Installing and using desktop Tor Browser
This is valid for Windows, Linux, and macOS.
- Download and install Tor Browser
- Open Tor Browser
This is valid for Windows, Linux, and macOS.
In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk.
There might be worst-case situations where using Tor and VPNs are not possible due to extensive active censorship or blocking.
It is possible to access/connect to remote distant Public Wi-Fis from a distance using a cheap directional Antenna that looks like this.
You need to find safe places where you will be able to do your sensitive activities using some publicly accessible Wi-Fi (without any account/ID registration, avoid CCTVs).
Your IP address is the most known and obvious way you can be tracked. That IP is the IP you are using at the source. This is where you connect to the internet.
DNS stands for βDomain Name Systemβ and is a service used by your browser (and other apps) to find the IP addresses of a service.
Basically, it is like the Inception movie with computers. You have emulated software computers called Virtual Machines running on a physical computer.
RFID stands for Radio-frequency identification, it is the technology used for instance for contactless payments and various identification systems.
When conducting sensitive activities, remember that:
Geolocation is not only done by using mobile antennas triangulation. It is also done using the Wi-Fi and Bluetooth devices around you.
These have been used at least since 2008 using an attack called βJasagerβ and can be done by anyone using self-built tools or using commercially available devices such as Wi-Fi Pineapple.
Tor and VPNs are not silver bullets. Many advanced techniques have been developed and studied to de-anonymize encrypted Tor traffic over the years.
This is the part where you should watch the documentary βThe Social Dilemmaβ on Netflix.
Stylometry is our personal and unique writing style. No matter who you are, you have a unique finger printable, and traceable writing style.
You have seen this in action/spy/Sci-Fi movies and shows, the protagonists always remove the battery of their phones to make sure it cannot be used.
The IMEI (International Mobile Equipment Identity) and the IMSI (International Mobile Subscriber Identity) are unique numbers created by cell phone manufacturers and cell phone operators.
The MAC address is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized.
Your Bluetooth MAC is like the earlier MAC address except it is for Bluetooth.
All modern CPUs are now integrating hidden management platforms such as the now infamous Intel Management Engine and the AMD Platform Security Processor.
Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most popular Operating Systems now collect telemetry information by default even if you never opt-in or opted-out from the start.
You got it; your smartphone is an advanced spying/tracking device that:
Written by @CryptoSeb and taken offline recently. Archived, updated and web-friendly now on Privacy Guides by PrivacyTools.io.
The paper covers four different threat models:
Hello. My name is CryptoSeb or just Seb. Back in 2015, some online friends and I noticed a gap in the information being provided to people to better their knowledge of security, privacy, and anonymity in our ever-changing digital world. We could find papers, forum posts, and discussion around little bits and pieces but we had to do the searching ourselves and put it all together. It really wasnβt suitable for like 75% of the Internet population. So in early 2016, I had this idea of writing a paper that would encompass everything related to security, privacy, and anonymity but tailor it to all walks of Internet users; whether that is my 59-year-old grandma, or Edward Snowden like individuals. This paper, titled βThe Crypto Paperβ resembles the beginning of my alias because it largely a collection of my own personal thoughts, knowledge, and experiences. As well, this paper is not going to be something that strikes every individual in a good spot 100% of the time β you WILL disagree with some of what is included and that is perfectly fine. We encourage you to submit corrections or give suggestions on how we can improve it.
Bitmarauder As a cypherpunk and wanderer on these here wires, from time to time you will find that my hands feel the need make note of what I've learned in my travels in search for truth and freedom. By trade/study I work in infosec. My anonymity and privacy when necessary are huge.
Reviewing / Content Editing
Originally, I had these high hopes for this paper to get peer-reviewed by some big(ger) name people in the privacy/security industry and even though many of them agreed to take on the task, lives are busy and the paper is 61 pages. So I am just going to have to settle with a little more harsh criticism from the public. I know there has to be places in here where I am dead wrong or you think I should add/take out something so I encourage you to really speak up if you see the need. I intend on publishing an edited version 1-2 months from the initial release.
Note: Contact information of the authors removed since they've decided to take the paper offline.
Back in mid 2015, I (among other friends) started to see a real issue with the people using the Internet. Not only were they using it completely incorrectly on so many different levels, but they didnβt have the resources to acquire accurate knowledge and change their behaviors. It isnβt necessarily the fact that people want to use the Internet incorrectly, itβs just that we have come from Windows 95, 50 pound desktop computers, 512mb of RAM, and Minesweeper, to petabyte servers, Google, self-driving cars, and ransomware in the course of 16 years. We have made technological leaps forward and it is literally consuming the massive portion of the population who werenβt born/raised in this era or who donβt have an interest in becoming βtech-savvyβ. And yes, consuming is the right word. I swear if a computer could eat you, some of the 65-year-old people trying to text their grandchildren would be gone. That phone would have a mental break down as they βattemptβ to use it correctly and just eat them.
But I have nothing against people who cannot seem to understand the security/privacy/anonymity aspects revolving around technology. That is actually the reason for this paper being developed in the first place. I want all my grandmas to be successful Internet users and not have to approach it with such a disconnect. Furthermore, we want avid tech people to also find a benefit and learn a little as well.
