Translate

Friday, May 15, 2015

Digital Security- Part 1, by Dakota




Before we begin, note that the title is a bit of a misnomer. Digital security is mostly nonexistent. When computers took off, security was never a concern, so they are inherently insecure. I will do my best to help you secure your computer as much as possible. The point isn’t to make your computer invulnerable to attack. That’s impossible. However, just like your survival retreat security, the goal is to make yourself such a hard target that hackers or the government move on to lower hanging fruit. Again, nothing in here will make you immune to the NSA. They have an essentially unlimited budget and thousands of personnel dedicated to cracking all the methods included herein. I will simply guide you through the process of making yourself a hard target. You will be immune to dragnet surveillance and most hacking attacks. Also note that merely Googling most of this software will get your IP address logged on an NSA database. Therefore, use https://www.duckduckgo.com/ for better security. Without further ado, let’s begin.
Your Computer
Let’s start with your actual computer. I don’t recommend an Apple computer, as a friend who works for the government told me that Apple retains near-complete remote control of any computer they produce. I would highly recommend buying a computer from a mom and pop computer company. However, this is very cost prohibitive. Next in line is a Panasonic CF-29. These “Toughbooks” were used by the police and military extensively and are designed to handle wet climates, heat, cold, and rough handling. This is a good all around transportable computer. Another option is to buy a brand new computer with a large hard drive (think one terabyte). Consider the utility of buying a cold computer– one that never accesses the Internet– to store confidential files. When buying new computers, Bitcoin users may want to purchase one with a large graphics card in order to do GPU mining. Preferably, your new computer will have Windows 7 and not 8. (Don’t worry, we’re going to replace the OS. This is just so that the BIOS and other features are easier to access.)
Operating System
Now that we have the computer out of the way, we can move on to the operating system (OS). Obviously, Windows isn’t an option, since Microsoft actively collaborates with the Feds and we already rejected OS X. That leaves Linux, the open source OS. More accurately, it’s a kernel used to make a variety of OSes. The special thing about open source software (F/OSS) is that it doesn’t have a typical copyright. F/OSS has a license, such as the Gnu Public License (GPL), Lesser Gnu Public License (LGPL), and MIT license. These licenses, in varying degrees, open the source code of the software to public review. Think of it as public domain for software. Why is this advantageous? Well, you’ve probably heard a lot about back doors, since the NSA scandal. Since F/OSS source code is released to the public, back doors can’t be hidden in it. Another advantage of F/OSS is that since the source code is available to everyone, it’s absolutely free of cost.
Let’s talk more about Linux. Linux is an open source operating system with dozens of different “flavors” or “distros”. You can pick any one to suit your tastes. However, for newbies, I recommend either Ubuntu (or its children– Kubuntu, Xubuntu, and Lubuntu for small systems) or Fedora (or its children– Fedora LXDE and Fedora KDE, again for small systems). These are widely used distros with helpful forums. I have the most experience with Ubuntu. If you are an open source purist, you’ll want to go with Fedora, as it doesn’t use copyrighted, closed source programs like Adobe Flashplayer. Note that Adobe Flash can be used to track people, so I would say Fedora is the best bet. Canonical– the company that maintains Ubuntu– has also incorporated adware for Amazon. Ubuntu’s advantage is that it works on most hardware out of the box. I’ve found Fedora to be a little less accommodating but not too much. YMMV.
If you are a bit tech savvy, check out Arch Linux. Arch is special because it is not actually an operating environment. When you install Arch, all you have is a command line interface (CLI) and a program downloading program. You then build your own environment from the roots up. This is my most recommended Linux distro, second only to Parabola. Parabola is exactly like Arch, except it includes absolutely no proprietary software. While this would be the most secure, it will include limited functionality compared to Arch.
Another excellent option I’d like to mention is Tails. Maintained by the TOR Project (see below), this operating system is engineered specifically to protect privacy. I haven’t yet had a chance to try it out (I only have so many computers), but it sounds like a very promising OS. The TOR Project as an organization is committed to preserving digital privacy.
I’d also like to mention FreeBSD. I have no experience with this operating system, so I can’t say whether or not it is more or less secure than Linux or easier or harder to use. I will say that it is less common than Linux, and thus will have less compatible software.
Word Processing
