| layout | title |
|---|---|
page |
What to do next |
Here you'll find some concrete steps (some simple, some a bit more involved) to take to protect yourself and your information. At the end, there are links to more guides and resources.
This is as of 2016, and partially obsolete.
- for Macs (OS X)
- for Windows
- for iPhones (iOS)
- for Android
- and many more links with further guides, tools, and background info
We recommend only a small subset of all available tools - the ones we consider "the best" for most users with
- average (or maybe slightly lower) technical IT background.
- average (or slightly higher) need for privacy and security of information.
- Note that life-and-death situations require stronger solutions (and much more paranoia) than we can cover here!
- Fact: Cryptography is hard!
- Weakest Link property:
- Adversary only needs to break the weakest link in the chain
- If you're careful 20 times, but careless once, you might already be screwed
- Adversary is not playing fair:
- Key Loggers
- Timing attacks, Side channel attacks, Chosen Plaintext attacks, etc.
- Rubber hose, Wrench (see xkcd comic below)
- Weakest Link property:
- Thus: Desireable Attributes of a tool:
- Organizational properties
- Open Source
- Security Audit
- Clear threat model, clear crypto solutions
- Crypthographic properties
- Established crypto algorithms
- End-to-end encryption
- Perfect forward secrecy
- Price
- We give preference to free/open source tools,
- But we will list commercial solutions if they provide clear benefits (such as ease of use, better support, etc.)
- However, very expensive tools will be penalized.
- Organizational properties
In summary, our list below includes tools that are not too hard to use, preferably open source, with good enough crypto, preferably cheap or free.
Also see the EFF Surveillance Self-Defense Guide on Choosing Your Tools and Seven Steps To Digital Security.
from: "xkcd" by Randall Munroe at xkcd.com
- Use Messages and Facetime (end-to-end encrypted)
- In Safari,
- Switch your Search Engine to DuckDuckGo (Safari -> Preferences -> Search)
- Install Extensions (Safari -> Safari Extensions):
- Adblock Plus (choose all options: block malware, trackers. By default, "acceptable ads" are displayed, can be disabled)
- maybe Ghostery (or Disconnect Private Browsing)
- maybe CryptoCat (for anonymous chats)
- In Firefox, Chrome,
- Switch your Search Engine to DuckDuckGo
- Install Addons
- Adblock Edge
- Always HTTPS
- Privacy Badger
- Download and install
-
Enable FileVault (Disk Encryption). It requires a system restart, then works in the background to encrypt your disk. (System Preferences -> Security & Privacy -> FileVault)
-
(in Safari -> Preferences -> Privacy, occasionally remove all website data. Note that you'll have to log in fresh to all websites, so only do this if you know all your passwords, or have a password manager)
-
Get started with a Password Manager
- If you're only on Safari (Mac and iOS), Keychain is great
- If you're happy to pay for a commercial solution, look at LastPass or 1Password
- If you prefer a free open-source solution, get KeePass or PasswordSafe
-
Get started with GPG:
- download & install
- GPGTools: not free. GPG on OS X Mail. EFF score 5/7. Link
- generate your first key, upload the public part to keyservers
- consider joining keybase.io
- download other people's public keys, and send them your first encrypted message
-
Also see the EFF Surveillance Self-Defense Guide on How to use PGP for Mac OS X
-
For advanced users, also see the OS X Security and Privacy Guide
- In your browser:
- Switch your Search Engine to DuckDuckGo
- Install Addons
- Always HTTPS, if available
- Privacy Badger
- Download and install
-
Get started with a Password Manager
- If you're happy to pay for a commercial solution, look at LastPass or 1Password
- If you prefer a free open-source solution, get KeePass or PasswordSafe
-
Get started with GPG:
- download & install
- GPG4Win: GPG for Windows. Link
- generate your first key, upload the public part to keyservers
- consider joining keybase.io
- download other people's public keys, and send them your first encrypted message
-
Consider
- Pidgin + OTR: OTR chat for Windows, EFF score 7/7. Link
-
Also see the EFF Surveillance Self-Defense Guide on How to use PGP for Windows
- Switch your search engine to DuckDuckGo (Settings -> Safari -> Search Engine)
- Use iMessage and Facetime, both end-to-end encrypted
- Download (from the App Store)
- Browsing apps: OnionBrowser (anonymous/private browsing)
- Chat apps: Signal, Telegram
- Voice call apps: Signal
- Get started with a Password Manager
- If you're only on Safari (Mac and iOS), Keychain is great
- If you're happy to pay for a commercial solution, look at LastPass or 1Password
- If you prefer a free open-source solution, get pwSafe
- Get started with GPG:
- download & install
- iPGMail: not free. GPG for iOS Mail. Closed source. EFF score 4/7. Link
- copy your private key from your desktop computer over to your iPhone, see this guide.
- send yourself a message from the desktop and decrypt it on the iPhone, and vv
??? TBD
??? TBD
- Computer Security for Journalists. A presentation by Jennifer Valentino-DeVries (WSJ) on information security for journalists
- Digital Security for Journalists. A presentation by Laurent Eschenbauer on information security for journalists
- Doxxing Defense. A guide on how to remove your personal information from data brokers
- Email Self Defense. A guide to setting up encrypted email on the desktop, unfortunately somewhat confusing and out-of-date.
- Encryption Works. A guide for journalists on “How to Protect Your Privacy in the Age of NSA Surveillance”. Somewhat out-of-date.
- Information Security for Journalists. Excellent guide from The Centre for Investigative Journalism, covering the Operating System, Safe Browsing, Data, Email, Instant Messaging, Phone & Voice/Video Calls, and Passwords. Targets a higher level of risk and security than this present InfoSec101. Aailable in many formats.
- Journalist Security Guide. A guide on information security, part of a guide for (general) security for journalists by the Committee to Protect Journalists
- Planning Digital Security for your Story. A presentation by Jonathan Stray on information security for journalists
- Privacy 101. Background info by Privacy International, a registered UK charity.
- OS X Security and Privacy Guide. A somewhat advanced guide for OS X power users.
- A basic introduction to some aspects of Internet Safety from the Goodwill Community Foundation.
- EFF Secure Messaging Scorecard. A useful list and brief evaluation of chat apps, for all platforms.
- EFF Surveillance Self-Defense. A useful guide and list of tutorials about many aspects of information security
- Guardian Project. Tutorials and tools for a few privacy tools.
- Prism Break. A very comprehensive overview about a lot of apps and software, with some good comments, for all platforms. Note: Only Free/Open Source tools are considered, not commercial ones.