Uniquely Designed
Designing something of this magnitude wasnβt as easy as you would think. I needed a way to separate the content so it had some sort of βflowβ to it. But I also needed it to be something that wouldnβt lose the less experienced people right off the start. The idea I came up with was the split it into four categories of people:
As you move up from one category to the next, the information becomes more intensive and techy. I hope that this method ensures adequate learning on behalf of ALL Internet individuals and we definitely encourage you to learn in the sections where you are lost. This is meant to be a tool of knowledge to promote your learning!
Finally, I am able to say that The Crypto Paper is complete! It is a huge achievement for me to say that. Writing this paper has taken countless hours, lots of research, and one too many discussions with people who have more knowledge and experience than myself. One of the older fellows that I have nightly coffee with made a comment to me that it was nearly impossible for him to keep up with the advancements we are making in technology and the way he talked about it, it was almost like he was just trying to stay afloat. This hit me as rather concerning. If we are moving this fast into a digitized world, where will my parents be in 5, 10, 20 years time? Would they be able to keep up? Or would they feel just as helpless? I got a lot of the inspiration for writing this paper from the amount of people I talk to who have zero clue how to keep up, stay secure, and even properly run a business in our Internet world today. But because I have been involved in, and always really interested in learning about security, privacy, and anonymity, I wasnβt just going to stop with the basics. I have had a fair amount of previous experience with the areas covered in this paper. So I figured it would be a great challenge to take on and I definitely had fun.
Even if you were only able to get through the first category/section before being completely lost, I hope you were able to take something away from The Crypto Paper. And if you made it all the way to the end and had some concerns with things I have written about or views that I have, I encourage you to get in touch and discuss them with me. I mentioned in the introduction that this is largely a construction of the experiences and knowledge I have had and acquired over the last few years being a part of this βsceneβ so I know it will definitely not be perfect. Everyone who is well versed in these fields will have their own views on the topics discussed and many will have a lot more knowledge than myself. So if you are one of these individuals, please donβt be shy. Out of all of this, I want it to be a learning tool for not only those reading, but also myself. I will work on and improve this paper as I have time and as I receive criticisms and suggestions.
Please feel free to contact either of us with any and all concerns, questions, or feedback. We look forward to hearing from you! Official Subreddit: https://reddit.com/r/cryptopaper
Thanks so much for reading. I encourage you to link to this paper, print it off, share it in any way you see fit. Just please do not alter the paper in a way that would discredit the many hours I have put into developing and writing it and the many hours others have spent reviewing it before it went public.
Seb
What is Privacy? Wikipedia describes privacy as βthe ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectivelyβ and I would largely agree that the definition provided fits the mold.
For starters, a threat-model could be defined as how an individual needs to be protected based on things like:
I am a pretty big believer in encryption online because encryption can be seen as the primary tool that keeps our information/data secure.
Diving right into the specifics, I want to start off with the most common mode of accessing the World Wide Web, your Internet browser.
Often times when you connect to a website, you will notice that the URL just displays the website name. But as we move into a more digital world, it is highly recommended that sites use SSL Certificates and Transport Layer Security to encrypt your connection to them.
Now, there is a difference between some terminologies here that seems to be used interchangeably when they arenβt really the same.
It is important when we learn about encryption and using it alongside strong passwords, to also take a look at how these passwords are stored on the websiteβs server.
So once you have the basics of how the Internet can work with you to keep you safe, it is vital that you determine what information you are putting out there, where it is going, and who is able to view it.
I often times see people whom are clearly business people doing business related things with customers, clients, and the like in very public places in very insecure manors.
Currently, technology allows us to communicate in so many different ways with each other that even 30 years ago we were unable to do.
Before coming across the ProtonMail crowdfunding campaign, I was an avid user of email services like Yahoo and Gmail.
Warning: This section of The Crypto Paper is outdated. Wire went through some severe Privacy policy changes:
The one thing missing from Version 2 of the paper was the XMPP/Jabber Protocol and OTR (off-the-record) for messaging privately and securely.
Signal is marketed on the Open Whisper Systems website as βPrivacy that fits in your pocketβ.
Apple has provided a messaging service since the dawn of the iPhone many years ago and expanded on it to be a very privacy conscious and secure way of communicating.
Right alongside messaging people in a secure manner, we have to think about how and where we are storing files in the cloud, and how those files are being shared with others.
Hopefully by now you have registered for a ProtonMail or Tutanota account and are ready to start transferring some accounts over.
One of your strongest counters to surveillance, attack, and theft of your devices is making sure the data on them is secure.
There are very few locations where I actually trust connecting directly to the Internet.
One of the other ways one can secure their connection to the Internet is to make sure that all incoming and outgoing connections are being passed through a Firewall.
The β5 Eyesβ countries refer to 5 countries (United States, Canada, The United Kingdom, Australia, and New Zealand) that have an intelligence agreement known as the UKUSA Agreement to share information with one another.
By now, the hope is that you have really begun to look at the services you are using on a day-to-day basis.
Getting back to the good stuff, I have talked in the above pages about a term called FOSS or open source, or the long form Free, Open Source Software.
One of the other things you will have likely noticed me touching on is companies who are willing to share their PGP Key for customers so they can use email + PGP for communication to support.
My first step in looking at anonymity is making use of the TBB and the Tor network. Tor was released in 2002 and has since evolved into a tool that is used by millions of people worldwide.
If you are reading this but have no need for anonymity and really canβt see where it would fit into your Internet life, I at least hope you can imagine a situation where someone else might need it.