Now that we have a laptop and an operating system, let’s move on to the basic functions of a computer. Word processing is at the top of most people’s list. Thankfully, there’s an open source option: OpenOffice. Also known as LibreOffice, this office suite includes a word processor (Writer), a spreadsheet (Calc), and a presentation writer (Impress). These are equivalent to Microsoft Office Word, Excel, and PowerPoint, respectively. As a bonus, OpenOffice enables you to write or convert your documents into Microsoft readable form, so you can still share your data with non-Linux friends! It comes standard in Ubuntu and Fedora, as well as many other flavors of Linux.
Internet Browser
Now, let’s go to the Internet. We’ll start with your browser. My favorite is good ol’ Mozilla Firefox. I imagine many of you already use this or have at least heard of it. Firefox is F/OSS and managed by Mozilla, a very digital freedom friendly company. If you are extremely finicky, you may prefer Iceweasel, which is Firefox minus the copyrighted Firefox logo. An honorable mention is Seamonkey, a web suite also managed by Mozilla. Stay away from Chromium, the F/OSS parent of Google Chrome, as it was commandeered by Google.
The above browsers are great options, and clear of malware and backdoors. However, the browser can only do so much to protect your privacy. Your physical location is still visible to anyone who cares to look, including the government. To address this issue, there is TOR. TOR stands for The Onion Router and was designed by the Navy. Utilizing a system of routers, TOR obfuscates your location by passing you through three other computers first. These computers are run by volunteers around the world in a decentralized network. TOR also gives you access to the dark web– the Internet not accessible to Google and other search engines. These sites end in “.onion” instead of “.com”, “.org”, or any of the other common top level domains. Note that the dark (or deep) web has many sites dedicated to pornography and drug trafficking, so proceed with caution. You can use TOR without accessing the deep web, but using darknets for legitimate sites like DuckDuckGo (I believe JWR at one time suggested one for SurvivalBlog) will increase your anonymity. TOR is also automatically formatted to bolster privacy, so it comes with the NoScript add-on (I recommend this for regular Firefox, too) and will not play YouTube videos, due to their inherent vulnerability. To make TOR even easier to use, you can get TOR wifi.
Internet Search Engine
Now that we have a web browser, we need to replace Google as our search engine. Enter https://www.duckduckgo.com/ to reach the search engine/company that doesn’t track you. DuckDuckGo was founded on web anonymity and is ,you guessed it, open source. It’s a fully functioning search engine and more than capable of replacing Google. Other options include http://www.ixquick.com and http://www.startpage.com
Virus Protection
Since we’re hooked up to the Internet, we’d probably better get an antivirus. We’ll start with ClamAV and ClamTK (ClamAV’s graphical user interface (GUI). These are great for finding viruses, but they don’t actually cure them. For that, we’ll have to download a closed source program like Avast (www.avast.com). There are a few other antiviruses that work on Linux, but Avast is my personal favorite.
Secure Email
Now, let’s secure our email. The short answer to this problem is: it’s impossible. Email just isn’t secure. That’s not the way it was designed. (There is a movement to make it more so) However, there is a little bit we can do to improve our email security and make ourselves a hard target to the NSA. First, dump your Gmail, Yahoo, Hotmail, AOL, or any other conventional email provider. There are a number of private, secure email sources, both paid and free. Some of my favorites are ProtonMail and Lavaboom. (I’m still waiting to try Lavaboom.) These two providers are free. (Both say they will eventually offer paid premium accounts and offer automatic encryption between users. There is more on this below.) ProtonMail is hosted in Switzerland, and Lavaboom is hosted in Germany. Both of these are “zero knowledge providers”, which means that they don’t have any information about you. In fact, they can’t even access your password. I prefer the Swiss hosting of ProtonMail, while I prefer Lavaboom’s open source aspect, as well as their incorporation of Darkmail. An honorable mention is OpaqueMail, which I haven’t quite figured out yet, and thus haven’t had a chance to try. It is completely open source, self hosted, and was designed to combat NSA spying. It appears to be a DIY email client. If you want to host your own email but need a trustworthy domain for a dynamic IP and don’t want to pay for one, check out PageKite. It’s written by the same people behind MailPile (see below). Next, we’ll return to our friends at Mozilla and download Thunderbird– the open source email client. You can use either the IMAP or POP3 protocol. The difference is that IMAP will sync with your webmail, so when you log into it via an Internet browser, everything is the same. POP3 will store everything locally on your computer. This sucks up memory and leaves any emails you delete in your online inbox. I prefer the IMAP protocol. Next, download the Enigmail add-on for Thunderbird. Enigmail uses OpenPGP (also known as GPG), encryption software invented by Phil Zimmerman in the 1990’s that’s never been compromised, to facilitate public key encryption. (You can also use S/MIME.) Edward Snowden said that OpenPGP (PGP stands for “Pretty Good Privacy”) is one of the few encryption methods the NSA has been unable to crack.

From the Survival Blog

No comments: