Semantic search

[Edit query]| Show embed code


Previous     Results 31 – 71    Next        (20 | 50 | 100 | 250 | 500)

I want to know about options for private chat

Solution- Surveillance
Tools and Services: Pidgin Adium, Jitsi, Cryptocat, Mega, Peerio, Telegram, Signal

If you want to have a private chat conversation with someone, you need to make sure that no one else but you and the person/s you are chatting with can read your messages (confidentiality), that the person/s you are chatting with are really who they say they are (authenticity) and that what you and the other people in the chat are writing is not tampered with by third parties (integrity).

In order to obtain all this, you need to use a tool offering end-to-end encryption and key verification. As most service providers (e.g. Google, Microsoft, Yahoo, Facebook) don't offer this service and can therefore read your chat record, it is a good idea to either switch to an alternative chat service that provides encryption by default, or to use software for encryption if you need to stick to those services. Take a look at the EFF's Secure Messaging Scorecard to see how they rate various chat clients that claim security properties.

The standard for a secure two-party conversation is called OTR - Off the record messaging, and several popular chat clients support it, including Pidgin with OTR for Windows and Linux, Adium for Mac, and Jitsi for all common desktop operating systems. The latter also includes secure audio and video conferencing. These clients can work with your existing accounts on Google, Facebook, Yahoo, etc. and encrypt the conversation over their respective networks.

Several chat clients are available as an add-on to your web browser, including Cryptocat, Mega and Signal. Aside from that, several free messaging services offer similar encryption properties for messaging including Peerio and Telegram. All of the mentioned tools are available as open source software and publicly disclose the encryption methods they employ in their software.

If you are interested in creating a secure and an anonymous conversation, please refer to I'd like to have an anonymous conversation


I want to learn about circumventing Internet censorship

Solution- Censorship
Tools and Services: Psiphon, Lantern, uProxy, Tor Browser

There are numerous ways to block a website. Luckily there are also many ways to get around these blocks. For a quick primer, look at the How to Circumvent Online Censorship guide by the EFF or the more detailed Floss manual on bypassing censorship, or a practical multilingual guide on how to remain anonymous and bypass censorship on the Internet from the Security in-a-box project.

The solution lies in connecting to the desired website via an intermediary server - and hiding this action from the censor. There are a number of tools and services to achieve this:

  • Circumvention tools - purpose-built software to go around local Internet restrictions. Psiphon, Lantern and uProxy are some such tools.
  • VPNs - a Virtual Private Network allows you to connect to the Internet via an encrypted tunnel to the VPN provider. Your ISP can only see your connection to the VPN service, and to the website you are visiting your origin appears as coming directly from the VPN servers. The RiseUp VPN service is a popular choice among activists and functions from all computers and Android smartphones. Surfeasy is one of the many commercial VPN services offering free accounts as well.
  • The Tor Browser is another popular method for bypassing website censorship by using an anonymity network.

A growing number of countries practicing Internet censorship are beginnning to discover and block access to these intermediaries as well. If neither method works (as you live in a country that blocks public circumvention methods) then you may need to ask a friend living in another country to set up a proxy server, a Tor Bridge or a VPN just for you. The latter (setting up a VPN server) is a little trickier and will require some technical competency with Linux systems (and possibly home routers).


I want to learn about digital signatures

Solution- Impersonation


You've come to the right place! But all in due time: before you learn how to cryptographically sign your message, you first need to understand how email encryption works and generate a key pair, which is used to encrypt your messages, but also to digitally sign them.

By signing a message, you will be able to prove to the recipient that you are the actual author of the email (authenticity) and that the text has not been tampered with along its way from your computer to the recipient's inbox (integrity).

For more information, you can read the Digital Signatures section on the Bitcoinbombs website and then a practical guide for your email client from the Security in-a-box website.


