By @AnonyOdinn (Published May 23, 2013 / Republished July 10, 2014)
If you’ve read the news lately, you’ve pretty much caught the drift of what’s going on. Surveillance is fast spreading to become a universal problem, governments are becoming the largest sponsors and purchasers of intrusive malware, and for all intents and purposes, all so-called “secure” systems are, simply put, not secure – at least not from governmental intrusion, and certainly not from the steady increase of corporate intrusion – a growing problem in a world where the concept of an open and free net is more at risk than ever.
The purpose of this simple tutorial is to provide some encryption for beginners. No lies here, the process of setting up software that helps protect your privacy, is not as easy as just using facebook or installing an ordinary browser. It takes a little (but not much) work. Fortunately, you don’t need to have any technical skill at all in order to set up and use these tools. The guidance is here for you. The purpose of programs which provide good encryption, with off-the-record communication, is to provide you with privacy you deserve. This is needed for ordinary people. Even the people at NASA, should consider using these tools: They are two examples of people who have been taken offline by copyright robots that auto-detected “violations” of a NASA Mars Curiosity Rover youtube stream and took them offline. Does having gmail help you? It wasn’t enough for General Petraeus to hide his intimate affairs with Broadwell: If it can happen to them, It can happen to you too. But – not if you are using good encryption tools and software that hides your “address” online. To do this: You need simple tools that facilitate privacy, security, and a certain level of anonymity to help avoid problems from happening to you. This will help you do that.
This is not a tutorial on hacking. This is simply about maintaining your privacy.
A couple of points before you proceed. No system is perfect — the following recommendations are good, but are not guaranteed to protect you perfectly in every circumstance. The level of encryption and protection of your privacy provided below is designed to protect you from most corporations and governments most of the time. It is said, “most of the time,” because security is never guaranteed – you yourself must determine your appropriate level of security and ensure that your communication (and by extension, yourself) are kept safe.
If you are a journalist, or if you have special reason to believe you may be the subject of an active investigation due to your being named in a pending case or other similar matter, you should take other precautions, including reducing your online exposure when you are active in the field. If you fall into one of those categories, consider seeking a professional consultation with a computer security firm that can provide you with services tailored to protect you in a way that is particular to your needs and situation. Shop around. None will be specifically recommended for you here. For general recommendations and thoughts on various subjects, see the privacy pack.
Grab a pen and paper (or just open up a pad on your screen)
Now go to the IP Checker and make a note of what you see, save the result.
This will be important for later.
The Tor Project
Perhaps you’ve heard of this. The TOR project, simply put, will be a new browser for you to install which will help anonymize your online activity. Basically it helps hide the address where you reside online while you are active online. There’s not much to it. Just install the browser.
However, if you are installing TOR in Ubuntu or Debian, please read this install guidance all the way through.
Go here for any difficulties or general TOR questions.
It is recommended to leave general entry/exit up to the Tor anonymizing network.
If you ever have to troubleshoot TOR or deal with a problem you encounter with TOR on the fly, this is an excellent resource. Do not wait until you have problems to read this. Read it now, it may save you trouble already. Firefox users and those using proxies in particular.
The Tor Project: Tor Tails
This is a part of the TOR project you can use on a computer if you don’t want to install TOR but if you do want to run TOR to partially anonymize your online activity. This is helpful if you need to run TOR on a workstation you are not normally doing your thing on. TOR tails runs from a USB stick or a DVD or CD. That’s right, you don’t have to install it on your computer.
Tails is a complete operating system (it does not just include TOR). You can do everything in Tails based on the USB you have it on, and it won’t ‘remember’ anything. If attempting to use it in tandem with Pidgin/OTR check your settings (see rest of tutorial below) to ensure they are in place.
Make sure you have TOR running before doing this step.
Check your IP again at that link you visited in the first step “Let’s Begin”.
Does it still show your IP address? It should not anymore.
Also check if your TOR is working.
Check your TOR settings.
Recheck until you are no longer revealing your IP address to that site.
Once that’s done, Obtain (create) an e-mail address that is not connected to your name or any of your social profiles. Do not use the password that you use for anything else and do not use your name or any part of your name when creating the e-mail address. If using this e-mail address to create a social profile, ensure that the new social profile name does not have anything to do with your real name. Come up with something different. If you don’t want to use an e-mail address for very long, google the search term: temporary e-mails
Find a site on the list of results. Create e-mail address(es) for yourself as needed.
