it a try. You can download a Gdq`>?version of UbuntuBIP*Gdips, burn it to a CD or DVD, put it in your computer and restart. When it’s done loading, your computer will be running GNU/, and you can decide what you think. Don’t worry, none of this is permanent. When you’re fnished, simply shut down your computer and remove the Ubuntu LiveCD. Te next time you start up, you’ll be back in Windows, and all of you applications, setings and data will be just as you lef them. In addition to the general security advantages of open-source sofware, Ubuntu has a free, easy-to-use up- date tool that will keep your operating system and much of your other sofware from becoming outdated and insecure.

APMOC@MM@

GDIFN [1] www.fontlinedefenders.org/manual/en/esecman [2] www.virusbtn.com [3] https://security.berkeley.edu/MinStds/Determining-Un-Services-Windows.html [4] www.marksanborn.net/howto/turn-of-unnecessary-windows-services [5]www.tacticaltech.org

-2 -3 . Lnkpa_pukqnejbkni]pekj bnkilduoe_]hpdna]po

-4 -5 -)Cjrojkmjo`^otjpmdiajmh\odji  amjhkctnd^\gocm`\on

No mater how much efort you have put into building a digital barrier around your computer, you could still wake up one morning to fnd that it, or a copy of the information on it, has been lost, stolen, or damaged by any number of unfortunate accidents or malicious acts. Anything from a power surge to an open window to a spilt cup of cofee might lead to a situation in which all of your data are lost and you are no longer able to use your computer. A careful risk assessment, a consistent efort to maintain a healthy computing environment and a writen n`^pmdotkjgd^t can help avoid this type of diaster.

=\^fbmjpi_n^`i\mdj Ncdib\d\i_Mp_j\m`\i`g_`mgth\mmd`_^jpkg`rdoch\it t`\mnja`sk`md`i^`c`gkdiboc`CDQ(dia`^o`_kjkpg\odji jaUdh]\]r`h\dio\di\^^`nnojkmjk`mh`_d^\odji)Oc`t \m`\kkgtdibajm\bm\ioojkpm^c\n`i`r^jhkpo`mn\i_ i`orjmf`lpdkh`ioajmoc`dmjaÙ^`)Ndi^`oc`tgdq`di\m`bdji oc\odnlpdo`opm]pg`io'dio`mhn]jocjakjgdod^n\i_ja diam\nomp^opm`'oc`t\i_oc`dmkjo`iod\gapi_`mnr\iooj `inpm`oc\ooc`dmi`rc\m_r\m`rdgg]`n\a`'ijojigtamjh c\^f`mn\i_qdmpn`n']po\gnjamjh^jiÙn^\odji'ocpi_`m( nojmhn'`g`^omd^\gnkdf`n\i_joc`mnp^c_dn\no`mn)Oc`t\nf Jooj'\gj^\g^jhkpo`mo`^cid^d\i'ojc`gkoc`h_`qdn`\kg\i ja\^odjiojnom`iboc`ioc`kctnd^\gn`^pmdotjaoc`^jhkpo`mn \i_i`orjmfc\m_r\m`oc`tkg\ioj]ptdaoc`dmbm\io \kkgd^\odjidnnp^^`nnapg)

Rc\otjp^\ig`\miamjhocdn^c\ko`m jMore about a few of the kctnd^\gocm`\on to your computer and to the information stored on it jHow best to secure computer equipment against some of these threats jHow to create a healthy operating environment for computers and network equipment jWhat to consider when creating a security plan for the computers in your ofce

., .- lack a clear policy describing what measures they should take to protect both digital and physical threats, others are clearly more specifc. computers and backup storage devices from thef, severe weather condi- When you decide whether to carry your USB memory stick in tions, accidents, and other physical threats. Te importance of such your pocket or sealed in a plastic bag at the botom of your luggage, you policies may seem obvious, but formulating them properly can be more are making a decision about physical security, even though the informa- complicated than it sounds. Many organisations, for example, have good tion you are trying to protect is digital. As usual, the correct policy de- quality locks on their ofce doors, and many even have secure windows; pends greatly on the situation. Are you walking across town or travelling but if they do not pay atention to the number of keys that have been across a border? Will somebody else be carrying your bag? Is it raining? created, and who has copies of those keys, their sensitive information Tese are the sorts of questions that you should consider when making remains vulnerable. decisions like this.

Ncdib\d5 We want to put a brief summary of our security policy into KMJO@>ODIBTJPMDIAJMH

When assessing the risks and vulnerabilities that you or your organisa- 

.. ./ jIf you have a wireless network, it is critical that you secure your jIf you rely on a secure password database, as discussed in Chapter 3, \^^`nnkjdio so that intruders cannot join your network or monitor to store your Windows or BIOS passwords for a particular computer, your trafc. If you are using an insecure wireless network, anyone in make sure that you do not keep your only copy of the database on your neighbourhood with a laptop becomes a potential intruder. Tis that computer. is an unusual defnition of ‘physical’, but it helps to consider that a jGet in the habit of locking your account whenever you step away malicious individual who can monitor your wireless network has the from your computer. On Windows, you can do this quickly by hold- same access as one who can sneak into your ofce and connect an ing down the Windows logo key and pressing the L key. Tis will only ethernet cable. Te steps required to secure a wireless network will work if you have created a password for your account, as described vary, depending on your access point hardware and sofware, but they above. are rarely difcult to follow. j@i^mtko sensitive information on computers and storage devices in your ofce. See Chapter 4: How to protect the sensitive fles on your com- 

.0 .1 HJHKPO@MCM@PMDOTKJGD>T Supplies (PKNn) on important computers in your ofce. A UPS Once you have assessed the threats and vulnerabilities that you or your provides temporary power in the event of a blackout. organisation face, you must consider what steps can be taken to improve j Even where UPSs are deemed inappropriate or too costly, you can your physical security. You should create a detailed n`^pmdotkjgd^t still provide power flters or surge protectors, either of which will by puting these steps in writing. Te resulting document will serve as help protect you from power surges. a general guideline for yourself, your colleagues and any newcomers j Test your electrical network before you connect important equip to your organisation. It should also provide a checklist of what actions ment to it. Try to use power sockets that have three slots, one of should be taken in the event of various diferent physical security emer- them being a ‘ground line’, or ‘earth’. And, if possible, take a day or gencies. Everybody involved should take the time to read, implement two to see how the electrical system in a new ofce behaves when and keep up with these security standards. Tey should also be encour- powering inexpensive devices, such as lamps and fans, before put aged to ask questions and propose suggestions on how to improve the ting your computers at risk. document. j To defend against accidents in general, avoid placing important hard- Your physical security policy may contain various sections, de- ware in passages, reception areas or other easily accessible locations. pending on the circumstances: UPSs, power flters, surge protectors, power strips and extension jAn ofce access policy that addresses the alarm systems, what keys cables, particularly those atached to servers and networking equip- exist and who has them, when guests are allowed in the ofce, who ment, should be positioned where they will not be switched of by an holds the cleaning contract and other such issues accidental misstep. jA policy on which parts of the ofce should be restricted to autho- j If you have access to high-quality computer cables, power strips and rized visitors extension cables, you should purchase enough to serve your entire jAn inventory of your equipment, including serial numbers and physi- ofce and pick up a few extras. Power strips that fall out of wall cal descriptions sockets, fail to hold plugs securely and constantly are more than jA plan for securely disposing of paper rubbish that contains sensitive just annoying. Tey can be quite damaging to the physical security of information any computers atached to them. Tey can also lead frustrated users jEmergency procedures related to: to secure their loose computer cables to a sparking power strip with j Who should be notifed if sensitive information is disclosed or tape, which creates an obvious fre hazard. misplaced jIf you keep any of your computers inside cabinets, make sure they jWho to contact in the event of a fre, food, or other natural disaster have adequate ventilation, or they might overheat j How to perform certain key emergency repairs jComputer equipment should not be housed near radiators, heating j How to contact the companies or organizations that provide vents, air conditioners or other ductwork services such as electrical power, water and Internet access j How to recover information from your of-site backup system. You

.2 .3 can fnd more detailed backup advice in Chapter 5: How to recover fom information loss. Yourn`^pmdotkjgd^t should be reviewed periodically and modi- fed to refect any policy changes that have been made since its last review. And, of course, don’t forget to back up your security policy document along with the rest of your important data. See the Further reading section for more information about creating a security policy.

APMOC@MM@

GDIFN [1] www.fontlinedefenders.org/manual/en/esecman [2] www.fontlinedefenders.org/manuals

.4 .5 / ?na]pa]j`i]ejp]ej oa_qnal]ooskn`o

/, /- .)Cjroj^m`\o`\i_h\dio\din`^pm`  k\nnrjm_n

Many of the secure services that allow us to feel comfortable using digital technology to conduct important business, from signing in to our computers and sending email to encrypting and hiding sensitive data, require that we remember a password. Tese secret words, phrases or strings of gibberish ofen provide the frst, and sometimes the only, barrier between your information and anyone who might want to read, copy, modify or destroy it without your permission. Tere are many ways in which someone could learn your passwords, but you can defend against most of them by applying a few specifc tactics and by using a secure password database tool, such as KeePass.

=\^fbmjpi_n^`i\mdj H\injpm\i_H\b_\\m`nd]gdibn'di\i

Rc\otjp^\ig`\miamjhocdn^c\ko`m jTe elements of a secure password jA few tricks for remembering long, complicated passwords jHow to use the F``K\nnn`^pm`k\nnrjm__\o\]\n` to store pass- words instead of remembering them

N@G@>ODIBPM@K

/. // email accounts, and `i^mtko`_ disks, but if your password is weak, or creating a separate account for each individual who needs access. if you allow it to fall into the wrong hands, they will not do you much Keeping your password secret also means paying atention to who good. might be reading over your shoulder while you type it or look it up in a secure password database. @g`h`ionja\nomjibk\nnrjm_ A password should be difcult for a computer program to guess. A password should be chosen so as to minimise damage if someone jH\f`dogjib5 Te longer a password is, the less likely it is that a does learn it. computer program would be able to guess it in a reasonable amount jH\f`dopidlp`5 Avoid using the same password for more than one of time. You should try to create passwords that include ten or more account. Otherwise, anyone who learns that password will gain access characters. Some people use passwords that contain more than one to even more of your sensitive information. Tis is particularly true word, with or without spaces between them, which are ofen called because some services make it relatively easy to crack a password. If passphrases. Tis is a great idea, as long as the program or service you you use the same password for your Windows user account and your are using allows you to choose long enough passwords. account, for example, someone with physical access to your jH\f`do^jhkg`s5 In addition to length, the complexity of a pass- computer can crack the former and use what they learn to access the word also helps prevent automatic ‘password cracking’ sofware from later. For similar reasons, it is a bad idea to rotate passwords by swap- guessing the right combination of characters. Where possible, you ping them around between diferent accounts. should always include upper case leters, lower case leters, numbers jF``kdoam`nc5 Change your password on a regular basis, preferably and symbols, such as punctuation marks, in your password. at least once every three months. Some people get quite atached to a particular password and never change it. Tis is a bad idea. Te longer A password should be difcult for others to fgure out. you keep one password, the more opportunity others have to fgure jH\f`dokm\^od^\g5If you have to write your password down because it out. Also, if someone is able to use your stolen password to access you can’t remember it, you may end up facing a whole new category your information and services without you knowing about it, they of threats that could leave you vulnerable to anybody with a clear will continue to do so until you change the password. view of your desk or temporary access to your home, your wallet, or even the trash bin outside your ofce. If you are unable to think of a H\injpm5 What if I trust someone? It’s OK for me to tell you my password that is long and complex but still memorable, the Remem- password, right? bering secure passwords section, below, might be of some help. If not, you should still choose something secure, but you may need to record H\b_\5Well, frst of all, just because you trust somebody with your it using a n`^pm`k\nnrjm__\o\]\n` such as F``K\nn. Other types password doesn’t necessarily mean you trust them to take good care of of password-protected fles, including Microsof Word documents, it, right? Even though I wouldn’t do anything bad with your password, should not be trusted for this purpose, as many of them can be bro- I might write it down and lose it or something. Tat could even be how I ken in seconds using tools that are freely available on the Internet. got into this mess! And besides, it’s not all about trust. If you’re the only j?jiÐoh\f`dok`mnji\g5Your password should not be related to one who knows your password, then you don’t have to waste your time you personally. Don’t choose a word or phrase based on information worrying about who to blame if the account gets broken into. Right now, such as your name, social security number, telephone number, child’s for example, I feel prety confdent that somebody actually guessed or name, pet’s name, birth date, or anything else that a person could ‘cracked’ my password, because I never wrote it down or shared it with learn by doing a litle research about you. anyone. jF``kdon`^m`o5 Do not share your password with anyone unless it is absolutely necessary. And, if you must share a password with a friend, M@H@H=@MDIBJM?DIBN@>PM@K

