PDA

View Full Version : Privacy Guide



Tanta
10th July 2015, 11:35
This will be short and general introduction to online privacy, using tangible examples, in a manner where you can also apply them yourself, while avoiding boring technical bla bla as much as possible. So if it at times comes across as overly simplistic - that is intentional.

These are only guidelines. It is not a 100% guarantee. I can not assure you technical assistance with anything described in here, you are expected to help yourself. This guide does assume you are not totally inept when it comes to computers.


Difficulty levels:

1 - easy doable, don't be lazy, just read what it says on the screen
2 - medium, in case of trouble RTFM
3- hard, if you can do that you do not need to read this "guide"



Q: how do i secure my computer?
A: omfzg you sheep, this is such a loaded question for those in the know, oooomm

Q: how do i make my system more private?
A: to have better chances at privacy you should stop using commercial software such as Microsoft Windows OS or any Apple OS (OS = operating system). Instead you should be using any from the number of Linux OS. While at it, you should also stop using Google (and alike) products and services, Facebook like social portals and in general be mindful of what you post where.

Q: ok i am changing to Linux, hmm which one is more user friendly?
A: try Linux Mint or Ubuntu/Kubuntu

Q: but, but...I want to keep using Windows
A: things can be done to ensure more privacy while using Windows


Since Windows are most widely used this guide will focus on WIN OS.






Q: i do not want anyone but me and the recipient to read my emails, how do i do that

A: you have several options such as 3 - you setup, manage and run your own email server + encryption. 1 - you use encryption. 2 - you and recipient make up your own language and use pigeons to get the messages across



How to encrypt emails using Windows



- download Thunderbird from https://www.mozilla.org/en-US/thunderbird/ install using default settings. Thunderbird is an email client, like for example Microsoft Office Outlook. Now start Thunderbird and configure your email account. It is assumed you can do that by yourself. If you have gmail account Thunderbird will do most,if not all, the work for you, just enter the relevant data it asks you for.

- download GnuPG for Windows http://www.gpg4win.org/features.html
Download the full package and use default settings during the setup. GnuPG enables encryption/decryption.

- download Enigmail via Thunderbird's addon menu by going to Tools - Addons - search for Enigmail, select it and click install, restart Thunderbird. In case you do not see the menu with "File, Edit, Tools.." right click on the up most blue border of Thunderbird and select "menu bar" along with "mail toolbar". Enigmail is an addon for your email client, it uses the functionality of GnuPG to encrypt your emails. Go here for more info https://www.enigmail.net/documentation/index.php


Ok you now have all the software you will need. Now to configure it.


How to create an encryption key


Next you will create a key(certificate). Your key will consist of 2 parts. One part is a private key. One part is a public key.

Public key is meant for anyone you want to. Other people will need it, if you want them to send you encrypted messages you can read. They will use your public key to encrypt the message meant for you.

Private key is only used and kept by you! Private key is used to decrypt content (mails or files) others send you. Once a message or a file is encrypted using your public key it can only be decrypted using your private key.

Your private key will also need a pass phrase. Emphasis on a phrase. So do not use words (password) and do not use your kids birthdays or any other such simplistic things. This pass phrase will have to be entered each time before you either encrypt or decrypt a message or file.


IF YOU LOSE YOUR KEY (CERTIFICATE FILE) OR IF YOU FORGET YOUR PASS PHRASE FOR IT, EVERYTHING ENCRYPTED WILL BE LOST TO YOU FOREVER!


To create your key go to Windows start menu and enter "Kle" in the search field. A program called Kleopatra should show in the results window. Start the program.


In Kleopatra go to:

settings - self test (everything should be green)
close
file - new certificate
chose personal OpenPGP key pair
enter whatever you want for name, which can be your real name
enter whatever you want for email, which can be a real email
next
create key
enter pass phrase 2 times (and never forget it)
chose MAKE BACKUP OF YOUR KEY PAIR
select custom name and file location
ok
ok
finish


You will now have a "filename.gpg" on your hard drive. This is your private key!

In the main Kleopatra window you will now see listed a certificate you just created. Right click on it and select option "export certificates". Pick a file name and location of your choice. You will now have a "filename.asc" on your hard drive. This is your public key!

COPY BOTH TO AN EXTERNAL HARD DRIVE OR FLASH DRIVE...etc... MAKE BACKUP IMMEDIATELY!