I want to learn about encrypting email

Solution- Surveillance
Tools and Services: Mailvelope

Excellent! It's a journey but one well worth taking. There are many guides about setting up and using public key encryption and it may seem overwhelming at first. A few helpful tips to remember when starting out:

  • There is a general standard for public key encryption called OpenPGP. Popular encryption engines including PGP and GnuPG are compliant with this standard
  • To use public key encryption you will need a key pair, an encryption engine and (optionally) an interface with your email program
  • Your key pair is portable, you can change the email program and encryption engine, using the same encryption method from different computers. Essentially the key pair is made up of two distinct (but interdependent) files - the public and private key. Keep a copy of them.

Keep in mind that aside from encrypting your messages, you should also know about key verification, message signing and file encryption. Please make sure you refer to these sections in the given resources. Here's a list of guides, varying in the software methods they show as examples, by language and context, to help you get started and on the way:



I want to learn about secure audio and video conferencing

Solution- Surveillance
Tools and Services: Linphone, Jitsi, Jitsi Meet

Secure telephony and video conferencing on the Internet did not exist until very recently, when ZRTP, a cryptographic standard for voice over IP (VOIP) conferencing was invented by Phil Zimmerman, the same person who gave us PGP encryption for email. ZRTP offers end-to-end encryption of the conversations and has been implemented in Jitsi and Linphone. Both tools encrypt audio and video conferencing and are available for use on all common platforms.
In addition Jitsi also offers a conferencing service accessible directly from the browser, called Jitsi Meet. You can install the open source package on your own computer or use their publicly available portal at https://meet.jit.si. Note that this web service provides only transport layer security (TLS) and not end-to-end encryption as the clients mentioned above, which means that the connection is encrypted but the content is accessible to the provider.


I want to prevent unauthorised access to my data

Solution- Unauthorised Access
Tools and Services: Veracrypt, LibreCrypt, DiskCryptor, Symantec Endpoint, Truecrypt, Peerio, Mega, GPG4USB

If you want to avoid that your documents are accessed by someone without your permission, you need to either encrypt them one by one (file encryption) or to store them in a secure space, which may be your computer, a storage device or just a part of them (disk encryption).

In order to create a secure space on your hard disk or storage device or encrypt the entire computer, you can use several tools:

  • Truecrypt can encrypt your entire hard disk or just a part of it, but is no longer actively maintained.
  • Truecrypt is being replaced by Veracrypt, which has been developed starting from Truecrypt's code, but this project is very recent and doesn't have a very large user base.
  • DiskCryptor and LibreCrypt are two other free and open source tools for disk encryption that are gaining prominence as replacements of Truecrypt.
  • BitLocker is a Windows solution (Vista and 7 Ultimate+ editions and Windows 8+) with several options for full disk or folder encryption.
  • Another popular commercial disk encryption tool is Symantec Endpoint Encryption.
  • Mac users can encrypt their disk using the built-in FileVault feature.


You can also use an encrypted file storage service like Peerio or Mega as explained in the I want to ensure that my data is never lost section. Individual files can be protected with GPG4USB.


I want to protect my Email

Surveillance Profiling your identity and actions




I want to protect my computer from virus infection

Solution- Unauthorised Access
Tools and Services: Tails OS, Qubes OS, NoScript, ScriptBlock, FlashBlock, FlashControl, Comodo, Avast

Like its biological predecessor, a computer virus can be caught in a lot of different circumstances. It may be impossible to prevent your computer from exposure but a series of defensive mechanisms should be able to stop the infection. They include:

Furthermore, detailed guides are available in the Surveillance Self Defense project and the Security in-a-box toolkit.


I want to protect my email account from unauthorised access

Scenario- Unauthorised Access


There are many things you can do to protect your email account from unauthorised entry or hacking. There are quite a few things your email provider should do as well, so pick one wisely. First and foremost your account must be protected by a good password. You also need to make sure that your computer is free from malware.


I want to recover data

Solution- Data Loss
Tools and Services: Recuva

Information previously deleted from your computer or removable memory card can sometimes be recovered.

