This will be short and general introduction to online privacy, using tangible examples, in a manner where you can also apply them yourself, while avoiding boring technical bla bla as much as possible. So if it at times comes across as overly simplistic - that is intentional.
These are only guidelines. It is not a 100% guarantee. I can not assure you technical assistance with anything described in here, you are expected to help yourself. This guide does assume you are not totally inept when it comes to computers.
Difficulty levels:
1 - easy doable, don't be lazy, just read what it says on the screen
2 - medium, in case of trouble RTFM
3- hard, if you can do that you do not need to read this "guide"
Q: how do i secure my computer?
A: omfzg you sheep, this is such a loaded question for those in the know, oooomm
Q: how do i make my system more private?
A: to have better chances at privacy you should stop using commercial software such as Microsoft Windows OS or any Apple OS (OS = operating system). Instead you should be using any from the number of Linux OS. While at it, you should also stop using Google (and alike) products and services, Facebook like social portals and in general be mindful of what you post where.
Q: ok i am changing to Linux, hmm which one is more user friendly?
A: try Linux Mint or Ubuntu/Kubuntu
Q: but, but...I want to keep using Windows
A: things can be done to ensure more privacy while using Windows
Since Windows are most widely used this guide will focus on WIN OS.
Q: i do not want anyone but me and the recipient to read my emails, how do i do that
A: you have several options such as 3 - you setup, manage and run your own email server + encryption. 1 - you use encryption. 2 - you and recipient make up your own language and use pigeons to get the messages across
How to encrypt emails using Windows
- download Thunderbird from https://www.mozilla.org/en-US/thunderbird/ install using default settings. Thunderbird is an email client, like for example Microsoft Office Outlook. Now start Thunderbird and configure your email account. It is assumed you can do that by yourself. If you have gmail account Thunderbird will do most,if not all, the work for you, just enter the relevant data it asks you for.
- download GnuPG for Windows http://www.gpg4win.org/features.html
Download the full package and use default settings during the setup. GnuPG enables encryption/decryption.
- download Enigmail via Thunderbird's addon menu by going to Tools - Addons - search for Enigmail, select it and click install, restart Thunderbird. In case you do not see the menu with "File, Edit, Tools.." right click on the up most blue border of Thunderbird and select "menu bar" along with "mail toolbar". Enigmail is an addon for your email client, it uses the functionality of GnuPG to encrypt your emails. Go here for more info https://www.enigmail.net/documentation/index.php
Ok you now have all the software you will need. Now to configure it.
How to create an encryption key
Next you will create a key(certificate). Your key will consist of 2 parts. One part is a private key. One part is a public key.
Public key is meant for anyone you want to. Other people will need it, if you want them to send you encrypted messages you can read. They will use your public key to encrypt the message meant for you.
Private key is only used and kept by you! Private key is used to decrypt content (mails or files) others send you. Once a message or a file is encrypted using your public key it can only be decrypted using your private key.
Your private key will also need a pass phrase. Emphasis on a phrase. So do not use words (password) and do not use your kids birthdays or any other such simplistic things. This pass phrase will have to be entered each time before you either encrypt or decrypt a message or file.
IF YOU LOSE YOUR KEY (CERTIFICATE FILE) OR IF YOU FORGET YOUR PASS PHRASE FOR IT, EVERYTHING ENCRYPTED WILL BE LOST TO YOU FOREVER!
To create your key go to Windows start menu and enter "Kle" in the search field. A program called Kleopatra should show in the results window. Start the program.
In Kleopatra go to:
settings - self test (everything should be green)
close
file - new certificate
chose personal OpenPGP key pair
enter whatever you want for name, which can be your real name
enter whatever you want for email, which can be a real email
next
create key
enter pass phrase 2 times (and never forget it)
chose MAKE BACKUP OF YOUR KEY PAIR
select custom name and file location
ok
ok
finish
You will now have a "filename.gpg" on your hard drive. This is your private key!
In the main Kleopatra window you will now see listed a certificate you just created. Right click on it and select option "export certificates". Pick a file name and location of your choice. You will now have a "filename.asc" on your hard drive. This is your public key!
COPY BOTH TO AN EXTERNAL HARD DRIVE OR FLASH DRIVE...etc... MAKE BACKUP IMMEDIATELY!
DO NOT store your key file all over the place! Keep it in one to two offline! locations. Offline location would be a USB key in your underwear drawer...etc
Using your key in email client
In Thunderbird
enigmail - setup wizard
chose 2nd option, extended configuration
next
enable it for your email accounts
enigmail should detect you have already created the key, select it in the window
next
finish
Go write/compose a new message. By default it will tell you in bold red it is not about to be encrypted (top right). To encrypt it click on the padlock icon. As you do that the red text should change to normal saying "this message will be encrypted".