/0 /1 them down. Te importance of using a diferent password for each portable, encrypted secure password database, such as KeePass. account makes this even more difcult. Tere are a few tricks, however, that might help you create passwords that are easy to remember but C\i_n(ji5B`ono\mo`_rdoc extremely difcult to guess, even for a clever person using advanced oc`F``K\nnBpd_` ‘password cracking’ sofware. You also have the option of recording your passwords using a tool Of course, if you use this method, it becomes especially important like F``K\nn that was created specifcally for this purpose. that you create and remember a very secure password for F``K\nn, or

M`h`h]`mdibn`^pm`k\nnrjm_n whatever tool you choose. Whenever you need to enter a password for a specifc account, you can look it up using only your master password, It is important to use diferent types of characters when choosing a which makes it much easier to follow all of the suggestions above. password. Tis can be done in various ways: KeePass is portable, as well, which means that you can put the database jVarying capitalisation, such as: ‘My naME is Not MR. MarSter’ on a USB memory stick in case you need to look up a password while jAlternating numbers and leters, such as: ‘a11 w0Rk 4nD N0 p14Y’ you are away from your primary computer. jIncorporating certain symbols, such as: ‘c@t(heR1nthery3’ Although it is probably the best option for anybody who has to jUsing multiple languages, such as: ‘Let Tem Eat 1e gateaU au ch() maintain a large number of accounts, there are a few drawbacks to this colaT’ method. First, if you lose or accidentally delete your only copy of a Any of these methods can help you increase the complexity of an password database, you will no longer have access to any of the accounts otherwise simple password, which may allow you to choose one that for which it contained passwords. Tis makes it extremely important is secure without having to give up entirely on the idea of memoriz- that you back up your KeePass database. Look over Chapter 5: How to ing it. Some of the more common substitutions (such as the use of a recover fom information loss for more information on backup strategies. zero instead of an ‘o’ or the ‘@’ symbol in place of an ‘a’) were long-ago Fortunately, the fact that your database is encrypted means that you incorporated into password-cracking tools, but they are still a good idea. don’t have to panic if you lose a USB memory stick or a backup drive Tey increase the amount of time that such tools would require to learn containing a copy of it. a password and, in the more common situations where tools of this sort Te second major drawback could be even more important. If you cannot be used, they help prevent lucky guesses. forget your KeePass master password, there is no way to recover it or the Passwords can also take advantage of more traditional mnemonic contents of the database. So, be sure to choose a master password that is devices, such as the use of acronyms. Tis allows long phrases to be both secure and memorable! turned into complex, seemingly-random words: j ‘To be or not to be? Tat is the question’ becomes ‘2Bon2B?TitQ’ H\injpm5Wait a minute. If KeePass uses a single master password to j‘We hold these truths to be self-evident: that all men are created protect all of your other passwords, how is it more secure than just using equal’ becomes ‘WhtT2bs-e:taMac=’ that same password for all of your accounts? I mean, if a bad guy learns j‘Are you happy today?’ becomes ‘rU:-)2d@y?’ the master password, he gets access to everything, right? Tese are just a few examples to help you come up with your own method of encoding words and phrases to make them simultaneously H\b_\5It’s a good thought, and you’re right that protecting your master complex and memorable. password is really important, but there are a couple of key diferences. M`^jm_dibk\nnrjm_nn`^pm`gt First of all, this ‘bad guy’ would not only need your password, he’d need your KeePass database fle, too. If you just share the same password While a litle creativity may allow you to remember all of your pass- between all of your accounts, then he’d only need the password itself. words, the need to change those passwords periodically means that you Plus, we know that KeePass is extremely secure, right? Well, other might quickly run out of creativity. As an alternative, you can generate programs and websites can go either way. Some of them are much less random, secure passwords for most of your accounts and simply give up secure than others, and you don’t want someone breaking into a weak on the idea of remembering them all. Instead, you can record them in a

/2 /3 website, and then using what he learns to access a more secure account. And there’s another thing, too. KeePass makes it really easy to change your master password if you think it’s necessary. I should be so lucky! I spent all day today updating my passwords.

APMOC@MM@

GDIFN [1] www.fontlinedefenders.org/manual/en/esecman [2] www.en.wikipedia.org/wiki/Password [3]www.en.wikipedia.org/wiki/Password_strength [4]www.en.wikipedia.org/wiki/Password_cracking

/4 /5 0 Lnkpa_ppdaoajoepera Úhaokjukqn_kilqpan

0, 0- /)Cjrojkmjo`^ooc`n`indodq`Ùg`njitjpm  ^jhkpo`m

Unauthorised access to the information on your computer or portable storage devices can be carried out remotely, if the ‘intruder’ is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware. You can protect yourself against either type of threat by improving the physical and network security of your data, as discussed in Chapter 1: How to protect your computer fom malware and hackers and Chapter 2: How to protect your information fom physical threats. It is always best to have several layers of defence, however, which is why you should also protect the fles themselves. Tat way, your sensitive information is likely to remain safe even if your other security eforts prove inadequate. Tere are two general approaches to the challenge of securing your data in this way. You can `i^mtkoyour fles, making them unreadable to anyone but you, or you can hide them in the hope that an intruder will be unable to fnd your sensitive information. Tere are tools to help you with either approach, including a AJNN application called Omp`>mtko, which can both encrypt and hide your fle.

=\^fbmjpi_n^`i\mdj >g\p_d\\i_K\]gjrjmfrdoc\cph\imdbconIBJdi\Njpoc g\p_d\c\nh\_`npm`ojnojm`\ ]\^fpkjaoc`_\o\ji\>?'rcd^cnc`f``knjpond_`oc`jaÙ^`)

Rc\otjp^\ig`\miamjhocdn^c\ko`m jHow to encrypt information on your computer jWhat risks you might face by keeping your data encrypted jHow to protect data on USB memory sticks, in case they are lost or stolen jWhat steps you can take to hide information from physical or remote intruders

0. 0/ @I>MTKODIBTJPMDIAJMH

>g\p_d\5Actually, Windows login passwords are usually quite easy to OdknjipndibÙg``i^mtkodjin\a`gt break. Plus, anybody who gets his hands on your computer for long Storing confdential data can be a risk for you and for the people you enough to restart it with a LiveCD in the drive can copy your data work with. Encryption reduces this risk but does not eliminate it. Te without even having to worry about the password. If they manage to frst step to protecting sensitive information is to reduce how much of take it away for a while, then you’re in even worse trouble. It’s not just it you keep around. Unless you have a good reason to store a particular Windows passwords you need to worry about, either. You shouldn’t trust fle, or a particular category of information within a fle, you should Microsof Word or Adobe Acrobat passwords either. simply delete it (see Chapter 6: How to destroy sensitive information for more information about how to do this securely). Te second step is @i^mtkodib your information is a bit like keeping it in a locked safe. to use a good fle encryption tool, such as TrueCrypt. Only those who have a key or know the lock’s combination (an encryp- tion key or password, in this case) can access it. Te analogy is particu- >g\p_d\5Well, maybe we don’t actually need to store information that larly appropriate for Omp`>mtkoand tools like it, which create secure could identify the people who gave us these testimonies. What do you containers called ‘encrypted volumes’ rather than simply protecting one think? fle at a time. You can put a large number of fles into an encrypted vol- ume, but these tools will not protect anything that is stored elsewhere K\]gj5 Agreed. We should probably write down as litle of that as on your computer or USB memory stick. possible. Plus, we should think up a simple code we can use to protect names and locations that we absolutely have to record. C\i_n(ji5B`ono\mo`_rdoc Returning to the analogy of a locked safe, there are a few things you oc`Omp`>mtkoBpd_` should bear in mind when using TrueCrypt and tools like it. No mater how sturdy your safe is, it won’t do you a whole lot of good if you leave While other sofware can provide encryption that is equally strong, the door open. When your TrueCrypt volume is ‘mounted’ (whenever TrueCrypt was designed specifcally to make this kind of secure fle you can access the contents yourself), your data may be vulnerable, storage as simple as possible. Furthermore, its support for carrying so you should keep it closed except when you are actually reading or  encrypted volumes on portable storage devices, the fact that it is a modifying the fles inside it. AJNN tool, and the ‘deniability’ features described in the Hiding your Tere are a few situations when it is especially important that you sensitive information section below, give TrueCrypt a distinct advantage remember not to leave your encrypted volumes mounted: over many built-in proprietary encryption tools, such as Windows XP’s jDisconnect them when you walk away from your computer for any ‘bitlocker’. length of time. Even if you typically leave your computer running overnight, you need to ensure that you do not leave your sensitive K\]gj5 Alright, now you have me worried. What about other users fles accessible to physical or remote intruders while you are gone. on the same computer? Does this mean they can read fles in the ‘My jDisconnect them before puting your computer to sleep. Tis applies Documents’ folder? to both ‘suspend’ and ‘hibernation’ features, which are typically used with laptops but may be present on desktop computers as well. >g\p_d\5 I like the way you’re thinking! If your Windows password jDisconnect them before allowing someone else to handle your com- doesn’t protect you fom intruders, how can it protect you fom other puter. When taking a laptop through a security checkpoint or border people with accounts on the same computer? In fact, your My Documents crossing, it is important that you disconnect all encrypted volumes