If your computer is broken and the operating system refuses to load, it may still be possible to recover data from the hard drive by booting it from a live operating system


I want to send & receive secure messages from my phone

Solution- Surveillance Profiling your identity and actions
Tools and Services: Signal, Telegram, SureSpot, SilentPhone, Bleep

Messaging is the most popular method for communicating on smartphones today. WhatsApp, SnapChat, Slack, just to name a few, and of course the behemoths that are Facebook messenger and Google Hangouts all offer messaging services. It's interesting to note that they are all working in silos - your friends and contacts need to use the same provider as there is no inter-service communication. In general, they are not considered private since the provider has access to your messages.

Messaging apps that perform end-to-end encryption and publish their methods and source code in the public domain are considered here as private messaging tools. You can see a review of multiple apps on the EFF's secure messaging scorecard.



I want to send a pseudonymous email

Solution- Surveillance
Tools and Services: Tor Browser, Tails OS

There are two ways to go about this. One is to use an anonymity network (like Tor) to register and then send emails from a standard webmail account, as explained in EFF's How to create an anonymous email account guide. The other solution is to use a secure operating system and access your email provider from a public location, using a fake MAC address. Needless to say, in both cases your email account should be registered with a pseudonym, completely disassociated from any of your personal details and you must maintain rigor and vigilance whenever accessing this account.


I want to send a secure SMS (text message)

Solution- Surveillance
Tools and Services: SMSSecure

There really are not many options for sending private SMS/MMS without a data plan or access to the Internet from your smartphone. Android users have SMSSecure which was a fork of the original TextSecure application after they decided to remove support for SMS/MMS. There are no known iPhone applications for end-to-end SMS encryption.


I want to send an anonymous email

Scenario- Profiling your identity and actions Surveillance
Tools and Services: Tor Browser, TorBirdy

There are several options for sending an anonymous email. One of which involves a pseudonymous email where any data identifying you or your location is stripped from the message. A level of technical experience is required as you move further down the anonymity scale in your email communications. This is especially true because of the problem posed by email metadata.

You can register a temporary email address (good for one day) to receive an email anonymously from the https://anonbox.net project. You can send an anonymous email using the Paranoici remailer service. It will wrap your email message in several layers of encryption, anonymising the metadata of your message.

The 'easiest' way to send an anonymous email (containing no identifying metadata about the conversing parties) is over the Tor Hidden Service network. You can register an email account in Torbox (http://torbox3uiot6wchz.onion/) and access its webmail service from a Tor Browser or through a Torrified Thunderbird client. The recipient must use the same service for conversing with you.



I want to share a document securely

Solution- Surveillance
Tools and Services: GPG4USB

If you want to share a document with a friend or two, without anyone else being able to access this document, several options are available. You can send your document as an encrypted email attachment, as described in I want to learn about encrypting email or use a stand-alone GPG4USB to encrypt one or more individual files. In either case, both parties need to have set up and exchanged their keys in advance - to decrypt the message they have received.

You can also use an encrypted messaging service or do a file transfer if both parties have set up a secure chat session.


I would like to connect to a website anonymously

Solution- Surveillance


This topic is covered in I want to be anonymous connecting to the web in the section Identity or Location.


I would like to connect to a website securely

Solution- Surveillance Profiling your identity and actions
Tools and Services: HTTPS Everywhere, Avast

Connecting to a website securely means several things, all of which contribute to secure your access to the websites you visit:

  • the connection between your computer and the website's server is encrypted;
  • there are no leaks of information about the current session to third parties;
  • you do not expose yourself to malware infection by visiting a compromised website.

Read the Better Browsing guide by RiseUp for details on how to browse with greater security in Firefox or Chrome (in general, these are the recommended browsers when discussing security).

The HTTPS Everywhere browser add-on by the Electronic Frontier Foundation ensures that you connect securely and with trusted credentials to thousands of websites.

In all cases, make sure that your computer's operating system is up-to-date, that you are using the latest version of your browser and that you are running anti-malware protection. Install the recommended extensions from the RiseUp guide and review the How Do I Protect Myself Against Malware? guide from the EFF.

