Internet Survival Guide 2016

Internet_Survival_Guide_-_2016

Internet_Survival_Guide_-_2016

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 489 [warning: Documents this large are best viewed by clicking the View PDF Link!]

1
2016 Internet Survival Guide
An Edited Guide of How to Stay Safe on the Internet
By: DADOES
2
PREFACE..........................................................................................................................................................................12
ADECLARATIONOFTHEINDEPENDENCEOFCYBERSPACE...............................................................................................13
GOVERNMENTCORRUPTIONANDYOURRIGHTSTOPRIVACY,ENCRYPTION,FREEDOM,ANDPEACEOFMIND.............15
INTRODUCTION........................................................................................................................................................................15
GOVERNMENTINFRINGEMENTONPRIVACY..................................................................................................................................16
METADATA.............................................................................................................................................................................23
MANINTHEMIDDLE(MITM)....................................................................................................................................................24
YOURRIGHTSTOPRIVACY.........................................................................................................................................................24
WHYNOTWINDOWS....................................................................................................................................................27
RESTRICTIONS.........................................................................................................................................................................27
THESMALLPRINTINTHECONTRACT.............................................................................................................................................27
THEMEANINGBEHIND..............................................................................................................................................................28
MOREDETAILSONRESTRICTIONS................................................................................................................................................28
POORSUPPORTFOROPENSTANDARDS.........................................................................................................................................29
STANDARDSTHATCHANGEALLTHETIME......................................................................................................................................29
DEFAULTPROGRAMSYOUCAN'TUNINSTALL..................................................................................................................................30
MONOPOLISTICPRACTICES.........................................................................................................................................................30
WHATABOUTSOURCECODE?....................................................................................................................................................30
INSECURITYMEANSBUSINESS.....................................................................................................................................................31
YOUCANTRUSTFREESOFTWARE.................................................................................................................................................31
PROFESSORNORMMATLOFF’SBEGINNER’SGUIDETOINSTALLINGANDUSINGLINUX..................................................32
1BACKGROUNDNEEDED...........................................................................................................................................................32
2INSTALLTOWHERE?..............................................................................................................................................................32
3WHICHLINUXDISTRIBUTIONISBEST?......................................................................................................................................32
4INSTALLATION.......................................................................................................................................................................33
4.1TheShortAnswer.....................................................................................................................................................33
4.2InstallingLinuxtoaUSBKeyorExternalHardDrive................................................................................................33
4.2.1InstallationMethodI(forSlaxLinux)....................................................................................................................33
4.2.2OtherMethods......................................................................................................................................................34
5POSTINSTALLATIONCONFIGURATION.......................................................................................................................................34
5.1ConfiguringYourSearchPath(“Whycan’tIrunmya.out?”)..................................................................................34
5.2ConfiguringaPrinter................................................................................................................................................34
5.3SwitchingfromGNOME/UbuntuUnity....................................................................................................................34
5.4ConfiguringKDE/GNOMEforConvenientWindowOperations................................................................................35
5.4.1AutoraiseEtc.........................................................................................................................................................35
6SOMEPOINTSONLINUXUSAGE...............................................................................................................................................35
6.0.2UbuntuRootOperations.......................................................................................................................................35
6.1MoreonShells/TerminalWindows..........................................................................................................................36
6.2CutandPasteWindowOperations..........................................................................................................................36
6.3MountingOtherPeripheralDevices.........................................................................................................................36
6.3.1MountPoints.........................................................................................................................................................36
6.3.2UsingUSBDevices.................................................................................................................................................37
7LINUXAPPLICATIONSSOFTWARE..............................................................................................................................................37
7.1GUIVs.TextBased...................................................................................................................................................37
7.2MyFavoriteUnix/LinuxApps....................................................................................................................................38
7.2.1TextEditing............................................................................................................................................................38
7.2.2WebBrowsingandJava........................................................................................................................................38
7.2.3HTMLEditing.........................................................................................................................................................38
3
7.2.4Compilers...............................................................................................................................................................38
7.2.5IntegratedSoftwareDevelopment(IDE)...............................................................................................................39
7.2.6WordProcessing....................................................................................................................................................39
7.2.7PlayingMovies,Music,Etc....................................................................................................................................39
7.2.8VideoEditing.........................................................................................................................................................41
7.2.9ImageViewing,ManipulationandDrawing.........................................................................................................41
7.2.10FTP.......................................................................................................................................................................41
7.2.11StatisticalAnalysis...............................................................................................................................................41
7.2.12VideoChat...........................................................................................................................................................41
7.2.13RuningWindowsApplicationsfromWithinLinux...............................................................................................42
7.3DownloadingNewSoftware.....................................................................................................................................42
7.3.1HowtoFindIt........................................................................................................................................................42
7.3.2AutomaticDownload/Installation.........................................................................................................................42
7.3.3Debian/Ubuntu.debFiles......................................................................................................................................43
7.3.4UsingRPMs...........................................................................................................................................................43
8LEARNINGMOREABOUTLINUX...............................................................................................................................................43
9ADVANCEDLINUXUSAGE.......................................................................................................................................................44
9.1DualBootIssues.......................................................................................................................................................44
9.2LiveCDsorUSBKeyBasedLinuxAsRescueTools....................................................................................................44
9.3Troubleshooting.......................................................................................................................................................45
9.3.1Tools......................................................................................................................................................................45
9.3.2WiFiNetworking....................................................................................................................................................45
9.3.3GeneralInformation..............................................................................................................................................45
9.3.4NetworkManagementTools.................................................................................................................................46
9.3.5IndividualLinuxNetworkCommands....................................................................................................................46
9.3.6IfYouHaveaProblem...........................................................................................................................................47
9.3.7AProgramFreezes................................................................................................................................................48
9.3.8ScreenFreezes.......................................................................................................................................................48
9.4AccessingYourWindowsFilesfromLinux................................................................................................................48
AWHATISLINUX?..................................................................................................................................................................49
BWHATISPARTITIONING?.......................................................................................................................................................50
B.1PartitioningUsingGParted......................................................................................................................................50
TORTHEONIONRELAY.................................................................................................................................................52
TOR:OVERVIEW......................................................................................................................................................................52
Topics.............................................................................................................................................................................52
OVERVIEW..............................................................................................................................................................................52
WHYWENEEDTOR..................................................................................................................................................................53
THESOLUTION:ADISTRIBUTED,ANONYMOUSNETWORK.................................................................................................................53
STAYINGANONYMOUS..............................................................................................................................................................55
THEFUTUREOFTOR.................................................................................................................................................................55
TAILS...............................................................................................................................................................................56
ONLINEANONYMITYANDCENSORSHIPCIRCUMVENTION..................................................................................................................56
TOR.......................................................................................................................................................................................56
I2P.......................................................................................................................................................................................57
USEANYWHEREBUTLEAVENOTRACE..........................................................................................................................................57
STATEOFTHEARTCRYPTOGRAPHICTOOLS...................................................................................................................................57
WHAT'SNEXT?........................................................................................................................................................................58
INSTALLINGTAILS............................................................................................................................................................59
MANUALINSTALLATIONUSINGLINUX..........................................................................................................................................59
MANUALINSTALLATIONUSINGWINDOWS....................................................................................................................................61
MANUALINSTALLATIONUSINGMAC...........................................................................................................................................65
4
JOLLYROGER’SSECURITYTHREADFORBEGINNERS........................................................................................................67
INTRODUCTIONTOSECURECOMMUNICATIONTOR,HTTPS,SSL.....................................................................................68
PGP,TAILS,VIRTUALBOX....................................................................................................................................................69
PGPCONTINUED.................................................................................................................................................................72
WHOLEDISKENCRYPTIONANDFILESHREDDING...............................................................................................................74
JAVASCRIPTVULNERABILITIESANDREMOVINGPERSONALMETADATAFROMFILES.........................................................76
GENERALSECURITYPRECAUTIONSWHENPOSTINGONLINE,LEARNFROMOTHERS'MISTAKES.......................................78
EXIFDATA............................................................................................................................................................................79
RETAININGALAWYER,HOWTOHANDLEGETTINGCAUGHTORINTERROGATED..............................................................80
COMBININGTORWITHAVPN.............................................................................................................................................81
COMBININGTORWITHAVPNCONTINUED........................................................................................................................84
TRACKINGCOOKIES.............................................................................................................................................................87
LEARNINGFROMOTHERS'MISTAKES.LIBERTAS,DPR,SABU,LULZSEC..............................................................................88
HOWFARWILLLAWENFORCEMENTGO?..........................................................................................................................89
FRAUDULENTPRIVATEMESSAGES......................................................................................................................................92
LEARNINGFROMOTHERS'MISTAKES.HOWTHEYBUSTEDSABU.......................................................................................93
LEARNINGFROMOTHERS'MISTAKES.SABUBECAMEFBIINFORMANTANDBETRAYEDJEREMYHAMMOND...................96
WHEREYOUMIGHTCONSIDERRUNNINGTO,IFYOUHADNOOTHERCHOICE..................................................................99
SECURINGYOURACCOUNTFROMFBIMONITORING.......................................................................................................101
HOWTOCONNECTTOTOROVERTOPOFTOR.................................................................................................................103
HOWTOVERIFYYOURDOWNLOADEDFILESAREAUTHENTIC..........................................................................................104
VERIFYINGSIGNEDMESSAGESWITHSIGNATURESANDSIGNINGYOUROWNMESSAGES...............................................109
ANEXAMPLEOFREALLYBADOPSECSMARTENUP!........................................................................................................112
TORCHAT..........................................................................................................................................................................114
OBTAINING,SENDINGANDRECEIVINGBITCOINSANONYMOUSLY..................................................................................116
CLEARNETVSHIDDENSERVICESWHYYOUSHOULDBECAREFUL...................................................................................120
THEYAREWATCHINGYOUVIRUSES,MALWARE,VULNERABILITIES...............................................................................121
MONITORINGYOUWITHANANTENNA............................................................................................................................124
COOKIES&JAVASCRIPTREVISITED,PLUSFLASHCOOKIESANDOTHERBROWSERTRACKING..........................................127
AFEWRECOMMENDATIONS............................................................................................................................................129
COLDBOOTATTACKS,UNENCRYPTEDRAMEXTRACTION................................................................................................130
THESTRENGHOFCRYPTOGRAPHYANDANONYMITYWHENUSEDPROPERLY.................................................................136
ANOTHERSCAMEMAILBEWARE....................................................................................................................................138
ANINTRODUCTIONTOANEXPERTONOPSEC,PLUSMD5&SHA1CHECKSUMS.............................................................139
ITISOBVIOUSWHENYOUAREUSINGTOR.......................................................................................................................142
AREYOUUSINGSAFEMAIL.NET?.....................................................................................................................................143
LOCALBITCOINSPART1POLICEAREWATCHINGIT!........................................................................................................144
LOCALBITCOINSPART2THIEVES,SCAMMERSANDCOUNTERFEITBILLS!.......................................................................147
LOCALBITCOINSPART3MORESCAMSTORIES................................................................................................................151
LOCALBITCOINSPART4SELLERSBUSTEDFORMONEYLAUNDERING.............................................................................154
HIDINGTORFROMYOURISPPART1BRIDGESANDPLUGGABLETRANSPORTS............................................................156
CAPABILITIESOFTHENSA.................................................................................................................................................165
WHYYOUSHOULDALWAYSBACKUPYOURDRIVES,ESPECIALLYENCRYPTEDDRIVES.....................................................166
BITCOINCLIENTSINTAILSBLOCKCHAINANDELECTRUM...............................................................................................167
YETANOTHEREXAMPLEOFHOWSTRONGCRYPTOPGRAPHYANDPROPEROPSECCANPROTECTEVENPEDOPHILES....169
DENIABILITY,IDENTIFYINGTAILSUSERS,ANDCANYOUBEFORCEDTOGIVEUPYOURPASSWORDS?............................174
SECURITYCULTURE:AHANDBOOKFORACTIVISTS........................................................................................................181
INTRODUCTION:.....................................................................................................................................................................181
SECURITYWHATITIS,WHYWENEEDITANDHOWWEIMPLEMENTIT...............................................................................................182
SOWHATISASECURITYCULTURE?...................................................................................................................................182
WHATNOTTOSAY............................................................................................................................................................182
THREEEXCEPTIONS...........................................................................................................................................................183
SECURITYMEASURES........................................................................................................................................................183
5
SECURITYVIOLATINGBEHAVIOURS..................................................................................................................................184
EDUCATETOLIBERATE......................................................................................................................................................184
DEALINGWITHCHRONICSECURITYPROBLEMS................................................................................................................185
ABRIEFPRIMERONTHECANADIANSTATESECURITYAPPARATUS...................................................................................................185
ANOVERVIEWOFDOMESTICINTELLIGENCEORGANIZATIONS........................................................................................186
THECOUNTERINSURGENCYMODEL................................................................................................................................187
EVERYTHINGYOUEVERWANTEDTOKNOWABOUTINFORMERSANDINFILTRATORS...........................................................................188
CRYPTOANARCHYANDVIRTUALCOMMUNITIES..........................................................................................................190
EXTENDEDABSTRACT..............................................................................................................................................................190
1INTRODUCTION...................................................................................................................................................................191
2MODERNCRYPTOGRAPHY.....................................................................................................................................................192
3VIRTUALCOMMUNITIES.......................................................................................................................................................193
4OBSERVABILITYANDSURVEILLANCE........................................................................................................................................194
5CRYPTOANARCHY...............................................................................................................................................................194
6TRUENAMESANDANONYMOUSSYSTEMS...............................................................................................................................195
7EXAMPLESANDUSES...........................................................................................................................................................196
8COMMERCEANDCOLONIZATIONOFCYBERSPACE......................................................................................................................197
9IMPLICATIONS.....................................................................................................................................................................197
10HOWLIKELY?...................................................................................................................................................................198
11CONCLUSIONS..................................................................................................................................................................199
12ACKNOWLEDGMENTS.........................................................................................................................................................200
13REFERENCESANDNOTES....................................................................................................................................................200
THECRYPTOPARTYHANDBOOK.....................................................................................................................................203
1INTRODUCINGCRYPTOPARTY.....................................................................................................................................211
1.1ABOUTTHISBOOK...........................................................................................................................................................211
1.2ACRYPTOPARTYMANIFESTO..............................................................................................................................................213
1.3HOWTOCRYPTOPARTY.....................................................................................................................................................215
1.4PARTYLIKEITSDECEMBER31ST1983.................................................................................................................................218
1.4.1WhatisCryptoParty?..........................................................................................................................................218
1.5PREFACE.........................................................................................................................................................................218
1.6WHYPRIVACYMATTERS....................................................................................................................................................219
2UNDERSTANDINGEMAIL.............................................................................................................................................220
2.1BASICTIPS.......................................................................................................................................................................220
2.1.1Inbrief:.................................................................................................................................................................220
2.1.2Passwords............................................................................................................................................................220
2.1.3ReadingEmailinPublicPlaces.............................................................................................................................221
2.1.4CacheCunning......................................................................................................................................................221
2.1.5Securingyourcommunication..............................................................................................................................222
2.1.6DNSSEC&DANE...................................................................................................................................................222
2.1.7AccountSeparation..............................................................................................................................................222
2.1.8Anoteabouthostedemail...................................................................................................................................223
2.2TYPESOFEMAIL................................................................................................................................................................223
2.2.1Remotelyhostedemail(‘webmail’),resourcedusingawebbrowser..................................................................223
2.2.2Remotelyhostedemail,resourcedusinganemailprogramorusingawebbrowser..........................................223
2.2.3Contextconsiderations.........................................................................................................................................224
2.2.4Email&Metadata................................................................................................................................................224
2.2.5Selfadministeredemailserver.............................................................................................................................225
2.2.6‘Free’emailservices.............................................................................................................................................225
2.2.7Nonprofit.............................................................................................................................................................225
2.2.8Notesonemailforwarding...................................................................................................................................225
2.3FEARS.............................................................................................................................................................................225
6
2.3.1Randomabuseandtheftbymalicioushackers....................................................................................................226
2.3.2Targetedabuse,harassment,andspying............................................................................................................227
2.3.3WhenEncryptionGoesWrong.............................................................................................................................228
2.4SECURECONNECTIONS.......................................................................................................................................................228
2.4.1CanotherpeoplereadalongwhenIcheckmyemail?.........................................................................................228
2.4.2Notes....................................................................................................................................................................229
2.5SECUREEMAILS................................................................................................................................................................229
2.5.1WhatsoftwarecanIusetoencryptmyemail?....................................................................................................230
3UNDERSTANDINGBROWSING.....................................................................................................................................230
3.1BASICTIPS.......................................................................................................................................................................230
3.1.1InBrief:.................................................................................................................................................................230
3.1.2Yourbrowsertalksaboutyoubehindyourback..................................................................................................230
3.1.3Websitescantrackyouasyoubrowse................................................................................................................231
3.1.4Searchingonlinecangiveawayinformationaboutyou......................................................................................231
3.1.5Moreeyesthanyoucansee.................................................................................................................................231
3.1.6Yourrighttobeunknown.....................................................................................................................................232
3.2FEARS.............................................................................................................................................................................232
3.2.1SocialNetworkingwhatarethedangers?.........................................................................................................232
3.2.2Whocanstealmyidentity?..................................................................................................................................233
3.2.3CanIgetintroubleforGooglingweirdstuff?......................................................................................................234
3.2.4WhoiskeepingarecordofmybrowsingandamIallowedtohidefromthem?.................................................234
3.2.5HowtonotrevealmyIdentity?............................................................................................................................234
3.2.6Howtoavoidbeingtracked?................................................................................................................................234
3.3WHATHAPPENSWHENYOUBROWSE...................................................................................................................................234
3.3.1Atopographyofyou:footprints...........................................................................................................................235
3.4ACCOUNTSANDSECURITY..................................................................................................................................................237
3.4.1Canmaliciouswebsitestakeovermyaccounts?................................................................................................237
3.5TRACKING........................................................................................................................................................................238
3.5.1Howdotheytrackus?..........................................................................................................................................238
3.5.2HowcanIpreventtracking?................................................................................................................................239
3.5.3Awordofwarning................................................................................................................................................245
3.6ANONYMITY.....................................................................................................................................................................245
3.6.1Intro......................................................................................................................................................................245
3.6.2Proxy.....................................................................................................................................................................246
3.6.3Tor........................................................................................................................................................................246
3.7VPN..............................................................................................................................................................................247
4PUBLISHINGANDDISTRIBUTION.................................................................................................................................249
4.1PUBLISHINGANONYMOUSLY...............................................................................................................................................249
4.1.1SeveralDon’ts......................................................................................................................................................250
4.2ANONYMOUSEMAIL..........................................................................................................................................................251
4.2.1SendingFromThrowawayEmailAccounts.........................................................................................................251
4.2.2BeCarefulaboutwhatyousay!...........................................................................................................................251
4.3FILESHARING...................................................................................................................................................................252
4.3.1BitTorrent.............................................................................................................................................................253
4.3.2SoulSeek...............................................................................................................................................................254
4.3.3I2P........................................................................................................................................................................255
5SECURECALLSANDSMS..............................................................................................................................................256
5.1SECURECALLS..................................................................................................................................................................256
5.1.1iOSInstallingSignal............................................................................................................................................256
5.1.2AndroidInstallingRedPhone..............................................................................................................................256
5.2SECUREMESSAGING..........................................................................................................................................................256
5.2.1Android.................................................................................................................................................................257
7
6BASICEMAILSECURITY................................................................................................................................................257
6.1STARTUSINGTHUNDERBIRD...............................................................................................................................................257
6.1.1InstallingThunderbirdonWindows.....................................................................................................................257
6.1.2InstallingThunderbirdonUbuntu........................................................................................................................261
6.1.3InstallingThunderbirdonUbuntu12.04ornewer...............................................................................................261
6.1.4InstallingThunderbirdonMacOSX.....................................................................................................................263
6.1.5StartingThunderbirdforthefirsttime.................................................................................................................265
6.2SETTINGUPSECURECONNECTIONS......................................................................................................................................266
6.2.1Configurationrequirements.................................................................................................................................266
6.2.2PreparingaGmailaccountforusewithThunderbird..........................................................................................266
6.2.3ConfiguringThunderbirdtouseSSL/TLS..............................................................................................................267
6.2.4Manualsetup.......................................................................................................................................................268
6.2.5Finishingthesetup,differentencryptionmethods...............................................................................................271
6.2.6Returningtotheconfigurationscreens................................................................................................................271
6.3SOMEADDITIONALSECURITYSETTINGS.................................................................................................................................271
6.3.1Junkmailsettings.................................................................................................................................................272
6.3.2Scamdetectionandwarningsystem....................................................................................................................273
6.3.3Antivirusintegration...........................................................................................................................................274
6.3.4Setamasterpassword.........................................................................................................................................275
6.3.5Adaptivejunkmailcontrols..................................................................................................................................278
7EMAILENCRYPTION.....................................................................................................................................................280
7.1INTRODUCINGMAILENCRYPTION(PGP)................................................................................................................................280
7.1.1Usingakeypairtoencryptyourmail..................................................................................................................281
7.1.2Sendingencryptedmailstootherpeople:youneedtheirpublickey...................................................................281
7.1.3Receivingencryptedmailsfromotherpeople:theyneedmypublickey.............................................................281
7.1.4Conclusion:encryptionrequirespublickeydistribution!......................................................................................282
7.2INSTALLINGPGPONWINDOWS.........................................................................................................................................282
7.2.1InstallingPGP(GPG)onMicrosoftWindows........................................................................................................282
7.2.2InstallingwiththeEnigmailextension.................................................................................................................283
7.2.3Installationsteps..................................................................................................................................................283
7.3INSTALLINGPGPONOSX..................................................................................................................................................285
7.3.1Gettingstarted.....................................................................................................................................................285
7.3.2DownloadingandinstallingtheSoftware............................................................................................................285