00 01 and shut your computer down completely. jYou can avoid using data security sofware entirely, which would jDisconnect them before inserting an untrusted USB memory stick require that you store only non-confdential information or invent a or other external storage device, including those belonging to friends system of code words to protect key elements of your sensitive fles. and colleagues. jYou can rely on a technique called steganography to hide your sensi- jIf you keep an encrypted volume on a USB memory stick, remember tive information, rather than encrypting it. Tere are tools that can that just removing the device may not immediately disconnect the help with this, but using them properly requires very careful prepara- volume. Even if you need to secure your fles in a hurry, you have to tion, and you still risk incriminating yourself in the eyes of anyone dismount the volume properly, then disconnect the external drive or who learns what tool you have used. memory stick, then remove the device. You might want to practice jYou can try to store all of your sensitive information in a secure web- until you fnd the quickest way to do all of these things. mail account, but this demands a reliable network connection and a relatively sophisticated understanding of computers and Internet If you decide to keep your TrueCrypt volume on a USB memory stick, services. Tis technique also assumes that network encryption is less you can also keep a copy of the TrueCrypt program with it. Tis will incriminating than fle encryption and that you can avoid accidentally allow you to access your data on other people’s computers. Te usual copying sensitive data onto your hard drive and leaving it there. rules still apply, however: if you don’t trust the machine to be free of jYou can keep sensitive information of of your computer by storing malware, you probably shouldn’t be typing in your passwords or access- it on a USB memory stick or portable hard drive. However, such de- ing your sensitive data. vices are typically even more vulnerable than computers to loss and confscation, so carrying around sensitive, unencrypted information CD?DIBTJPMN@INDODQ@DIAJMHjind_`mdiboc`mdnfjan`ga(di^mdhdi\odji on the wall of your ofce. It might not hold up under close inspection, Encryption is illegal in some countries, which means that downloading, but it will ofer some protection. You can also rename the Omp`>mtko installing or using sofware of this sort might be a crime in its own right. program itself, assuming you have stored it as you would a regular fle And, if the police, military or intelligence services are among those on your hard drive or USB memory stick, rather than installing it as a groups from whom you are seeking to protect your information, then program. Te TrueCrypt Guide explains how to do this. violating these laws can provide a pretext under which your activities might be investigated or your organisation might be persecuted. In >jind_`mdiboc`mdnfjad_`iodatdibtjpmn`indodq` fact, however, threats like this may have nothing to do with the legality diajmh\odji of the tools in question. Any time that merely being associated with Ofen, you may be less concerned about the consequences of ‘geting encryption sofware would be enough to expose you to accusations caught’ with `i^mtkodji sofware on your computer or USB memory of criminal activity or espionage (regardless of what is actually inside stick and more concerned that your encrypted volume will indicate your encrypted volumes), then you will have to think carefully about precisely where you store the information that you most wish to protect. whether or not such tools are appropriate for your situation. While it may be true that no one else can read it, an intruder will know If that is the case, you have a few options: that it is there, and that you have taken steps to protect it. Tis exposes

02 03 you to various non-technical methods through which that intruder >g\p_d\5 Alright, so let’s toss some junk into the standard volume, and might atempt to gain access, such as intimidation, blackmail, interroga- then we can move all our testimonies into the hidden one. Do you have tion and torture. It is in this context that TrueCrypt’s deniability feature, some old PDFs or something we can use? which is discussed in more detail below, comes into play. Omp`>mtko’s deniability feature is one of the ways in which it goes K\]gj5Well, I was thinking about that. I mean, the idea is for us to give beyond what is typically ofered by fle `i^mtkodji tools. Tis feature up the decoy password if we have no other choice, right? But, for that to can be thought of as a peculiar form of no`b\ijbm\kct that disguises be convincing, we need to make sure those fles look kind of important, your most sensitive information as other, less sensitive, hidden data. It don’t you think? Otherwise, why would we bother to encrypt them? is analogous to installing a subtle ‘false botom’ inside that not-so-subtle Maybe we should use some unrelated fnancial documents or a list of ofce safe. If an intruder steals your key, or intimidates you into giving website passwords or something. her the safe’s combination, she will fnd some convincing ‘decoy’ mate- rial, but not the information that you truly care about protecting. APMOC@MM@

04 05 1 Na_kranbnki ejbkni]pekjhkoo

1, 1- 0)Cjrojm`^jq`mamjhdiajmh\odjigjnn

Each new method of storing or transferring digital information tends to introduce several new ways in which the information in question can be lost, taken or destroyed. Years of work can disappear in an instant, as a result of thef, momentary carelessness, the confscation of computer hardware, or simply because digital storage technology is inherently fragile. Tere is a common saying among computer support profession- als: “it’s not a question of if you will lose your data; it’s a question of when.” So, when this happens to you, it is extremely important that you already have an up-to-date backup and a well-tested means of restoring it. Te day you are reminded about the importance of a backup system is generally the day afer you needed to have one in place. Although it is one of the most basic elements of secure comput- ing, formulating an efective backup policy is not as simple as it sounds. It can be a signifcant planning hurdle for a number of reasons: the need to store original data and backups in diferent physical locations, the importance of keeping backups confdential, and the challenge of coordinating among diferent people who share information with one another using their own portable storage devices. In addition to backup and fle-recovery tactics, this chapter addresses two specifc tools, >j]d\i=\^fpk and Pi_`g`o`Kgpn.

=\^fbmjpi_n^`i\mdj @g`i\dn\i`iqdmjih`io\gdnodi\Mpnnd\i(nk`\fdib ^jpiomt'rc`m`nc`c\n]`bpioj^m`\o`\r`]ndo`oc\o rdggm`gtji^m`\odq`km`n`io\odjijadh\b`n'qd_`jn'h\kn \i_nojmd`nojcdbcgdbcooc``so`iojadgg`b\g_`ajm`no\odji dioc`m`bdji)Nc`c\n]``i^jgg`^odib_j^ph`ion'h`_d\ Ùg`n\i_b`jbm\kcd^diajmh\odji\]jpogjbbdibajmt`\mn' \i_hjnojadodnnojm`_ji\ijg_Rdi_jrn^jhkpo`mdi oc`jaÙ^`jaoc`IBJrc`m`nc`rjmfn)Rcdg`_`ndbidib\ r`]ndo`\mjpi_ocdndiajmh\odji'nc`c\n^jh`ojm`\gdn` dondhkjmo\i^`\i_ojrjmmt\]jpokm`n`mqdibdodioc` `q`iooc\oc`m^jhkpo`mncjpg_]`_\h\b`_'`nk`^d\ggtda doncjpg_c\kk`i]`ajm`nc`b`on`q`mtocdib^jkd`_pkoj oc`r`]ndo`)Joc`mh`h]`mnjac`mjmb\idn\odji njh`odh`npn`oc`^jhkpo`m'njnc`\gnjr\ionojg`\mi cjrojm`nojm`c`mÙg`ndanjh`ji`\^^d_`io\ggt_`g`o`n oc`ajg_`m^jio\didibc`mrjmf)Nc`\nfnc`mi`kc`r Idfjg\dojc`gkc`m_`q`gjk\]\^fpknom\o`bt)

1. 1/ Rc\otjp^\ig`\miamjhocdn^c\ko`m Next, you need to defne which of these fles are ‘master copies,’ jHow to organise and back up your information and which are duplicates. Te master copy is generally the most up-to- jWhere you should store your backups date version of a particular fle or collection of fles, and corresponds to jHow you can manage your backups securely copy that you would actually edit if you needed to update the content. jHow to recover fles that have been deleted accidentally Obviously, this distinction does not apply to fles of which you have only one copy, but it is extremely important for certain types of infor- D?@IODATDIB

10 11 change it maliciously), you will lose access to them. copy your text messages and contact information from your NDH^\m_ jYou have no copies of any data from your mobile phone. onto the phone itself, and then copy them onto a backup SIM card. Tis jYou have no duplicate copies, digital or physical, of printed docu- method can be particularly useful as an emergency backup solution, but ments such as contracts and invoices. remember to keep the extra SIM card safe. Te ability to copy contact information and text messages between a mobile phone and its SIM ?@ADIDIBTJPM=<>FPKNOMj]d\i=\^fpk, which is described in more detail below. In the end, you should have rearranged your storage devices, data Store the backup on something portable so that you can take it home types and backups in a way that makes your information much more or to some other safe location. It may be easier to use CDs or DVDs for resistant to disaster: this, rather than a portable hard drive or USB memory stick, so that you do not risk losing your old backups while you are transporting a new ?\o\Otk` H\no`m*?pkgd^\o` Nojm\b`?`qd^` Gj^\odji one. Blank CDs may be cheap enough that you can use a new one every Electronic documents Master Computer hard drive Ofce time you make a backup. Because this category of data ofen contains Electronic documents Duplicate CDs Home the most sensitive information, it is particularly important that you A few important Duplicate USB memory stick With me protect your electronic document backups using encryption. You can electronic documents learn how to do this in Chapter 4: How to protect the sensitive fles on your computer and in the TrueCrypt Guide. ?\o\Otk` H\no`m*?pkgd^\o` Nojm\b`?`qd^` Gj^\odji Kmjbm\h_\o\]\n`n Program databases Master Computer hard drive Ofce Once you have determined the location of your program databases, you Program databases Duplicate CDs Home can back them up in the same way as electronic documents. ?\o\Otk` H\no`m*?pkgd^\o` Nojm\b`?`qd^` Gj^\odji @h\dg Rather than accessing your email only through a web browser, install Email & email contacts Duplicate Gmail account Internet an email client like Ocpi_`m]dm_ and confgure it to work with your Email & email contacts Master Tunderbird on Ofce ofce computer account. Most webmail services will provide instructions on how to use such programs and, ofen, how to import your email addresses into ?\o\Otk` H\no`m*?pkgd^\o` Nojm\b`?`qd^` Gj^\odji them. You can learn more about this in the Further Reading section, below. Make sure that you leave a copy of your messages on the mail Text messages & mobile Master Mobile phone With me phone contacts server, rather than just moving them over to your computer. Te Text messages & mobile Duplicate Computer hard drive Ofce Tunderbird Guide explains in detail how to do this. phone contacts Hj]dg`kcji`^jio`ion Text messages & mobile Duplicate Backup SIM Home To back up the phone numbers and text messages on your mobile phone contacts phone, you can connect it to your computer using the appropriate sofware, which is generally available from the website of the company ?\o\Otk` H\no`m*?pkgd^\o` Nojm\b`?`qd^` Gj^\odji that manufactured your phone. You may need to buy a special USB Printed documents Master Desk drawer Ofce cable to do this, however. As an alternative, you can use the phone to Scanned documents Duplicate CDs At home

12 13 @g`i\5I know some people who keep all of their important documents search your hard drive to learn where they store the actual media fles on Gmail, by ataching them to ‘draf’ messages or emails to themselves. that they help manage. Would that count as a ‘second physical location’ for my fles? Nojm\b`_`qd^`n Idfjg\d5 It might help you recover if you lose one or two very important Before you can back up your electronic documents, you must decide documents, but it’s prety awkward. Honestly, how many documents what kind of storage device you will use. per week would you be willing to back up like that? Plus, you need >jhk\^o?dn^n#>?n$ to consider whether or not those atachments are safe, especially if CDs store around 700 Megabytes (MB) of data. You will need a CD you’re at all worried about your email being monitored. Unless you’re burner and blank discs in order to create a CD backup. If you want to connecting to Gmail securely, this is a bit like handing over your sensitive erase a CD and update the fles stored on it, you will need to have a CD- information on a silver plater. Using an HTPS connection to Gmail RW burner and rewritable CDs. All major operating systems, including in order to back up small Truecrypt volumes or KeePass database fles Windows XP, now include built-in sofware that can write CDs and would be prety safe, because they’re encrypted, but I really wouldn’t CD-RWs. Keep in mind that the information writen on these discs may recommend this as a general-purpose backup strategy. begin to deteriorate afer fve or ten years. If you need to store a backup >M@FPK for longer than that, you will have to recreate the CDs occasionally, buy special ‘long life’ discs or use a diferent backup method. Of the various data types discussed here, it is the ‘electronic documents’ that people tend to worry about most when establishing a backup ?dbdo\gQd_`j?dn^n#?Q?n$ policy. Tis term is somewhat ambiguous, but generally refers to fles DVDs store up to 4.7 Gigabytes (GB) of data. Tey work much like that you keep track of yourself and that you open manually, either CDs but require slightly more expensive equipment. You will need a by double-clicking on them or by using a particular application’s File DVD or DVD-RW burner, and appropriate discs. As with a CD, the data menu. Specifcally, it includes text fles, word processing documents, writen on a normal DVD will eventually begin to fade. presentations, PDFs and spreadsheets, among other examples. Unlike PN=h`hjmtnod^fn email messages, for example, electronic documents are generally not A USB memory stick holds as much information as the capacity of the synchronised with remote copies over the Internet. device allows. USB memory sticks can be quite inexpensive, even those When backing up your electronic documents, you should remem- with a capacity equal to or greater than that of a CD or DVD, and they ber to back up your program databases, as well. If you use a calendar are easy to erase or overwrite numerous times. Like CDs and DVDs, application or an electronic address book, for example, you will need USB memory sticks have a limited lifetime, which is generally estimated to fnd the folder in which these programs store their data. Hopefully, to be around 10 years. these databases will be in the same location as your electronic docu- ments, as they are ofen kept inside your My Documents folder on a M`hjo`n`mq`m Windows computer. If that is not the case, however, you should add the A well-maintained network backup server may have almost unlimited appropriate folders to your regular backup. capacity, but the speed and stability of your own Internet connection Email stored by an application such as Ocpi_`m]dm_is a special will determine whether or not this is a realistic option. Keep in mind example of a program database. If you use an email program, especially that running a backup server in your own ofce, while faster than copy- if you are unable or unwilling to store a copy of your messages on the ing information over the Internet, violates the requirement that you server, then you must ensure that this email database is included in your keep a copy of your important data in two diferent physical locations. regular backup. You may consider image and video fles to be electronic Tere are free storage services on the Internet, as well, but you should documents or items within a program database, depending on how you always encrypt your backups before uploading them to servers run by interact with them. organisations or individuals whom you do not know and trust. See the Applications like Windows Media player and iTunes, for example, Further reading section for a few examples. work like databases. If you use programs like this, you might have to