You may also wish to use an anonymity network or a VPN to reach the desired website as explained in the I want to be anonymous when browsing the web section.


I would like to prevent others from accessing my computer

Solution- Unauthorised Access
Tools and Services: dm-crypt

Barring physical access to your computer may be a logistical challenge: in most cases there will be moments when it is left unattended. Nevertheless, you can prevent others from getting any of your personal data out of it by using strong passwords and disk encryption.

A laptop with a TPM chip can encrypt the entire drive and secure the computer from booting to unauthorised parties, using BitLocker for Windows (Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8) and dm-crypt for Linux. Mac users can encrypt the disk using the built-in FileVault feature.


I'd like to have an anonymous conversation

Solution- Profiling your identity and actions
Tools and Services: Ricochet IM, Tor Messenger, Pidgin Adium, Bleep

In order to have an anonymous conversation, you need to connect to the network anonymously or via a service that protects your identity to enable anonymity. In general, what you have to look for is a tool or a service that hides your IP address, as explained in the Identity or Location section.

  • Ricochet client is a peer-to-peer messaging app that creates a Tor Hidden Service to enable anonymity for the conversing parties. "Instead of a username, you get a unique address that looks like ricochet:rs7ce36jsj24ogfw. Other Ricochet users can use this address to send a contact request."
  • Tor Messenger is a new tool that has been just released to the public by the Tor project team. Quoting from Tor Project's blog, it is a "cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages."
  • Bleep messenger is built on top of BitTorrent, a file sharing peer-to-peer infrastructure. There is no central server and connections between conversing parties are made directly, with content encrypted between the parties. It is not, strictly speaking, anonymous as it relies on IP addresses to route a connection through other BitTorrent users.
  • If you want to keep your current chat address and existing contact lists whilst adding anonymity properties to your conversations, install the Pidgin or Adium chat clients and configure them to work over the Tor network. This approach is explained in detail in Chatting in secret while we're being watched, an article by Micah Lee published in The Intercept. In addition, you should read I want to know about secure chat and ensure that your recipients have performed the same steps.



I'm worried someone is trying to lure me with a fake email (phishing)

Solution- Unauthorised Access
Tools and Services: NetCraft, WorldIP

Receiving messages asking you to click on a certain link, reply with private and sometimes confidential data or open an attachment, could also be a Phishing attack. Targeted attack messages - whereby the content is specifically tailored to be relevant to you are known as spear phishing. In the everyday humdrum of working life, reading dozens if not hundreds of emails per day, it is quite easy to mistakenly click on a link or open an attachment, without giving a second thought to the sender's identity or intent. Targeted attacks (an email purportedly from your friend or your boss) are even harder to detect. Please review the How to avoid phishing attacks guide from the EFF.

Some of the bigger email providers like Gmail or Hotmail offer help to detect and report phishing attacks. The NetCraft tool can protect your web browser from accessing known websites used for phishing re-directions. Firefox users can also install additional add-ons to double-check a site's validity before visiting it. In principle you should:

  • Never click on links in email messages directly (copy and paste them into the browser manually if you're intent on opening it)
  • Never open an attachment unless you are sure of the sender's identity and intent. Sometimes it's better to reply to the sender in order to confirm the message before opening it

Google Chrome and the open source Chromium browser have built-in phishing protection. It may warn you in advance of opening up a known phishing site.


Identity or Location

Scenario- Profiling your identity and actions Surveillance


Computers and smartphones leave traces about you and your actions. Connected together, all these pieces of information can reveal a lot about your identity and the places you have visited. Browsing and communicating on the Internet is inextricably linked to your IP address and MAC address. These details are continuously recorded by your Internet service provider, in accordance with Data retention legislation passed in most countries, and often times by the website you are visiting as well. The IP address can also be linked to a geographic location, as you can see by visiting http://www.hostip.info. The MAC address can be linked to your online accounts and identity. There are several solutions to 'hiding' your identity or location from the site you are visiting or masking your true destination from the ISP. However, disassociating your location from the IP address assigned to you on the network and disassociating your identity from the MAC address of your personal computer or smartphone require a different approach.