Compose your message, enter email address (in case you have 2 emails use yourself for testing by sending to email address not configured in Thunderbird), enter subject and also select "attach my public key".
Click send, a window will open, asking you to select recipients. Here you would select public key-s (yes you can select multiple public keys to encrypt the same email or file) of people you want to send the email to. Currently you do not have any but yourself. If you do not see yourself click on the "refresh key list" at the bottom of the window.
Remember, you can only decrypt what was encrypted using your public key! So if you include recipients public key, but do not add your own public key to the email, you will not be able to decrypt (view/read) it later!
Select yourself on the list, click send. Since you chose "attach my public key" there is an attachment in this email. Additional window opens, asking you what to do with it. Since it is your public key you can chose first option. If it was something else you would chose second option. So chose first option and click OK.
Assuming you have 2 email addresses and were able to use yourself for testing, you just sent your first encrypted email.
Your other email address will receive an odd looking email. Something like this.
-----BEGIN PGP MESSAGE-----
Charset: utf-8
Version: GnuPG v2
hQEMA4/xhH6N+OJLAQf/cJ+oe5c9A9kYMIyfZNAaRHY2FB/fYAob5bALgOlDE1Kf
5HrxDe09czLoluhyvaN5IU2RW0MeyYG2EjaJDvRQcuUtSxYfXJ AC3Ii5k9slL94n
jFvDTL4pTy4GGXoVw2Fws9BG+Sk9iAlao9jrgZrTF8t1wsIR4T 4yuJA6o7rUvRjs
b9Q5jFEz49plbGUA/qQBUhMCNhpi1ZWWMM5E1AOGhYttE3EWlMgmmBbEt8FLpbp7
cMzwkirhLhMoRl2euC1gb13JPHhOA0HPV/bvo3qm9bJFiCOepMoftJXg6Xw/QIpH
5mSehOJllAASUIDi464Viyva/Ww9Vj38kzFEaNen39JFAVjA2cfIIe9X8XQvDPHp
tPzz9eOrUzNWH+ZYXNl9lhD9EDEoPJ+iWd3WOuStXhb2VLV9gp SLmWORxcEQap31
u8aYgy3s
=WSL2
-----END PGP MESSAGE-----
If you pay attention to your test email, you will see that the SUBJECT is NOT encrypted! So be mindful of the subject if you want to keep things private!
You will see the same if you go to "sent mail" in Thunderbird and select that email. Unlike the recipient you can decrypt it. A window will pop up, asking your for pass phrase. If you enter it, you will see what it really is. The recipient however can never do that since its public key was not included and only you have your private key. What the recipient can see however is the unencrypted attachment and the email subject.
If you were to get an encrypted message, encrypted using your public key, you would also be prompted by a pass phrase window. Upon entering it you would see the real content of the message.
To be able to encrypt messages for other people you will need their public keys first. You import their public keys in Kleopatra.
After you enter the pass phrase in Thunderbird it will remember it for a limited time. This way you do not have to enter it again and again and again for each email.
Another computer:
If you have another computer, you do the same with one difference. You do not create the key (certificate) since you already have it. All you do in Kleopatra is import your private key file and public key files of your contacts. The rest is the same. In the main Kleopatra window you click on "import certificates" and then select the location of the file, which should be on your backup medium.
Some additional notes:
Encrypted emails are plain text only. You are not meant to be sending around fancy, glittery animated, decorated, christmas tree like emails using encryption, since things used to make emails "pretty" in such a manner can be exploited in order to gain access to your computer/identity...etc
I also want to state there are "multitudes" of ways and options i did not cover. If you wish to see about them you will have to dig in on your own. GnuPG comes along with a Compedium = help.
If you get the public key in a form such as
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Universal 2.9.1 (Build 347)
mQMuBFG3x4URCACZ/c7PjmPwOy2qIyKAYRftIT7YurxmZ/wQEwkyLJ4R+A2mFAvw
EfdVjghAKwnXxqeZO9WyAEofqIX5ewXD9J4H6THaWNlDeNwnIU hbVsSEgT6iwGEG
arXvkrMyy+U5KA0x2dcsYRKAPMM1db+4zSQkWTWzufLU7lcKi3 gU3pNTxSA0DjCn
wfJQspiyWchSfgZ59+fKaGZJVSElrS2i2ok5mK3ywCXRWvnAC/VxA3N6T4jvkX/+
to3UsZXERO4NtVI0IT0uhLXh+IhhBBgRCAAJBQJRt8eFAhsMAA oJELiVbb/ufBBc
QjgA/j1J7nN42zDMJxoAKQDvp+H3dErZVY7hJ8qHeGVbExWGAP97G/jWhl6FEg7M
2vOMWRC5GQUM8TU1YkCeAuhsxSj3ew==
=dgnf
-----END PGP PUBLIC KEY BLOCK-----
You copy paste everything from and including the ---BEGIN to ----END into a text editor and save it as "name.asc".