14 15 =\^fpkNjaor\m` environmental demonstration, the authorities crack down, things get out Cobian Backup is a user-friendly tool that can be set to run automati- of hand, and the organisation is raided? I doubt your litle desk lock will cally, at regularly scheduled times, and to include only fles that have keep the police fom confscating those CDs. What about keeping them at changed since your last backup. It can also compress backups to make home, or asking a fiend to store them for you? them smaller. M@>JQ@MDIBAMJH<>>D?@IOj]d\i=\^fpkBpd_` =di, information from the fles you deleted can usually still be found on the hard drive. See Chapter 6: How to destroy sensitive information to As always, it is a good idea to encrypt your backup fles using a tool such learn more about this. as TrueCrypt. More information about about data encryption can be Occasionally, if you accidentally delete an important fle or folder, found in Chapter 4: How to protect the sensitive fles on your computer. this security vulnerability can work to your advantage. Tere are several programs that can restore access to recently-deleted fles, including a AJNN tool called Pi_`g`o`Kgpn. C\i_n(ji5B`ono\mo`_rdoc oc`Omp`>mtkoBpd_` C\i_n(ji5B`ono\mo`_rdococ` When using these backup tools, there are a few things you can do to Pi_`g`o`KgpnBpd_` help your backup system work smoothly: jOrganise the fles on your computer. Try to move all of the folders Tese tools do not always work, because Windows may have writen that contain electronic documents you intend to back up into a single new data over your deleted information. Terefore, it is important that location, such as inside the My Documents folder. you do as litle as possible with your computer between deleting a fle j If you use sofware that stores its data in an application database, and atempting to restore it with a tool like Undelete Plus. Te longer you should frst determine the location of that database. If it is not you use your computer before atempting to restore the fle, the less in a convenient location, see if the program will allow you to choose likely it is that you will succeed. Tis also means that you should install a new location for its database. If it does, you can put it in the same data recovery sofware well ahead of time. If you have to install it afer folder as your electronic documents. you’ve deleted an important fle, there is some chance that the sofware jCreate a regular schedule to perform your backup. itself will overwrite the critical data that you are trying to recover. jTry to establish procedures for all of the staf in your ofce who do While it might sound like a lot of work to implement the policies not already have a reliable, secure backup policy. Help your cowork- and learn the tools described in this chapter, maintaining your backup ers understand the importance of this issue. strategy, once you have a system in place, is much easier than seting it jMake sure to test the process of recovering data from your backup. up for the frst time. And, given that backup may be the single most im- Remember that, in the end, it is the restore procedure, not the backup portant aspect of data security, you can rest assured that going through procedure, that you really care about! this process is well worth the efort.

@g`i\5 Alright, so I made an encrypted backup while I was at work, and APMOC@MM@

2, 2- as long as you encrypt it frst. Dropbox [2] and ADrive [3] are good examples of such a service. jTere is an excellent article on data recovery in Wikipedia [4].

GDIFN [1] www.fontlinedefenders.org/manual/en/esecman [2] htps://www.getdropbox.com [3] www.adrive.com [4] www.en.wikipedia.org/wiki/Data_recovery

2. 2/ 2 @aopnkuoajoepera ejbkni]pekj

встретить названия “файруолл” и “брандмауэр”). Межсетевой экран следит за информацией, которая поступает в ваш компьютер из Интернета и обратно. Он блокирует попытand habits that can help you protect your sensitive data, but what happens when you decide that you no longer need to keep a piece oftous les efforts que vous avez déployés pour construire une barrière nu- mérique autour de votre ordina- teur, il est bien possiblufcient, and as llamadas telefónicas. En parte, esto ocurre debido a que algunas muy poderosas computadoras

20 21 1)Cjroj_`nomjtn`indodq`diajmh\odji

Te previous chapters have discussed a number of tools and habits that can help you protect your sensitive data, but what happens when you decide that you no longer need to keep a piece of information? If you determine, for example, that your encrypted backup copies of a particular fle are sufcient, and you want to delete the master, what is the best way to do so? Unfortunately, the answer is more complicated than you might think. When you delete a fle, even afer you empty the Recycle bin, the contents of that fle remain on your hard drive and can be recovered by anyone who has the right tools and a litle luck. In order to ensure that deleted information does not end up in the wrong hands, you will have to rely on special sofware that removes data securely and permanently. @m\n`mis one such tool, and is discussed below. Using Eraser is a bit like shredding a paper document rather than simply tossing it into a bin and hoping that nobody fnds it. And, of course, deleting fles is only one example of a situation in which you might need to destroy sensitive data. If you consider the details that someone, particularly a powerful, politically-motivated adversary, could learn about you or your organisation by reading certain fles that you thought you had deleted, you will probably think of a few more exam- ples of data that you’d like to permanently erase, by destroying outdated backups, wiping old hard drives before giving them away, deleting old user accounts, and clearing your web browsing history, for example. >>g`\i`m, the other tool described in this chapter, can help you face the challenge of deleting the many temporary fles that your operat- ing system and applications create every time you use them.

=\^fbmjpi_n^`i\mdj @g`i\dn\i`iqdmjih`io\gdnodi\Mpnnd\i(nk`\fdib ^jpiomt'rc`m`nc`h\dio\din\idi^m`\ndibgt(kjkpg\m r`]ndo`oc\ocdbcgdbconoc``so`iojadgg`b\g_`ajm`no\odji dioc`m`bdji)Nc`c\n^m`\o`_\]\^fpkjaoc`diajmh\odji pn`_oj^m`\o`oc`r`]ndo`'\i_nc`f``kn^jkd`njado\o cjh`'dioc`jaÙ^`\i_jic`mi`rg\kojk)M`^`iogt'nc` c\n\gnj]`bpiojnojm`\^jktjaoc`r`]n`mq`mÐnqdndojm gjbn\i_oc`_\o\]\n`^jio\didibc`mpn`mnÐajmphkjnon) @g`i\rdggnjji]`om\q`ggdibdio`mi\odji\ggt'oj\oo`i_\ g\mb`bgj]\g^jia`m`i^`ja`iqdmjih`io\g\^odqdnon'njh` jarcjhc\q`m`kjmo`_c\qdiboc`dmg\kojkno\f`i\r\t ajmjq`m\icjpm\o]jm_`m(^mjnndibn)Ojkmjo`^oc`m

22 23 n`indodq`diajmh\odji'\i_oc`n\a`otjac`mhjm` mentioned above, moves the label from the old section to the new one, kjgdod^\gajmphk\mod^dk\ion'nc`c\nhjq`_c`mcjh`\i_ and leaves the previous draf where it was until some other program jaÙ^`]\^fpknjioj\Omp`>mtkoqjgph`\i_m`hjq`_oc` needs to use that space. Clearly, if you have a good reason to destroy all ^jktamjhc`mg\kojk)Nc`\nf`_c`mi`kc`rIdfjg\dajm traces of that document from your fling cabinet, removing the latest \_qd^`'\i_c`c\nr\mi`_c`moc\onc`i``_noj_jhjm` copy is not going to be enough, and simply throwing away the label oc\iepno_`g`o`c`mjg_]\^fpkdanc`dnrjmmd`_\]jpo would be even worse. c\qdibc`m^jhkpo`mn`du`_]t]jm_`mjaÙ^d\gn) Remember, too, that computer hard drives are not the only devices that store digital information. CDs, DVDs, USB memory sticks, foppy Rc\otjp^\ig`\miamjhocdn^c\ko`m disks, fash memory cards from mobile phones and removable hard jHow to remove sensitive information from your computer perma- drives all have the same issues, and you should not trust a simple delete nently or rewrite operation to clear sensitive information from any of them. jHow to remove information stored on removable storage devices like CDs and USB memory sticks RDKDIBDIAJMHPM@?@G@ODJIOJJGN jHow to prevent someone from learning what documents you have When you use a secure deletion tool, such as those recommended in previously been viewing on your computer this chapter, it would be more accurate to say that you are replacing, or jHow to maintain your computer so that deleted fles cannot be recov- ‘overwriting,’ your sensitive information, rather than simply deleting it. ered in the future If you imagine that the documents stored in those hypothetical fling cabinet discussed above are writen in pencil, then secure deletion ?@G@ODIBDIAJMH

24 25 destroyed. Returning to the metaphor of the poorly-labeled fle cabinet, can be very important for information that is collected automatically this procedure is comparable to searching through the cabinet, then whenever you use your computer. Examples include: erasing and scribbling repeated over any documents that have already jTemporary data recorded by your browser while displaying web- had their labels removed. pages, including text, images, ^jjfd`n, account information, personal @m\n`m is a free and open-source secure deletion tool that is data used to complete online forms and the history of which websites extremely easy to use. You can wipe fles with Eraser in three diferent you have visited. ways: by selecting a single fle, by selcting the contents of the Recycle jTemporary fles saved by various applications in order to help you Bin, or by wiping all unallocated space on the drive. Eraser can also wipe recover should your computer crash before you can save your work. the contents of the Windows swap fle, which is discussed below. Tese fles might contain text, images, spreadsheet data and the names of other fles, along with other potentially sensitive information. j and links stored by Windows for the sake of convenience, such C\i_n(ji5B`ono\mo`_rdococ`@m\n`mBpd_` as shortcuts to applications you have used recently, obvious links to folders that you might prefer to keep hidden and, of course, the While secure deletion tools will not damage any visible fles unless you contents of your M`^t^g`=dishould you forget to empty it. explicitly wipe them, it is still important to be careful with sofware jTe Windows nr\kÙg`. When your computer’s memory is full, for like this. Afer all, accidents happen, which is why people fnd M`^t^g` example when you have been running several programs at the same =din and data recovery tools so useful. If you get accustomed to wip- time on an older computer, Windows will sometimes copy the data ing your data every time you delete something, you may fnd yourself you are using into a single large fle called the swap fle. As a result, with no way to recover from a simple mistake. Always make sure you this fle might contain almost anything, including webpages, docu- have a secure backup before wiping large amounts of data from your ment content, passwords or encryption keys. Even when you shut computer. down your computer, the swap fle is not removed, so you must wipe it manually. @g`i\5 I know word processing programs like Microsof Word and Open In order to remove common temporary fles from your computer, Ofce sometimes make temporary copies of a fle while you’re working you can use a freeware tool called >>g`\i`m, which was designed to on it. Do other programs do that too, or should I mostly just worry about clean up afer sofware like Internet Explorer, Mozilla Firefox and Mi- fles that I create and delete myself? crosof Ofce applications (all of which are known to expose potentially sensitive information), as well as cleaning Windows itself. CCleaner has Idfjg\d5Actually, there are lots of places on your computer where the ability to delete fles securely, which saves you from having to wipe programs leave traces of your personal information and online activities. unallocated drive space, using @m\n`m, afer each time you run it. I’m talking about websites you’ve visited, draf emails you’ve worked on recently and other things like that. All of this stuf could be sensitive, depending on how ofen you use that computer. C\i_n(ji5B`ono\mo`_rdococ`>>g`\i`mBpd_`

Rdkdibo`hkjm\mt_\o\ ODKNJIPNDIBN@>PM@?@G@ODJIOJJGN@AA@>ODQ@GT Te feature that allows @m\n`mto rdk` all unallocated space on a drive You are now familiar with a few of the ways in which information might is not as risky as it might sound, because it only wipes previously- be exposed on your computer or storage device, even if you are dilligent deleted content. Normal, visible fles will be unafected. On the other about erasing sensitive fles. You also know what tools you can use to hand, this very fact serves to highlight a separate issue: Eraser can not wipe that information permanently. Tere are a few simple steps that help you clean up sensitive information that has not been deleted, but you should follow, especially if it is your frst time using these tools, in that may be extremely well-hidden. Files containing such data may be order to ensure that your drive is cleaned safely and efectively: tucked away in obscure folders, for example, or stored with meaning- ,)Create an encrypted backup of your important fles, as discussed in less flenames. Tis is not a major issue for electronic documents, but Chapter 5: How to recover fom information loss.