DO NOT store your key file all over the place! Keep it in one to two offline! locations. Offline location would be a USB key in your underwear drawer...etc




Using your key in email client



In Thunderbird


enigmail - setup wizard
chose 2nd option, extended configuration
next
enable it for your email accounts
enigmail should detect you have already created the key, select it in the window
next
finish


Go write/compose a new message. By default it will tell you in bold red it is not about to be encrypted (top right). To encrypt it click on the padlock icon. As you do that the red text should change to normal saying "this message will be encrypted".


Compose your message, enter email address (in case you have 2 emails use yourself for testing by sending to email address not configured in Thunderbird), enter subject and also select "attach my public key".

Click send, a window will open, asking you to select recipients. Here you would select public key-s (yes you can select multiple public keys to encrypt the same email or file) of people you want to send the email to. Currently you do not have any but yourself. If you do not see yourself click on the "refresh key list" at the bottom of the window.

Remember, you can only decrypt what was encrypted using your public key! So if you include recipients public key, but do not add your own public key to the email, you will not be able to decrypt (view/read) it later!

Select yourself on the list, click send. Since you chose "attach my public key" there is an attachment in this email. Additional window opens, asking you what to do with it. Since it is your public key you can chose first option. If it was something else you would chose second option. So chose first option and click OK.

Assuming you have 2 email addresses and were able to use yourself for testing, you just sent your first encrypted email.



Your other email address will receive an odd looking email. Something like this.


-----BEGIN PGP MESSAGE-----
Charset: utf-8
Version: GnuPG v2

hQEMA4/xhH6N+OJLAQf/cJ+oe5c9A9kYMIyfZNAaRHY2FB/fYAob5bALgOlDE1Kf
5HrxDe09czLoluhyvaN5IU2RW0MeyYG2EjaJDvRQcuUtSxYfXJ AC3Ii5k9slL94n
jFvDTL4pTy4GGXoVw2Fws9BG+Sk9iAlao9jrgZrTF8t1wsIR4T 4yuJA6o7rUvRjs
b9Q5jFEz49plbGUA/qQBUhMCNhpi1ZWWMM5E1AOGhYttE3EWlMgmmBbEt8FLpbp7
cMzwkirhLhMoRl2euC1gb13JPHhOA0HPV/bvo3qm9bJFiCOepMoftJXg6Xw/QIpH
5mSehOJllAASUIDi464Viyva/Ww9Vj38kzFEaNen39JFAVjA2cfIIe9X8XQvDPHp
tPzz9eOrUzNWH+ZYXNl9lhD9EDEoPJ+iWd3WOuStXhb2VLV9gp SLmWORxcEQap31
u8aYgy3s
=WSL2
-----END PGP MESSAGE-----


If you pay attention to your test email, you will see that the SUBJECT is NOT encrypted! So be mindful of the subject if you want to keep things private!


You will see the same if you go to "sent mail" in Thunderbird and select that email. Unlike the recipient you can decrypt it. A window will pop up, asking your for pass phrase. If you enter it, you will see what it really is. The recipient however can never do that since its public key was not included and only you have your private key. What the recipient can see however is the unencrypted attachment and the email subject.

If you were to get an encrypted message, encrypted using your public key, you would also be prompted by a pass phrase window. Upon entering it you would see the real content of the message.

To be able to encrypt messages for other people you will need their public keys first. You import their public keys in Kleopatra.

After you enter the pass phrase in Thunderbird it will remember it for a limited time. This way you do not have to enter it again and again and again for each email.


Another computer:

If you have another computer, you do the same with one difference. You do not create the key (certificate) since you already have it. All you do in Kleopatra is import your private key file and public key files of your contacts. The rest is the same. In the main Kleopatra window you click on "import certificates" and then select the location of the file, which should be on your backup medium.


Some additional notes:


Encrypted emails are plain text only. You are not meant to be sending around fancy, glittery animated, decorated, christmas tree like emails using encryption, since things used to make emails "pretty" in such a manner can be exploited in order to gain access to your computer/identity...etc


I also want to state there are "multitudes" of ways and options i did not cover. If you wish to see about them you will have to dig in on your own. GnuPG comes along with a Compedium = help.