Inadvertently we leave a lot of traces and information about our identity and location through the voracious use of social media services and the pervasive presence of online trackers that record, correlate and create profiles of our characteristics and persona. Simply by using open source intelligence it is possible (and fairly easy to any savvy Internet user) to locate and identify a person from their online accounts.




Kolabnow

Service- Surveillance


Kolabnow is an Internet services provider based in Switzerland. Their systems are built strictly on open source software.


Minimising damage from a lost or stolen computer

Solution- Unauthorised Access Data Loss


Security measures must be taken in advance of the loss. They include:



My Website

Scenario- Unauthorised Access Data Loss Censorship


It's very easy to get a website up and running these days, but it's pretty tough to keep it secure and stable against a continually evolving and maturing array of cyber attacks. In order to protect your website, you will need to consider its technical set-up, the software you are using to create the site and its content, as well as the various types of plugins and extensions enabled for extra features on that site. Most importantly, you need to have a contingency plan, by asking yourself what happens in case of an emergency. This includes:

  • creating regular backups of your files and database, in case your online content gets lost due to a technical problem or an attack;
  • knowing your hosting provider's terms of service and their readiness to protect you during an attack;
  • knowing your Domain name service (DNS) provider's security options and terms of service;
  • implementing mitigation solutions in advance of a crisis.

In most cases, for non-technical users it is advised to create a site/profile on an existing platform catering especially for this, like WordPress, Medium and Livejournal to name a few of the bigger providers. They look after all the back end details, leaving you to create and manage content on the site. You can also choose to host your blog at one of the non-profit groups including NoBlogs or someone from this list.



Online Conversations

Scenario- Surveillance Profiling your identity and actions


In the Internet you will find an incredible amount of resources for real-time online conversations, whether you want to interact with communities, have one-on-one conversations, or organize a meeting or a conference. Sometimes these conversations are only textual (chat and instant messaging), but in other cases they offer audio and video as well.

As with email and Internet browsing, similar considerations on surveillance and profiling also apply for online conversations. You can have a private or an anonymous conversation using some of the tools and methods described in this section.



Only one of us knows how to use encryption

Solution- Surveillance


If only you or in turn the recipient knows how to use public key encryption, it's now possible to send a secure one way message. The person with the public key pair registers an account with https://keybase.io and uploads their public key to it, creating an identity on the portal. The sender can compose an encrypted message using your online space on this portal "https://keybase.io/encrypt#username". Keep in mind this is for one-way communication. If you would like to establish a secure channel with your recipients, please read I want to learn about encrypting email. If you would like to investigate other options of securing your messages, please go to I want to investigate other options.


Phone

Scenario- Profiling your identity and actions Surveillance


A smartphone is a small computer in your pocket, and all of the vulnerabilities mentioned throughout other sections of this guide apply. The solutions are more or less the same as those for a computer, only with different software. In most cases your smartphone will be running a version of the Android or iOS operating system. The Security in-a-box toolkit has excellent recommendations on secure mobile and smartphone usage

One major difference between a computer and a phone is that the latter always gives away its location to the cellular network. You can read more about this in Can I be anonymous whilst using my phone. Wikipedia has a useful description of various Mobile security issues. Smartphones in general require just as much attention security-wise as your computer.



Protect files and messages on my phone

Solution- Unauthorised Access
Tools and Services: Signal

Both the Android and Apple smartphones offer full handset (disk) encryption, which ensures all files and messages on your handset cannot be accessed without knowing the handset's password. On the Android phone this needs to be enabled manually and on the iPhone you are simply required to set up a security Passcode to enable disk encryption automatically.

If you forget the phone's password, you will need to restore the phone back to its original setting. Your phone would need to be synced with your Google or iTunes account so as not to lose any data. On the other hand, syncing your phone with these providers means that there is a duplicate of all your data in the cloud.

If you just want to encrypt your messages on the phone, you can use Signal on Android and iPhone.