Install Pidgin or Adium
To communicate off the record in an encrypted way, you should utilize either Pidgin (OTR) if on Windows / PC or Adium, if on Mac. While it’s good to use this Pidgin or Adium alone, if you are using one of these while also running TOR, even better – you are working to hide your IP address while also communicating in an encrypted, off the record fashion. (Do not utilize Skype or similar software for private communication, as the communications from that software are logged through central servers. Consider limiting to a minimum (or stop) any communication you are doing through facebook, as this is not a secure way to communicate ~ “private messages” are not private in that system. Twitter is considered reasonably secure for communication as the company has a good record of protecting user privacy, however, its ‘private’ direct messages are increasingly viewed by government due to surveillance techniques including National Security Letters, administrative subpoenas, and warrantless surveillance. Minimize your direct messaging or delete those direct messages that you have sent once the conversation is complete. This is not a method of avoiding surveillance, it is simply a recommendation.)
Pidgin and Adium work in a true peer to peer manner in which the encrypted communication does not involve any intermediary service pulling (logging) your data in order to complete the process of communication.
When you create your username, create a name that has nothing to do with your e-mail address or any of your social media accounts nor should it be anything at all like your actual name.
A simple (archived) instruction on how to set up Pidgin or Adium is here.
It is important you follow the instruction and select the XMPP option in order to maximize privacy and ensure proper setup.
Use servers which are known not to log your activity, for example, dukgo.com
To ensure that the server you use does not log your activity, after setup is complete, go into options, and make sure you go into Preferences (in Pidgin), similar in menu in Adium, and uncheck everything under the Logging tab.
Then, go to the Proxy tab and configure for TOR/Privacy (SOCKS5) selection. It’s a dropdown menu item.
Enter 127.0.0.1 for the host
Enter 9050 for the port
Leave user/pass blank
Go to Accounts, Manage Accounts, click on your account, click Modify
Go to the instructions here.
Check under the advanced tab and see if it is set up properly in the Connect Server area. (ignore the riseup stuff in the File Transfer Proxies area unless you are using a riseup account with it)
If you are using TOR with Adium and a Riseup account you need to read this. In fact, if you are using TOR with Adium, even if you are not a Riseup user, read that. If you are an Adium user you will find your way through this process in the Proxy area with the SOCKS5 setting.
If you’ve installed Pidgin you want to make sure you get the OTR extension. This is critical to your security. Your communications will not be private in Pidgin without it. You can get it here. Once you’ve downloaded it, go into the Tools menu, then Plugins, find Off-The-Record messaging, and make sure it’s checked. You are good now.
This isn’t necessary for Adium users as the OTR (off the record) feature is already incorporated into Adium. However, if you are an Adium user (on Macs), it is important you turn off your Growl. Your Growl being on will cause information leakage and compromise your privacy.
If you don’t know how to turn off Growl you can see the answer at this link.
More info on Pidgin, etc., is available here. However, it is recommended that the instructions above be followed for best security.
Once you’ve added a buddy you want to start a private conversation with a buddy using the OTR tab if in Pidgin or just start a conversation with a buddy if in Adium. If you are in Adium, make sure your menu settings are set to Initiate Encrypted OTR Chat every time. (There is a “lock” that should show as locked closed that confirms this.)
If you are in Pidgin, IMPORTANT, you must take the additional step of following these instructions.
Ask the person you are connecting with to authenticate so that you and that person share information back and forth. If it is the fingerprint of each other you share, or if you ask each other questions that only each of you could answer, make sure that those answers are shared between you only outside of the Pidgin / Adium environment (in person, or via twitter DM, etc). This ensures that you know the person actually is who they say they are.
At this point with TOR and Pidgin or Adium configured all together you are able to communicate with encryption, off the record, and without disclosing your “IP” – your computer’s address – to the network. This is the level that most people should be at to protect their private communication.
The Final Layer
VPNs (Virtual Private Networks) are another option, another layer you can add (if you choose). This will likely require that you tweak settings in your Pidgin or Adium, but try it just the way it is already set up and see how it works once you add a VPN. (You may need to adjust your Pidgin / Adium settings based on the VPN setup.) Here are some examples of recommended VPNs. (You’ll want to stick with ones that don’t log and that allow for you to pay in bitcoin or a different cryptocurrency, should you so choose.)
Due to laws and extraordinary surveillance going on from the United States we recommend when you set up your VPN once the service is up, select from the list of servers and pick ones that are outside the United States. Servers in Czech Republic or alternately in Romania are recommended due to their minimal to zero data retention laws and their Constitutional decisions which have struck down attempts at data retention.
Additional information from EFF Surveillance Self Defense is here.
Even more info
Have fun out there – and stay safe!