3, 3- -)Close down all unnecessary programs and disconnect from the of the external drive and then use Eraser to wipe all of its unallocated Internet. space. Fortunately, this is not something you will have to do ofen, as it .) Delete all unnecessary fles, from all storage devices, and empty the may take quite some time. M`^t^g`=di Rather than trying to wipe data that have been stored on a rewrit- /) Rdk` temporary fles using CCleaner. able CD or DVD, it is ofen beter to destroy the disc itself. If necessary, 0) Wipe the Windows swap fle using Eraser. you can create a new one containing any information you wish to keep. 1) Wipe all of the free space on your computer and other storage devices And, of course, this is the only way to ‘erase’ content from a non-rewrit- using Eraser. You might need to let this procedure run overnight, as it able disc. It is surprisingly difcult to destroy the contents of a CD or can be quite slow. DVD completely. You may have heard stories about information being You should then get into the habit of: recovered from such discs even afer they were cut into small pieces. jPeriodically using >>g`\i`mto rdk`temporary fles While these stories are true, reconstructing information in this way jWiping sensitive electronic documents using @m\n`m, instead of using takes a great deal of time and expertise. You will have to judge for your- the Recycle Bin or the Windows delete function self whether or not someone is likely to expend that level of resources in jPeriodically using Eraser to wipe the Windows nr\kÙg` order to access your data. Typically, a sturdy pair of scissors (or a very jPeriodically using Eraser to wipe all unallocated space on your hard sturdy paper shredder) will do the job nicely. If you want to take extra drives, USB memory sticks, and any other storage devices that may precautions, you can mix up the resulting pieces and dispose of them in have had sensitive information deleted from them recently. Tis various locations far from your home or ofce. might include foppy disks, rewritable CDs, rewritable DVDs and removable fash memory cards from cameras, mobile phones or @g`i\5 I still have an old CD backup of the webserver logs, and I heard portable music players. that you can erase a CD by puting it in the microwave. Somehow, though, it sounds like a really bad idea to me. Do people really do that? ODKNJIRDKDIBOC@@IODM@>JIO@IONJA<NOJM@ You might occasionally need to rdk` a storage device completely. Idfjg\d5 I imagine it destroys the data prety efectively, but I wouldn’t When you sell or give away an old computer, it is best to remove the know, because I’d never put a CD in my microwave! You’re right. Tat hard drive and let the computer’s new owner acquire one for herself. If sounds like a terrible idea. Even if the metal doesn’t damage your this is not an option, however, you should at least wipe the drive thor- microwave or start a fre, I bet that plastic would give of some prety oughly with @m\n`mbefore handing it over. And, even if you do keep the unhealthy fumes. Come to think of it, I wouldn’t recommend burning drive, you will probably want to wipe it anyway, regardless of whether CDs in a fre, either. you intend to reuse or discard it. Similarly, if you purchase a new hard drive, you should wipe your old one afer copying your data and APMOC@MM@

3. 3/ GDIFN [1] htps://support.mozilla.com/en-US/kb/Clearing+Private+Data [2]www.ccleaner.com/help/faq [3] www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ [4] www.en.wikipedia.org/wiki/Gutmann_method

3 GaalukqnEjpanjap _kiiqje_]pekjlner]pa

30 31 2)Cjrojf``ktjpmDio`mi`o  ^jhhpid^\odjikmdq\o`

Te convenience, cost-efectiveness and fexibility of email and make them extremely valuable for individuals and organiza- tions with even the most limited access to the Internet. For those with faster and more reliable connections, sofware such as Nftk`and other Voice-over-IP (QjDK) tools also share these characteristics. Unfortu- nately, these digital alternatives to traditional means of communication can not always be relied upon to keep sensitive information private. Of course, this is nothing new. Postal mail, telephone calls and text messages are all vulnerable as well, particularly when used by those who may have been targeted for surveillance by the authorities. One important diference between digital, Internet-based com- munication techniques and more traditional methods, is that the former ofen allow you to determine your own level of security. If you send emails, instant messages and VoIP conversations using insecure methods, they are almost certainly less private than leters or telephone calls. In part, this is because a few powerful computers can automatically search through a large amount of digital information to identify senders, recipients and specifc key words. Greater resources are required to carry out the same level of surveillance on traditional communication channels. However, if you take certain precautions, the opposite can be true. Te fexibility of Internet communication tools and the strength of modern `i^mtkodji can now provide a level of privacy that was once available only to national military and intelligence organizations. By following the guidelines and exploring the sofware discussed in this chapter, you can greatly improve your communication security. Te Mdn`pk email service, the Of the Record (JOM) plugin for the Kd_bdi instant messaging program, Mozilla Adm`ajs and the @idbh\dg add-on for the Mozilla Ocpi_`m]dm_ email client are all excellent tools. While using them, however, you should keep in mind that the privacy of a given conversation is never one hundred percent guaranteed. Tere is always some threat that you did not consider, be it a f`tgjbb`m on your computer, a person listening at the door, a careless email correspondent or something else entirely. Te goal of this chapter is to help you reduce even the threats that do not occur to you, while avoiding the extreme position, favoured by some, that you should not send anything over the Internet that you are not willing to make public.

32 33 =\^fbmjpi_n^`i\mdj Remember, too, that secure email will not do you any good if >g\p_d\\i_K\]gjrjmfrdoc\cph\imdbconIBJdi\ everything you type is recorded by spyware and periodically sent over Njpocg\p_d\\i_K\]gjc\q`]`bpi will help you protect your accounts for the email and instant messaging o\fdibno`knojkmjo`^ooc`m`npgodib_\o\)Oc`tc\q`f`ko tools described below. jigtoc`diajmh\odjioc`ti``_'rcd^coc`tnojm`di\ Omp`>mtkok\mododjioc\odn]\^f`_pkdin`q`m\gkctnd^\g F``kdibtjpmr`]h\dgkmdq\o` gj^\odjin)Rcdg`km`k\mdibojkp]gdnc^`mo\di\nk`^onja Te Internet is an open network through which information typically oc`n`o`nodhjid`ndi\m`kjmo'oc`tc\q`ajpi_oc\ooc`t travels in a readable format. If a normal email message is intercepted on hpno_dn^pnnn`indodq`diajmh\odjirdoc\a`rjaoc`dm the way to a recipient, its contents can be read quite easily. And, because ^jgg`\bp`ndi\ijoc`m^jpiomt)g\p_d\c\n\nf`_da\itji`dioc`jaÙ^`c\n your message before it is delivered. Unless you take certain precautions, lp`nodjin) your messages can be read or tampered with at either of these points, or anywhere in between. Rc\otjp^\ig`\miamjhocdn^c\ko`m jWhy most webmail and instant messaging services are not secure K\]gj5I was talking to one of our partners about all this, and she said jHow to create a new and more secure email account that she and her colleagues sometimes just save important messages in jHow to improve the security in your current email account the ‘Drafs’ folder of a webmail account where they all share a password. jHow to use a secure instant messaging service It sounds kind of strange to me, but would it work? I mean, wouldn’t that jWhat to do if you think someone might be accessing your email prevent anyone fom reading the messages, since they’re never actually jHow to verify the identity of an email correspondent sent?

N@>PMDIBTJPM@Hg\p_d\5Any time you read an email on your computer, even if it’s just Tere are a few important steps that you can take in order to increase a ‘draf’, its contents have been sent to you over the Internet. Otherwise, the security of your email communication. Te frst is to make sure that it couldn’t appear on your screen, right? Te thing is, if someone has you only the person to whom you send a given message is able to read it. under surveillance, they don’t just monitor your email messages, they can Tis is discussed in the Keeping your webmail private and Switching to a scan all readable information going to and fom your computer. In other more secure email account sections, below. Going beyond the basics, it words, this trick wouldn’t work unless everyone connects securely to that is sometimes critical that your email contacts have the ability to verify, shared webmail account. And, if they do, then it really doesn’t hurt to without a doubt, that a particular message truly came from you and not create separate accounts or to go ahead and hit that ‘send’ buton. from someone who might be atempting to impersonate you. One way to accomplish this is described under Advanced email security, in the It has long been possible to secure the Internet connection between Encrypting and authenticating individual email messages section. your computer and the websites that you visit. You ofen encounter this You should also know what to do if you think the privacy of your level of security when entering passwords or credit card information email account may have been violated. Te Tips on responding to sus- into websites. Te technology that makes it possible is called Secure pected email surveillance section addresses this question. Sockets Layer (NNG) `i^mtkodji. You can tell whether or not you are

34 35 using SSL by looking closely at your Web browser’s address bar. users’ messages. We’re going to have to change some people’s habits if we All Web addresses normally begin with the leters COOK, as can be want to be able to discuss these testimonies securely. seen in the example below: Nrdo^cdiboj\hjm`n`^pm``h\dg\^^jpio source:Booklet/en/Scenario1/01.png Few webmail providers ofer NNG access to your email. Yahoo and When you are visiting a secure website, its address will begin with Hotmail, for instance, provide a secure connection while you log in, COOKN. to protect your password, but your messages themselves are sent and received insecurely. In addition, Yahoo, Hotmail and some other free source:Booklet/en/Scenario1/02.png webmail providers insert the DK\__m`nnof the computer you are using Te extraN on the end signifes that your computer has opened a secure into all of the messages you send. connection to the website. You may also notice a ‘lock’ symbol, either Gmail accounts, on the other hand, can be used entirely through a in the \__m`nn]\m or in the no\opn]\m at the botom of your browser secure connection, as long as you login to your account from htps:// window. Tese are clues to let you know that anyone who might be mail..com (with the COOKN), rather than htp://mail.google. monitoring your Internet connection will no longer be able to eaves- com. In fact, you can now set a preference that tells Gmail always to drop on your communication with that particular website. use a secure connection. And, unlike Yahoo or Hotmail, Gmail avoids In addition to protecting passwords and fnancial transactions, revealing your DK\__m`nnto email recipients. However, it is not recom- this type of `i^mtkodji is perfect for securing your webmail. How- mend that you rely entirely on Google for the confdentiality of your ever, many webmail providers do not ofer secure access, and others sensitive email communication. Google scans and records the content require that you enable it explicitly, either by seting a preference or by of its users’ messages for a wide variety of purposes and has, in the past, typing in the COOKN manually. You should always make sure that your conceded to the demands of governments that restrict digital freedom. connection is secure before logging in, reading your email, or sending a See the Further reading section for more information about Google’s message. privacy policy. You should also pay close atention if your browser suddenly be- If possible, you should create a new Mdn`pk email account by visit- gins to complain about invalid n`^pmdot^`modÙ^\o`n when atempting ing htps://mail.riseup.net. Riseup ofers free email to activists around to access a secure webmail account. It could mean that someone is tam- the world and takes great care to protect the information stored on their pering with the communication between your computer and the server servers. Tey have long been a trusted resource for those in need of se- in order to intercept your messages. Finally, if you rely on webmail to cure email solutions. And, unlike Google, they have very strict policies exchange sensitive information, it is important that your browser be as regarding their users’ privacy and no commercial interests that might reliable as possible. Consider installing Mozilla Firefox and its security- some day confict with those policies. In order to create a new Riseup related add-ons. account, however, you will need two ‘invite codes.’ Tese codes can be given out by anyone who already has a Riseup account. If you have a bound copy of this booklet, you should have received your ‘invite codes’ C\i_n(ji5B`ono\mo`_rdococ`Adm`ajsBpd_` along with it. Otherwise, you will need to fnd two Riseup users and ask them each to send you a code. K\]gj5One of the guys who’s going to be working on this report with us tends to use his Yahoo webmail account when he’s not in the ofce.And C\i_n(ji5B`ono\mo`_rdoc I seem to remember somebody else using Hotmail. If I send a message to oc`Mdn`pkBpd_` these guys, can other people read it? Both Gmail and Riseup are more than just webmail providers. Tey can >g\p_d\5 Probably. Yahoo, Hotmail and plenty of other webmail also be used with an email client, such as Mozilla Ocpi_`m]dm_, that providers have insecure websites that don’t protect the privacy of their supports the techniques described under Advanced email security. Ensur-