Once you have the .asc file just import it into Kleopatra.
A nice text editor is notepad++ https://notepad-plus-plus.org/ You may also use any other.
Q: i have some sensitive files i want to keep safe/away/hidden from everyone else, so i payed big bucks for a big safe with a strong lock, i will put my hard drive in that safe. Is there anything more i can do?
A: yes, you can encrypt your files (1) and copy them to this hard drive or you can encrypt the entire hard drive (2) and then, for being extra super paranoid, you can put this hard drive in that big bad safe of yours. 3 - you memorize all data and keep it in your mind, you then delete the computer copies
Encrypting files/folders
For 2:
Install Linux using the LVM (logical volume manager) along with hard disk encryption. This way your entire hard drive will only be accessible by a pass phrase of your choosing (during the installation process). In case of UNFORTUNATE event, such as BROKEN HARD DRIVE, there will be no way to recover your data, even by the experts with special tools. Same goes if you FORGET your pass phrase. You also wont be able to copy data from the hard drive if you for some reason hook it up externally via USB to another computer. You should always have backup copies anyway (encrypted or not...)
Q: once i enter my password for system to boot up and to see the files on my hard drive, does that mean a potential hacker breaking into my computer would also be able to see them?
A: yes
For 1:
Using Windows, you will need to install GnuPG. Once you do that you will have to create a key and make a backup of it. See above (the email guide) on how to do this.
Once you have the key created go to any file or folder in Windows and right click on it. One of the options you will see is "sign and encrypt". Select this option.
a new window will open - you can leave everything as it is
next
select the key (certificate)
*click add
click encrypt
when prompted enter password (if for some reason you just recently entered the password for this key it will not ask you about it)
wait till it says succeeded (depends on your computer speed)
click finish
*You can add as many as you like (have). Depends on who all you want to be able to decrypt the file. See about public and private keys in the email guide.
You will now have a "filename.gpg" This is your encrypted file. To decrypt it right click on it and select "decrypt and verify".
a window opens
chose the output folder
leave everything else as it is and click on "decrypt/verify"
enter pass phrase when prompted to do so
wait for it to finish
ok
IF YOU LOSE YOUR KEY FILE OR IF YOU FORGET THE PASS PHRASE ALL ENCRYPTED FILES WILL STAY AS SUCH FOREVER AND YOU WILL NEVER AGAIN BE ABLE TO DECRYPT THEM AND SEE ITS CONTENTS!
I once had a large (10+ gigabytes) encrypted file using 4k RSA key. Trying to decrypt it some months later i encountered a problem. The thing simply crashed with no warning or any error during the decryption process. Problem was solved by decrypting the file, using the same software, on Linux. Why it did not work on Windows i do not know. Could be problems of the software version for Windows, could be Windows itself. I am telling you this so you will know not everything always works as expected, even if you follow all the right steps and that sometimes you have to improvise.
Q: i have some sensitive files here that i need on daily basis, i need to be able to access these files on all of my computers, my phone and my tablet and i want to share these files with some of my friends. I can not possible encrypt/decrypt every file each time after i modify or view it, neither can i fully encrypt all the devices i want to have these files on and some of my friends do not use the encryption at all. I refuse to use Dropbox, Google drive and One drive. What do i do?
A:bittorrent sync (1)
Q: omg no, not torrent, that will get me arrested
Synchronizing files using encrypted transfer
BitTorrent is a file sharing protocol. Using the protocol to share files is not the problem. It can become a problem if you share files with copy rights attached to them.
How to share files between multiple devices
There is a way to synchronize files between your devices and devices of your friends. The transfer of data is encrypted. Once data arrives to its destination it is no longer encrypted! The transfer of data is direct from device to device. There is no cloud. There is no middle man.
The program is called BitTorrent Sync (btsync). There are good and bad things about it. It is partly commercial! The main bad thing is that the program is not open source. This means its code can not be independently verified, to see if it really does only what it says it does and as it says it does. Another problem is that there are some limitations to the free version of the program, but that should not be bothersome for home/private use.
Usage of the program is fairly simple. This is where you get it https://www.getsync.com/ As you install the program you will be guided through its workings and basic setup. You will also be given a 30 day free pro trial. After 30 days you just simply refuse the pro option and switch to free version.