7.3.3InstallingupEngimail...........................................................................................................................................293
7.4INSTALLINGPGPONUBUNTU.............................................................................................................................................295
7.5INSTALLINGGPGONANDROID............................................................................................................................................296
7.5.1APG.......................................................................................................................................................................296
7.5.2GPGenabledemailonAndroid:K9Mail............................................................................................................297
7.6CREATINGYOURPGPKEYS.................................................................................................................................................297
7.7DAILYPGPUSAGE............................................................................................................................................................306
7.7.1Encryptingattachments.......................................................................................................................................307
7.7.2Enteringyourpassphrase....................................................................................................................................307
7.7.3Receivingencryptedemails.................................................................................................................................308
7.7.4Sendingandreceivingpublickeys........................................................................................................................308
7.7.5Receivingpublickeysandaddingthemtoyourkeyring......................................................................................309
7.7.6Usingpublickeyservers.......................................................................................................................................312
7.7.7Signingemailstoanindividual.............................................................................................................................317
7.7.8Sendingencryptedmailstoanindividual.............................................................................................................318
7.7.9Automatingencryptiontocertainrecipients.......................................................................................................319
7.7.10Verifyingincomingemails.................................................................................................................................323
7.7.11RevokingyourGPGkeypair...............................................................................................................................324
7.7.12Whattodowhenyouhavelostyoursecretkey,orforgotyourpassphrase.....................................................325
7.7.13Whattodowhenyoursecretkeyhasbeenstolen,orcompromised.................................................................325
8
7.7.14Receivingarevocationcertificate......................................................................................................................325
7.7.15Preparingfortheworst:backupyourkeys........................................................................................................326
7.7.16Furtherreading..................................................................................................................................................327
7.8WEBMAILANDPGP.........................................................................................................................................................327
8SAFERBROWSING........................................................................................................................................................328
8.1WHYFIREFOX?.................................................................................................................................................................328
8.2ACCESSINGFIREFOXONUBUNTU.........................................................................................................................................328
8.3INSTALLINGONMACOSX.................................................................................................................................................329
8.4INSTALLINGFIREFOXONWINDOWS......................................................................................................................................334
8.4.1Troubleshooting...................................................................................................................................................338
8.5EXTENDINGFIREFOX..........................................................................................................................................................338
8.5.1HTTPSEverywhere................................................................................................................................................338
8.5.2Installation...........................................................................................................................................................339
8.5.3Configuration.......................................................................................................................................................340
8.5.4Usage...................................................................................................................................................................341
8.5.5IfnetworksblockHTTPS.......................................................................................................................................343
8.5.6AddingsupportforadditionalsitesinHTTPSEverywhere...................................................................................343
8.5.7EnforcingsecureHTTPSserverconnections.........................................................................................................344
8.5.8AdblockPlus.........................................................................................................................................................344
8.5.9GettingstartedwithAdblockPlus........................................................................................................................344
8.5.10Choosingafiltersubscription.............................................................................................................................345
8.5.11Creatingpersonalizedfilters...............................................................................................................................346
8.5.12EnablinganddisablingAdBlockPlusforspecificelementsorWebsites...........................................................346
8.5.13Otherextensionsthatcanimproveyoursecurity...............................................................................................346
8.6PROXYSETTINGS...............................................................................................................................................................347
8.6.1DefaultFirefoxproxyconfiguration.....................................................................................................................347
8.7USINGTOR?...................................................................................................................................................................349
8.7.1UsingTorBrowserBundle....................................................................................................................................350
8.7.2DownloadingTorBrowserBundle........................................................................................................................350
8.7.3RunningaRelayorBridge....................................................................................................................................351
8.8EXTENDINGGOOGLECHROME.............................................................................................................................................351
8.8.1DisablingInstantSearch.......................................................................................................................................351
8.8.2AdBlockforChrome..............................................................................................................................................351
8.8.3HTTPSEverywhere................................................................................................................................................351
8.8.4PrivacyFix.............................................................................................................................................................351
9PASSWORDS................................................................................................................................................................352
9.1KEEPINGPASSWORDSSAFE.................................................................................................................................................352
9.1.1Passwordlengthandcomplexity..........................................................................................................................352
9.1.2Easytorememberandsecurepasswords............................................................................................................352
9.1.3Minimizingdamage..............................................................................................................................................352
9.1.4Usingapasswordmanager..................................................................................................................................352
9.1.5Physicalprotection...............................................................................................................................................353
9.1.6Othercaveats.......................................................................................................................................................353
9.2INSTALLINGKEEPASS.........................................................................................................................................................353
9.2.1InstallingKeePassXonUbuntu.............................................................................................................................353
9.2.2InstallingKeePassonWindows............................................................................................................................354
9.2.3InstallingKeePassonMacOSX............................................................................................................................360
9.3ENCRYPTINGPASSWORDSWITHAPASSWORDMANAGER.........................................................................................................367
9.3.1EncryptingPasswordswithKeePassXonUbuntu.................................................................................................367
9.3.2EncryptingPasswordswithKeePassonWindows................................................................................................373
9.3.3EncryptingPasswordswithKeychainonMacOSX...............................................................................................379
10USINGVPN................................................................................................................................................................382
9
10.1GETTING,SETTINGUPANDTESTINGAVPNACCOUNT............................................................................................................382
10.1.1AnaccountfromacommercialVPNprovider....................................................................................................382
10.1.2SettingupOpenVPNclient.................................................................................................................................384
10.1.3Caveats&Gotchas.............................................................................................................................................385
10.2VPNONUBUNTU...........................................................................................................................................................385
10.2.1PreparingNetworkManagerforVPNnetworks................................................................................................385
10.2.2ConfiguringanOpenVPNnetwork.....................................................................................................................390
10.2.3UsingyournewVPNconnection........................................................................................................................396
10.3VPNONMACOSX.........................................................................................................................................................398
10.3.1Setup..................................................................................................................................................................398
10.4VPNONWINDOWS........................................................................................................................................................411
10.4.1Setup..................................................................................................................................................................411
10.5MAKINGSUREYOURVPNWORKS....................................................................................................................................424
11DISKENCRYPTION***TRUECRYPTCOMPROMISED***.............................................................................................425
11.1INSTALLINGVERACRYPT...................................................................................................................................................425
11.1.1InstallingonUbuntu/Debian..............................................................................................................................425
11.1.2InstallingonOSX................................................................................................................................................428
11.1.3InstallingonWindows........................................................................................................................................431
11.2USINGVERACRYPT..........................................................................................................................................................432
11.2.1CreatingaVeraCryptContainer.........................................................................................................................432
11.2.2MountingtheEncryptedVolume.......................................................................................................................438
11.2.3Whatdoesthismean?........................................................................................................................................441
11.2.4Remembertodismount!....................................................................................................................................441
11.3SETTINGUPAHIDDENVOLUME..........................................................................................................................................441
11.4SECURELYDESTROYINGDATA.............................................................................................................................................445
11.4.1AnoteonSolidStateHardDrives.......................................................................................................................446
11.4.2SecurelydeletedataunderWindows.................................................................................................................446
11.4.3SecurelydeletedataunderMacOSX..................................................................................................................448
11.4.4SecurelydeletedataunderUbuntu/Linux..........................................................................................................452
11.5ABOUTLUKS.................................................................................................................................................................460
11.5.2Encryptingadevice............................................................................................................................................461
11.5.3Usinganencrypteddevice.................................................................................................................................464
12CALLENCRYPTION.....................................................................................................................................................465
12.1INSTALLINGCSIPSIMPLE...................................................................................................................................................465
12.1.1IntroducingTheOSTNNetwork..........................................................................................................................465
12.1.2CSipSimple..........................................................................................................................................................466
13INSTANTMESSAGINGENCRYPTION...........................................................................................................................470
13.1SETTINGUPENCRYPTEDINSTANTMESSAGING......................................................................................................................470
13.1.1AndroidInstallingGibberbot............................................................................................................................470
13.1.2iOSInstallingChatSecure.................................................................................................................................470
13.1.3UbuntuInstallingPidgin...................................................................................................................................470
13.1.4OSXInstallingAdium.......................................................................................................................................470
13.1.5WindowsInstallingPidgin................................................................................................................................471
13.1.6AllOScrypto.cat...............................................................................................................................................471
13.1.7ChatLogFiles.....................................................................................................................................................472
14SECUREFILESHARING................................................................................................................................................472
14.1INSTALLINGI2PONUBUNTULUCIDLYNX(ANDNEWER)ANDDERIVATIVESLIKELINUXMINT&TRISQUEL........................................472
14.2INSTRUCTIONSFORDEBIANLENNYANDNEWER....................................................................................................................474
14.3STARTING I2P................................................................................................................................................................474
14.4ANONYMOUSBITTORRENTWITHI2PSNARK.........................................................................................................................475
10
15APPENDICES...............................................................................................................................................................476
15.1CRYPTOGRAPHYANDENCRYPTION.....................................................................................................................................476
15.1.1Encryptionexamples..........................................................................................................................................477
15.1.2AWarning!.........................................................................................................................................................477
15.1.3Historicalciphers................................................................................................................................................477
15.1.4Modernciphers..................................................................................................................................................480
15.1.5QuantumCryptography.....................................................................................................................................481
15.1.6Challenges&Implications..................................................................................................................................481
15.2GLOSSARY.....................................................................................................................................................................481
15.2.1aggregator.........................................................................................................................................................481
15.2.2anonymity..........................................................................................................................................................481
15.2.3anonymousremailer..........................................................................................................................................482
15.2.4ASP(applicationserviceprovider)......................................................................................................................482
15.2.5backbone............................................................................................................................................................482
15.2.6badware.............................................................................................................................................................482
15.2.7bandwidth..........................................................................................................................................................482
15.2.8bash(Bourneagainshell)..................................................................................................................................482
15.2.9BitTorrent...........................................................................................................................................................482
15.2.10blacklist............................................................................................................................................................482
15.2.11bluebar.............................................................................................................................................................483
15.2.12block.................................................................................................................................................................483
15.2.13bookmark.........................................................................................................................................................483
15.2.14bridge...............................................................................................................................................................483
15.2.15bruteforceattack............................................................................................................................................483
15.2.16cache................................................................................................................................................................483
15.2.17censor...............................................................................................................................................................483
15.2.18censorware.......................................................................................................................................................483
15.2.19CGI(CommonGatewayInterface)...................................................................................................................484
15.2.20chat..................................................................................................................................................................484
15.2.21cipher................................................................................................................................................................484
15.2.22circumvention...................................................................................................................................................484
15.2.23CommonGatewayInterface............................................................................................................................484
15.2.24commandlineinterface...................................................................................................................................484
15.2.25cookie...............................................................................................................................................................484
15.2.26countrycodetopleveldomain(ccTLD)............................................................................................................484
15.2.27cryptography....................................................................................................................................................485
15.2.28DARPA(DefenseAdvancedProjectsResearchAgency)....................................................................................485
15.2.29decryption........................................................................................................................................................485
15.2.30diskencryption.................................................................................................................................................485
15.2.31domain.............................................................................................................................................................485
15.2.32DNS(DomainNameSystem)............................................................................................................................485
15.2.33DNSleak...........................................................................................................................................................485
15.2.34DNSserver........................................................................................................................................................485
15.2.35DNStunnel........................................................................................................................................................486
15.2.36Eavesdropping..................................................................................................................................................486
15.2.37email...............................................................................................................................................................486
15.2.38embeddedscript...............................................................................................................................................486
15.2.39encryption........................................................................................................................................................486
15.2.40exitnode...........................................................................................................................................................486
15.2.41filesharing........................................................................................................................................................487
15.2.42filespreadingengine........................................................................................................................................487
15.2.43filter..................................................................................................................................................................487
15.2.44Firefox...............................................................................................................................................................487
15.2.45forum................................................................................................................................................................487
11
15.2.46frame................................................................................................................................................................487
15.2.47FTP(FileTransferProtocol)..............................................................................................................................487
15.2.48fulldiskencryption...........................................................................................................................................487
15.2.49gateway............................................................................................................................................................488
15.2.50GNUPrivacyGuard...........................................................................................................................................488
15.2.51GPG..................................................................................................................................................................488
15.2.52honeypot..........................................................................................................................................................488
15.2.53hop...................................................................................................................................................................488
15.2.54HTTP(HypertextTransferProtocol).................................................................................................................488
15.2.55HTTPS(SecureHTTP)........................................................................................................................................488
15.2.56IANA(InternetAssignedNumbersAuthority)..................................................................................................488
15.2.57ICANN(InternetCorporationforAssignedNamesandNumbers)...................................................................489
15.2.58InstantMessaging(IM)....................................................................................................................................489
15.2.59Intermediary.....................................................................................................................................................489
15.2.60Internet.............................................................................................................................................................489
15.2.61IP(InternetProtocol)Address..........................................................................................................................489
15.2.62IRC(Internetrelaychat)...................................................................................................................................489
15.2.63ISP(InternetServiceProvider)..........................................................................................................................489
15.2.64JavaScript.........................................................................................................................................................489
15.2.65KeePass,KeePassX...........................................................................................................................................489
15.2.66keychainsoftware............................................................................................................................................489
15.2.67keywordfilter...................................................................................................................................................490
15.2.68latency..............................................................................................................................................................490
15.2.69logfile...............................................................................................................................................................490
15.2.70lowbandwidthfilter.........................................................................................................................................490
15.2.71malware...........................................................................................................................................................490
15.2.72maninthemiddle............................................................................................................................................490
15.2.73middlemannode..............................................................................................................................................490
15.2.74monitor.............................................................................................................................................................490
15.2.75networkaddresstranslation(NAT)..................................................................................................................491
15.2.76networkoperator.............................................................................................................................................491
15.2.77node.................................................................................................................................................................491
15.2.78nonexitnode...................................................................................................................................................491
15.2.79obfuscation.......................................................................................................................................................491
15.2.80opennode.........................................................................................................................................................491
15.2.81OTR/OfftheRecordmessaging.......................................................................................................................491
15.2.82packet...............................................................................................................................................................491
15.2.83passwordmanager...........................................................................................................................................492
15.2.84pastebin............................................................................................................................................................492
15.2.85peertopeer.....................................................................................................................................................492
15.2.86perfectforwardsecrecy....................................................................................................................................492
15.2.87PrettyGoodPrivacy(PGP)................................................................................................................................492
15.2.88PHP...................................................................................................................................................................492
15.2.89plaintext..........................................................................................................................................................492
15.2.90plaintext...........................................................................................................................................................493
15.2.91privacy..............................................................................................................................................................493
15.2.92privatekey........................................................................................................................................................493
15.2.93POP3.................................................................................................................................................................493
15.2.94port...................................................................................................................................................................493
15.2.95protocol............................................................................................................................................................493
15.2.96proxyserver......................................................................................................................................................493
15.2.97Psiphonnode....................................................................................................................................................493
15.2.98privatenode.....................................................................................................................................................494
15.2.99publickey.........................................................................................................................................................494
15.2.100publickeyencryption/publickeycryptography.............................................................................................494
12
15.2.101publiclyroutableIPaddress...........................................................................................................................494
15.2.102regularexpression..........................................................................................................................................494
15.2.103remailer..........................................................................................................................................................494
15.2.104router.............................................................................................................................................................494
15.2.105rootnameserver............................................................................................................................................495
15.2.106RSS(RealSimpleSyndication)........................................................................................................................495
15.2.107scheme...........................................................................................................................................................495
15.2.108shell................................................................................................................................................................495
15.2.109SOCKS.............................................................................................................................................................495
15.2.110screenlogger...................................................................................................................................................495
15.2.111script...............................................................................................................................................................495
15.2.112smartphone....................................................................................................................................................496
15.2.113spam...............................................................................................................................................................496
15.2.114SSH(SecureShell)...........................................................................................................................................496
15.2.115SSL(SecureSocketsLayer)..............................................................................................................................496
15.2.116steganography...............................................................................................................................................496
15.2.117subdomain......................................................................................................................................................496
15.2.118threatanalysis................................................................................................................................................496
15.2.119TopLevelDomain(TLD).................................................................................................................................497
15.2.120TLS(TransportLayerSecurity)........................................................................................................................497
15.2.121TCP/IP(TransmissionControlProtocoloverInternetProtocol).....................................................................497
15.2.122Torbridge.......................................................................................................................................................497
15.2.123trafficanalysis................................................................................................................................................497
15.2.124tunnel.............................................................................................................................................................497
15.2.125UDP(UserDatagramPacket).........................................................................................................................497
15.2.126URL(UniformResourceLocator)....................................................................................................................497
15.2.127Usenet............................................................................................................................................................498
15.2.128VoIP(VoiceoverInternetProtocol)................................................................................................................498
15.2.129VPN(virtualprivatenetwork)........................................................................................................................498
15.2.130whitelist..........................................................................................................................................................498
15.2.131WorldWideWeb(WWW)..............................................................................................................................498
15.2.132Webmail.........................................................................................................................................................498
15.2.133Webproxy......................................................................................................................................................499
15.2.134WHOIS............................................................................................................................................................499
15.3THENECESSITYOFOPENSOURCE.......................................................................................................................................499
13
Preface
I was unaware of how to go about this project when I first began it. I thought that maybe I should
write all of the guides by hand using my own knowledge. However, I found that there are others who
have been able to construct specific guides in a more informative manner than myself. From this I
thought that it might be useful to use other people's guides in my work and then I would pick up where
they left off. Yet, after doing research I thought that it would be best to just combine the best guides
that I found into one document and folder. I truly hope that this guide is useful for at least one person
on the internet. I will begin this guide with a brief overview of government corruption and why you
should care about your privacy. After that, everything else is either a guide or text written by others
which I have fully credited. If there is one thing that I can say before reading this guide, it would be to
read Jolly Roger’s Guide. It is probably the most down to earth and comprehensible guide for anyone
at any skill level. Thank you for downloading and reading this file.
14
A Declaration of the Independence of Cyberspace
by John Perry Barlow <barlow@eff.org>
Governments of the Industrial World, you weary giants of flesh and steel, I come from
Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us
alone. You are not welcome among us. You have no sovereignty where we gather.
We have no elected government, nor are we likely to have one, so I address you with no
greater authority than that with which liberty itself always speaks. I declare the global social
space we are building to be naturally independent of the tyrannies you seek to impose on us.
You have no moral right to rule us nor do you possess any methods of enforcement we have
true reason to fear.
Governments derive their just powers from the consent of the governed. You have neither
solicited nor received ours. We did not invite you. You do not know us, nor do you know our
world. Cyberspace does not lie within your borders. Do not think that you can build it, as
though it were a public construction project. You cannot. It is an act of nature and it grows
itself through our collective actions.
You have not engaged in our great and gathering conversation, nor did you create the wealth
of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that
already provide our society more order than could be obtained by any of your impositions.
You claim there are problems among us that you need to solve. You use this claim as an
excuse to invade our precincts. Many of these problems don't exist. Where there are real
conflicts, where there are wrongs, we will identify them and address them by our means. We
are forming our own Social Contract. This governance will arise according to the conditions of
our world, not yours. Our world is different.
Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing
wave in the web of our communications. Ours is a world that is both everywhere and
nowhere, but it is not where bodies live.
We are creating a world that all may enter without privilege or prejudice accorded by race,
economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter
how singular, without fear of being coerced into silence or conformity.
Your legal concepts of property, expression, identity, movement, and context do not apply to
us. They are all based on matter, and there is no matter here.
Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion.
We believe that from ethics, enlightened self-interest, and the commonweal, our governance
will emerge. Our identities may be distributed across many of your jurisdictions. The only law
that all our constituent cultures would generally recognize is the Golden Rule. We hope we
will be able to build our particular solutions on that basis. But we cannot accept the solutions
you are attempting to impose.
In the United States, you have today created a law, the Telecommunications Reform Act,
which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill,
Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.
15
You are terrified of your own children, since they are natives in a world where you will always
be immigrants. Because you fear them, you entrust your bureaucracies with the parental
responsibilities you are too cowardly to confront yourselves. In our world, all the sentiments
and expressions of humanity, from the debasing to the angelic, are parts of a seamless
whole, the global conversation of bits. We cannot separate the air that chokes from the air
upon which wings beat.
In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to
ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may
keep out the contagion for a small time, but they will not work in a world that will soon be
blanketed in bit-bearing media.
Your increasingly obsolete information industries would perpetuate themselves by proposing
laws, in America and elsewhere, that claim to own speech itself throughout the world. These
laws would declare ideas to be another industrial product, no more noble than pig iron. In our
world, whatever the human mind may create can be reproduced and distributed infinitely at no
cost. The global conveyance of thought no longer requires your factories to accomplish.
These increasingly hostile and colonial measures place us in the same position as those
previous lovers of freedom and self-determination who had to reject the authorities of distant,
uninformed powers. We must declare our virtual selves immune to your sovereignty, even as
we continue to consent to your rule over our bodies. We will spread ourselves across the
Planet so that no one can arrest our thoughts.
We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than
the world your governments have made before.
Davos, Switzerland
February 8, 1996
16
Government Corruption and Your Rights to Privacy, Encryption, Freedom,
and Peace of Mind
By: DADOES
Introduction
Would you allow someone to stalk you and know where you are going to be at all times, know
what you recently purchased, know who you are talking to, what you are saying, and what you are
doing at all times?
Today we live in a world where the majority of all information is stored online in some form or
another. This information spans from simple updates of the weather to possibly some of your most
private and intimate moments sent via SMS, email, instant messaging, or other forms of
communication via internet. Some information, such as the weather, is hosted on public domains for
everyone to see while the conversations that you may have with family members, a significant other,
coworkers, etc. are usually stored on private servers owned by private companies. I am sure that the
majority of you would not like to publicly share many of the conversations that you have had with such
people. However, in recent years it has come to our attention that these intimate conversations have
been being actively monitored by the National Security Agency (NSA), Government Communications
Headquarters (GCHQ), and others. Not only are these private conversations being monitored but so are
our:
Online Banking Transactions
Pictures sent via SMS, Email, and Instant Messaging
Phone Records
Locations
Internet Browser History
Google Searches
Social Media Activity (Facebook, Twitter, Instagram, etc.)
Many people do not seem to actively have any concerns over the fact that all of these aspects of
their life are being monitored though. Some use the common “nothing to hide, nothing to fear
argument” while others use the argument that, for layman's terms, “there are bigger fish to fry than
me.” There are many problems with both of these arguments and I will go into them in further detail
later. The main point that needs to be conveyed here is why you should care that all of these parts of
your life are being monitored. First of all, if you are aware that you are constantly being surveyed then
it is more likely that you are going to be cautious as to what you will say or send through the internet.
This is what is called a chilling effect. The true definition of a chilling effect is “the inhibition or
discouragement of the legitimate exercise of natural and legal rights by the threat of legal sanction.”
This could even span as far as far as you being afraid to look up the latest news on terrorist attacks
around the world because your searches are monitored and therefore you may be associated with a
terrorist affiliation. This chilling effect also reduces creativity amongst people and their peers as well as
scrutiny to those in power... which are supposed to be given scrutiny by us, the people. Another reason
that you care is because there are people spying on every part of your life. Would you agree to let a
complete stranger set up a microphone or camera into your room and then agree to carry it around with
you everywhere you go? I most certainly think that you would not. Yet, that is exactly what you are
doing with your latest smartphones. Would you agree to show random strangers risqué pictures that
your significant other sent to you? According to this article, Edward Snowden states that such pictures
17
have been being around in underground trading circles throughout the NSA. Would you allow someone
to stalk you and know where you are going to be at all times, know what you recently purchased, know
who you are talking to, what you are saying, and what you are doing at all times? If you are a regular
user of the internet, a debit or credit card, a smartphone, or anything of the 21st century then all of this
is happening to you on a daily basis.
I will begin this guide with background information on how your internet activity has been being
monitored constantly, who is monitoring it, and what the implications are. After that I will go into the
programs and practices that you should use in order to keep your personal information safe. I have
included shortcuts to topics in the table of contents if you do not wish to read the background
information. However, if you are not familiar with it I do advise you to read it.
Government Infringement on Privacy
The modern world was shaken in 2013 by the leaks of Edward Snowden. These leaks revealed that
the NSA, GCHQ, and an overarching intelligence alliance deemed the “Five Eyes” had been
conducting mass surveillance that had only been imagined in Orwellian fiction.1 However, the uses of
mass surveillance have been around long before the Snowden leaks. In 2001, shortly after the attacks of
September 11, the program Stellarwind was implemented. Stellarwind was the code name of
information collected under the President's Surveillance Program. With this program implemented, the
United States government was able to conduct large scale data mining of the communications of
American citizens. This large scale data mining did not require warrants in order to collect the
information of American citizens. Snowden would later detail the Stellarwind program in great length
with his leaks. The amount of preparation in which the governments of the world have had leading up
to this point in mass surveillance is vast and therefore I will not be discussing it here. However, I do
plan on detailing in later on in a separate paper. What I will focus on here are the Snowden leaks and
the era which I will refer to as post-Snowden.
Snowden revealed to us what is known as the PRISM surveillance program. PRISM is the number
one source of raw intelligence for the NSA analytic reports and accounts for 91% of the NSA’s internet
traffic. This program initially began in 2007 through the Protect America Act under the Bush
Administration. Here is just one of many slides leaked by Snowden detailing the PRISM program. The
caption of the slide reads:
1 The Five Eyes intelligence alliance include Australia, Canada, New Zealand, the United Kingdom, and the United
States.
18
PROVIDERS AND DATA: The PRISM program collects a wide range of data from the nine
companies, although the details vary by provider.
I am very certain that most people use either Microsoft, Google, Facebook, YouTube, Skype, or Apple
multiple times throughout the regular day. Then carefully read the gray filled box and see just how
many items that the PRISM program naturally requests. This does not even include the “Special
Requests” field which is not touched on. From this we can extrapolate that every online
communication that we send is being recorded. Every instance of our lives: our emotions, our opinions,
arguments, intimacy, everything, is being monitored and recorded.
There is no way they could ever look through all of this information though, right? If PRISM is
recording everyones online information then it must be impossible to pinpoint certain things? Wrong.
There is a program used to query through all of the NSA's database. This program is called
XKEYSCORE. What is this program capable of? Take a look.
19
In just around three days all of the unfiltered data can be searched for certain keywords, peoples,
images, etc. Say you just happen to look up the latest news on terrorist attacks through Google. All that
has to happen is for one NSA agent to XKEYSCORE the term “terror” or “terrorism” and your name,
IP address, physical address, online banking information, emails, text messages, pictures sent, and
everything else that you have EVER looked up or done online is available to said agent. I am not sure
about you, but I do not want every interaction that I have ever had recorded. And if you're a Verizon
customer... well then give this leaked document a quick read through:
20
21
22
23
24
This document states that “Telephony metadata does not include the substantive content of any
communication, as defined by 18 U.S.C. § 2510(8), or the name, address, or financial information of a
subscriber or customer.” However, I am not one to trust the government or big businesses enough,
especially a system as big as the NSA, to not just go ahead and gather all of the information that they
can.
Then there is this document, which I will only show one slide of for now, which is a proposal to
broaden the powers for the NSA to collect data.
The statement that is the most worrisome is, “the NSA may analyze communications metadata
associated with United States persons and persons believed to be in the United States.”
In a recent article, published by The Intercept (November 30, 2015), it is stated that “The USA
FREEDOM Act, signed into law on June 2 earlier this year, gave the executive branch 180 days to
25
wind down the bulk collection program. According to the Tumblr of the Office of the Director of
National Intelligence, the government is “prohibited from collecting telephone metadata records in
bulk” starting November 29. The executive branch will now be able to obtain phone metadata by
asking the U.S. Foreign Intelligence Surveillance Court to order telecommunications companies to turn
over specific records.” This is no doubt a huge win for anti-NSA/Mass Surveillance activists. With that
stated, I am not one to easily trust the powers that are in charge. If they (the US government/ the NSA)
can and choose to directly spy on foreign governments and peoples illegally, then what makes you
think that they will not continue to conduct mass surveillance of their own people?
Metadata
All of this information might be new to you though, and therefore you may not fully understand
the terminology and the scope of it. Probably the most important and fundamental term that you will
need to understand is metadata. Most simply explained, metadata is everything about a piece of
information, apart from the information itself. So if someone or some organization is collecting
metadata then they can easily find out that you called a specific number from a specific location for X
amount of minutes. They directly have access to the content of the call, but that can easily be bypassed
even though the legality of it is in question. Truthfully though, the legality of the US government or
any of its large organizations does not matter much anymore. The governments of the United States,
United Kingdom, and others have put themselves above standards of legality. You might not think that
the collection of metadata is a big deal. They can just directly see who I contacted but not the
information? That does not seem so bad. Unless you are calling an HIV specialist/doctor, a sex hotline,
a suicide prevention hotline, or anyone else that you may not want people knowing about. Metadata is
not just applied to your phones. Your credit card/debit card purchases, locations, emails, attachments,
and just about everything else you do with your life is metadata.
I am sure most of you reading this carry a smartphone with you almost everywhere you go. That
smartphone is constantly tracking your location whether it be from your GPS being turned on or from
different radio towers pinging signals to it. Someone collecting your data would know when you are
home, when you are at work, where you go in between, if you went to a certain store, how long you
were at these places, etc. The best part for the people surveilling you is that you are doing all of the
work for them! Smartphones are a mass surveillance dream. There are other people tracking and
collecting your phone data other than the NSA. If you have the Facebook application installed on your
phone then your location is always being monitored, even when you turn off the features which allow it
to do so. Facebook also has access to your microphone, camera, images in your phones gallery, etc.
Edward Snowden, in an interview with Brian Williams, even stated that it was possible for the
government to turn your phone on when it was off, or even to be able to prevent it from being turned
off completely. From this they would be able to constantly listen in to your conversations by using your
phones microphone or even being able to use the camera on it. While Snowden does state that
intrusions like these happen to those who are specifically targeted, I would rather be safe than sorry in a
situation such as this.
Ultimately, the mass collection of metadata is an extreme intrusion of privacy and can also land
people in quite a bit of trouble. Without looking at the direct information, many situations can be blown
out of proportion or be seen in the wrong light. Activities that might appear suspicious to an NSA agent
or to a program they use are probably not suspicious at all, rather just regular searches and messages
that are misinterpreted. However, this could easily land you on a watch list and your information can
and will be monitored closer than before. This is why metadata should matter to you.
26
Man in the Middle (MitM)
A MitM attack is a simple concept to understand. Say you email your friend through unencrypted
channels and with no encryption in the email itself. If someone were to be monitoring you, or if they
are just snooping in on your unencrypted Wi-Fi connection, they would be able to intercept that email
without you or your friend ever knowing. The best way of preventing such attacks is to keep your
information encrypted and secure while also sending this information through a secure channel. I will
talk more about how to keep your information secure in later sections.
Your Rights to Privacy
If you live in the United States then you are (or at least should be) familiar with your Amendment
Rights. If not, I have included them here:
Amendment I
Congress shall make no law respecting an establishment of religion, or prohibiting the
free exercise thereof; or abridging the freedom of speech, or of the press; or the right of
the people peaceably to assemble, and to petition the Government for a redress of
grievances.
Amendment II
A well regulated militia being necessary to the security of a free state, the right of the
people to keep and bear arms shall not be infringed.
Amendment III
No Soldier shall, in time of peace be quartered in any house, without the consent of the
Owner, nor in time of war, but in a manner to be prescribed by law.
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and no Warrants shall issue,
but upon probable cause, supported by Oath or affirmation, and particularly describing
the place to be searched, and the persons or things to be seized.
Amendment V
No person shall be held to answer for any capital, or otherwise infamous crime, unless
on a presentment or indictment of a Grand Jury, except in cases arising in the land or
naval forces, or in the Militia, when in actual service in time of War or public danger;
nor shall any person be subject for the same offense to be twice put in jeopardy of life or
limb; nor shall be compelled in any criminal case to be a witness against himself, nor be
deprived of life, liberty, or property, without due process of law; nor shall private
property be taken for public use, without just compensation.
27
Amendment VI
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public
trial, by an impartial jury of the State and district where in the crime shall have been
committed, which district shall have been previously ascertained by law, and to be
informed of the nature and cause of the accusation; to be confronted with the witnesses
against him; to have compulsory process for obtaining witnesses in his favor, and to
have the Assistance of Counsel for his defense.
Amendment VII
In suits at common law, where the value in controversy shall exceed twenty dollars, the
right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise
reexamined in any court of the United States, than according to the rules of the common
law.
Amendment VIII
Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual
punishments inflicted.
Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or
disparage others retained by the people.
Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to
the states, are reserved to the states respectively, or to the people.
The Amendments here we will focus on are the First and Fourth Amendments. These have been hot
topics in the media lately in terms of mass surveillance and government overreach. If you are not
familiar with them then I suggest you take a closer read to them. (It's like two sentences, just go ahead
and read them again.)
The First Amendment is strictly on the right of free speech. Free speech encompasses a persons
right to say whatever they want, for the press to report on whatever they want, and the right to peaceful
protests. However, if you have been paying any attention to the news lately you would know that all
three of these aspects to free speech are being torn away from us. Now instead of having the right to
say or report on anything you want, you can only say or report anything a long as it does not scrutinize
the powers that be. These powers can be anything from a telecommunications company (AT&T for
example) to the United States Government and the organizations it controls. The act of scrutiny is what
is key here. If you break through the false veil of “power” and “superiority” that such organizations
hold then they are not seen as strong. Rather, they have been embarrassed and now feel exposed and
weak. If this does happen then be prepared to have people come after you. Ask any whistleblower or
reporter who has come up with this information in the past 20 years. One person who does come to
mind is Weev. I will not get into the backstory of who Weev is but rather what he did. Weev was on his
iPad one day and went to log into his AT&T account. In the public domain web-address, something
along the lines of www.att.com/login/query1547 (randomly thought up URL), Weev decided to merely
add one to the end of the URL. So instead of www.att.com/login/query1547 he typed in
www.att.com/login/query1548. What this ended up doing is revealing the email address of the person
who last logged-in. The email would just show up in the “Please enter your email” field of the log-in
28
process. Weev noticed this as a major security flaw and proceeded to collect all of the emails of the
people who logged in. He then sent the list, which contained email addresses from everyday citizens to
those in the military and the White House, to a journalist who proceeded to publish a story about the
security hole in AT&T's webservers. Instead of rewarding Weev with the find, or even thanking him,
they decided to file criminal charges on him. Weev wound up spending 18 months in prison over
addition as well as being labeled a “malicious hacker.” I have provided information about his story at
the end of the document in the Sources section.
So why did AT&T decide to punish Weev instead of thanking him? Because if they came out and
acknowledged that such a security flaw existed it would undermine their “power” and “superiority.” In
reality, while usually having a great but of money and overall capital, such large corporations and
organizations are not that strong. They throw up this disguise of being larger than life but it truly is all a
facade. (Funny enough, one movie that accurately portrays the underbelly of such corporations is the
1995 classic, Hackers. If you have not seen this movie then I would highly recommend it just for the
nostalgia and hilarious moments that were created around 90's cyber culture.) AT&T was able to
circumvent any real scrutiny from the main stream media (MSM) by labeling Weev as a “hacker” as
many people are often afraid of these stigmatic buzzwords. The same exact thing happened with
Edward Snowden. Instead of actually explaining the programs and organizations in question, not to
mention how Snowden was given free reign and access to all of these documents, the United States
labeled him as a traitor which is was the majority of the MSM broadcasted after the first intial days of
his leaks. And even now, in the wake of the Paris Attacks (11/13/2015) we see various governments
blaming encryption software and Edward Snowden instead of accepting that they were unable to
prevent the attacks. Mind you that the people who executed the Paris Attacks were using unencrypted
communications anyways.
This conversation of exposing people or governments in power is not a new argument. If you wish
to look up more on the relationship between those in power and those who are not then I have provided
a reading list in the Sources section. It is an interesting and intriguing read if you wish to truly
understand the relationship you have to your government or to other people who are in power over you.
On top of all of this, we are apparently not allowed to protest anymore when we are challenging
the powers that be. There are numerous protests that have been broken up (many times in violent ways)
in recent years. Some that come to mind are Occupy Wall Street and the most recent protest in Paris
over the meetings on climate change. Many times these peaceful protesters are being arrested also.
Now comes the Fourth Amendment. As I have previously shown, the NSA, GCHQ, “Five Eyes”,
and others have all been intercepting our data, looking up information on our data through
XKEYSCORE, and then storing that data for however long they choose to do so. Not even to mention
the ability to listen in through the microphone on your smartphone or laptop, and even the camera on
them as well. These countries have been in direct violation of our Fourth Amendment since 2001, most
likely even prior to that. Obtaining all of this information without going through the proper channels to
issue search warrants is strictly illegal. Yet, these governments and organizations will face no true
backlash because they have been able to ascend themselves above continental laws. The only way to
ensure that your Fourth Amendment Right is being kept true is to encrypt your data and stay safe,
which is pretty fucked up that you have to actively fight and use alternative routes in order to keep your
rights.
29
Why not Windows
http://www.getgnulinux.org/en/windows/
Restrictions
A legal copy of Windows is expensive, but what do you get? Windows and Office are
licensed, not sold.
By using these products, we have to agree to a number of harsh restrictions. For most
Windows licenses, you can't keep the software when you change the hardware. You
sometimes can't even give your software away. Who can run the software? On which
computer? What can you do with it? The list of restrictions is long and some items are
outrageous.
The small print in the contract
Windows and Office are licensed, not sold.
No one can buy Windows or Microsoft Office: instead users purchase a permission to
use them. The license describes the terms of this permission. It is the restrictive legal
text you have to click "OK" to upon install.
You must abandon many rights to use the software.
There are a number of restrictions that you must accept by law. Restrictions on who can
use the software, what kind of revenue you may earn with it, on how you choose to
install it, restrictions on your privacy, even on whether you can give it away: the list is
long. Reading the license and enumerating your remaining rights is itself a difficult task.
An OEM (Original Equipment Manufacturer)-distributed software cannot be
transferred to another computer.
If you bought your computer with Windows or Office pre-installed (the so-called OEM
licenses, or the "shrink wrap" Windows discs), if you change computers you must buy
software again. The license is linked to one computer, and expires when the computer
dies. It is then illegal to transfer the software on another computer.
If you go to most of the free software sites you can click down a couple of levels and
find the [GNU] ,GPL (General Public License) the X license, the Apache license,
whichever terms and conditions you have to accept in order to use that software.
Now with a proprietary software company, the license is buried so you can't read it until
after you have paid for the product, then they're asking you to turn off part of your
brain, they're asking you to turn off part of your ability to work with other people and
to do business, when you use their software.
Don Marti, 2005 interview
30
The meaning behind
Companies like Microsoft like to assimilate their software to physical products, when
mentioning copyright infringement for example. Yet, proprietary software is very
different because of the restrictive license -such restrictions would be unthinkable on a
car or bicycle, for example.