Protect my site from denial of service attacks

Solution- Censorship


Denial of service attacks attempt to bring down the target website through a variety of hacking, social engineering and other means. Distributed denial of service attacks (or DDoS) attempt to overwhelm the target website or its provider's resources by flooding it with malicious requests. There are many vulnerabilities and mitigation points to think through, as described in the DDoS mitigation section of the Digital First Aid Kit.

The What to do when your website goes down guide describes how to respond to such attacks and prevent their success in the future.

There are also a number of DDoS mitigation and secure hosting providers ranging from large corporate run services like Cloudflare's Project Galileo and Google's Project Shield to smaller ethically run organisations including Virtualroad, Greenhost and the purpose-built Deflect.


ProtonMail

Service- Surveillance


ProtonMail is an emerging and popular email service run out of Switzerland, offering end-to-end encryption based on the OpenPGP.js library. Currently they are restricting account registration due to overwhelming demand. Parts of the codebase are open source and other proprietary.


Reset passwords and security questions

Solution- Unauthorised Access
Tools and Services: KeePass Password Safe

Password are easily forgotten (unless you are using a password program). This is why most service providers offer several opportunities for you to reset your password by sending you an email or by asking you a personal question of your choice to prove your identity. Whilst often necessary, both options may result in a security risk and need to be thought through carefully in advance. For an excellent description of the problem, you can read this Wired article by Matt Honan. To make a long story short:

  1. Resetting a password by sending the code to another email account opens up another attack vector for the hacker. If they can break into one account and then request the reset password to another account to be sent there, you are worse off than before.
  2. Setting a security question based on personal information (e.g. your mother's maiden name) means the attacker only needs to find out this information in order to reset your password and gain access to your account.

If at all possible, it is best to not set any reset options. If you want this option or are required to do so, put yourself in the hacker's shoes and make sure their task won't be easy.



RiseUp email

Service- Surveillance Profiling your identity and actions


RiseUp email is a free service for organised civil society members and is many an activists' preferred choice. They have been in operation for over 15 years and take your privacy very seriously. At the same time, a @riseup.net email account could arouse suspicion since it is so prevalent in the activist community


Run your own mail server

Service- Surveillance Profiling your identity and actions


If you're up to the challenge, a personal (or small network) mail server on an encrypted computer is an excellent way to go. It may expose the participants as belonging to a single service, but can offer privacy and reliability far and beyond what you'd expect from a 3rd party. Many guides are available online, ranging from the step-by-step walk-throughs with detailed explanations to the point-and-click install. Its not a task for the novice but it is definitely doable with some attention and persistence.



SafeMail

Service- Surveillance Profiling your identity and actions


Safe-mail is an established provider of secure email. It is a commercial enterprise and free accounts only allow for 3mb of space. The company and servers are located in Israel, with offices in UK and Japan. The company claims to seamlessly encrypt all messages between safe-mail users with 'PKE', but the secret key is stored on their servers (which means you will have to trust they will never use it to decrypt your mail).


Social Network

Scenario- Profiling your identity and actions Surveillance Unauthorised Access
Tools and Services: Ghostery, Lightbeam

The very term - social network - implies socialising and not discreet conversation. However the Facebooks and Twitters out there have become such an essential part of information exchange between us that we inevitably begin to look for confidentiality and authenticity within our social circles. There are numerous vulnerabilities to consider and important steps to mitigate them are documented and require your action. In brief, you should:

When using a commercial social networking platform, consider that you are helping create the social graph of your friends and associates. This is useful information to companies and security services. By remaining constantly signed in on your social network account in the browser, you are also disclosing your browsing habits on the Internet in general, aside from their service. This extends to many types of websites, including your news and media service. The Panopticlick project by the EFF can analyse your browser for traces of identifiable data that websites you visit will collect about you. The Lighbteam browser add-on will "visualise the relationships between the websites you visit and the third party companies that track your online activity through those websites" and the Ghostery browser add-on will help you block these trackers from collecting your personal data.