If you get the public key in a form such as


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Universal 2.9.1 (Build 347)

mQMuBFG3x4URCACZ/c7PjmPwOy2qIyKAYRftIT7YurxmZ/wQEwkyLJ4R+A2mFAvw
EfdVjghAKwnXxqeZO9WyAEofqIX5ewXD9J4H6THaWNlDeNwnIU hbVsSEgT6iwGEG
arXvkrMyy+U5KA0x2dcsYRKAPMM1db+4zSQkWTWzufLU7lcKi3 gU3pNTxSA0DjCn
wfJQspiyWchSfgZ59+fKaGZJVSElrS2i2ok5mK3ywCXRWvnAC/VxA3N6T4jvkX/+
to3UsZXERO4NtVI0IT0uhLXh+IhhBBgRCAAJBQJRt8eFAhsMAA oJELiVbb/ufBBc
QjgA/j1J7nN42zDMJxoAKQDvp+H3dErZVY7hJ8qHeGVbExWGAP97G/jWhl6FEg7M
2vOMWRC5GQUM8TU1YkCeAuhsxSj3ew==
=dgnf
-----END PGP PUBLIC KEY BLOCK-----

You copy paste everything from and including the ---BEGIN to ----END into a text editor and save it as "name.asc".
Once you have the .asc file just import it into Kleopatra.

A nice text editor is notepad++ https://notepad-plus-plus.org/ You may also use any other.






Q: i have some sensitive files i want to keep safe/away/hidden from everyone else, so i payed big bucks for a big safe with a strong lock, i will put my hard drive in that safe. Is there anything more i can do?

A: yes, you can encrypt your files (1) and copy them to this hard drive or you can encrypt the entire hard drive (2) and then, for being extra super paranoid, you can put this hard drive in that big bad safe of yours. 3 - you memorize all data and keep it in your mind, you then delete the computer copies



Encrypting files/folders

For 2:

Install Linux using the LVM (logical volume manager) along with hard disk encryption. This way your entire hard drive will only be accessible by a pass phrase of your choosing (during the installation process). In case of UNFORTUNATE event, such as BROKEN HARD DRIVE, there will be no way to recover your data, even by the experts with special tools. Same goes if you FORGET your pass phrase. You also wont be able to copy data from the hard drive if you for some reason hook it up externally via USB to another computer. You should always have backup copies anyway (encrypted or not...)


Q: once i enter my password for system to boot up and to see the files on my hard drive, does that mean a potential hacker breaking into my computer would also be able to see them?
A: yes



For 1:


Using Windows, you will need to install GnuPG. Once you do that you will have to create a key and make a backup of it. See above (the email guide) on how to do this.

Once you have the key created go to any file or folder in Windows and right click on it. One of the options you will see is "sign and encrypt". Select this option.

a new window will open - you can leave everything as it is
next
select the key (certificate)
*click add
click encrypt
when prompted enter password (if for some reason you just recently entered the password for this key it will not ask you about it)
wait till it says succeeded (depends on your computer speed)
click finish

*You can add as many as you like (have). Depends on who all you want to be able to decrypt the file. See about public and private keys in the email guide.

You will now have a "filename.gpg" This is your encrypted file. To decrypt it right click on it and select "decrypt and verify".

a window opens
chose the output folder
leave everything else as it is and click on "decrypt/verify"
enter pass phrase when prompted to do so
wait for it to finish
ok


IF YOU LOSE YOUR KEY FILE OR IF YOU FORGET THE PASS PHRASE ALL ENCRYPTED FILES WILL STAY AS SUCH FOREVER AND YOU WILL NEVER AGAIN BE ABLE TO DECRYPT THEM AND SEE ITS CONTENTS!



I once had a large (10+ gigabytes) encrypted file using 4k RSA key. Trying to decrypt it some months later i encountered a problem. The thing simply crashed with no warning or any error during the decryption process. Problem was solved by decrypting the file, using the same software, on Linux. Why it did not work on Windows i do not know. Could be problems of the software version for Windows, could be Windows itself. I am telling you this so you will know not everything always works as expected, even if you follow all the right steps and that sometimes you have to improvise.







Q: i have some sensitive files here that i need on daily basis, i need to be able to access these files on all of my computers, my phone and my tablet and i want to share these files with some of my friends. I can not possible encrypt/decrypt every file each time after i modify or view it, neither can i fully encrypt all the devices i want to have these files on and some of my friends do not use the encryption at all. I refuse to use Dropbox, Google drive and One drive. What do i do?

A:bittorrent sync (1)

Q: omg no, not torrent, that will get me arrested




Synchronizing files using encrypted transfer


BitTorrent is a file sharing protocol. Using the protocol to share files is not the problem. It can become a problem if you share files with copy rights attached to them.

How to share files between multiple devices

There is a way to synchronize files between your devices and devices of your friends. The transfer of data is encrypted. Once data arrives to its destination it is no longer encrypted! The transfer of data is direct from device to device. There is no cloud. There is no middle man.