4, 4- ing that your email client makes an `i^mtko`_ connection to your monitoring your Internet connection. And, depending on the extent provider is just as important as accessing your webmail through COOKN. of Internet fltering in your country, you may need to use Tor, or one If you use an email client, see the Tunderbird Guide for additional of the other circumvention tools described in chapter 8, just to access details. A the very least, however, you should be sure to enable SSL or a secure email provider such as Riseup or Gmail. encryption for both your incoming and outgoing mail servers. jWhen creating an account that you intend to use while remaining anonymous from your own email recipients, or from public forums K\]gj5 So, should I switch to using Riseup or I can keep using Gmail, to which you might post messages by email, you must be careful not and just switch to the secure ‘htps’ address? to register a username or ‘Full Name’ that is related to your personal or professional life. In such cases, it is also important that you avoid >g\p_d\5 It’s your call, but there are a few things you should defnitely using Hotmail, Yahoo, or any other webmail provider that includes consider when choosing an email provider. First, do they ofer a secure your DK\__m`nn in the messages you send. connection to your account? Gmail does, so you’re OK there. Second, do jDepending on who might have physical access to your computer, you trust the administrators to keep your email private and not to read clearing email-related traces from your temporary fles might be just through it or share it with others? Tat one’s up to you. And, fnally, you as important as protecting your messages as they travel across the need to think about whether or not it’s acceptable for you to be identifed Internet. See Chapter 6: How to destroy sensitive information and the with that provider. In other words, will it get you in trouble to use an CCleaner Guide for details. email address that ends in ‘riseup.net’, which is known to be popular among activists, or do you need a more typical ‘gmail.com’ address? ODKNJIM@NKJI?DIBOJNPNK@>O@?@H@ Regardless of what secure email tools you decide to use, keep in mind If you suspect that someone is already monitoring your email, you may that every message has a sender and one or more recipients. You want to create a new account and keep the old one as a decoy. Remem- yourself are only part of the picture. Even if you access your email ac- ber, though, that any account with which you have exchanged email in count securely, consider what precautions your contacts may or may the past may now be under surveillance as well. As a result, you should not take when sending, reading and replying to messages. Try to learn observe some additional precautions: where your contacts’ email providers are located, as well. Naturally, jBoth you and your recent email contacts should create new accounts some countries are more aggressive than others when it comes to email and connect to them only from locations, such as Internet cafes, that surveillance. To ensure private communication, you and your contacts you have never used before. We recommend this strategy in order should all use secure email services hosted in relatively safe countries. to prevent connections from your usual computer, which may be And, if you want to be certain that messsages are not intercepted monitored, from giving away the location of your new account. As an between your email server and a contact’s email server, you might all alternative, if you must login to your new account from your normal choose to use accounts from the same provider. Mdn`pk is one good location, you can use one of the tools described in Chapter 8: How to choice. remain anonymous and bypass censorship on the Intenret, to hide these connections. <__dodji\godknjidhkmjqdibtjpm`h\dgn`^pmdot jExchange information about these new email addresses only through jAlways use caution when opening email atachments that you are not secure channels, such as a face-to-face meetings, secure instant mes- expecting, that come from someone you do not know or that contain sages or encrypted QjDKconversations. suspicious subject lines. When opening emails like this, you should jKeep the trafc on your old account mostly unchanged, at least for ensure that your anti-virus sofware is up-to-date and pay close aten- a while. It should appear to the eavesdropper as if you are still using tion to any warnings displayed by your browser or email program. that account for sensitive communication. Presumably, you will want jUsing anonymity sofware like Ojm, which is described in Chapter 8: to avoid revealing critical information, but you should try not to How to remain anonymous and bypass censorship on the Internet, can make it obvious that you are doing so. As you can imagine, this may help you hide your chosen email service from anyone who might be be somewhat challenging.

4. 4/ jMake it difcult to link your actual identity to your new account. Do fom malware and hackers addresses the virtues of Free and Open- not send email between the new account and your old accounts (or Source Sofware (AJNN) in the Keeping your sofware up-to-date section. the accounts of any contacts whom you think may also be moni- In short, you are beter of using , with the OTR plugin, for secure tored). instant messaging. jBe aware of what you write when using your new account. It is best to avoid using real names and addresses or phrases like ‘human rights’ or K\]gj5 If Yahoo webmail is insecure, does that mean that Yahoo Chat is ‘torture.’ Develop an informal code system with your email contacts insecure, too? and change it periodically. jRemember, email security is not just about having strong technical >g\p_d\5Te thing to remember is that, if we want to use instant defences. It is about paying atention to how you and your email con- messaging to discuss this report, we need to make sure that everyone tacts communicate with each other, and about remaining disciplined involved has Pidgin and OTR installed. If they do, we can use Yahoo chat in your non-technical security habits. or any other chat service.

N@>PMDIBJOC@MDIO@MI@O>JHHPID>

Pndibkp]gd^f`t`i^mtkodjidi`h\dg C\i_n(ji5B`ono\mo`_rdoc It is possible to achieve a greater level of email privacy, even with a non- oc`Kd_bdiBpd_` secure email account. In order to do this, you will need to learn about public key `i^mtkodji. Tis technique allows you to encode individual Nftk`, which is a common QjDK tool, also supports instant messaging. messages, making them unreadable to anyone but the intended recipi- While using Skype is probably more secure than using one of the alter- ents. Te ingenious aspect of public key encryption is that you don’t natives without the JOMplugin, it has two important drawbacks. First, it have to exchange any secret information with your contacts about how only allows you to chat with other Skype users, whereas Kd_bdi can be you are going to encode messages in the future. used to communicate securely with nearly all other instant messaging services. Second, because it is closed-source, it is impossible to verify K\]gj5But how does all this work? the strength of its `i^mtkodji. Chapter 1: How to protect your computer >g\p_d\5 Clever mathematics! You encode messages to a given email

40 41 contact using her special ‘public key,’ which she can distribute feely. considered from the perspective of the recipient. Imagine, for example, Ten, she uses her secret ‘private key,’ which she has to guard carefully, in the threat posed by an email that appears to be from a trusted contact order to read those messages. In turn, your contact uses your public key but is actually from someone whose goal is to disrupt your activities or to encrypt messages that she writes to you. So, in the end, you do have to learn sensitive information about your organisation. exchange public keys, but you can share them openly, without having to Because we cannot see or hear our correspondents through email, worry about the fact that anybody who wants your public key can get it. we typically rely on a sender’s address to verify her identity, which is why we are so easily fooled by fake emails. ?dbdo\gndbi\opm`n, which Tis technique can be used with any email service, even one that lacks also rely on public key `i^mtkodji, provide a more secure means of a secure communication channel, because individual messages are proving one’s identity when sending a message. Te How to use Enigmail `i^mtko`_ before they leave your computer. with Tunderbird section of the Tunderbird Guide explains in detail how Remember that, by using encryption, you could atract atention to this is done. yourself. Te type of encryption used when you access a secure website, including a webmail account, is ofen viewed with less suspicion than K\]gj5 I had a colleague once who received email fom me that I the type of public key encryption being discussed here. In some circum- didn’t send. We decided, in the end, that it was just spam, but now I’m stances, if an email containing this sort of encrypted data is intercepted imagining how much damage could be done if a fake email appeared in or posted to a public forum, it could incriminate the person who sent the wrong person’s inbox at the wrong time. I’ve heard you can prevent it, regardless of the message’s content. You might sometimes have to this kind of thing with digital signatures, but what are they? choose between the privacy of your message and the need to remain inconspicuous. >g\p_d\5 A digital signature is like a wax seal over the fap of an envelope with your leter inside. Except that It can’t be forged. It proves that you @i^mtkodib\i_\poc`iod^\odibdi_dqd_p\gh`nn\b`n are the real sender of the message and that it hasn’t been tampered with Public key encryption may seem complicated at frst, but it is quite along the way. straightforward once you understand the basics, and the tools are not difcult to use. Te Mozilla Ocpi_`m]dm_email program can be used APMOC@MM@

42 43 are a number of websites that explain how to use your email program with various popular email providers while leaving a copy of your messages on the mail server: j Te Riseup [8] website j Instructions on using Gmail [9] j Instructions on how to import your gmail contacts into Tunderbird [10]  jFor details on how to use other email services in this way, search the help section of the provider’s website for keywords like ‘POP’, ‘IMAP’ and ‘SMTP’.

GDIFN [1] www..com/pc [2] www.google.com/talk [3] www.voice.yahoo.com [4] www.download.live.com/?sku=messenger [5] www.fontlinedefenders.org/manual/en/esecman [6] htps://mail.google.com/mail/help/intl/en/privacy.html [7] www.news.cnet.com/8301-13578_3-9962106-38.html [8] htp://help.riseup.net/mail/mail-clients [9] htps://mail.google.com/support/bin/topic.py?topic=12805 [10] www.email.about.com/od/mozillathunderbirdtips/qt/et_gmail_addr.htm

44 45 4 Dkspknai]ej]jkjuikqo ]j`^ul]oo_ajoknodel kjpdaEjpanjap

5, 5- 3)Cjrojm`h\di\ijithjpn\i_]tk\nn  ^`injmncdkjioc`Dio`mi`o

Many countries around the world have installed sofware that prevents Internet users within those countries from accessing certain websites and Internet services. Companies, schools and public libraries ofen use similar sofware to protect their employees, students and patrons from material that they consider distracting or harmful. Tis kind of fltering technology comes in a number of diferent forms. Some flters block a site based on its DK\__m`nn, while others blacklist certain _jh\di i\h`nor search through all unencrypted Internet communication, looking for specifc keywords. Regardless of what fltering methods are present, it is nearly always possible to evade them by relying on intermediary computers, outside your country, to reach blocked services for you. Tis process is ofen called censorship circumvention, or simply ^dm^phq`iodji, and the intermediary computers are called kmjsd`n. Proxies, too, come in many diferent forms. Tis chapter includes a brief discussion of multiple- proxy anonymity networks followed by a more thorough description of basic ^dm^phq`iodjikmjsd`n and how they work. Both of these methods are efective ways to evade Internet flters, although the former is most appropriate if you are willing to sacrifce speed in order to keep your Internet activities as anonymous as possible. If you know and trust the individual or organization that operates your proxy, or if performance is more important to you than anonymity, then a basic circumvention proxy might serve you beter.