There are alternative social networking services that are built with privacy in mind, including Diaspora, RetroShare, Gnu Social and a recently launched Minds for Android and iOS.




Test my site for vulnerabilities

Solution- Unauthorised Access
Tools and Services: Nmap, Nessus

The rule of thumb for not getting your site hacked or infected with malware is:

  • Run up-to-date software, including all themes and plugins (if there are no recent updates to either - do not use them anymore)
  • Do not install or run any services you are not currently using
  • Make sure your web hosting service continually updates their own systems and services

Testing a site for vulnerabilities is not an easy task. You need to look not only at the various systems your website is comprised of and depends on, but to be able to interpret the results as well. A vulnerability could be found and exploited on a systems level (e.g. hosting set-up), in the web server configuration, inside Wordpress or in some third-party plug-in you have installed within it.

An online penetration test is available with several testing options, including a passive reconnaissance 'Google hacking' test. In principle it is recommended to run your own vulnerability testing systems, including the popular Nmap tool and the surprisingly easy to set up but very well respected Nessus vulnerability scanner.

Many vulnerabilities occur at the user level - with you. For an in-depth look into auditing internal organisational processes and systems, refer to the Safetag project and make sure you have read the section on how to protect your computer.


The website loads but is unrecognisable - it looks like another site

Solution- Censorship


If you're sure that the website address is correctly typed, then three possibilities remain for it appearing as a different site altogether.

  1. It's been hacked and its contents have been replaced with what you see now.
  2. The website's DNS account was hacked and is now redirecting you to another IP address.
  3. You are witnessing a DNS poisoning attack. To avoid this circumstance, use an anonymity network or a VPN.


You may also want to try searching through various online cache repositories that take a historical snapshot of various sites, including Cached View and the Internet Archive's Wayback machine.


To find a reliable email provider

Scenario- Surveillance Profiling your identity and actions


Ideally you would not need to rely on your email provider if you encrypted all your email. In general, there are several important factors to consider when choosing an email provider:

  • Who is behind the service - is it a big corporation or a small company?
  • Where are their servers located, where is the company registered?
  • What are the privacy and security features of the account?

Answers to these questions may help you understand how far the email provider will go to protect your privacy and identity, the relevant laws that will govern that company and your messages on their servers. Here's a list from the Privacy Tools website on ethical email providers. It is best to read carefully each provider's terms of service and privacy policies before registration. Be aware that apart from protecting the contents of your email messages with encryption, you should also consider email metadata - that is information about who you send and receive email from, when, how often and the subject line, which is never encrypted. Please refer to the EFF Surveillance Self Defense Guide - why Metadata matters.



To send an email that no one but me and the recipient can read

Scenario- Surveillance


There are several options for sending a confidential email that no one but the sender and recipient/s can read. Unlike traditional letters, email isn't protected by an envelope and isn't just one copy of a message travelling from the sender to the receiver. Rather, it is plainly visible to anyone who has access to its several copies, which are stored in several computers along the way. So you have to trust that those copies won't be read by your email provider, the Internet service provider and anyone else responsible for sending and delivering your message. If you want to be sure that no one but you and the recipient can read your messages, the solution relies on using encryption. The Electronic Frontier Foundation has a good introductory guide to communicating with others in a secure way.


Tutanota

Service- Surveillance


Tutanota is a German email provider offering built-in RSA/AES 2048 encryption and an open source codebase. Messages sent within the Tutanota service are encrypted end-to-end and you have an option of sending an encrypted (password protected) email to an external address. Terms of Service & Privacy Policy


Useful apps for my phone

Solution
Tools and Services: BittorrentSync, Panicbutton

  • Any app from the Guardian Project is recommended for Android users
  • BittorrentSync allows for secure file or folder synchronisation
  • The Panicbutton app will send out a number of SMS messages and your GPS location to pre-configured contacts


Previous     Results 31 – 71    Next        (20 | 50 | 100 | 250 | 500)
Retrieved from "https://learn.equalit.ie/wiki/Special:Ask"