Restrictions on the use of Office and Windows are so harsh, that many violations occur
everyday around us. People are tempted to buy only one version of Microsoft Office and
install it on two computers. Others keep their version of Windows when they throw their
PC away. Other people give away their second-hand Windows software when they stop
using it.
You have an alternative to breaking this law, or feeling very restrained when you abide
to it. GNU/Linux is Free Software (much better than just freeware): its GPL license is
designed to protect your rights.
More details on restrictions
It is unclear who can use, receive or buy your software.
The license is particularly unclear as to who may or may not use your version of
Windows or Office. Several sentences in the Microsoft Office license suggest it would
be illegal to let your neighbour type a letter with your version of Word on your
computer.
It is however clear in the Microsoft Windows license that you may only give or sell your
copy of Windows software to anyone if you are the first buyer. This means, that if you
buy it from the user who initially purchased it from Microsoft, then you are not able to
sell or give the software away to yet another user, even if you do not use it anymore,
even if you buy the latest software version with your new computer.
You may not lease, lend or provide commercial hosting services with the software
You cannot let professional users use your software, whether they pay for the service or
not, and whether you use a "Professional" license or not.
The upgrade is only valid for the first license you use it on
If that original license expires (for example because the computer it came on stops
working), so does the upgrade. If you purchase an upgrade, you are not allowed to use
the original software version anymore.
Educational versions are crippled
If Microsoft accepts to define you as a student or an academic, you are allowed to buy
an academic license, and install the software on three computers. But it is illegal to use it
31
for any commercial purpose "or in any way related to the operation of any business
enterprise or revenue-generating activities".
The components of the software may not be separated
It is illegal to buy Microsoft Office, then install only Word on one computer, and only
Excel on another. The Office suite is one single product.
Private information is collected
The license explicitly states that "Microsoft and its affiliates" collect technical
information gathered on your computer by the software. They "may use this information
solely to improve products or to provide customized services or technologies".
In order to activate most Microsoft products, as part of the license agreement, your
computer connects to the Microsoft servers and sends "technical" information. It can
"solely" be used for pretty much anything.
Poor support for open standards
There exist open file formats and protocols, which are standards to store and carry many
types of information, respectively. They are openly specified: they can be read by
anyone on any computer, now and in the future. Proprietary programs, however, rarely
support them.
For a long time Microsoft Office only had support for Microsoft formats. There are
many ways to write work documents, but Microsoft Office users were bound to
Microsoft Office files. People who opted without expensive Microsoft products cannot
write and read .doc files very reliably.
There are of course other ways of writing and exchanging office files, the most well-
known being the OpenDocument Format. But Microsoft isn't keen on letting Office
users exchange files anyone can read and edit. As of Microsoft Office 2007 SP2,
Microsoft finally added support for the ODF format after being pushed by the European
Commission.
Standards that change all the time
Sticking to Microsoft standards is not an easy job unless you can afford to upgrade
very often. Ever tried to work on the same .doc file with both an Office 95 and an Office
97 computer? You'll know what we mean.
Microsoft owns the Office file formats: they change them with every new Office
version and have no obligation to keep them backwards-compatible. Saved your
presentation as a .ppt file? If you give up using Microsoft Office next year, you'll have
to rely on other communities to reverse-engineer the format, to be able to access
and modify your own work.
32
Default programs you can't uninstall
Don't want Windows Media Player on your computer? Don't use Internet Explorer
anymore? You can't uninstall these programs. They previously worked on a
standalone basis, but have been intrinsically linked with Windows so they come in
with every PC and no one can get rid of them.
Monopolistic practices
Microsoft has a tight control over OEMs (computer manufacturers) who ship their
computers with Windows installed.
This means that no program competing with Microsoft products, be it multimedia
player, web browser, office suite, instant messaging program or other, will come pre-
installed on most computers you can buy.
It is a good thing to propose a wide range of software and services like Microsoft do;
however, designing and combining them to shut users from non-Microsoft peers is
unethical. It's not technically hard to adopt more open formats. But it means your
customers are free to choose what they do with their work Microsoft isn't there yet.
What about source code?
The source code details the way a program works (it is effectively what programmers
write). Without it no one can understand how the software is built. It does not matter if
you can't read code: whether or not it is available directly affects any user.
No one can look inside
Windows comes without its source code. More than that: all users must abide to the
license term that says:
You may not reverse engineer, decompile, or disassemble the software.
As such, it is illegal to work out how Windows or Microsoft Word are designed. It is
even illegal to try. You are also forbidden to modify the program for any purpose.
This restriction in the license makes sure that Microsoft remain the sole organization
that understand how their products work. Windows is very much like a car that only
the original manufacturer is allowed to service.
You might say, "How do I change this recipe to take out the salt?" and the great chef
would respond, "How dare you insult my recipe, the child of my brain and my palate, by
trying to tamper with it? You don't have the judgment to change my recipe and make it
work right!"
Richard Stallman, Why Software Should Be Free
33
Insecurity means business
Whenever a flaw in Windows is discovered, it is exploited, which results in trojans,
viruses, spyware and the likes. Such nuisances delight the Windows security
industry, including Microsoft, which develops various anti-virus protections with
subscriptions.
It is a lucrative process to release flawed software that no one is allowed to change, and
then selling protection services over it (anti-virus software doesn't correct flaws: it
merely prevents viruses from exploiting them, if it is active and updated).
Microsoft will today happily sell you their own protection over their own insecurities
it sells the poisoned apple and its antidote, separately.
You can trust free software
It comes as no surprise that proprietary software is severely lacking in terms of security, compared to
software whose source code is freely available (including GNU/Linux).
Free software means programmers can change the code to repair flaws. It means you can hire
someone to really check how secure your software is. It means you can benefit from the contributions
of a world-wide community to improve safety and reliability. Fifteen million users run GNU/Linux
without an anti-virus, in complete safety. And the servers behind search engines and banks run on it
too.
Source code is the recipe for software. How could one improve on a meal with too much salt, if
forbidden to look at the recipe used to cook it?
Using Windows and Office requires us to not ask nor search for the source of the software. Only
Microsoft developers can modify your program.
Which would you rather trust: the package you are forbidden to study, or the package with the recipe?
34
Professor Norm Matloff’s Beginner’s Guide to Installing and
Using Linux
Norm Matloff
Department of Computer Science
University of California at Davis
matloff@cs.ucdavis.edu
c 1999-2013
January 4, 2013
1 Background Needed
I have tailored the material here to beginners. No special sophistication in computers is needed. Any
typical Microsoft Windows user should be able to understand the instructions here and install Linux in
less than an hour’s time. (Do not be intimidated by the length of this document; you probably will not
have to use most of it.) Don’t worry about the length of this document. You’ll probably only need a
small part of it. For some background on the history and significance of the Linux operating system, go
to Appendix A.
2 Install to Where?
I recommend that you install Linux on your hard drive, so that you will dual-boot either your old OS
(I’ll assume Windows from now on) or Linux. After installation, each time you boot up, you will be
given a choice of whether to boot Windows or Linux. Another alternative is to install Linux on a USB
key (memory stick) or external hard drive. Still another choice is to run Linux as a virtual machine.
This is not covered in this document, but if you are a UCD student, see
http://csifdocs.cs.ucdavis.edu/documentation/archives/csif-fedora-on-a-for the easy steps.
By the way, if you have a Mac, you may have the capabilities you need without Linux, since both the
Mac OS and Linux are Unix systems.
3 Which Linux Distribution Is Best?
Linux comes in various distributions, called distros by Linux aficionadosbut they are all Linux in
terms of functionality. Some of the most popular are Ubuntu, Red Hat, Fedora, Linux Mint, SuSE,
MEPIS, PCLinuxOS and so on. Remember, there are tons of good distros out there. Any of the above
would be fine, as would many others, but here is my short answer: Use Ubuntu (or one of the many
Ubuntu derivatives, such as Linux Mint). It is arguably one of the most user-friendly of the distros, and
it has a large user community you can access in the Ubuntu forum on the Web, probably the most
active one out there. I now use Ubuntu myself on my home computers, as well as on my office
computer, after years of using various other distros.
If you have an old machine, especially one with limited memory (i.e. RAM), you may wish to give
Puppy Linux or Damn Small Linux a try. I installed them (one at a time) on an old 1998 laptop with
only 64M of memory! And they take as little as 50M of disk space.
35
4 Installation
Here is the short way to install Linux on your hard drive, dual-booting with Windows.
4.1TheShortAnswer
Here you will install the Ubuntu distro, using UNetbootin as your installation tool.
For simplicity, I’ll assume you wish to install Linux to your laptop.
1. Download UNetbootin from its home page http://unetbootin.sourceforge.net/ to your hard drive. (For
further informat on UNetbootin, see http://sourceforge.net/apps/trac/unetbootin/wiki/guide.
2. Insert a USB key (memory stick). It needs to have FAT32 format. It probably came that way, but if not
then check the Web for how to fix that using your OS.
3. Run UNetbootin.
4. Click Select Distribution, and choose Ubuntu. Then choose the latest Live version in the window to the
right.
5. For Type, choose USB Drive, and for Drive, choose the drive in which your USB key is inserted.
6. Click OK.
7. After the installation to your USB key finishes, choose Exit.
8. Leaving your key in the drive, restart your laptop.
9. Select the choice labeled something like Try Ubuntu.
10. Once Ubuntu boots up, try to use the WiFi: Click on the proper icon at the top right of the screen, and
select your wireless network. If none appears, then for now, connect your machine to an Ethernet jack,
say at a public library or copy shop.
11. Follow directions. If asked whether you want third-party software to be installed, say yes.
12. Reboot (remove the USB key when the screen goes dark).
13. If WiFi didn’t work above, it should work now. You may have to click a pop-up window that asks If you
want to use the proprietary drivers.
During the installation process, there may be some mention of disk partitions. You should not have to
take action, but if you wish to know about partitions (very useful!), see Appendix B.
4.2InstallingLinuxtoaUSBKeyorExternalHardDrive
You can install Linux to a USB key or external hard drive, and boot up Linux from there whenever you
want to use Linux. (This is not the same as the USB key created from UNetbootin, which is only
temporary.)
1Unfortunately, UNetbootin does not produce Mac-bootable USB keys.
4.2.1InstallationMethodI(forSlaxLinux)
Slax is a nice, colorful and small version of Linux, at http://www.slax.org. Click on “Get Slax”
to download, and on “Read Manuals” to see how to install onto a USB key or external hard drive. It is
extremely easy!
In short:
1. Download the Slax .tar package.
2. Go to the directory (or folder, in Windows) for your USB key.
3. Unpack the .tar file from that directory.
4. Go to the boot subdirectory, and run either bootinst.sh (from Linux) or bootinst.bat (from Windows).
In the Linux case, you may need to precede your command by sudo.
4.2.2OtherMethods
You can use UNetbootin (Section 4.1), but you’ll need to make your USB installation persistent; see
http://sourceforge.net/apps/trac/unetbootin/wiki/guide. There are methods to construct your USB
installation “by hand” from an ISO file. This is complicated, and will not be pursued here.
36
5 Post-Installation Configuration
This section describes some further steps I recommend taking after your installation is finished.
5.1ConfiguringYourSearchPath(“Whycan’tIrunmya.out?”)
Most Linux distros do not include your current directory, ‘.’, in the PATH variable. Thus if for example
you compile a program and then type
a.out
the shell may tell you that a.out is not found. You are expected to explicitly specify the current
directory: ./a.out
If you consider this a problem, as I do, to remedy it in the case of the BASH shell (the default shell for
most distros), edit the file /.bash profile In the line which sets PATH, append “:.” (a colon and a dot) at
the end of the line, with no intervening spaces. Then log out and log in again, or do source
˜/.bash_profile
5.2ConfiguringaPrinter
Your Linux distribution should have some program to help you configure your printer if something
went wrong during installation. For example, if you are running the GNOME GUI, select System j
Administration j Printing.
It’s now easy to connect to a remote printer elsewhere on your network (even if it is on a Windows
machine), using Samba.
5.3SwitchingfromGNOME/UbuntuUnity
I personally don’t like the Unity window manager in GNOME. Many others feel the same way. So,
Ubuntu gives us other choices. To set them up, do
sudo apt-get install gnome-shell
At your next start, the login screen will show a symbol next to choices of login names; choose
Gnome Classic (No Effects) or whatever you like; experiment to find one that suits you.
5.4ConfiguringKDE/GNOMEforConvenientWindowOperations
5.4.1AutoraiseEtc.
You should find that windowing operations are generally easier in Linux systems than in Windows, in
the sense of requiring fewer mouse clicks, if you set things up that way. Personally, I find it annoying
in Windows that, when I switch from one window to another, I need to click on that second window. In
most Linux windowing systems, I can arrange things so that all I have to do is simply move the mouse
to the second window, without clicking on it. The term for this focus follows mouse, and we can
configure most Linux windowing systems to do this.
Also when I move from one window to another, I want the second one to “come out of hiding” and be
fully exposed on the screen. This is called autoraise, and can be configured too.
You can arrange this configuration in less than one minute’s time. Again, the exact configuration steps
will vary from GNOME to KDE, and from one version to another within those systems, so I can’t give
you the general steps here but here is how it works on GNOME in Ubuntu 12.10 or later:
Open a terminal window (ctrl-alt-t), and type
sudo gsettings set org.gnome.desktop.wm.preferences auto-raise true
37
sudo gsettings set org.gnome.desktop.wm.preferences focus-mode ’mouse
Then log out and back in. You only need do this once.
You get check these settings using get instead of set, or use reset to revert to the original values (false
and ’click’), e.g.
sudo gsettings resset org.gnome.desktop.wm.preferences auto-raise
6 Some Points on Linux Usage
6.0.2UbuntuRootOperations
Ubuntu works like any other Linux distro, except for one important point: Ubuntu does not have a root
user account in the classic Unix sense. Instead, whenever executing a command which requires root
privileges, one precedes the command by the term sudo (“superuser do”). One is then prompted for a
password, which is the password for the first user account created at the time of installation. If you
have a lot of root-type work to do in a session, type
$ sudo s
to create a new superuser shell, and do your work there.
6.1MoreonShells/TerminalWindows
In Microsoft Windows, most work done by most users is through a Graphical User Interface (GUI),
rather than in a command window (Start j Run j cmd). In Linux, a lot of work is done via GUIs but also
it is frequently handier to use a command window, called a terminal window. You should always keep
two or three terminal windows on your screen for various tasks that might arise. You can start a
terminal window in GNOME by typing ctrl-alt-t.
When you type commands in a terminal window, the program which reads and acts on those
commands is called a shell. (Thus a terminal window is sometimes called a “shell window.”)
I have an introduction to Unix shells, at http://heather.cs.ucdavis.edu/˜matloff/UnixAndC/
Unix/ShellIntro.html and http://heather.cs.ucdavis.edu/˜matloff/UnixAndC/Unix/CShellII.html. These
are based on the T C-shell, tcsh, but at least in the case of the first tutorials, most of the material also
applies to the more popular bash shell.
6.2CutandPasteWindowOperations
To do a cut-and-paste operations, hold down the left mouse button and drag it to highlight the text you
wish to copy. Then go to the place you wish to copy that text, and simultaneously push both the left and
right buttons. Generally, more things are cut-and-pastable in Linux than Windows, so this is a big
convenience.
6.3MountingOtherPeripheralDevices
This section explains how to use DVDs, USB devices and so on under Linux. You may wish to review
Section B before continuing.
6.3.1MountPoints
Each I/O device that contains a file system must be mounted, i.e. associated with some directory. That
directory is called a mount point. The files then appear in that directory.
These days most Linux distributions have a designated directory for mount points for DVD/CD-ROMs,
USB devices, floppy disks, etc. This will vary from one distribution to another, but typical directory
names are /mnt, /media etc. You can check what is currently mounted by running the df command from
38
a shell window (another good Linux learning experience). The mount points are listed along with the
/dev files. Also, to list the /dev files for all your operating drives including USB flash drives and
including drives not mounted, type
sudo fdisk
- For more detailed information, such as file system types, just run mount without any arguments.
Your machine’s internal hard drives, and possibly other devices, will be mounted automatically at boot
time. This is controlled by the entries in the file /etc/fstab. The details are an advanced topic, but even
without understanding everything, you might find it worthwhile to take a quick look at that file. Here is
a line from the file on my office machine,
/dev/sda3 /usr/home ext3 defaults 0 2
Here /dev/sda3 is the third partition (’3’) on my first SATA hard drive (‘a’). The entry says that this
partition has an ext3 type filesystem in it, and is to be mounted at the directory /usr/home. The
remaining entries concern things such as backup and file system checks.
When you attach a device to your machine after bootup, your system will probably recognize it
immediately, and maybe pop up a window showing the device’s contents. If you have trouble, you can
use the Unix mount command. This is an advanced command, but just to give you an idea, a typical
usage would be
mount -t iso9660 /dev/hdc /mnt/yyy
This tells Linux that the I/O device corresponding to /dev/hdc, our CD-ROM, should be mounted at the
directory /mnt/yyy. If that directory doesn’t exist, you must create it first, using mkdir. The field -t
iso9660 says that the file system type is ISO9660. This is standard for CD-ROMs, and you can
probably omit it. Use umount to unmount. It’s not safe to remove a USB device without running this
first.
6.3.2UsingUSBDevices
USB drives, including memory sticks, should have their filesystems mounted automatically when you
attach them. Use the df command to check where they’ve been mounted (it could be in the directory
/mnt/ /media etc.).USB mice should become automatically usable when you attach them.
2This might not work in some cases. If fdisk doesn’t recognize your device, try viewing the file /proc/partitions. Your
device
may appear there, say as sdb1. Then run mount as shown below, on /dev/sdb1.
7 Linux Applications Software
7.1GUIVs.TextBased
Most people prefer to use GUI-based applications. If you are one of them, rest assured that there are
tons of them available for Linux.
I do wish to mention, though, that many “super hard core” Linux users prefer to use text-based
applications, rather than GUI ones. For instance, I and many others like the mutt e-mail utility
(Section ??), which is text-based. Here’s why, at least in my view:
I often access my Linux machine remotely, while traveling. I might be at a university library, for
instance, or at the business center in a hotel, and be “stuck” with a Windows machine, and logging in to
my Linux machine via an SSH connection.4 This limits me to text.
39
It’s very important to me that I use the same text editor for all my computer applicationse-mail,
programming, word processing, etc.so that I can take advantage of all the abbreviations, shortcuts and
so on which I have built up over the years. This saves me huge amounts of typing. But most GUI
applications, e.g. e-mail utilities, have their own built-in text editors, so I can’t use mine.
I find that text-based applications often have more features, are better documented, etc. For example, I
often wish to automate certain processes, such as uploading files to another machine, and typically text-
based programs do this better. However, in listing my favorite applications in Section 7.2 below, I’ve
made sure to list both text-based and GUI programs.
7.2MyFavoriteUnix/LinuxApps
In Ubuntu, one downloads new apps using apt-get, which I’ll use in my examples here. The same is
true for other distros derived from Debian. In Fedora, use yum.
7.2.1TextEditing
I use a modern extension to the vi editor, vim. This is the version of vi which is built in to most Linux
distros. See my tutorial at http://heather.cs.ucdavis.edu/˜matloff/vim.html.
Note: In some Fedora distros, somehow the version of vim that is linked to vi isn’t configured fully
correctly. I suggest using /usr/bin/vim directly. Even though vim is text-based, it does have a GUI
version too, gvim. This comes with nice icons, allows you to do mouse operations, etc. Unfortunately,
most Linux distros seem to have only the text-based program. To get the GUI, you can download it
yourself. In Ubuntu, do
sudo apt-get install vim-gnome
For this, you may need to edit /etc/apt/sources.list and uncommented the lines for Canonical’s ’partner’
repository.
7.2.2WebBrowsingandJava
Your Linux distro will come with a Web browser, probably Firefox, and possibly Konqueror in
addition. I usually use Firefox. Chrome is nice, but I really like the plugins available for Firefox.
But believe it or not, sometimes I use the famous text-based browser, lynx. In some cases, it is just
plain quicker and easier. Moreover, you can do cool tricks, such as recording keystrokes for later
playback, thus enabling one to do certain Web operations automatically.