=\^fbmjpi_n^`i\mdj H\injpm\i_H\b_\\m`nd]gdibn'di\i

5. 5/ oc`dmjri^jpiomt'rcjrjpg_joc`mrdn`gjn`\^^`nnoj TjpmDio`mi`o^jii`^odji oc`]gjb) Te frst step of your connection to the Internet is typically made through an Internet Service Provider (DNK) at your home, ofce, school, Rc\otjp^\ig`\miamjhocdn^c\ko`m library or Internet cafe. Te ISP assigns your computer an DK\__m`nn, j How to access a website that is blocked from within your country which various Internet services can use to identify you and send you j How to prevent websites that you visit from knowing your location information, such as the emails and webpages you request. Anyone j How to ensure that neither your DNK nor a surveillance organization who learns your IP address can fgure out what city you are in. Certain in your country can determine which websites and Internet services well-connected organisations in your country, however, can use this you visit information to determine your precise location.

PI?@MNO@INJMNCDK j TjpmDNK will know which building you are in or which phone line Research carried out by organisations like the OpenNet Initiative (ONI) you are using if you access the Internet through a modem. [1] and Reporters Without Borders (RSF) [2] indicates that many j TjpmDio`mi`o^\a`'gd]m\mtjm]pndi`nn will know which com- countries flter a wide variety of social, political and ‘national security’ puter you were using at a given time, as well as which port or wireless content, while rarely publishing precise lists of what has been blocked. access point you were conncted to. Naturally, those who wish to control their citizens’ access to the Internet j Bjq`mih`io\b`i^d`n may know all of these details, as a result of also make a special efort to block known proxies and websites that ofer their infuence over the organisations above. tools and instruction to help people circumvent these flters. Despite the guarantee of free access to information enshrined in At this stage, your DNK relies on the network infrastructure in your coun- Article 19 of the Universal Declaration of Human Rights, the number try to connect its users, including you, with the rest of the world. On the of countries engaged in Internet censorship has continued to increase other end of your connection, the website or Internet service you are dramatically over the past few years. As the practice of Internet fltering accessing has gone through a similar process, having received its own IP spreads throughout the world, however, so does access to the circum- addresses from an ISP in its own country. Even without all of the techni- vention tools that have been created, deployed and publicised by activ- cal details, a basic model like this can be helpful when considering the ists, programmers and volunteers. various tools that allow you get around flters and remain anonymous Before exploring the various ways to bypass Internet censorship, on the Internet. you should frst develop a basic understanding of how these flters work. In doing so, it may be helpful to consider a greatly-simplifed model of Cjrr`]ndo`n\m`]gj^f`_ your connection to the Internet. Essentially, when you go to view a webpage, you are showing the site’s DK\__m`nn to your DNK and asking it to connect you with the webserv- jaÙ^`* DNK Dio`mi`o er’s ISP. And, if you have an unfltered Internet connection, it will do Dio`mi`o^\a` precisely that. If you are in a country that censors the Internet, however, it will frst consult a ]g\^fgdno of forbidden websites and then decide whether or not to comply with your request. In some cases, there may be a central organisation that handles fltering in place of the DNKn themselves. Ofen, a blacklist will contain _jh\dii\h`n, such as www..com, rather than DK\__m`nn`n. And, in some countries, fltering sofware monitors your connection, b\o`r\t rather than trying to block specifc Internet addresses. Tis type of sofware scans through the requests that you make and the pages that are returned to you, looking for sensitive key words and then deciding whether or not to let you see the results.

50 51 And, to make maters worse, when a webpage is blocked you may not even know it. While some flters provide a ‘block page’ that explains why a particular page has been censored, others display misleading error messages. Tese messages may imply that the page cannot be found, for example, or that the address was misspelled. kmjstn`mq`m In general, it is easiest to adopt a worst-case perspective toward Internet censorship, rather than trying to research all of the particular strengths and weaknesses of the fltering technologies used in your DNK rrr)]gjbb`m)^jh country. In other words, you might as well assume that: j Your Internet trafc is monitored for keywords j Filtering is implemented directly at the DNK level a circumvention proxy. If that happens, its DK\__m`nn may itself be j Blocked sites are]g\^fgdno`_ by both their DK\__m`nn`n and their added to the blacklist, and it will no longer work. It usually takes some _jh\dii\h`n time for proxies to be blocked, however, and those who create and j You may be given an unclear or misleading reason to explain why a update circumvention tools are well aware of this threat. Tey typically blocked site fails to load. fght back using one or both of the following methods: Because the most efective circumvention tools can be used regardless of which fltering methods are in place, it does not generally do any j Cd__`ikmjsd`nare more difcult to identify. Tis is one of the harm to make these pessimistic assumptions reasons why it is important to use secure proxies, which tend to be less obvious. @i^mtkodji is only part of the solution, however. Te H\injpm5So, if I fnd one day that I can’t access the blog, but a fiend in operators of a proxy must also take care when revealing its location to another country can still see it just fne, does that mean the government new users if they want it to remain hidden. has blocked it? j ?dnkjn\]g`kmjsd`n can be replaced very quickly afer they are blocked. In this case, the process of telling users how to fnd replace- H\b_\5Not necessarily. Tere could be some problem that only afects ment proxies may not be particularly secure. Instead, circumvention people who are trying to reach the website fom here. Or, it could be tools of this type ofen simply try to distribute new proxies faster than some issue with your computer that only shows up on certain types of they can be blocked. webpages. You’re on the right track, though. You could also try visiting it yourself while using a circumvention tool. Afer all, most of these In the end, as long as you can reach a kmjst that you trust to fetch the tools rely on external proxy servers, which is a bit like asking a fiend in services you ask for, all you have to do is send it your requests and view another country to test a website for you, except you get to do it yourself. whatever comes back using the appropriate Internet application. Typi- cally, the details of this process are handled automatically by circum- PI?@MNO@INJMNCDK>DM>PHQ@IODJI vention sofware that you install on your computer, by modifying your If you cannot go prodirectly to a website because it is blocked by one browser setings or by pointing your browser to a web-based proxy page. of the methods discussed above, you will need to fnd a way around Te Ojmanonymity network, described below, uses the frst method. the obstruction. A secure kmjst server, located in a country that does Following that is a discussion of basic, single-proxy circumvention tools, not flter the Internet, can provide this kind of detour by fetching the each of which works in a slightly diferent manner. webpages you request and delivering them to you. From your DNK’s perspective, you will simply appear to be communicating securely with KMJSTN@MQ@MN an unknown computer (the proxy server) somewhere on the Internet.

52 53 reduce the speed at which you are able to load websites and other j Potentially safer if you are concerned about being ‘caught’ with Internet services. In the case of Tor, however, it also provides a reliable, circumvention sofware on your computer secure and public means of circumvention that saves you from having Web-based proxies tend to have certain disadvantages, as well. Tey do to worry about whether or not you trust the individuals who operate not always display pages correctly, and many web-based proxies will fail your proxies and the websites you visit. As always, you must ensure that to load complex websites, including those that feature streaming audio you have an encrypted connection, using COOKN, to a secure website and video content. Also, while any proxy will slow down as it gains more before exchanging sensitive information, such as passwords and emails, users, this tends to be more of an issue with public web-based proxies. through a browser. And, of course, web-based proxies only work for webpages. You can You will have to install sofware to use Ojm, but the result is a not, for example, use an instant messaging program or an email client to tool that provides anonymity as well as circumvention. Each time you access blocked services through a web-based proxy. Finally, secure web- connect to the Tor network, you select a random path through three based proxies ofer limited confdentiality because they must themselves secure Ojmkmjsd`n. Tis ensures that neither your ISP nor the proxies access and modify the information returned to you by the websites you themselves know both your computer’s DK\__m`nnand the location of visit. If they did not, you would be unable to click on a link without leav- the Internet services you request. You can learn much more about this ing the proxy behind and atempting to make a direct connection to the tool from the Tor Guide. target webpage. Tis is discussed further in the following section. Other types of proxies generally require you to install a program C\i_n(ji5B`ono\mo`_rdoc or confgure an external proxy address in your browser or operating sys- oc`OjmBpd_` tem. In the frst case, your circumvention program will typically provide some way of turning the tool on and of, which will tell your browser whether or not to use the proxy. Sofware like this ofen allows you One of Tor’s strengths is that it does not just work with a browser but to change proxies automatically if one is blocked, as discussed above. can be used with various types of Internet sofware. Email programs, in- If you have to confgure an external proxy address in your browser or cluding Mozilla Ocpi_`m]dm_, and instant messaging programs, includ- operating system, you will need to learn the correct proxy address, ing Kd_bdi, can operate through Tor, either to access fltered services or which may change if that proxy is blocked or slows down so much that it to hide your use of those services. becomes unusable. =\nd^^dm^phq`iodjikmjsd`n Although it may be slightly more difcult to use than a web-based proxy, this method of circumvention is more likely to display complex Tere are three important questions that you should consider when se- pages correctly and may take longer to slow down as more people begin lecting a basic circumvention kmjst. First, is it a web-based tool or does to use a given proxy server. Furthermore, proxies can be found for a it require you to change setings or install sofware on your computer? number of diferent Internet applications. Examples include HTP prox- Second, is it secure? Tird, is it private or public? ies for browsers, SOCKS proxies for email and chat programs and VPN R`](]\n`_\i_joc`mkmjsd`n5 proxies, which can redirect all of your Internet trafc to avoid fltering. Web-based kmjsd`n are probably the easiest to use. Tey require only N`^pm`\i_din`^pm`kmjsd`n5 that you point your browser at a proxy webpage, enter the fltered A secure proxy, in this chapter, refers to any kmjst that supports address you wish to view and click one buton. Te proxy will then `i^mtko`_ connections from its users. An insecure proxy will still allow display the requested content inside its own webpage. You can follow you to bypass many types of fltering, but will fail if your Internet con- links normally or enter a new address into the proxy if you want to view nection is being scanned for key words or particular website addresses. a diferent page. You do not need to install any sofware or change any It is a particularly bad idea to use an insecure proxy when accessing browser setings, which means that web-based proxies are: websites that are normally encrypted, such as webmail accounts and j Easy to use banking websites. By doing so, you may expose sensitive information j Reachable from public computers, such as those at Internet cafes, that that would normally be hidden. And, as mentioned previously, insecure may not allow you to install programs or change setings