The program is called BitTorrent Sync (btsync). There are good and bad things about it. It is partly commercial! The main bad thing is that the program is not open source. This means its code can not be independently verified, to see if it really does only what it says it does and as it says it does. Another problem is that there are some limitations to the free version of the program, but that should not be bothersome for home/private use.

Usage of the program is fairly simple. This is where you get it https://www.getsync.com/ As you install the program you will be guided through its workings and basic setup. You will also be given a 30 day free pro trial. After 30 days you just simply refuse the pro option and switch to free version.

A quick look at how it works:

you create a folder on your hard drive
inside btsync you click on "add folder" and select the folder you just created
a secret (keys) will be assigned to this folder
a key for read and write, a key for read only
you can share this folder according to the key permissions
you can set certain self understood limits (as you can see in the share window)
as you share you can either copy or email the link to either yourself or the friend
the link is rather user friendly and will enable you or your friend to set everything up
the QR code option (under share) is meant for your phone btsync app, you scan it


Read only permission means that changes made to the files inside the shared folder will not be synced to the rest. As a person synchronizes the files a local copy of those files is established. A person can later do whatever with those files. If the person doing "whatever with those files" has read and write permissions that "whatever" will affect you too since the "whatever" changes will get synced. Any file, not deleted by you, goes to the archive, which is accessible from the menu of the synced file in the main btsync window.


A possible problem

You have a synced folder on your work computer and home computer. You make changes to one of the files in the synced folder at home but for some reason btync is not running. Since it is not running the files are not synced even though your work computer is turned on with btsync running.

You turn off your home computer and go to bed. Next day at work you continue to modify the same file but you do not notice the changes you made at home are not there.

As you get home you turn on the computer and run btsync. Since the file at work has a newer date (of when it was last modified) it overwrites the file on your home computer, thus only keeping the changes you made at work. Everything you did the day before at home is gone. You can however check the archive...but...

But to avoid that you have to use care. Unlike, for example Dropbox, there is no "central point" which is "always online" and from which you can always sync data.

You can however always use your phone as the middle point. Lets say you modify the file at home but work computer is turned off. You know you have to sync the data to work. You take your phone which also has btsync and sync it with your home computer. You turn off your home computer. You get to work the next day and sync your work computer with your phone.

Similar problems can arise if you share files with your friends. The basic rule should be always SYNC FIRST before you do any changes to the files. It is best if btsync is running all the time.



NEW NEW NEW: https://syncthing.net/ = A possible alternative for btsync and it is OPEN SOURCE. I have not tried it yet. Maybe you can and then write about it?



Q: i want to be completely anonymous when browsing the internet, how do i do that

A: TOR (2), you hide yourself behind seven proxies (7)


TOR


Tor is many things. Take it as a service. It is open source. You can read about how it works on its webpage here https://www.torproject.org/


Btw your access to TOR web page was just noted and recorded. Tor started as a project of US Navy.


Traffic on TOR is encrypted. Your IP, your "point of origin" is not known as you connect to web sites. You connect to a "proxy server" and all the information is relayed via this "proxy server". TOR is a "bunch of proxy servers". As you connect to www via TOR your connection request goes via multiple relays. The web site you connect to does not see it is you who is doing it. The web site sees the last relay. The connection between you and the 1st relay is not encrypted, same goes for connection between the last relay and your target destination. Each relay only knows about the before one and the next one.

Proxy? You have Bob, Jacob and Aaron. Bob has a question for Aaron but does not want Aaron to know it came from him. So Bob goes to Jacob and sends him to Aaron to ask the question. Jacob gets the answer and takes it back to Bob. Jacob is a proxy. TOR has many Jacobs. They do not all know each other. They just know the Jacob who brought them the question and Jacob they will forward the question to.

Q: is TOR 100% secure?
A: no
Q. how come?
A: go and read about it
Q: pffft i cant read all that
A: suit yourself


TOR will not open web pages as fast as you are used to. Some websites will detect something is "fishy" and will not load for you or will not let you do things such as registering an account or logging in. For example Google will not give you search results without forcing captcha on you each time you do it. So you will have to use alternative. Such as https://search.disconnect.me/


There are also other restrictions, like no flash, no scripts, you should also disable java script.

inside TOR open a new tab and into the URL type "about:config"
click on "yes i will be careful"
in search type "java"
bellow look for "javascript.enabled" and double click on it so the value changes to "false"

This means not all websites will load or not all websites will load the way you want them to.