A quick look at how it works:
you create a folder on your hard drive
inside btsync you click on "add folder" and select the folder you just created
a secret (keys) will be assigned to this folder
a key for read and write, a key for read only
you can share this folder according to the key permissions
you can set certain self understood limits (as you can see in the share window)
as you share you can either copy or email the link to either yourself or the friend
the link is rather user friendly and will enable you or your friend to set everything up
the QR code option (under share) is meant for your phone btsync app, you scan it
Read only permission means that changes made to the files inside the shared folder will not be synced to the rest. As a person synchronizes the files a local copy of those files is established. A person can later do whatever with those files. If the person doing "whatever with those files" has read and write permissions that "whatever" will affect you too since the "whatever" changes will get synced. Any file, not deleted by you, goes to the archive, which is accessible from the menu of the synced file in the main btsync window.
A possible problem
You have a synced folder on your work computer and home computer. You make changes to one of the files in the synced folder at home but for some reason btync is not running. Since it is not running the files are not synced even though your work computer is turned on with btsync running.
You turn off your home computer and go to bed. Next day at work you continue to modify the same file but you do not notice the changes you made at home are not there.
As you get home you turn on the computer and run btsync. Since the file at work has a newer date (of when it was last modified) it overwrites the file on your home computer, thus only keeping the changes you made at work. Everything you did the day before at home is gone. You can however check the archive...but...
But to avoid that you have to use care. Unlike, for example Dropbox, there is no "central point" which is "always online" and from which you can always sync data.
You can however always use your phone as the middle point. Lets say you modify the file at home but work computer is turned off. You know you have to sync the data to work. You take your phone which also has btsync and sync it with your home computer. You turn off your home computer. You get to work the next day and sync your work computer with your phone.
Similar problems can arise if you share files with your friends. The basic rule should be always SYNC FIRST before you do any changes to the files. It is best if btsync is running all the time.
NEW NEW NEW: https://syncthing.net/ = A possible alternative for btsync and it is OPEN SOURCE. I have not tried it yet. Maybe you can and then write about it?
Q: i want to be completely anonymous when browsing the internet, how do i do that
A: TOR (2), you hide yourself behind seven proxies (7)
TOR
Tor is many things. Take it as a service. It is open source. You can read about how it works on its webpage here https://www.torproject.org/
Btw your access to TOR web page was just noted and recorded. Tor started as a project of US Navy.
Traffic on TOR is encrypted. Your IP, your "point of origin" is not known as you connect to web sites. You connect to a "proxy server" and all the information is relayed via this "proxy server". TOR is a "bunch of proxy servers". As you connect to www via TOR your connection request goes via multiple relays. The web site you connect to does not see it is you who is doing it. The web site sees the last relay. The connection between you and the 1st relay is not encrypted, same goes for connection between the last relay and your target destination. Each relay only knows about the before one and the next one.
Proxy? You have Bob, Jacob and Aaron. Bob has a question for Aaron but does not want Aaron to know it came from him. So Bob goes to Jacob and sends him to Aaron to ask the question. Jacob gets the answer and takes it back to Bob. Jacob is a proxy. TOR has many Jacobs. They do not all know each other. They just know the Jacob who brought them the question and Jacob they will forward the question to.
Q: is TOR 100% secure?
A: no
Q. how come?
A: go and read about it
Q: pffft i cant read all that
A: suit yourself
TOR will not open web pages as fast as you are used to. Some websites will detect something is "fishy" and will not load for you or will not let you do things such as registering an account or logging in. For example Google will not give you search results without forcing captcha on you each time you do it. So you will have to use alternative. Such as https://search.disconnect.me/
There are also other restrictions, like no flash, no scripts, you should also disable java script.
inside TOR open a new tab and into the URL type "about:config"
click on "yes i will be careful"
in search type "java"
bellow look for "javascript.enabled" and double click on it so the value changes to "false"
This means not all websites will load or not all websites will load the way you want them to.
Onion links. Using TOR you might come upon onion links (hidden service). They are an "alternative web addresses" for what is knows as "dark web". I here advise you to not go to any onion link, unless you know better. Remember you take all the responsibility for your actions, not me.
Side notes on TOR:
Do not use TOR to login on web pages you frequent when not anonymous (while using a standard web browser). You do not want them to try to "find a match". Do not use same names and passwords (etc) on darkent (or clearnet) while browsing anonymously as you do when on clearnet while not browsing anonymously.. Keep them separate.
Alternative
If you do not like to use TOR but still want some privacy and security while browsing online use Firefox https://www.mozilla.org/en-US/firefox/all/ along with add block plus addon https://adblockplus.org/ and https://www.eff.org/https-everywhere
Another useful addon is https://addons.mozilla.org/en-us/fir...ddon/noscript/ Btw this addon may cause some websites to not load properly.
Firefox also has a "private browsing mode" Private as in - the browser will not remember where you were and what you did (history, cookies, form search entries, offline cache...) It will however not mask your IP or make all traffic encrypted.
EDIT: added a few bits. mostly to TOR and Firefox and btsync
Bookmarks