PDF Archive

Easily share your PDF documents with your contacts, on the Web and Social Networks.

Share a file Manage my documents Convert Recover PDF Search Help Contact



Cryptoparty Tor Workshop .pdf



Original filename: Cryptoparty_Tor_Workshop.pdf
Title: Cryptoparty: Tor Workshop

This PDF 1.4 document has been generated by Google / Unknown, and has been sent on pdf-archive.com on 23/09/2012 at 13:22, from IP address 81.17.x.x. The current document download page has been viewed 1681 times.
File size: 143 KB (30 pages).
Privacy: public file




Download original PDF file









Document preview


#Cryptoparty Workshop:
Tor
Saturday, 22 September 2011
by @stokely
This is NOT copyright. It's in the
public domain. Use as you wish. :)

Why are we here?
● we're in an era of strong government action
against internet users
● 250,000 Australians under surveillance (excl
ASIO)
● there are two main areas under attack - piracy,
and free speech
● International legal(?) action against Wikileaks,
Megaupload
● Strong Government interest in the use of online
social networks by political activists (Arab
Spring, Occupy)

Global problems for cyberactivists &
cyberdissidents, bloggers & journalists
*Reporters without Borders- Press Freedom roundup 2008:
 
"Predatory activity is increasingly focused on the internet."
 
1 blogger killed
59 bloggers arrested
1,740 websites bocked, shut down or suspended
 *more online journalists incarcerated than other journalists
for the first time

LESS security, MORE surveillance
● It's never been particularly safe to communicate by email
or on social networks due to insecurities in the tech, and
it's about to get worse. WHY?
● Increased surveillance of activists. There have already
been subpoenas on Australians' Twitter accounts & Twitter
last week said they'd comply MORE with requests from the
Australian police.
● The US government is strengthening laws to control the
internet (See the proposed SOPA/PIPA laws) 
● As signees of the Free Trade Agreement with the US,
Australia is legally obliged to enforce laws like the DMCA
in Australia. So their law can touch us.
●  Social networks are voluntarily censoring (Twitter
announced geo-censorship of tweets yesterday).

Legal disclaimer
● I am not a lawyer, and this workshop is not about your
legal rights or responsibilities.
● Seek legal advice. Use your common sense.
● This workshop will give you some simple tools to stay safer
● The key word is SAFER, not 100% safe. 
● Today we'll show you one or two layers in the security
'onion' - we're not promising to protect you from the
world's best hackers or the FBI. If you are Wikileaks and
people could die based on the information you're sharing,
basic security is not enough. You need to learn more about
how to keep yourself, your communications and your
community safe.

Part 1: Secure your email
 

Your email is not safe
● Vulnerabilities are human and technical.
● Human vulnerability: choosing easy to guess passwords,
sending email to someone untrustworthy who forwards it
to the authorities or a newspaper, sharing your password
with someone who loses it.
● Tech vulnerabilities: Spyware like keyloggers, your
password could be cracked, your login might be insecure
(http), transmission of your email over the internet might
be insecure.
● At least two ISPS will handle your email - the sending &
receiving ISP. Do you trust your ISP? (Don't). They are
subject to Australian law and are routinely asked to
provide information from/about their customers.

3 steps to safer email
● Keep your computer free of viruses/malware
● Keep your password secure
● Encrypt your email

Viruses/malware
● Malware exists to steal passwords, and to get exact copies
of everything you type - it's called keystroke logging.
● Players of online games like World of Warcraft get
targetted by keystroke loggers, who capture their game
login password so they can steal their accounts. It doesn't
just happen in the movies. It happened to me.
● Keep your software & operating system up to date, and
install some anti-malware/anti-virus software - here are
some step by step tips: https://security.ngoinabox.
org/en/chapter-1

Protect your password
● Change your password. Today.
● This should be common to anyone with an ATM card, but
it's not
● Change it regularly, make it not personal to you (ie
birthdays), mix in numbers, letters & capitalisation
● As a memory aid, use a mnemonic like:
● 'To be or not to be? That is the question' which becomes
'2Born2b?TitQ'
●  One password to rule them all: Password manager
software like KeePass
● http://keepass.info/
● Uses one master password to access & manage all your
passwords.

Login securely
● You need your email to be secure at the point of login (if
you're using webmail) and when it's travelling the internet
to reach the recipient of your mail.
● Webmail is less secure because you are trusting the
content of all your emails to the company that's sending it.
(ie Google).
● Consider switching to an email client (email software like
Thunderbird or Mail for Mac instead of using a web-based
email like Gmail or Yahoo)
● Riseup is an email service run by and for activists that can
be securely accessed by webmail or using an email client
like Thunderbird (https://riseup.net/en)
● Choose a webmail provider that uses https to login.

Using https for your logins
● https uses SSL (Secure Socket Layer) to add a security
layer to normal web pages (http), you'll already use it for
online banking.
● Gmail uses https by default. To check if it's turned on:
● Sign in to Gmail.
● Click the gear icon in the upper-right corner, and
select Mail settings.
● In the General tab, set 'Browser Connection' to 'Always use
https'.
If you've never changed the setting before, no radio
buttons will be selected, even though the default is
indeed 'Always use https'.
● Click Save Changes.

Encrypt your mail
● Unencrypted email travels as-is online, meaning anyone
snooping can read it.
● Encrypting mail means encoding it so snoopers can't read
it.
● Later we'll break into groups to show you how to use Tails
to encrypt mail and files and use keys to ensure that the
sender (you) and the receipient are who they say they are.