If you use Ubuntu, your system may not be configured for Java in Web browsing. If so, do
sudo apt-get install openjdk-7-jre
sudo apt-get install icedtea-7-plugin
7.2.3HTMLEditing
I usually use Vim, along with some macros I’ve written for HTML editing, but I sometimes use
Amaya, which is a full-featured GUI HTML editor, written by the Web policy consortium. One nice
feature is that you can actually use the embedded Web links, good for testing them. See my tutorial at
http://heather.cs.ucdavis.edu/˜matloff/amaya.html. There are many newer and more powerful packages,
such as Quanta+, Bluefish and NVu.
7.2.4Compilers
Some distros come with the GCC suite. Ubuntu, for example, does not, but it can be downloaded via
sudo apt-get install build-essential
# may need to do this separately:
sudo apt-get install libc6-dev # C library
40
7.2.5IntegratedSoftwareDevelopment(IDE)
For programming work, I rarely use IDEs, as they are slow to load, take up too much space, and often
don’t allow me to use my own text favorite editor. I find that the vim editor (cited above) and the ddd
GUI interface to the gdb debugging tool, work great together. For example, in vim I can type: make
(which I have aliased to just M, or with gvim click on the make icon, and the source code I’m
debugging will be recompiled. And as I’ve mentioned, it’s important to me that I use the same text
editor for all applications, which most IDE would not allow me to do. I use either GDB (try CGDB!) or
DDD for my debugging tool. See my tutorials at http://heather.cs.ucdavis.edu/˜matloff/vim.html and
http://heather.cs.ucdavis.edu/˜matloff/debug.html.
DDD is also usable with my favorite programming language, Python.
However, if you love IDEs, try Eclipse. I’ve got a tutorial that is more complete than most, at http:
//heather.cs.ucdavis.edu/˜matloff/eclipse.html. It can be used with C, C++, Java,
Perl, Python and many others.
Another system that has become quite popular is NetBeans. For R programming, RStudio and StatET
are both first-rate.
7.2.6WordProcessing
I use LATEX because of its flexibility, its beautiful output, and its outstanding ability to do math. You
may like Lyx, which is a great GUI interface to LATEX which is especially good for math work. See
my tutorials
at http://heather.cs.ucdavis.edu/˜matloff/latex.html and http://heather.cs.ucdavis.edu/˜matloff/lyx.html.
Install by running
sudo apt-get install texlive
# you may also need:
sudo apt-get install texlive-fonts-recommended
If you wish to work with files compatible with the Microsoft Office environment, there is a free suite of
programs, OpenOffice, which provide Microsoft compatibility. It is packaged with most Linux
distributions. If you would like something that quickly converts an Office file to rough text form, say to
use with e-mail attacments, try Antiword. In Ubuntu, install via
sudo apt-get install antiword
7.2.7PlayingMovies,Music,Etc.
MPlayer is free and outstanding. Its capabilities are amazingly broad.
The documentation is extensive, and hard to navigate, but here are a couple of things to get you started:
Installation: It’s easy in Ubuntu:
sudo apt-get install mplayer
sudo apt-get install mencoder
Otherwise, build it yourself, as follows
.
One downloads the source code, MPlayer-1.0pre7try2.tar.bz2 and the codecs, essential-
20041107.tar.bz2,
from www.mplayerhq.hu/design7/dload.html.
Unpack the codecs file first,
tar xfj essential-20041107.tar.bz2
41
This creates a new directory. Copy the contents of that directory to the directory /usr/local/lib/codecs
(use mkdir to create it if necessary). (Note: There may be legality issues with some codecs. When in
doubt about a particular codec, you should obtain it from a site like Fluendo that offers it for a nominal
fee, See a discussion at http://fedoraproject.org/wiki/CodecBuddy.
Now, unpack the source code file, and go into the directory it creates. Then go through the usual
sequence for building open-source software from source:
configure
make
make install
Note that if you want to use the GUI, the configure command should be
configure --enable-gui
After make install is done, you will probably get a message something like
*** Download font at http://www.mplayerhq.hu/dload.html
*** for OSD/Subtitles support and extract to
/usr/local/share/mplayer/font/
*** Download skin(s) at http://www.mplayerhq.hu/dload.html
*** for GUI, and extract to /usr/local/share/mplayer/skins/
The fonts are needed for the subtitles (and for the GUI, if you use it). Just the iso1 font is needed.
Download the font package, go to the indicated directory (/usr/local/share/mplayer/font/ in the above
example), and then do the unpack operation. This will produce a subdirectory, e.g. font-arial-iso-8859-
1.
Viewing a video:
To play a video or audio file, say x.avi, type
mplayer x.avi
If you specify several files, as a playlist, it will play them all. Hit the Enter key if you want to skip the
rest of the current file and go to the next one.
You have the following controls:
right and left arrow keys to go back or forward 10 seconds
down and up arrow keys to go back or forward 1 minutes
PgDown and PgUp keys to go back or forward 10 min
left- and right-bracket keys to decrease/increase speed by 10%, or left- and right-brace for 50%;
Backspace key to return to normal speed
Space bar to pause, then . to go forward frame by frame, Space bar to resume play
f to go full screen
q to quit
You can use mplayer, actually mencoder, which comes with the package, to do format conversion, e.g.
AVI to MPG, change aspect ratio, and even do some primitive editing.
There are many, MANY,MANYdifferent options. You may wish to try other players, e.g. VLC.
7.2.8VideoEditing
Try Kino, Cinelerra, LiVES and many others.
42
7.2.9ImageViewing,ManipulationandDrawing
I use xpdf to view PDF files, though Acroread for Linux is available. I like the fact that xpdf allows me
to copy ASCII text from the file. Others popular with Linux are evince, okular and MuPDF. For
collections of JPEG files and the like, I use xzgv, gqview and gwenview; for viewing a single image, I
use qiv.
Want something like Adobe Photoshop? The GIMP program is quite powerful, and free. It’s included
with most Linux distributions.
You can use GIMP to draw, but for “quick and dirty” tasks, I would suggest Dia, at
http://www.gnome.org/projects/dia/.
7.2.10FTP
I usually use the text-based ftp and sftp, the latter being an SSH version for security.
If you do frequent uploads/downloads to/from a particular site and wish to automate them, another text-
based program, yafc, is excellent. A very nice GUI program, though, is gftp, which you can download
from the Web if your Linux system doesn’t already have it. In addition to the GUI, this program also
has some functionality which ordinary FTP programs don’t have.
7.2.11StatisticalAnalysis
Use the statistical package that the professional statisticians useR!
In my opinion from the point of view of someone with a “foot in both camps”—I’m a computer science
professor who used to be a statistics professorthe R statistical package is the best one around,
whether open source or commercial. It is statistically modern and correct, and it also is a general-
purpose programming language.
I have a tutorial on R at http://heather.cs.ucdavis.edu/˜matloff/r.html.
Install via
sudo apt-get install r-base
7.2.12VideoChat
Currently, this is an area in which many Linux distros need work. Ubuntu comes with Ekiga, which
works best if the person you’re chatting with has Ekiga too. Skype has a Linux version, which many
people use, but some have found to have problems. As of this writing, Google does not offer Google
Talk for Linux. However, Empathy can be used. There are driver issues for some Webcams. Those
using the UVC protocol are supposed to work on Linux, with the uvcvideo driver that comes with
Linux. But again, there may be problems.
7.2.13RuningWindowsApplicationsfromWithinLinux
I am simply not a Windows user, but on occasion there is a Windows program I need to run from
within Linux. The simple way, if it works, is the WINE Windows emulator. Your distro may include it
(type which wine in a terminal window to check); if not, download it, with for example the Ubuntu
command being
udo apt-get install wine
For more involved applications, you may wish to try one of the virtual machine packages. See http:
//heather.cs.ucdavis.edu/˜matloff/vm.html for a brief introduction.
7.3DownloadingNewSoftware
There is a vast wealth of free software for Linux on the Web. Here’s how to obtain and install it.
43
7.3.1HowtoFindIt
These days most downloads and installs are done automatically, say with yum or apt-get, as seen in
Section 7.3.2 below. That helps you find it too. If you want to find application Z, instead of plugging
“Z” into Google, plug “yum install Z” or “apt-get install Z” so as to narrow down the volume of
response.
5In some respects, it’s even better than S, the commercial product it is based on.
7.3.2AutomaticDownload/Installation
In recent years, most Linux distros have made it very easy to download and install new software. In
Fedora, for instance, one uses the yum command. For example, to download the program yafc
mentioned above, one simply types yum install yafc. In Ubuntu, there is the apt-get command, which
works similarly. For instance, to download the xpdf PDF viewer, I typed
sudo apt-get install xpdf
(See Section 6.0.1 for an explanation of sudo. Ubuntu may ask you to install from your CD-ROM, but
yours may be incomplete. If so, comment out the first line of /etc/apt/sources.list; this is the line telling
Ubuntu to install from the CD-ROM.) For those who prefer GUIs, Ubuntu offers the Synaptic package
manager. With both yum and apt-get, one can direct where to download from, by making the proper
entries in the file etc/apt/sources.list. For instance, for the R statistical package above, apt-get may not
find it on its own, in which case we can add a line
deb http://cran.stat.ucla.edu/bin/linux/ubuntu gutsy/
to etc/apt/sources.list, telling apt-get that here is an alternative place it can look. (This is for the Gutsy
edition of Ubuntu.)
By default apt-get will try to retrieve your requested program from your installation CD/DVD. You can
change this by commenting-out the line in etc/apt/sources.list that begins with
deb cdrom:
Sometimes it may not be clear which package name to use with yum or apt-get. For instance, to install
the GCC compiler, C library and so on, the command is
sudo apt-get install build-essential
How did I learn this? I did a Web search for “apt-get GCC.”
To install the curses library (and include file), do
sudo apt-get install libncurses5-dev
7.3.3Debian/Ubuntu.debFiles
The Debian distro of Linux uses its own packaging for downloaded programs, which you’ll see as files
whose names have a .deb suffix. Ubuntu, as a derivative of Debian, uses this too.
Usually you will not need to work directly with these files, since you will use apt-get or Synaptic. But
if you do download such a file directly from the Web, use gdebi to install it; the GUI version is gdebi-
gtk.
7.3.4UsingRPMs
Though the methods in Section 7.3.2 have now made RPMs less important, you may find that the
software you want comes in an RPM package, with a.rpm suffix in its name. To install such a package,
44
type rpm -i package_file_name If you later wish to remove, i.e. uninstall a package, you can use rpm -e
(‘e’ stands for “erase”). You do NOT have to have the RPM file present to do this. Some packages will
have different versions for different C libraries. Red Hat uses glibc. Type ls -l /lib/libc* to see which
version you have. You may find that you need some library files for a program you download, and that
you are missing those files. You can usually get these from the Web too. If a program complains about
a missing file, try the ldd command (e.g. ldd x if the name of the program which needs the library is x);
this will tell you which libraries are needed, where they were found on your system, and which ones, if
any, were not found.
8 Learning More About Linux
The only way to really learn Linux is to use it on a daily basis for all your computer worke-mail,
word processing, Web work, programming, etc. As you do this, the expertise you’ll want to pick up
includes: file, directory and mount operations; process operations; roles of system directories (/usr, /etc,
/dev, /sbin and their various subdirectories, e.g. /usr/lib; search paths; network operation and utilities
such as netstat; and so on. Don’t try to do this all at once. Instead, take your time, and learn these
naturally, as the need arises. As you use Linux more and more in your daily computer application work
(e-mail, word processing, etc.), the needs will arise as you go along. And remember, there’s lots of help
available if you need it.
_ If you are running Ubuntu or one of its offshoots, the Ubuntu Forums, http://ubuntuforums.
org/ is an excellent resource.
Linux home page, at http://www.linux.org/Lots and lots of information is available here.
www.linux.com. Chock full of information and links.
Google’s excellent set of links to various Linux sites,
http://directory.google.com/Top/Computers/Software/Operating_Systems/Linux
Another good set of Linux links, http://www.linuxjunior.org/resources.shtml
If you are having trouble with specific hardware in your Linux installation, an excellent place to go for
detailed information is the Linux HOW-TO documentation. (For the same reason, if you are about to
purchase a machine and suspect that some of the hardware is nonstandard, you can check the
corresponding Linux HOW-TO to see if there are any problems with that hardware.
The HOW-TO documents are available at many sites, such as the one at linux.org.
There are Linux Users Groups (LUGs) in virtually every city. You can join if you wish, or just get to
know them casually. They are great sources of help! And by the way, many of them hold monthly
Linux Installfests, where you can see Linux being installed or have it installed on your own machine.
9 Advanced Linux Usage
9.1DualBootIssues
You may wish to change some parameters of your dual-boot process, e.g. change the default OS. You
can do this by editing the configuration file for your bootloader.
Most distros today use GRUB as their bootloader. Its configuration file is /boot/grub/menu.lst. By the
way, note that GRUB’s notation for partitions is (drive ID, partition number), so that for instance
(hd0,1) means the second partition in the first hard drive.
9.2LiveCDsorUSBKeyBasedLinuxAsRescueTools
Among other things, Knoppix has developed a reputation as being useful as an OS rescue/repair tool,
including for Windows! And now, most of the live CDs or USB-key based Linux installations can be
used this way. A common usage is to either fix broken files or at least make copies of important user
files. It may be, for instance, that Windows is not bootable due to corruption, but by using a Linux
45
rescue CD/USB key, we can access individual files. Here is a typical pattern. One brings up a terminal
window and then:
sudo -s # get root privileges; could try su root instead
fdisk -l # check where the partitions are
# say /dev/sda1 is of interest
mkdir x
mount /dev/sda1 x
cd x
# now you have those files at your disposal
In one case, I forgot my password on an Ubuntu netbook. I could fix it as root if I could boot up in
Ubuntu recovery mode, but unfortunately the GRUB bootloader was configured with a timeout value
of 0 seconds, giving me no way to choose recovery mode. So, I booted up Linux from a USB key
(Section 4.2), mounted my Ubuntu file system as above, and then edited the GRUB startup file,
/boot/grub/menu.lst, changing the timeout value to 5 seconds.
The preceding operations can be done by booting almost any Linux distro, but Knoppix is nicer as it
comes with two very nice utilities (both can be obtained separately as well):
testdisk: This does a lot of diagnostics on your hard drive, recover lost partitions, undelete deleted files,
fix boot sectors and so on.
ntfsfix: May be able to fix your broken NTFS partition.
photorec: Quite a program! It bypasses your (possibly broken) file system, and looks for files by going
through your hard drive literally bit by bit, looking for bytes that encode any of 180 known file types,
e.g. .jpg, .avi, .pdf etc.
9.3Troubleshooting
One of Linux’s biggest strengths is its stability. If you are tired of getting Windows’ infamous “blue
screen of death,” then Linux is the OS for you. (It is also subject to far fewer virus and other attacks
than Windows.) So emergencies are rare, but they can happen. Here are some tips for such cases.
9.3.1Tools
Here are some commands you can run in a terminal window that you can use to investigate:
ps: Tells you what processes are running. Typically one uses this with something like the ax option.
dmesg: Tells you the major events that have occurred on your machine ever since it was last booted up.
lsmod: This tells you what OS modules are installed, i.e. device drivers and the like.
lpq: Lists the current printer queue.
lsusb: Lists what USB devices are currently plugged in.
ifconfig: Lists network interfaces.
iwconfig: Lists currently operating wireless devices.
iwlist: Lists wireless access points in range.
netstat: Lists current network connections.
9.3.2WiFiNetworking
The newer versions of the major distros handle WiFi configuration pretty well without your
intervention. But if you have problems, the material in this section may be helpful.
9.3.3GeneralInformation
Below is a five-minute crash course in WiFi. Even if you don’t understand all of it, even partial
understanding may be helpful.
46
Recall that in Unix-family operating systems, I/O devices are represented as “files” in the directory /dev.
Your WiFi device is probably eth1 or wlan0.
Your WiFi device needs a driver. Many, if not most, laptops use Broadcom WiFi hardware, and in older
Linux distros, they needed some fiddling to work, but now it’s much easier (see below).
The names of wireless access points are called ESSIDs.
If you are connected to a router or a wireless access point, your machine is probably assigned an IP
address via DHCP, rather than statically. An error message like “no lease offered” means that the DHCP
process failed.
DNS servers convert an “English” address like www.google.com to a numerical address like
209.85.171.103. So your OS needs to set up a connection to a DNS server.
9.3.4NetworkManagementTools
If you are running the GNOME windows manager, select System j Administration j Network. There is
also an icon you can click in the toolbar; it looks like two black monitors when you are not connected,
and is a set of blue bars indicating signal strength when you are connected. Note that left- and right-
clicking gives different results, so try both. In KDE, select System j Network Device Control. You can
activate/deactivate your netword card during a session. In GNOME, this is done via System j
Administration j Network. The network managers included with most Linux distros are rather
primitive. An excellent alternative is WiFi Radar. In Ubuntu, install via
sudo apt-get install wifi-radar
9.3.5IndividualLinuxNetworkCommands
Useful commands from a terminal window include:
iwlist: You can determine which ESSIDs are within range of you by typing the command
$ sudo iwlist eth1 scanning
say if your wireless device is eth1.
ifconfig: Shows information about all your network interfaces, i.e. their hardware addresses, IP
addresses and so on. Lack of IP address on your wireless port, e.g. wlan0 or eth1, may indicate that
DHCP has failed. This command can also be used to set the IP address and other parameters “manually,”
deactivate/reactive a network interface, etc.
iwconfig: Shows information about all your wireless connections. Also can be used by you to specify
which access point you wish to use. For example, to select a particular wireless access point named X,
type
sudo iwconfig wlan0 essid "X"
(assuming wlan0 is your wireless interface)
.
dmesg: Shows a record of your last bootup. This may show error messages regarding yourWiFi card. It’s
pretty long, so either run it through more, i.e. run
dmesg | more
or save it to a file, say dmesg.out, and then explore the file at your leisure with a text editor.
_ route: Displays the current packet routing table.
_ ethtool: Running
ethtool eth0
47
will give you information about your Ethernet link, e.g. link speed. To get statistics on recent usage, run
ethtool --statistics eth0
Some of these must be used with root privilege. For example, running
iwlist eth1 scanning
may produce no access points, while
sudo iwlist eth1 scanning
will show you all of them.
The file /etc/resolv.conf lists the IP addresses of the DNS servers. You can add more nameserver lines if
you know of some, say from your ISP (of for that matter, other ISPs).
9.3.6IfYouHaveaProblem
These days, Linux generally does well with WiFi, and it might work for you “right out of the box,”
with no configuration on your part. If not, this section is for you. Some wireless network cards typically
sold with PCs today do not have direct Linux drivers available. A common example is the Broadcom
BCM43XX series. However, you can still operate as usual after some
preparation, as explained below.
Ubuntu: BCM43XX Series
Ubuntu handles Broadcom cards well, as long as you have Linux kernel 2.6.15 or newer. (Run dmesg if
you want to check this.) You simply need to take the following action once:
First establish an Ethernet connection to the Internet, to enable download. For example, if you have a
router at home, even a wireless one, connect your machine directly to the router with an Ethernet cable.
Then Select System j Administration j Hardware Devices (the last might be labeled Additional
Drivers). It will ask you if you want to download the Broadcom firmware, so say yes. Check the Enable
box for Firmware for Broadcom 43 Wireless Driver. You will be asked whether you want the firmware
to be downloaded from the net; say yes. Then check Enabled after the download. Know YourWiFi
Card You first need to determine which wireless card you have. On the laptop I use now, I determined
this by running dmesg and lspci under Linux. Sure enough, it turned out to be a Broadcom BCM43XX
series card. Other Cards/Kernels
For other cards, go to the ndiswrapper home page, http://ndiswrapper.sourceforge.net/.
The program ndiswrapper allows Linux to use Windows drivers.
9.3.7AProgramFreezes
If an application program freezes up and you invoked it from the command line within a shell, you can
inmost cases kill it by hitting Ctrl-c in the terminal window from which invoked it. If this doesn’t work,
run the “processes” command by typing
ps ax
in another terminal window, and noting the process number of your program. Say for concreteness that
that number is 2398. Then type
kill -9 2398
48
to kill the program. If you have a program named, say, xyz, the command
pkill -9 xyz
kills all running instances of the program.
9.3.8ScreenFreezes
What if your entire screen freezes up? Again, this should be quite rare, but it is possible. I recommend
the following remedies, in order:
_ In Gnome hit Alt F2, which will bring up a little window in which you can run a command, say pkill
as above.