Onion links. Using TOR you might come upon onion links (hidden service). They are an "alternative web addresses" for what is knows as "dark web". I here advise you to not go to any onion link, unless you know better. Remember you take all the responsibility for your actions, not me.


Side notes on TOR:

Do not use TOR to login on web pages you frequent when not anonymous (while using a standard web browser). You do not want them to try to "find a match". Do not use same names and passwords (etc) on darkent (or clearnet) while browsing anonymously as you do when on clearnet while not browsing anonymously.. Keep them separate.


Alternative

If you do not like to use TOR but still want some privacy and security while browsing online use Firefox https://www.mozilla.org/en-US/firefox/all/ along with add block plus addon https://adblockplus.org/ and https://www.eff.org/https-everywhere

Another useful addon is https://addons.mozilla.org/en-us/firefox/addon/noscript/ Btw this addon may cause some websites to not load properly.

Firefox also has a "private browsing mode" Private as in - the browser will not remember where you were and what you did (history, cookies, form search entries, offline cache...) It will however not mask your IP or make all traffic encrypted.



EDIT: added a few bits. mostly to TOR and Firefox and btsync

Tanta
10th July 2015, 11:36
TorChat



TorChat, to my knowledge, has no direct connection to TOR project. TorChat uses TOR network to get the message across thus keeping the origin of the message and message itself hidden from preying eyes.

You can get it here - https://github.com/prof7bit/TorChat/downloads

TorChat is a decentralized anonymous instant messenger that uses Tor hidden services as its underlying Network. In TorChat every user has a unique alphanumeric ID consisting of 16 characters. This ID will be randomly created by Tor when the client is started the first time, it is basically the .onion address of a hidden service. TorChat clients communicate with each other by using Tor to contact the other's hidden service (derived from his ID) and exchanging status information, chat messages and other data over this connection.


As you extract the zip you will get a torchat folder and inside there will be "bin, doc, src" sub folders. Inside "bin" folder there is a "torchat.exe" Run it.

This is what a torchat ID looks like: ieyvjgydgth2hyhk

You will get such an id. This is what others need to add you.

People can add you without your approval and the other way around. Once people add you, there is no way for you to make sure the other side is really who they claim to be. File transfer in torchat is a bit of a problem since you can not refuse it. As soon as someone sends you a file the transfer is automatically started. The user interface is very simple and very basic. The design itself is focused on privacy/anonymity. Torchat2 is said to be in the making. It is an open source project (current and new one)









Q: i read the other day how this "person X" gave this "prominent researcher" a detailed report on something and it was stated they were using Skype. I also heard from another "prominent researcher" how all of the insiders give it TOP SECRET info right there on Skype. But then i read online everything written, said, shown, sent...etc via Skype gets intercepted, recorded and stored. I am now confused and i also wonder what other than Skype i can use to make things more private?

A: oh dear, oh dear, confusing indeed is it not. But hey, do you also know that "prominent researchers" are offering people to send them TOP SECRET super classified, GALACTIC CLEARANCE stories to their emails, without ever using encryption or stating what their public keys are. Can you imagine leaking something which can get you killed, sending this information to "prominent researchers" unencrypted? Well lets hope insiders know how to hide themselves by other means.


An alternative to Skype would be Jitsi. There is also Pidgin. Pidgin, like Jitsi, supports many chat protocols and OTR (off the record messaging) can be used with it. They are both 1. Another option, for mass voice chat, would be mumble with your own (or trusted) murmur - that would be 2.

But here i will briefly describe Jitsi.



Jitsi


Jitsi https://jitsi.org/ can be used for text chatting and audio/video calls. It supports encryption. Your text and audio communication can be private.

Download and install with default options. You maybe can remove the check from "outlook integration" during setup.

Login by either for example using your Google credentials (Google Talk) or for example making a new account with XMPP (Jabber). It is suggested you do not use Google/Facebook...etc

XMPP is a chat protocol.



Making new account:

file - add new account
select network - xmpp
create new xmpp account
chose username
chose password
click add


If you already have an XMPP account just add it.

Your account ID is now name@jit.si This is what others will need to add you as a contact.


Do not use same username, name, password...etc that you have already used elsewhere. Do not let others know you account ID via unprotected means, as it can be related to you if you do so. Creating XMPP account to then paste its ID via Skype or unencrypted email compromises you security.




How to add a contact:


file - add contact
select to which account (if you have more than one)
select contact group (if you made any groups)
enter account ID of the person, like name@gmail.com or name@jit.si
chose a display name for your new contact
click add


Person you want to add will be prompted to accept, deny or ignore you. Ignore means - decide later. Same happens if someone wants to add you.

Start a chat session with your contact. Aside from all the regular options in the chat window you will also see a padlock icon. Padlock being unlocked means the chat is not encrypted. Click the padlock icon. As you do that you will see a message:

name/jitsi-xxxx is contacting you from an unrecognized computer. You should authenticate name/jitsi-xxxx.
Jitsi is recording this conversation on your device. You can turn off chat history here.
Unverified private conversation with name/jitsi-xxxx started

As you click the icon the chat is already private, as indicated by the yellow padlock, but due to "keeping all options open" and "doing it right", you are being told to make sure the person on the other side is really who you think it is. You can do so by clicking on the authenticate link. Pick a method you like best. Once authenticated the padlock will get a small green check next to it.

One authenticate option is a question with an answer (you write both) then the other party has to write the same answer as you...etc

Also as you saw the chat history is being kept. That may go against the purpose of keeping it from praying eyes so you might want to disable chat logging.

Text messaging uses open source OTR to encrypt chats.

As you voice call your contact for the first time you will also see a padlock. It will be read, wait a while for it to turn yellow or cancel the call and do it again. You and your contact's programs are establishing an encrypted connection, which may take a moment. See the section under the letters zrtp and padlock with the message "Compare with partner" followed by 4 characters. You now should tell these to your contact (to again verify it is the actual person..etc) and if your contact has the same you click confirm and the padlock will turn green. It will tell you voice call is encrypted. To see the chat menu you can close the "zrtp window" by clciking the white X.

Voice is encrypted using ZRTP, which is not open source.


Side notes on Jitsi:

Unlike high budget propriety software there can be some hiccups and it is not as fancy. Unlike Google chat service which is up 24/7 XMPP can be down at times and it takes a bit for it to get back up. Jitsi however has all the uses regular Skype user needs and some more. In Jitsi you can send files, text chat, voice chat, video chat, share desktop or part of your desktop, you have spellcheckers, you can replace notification sounds with your own, group chats, file transfer...







Ever wondered if you could do something about that tracking device you self volunteered to carry it around with you every time all the time? Besides stop using it. There is little to noting you can do about the hardware of your device. If there is an "autonomous chip" in there...well...it was fun knowing you. ;) There is medium amount of things you can about your device connecting to every other device and cell towers. There is something you can do about the OS of your device.


Google free Android? Bloatware free Android? Yes you can! But not without some difficulties.




Cyanogenmod



Android is an open source project based on Linux kernel (kernel is a central thingy which manages computer's CPU and memory...technical bla bla bla...) developed by Google. In some way Android = Linux. So Android in its basic form is open source = anyone can see the code and modify it however they want to. That is what your phone service provider/seller did. They sold you the phone with Android + their additions (which are not open source). These additions are often called bloatware and in some cases malware. Mostly these additions can only be disabled or not even that. But you can not remove them. Some of these additions impose limits and restrictions on you or interfere with your privacy.

What can you do? You can change the operating system of your phone. You can install Cyanogenmod. This is difficulty 2 (refer to the first post). If you have problems with every day computer usage do not attempt to do this. In any case, whether you do this or not, it is your responsibility.


THIS PROCESS MIGHT BE ILLEGAL IN YOUR (FASCIST) COUNTRY OR IT MIGHT MAKE YOUR PHONE WARRANTY VOID. THIS PROCESS, IF DONE WRONG, MIGHT RENDER YOUR PHONE INOPERABLE! THIS PROCESS IS NOT EASY TO REVERT. INSTRUCTIONS ON HOW TO REVERT WILL NOT BE GIVEN!

Since i am not a practitioner of law i will not go and interpret the law for you. You will have to do that for yourself, depending on where you live. It is rather ridiculous i even have to write this, after all - all this is about is changing the operating system (software) on your phone.