Activity: Secure your webmail
● Break into groups
● With your group leader, work out if it's possible to turn on
https for your webmail and make sure it's turned on.
● Change your password! Choose something more secure.

Secure your browsing
 

Use https everywhere that you can
● If you use the Firefox browser, you can install the "HTTPS
Everywhere addon" so it happens all the time.
● Download it here: https://www.eff.org/files/httpseverywhere-button.png
● There will be an HTTPS Everywhere button at the top right
of your Firefox toolbar which lets you see & disable a
ruleset if it's causing problems with a site. eg if you try to
get on a hotel wifi connection.
● There is no excuse for not using HTTPS-everywhere

Set Facebook & Twitter to https
● To make Facebook use https, go to the Account Settings
menu, change the default value in the "Account security"
sub-menu to https.
● More info here: https://www.facebook.com/blog.php?
post=486790652130
● To turn on https on Twitter, go to your account settings
(https://twitter.com/settings/account) and tick the box
next to "Always use HTTPS" which is at the bottom of the
page. 

The Tor browser
● Tor is an online security project.  
● Tor has been described as "a second Internet running
inside the existing Internet". It allows people from
countries with strict regimes to bypass blocking and
monitoring software.
● There's a video of the Tor project creators talking about
how governments and corporations have tried to block
Tor. 
● http://www.youtube.com/watch?
feature=player_embedded&v=DX46Qv_b7F4#!

The Tor browser
● Tor is an online security project.  
● Tor has been described as "a second Internet running
inside the existing Internet". It allows people from
countries with strict regimes to bypass blocking and
monitoring software.
● Tor bounces your online communication around a network
of relays run by volunteers, instead of going straight from
your IP address to your destination. This means it prevents
people who might be spying on your internet connection
from learning what sites you visit or learning your physical
location and it lets you access blocked sites.

 
 

 
 

The Tor browser
● You can install & use Tor software, or use the Tor browser
to make your web browsing (more) secure.
● BE AWARE of Tor's limits. It focuses only on protecting the
transport of data. You need to use protocol-specific
support software if you don't want the sites you visit to see
your identifying information. For example, you can use
Torbutton while browsing the web to withhold some
information about your computer's configuration.
●  What does this mean? External applications are not Torsafe by default, and can unmask you.
● Tor is TCP only, and then apps can send your IP address, so
it's good to use vetted apps. 
● One way around this is to use a transparent Tor proxy like
Tails (https://tails.boum.org/)

The Tor browser bundle
● An easy way to use the Tor software is to download and
use the Tor browser bundle.
● This means just by using the Tor browser, you're protected
by Tor software.
● It's available for Windows, Mac or Linux.
● It can also run off a USB flash drive (AKA USB key). This
means you can safely browse from any computer, by using
your USB key.
● Download the Tor browser bundle here:
● https://www.torproject.org/projects/torbrowser.html.en

Tor check
● Make sure you've actually got it working right.
● Once you've got the Tor browser installed, visit the Tor
Check page: https://check.torproject.org/
● It will detect whether you're using Tor or not, and tell you.
 
 
 
Need help?
On IRC: #tor
Or: http://irc.oftc.net/

Suggested Activity: 
Set up a secure browser
● Install Firefox & HPPTS Everywhere and/or the Tor Browser
● Make sure you use the Tor Check tool as well!

Tools for Activists & Bloggers
● Highly recommended:
● Security in a box: https://security.ngoinabox.org
● Riseup email for activists: https://riseup.net/en

Resources for safe publishing online
Highly recommended:
● Reporters without Borders handbook for bloggers and
cyberdissidents (PDF download: http://en.rsf.
org/IMG/pdf/RSF_GUIDE_PRATIQUE_GB_v6.pdf
● Includes information on how to blog anonymously and
technical ways to get around censorship
● Arts Law Centre of Australia Online - Legal issues for
bloggers: http://www.artslaw.com.
au/legalinformation/LegalIssuesForBloggers.asp 
● EFF guide for bloggers
● http://www.eff.org/issues/bloggers/legal

Tails - the amnesiac incognito live
system
Tails "is a complete operating-system designed to be used
from a DVD or a USB stick independently of the computer's
original operating system. It comes with several built-in
applications pre-configured with security in mind: web
browser, instant messaging client, email client, office suite,
image and sound editor, etc."
 
The Tails website is here:
https://tails.boum.org/security/index.en.html
 
You can read an article about it here:
http://www.linuxjournal.com/content/linux-distro-tales-youcan-never-be-too-paranoid

Suggested Activity
● Set up a USB key with Tails for secure computing
● Use Tails to encrypt files, email, and instant messaging

Thanks!
● Thank you for coming to #Cryptopart to learn and share
what you know
● Remember 'each one teach one' - please find someone who
needs to learn this stuff, and teach them!
I can email out this presentation with handy links to
information and downloads, if you email me (sarah.
stokely@gmail.com) or tweet me (@stokely).
Cheers! 
 
Also - Happy Talk Like a Hobbit day! :)


Related documents


pdf microsoft tech support
tips for small businesses to be safe online
8 ball pool hack and cheats the world s biggest game
telkom webmail login and reset steps telkom 64
the most frequent blunders made1253
cryptoparty tor workshop


Related keywords