learn.equalit.ie - User contributions [en]

Can I be anonymous whilst using my phone

2015-11-25T22:37:23Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Solution
|Scenario Task Parent=Phone
|Scenario Task Description=The short answer is you can't, and there are [https://ssd.eff.org/en/module/problem-mobile-phones several reasons why]. Your [https://en.wikipedia.org/wiki/Subscriber_identity_module SIM card] can be directly linked to your identity, account or point of purchase. The [https://en.wikipedia.org/wiki/International_Mobile_Station_Equipment_Identity IMEI] and the [https://en.wikipedia.org/wiki/International_mobile_subscriber_identity IMSI] numbers in your phone are unique and can also be linked directly to your location and/or identity. In general, [https://en.wikipedia.org/wiki/Mobile_phone_tracking Mobile phone tracking] is a well established technology and the only way to prevent this type of location tracking is to remove the battery, carry a [https://en.wikipedia.org/wiki/Faraday_cage Faraday cage-like] accessory or not bring your phone at all.

If you want, however, you can browse the Internet anonymously from your phone:
* Android users can install [https://securityinabox.org/en/guide/orbot/android OrBot] and the [https://securityinabox.org/en/guide/orweb/android OrWeb browser]
* iPhone users can install the [https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8 Onion browser]
 
}}

Can I be anonymous whilst using my phone

2015-11-25T22:37:06Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Scenario
|Scenario Task Parent=Phone
|Scenario Task Description=The short answer is you can't, and there are [https://ssd.eff.org/en/module/problem-mobile-phones several reasons why]. Your [https://en.wikipedia.org/wiki/Subscriber_identity_module SIM card] can be directly linked to your identity, account or point of purchase. The [https://en.wikipedia.org/wiki/International_Mobile_Station_Equipment_Identity IMEI] and the [https://en.wikipedia.org/wiki/International_mobile_subscriber_identity IMSI] numbers in your phone are unique and can also be linked directly to your location and/or identity. In general, [https://en.wikipedia.org/wiki/Mobile_phone_tracking Mobile phone tracking] is a well established technology and the only way to prevent this type of location tracking is to remove the battery, carry a [https://en.wikipedia.org/wiki/Faraday_cage Faraday cage-like] accessory or not bring your phone at all.

If you want, however, you can browse the Internet anonymously from your phone:
* Android users can install [https://securityinabox.org/en/guide/orbot/android OrBot] and the [https://securityinabox.org/en/guide/orweb/android OrWeb browser]
* iPhone users can install the [https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8 Onion browser]
 
}}

To find a reliable email provider

2015-11-25T22:24:06Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Scenario
|Scenario Task Parent=Email
|Scenario Task Type=Surveillance, Profiling your identity and actions
|Scenario Task Description=Ideally you would not need to rely on your email provider if you [[I_want_to_learn_about_encrypting_email|encrypted all your email]]. In general, there are several important factors to consider when choosing an email provider:

*Who is behind the service - is it a big corporation or a small company?
*Where are their servers located, where is the company registered?
*What are the privacy and security features of the account?

Answers to these questions may help you understand how far the email provider will go to protect your privacy and identity, the relevant laws that will govern that company and your messages on their servers. [https://www.privacytools.io/#email Here's a list from the Privacy Tools website] on ethical email providers. It is best to read carefully each provider's terms of service and privacy policies before registration. Be aware that apart from protecting the contents of your email messages with encryption, you should also consider email metadata - that is information about who you send and receive email from, when, how often and the subject line, which is never encrypted. Please refer to the EFF [https://ssd.eff.org/en/module/why-metadata-matters Surveillance Self Defense Guide - why Metadata matters].

 
}}

I want to send an anonymous email

2015-11-25T22:22:50Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Scenario
|Scenario Task Parent=Email
|Scenario Task Type=Profiling your identity and actions
|Scenario Task Description=There are several options for sending an anonymous email. One of which involves a pseudonymous email where any data identifying you or your location is stripped from the message. A level of technical experience is required as you move further down the anonymity scale in your email communications. This is especially true because of the problem posed by [https://immersion.media.mit.edu/ email metadata].

You can register a temporary email address (good for one day) to receive an email anonymously from the https://anonbox.net project. You can send an anonymous email using the [https://webmixmaster.paranoici.org Paranoici] remailer service. It will wrap your email message in several layers of encryption, anonymising the [https://ssd.eff.org/en/module/why-metadata-matters metadata] of your message.

The 'easiest' way to send an anonymous email (containing no identifying metadata about the conversing parties) is over the [https://www.torproject.org/docs/hidden-services.html.en Tor Hidden Service] network. You can register an email account in Torbox (http://torbox3uiot6wchz.onion/) and access its webmail service from a [https://www.torproject.org/download/download-easy.html.en Tor Browser] or through a [https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/ Torrified Thunderbird client]. The recipient must use the same service for conversing with you.