54 55 proxies are ofen easier for those who update Internet fltering sofware sult, even though public proxies may be as technically sophisticated and and policies to discover and block. In the end, the fact that free, fast, well-maintained as private ones, they are ofen relatively slow. Finally, secure proxies exist means that there are very few good reasons to setle private proxies tend to be run either as for-proft businesses or by ad- for an insecure one. ministrators who create accounts for users that they know personally or You will know that a web-based proxy is secure if you can access socially. Because of this, it is generally easier to determine what motivates the proxy webpage itself using an COOKN address. As with webmail the operators of a private proxy. You should not assume, however, that services, secure and insecure connections may be supported, so you private proxies are therefore fundamentally more trustworthy. Afer all, should be certain to use the secure address. Ofen, in such cases, you the proft motive has led online services to expose their users in the past. will have to accept a ‘security certifcate warning’ from your browser in Simple, insecure, public proxies can ofen be found by searching order to continue. Tis is the case for both the Kndkcji and K`\^`Ùm` for terms like ‘public proxy’ in a search engine, but you should not rely proxies, discussed below. Warnings like this tell you that someone, such on proxies discovered this way. Given the choice, it is beter to use a as your ISP or a hacker, could be monitoring your connection to the private, secure proxy run by people that you know and trust, either proxy. Despite these warnings, it is still a good idea to use secure proxies personally or by reputation, and who have the technical skill to keep whenever possible. However, when relying on such proxies for circum- their server secure. Whether or not you use a web-based proxy will vention, you should avoid visiting secure websites, entering passwords depend on your own particular needs and preferences. Any time you are or exchanging sensitive information unless you verify the proxy’s SSL using a proxy for circumvention, it is also a good idea to use the Adm`ajs fngerprint. In order to do this, you will need a way of communicating browser and to install the NoScript browser extension, as discussed in with the proxy’s administrator. the Firefox Guide. Doing so can help protect you both from malicious Appendix C of the Psiphon User’s Guide [3] explains the steps that kmjsd`n and from websites that might try to discover your real DK both you and the proxy administrator should follow in order to verify \__m`nn. Finally, keep in mind that even an encrypted proxy will not the proxy’s fngerprint. make an insecure website secure. You must still ensure that you have an You should also avoid accessing sensitive information through a COOKN connection before sending or receiving sensitive information. web-based proxy unless you trust the person who runs it. Tis applies If you are unable to fnd an individual, organisation or company regardless of whether or not you see a security certifcate warning when whose proxy service you consider trustworthy, afordable and acces- you visit the proxy. It even applies if you know the proxy operator well sible from your country, you should consider using the Tor anonymity enough to verify the server’s fngerprint before directing your browser network, which is discussed above, under Anonymity networks. to accept the warning. When you rely on a single proxy server for circumvention, its administrator will always know your IP address and NK@>DAD>>DM>PHQ@IODJIKMJSD@N which websites you are accessing. More importantly, however, if that Below are a few specifc tools and proxies that can help you circumvent proxy is web-based, a malicious operator could gain access to all of the Internet fltering. New circumvention tools are produced regularly, information that passes between your browser and the websites you and existing ones are updated frequently, so you should visit the online visit, including the content of your webmail and your passwords. Security in-a-Box website, and the resources mentioned in the Further For proxies that are not web-based, you may have to do a litle reading section below, to learn more. research to determine whether or not secure connections are supported. All of the proxies and anonymity networks recommended in this chap- N`n\r`CjonkjoNcd`g_is a public, secure, non-web-based, freeware ter are secure. circumvention proxy. In order to use it, you will need to download the [4] and install it. Te company that develops Hotspot Shield Kmdq\o`\i_kp]gd^kmjsd`n5 tool receives funding from advertisers, so you will see a ‘banner ad’ at the Public proxies accept connections from anyone, whereas private top of your browser window whenever you use it to visit websites that kmjsd`ntypically require a username and password. While public prox- do not provide `i^mtkodji. Although it is impossible to verify, this ies have the obvious advantage of being freely available, assuming they company claims to delete the DK\__m`nn`nof those who use the tool, can be found, they tend to become overcrowded very quickly. As a re- rather than storing or sending them to advertisers. Because Hotspot

-,, -,- Shield relies on a Virtual Private Network (VPN), your entire Internet APMOC@MM@

-,. -,/ Chkoo]nu

-,0 -,1 Bgjnn\mt

Some of the technical terms that you will encounter as you read through these chapters are defned below:

>g`\i`m- A freeware tool that removes temporary fles and potentially sensitive traces lef on your hard drive by programs that you have used recently and by the Windows operating system itself >?=pmi`m- A computer CD-ROM drive that can write data on blank CDs. DVD burners can do the same with blank DVDs. CD-RW and DVD-RW drives can delete and rewrite information more than once on the same CD or DVD. >dm^phq`iodji - Te act of bypassing Internet flters to access blocked websites and other Internet services >g\hRdi- A FOSS Anti-virus program for Windows >j]d\i=\^fpk - A FOSS backup tool. At any given time, the most recent version of Cobian is closed-source freeware, but prior versions are released as FOSS. >jhj_jAdm`r\gg- A freeware frewall tool >jjfd`- A small fle, saved on your computer by your browser, that can be used to store information for, or identify you to, a particular website ?dbdo\gndbi\opm`- A way of using encryption to prove that a particular fle or message was truly sent by the person who claims to have sent it ?jh\dii\h` - Te address, in words, of a website or Internet service; for example: security.ngoinabox.org @i^mtkodji - A way of using clever mathematics to encrypt, or scramble, information so that it can only be decrypted and read by someone who has a particular piece of information, such as a pass- word or an encryption key @idbh\dg- An add-on for the Tunderbird email program that allows it to send and receive encrypted and digitally signed email @m\n`m- A tool that securely and permanently deletes information from your computer or removable storage device

-,2 -,3 Adm`ajs- A popular FOSS Web browser that provides an alternative to computer hardware or from other physical risks, such as breakage, Microsof Internet Explorer accidents or natural disasters Adm`r\gg- A tool that protects your computer from untrusted connec- Kd_bdi - A FOSS instant messaging tool that supports an encryption tions to or from local networks and the Internet plugin called Of the Record (OTR) AJNN#Am``\i_Jk`iNjpm^`Njaor\m`$ - Tis family of sofware is Kmjst- An intermediary service through which you can channel some available free of charge and has no legal restrictions to prevent a user or all of your Internet communication and that can be used to bypass from testing, sharing or modifying it Internet censorship. A proxy may be public, or you may need to log in Am``r\m`- Includes sofware that is free of charge but subject to legal with a username and password to access it. Only some proxies are se- or technical restrictions that prevent users from accessing the source cure, which means that they use encryption to protect the privacy of code used to create it the information that passes between your computer and the Internet BIP*Gdips - A FOSS operating system that provides an alternative to services to which you connect through the proxy. Microsof Windows Kmjkmd`o\mtnjaor\m` - Te opposite of Free and Open-Source Sof- C\^f`m - In this context, a malicious computer criminal who may be ware (FOSS). Tese applications are usually commercial, but can also trying to access your sensitive information or take control of your be freeware with restrictive license requirements. computer remotely Mdn`pk - An email service run by and for activists that can be accessed COOKN - When you are connected to a website through SSL, the ad- securely either through webmail or using an email client such as dress of the website will begin with HTPS rather than HTP. Mozilla Tunderbird DK\__m`nn#Dio`mi`oKmjoj^jg\__m`nn$ – A unique identifer as- Mjpo`m - A piece of networking equipment through which comput- signed to your computer when it is connected to the Internet ers connect to their local networks and through which various local DNK#Dio`mi`oN`mqd^`Kmjqd_`m$ - Te company or organisation that networks access the Internet. Switches, gateways and hubs perform provides your initial link to the Internet. Te governments of many similar tasks, as do wireless access points for computers that are countries exert control over the Internet, using means such as flter- properly equipped to use them ing and surveillance, through the ISPs that operate in those countries. N`^pm`k\nnrjm__\o\]\n`- A tool that can encrypt and store your F`tgjbb`m- A type of spyware that records which keys you have passwords using a single master password typed on your computer’s keyboard and sends this information to a NNG#N`^pm`Nj^f`onG\t`m$ – Te technology that permits you to third party. Keyloggers are frequently used to steal email and other maintain a secure, encrypted connection between your computer and passwords. some of the websites and Internet services that you visit. F``K\nn- A freeware secure password database N`^pmdot^`modÙ^\o` - A way for secure websites and other Internet Gdq`>?- A CD that allows your computer to run a diferent operating services to prove, using encryption, that they are who they claim to system temporarily. be. In order for your browser to accept a security certifcate as valid, H\gr\m` - A general term for all malicious sofware, including viruses, however, the service must pay for a digital signature from a trusted spyware, trojans, and other such threats organization. Because this costs money that some service operators Hi`hjid^_`qd^`- A simple trick that can help you remember com- are unwilling or unable to spend, however, you will occasionally see a plex passwords security certifcate error even when visiting a valid service. IjN^mdko- A security add-on for the Firefox browser that protects N`^pmdotkjgd^t- A writen document that describes how your organi- you from malicious programs that might be present in unfamiliar zation can best protect itself from various threats, including a list of webpages steps to be taken should certain security-related events take place JOM#Jaaoc`M`^jm_$ - An encryption plugin for the Pidgin instant N`^pmdot^\]g`- A locking cable that can be used to secure a laptop messaging program or other piece of hardware, including external hard drives and some K`\^`Ùm` - Subscribers to this free service receive periodical emails desktop computers, to a wall or a desk in order to prevent it from containing an updated list of circumvention proxies, which can be being physically removed used to bypass Internet censorship N`mq`m - A computer that remains on and connected to the Internet in Kctnd^\gocm`\o - In this context, any threat to your sensitive informa- order to provide some service, such as hosting a webpage or sending tion that results from other people having direct physical access your and receiving email, to other computers

-,4 -,5 NDH^\m_- A small, removable card that can be inserted into a mobile phone in order to provide service with a particular mobile phone company. SIM cards can also store phone numbers and text mes- sages. Nftk` - A freeware Voice over IP (VoIP) tool that allows you to speak with other Skype users for free and to call telephones for a fee. Te company that maintains Skype claims that conversations with other Skype users are encrypted. Because it is a closed-source tool, there is no way to verify this claim. www.skype.com Njpm^`^j_`- Te underlying code, writen by computer programmers, that allows sofware to be created. Te source code for a given tool will reveal how it works and whether it may be insecure or malicious. DISCLAIMER Nkt]jo - A freeware anti-malware tool that scans for, removes and helps Software and documentation in this collection of “NGO in a protect your computer from spyware Box - Security Edition” is provided “as is” and we exclude No`b\ijbm\kct - Any method of disguising sensitive information and expressly disclaim all express and implied warranties or conditions of any kind, either express or implied, including, so that it appears to be something else, in order to avoid drawing but not limited to, the implied warranties of merchant- unwanted atention to it ability and ftness for a particular purpose so far as such Nr\kÙg`- A fle on your computer to which information, some of disclaimer is permitted. In no event shall Front Line Tactical Technology Collective or any agent or representatives there- which may be sensitive, is occasionally saved in order to improve of be liable for any direct, indirect, incidental, special, performance exemplary, or consequential damages (including, but not Ocpi_`m]dm_- A FOSS email program with a number of security fea- limited to, procurement of substitute goods or services; loss tures, including support for the Enigmail encryption add-on of use, data, or profts; or business interruption), however caused under any theory of liability, arising in any way out Ojm- An anonymity tool that allows you to bypass Internet censorship of the use of or inability to make use of this software, even and hide the websites and Internet services you vist from anyone who if advised of the possibility of such damage. Nothing in this may be monitoring your Internet connection, while also disguising disclaimer affects your statutory rights. your own location from those websites Omp`>mtko - A FOSS fle encryption tool that allows you to store sensi- tive information securely Pi_`g`o`Kgpn- A freeware tool that can sometimes restore informa- tion that you may have deleted accidentally Pidio`mmpko\]g`Kjr`mNpkkgt#PKN$ - A piece of equipment that allows your critical computing hardware to continue operating, or to shut down gracefully, in the event of a brief loss of power Q\pog`oNpdo`-Bj - A Freeware encrypted email program Qjd^`jq`mDK#QjDK$– Te technology that allows you to use the Inter- net for voice communication with other VoIP users and telephones Rcdo`gdno- A list of websites or Internet services to which some form of access is permited, when other sites are automatically blocked HO Rdkdib- Te process of deleting information securely and permanently KK =  P J Tjpm(Am``_jh- A freeware circumvention tool that allows you to U @ 

? P bypass fltering by connecting to the Internet through a private proxy. = =

If Your-Freedom is confgured properly, your connection to these ? ? P K

E

R

proxies will be encrypted in order to protect the privacy of your com- ?

@

O

=

  B N munication. K

--, ---