_ In Gnome, hit Ctrl Alt T, which will create a new terminal window, from which you can kill the
offending program.
_ Try going to another screen! Linux allows you to switch among multiple screens. In Gnome, for
instance, you can switch to the second screen from the first via Ctrl Alt Right, and go back via Ctrl Alt
Left. Then open a terminal window in the new screen, find the process number of the program and kill
the program, as described above.
_ In Gnome, try hitting Ctrl Alt Del). This should cause an exit from Linux’s X11 windowing system but
not an exit from Linux itself. You would then get an opportunity to log in again.
Try NOT to simply poweroff the machine, as that may do damage to your files. It may not be permanent
damage, as the OS will try to fix the problems when you next reboot, but don’t just pull the plug unless
you have no other recourse.
9.4AccessingYourWindowsFilesfromLinux
At this point, most Linux distributions, except Fedora/Red Hat, give you access (at least read access) to
your Windows partition from Linux. For some of them, they may do this automatically, in which case
your Windows partition, say /dev/hda1 should be visible in the file /etc/fstab. If not, mount it yourself:
mkdir /dosc
mount /dev/hda1 /dosc
cd /dosc
You should now see your Windows files, and should be able to access them on at least a read basis. For
more information, including concerning write access, ss the Linux-NTFS Project, http://www.linux-
ntfs.org/.
A What Is Linux?
Linux is a form of the Unix operating system. Though originally Unix was used mainly by engineers
and scientists and thus was not very familiar to the general public, a lot of what you take for granted on
computer systems today began in Unix. A notable example is the Internetthe first major operating
system to implement the TCP/IP protocol at the heart of the Internet was Unix, and that led to the
general acceptance of the protocol. The Apple Macintosh operating system is based on a form of Unix,
and the Android system is based on Linux.
In the early 1990s, computer science student Linus Torvalds decided to write his own version of Unix,
which he called Linux. Other “homegrown” versions of Unix had been written, such as MINIX, but
what distinguished Linux was the scale of worldwide participation involved. Torvalds innocently put a
message on the Internet asking if anyone wanted to help, and he got a torrent of responses. There are a
several reasons why Linux is mainstream today. First, it became known as a very reliable, stable
operating system, with one result being that Linux has become a major platform for large corporate
49
Web servers. Another reason is that it is free, as is the vast majority of the software associated with it
developed elsewhere. Many companies have found that it is cheaper to run Linux on their PCs, both for
this reason and because of reduced maintenance costs. There are several good reasons for you to use
Linux:
As mentioned, Linux is becoming one of the “hottest” software systems. Virtually all of the major
companies are promoting it, and as mentioned Linux is a leading corporate choice for Web servers.
Linux is the main operating system used at , and in fact they developed their own version of Linux,
Goobuntu (a play on Ubuntu, one of the most popular versions of Linux).
Linux is also starting to make inroads in large desktop markets, such as businesses, schools and so on,
due to its high reliability, far lower rate of infection by viruses compared to Windows, and its low cost.
The Linux community shares. That means that people online are much more willing to help you, and
more open source software is available. If you are a university computer science student, there are some
very important additional advantages:
Many CS courses make specific use of Unix, and thus their work cannot be done on Windows platforms.
Since it is a full Unix system, Linux allows students to do their homework in the comfort
of their own homes. If you are new to Unix, click here for my Unix tutorial Web page at
http://heather.cs.ucdavis.edu/˜matloff/unix.html, which will introduce you to Unix file and directory
commands, and so on.
In installing and using Linux, students learn many practical things about computers which they do not
learn in coursework. This practical experience can also help you in job interviews, both for permanent
jobs after graduation and for summer jobs and internships/co-ops during your college years. Even if the
job you interview for does not involve Linux, you will definitely impress the interviewer if, for example,
you discuss various things you have done to use and customize your Linux system.
B What Is Partitioning?
It is probably not necessary for you to know the material here, and it is rather detailed, but you
may find it useful at some point. I do recommend that you take a few minutes and read this section. A
hard drive (not just for Linux) will consist of one or more partitions. A partition is a set of contiguous
space (sequential blocks) on the disk, and is treated as an independent disk.
So, assuming you want your system to include bothWindows and Linux (termed a dual boot situation,
since you can boot either system), you will need at least one partition for Windows and one (actually
two) for Linux. It’s important to understand how the naming works: In Linux systems, all I/O devices
are treated as “files.” If your first hard drive is of the IDE type, the entire drive is probably called
/dev/hda, i.e. the “file” had within the directory /dev. In the case of SATA-type hard drives, the
notation is /dev/sda etc. Your first CD-ROM/DVD drive may be /dev/hdc (your third “hard drive”),
your first USB port may be /dev/sdf1 and so on.
Partitions within, say, /dev/hda, are called /dev/hda1, /dev/hda2 and so on.
Your original Windows single partition was probably /dev/hda1 or /dev/sda1. Within a partition
you’ll have some type of file system. The disk consists simply of a long stream of bytes, with no
structure, so the OS needs to have a way of organizing them into files, recording where in that stream
each file has its bytes. But you don’t need to know the details. Windows XP and Vista use the NTFS
file system. The standard Linux file system is ext2 (number 0x83, sometimes called Linux native), or
possibly ext3, for your main Linux partition and of type swap for your swap partition (number 0x82,
used for temporary storage during the time the OS is running).PCs were originally designed to have up
to four “real” partitions, called primary partitions. After people found that to be too constraining,
logical or extended partitions were invented. You should install Linux in a primary partition, for
recovery reasons, but it is not necessary.
50
B.1PartitioningUsingGParted
Today most distros will invoke a partitioning program to do your partitioning. This could be the
famous GParted program, or one that the authors of your distro wrote themselves.
You can use GParted on your own by downloading and booting a GParted live CD (or USB key), but
I’ll assume here that your Linux installation program invokes either GParted or another program
written specifically for your distro. Since every distro will handle this a bit differently, what I will do
here is just give you an understanding of what operations need to be done, with the specific mouse
clicks needed varying from one distro to another. I’ll assume that you want your Windows and Linux
systems to coexist on the same hard drive. So when your
distro’s installer program asks you whether you want to use the entire disk, be sure to say no! Of
course, if you do want to erase Windows, or if you are installing Linux on a separate drive from
Windows, you can go ahead and use the whole drive.
Here are the main steps in GParted, roughly stated (you may see some variation):
Select the disk you wish to repartition. If you have only one disk, it will be something like /dev/hda. (See
Section B.)
Select the partition where Windows resides. This will typically cover the entire disk, and will almost
certainly be of file system type NTFS. I’ll assume that here.
Decide how much space you want to remove from the Windows partition in order to make a partition for
Linux.
Now resize, in this case shrink, the Windows partition. The partioner will ask you how much room to
make.
Adjust the partition size according to your desired value.
You’ll need to make the main Linux partition primary, of type ext2 or ext3, and set to be bootable.
You’ll need a smaller partition of type linux-swap. This is not used for files, but rather as “scratch
space” by the OS, for virtual memory and for storage when your machine is in hibernate mode.
You’ll then have to commit, i.e. save, the changes to the partitions. This might take a few minutes, so be
patient.
The next time you boot Windows; you will be asked if you want a disk consistency check. Definitely say
yes.
51
TOR The Onion Relay
(Links route to www.torproject.org)
Tor: Overview
Topics
Overview
Why we need Tor
The Solution
Staying anonymous
The future of Tor
Overview
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy
and security on the Internet. Tor's users employ this network by connecting through a series of virtual
tunnels rather than making a direct connection, thus allowing both organizations and individuals to
share information over public networks without compromising their privacy. Along the same line, Tor
is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations
or content. Tor can also be used as a building block for software developers to create new
communication tools with built-in privacy features.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to
news sites, instant messaging services, or the like when these are blocked by their local Internet
providers. Tor's hidden services let users publish web sites and other services without needing to reveal
the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and
web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental
organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in
a foreign country, without notifying everybody nearby that they're working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and
security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism
for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive
analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace
traditional VPNs, which reveal the exact amount and timing of communication. Which locations have
employees working late? Which locations have employees consulting job-hunting websites? Which
research divisions are communicating with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used
Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling
web sites without leaving government IP addresses in their web logs, and for security during sting
operations.
52
The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the
other users on the network, so the more populous and diverse the user base for Tor is, the more your
anonymity will be protected.
Why we need Tor
Using Tor protects you against a common form of Internet surveillance known as "traffic analysis."
Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the
source and destination of your Internet traffic allows others to track your behavior and interests. This
can impact your checkbook if, for example, an e-commerce site uses price discrimination based on
your country or institution of origin. It can even threaten your job and physical safety by revealing who
and where you are. For example, if you're travelling abroad and you connect to your employer's
computers to check or send mail, you can inadvertently reveal your national origin and professional
affiliation to anyone observing the network, even if the connection is encrypted.
How does traffic analysis work? Internet data packets have two parts: a data payload and a header used
for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or
an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals
a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the
header, which discloses source, destination, size, timing, and so on.
A basic problem for the privacy minded is that the recipient of your communications can see that you
sent it by looking at headers. So can authorized intermediaries like Internet service providers, and
sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve
sitting somewhere between sender and recipient on the network, looking at headers.
But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the
Internet and use sophisticated statistical techniques to track the communications patterns of many
different organizations and individuals. Encryption does not help against these attackers, since it only
hides the content of Internet traffic, not the headers.
The solution: a distributed, anonymous network
53
Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your
transactions over several places on the Internet, so no single point can link you to your destination. The
idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you
and then periodically erasing your footprints. Instead of taking a direct route from source to
destination, data packets on the Tor network take a random pathway through several relays that cover
your tracks so no observer at any single point can tell where the data came from or where it's going.
To create a private network pathway with Tor, the user's software or client incrementally builds a
circuit of encrypted connections through relays on the network. The circuit is extended one hop at a
time, and each relay along the way knows only which relay gave it data and which relay it is giving
data to. No individual relay ever knows the complete path that a data packet has taken. The client
negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't
trace these connections as they pass through.
Once a circuit has been established, many kinds of data can be exchanged and several different sorts of
software applications can be deployed over the Tor network. Because each relay sees no more than one
hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the
connection's source and destination. Tor only works for TCP streams and can be used by any
application with SOCKS support.
For efficiency, the Tor software uses the same circuit for connections that happen within the same ten
minutes or so. Later requests are given a new circuit, to keep people from linking your earlier actions to
the new ones.
54
Staying anonymous
Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to
use protocol-specific support software if you don't want the sites you visit to see your identifying
information. For example, you can use Tor Browser while browsing the web to withhold some
information about your computer's configuration.
Also, to protect your anonymity, be smart. Don't provide your name or other revealing information in
web forms. Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor
does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic
coming out of your computer, and also the traffic arriving at your chosen destination, he can use
statistical analysis to discover that they are part of the same circuit.
The future of Tor
Providing a usable anonymizing network on the Internet today is an ongoing challenge. We want
software that meets users' needs. We also want to keep the network up and running in a way that
handles as many users as possible. Security and usability don't have to be at odds: As Tor's usability
increases, it will attract more users, which will increase the possible sources and destinations of each
communication, thus increasing security for everyone. We're making progress, but we need your help.
Please consider running a relay or volunteering as a developer.
Ongoing trends in law, policy, and technology threaten anonymity as never before, undermining our
ability to speak and read freely online. These trends also undermine national security and critical
infrastructure by making communication among individuals, organizations, corporations, and
governments more vulnerable to analysis. Each new user and relay provides additional diversity,
enhancing Tor's ability to put control over your security and privacy back into your hands.
55
Tails
(Links route to https://tails.boum.org/about/index.en.html, debian.org,
or to torproject.org)
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet
anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no
trace unless you ask it to explicitly.
It is a complete operating system designed to be used from a DVD, USB stick, or SD card
independently of the computer's original operating system. It is Free Software and based on Debian
GNU/Linux.
Tails comes with several built-in applications pre-configured with security in mind: web browser,
instant messaging client, email client, office suite, image and sound editor, etc.
1. Online anonymity and censorship circumvention
1. Tor
2. I2P
2. Use anywhere but leave no trace
3. State-of-the-art cryptographic tools
4. What's next?
5. Press and media
6. Acknowledgments and similar projects
Online anonymity and censorship circumvention
Tor
Tails relies on the Tor anonymity network to protect your privacy online:
all software is configured to connect to the Internet through Tor
if an application tries to connect to the Internet directly, the connection is automatically blocked
for security.
Tor is an open and distributed network that helps defend against traffic analysis, a form of network
surveillance that threatens personal freedom and privacy, confidential business activities and
relationships, and state security.
Tor protects you by bouncing your communications around a network of relays run by volunteers all
around the world: it prevents somebody watching your Internet connection from learning what sites
you visit, and it prevents the sites you visit from learning your physical location.
Using Tor you can:
be anonymous online by hiding your location,
connect to services that would be censored otherwise;
56
resist attacks that block the usage of Tor using circumvention tools such as bridges.
To learn more about Tor, see the official Tor website, particularly the following pages:
Tor overview: Why we need Tor
Tor overview: How does Tor work
Who uses Tor?
Understanding and Using Tor An Introduction for the Layman
To learn more about how Tails ensures all its network connections use Tor, see our design document.
I2P
You can also use Tails to access I2P which is an anonymity network different from Tor.
Learn how to use I2P in Tails in the documentation.
To know how I2P is implemented in Tails, see our design document.
Use anywhere but leave no trace
Using Tails on a computer doesn't alter or depend on the operating system installed on it. So you can
use it in the same way on your computer, a friend's computer, or one at your local library. After
shutting down Tails, the computer will start again with its usual operating system.
Tails is configured with special care to not use the computer's hard-disks, even if there is some swap
space on them. The only storage space used by Tails is in RAM, which is automatically erased when
the computer shuts down. So you won't leave any trace on the computer either of the Tails system itself
or what you used it for. That's why we call Tails "amnesic".
This allows you to work with sensitive documents on any computer and protects you from data
recovery after shutdown. Of course, you can still explicitly save specific documents to another USB
stick or external hard-disk and take them away for future use.
State-of-the-art cryptographic tools
Tails also comes with a selection of tools to protect your data using strong encryption:
Encrypt your USB sticks or external hard-disks using LUKS, the Linux standard for disk-
encryption.
Automatically use HTTPS to encrypt all your communications to a number of major websites
using HTTPS Everywhere, a Firefox extension developed by the Electronic Frontier
Foundation.
Encrypt and sign your emails and documents using the de facto standard OpenPGP either from
Tails email client, text editor or file browser.
Protect your instant messaging conversations using OTR, a cryptographic tool that provides
encryption, authentication and deniability.
Securely delete your files and clean your diskspace using Nautilus Wipe.
Read more about those tools in the documentation.
57
What's next?
To continue discovering Tails, you can now read:
the warning page to better understand the security limitations of Tails and Tor,
more details about the features and software included in Tails,
our documentation explaining in detail how to use Tails,
some hints on why you should trust Tails,
our design document laying out Tails specification, threat model and implementation,
the calendar that holds our release dates, meetings and other events.
58
Installing Tails
Here is the link you can use to find the Tails .iso you need in order to manually install
Tails onto your drives. https://tails.boum.org/download/index.en.html
Manual Installation using Linux
Find out the device name of the device
The device name should be something like /dev/sdb, /dev/sdc, etc.
If you are not sure about the exact device name, with GNOME, do the following:
1. Make sure that the USB stick or SD card onto which you want to install Tails is unplugged.
2. Open GNOME Disk Utility from the menu Applications Accessories Disk Utility
3. Disk Utility lists all the current storage devices in the left pane of the window.
4. Plug the USB stick or SD card onto which you want to install Tails.
A new device appears in the list of storage devices. Click on it.
5. In the right pane of the window, verify that the device corresponds to your device, its brand, its
size, etc.
On this screenshot, the USB stick is a Kingston DataTraveler of 2.0 GB and its device name is
/dev/sdc. Yours are probably different.
If you are not sure about the device name, you should stop proceeding or you risk overwriting any
hard disk on the system.
Do the copy
All the data on the installed device will be lost.
Execute the following commands, replacing [tails.iso] with the path to the ISO image that you
want to copy and [device] with the device name found in step 1.
dd if=[tails.iso] of=[device] bs=16M && sync
59
Here is an example of the commands to execute, yours are probably different:
dd if='/home/amnesia/Desktop/tails-0.6.2.iso' of=/dev/sdc bs=16M && sync
If you are not sure about the path to the ISO image or if you get a No such file or directory error
message, you can first type dd, followed by a space, and then drag and drop the icon of the ISO image
from a file browser onto the terminal. This should insert the correct path to the ISO image in the
terminal. Then complete the command and execute it.
If you don't see any error message, Tails is being copied onto the device. The whole process might take
some time, generally a few minutes.
Once the command prompt reappears, you can shutdown your computer, and start Tails from this new
device.
Troubleshooting
dd: /dev/sdx: No such file or directory
Then double-check the name of the device you found in step 1.
dd: /dev/sdx: Permission denied
You might also have committed a mistake in the device name, so please double-check it. If you are sure
about the device name, this could be a permission problem and you could need to gain administration
privileges before running the commands in the terminal. That could be:
sudo dd if=[tails.iso] of=[device] bs=16M && sync
dd: tails.iso: No such file or directory
Then you surely have committed a mistake on the path to the ISO image in step 2.
60
Manual Installation using Windows
This technique uses the Universal USB Installer, for more info or more help visit
http://www.pendrivelinux.com/.
Insert a USB stick with at least 2GB of free space
Download the Universal USB Installer
You will need version 1.9.5.4 or later.
Click 'Run' when prompted
If the security dialog appears, confirm by clicking 'Run'
Read the license agreement and choose 'I Agree' to continue
61
Select Tails from the dropdown list
Click 'Browse' and open the downloaded ISO file
62
Choose the USB stick
Click 'Create'
63
Then safely remove the USB stick from the computer.
After the installation completes, you can start Tails from this new USB stick.
64
Manual Installation using Mac
Find out the device name of the USB stick
The device name should be something like /dev/disk8, /dev/disk9, etc.
If you are not sure about the exact device name, do the following:
1. Unplug the USB stick.
2. Open Terminal from Applications Utilities Terminal.app
3. Execute the following command:
4. diskutil list
This returns a list of all the current storage devices. For example:
$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS MacDrive 250.0 GB disk0s2
3: EFI 134.1 GB disk0s3
4: Microsoft Basic Data BOOTCAMP 115.5 GB disk0s4
1. Plug back the USB stick and run the same command as before:
2. diskutil list
A new device should appear in the list of storage devices. Check that the size of the device
corresponds to the size of your USB stick.
$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS MacDrive 250.0 GB disk0s2
3: EFI 134.1 GB disk0s3
4: Microsoft Basic Data BOOTCAMP 115.5 GB disk0s4
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *4.0 GB disk1
1: Apple_HFS Untitled 1 4.0 GB disk1s1
In this example, the USB stick is 4.0 GB and the device name is /dev/disk1. Yours are probably
different.
If you are not sure about the device name you should stop proceeding or you risk overwriting any
hard disk on the system.
Unmount the USB stick
Execute the following command, replacing [device] with the device name found in step 1.
diskutil unmountDisk [device]
Do the copy
65
Execute the following command, replacing [tails.iso] by the path to the ISO image that you want to
copy and [device] by the device name found in step 1. You can add r before disk to make the
installation faster.
dd if=[tails.iso] of=[device] bs=16m && sync
You should get something like this:
dd if=tails-i386-1.3.iso of=/dev/rdisk9 bs=16m && sync
If you are not sure about the path to the ISO image or if you get a No such file or directory error, you
can first type dd if= and then drag and drop the icon of the ISO image from a file browser onto
Terminal. This should insert the correct path to the ISO image in Terminal. Then complete the
command and execute it.
If you don't see any error message, Tails is being copied onto the USB stick. The whole process might
take some time, generally a few minutes.
If you get a "Permission denied" error, try executing the command with sudo:
sudo dd if=[tails.iso] of=[device] bs=16m && sync
Be careful, if the device name is wrong you might overwriting any hard disk on the system.
The installation is complete when the command prompt reappears.
Start Tails
After the installation completes, follow the instructions to start Tails on Mac.