Cyanogenmod team, web page is http://www.cyanogenmod.org/, also went and made its modifications to the Android system. While there has been some recent controversy regarding its dealings with Microsoft (and software licensing), Cyano remains open source project and is, to my knowledge, the best-usable alternative OS out there. Installing Cyano you get the basic system, which is not as fancy as propriety ones and the basic apps along with the system. Apps such as camera, gallery, music player, fm radio, messaging, phone book, calendar, movie player, torch, clock, email, file manager, sound recorder...etc What you do not get are any of the proprietary software apps such as Google apps and other "hidden extras". You have a more private operating system with settings to ensure additional security (like phone encryption) and privacy guard app.

https://en.wikipedia.org/wiki/CyanogenMod

Q: but wait, if there are no Google apps then there is no Google play store?
A: yes?
Q: omfzg how will i install other programs? What about the applications which do not work without Google apps?
A: you will download apk and install it. If an app needs Google software to run, you should not be using it


1st things 1st... You can not install Cyanogenmod on just any device. Your device has to be supported.
Here is the list of supported devices: https://en.wikipedia.org/wiki/List_of_devices_supported_by_CyanogenMod

Q: ok jackass are you using cyanogenmod
A: yes
Q: why
A: using retail OS, my Samsung S4 Mini, drained the battery in less than a day when it was brand new and i hardly used any of the "entertaining" appps
Q: and now?
A: now, being somewhat conservative, my battery life can be up to 5days+ when i do not get called a lot or make a lot of calls myself or fiddle with the phone

Yes it was the short battery life which drove me to see about alternatives not so much privacy concerns, but also that.


If you have an old phone, you are not using anymore and phone is now just collecting dust - so it will not make much difference weather you can do something with it or not - go use that phone to play around with flashing your system.

Installing Cyano you have two options. Easy one and less easy one.

FIRST BACKUP FILES (ON YOUR PHONE) YOU WISH TO KEEP

They do try to make this simple for most people "as of March 23, 2015, some reports indicate that over 50 million people run CyanogenMod on their phones" so yea...it is not a rocket science. On their front web page there is a "get started" button. Ensure your phone has full battery and click on it to get yourself started. :eyebrows: In all theory you can not miss going by these steps. Anyone can do it.

Unless ofc there is a problem. Like in my case, i had a problem. So i did the "hard way".



The hard way:

ensure your phone has full battery
download the software for your device from http://download.cyanogenmod.org/ type: snapshot
copy the file to your phone, using usb connection
go to your phone bios (a sequence of buttons you have to press, depends on the phone)
optional: navigating your phones bios - clear cache, dalvik cache and maybe also reset everything to factory default
navigating your phones bios go to "install" and select the file you previously copied to your phone
click yes (might have to agree multiple times)
wait for it to finish
boot up your new system

Updating your phone is very simple. Under options "about phone" you have the "update menu". When/if available you can download update and apply it by clicking "ok".
Updating your phone will not (should not) affect your files. This way you will have the latest version of Android. Retailers usually do not bother much with giving you software updates after you buy the phone.

To save on your battery (and privacy), i recommend you turn Wi-Fi, Bluetooth, Molbile networks,NFC and Location - OFF and only turn them on when you need to, if you need to.
Under "mobile networks" you might want to chose 3G instead of LTE. I noticed the phone uses less resources and has better signal (given the indicator) if set to 3g. Disable data roaming (can be very costly, also depends on your subscription/plan). The rest of the settings i leave up to you.

You will be offered to make an account with Cyanogenmod. This is not needed or mandatory.




So now what? Well get familiar with your old/new/modified toy. Batteries not included.

If you desire to install an app, you can do so by:

going here https://play.google.com/store/
find an app you desire, click on it
copy the URL of the app
go here http://apps.evozi.com/apk-downloader/ and paste the URL of the app into the rounded window
click on the blue part where it says "Generate Download Link"
click on the green part where it says "Click here to download..."
you will get a "name.apk" file
copy the apk file to your phone via USB connection
using your phones file manager, make your way to the apk file and select it
install the app


Having no Google Play Store on your system also means you will not be prompted when the app updates, neither will the update be automatic.
So you will have to check about updates manually.

I suggest you use btsync to transfer files. Make the first and last app you transfer via usb to be btsync. Install it on your phone. Setup a folder on your computer and sync it with your phone (QR code). Put files you want to have on your phone inside the folder on your computer. Done. Consult the first post for btsync.
https://play.google.com/store/apps/details?id=com.bittorrent.sync

If you, by the Maker, desire to have Google apps, you can have that too (although it kinda defeats the purpose, does it not?)
You can get Gapps here: http://wiki.cyanogenmod.org/w/Google_Apps


Open source applications for Android:

https://f-droid.org/

This is something like Google Play Store but for open source apps.





Sailfish OS


This is a 3 difficulty. Posting here just to let you know about it.