 
}}

I want to protect my email account from unauthorised access

2015-11-25T22:21:15Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Scenario
|Scenario Task Parent=Email
|Scenario Task Type=Unauthorised Access
|Scenario Task Description=There are many things you can do to protect your email account from unauthorised entry or hacking. There are quite a few things your email provider should do as well, so [[To find a reliable email provider|pick one wisely]]. First and foremost your account must be protected by a [https://learn.equalit.ie/wiki/Better_Passwords good password]. You also need to make sure that your computer is free from [[I want to protect my computer from virus infection|malware]].
}}

I want to be protected from malicious emails

2015-11-25T22:15:19Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Scenario
|Scenario Task Parent=Email
|Scenario Task Type=Unauthorised Access
|Scenario Task Description=A huge quantity of malicious content can access your computer through your email inbox. This could be annoying but harmless unsolicited advertising (spam), [https://en.wikipedia.org/wiki/Malware malicious software] embedded in an attachment or within the message itself, and various types of [https://en.wikipedia.org/wiki/Phishing#Link_manipulation links] leading you to infected web pages. Many tools exist to protect your computer from infection but they will never be 100% effective and a lot of discretion is advised when opening or reacting to content received in an email message. To learn how to check if an email you have received is malicious, read [https://ssd.eff.org/en/module/how-avoid-phishing-attacks this manual] by the Electronic Frontier Foundation. Also, be aware of [https://en.wikipedia.org/wiki/Spyware#Rogue_anti-spyware_programs rogue software] promising to protect your computer.
}}

I want to be certain of the recipient's identity (and vice versa)

2015-11-25T22:13:06Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Scenario
|Scenario Task Parent=Email
|Scenario Task Type=Impersonation
|Scenario Task Description=When sending an email, it is incredibly easy to fake (or "spoof") one's email address. For example, try sending yourself an email with a made up identity from https://emkei.cz

In order to be certain of each other's email identity the message needs to be signed cryptographically. You can [[I want to learn about digital signatures | do this yourself]] or learn about existing authentication methods used by some email providers.
}}

I want to destroy data

2015-11-25T22:05:11Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Scenario
|Scenario Task Parent=Data
|Scenario Task Type=Unauthorised Access, Data Loss
|Scenario Tools and Services=Bleachbit, CCleaner, Eraser
|Scenario Task Description=Those rumours were true - computers [https://learn.equalit.ie/wiki/Destroying_data cannot delete data]. Information previously deleted on your computer, USB or SD card by using the standard delete > empty bin method, can be recovered. In order to destroy data you need to overwrite its physical location on the disk with new information. Specific tools exist for this purpose including [https://ssd.eff.org/en/module/how-delete-your-data-securely-windows Bleachbit for Windows] and [https://ssd.eff.org/en/module/how-delete-your-data-securely-linux Linux], as well as [https://securityinabox.org/en/guide/ccleaner/windows CCleaner] and [http://sourceforge.net/projects/eraser/ Eraser] for Windows. MacOS users can follow the techniques mentioned in [https://ssd.eff.org/en/module/how-delete-your-data-securely-mac-os-x this guide] or recommendations regarding SecureTrash on the [https://support.apple.com/kb/PH18638?locale=en_US&viewlocale=en_US Apple website].
 
}}

Protect my site from denial of service attacks

2015-11-24T16:48:41Z

AlwaysRememberPOOP:

{{Scenario Task
|Scenario Task Format=Solution
|Scenario Task Parent=My Website
|Scenario Task Type=Censorship
|Scenario Task Description=Denial of service attacks attempt to bring down the target website through a variety of hacking, social engineering and other means. Distributed denial of service attacks (or DDoS) attempt to overwhelm the target website or its provider's resources by flooding it with malicious requests. There are many vulnerabilities and mitigation points to think through, as described in the [https://digitaldefenders.org/digitalfirstaid/#section-ddos-mitigation DDoS mitigation] section of the Digital First Aid Kit.

The [https://github.com/OpenInternet/MyWebsiteIsDown/blob/dev/MyWebsiteIsDown.md What to do when your website goes down] guide describes how to respond to such attacks and prevent their success in the future.

There are also a number of DDoS mitigation and secure hosting providers ranging from large corporate run services like [https://cloudflare.com/galileo Cloudflare's Project Galileo] and [https://projectshield.withgoogle.com/public/#application-form Google's Project Shield] to smaller ethically run organisations including [https://www.qurium.org/contact/ Virtualroad], [https://greenhost.net/order/ Greenhost] and the purpose-built [https://deflect.ca Deflect].
}}

Thread:Talk:Digital Security QA/Stuff Missing

2015-09-09T21:44:51Z

AlwaysRememberPOOP: New thread: Stuff Missing

Listing currently outstanding content:

- Access to the Web > A Website I am Trying to Access is Unreachable > All the following responses still need to be written.
- Computer > All the following categories/responses still need to be written
- My Website > All the following categories/responses still need to be written
- Phones category still needs to be drafted out
- Social Network > It would be useful to provide ways to improve privacy for the most popular social networks, particularly Facebook since its privacy settings are washy and most users might not understand how to restrict their content in the way that they actually want without additional research.

Last point, the tone is a little inconsistent. The Email category for example is fairly casual whereas the other categories seem more serious. Not a value judgement here as I actually think casual might be better but we might need to apply consistency in tone.