Notes
This method was successfully tested on the following hardware:
MacBook Pro Model A1150 with OS X 10.6.8, 2006
MacBook Pro Retina 15" Mid-2012 (aka MacBookPro10,1)
The method worked on some hardware but a bug in the video support prevented Tails to start
successfully:
MacBook Pro Retina with OS X 10.8.3, December 2012
Macbook Pro model A1150
Note that Tails developers are in general not very knowledgeable about Mac. Any additional
information is welcome.
66
Jolly Roger’s Security Thread for
Beginners
LastUpdated2014
By: Jolly Roger
ActiveSource
http://bm26rwk32m7u7rec.onion/index.php?PHPSESSID=8i5jin3i1ufu6dhm7ned59jdm6&topic=2107.
0
67
INTRODUCTION TO SECURE COMMUNICATION - TOR, HTTPS, SSL
Greetingscomrades.
ThroughmyresearchIhaveputtogethersomesecuritymeasuresthatshouldbeconsideredby
everyone.ThereasonIputthistogetherismainlyforthenewbiesofthisforum.ButifIcanhelp
anyoneout,thenIamgratefulforthis.Iwouldliketostartoutbysaying,ifyouarereadinglike,you
arelikelyaSilkRoaduser.Ifthisisthecase,thenthe#1thingyoumustbeusingtoevenaccessthis
formisTor.Torwillprovideyouwithadegreeofanonymitybyusingan128bitAES(Advanced
EncryptionStandard).TherehasbeensomedebateastowhetherornottheNSAcancrackthiscode,
andtheanswerislikelyyes.Thisiswhy,youshouldneversendanythingoverTorthatyouaren't
comfortablesharingwiththeentireworldunlessyouareusingsomesortofPGPencryptionwhichwe
willtalkaboutlater.
Communicationfromyourcomputer,totheinternetreliesonanentrynodewhichbasically
"entersyourcomputer"intotheTornetwork.Thisentrynodecommunicateswithyourcomputer,this
entrynodeknowsyourIPaddress.Theentrynodethenpassesyourencryptedrequestontotherelay
node.Therelaynodecommunicateswiththeentrynodeandtheexitnodebutdoesnotknowyour
computer'sIPaddress.Theexitnode,iswhereyourrequestisdecryptedandsenttotheinternet.The
exitnodedoesnotknowyourcomputer'sIP,onlytheIPoftherelaynode.Usingthismodelof3nodes
itmakesitharder,butnotimpossibletocorrelateyourrequesttoyouroriginalIPaddress.
TheproblemcomesobviouslywhenyouareenteringplaintextintoTORbecauseanybodycanset
upanexitnode.TheFBIcansetupanexitnode,theNSA,oranyotherforeigngovernment,orany
maliciouspersonwhomaywanttostealyourinformation.Youshouldnotbeenteringanysensitive
dataintoanywebsites,especiallywhenaccessingthemoverTOR.Ifanyofthenodesinthechainare
compromised,andsomelikelyare,andthepeopleinchargeofthosecompromisednodeshavethe
computingpowertodecryptyourrequest,thenyoubetterhopeitwasn'tanythingsensitive.
Sowhatcanwedotofixthis?Well,luckilywearenowhavingmoreandmoreserversthatare
offeringsomethingcalledHiddenservices.Youcaneasilyrecognizetheseservicesbythe
address.onion.Theseservicesofferwhat'scalledendtoendencryption.Whatthisdoesistakethe
poweroutofthecompromisedexitnodesandputthembackinyourhands.Thewebserverofthe
hiddenservicenowbecomesyourexitnode,whichmeansthewebsiteyouarevisitingistheone
decryptingyourmessage,notsomerandomexitnoderanbyapotentialattacker.Remember,theexit
nodehasthekeytodecryptyourrequest.Theexitnodecanseewhatyouaresendingincleartext
oncetheydecryptit.Soifyouareenteringyournameandaddressintoafield,theexitnodehasyour
information.Ifyouareputtingacreditcard,abankaccount,yourrealname,evenyourlogin
information,thenyouarecompromisingyouridentity.

Anotherstepyoucantake,istoonlyvisitwebsitesthatusesomethingcalledHTTPSecure.You
cantellifthewebsiteyouarevisitingisusingHTTPSecurebytheprefixatthebeginningofthe
address.Ifyouseehttps://thenyourwebsiteisusingHTTPSecure.Whatthisdoesisencryptsyour
requestssothatonlytheservercandecryptthem,andnotsomebodyeavesdroppingonyour
communicationsuchasacompromisedTorexitnode.Thisisanotherformofendtoendencryption.If
68
somebodywere tointerceptyour request over HTTPSecure, they wouldsee encrypteddataandwould
havetoworktodecryptit.
AnotherreasonyouwanttouseHTTPSwheneverpossible,isthatmaliciousTornodescan
damageoralterthecontentspassingthroughtheminaninsecurefashionandinjectmalwareintothe
connection.Thisisparticularlyeasierwhenyouaresendingrequestsinplaintext,butHTTPSreduces
thispossibility.Youmustbemadeawarehowever,thatHTTPScanalsobecurrentlycrackeddepending
onthelevelofthekeyusedtoencryptit.WhenyouvisitawebsiteusingHTTPS,youareencrypting
yourrequestusingtheirpublickeyandtheyaredecryptingitusingtheirprivatekey.Thisishow
cryptographyworks.Apublickeyisprovidedtothosewhowanttosendanencryptedmessageandthe
onlyonewhocandecryptistheonewiththeprivatekey.
Unfortunately,manywebsitestodayarestillusingprivatekeysthatareonly1,024bitslongwhich
intoday'sworldarenolongerenough.Soyouneedtomakesureyoufindoutwhichlevelofencryption
thewebsiteyouarevisitinguses,tomakesuretheyareusingataminimum2,048,ifnot4,096bits.
Evendoingallofthisunfortunatelyisnotenough,becausewehaveanotherproblem.Whathappensif
thewebserveritselfhasbecomecompromised?MaybeyourTORnodesareclean,maybeyouhave
usedHTTPSforallyourrequests,butthewebserveritselfofthewebsiteyouarevisitinghasbeen
compromised.Wellthenallyourrequestsareagain,asgoodasplaintext.
Withthatbeingsaid,thiswillconcludethefirstpostinthisseriesofthestepswecantaketoprotect
ourprivacyonline,toremainanonymousandmaintainourfreedom.
PGP, TAILS, VIRTUAL BOX
SokeepinmindthatifyouareauserofSilkRoad,oranyotherformofactivism,youneverwant
toenteranyidentifyingdetailsaboutyourselfonline.MakeitsothateveniftheNSAinterceptedand
decrypted,orcompromisedSilkRoadthattheonlyinformationtheyhaveagainstyouisyourusername
andpassword.Howsafeisthatusernameandpassword?Doesyourpasswordcontainanyidentifying
information?Isitthesamepasswordthatyouuseforyourpersonalemail?Doesitcontainanameof
somebodyyouknowpersonally?Alwayskeepallofthesefactorsinmind.
Anotherstepyoumusttake,especiallywhencommunicatingwithotherusersonsitessuchasSilk
RoadisusingPGPencryption.Thisisnotalwayspossible,suchasincaseswhenyouareloggingintoa
website,fillingoutaform,loggingintoanemail,etc..Consideranytypeofinformationyouenterintoa
websiteusingplaintextpossiblycompromised.Neverputanythingsensitiveisanytypeofplaintext
formatonline.PGPcomesintoplaybecauseitusesaverystrongmethodofencryptioncalled
cryptography.PGPstandsforPrettyGoodPrivacy,anditisusedforencrypting,decryptingandsigning
texts,emails,files,directories,andwholediskpartitionsandtoincreasethesecurityofemail
communications.
Forthemoretechnicalusers,itusesaserialcombinationofhashing,datacompression,
symmetrickeycryptography,andfinallypublickeycryptography.Forthelesstechnicalusers,the
processofencryptingmessagesusingPGPisasfollows.Youcreateaprivatekeyandapublickey.The
69
public keyis thekeyyougive outtopeople youwanttosendyouencryptedmessages.Your private
key,iskeptprivatelybyyou.Thisprivatekeyistheonlykeythatcanunlockmessagesthatwere
previouslylockedwithyourpublickey.
Ifyouarestillconfused,thinkaboutitlikethis.Thinkaboutapublickeythatcangoaround
lockingboxesthatareintendedforyou.Anyonecanlockaboxthatisintendedforyou,butyouarethe
onlyonewiththekeytounlockthebox.Eitherifthepersonwhosentyouamessagelockedabox
(message)withyourpublickey,theythemselvescannotunlockit.Onlythepersonpossessingthe
privatekeycanunlockit.Ifyouwishtorespondtothisperson,youmustusetheirpublickeytoencrypt
themessageyouintendtosendtothem.Andtheythemselves,usetheirownprivatekeytodecrypt
themessageyousentthem.
Ifyouarestillwithme,IamgladIhaven'tlostyouyet.Thisiscalledcryptographyandwas
designedsothatanybodyinterceptingyourmessagecouldnotdecryptthemessagewithoutyour
privatekey.Evenifyouyourself,loseyourprivatekey,thereisnomethodofkeyrecovery.Youcan
considerthatmessagelockedforever.SohowdoyouusePGP?
Wellbeforewegettothat,IwanttointroduceyoutoaLiveOperatingSystem,whichmakesusing
PGPencryptionanddecryptionveryeasy.Aliveoperatingsystemisanoperatingsystemthatyoucan
runontopofyourcurrentoperatingsystem.Soforexample,ifyouareaWindowsuser,youhave2
choices.Youcandownloadtheliveoperatingsystem,burnittoaCDorDVDandthenbootyour
computerfromthatDVDorCD.Thiswillmakesureyourcomputerrunasifyouhavethisoperating
systeminstalledonyourcomputer.However,ifyouremovetheCDorDVDandreboot,thenyour
computerwillbootasnormal.YoucanalsouseaUSBdrivetoperformthissamefeature.
Secondly,youcanrunthisliveoperatingsysteminwhat'scalledaVirtualBox.Thebenefitsofthis
arethatyoucanrunWindowssimultaneouslyasyourunthisotheroperatingsystemandyoucan
easilyswitchbackandforthbetweenthemwithoutrebootingthecomputer.Bothmethodshavetheir
prosandcons.TheprosofrunningaliveCDboot,arethatreducetheriskofhavingyourcomputer
compromisedbyviruses,malwareandkeyloggersthatrelyonWindowsvulnerabilitiestorun.
IfyouaregoingtorunthisOSfromaVirtualBox,IsuggestdownloadingVirtualBoxfromOracle.Note
thehttps://
https://www.virtualbox.org/
Next,theliveoperatingsystemIwouldencourageyoutouseisTails.Tailscanbefoundatthe
followingwebsite.
https://tails.boum.org/
ThereasonIchooseTails,isbecauseithasmanyofthesecurityfeaturesthatyourequiretostay
anonymousalreadyinstalled.SomeusersarenothappywithTails,butitreallyisagreatoperating
systemloadedwithsecurityfeatures.ManyIwilltalkaboutinthisseriesonsecurityincludingPGP
encryptionanddecryption.MakesureyoudownloadtheTailsISOfilefromtheofficialTailswebsite
70
andyoucaneither loadit intoVirtualBoxor burnittoaDVD or loaditonto aUSB andbootingyour
computerfromthatdrive.
ThereareplentyoftutorialsonhowtoloadTailsintoVirtualBox,soIwon'tgointomuchdetailother
than,makesureyourunVirtualBoxandTailsfromaUSBdriveorSDcard.IwouldsuggestaUSBdrive
howeverforreasonsIwillexplainlater.ButbasicallywhenwhenVirtualBoxrunsdirectlyonyourhard
drive,itcreatesavirtualharddrivethatisusesasatemporaryharddrivewhileTailsisrunning.Once
Tailsisclosed,thisvirtualdriveisdeleted,butit'snotpermanentlydeleted.Asweknowfromthe
powerofrecoverytools,deletedfilesareeasilyrecoverablewiththerighttools.Iwilltalkabouthowto
protectyourfilesfromdatarecoverytoolsinfuturepostsbutfornow,justkeepVirtualBoxandTails
OFFofyourharddrive,andloaditeitheronaUSBdriveorSDcard.
ThesamegoeswhenbootingyourcomputerdirectlyintoTailsfromaDVDorUSBstick.Yourhard
drivewillbeusedtostorefilesusedbyTails,somakesureanyfilesthataresavedoraccessedusing
TailsaredonefromaUSBstickorSDcard,otherwisetheywillberecoverable.ThisiswhyIpreferusing
aVirtualBoxandrunningboththeVirtualBoxandTailsinsideofit,offofaUSBstick.Keepasmuchas
possibleoffofyouractualharddrive.Itispossibletoshredfilesbeyondrecovery,butit'smucheasier
todothisona16gbflashdrive,thenitisa1TBharddrive.
NextpostwewillgetbackontopicandstartlearninghowtousePGP.ThereasonIhavetotakea
detourtousingTailsisbecausewewillbeusingTailsformanyofthefeaturesfromhereonout,
includingPGP.
PGP CONTINUED
Ok,sobynowIamassumingyouhaveTailsrunning.Let'slearnhowtousePGPwithinTails.First
thingyouaregoingtowanttodoiscreateyourownpersonalkey,whichconsistsofyourpublickey
thatyoucangiveouttopeopleorpostinyourprofilesonline.Asmentionedbefore,thisisthekey
peopleusetoencryptmessagestosendtoyou.Yourpersonalkeyalsoconsistsofyourprivatekey
whichyoucanusetodecryptmessagesthatareencryptedusingyourPGPpublickey.
Ifyoulookuptothetoprightarea,youwillseealistoficons,andoneothemlookslikeaclipboard.
YouneedtoclickonthatclipboardandclickManageKeys
NextclickFile>New
SelectPGPKeyandclickContinue
Filloutyourfullname(Isuggestyouuseyouronlinename,notyourrealname)
Optionallyfilloutanemailandacommentaswell.
Next,clickAdvancedKeyOptions.
MakesureEncryptiontypeissettoRSAandsetkeystrengthto4096.
Onceyouhavedonethis,clickCreateanditwillgenerateyourkey.
Onceyouhavedonethis,youcanviewyourpersonalkeybyclickingthetabMyPersonalKeys.You
71
have nowcreatedyour personalkey!Tofindyour PGPpublic key, yourightclickonyour personalkey
andclickCopyanditwillcopyyourPGPpublickeytoyourclipboard,inwhichyoucanpasteanywhere
youwish.APGPpublickeywilllooksomethinglikethis.
BEGINPGPPUBLICKEYBLOCK
mQINBFLLWDcBEADEzn3mnLsezUDDAS5Q0lm1f6JdkI534WPuRlAN8pnuQsCSwUQU
hPEAgNCUNhxN4yCJ1mDt9xpXpX8QzsMIcofCHeE9TMLAnHzbmXLLi+D8sPZpLpDN
6jEIFvmBD4dvp5adimvRl8Ce49RpO345VUz8Ac0qLSmsv2u+kQviDQXZkrrxXHnA
IalvgDopXTISa9Sh7J3HHYYQazOZt9mfAjjuuRdaOqmAAtEe9dl43nrx+nSd/fqH
13XvMKhqJhIoJ02CBFfRBm86vtx5yiXqHZX438M9kbASqU0A2jAfRd+IZG5Z9gCI
W6FTror+F4i+bEdAuGTG1XFsQSgjKTIG0vgYiTJ93C2MZxrLvNnJp0g2zD0URyk8
Y2IdyCDfIL10W9gNMqLmjD0z/f/os66wTJkflSGaU9ZsrKHUKFN5OSfOZtNqktWn
fCpY4bigkJ8U/5C8mtr9ZE3Tv+RV4rPY0hAOtZucnhlRmYKVFNjvbS0MjqA1188c
wzBNG0XcpCNtmM5UsSvXwnDoUaEMXe50Hikxdk3d+CJzqYnor72g/WmIDROCiXl6
2D9rJ2JuLpl9bQLM+KCbXJf3kUSvzszZGXL/AwmynvqlruaXqr5975sCdfqXVexx
1sxsLofOzE01xSDEJRWwHQPlxTKPZFnXD709Xumjdinjv1w4onLk04Z96wARAQAB
tC5Kb2xseSBSb2dlciAoVGhleSB3b3VsZCBsaXZlIGFuZCBkaWUgdW5kZXIgaXQp
iQI3BBMBCgAhBQJSy1g3AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEPuh
6tSg81nyzNsP/2ayrAz4InCK/ZnyRnnsjSHIXMv7t2uDTbYomA/0B6v/S6wHMNZX
G6+sYg41mfMuZEimgavNb0Uc2r6mI7UyWy5lp1Gd/D+all81X7bm5EBpvl1isPgJ
EqjehEdh9FQjrTiRIJafM1m254hIAaZ1RvAphI0tM2lpudk+tNKq+ivV8PpsN9TP
0mg5ZAu1lIKtG9k5vS9HAQ0grJ01TFMEjlifrf7eRyJ1+dmRJ+Xtoy2js8UwS+wM
RrIi3G39P2BfEZFQka3EmQ2JgN4pDWFoI0hODGhTba8Z0XSnVtabOTi1TOWIFmFu
yqA9bNtuOt3KhIC/O+mEATRsc/VPbTY+80kf45LwlDBfKO3PcOXSOG7ygibzEqXn
Ms/Rfe1kNEBeR9Wx2NMJSdxypqGij17CLJwNLC3KypTIQrhzy3YAndeDG4TadW2P
v/FJxhz+MX+s+9VeX2fGC0Fsfp8JbeWMAznp8Rf6O/tzEYW+pbLoLRPdi/DvFBZV
yWGPspzt3Qspm+BHbeW9iFjvCyvP2/DrKmQM7ABuRh/TMZR7uQ5na11L8rf3nzrS
Al/lSul42xLzxG+h9mDixXd1Vh6rVGMbCjL7wO25TUneFo13U5J+klo1blQWV/DL
FZUwhh2utWNCMCtcdRW0HYa14Wdyy7H68WmsJqBWUsbyD9PZ2gSawBy7uQINBFLL
WDcBEACg3IOme+sg0OZN349UYRr9/O6uW2vC5x9/azZrFNSNYh/LFJTt3XI/FsjN
gCj6NxRxbfdyLjL1gxSlJyFtclkFGS0lC0GIz7lINvemkewjde/bHXChz2IIaIli
L2A6Z6w3fP4jlQCw8NoGGJ360WMkZVTDDakYYkb50BrZSx4TVLjrHfFuLMXTE255
gQrId02jYO6240EDIhHITuiSwUQvHtXlOrHSohN83TD1I4H7iH/FLae9gYh4C/Ix
VLkzLUqvpf72Q/xogCZAJl4WEMmWD6dXufvyvhCXQnbjiLuAdQas0ef/t652LPw/
vJFDSDmguw9PXWpv3vFOe13UNU//+nw3kIGxaVWGvazXk8IFiDv9USgEGjcNn4zo
8HQlQrYz9/gyI3XojGV6L8iecWpHSweqR3NxKJmWKWEG1wwnWPL8M+z6OwEvRdxV
spy+eG0Zs+6igbw3tk6gJ4cq5ehdlmD6py27AhRhlj7uLlZxmK3uFV19QjtX/Dyt
73ZNX16krXqufl0HAJRd1PwhITPCtSviW3L2qKF2Pdak3j97A656EcInCcAyOUC/
mUNUDtXJik6uwFgFFn9/pnFr+acY7ppsWPG5rr7jRj+Lgjnjkckpkjo8jN1hZE17
CfJyrYrSqdglCcIgTHteIEZdPfPUmnbbSoyeufkyEW1AoIKatQARAQABiQIfBBgB
CgAJBQJSy1g3AhsMAAoJEPuh6tSg81ny4nIP/2lVf0DTp1n5xPEBZEUlgzcMNeh5
FTIS3J44g5a+OlkRVgHFtu7K/MUsftlUzkvMMa0sXllhKc6syxcytoD7LAt9tbQh
62yEzijTliU2QFgWJSS6IfbtC2IyRouAns3KD6XouKTFUs/i0n/QpwhnM+Ya/SAg
c/oroM7SE/T4g+v6EeRCq7In/TMgc74j+25zUF1rVSCenbZKkYezxqZ33cXLwl7l
72
IUBcK2uNHDBUB5G853NR0OkBm5i+KC8vM3K1/MZ+P/lK0xOcTGXZH/A7GrEsI4FJ
nw5i6zJZb8gmDt44Tp/1Ujxnm5xhVWgnOQeSVSyiRsHQ/gTCL1PqsZhW7yulwL05
yxZgN+oYVx4pNtLJMigRjoCY9IKEmZhY75cWXXA19j14Wnxu8IrwwSk1WyzMQcjj
7onP4OEhbPuotqWqVAc0M/+MV5oMGIG0Qepy6XpZOCCpZw/p1rDrZSYP5eQMd/4x
LB7xch6GjbWsnKhA1wGdjdclBodixorVfCRn4s5jTgXx7wWz/opM4ix/CPAkify7
4Sf0BdJ5YtFILZc5StED4WC5pljJbdEWVsb9rn6egvFn7W/ZlDJAerS6Mt5LJGAh
Aude0Kz2HJwDtOBF4nXeTzRCK5BrBnCYPHAtO2aqfowirzjMTd9A/ADoPmIbIJAm
04mA6krRiH909Bnx
=Az2N
ENDPGPPUBLICKEYBLOCK
Next,youaregoingtowanttosavetheprivatekeyonasecondaryUSBdriveorSDcard.Ifyouare
runningTailsfromaUSBdrive,thenyoumustuseaseparatedrivetostoreyourkeyon.Ifyouare
runningVirtualBox,youwanttorightclickontheiconinthebottomrightcornerthatlookslikeaUSB
drive,andselectyourseparatedrivethatyouwillbeusingtostoreyourkeyson.Again,neverstore
yourprivatekeysonyourharddrive,keepthemOFFyourcomputer.