Go here https://sailfishos.org/develop/hadk/ to try it out if you wan to.




edit: work in progress

Aragorn
10th July 2015, 16:51
Q: how do i make my system more private?
A: to have better chances at privacy you should stop using commercial software such as Microsoft Windows OS or any Apple OS (OS = operating system). Instead you should be using any from the number of Linux OS

:thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup: :thup:

Tanta
13th July 2015, 18:54
bump

added content to the 1st post, populated 2nd post

content so far: how to encrypt emails, files and folders. how to anonymously browse the web. how to securely browse the web. how to securely and anonymously chat online. how to make your android phone google free, how to synchronize your files via encrypted transfer

Tanta
27th July 2015, 19:49
NEW NEW NEW: https://syncthing.net/ = A possible alternative for btsync and it is OPEN SOURCE. I have not tried it yet. Maybe you can and then write about it?



This works nicely, using it on all my devices. Maybe a hiccup there and now. Consider btsync to be secondary.


Also


Go check this out: https://ricochet.im/


edit:

ricochet is (as it is also stated on their website) still somewhat EXPERIMENTAL...in development.

Tanta
21st August 2015, 08:38
Do not use SureSpot. It has been backdoored/broken to facilitate monitoring. https://antipolygraph.org/blog/2015/06/07/developers-silence-raises-concern-about-surespot-encrypted-messenger/

source: https://twitter.com/thegrugq/status/625173052783853568

hughe
8th September 2015, 16:55
Thanks Tanta.

VPN server provides faster internet speed than Tor.

I've done few things to increase my privacy lately.
Changed search engine from google to StartPage
Changed main personal e-mail account from gmail to riseup.net
Changed google chrome to Firefox
Bought a 8 port cable router to replace current wireless router.

lcam88
8th September 2015, 19:59
Some notes about security and limitations that may not be commonly known.

Asymmetric Encryption (level 3)

A note about asymmetric encryption, an encryption strategy that uses public and private key components/certificates. (https, ssl, tls and ssh type encryption, also the encrypted email suggestion above).

It's important to use larger keys where possible, 128bit keys are weak. 512 is pretty standard in https connections in the US though some non-US keys are still 128 bit. I use 4192 bit keys for my ssh connections.

Asymmetric encryption is considered secure only because, mathematically, finding very large prime factors in data packets is a "difficult" problem to solve with mainstream computer algorithms. If technology hereto undisclosed exists where these large prime factors could be easy to find [a theoretical method using quantum computing for example], then the security of asymmetric encryption would be insecure from the holder of this technology.

If this issue is a concern, then consider symmetric encryption to be a better method for data privacy, even if but you must then be burdened with how to securely share key information with the parties whom you intend to exchange private data. The presumption of security here does not reside in the presumed difficulty of a mathematical operation, but in the soundness of the chosen encryption algorithm and that size of the key used.

Stegonography (level 3)

Another area of interest insofar as data security lies in data hidden in different formats, stegonography (https://en.wikipedia.org/wiki/Steganography), which is interesting in that it provides an element of plausible deniability that a private component even exists. With plain encryption that does not exist as encrypted data is presumed to have a message. This strategy can be summarized as "hidden in plain sight".

TOR (level 2)

Lastly, TOR, is an anonymizing network of proxies designed to mask the origin of traffic that moves through the network. The success of its strategy, anonymization, depends on machines working within the network that are true to the goal of anonymization. If a sufficient number of "trojan" machines appear to perform anonymization but are actually deliberately working in coordination to de-anonymize traffic then traffic that is handled by these machines to serve as a means to weaken anonymization.

There are several strategies very technical in nature, some that involve quirk type characteristics in the NIC hardware that leave "fingerprint" type trails that can be tracked. Combine that with careless use by a casual user and statistics and then a clear possibility exists that data moved on the TOR network is not actually anonymous. All that without the introduction of spyware or virus type logic. Since part of the networks ability to properly anonymize requires everyday "careless" use, a careful user should obviously be careful enough to generate traffic, IMO. [the classic preponderance: I know, but do they know that I know?] But if that is relevant then maybe you will already know what I'm on about here.

Ghostery (level 1)

One very handy tool that does have practical value for everyday users, whether they are on TOR or not is ghostery (https://www.ghostery.com/). It works by blocking 3rd party connections that a typical web page makes when opened by a modern corp friendly browser. The user can enable some 3rd party connections like analytics or facebook if they want. This is a level 1, in your face, privacy type consideration that will prevent adds for "abortion clinics" appearing in the google adds bar if you happen to search for the term.

Aragorn please let me know if this is off-topic.

Aragorn
9th September 2015, 07:22
Aragorn please let me know if this is off-topic.

No, it's not. :p