Tosaveyourprivatekey,youaregoingtorightclickonyourpersonalkeyandclickProperties.Iknow
youprobablysawwhereitsaysExport,butthisisnotwhatyouwanttodo.ClickingexportwillONLY
exportyourpublickeyandwillnotsaveyourprivatekey.Ifyouloseyourprivatekey,youcannever
recoveritevenifyoucreateanotherpersonalkeyusingtheexactsamepassword.Eachprivatekeyis
uniquetothetimeitwascreatedandiflost,islostforever.SoonceyouhaveclickedProperties,go
overtothetabDetailsandclickExportCompleteKey.
Onceyouhavedonethis,youhavesavedyourpersonalkeyforfutureuseonceyourestartTails.
RememberingthatTailsisnotinstalledonyourharddrive,soeverytimeyourestartTailsyouloseall
yourkeys.BysavingyourkeysontoaUSBdriveorSDcard,youcanimportyourkeysforuseeverytime
yourestartit.
Nextyouaregoingtowanttolearnhowtoencryptanddecryptmessagesusingyourkey.Well,
luckilyforme,Tailshasalreadymadeatutorialonhowtodothis,soIwillreferyoutotheirwebpage.
ButbeforeIdothat,Ineedtomentionthatyouneedtofindsomebodyelse'sPGPpublickey,oryou
canpracticebyusingyourown.Needlesstosay,thewayyouimportotherpeople'skeysintowhat's
calledyourkeyringisbyloadingthemintoatextfile.YoudothiswiththeprogramcalledgeditText
Editor.
ClickApplications>Accessories>geditTextEditorandenterinsomeone'spublickeyandhitsave.
NextyoucanreturntoyourkeyprogramfromtheclipboardiconandclickFile>Importandselect
thatfile.Itwillimportthatperson'spublickeyintoyourkeyring.Toaddfuturepublickeystoyourkey
ring,Isuggestreopeningthesamefileandjustaddingthenextkeybelowthepreviouskeyandeach
timeyouopenthatfileitwillloadallkeyswithinthatfile.ThiswayyoucankeepallthePGPpublickeys
togetherinonefileandsaveitonyourSDcardorUSBdriveforfutureuse.
Finallyyoucanusethefollowing2pagestolearnhowtoencryptanddecryptmessagesusingPGP.
73
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/publickey_cryptography/index.en.html
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/decrypt_verify/index.en.html
Untilnexttime.HavefunwithyournewfoundabilitytocommunicateinPGP!
WHOLE DISK ENCRYPTION AND FILE SHREDDING
Welcomebackagain!
NowthatwehavePGPfiguredout,hopefully,IwanttoremindyouthatusingPGPwhenever
possible,isveryveryveryimportant.OneofthepitfallsofSilkRoad1,isthatsomeofthe
administrators,includingRosshimselfdidnotalwayscommunicateusingPGPencryption.OnceRoss
wasbusted,theyhadaccesstohis serversandhiscomputersandanythingthatwasn'tencryptedwas
wideopenforthemtolookat.MostusersonSilkRoad2believethatRosshadstoredpersonal
informationaboutsomeofAdminsandModeratorsonhiscomputerinplaintextthatwasusedto
make3morearrestsofSilkRoadusers.
OneofthereasonswhyIwouldsuggestforyoutostoreyourPGPkeysandothersensitivedataona
SDcard,isthatifthatdaycomeswhenyouarecompromisedandyougetaknockatyourdoor,you
havetimetodisposeofthatSDcardorUSBdrivequickly.Evenbetter,ifyouhaveamicroSDcardthat
plugsintoanSDadapter,thenyoucansnapitwithyourfingersorattheveryleasthideit.USBswould
needtobesmashedintopiecesanditmightnotbeeasytodothisintheheatofthemoment,sodo
whatyoufeelbestabout.Butalwaysprepareforthedaytheymightcomeforyou.
ButournexttopicbringsustosomethingcalledWholeDiskEncryptionorFullDiskEncryption.From
hereonoutIwillrefertoitasFDE(FullDiskEncryption).TailshasaFDEfeaturebuiltintoit,whichis
anotherreasonwhyIencouragetheuseofTails.Ithasmanyofthesefeaturestoprotectyou.
EssentiallyFDEwillprotectyourdrive,whetherSDorUSBfromthepeoplewhomaycomeforyouone
day.Themethodinwhichitdoesthisisitformatsyourdriveandrewritesthefilesysteminan
encryptedfashionsothatitcanbeonlybeaccessedbysomeonewhohasthepassphrase.
Ifyouloseyourpassphrase,justlikeinPGP,thereisnorecovery.Youronlychoiceistoformatthe
driveandstartoveragain.Somakesureyourememberit!AndpleasefortheloveofGod,Allah,
Buddah,etc...don'tstorethepassphraseonyourharddrivesomewhere.Thetutorialonhowtodothis
islocatedatthefollowingwebpage.
https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html
Again,alwaysprepareforthedaytheycomeknocking,encrypteverything.UsePGPwhen
communicatingwithothersandalwaysshredyourfileswhenfinishedwiththem.Whichbringsmeto
mynexttopic.Fileshredding.
Fileshreddingisextremelyimportantandhereiswhy.Ifyoudeleteafilefromyourcomputer,you
areonlydeletingwhereitislocatedonthedrive.Itisstillontheactualdrive,justit'slocationdatahas
74
beenremoved. Ifyoutake afile recoverytoolyoucanrecover virtuallyanyfile thatyouhaverecently
removed.Fileshreddingcombatsthisbyoverwritingfilesinstead.Theideaisthatinsteadofremoving
thefile'slocation,youneedtooverwritethefilewithrandomdatasothatisbecomesunrecoverable.
Therearealotofdebatehappeningonwhetheryoucanoverwriteafileonce,orifyouneedtodoit
multipletimes.SupposedlytheNSArecommends3times,supposedlytheDepartmentofDefense
recommends7times,andanoldpaperbyamannamedPeterGutmannwritteninthe90's
recommended35times.Needlesstosay,Ipersonallythinkbetween37timesissufficient,andseveral
peopleouttherebelieve1timewillgetthejobdone.
Thereasoningbehindthisisthatsomepeoplebelievethedrivemaymisssomefilesthefirsttimeit
overwritesthemandtobemorecomplete,youshoulddomultiplepasses.Dowhatyoufeelmost
comfortablewith,butIeventhink3passeswouldbesufficient,althoughitwouldn'thurteverynow
andthentorun7passesandjustleaveitovernight.
TheprogramsthatcandofileshreddingareonesyouwillwanttorunfromWindowsorwhatever
operatingsystemyourcomputerisrunning.TheseprogramscandeleteyourfilesfromyourRecycling
Bin,deleteyourtemporaryinternetfilesandevenWipeyourfreediskspacetomakesureeverything
getscleanedup.Youalwaysneedtothink,didIhaveanysensitivematerialonmyharddrive?Ifso,
maybeIneedtoshredmyfreediskspace.WhenemptingyourRecycleBin,youshouldalwaysusea
shredder.Whenonlydeletingunder1gbatatime,youcaneasilydo7passesprettyquickly.
Toputthisinperspective,theleaderofagroupcalledLulzSecnameTopiaryhasbeenbannedaspart
ofhissentencefromusinganytypeoffileshreddingapplicationssothatiftheFBIwantstocheckup
onhim,theycan.Fileshreddingkeepsyourdeletedfilesactuallydeleted.
Herearesomefileshreddingapplicationsyoucanuse.
http://www.dban.org/
http://www.fileshredder.org/
https://www.piriform.com/ccleaner
Nextwe'regoingtotalkaboutremovingharmfulmetadatafromfiles,andsomeothertopicsaswell.
JAVASCRIPT VULNERABILITIES AND REMOVING PERSONAL METADATA
FROM FILES
WelcomeBack.
BeforeIgetintoremovingharmfulmetadatafromyourfiles,Iwanttotalkaboutanother
vulnerabilitytoourbrowsingcapabilitiescalledJavascript.
Inmid2013,apersoninIrelandwasprovidinghostingtopeoplethathostedhiddenservices
includingasecureemailplatformcalledTorMail.Unfortunately,theybustedhimonanunrelated
chargerelatingtochildpornographyandseizedallhisservers.Whetherornothewasrelatedtochild
75
pornor not, isunknowntome, or itcouldbeasilly charge thefedsslappedhimwithbuteither way,
thefedsendedupinjectingmaliciousJavascriptintohisserverssothatwhenuserswouldvisitcertain
sites,thismaliciouscodewouldexecuteontheircomputersandrevealinformationabouttheir
computerstothefeds.Isuggestyoureadthefollowingarticletolearnmoreaboutthis.
https://openwatch.net/i/200/

Withthatbeingsaid,youmaywanttodisableJavascriptinyourbrowsers,especiallywhenvisiting
certainwebsiteslikeSilkRoadthatmaybecomecompromisedoneday.Manyusersrefusetovisitthe
originalSilkRoadwebsiteandforumswithJavascriptenabledbecausethefedslikelyinjecteditwith
maliciousJavascripttoidentifyusers.
InTails,thebrowseriscalledIceweaselandwhenTorinraninWindows,itusesFirefox.Both
browserscandisableJavascriptusingtheexactsamemethod.OpenupaWindowandtypethe
followingcommandintheaddressbar,"about:config"andclickthebuttonthatsays"I'llbecareful,I
promise."
Thiswillbringupabunchofsettingsincludingasearchbaratthetop.Enterjavascriptinthesearch
barandlookforthefollowingtwoentries,"javascript.enabled"and"browser.urlbar.filter.javascript".
Rightclickontheseandclick"Toggle"andyouwillseetheValuechangedtofalse.Ifyouwantto
enableJavascriptagain,justclickToggleagainandyouwillseethevaluechangebacktotrue.
Again,rememberthateverytimeyourestartTailsyouwillhavetodothisagain,sogetintoahabitof
doingthiseverytime.Youneverknowwhenyourfavoritewebsitecouldbecomecompromised.
Movingontometadata.Thereisabitofafamousstoryaboutanonlinehackernamedw0rmerthat
wouldtakepicturesofhisgirlfriendandpostthemonlineafterhewoulddefaceawebpage.Whathe
eitherforgot,ordidn'tknowwasthatphotostakenwiththeiPhoneandothersmartphonessavethe
GPScoordinatesofwherethepicturewastakenandstoreitinthemetadataofthepicture.Checkout
thisarticlebelow.
https://encyclopediadramatica.es/W0rmer
Youneedtoremovethismetadata!Otherwiseyoucouldendupinfederalprisonwithw0rmer.
LuckilyTailshasasolutionforthis!SeewhyIloveTails?
Applications>Accessories>MetadataAnonymisationToolkit
Pleasegetamoreclearideaofhowthisworksbyreadingthefollowingpage.
https://mat.boum.org/
Pleasenotethecurrentlysupportedformats.Intermsofpictures,jpg,jpegandpng.But
unfortunatelyMATisnotperfectandIwouldn'tsolelyrelyonit,soabetterideawouldbetonever
76
uploadpicturesofyourselfor your significantother online, especiallybraggingaboutahackyou
committed.Pleasereadthesiteprovidedaboveformoreinformation.
GENERAL SECURITY PRECAUTIONS WHEN POSTING ONLINE, LEARN
FROM OTHERS' MISTAKES
NextIwanttotalkaboutgoodpracticeswhenusingTOR,Tailsandotherhiddenservices.
Firstofall,itishighlyrecommendedthatyouusemultipleidentitiesonlinefordifferentthings.
PerhapsifyouareabuyerandaselleronSilkRoad,youmaywanttohaveseparateloginsforthis.And
thenpossiblyathirdloginfortheforums.Thenmaybeyouwanttobepartofanothermarketplace,
thenyoumightwantafourthlogin.
Well,TailshasanothergoodprogramofferedbyTailsiscalledKeePassX.Whenyouhavemultiple
logins,itishardtokeeptrackofthemall,soitmightbeabetterideatokeepthemallin1document
thatisencryptedwithastrongpassword.KeePassXcanhelpyouwiththis.
https://tails.boum.org/doc/encryption_and_privacy/manage_passwords/index.en.html
Youneverwanttousenicknamesorlocations,oranythingelsethatisrelatedtoyourselfonlinewhen
youpostorcreateusernames.Andanotherthingyouneedtoadoptarenewwaysofconducting
yourself.Ifyouaregenerallyamessytyper,whomakesthesamegrammarmistakes,orthesame
spellingmistakesallthetime,thiscanbeusedtoidentifyyou.Alwaysproofreadanythingyoupost
publicly,orprivatelybecausethefedswillalwaysfindwaystocorrelatethingstoyou.
WithRossUlbricht,theyfoundanoldposthepostedonaforumwhenhefirststartedSilkRoad
askingpeopleiftheyhadheardofamarketplacecalledSilkRoad.Obviouslythisisanoldtrickusedby
peopletryingtospreadawarenessaboutanewprojectoftheirs.Laterheidentifiedhimselfbysaying
hewaslookingforprogrammersandgaveouthisprivateemailaddressonthesameforumunderthe
samename.
Butifyoualwaysmisspellthesamewords,ifyoualwaysusethesameslangterms,capitalizethe
samewords,useacertainamountofperiodsafteranetc....oralwaysusethesamenumberof!!!!!
thenallofthesethingsgivethemreasonablesuspicionanditbecomeseasiertotiethingstoyou.Once
theyhaveyouundertheirradar,liketheyhadRoss,itonlytookafewslipupsandhewastheirs.
Remember,youonlyhavetomakeonemistake.Sotalkingaboutyourlocalelectionisareallydumb
idea,getit?
Thinkaboutthetimeyouuseyourcomputer.Isiteasytocorrelateyourtimezonebasedonthetime
yougoonline?Orisitmorerandom?Doyouhavepatterns thatarepredictable?Alwaysthinkabout
thesethingswhenyoupostonline.Alwaysthinkaboutwhattypeofpersonalityyouareputtingout
thereaboutyouronlinename.
ExpectthateverysinglewordyoutypeonlineisbeingreadbytheFeds.Tothem,thisismucheasier
thantrackingdruglordsonthestreets.Theysitinanofficeandreadforumpostsandtryandmake
77
connections. Don'tunderestimate thefeds. Alwaystreateverythingascompromised, alwaystreat
everybodyascompromisedanddon'teverthinkanybodywillevergotojailforyou.Ifsomebodycan
avoid1020yearsbyrattingyouout,theywilldoitinaheartbeat.
TheperfectexampleisSabufromLulzSec.Afterhewasbustedandfacing112yearsinjail,theymade
himadealtohelpthemratouthisfriendsandheendedupgettingmanyofhis"friends"arrested.
Evenpeoplewhoareyourfriendswillturntheirbacksonyouwhenitcomesdowntotheirfreedom.
EXIF DATA
Iforgottomentionabovewhentalkingaboutmetadata,thatwhenitcomestophotos,thereis
anotherriskinvolvedcalledEXIFdata,thisisanotherformofmetadataspecificallyrelatedtoimages
andmaynotbeproperlyremovedbyMetadataAnonymisationToolkitmentionedbefore.
EXIFdatastandsforExchangeableimagefileformatandaffectsJPG,JPEF,TIFandWAVfiles.Aphoto
takenwithaGPSenabledcameracanrevealtheexactlocationandtimeitwastaken,andtheunique
IDnumberofthedevicethisisalldonebydefaultoftenwithouttheuser'sknowledge.
InDecember2012,antivirusprogrammerJohnMcAfeewasarrestedinGuatemalawhilefleeing
fromallegedpersecutioninBelize,whichsharesaborder.Vicemagazinehadpublishedanexclusive
interviewwithMcAfee"ontherun"thatincludedaphotoofMcAfeewithaVicereportertakenwitha
phonethathadgeotaggedtheimage.Thephoto'smetadataincludedGPScoordinateslocatingMcAfee
inGuatemala,andhewascapturedtwodayslater.
Toavoidthis,onlytakephotosthatusePNGbecauseitdoesnotstoreEXIFdata.Tocheckifyour
photohasanyrevealingEXIFdataattachedtoit,checkoutthissite.
http://www.viewexifdata.com/
oryoucandownloadatoolbydoingaquicksearchonlinetoseewhatEXIFdatamaybecontainedin
yourphotosbeforeyouuploadthem.Beverycarefulwithanyfilesthatyouuploadonline,becauseyou
never knowwhattypeofharmfuldatacouldbeattachedinthem.IthelpstouseTails,butalways
considereverythingyouputonlineasapotentialpieceofevidencetobeusedagainstyouandalways
prepareforthedaythefedscometoyourdoor.
RETAINING A LAWYER, HOW TO HANDLE GETTING CAUGHT OR
INTERROGATED
Nextentryintotheseriesonsecurityishowtohandlegettingcaught.
Letusfaceit.Weareallhumanandwemakemistakes.Unfortunately,youonlyneedtomakeone
mistake,andtheLawEnforcement,commonlyreferredtoasLEontheseforumscanbustyou.Maybe
they willwaitforyoutodosomethingmoreseriousbeforetheynabyou,butifyouslipupandthey
feelyouareworthgoingafter,youcanexpectthemtogetyounomatterwhereyoulive,withrare
exception.
78
ThefirstthingIwanttodoislinkyoutoanotherthreadIjustcameacrossontheseforums.
https://silkroad5v7dywlc.onion/index.php?topic=13093.0
Themainquestionis,shouldIkeepanemergencylawyerfundonhand?Andhowmuchshoulditbe.
TheresponseIthinkwasmostappropriateforthisquestionwasthefollowing.
Quotefrom:VanillaRoyaleonJanuary02,2014,05:33:49am
Giveyourlawyer50kandputhimonaretainer.
Don'thaveaemergencyfund'stash'lyingaroundifthatiswhatyoumean....youshouldalreadyhave
yourlawyerpaid+plusextraincaseheneedstopostbondforyouandtheyseizethemajorityofyour
drugfunds.
OnceyougetarrestedbyLE,theycanseizeyourmoneybasedontheassumptionthatitisdrug
related.Soyouneedtohavealawyerpaidforaheadoftime.Thatway,intheunfortunatecasethat
yougetavisitfromthefeds,youhavealawyerreadytogo.Theagreeduponamountwasaround
$50,000.
NextIwanttotalktoyouaboutwhattodoincaseyougetinterrogatedbyLE.Thereisagreatthread
aboutthis.
https://silkroad5v7dywlc.onion/index.php?topic=4461.0
Thetakehomesfromthisthreadarebasically.Keepyourmoouthshut.Thefedsaregoingtotryall
typesoftacticsonyoutogetyoutoadmittoguiltofthecrimesyouarebeingaccusedof.Theywill
likelyusethegoodcop,badcoponyou.Firsttheywilltellyouthattheywanttohelpyou,andthat
they areafterthebigguys.Theyjustneedyourhelptoputawaythebigguys.Donotlistentothis,I
havenevercooperatedwith