-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
410 lines (376 loc) · 23.4 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Online Privacy</title>
<meta name="description" content="how to counter pervasive mass surveillance and attacks on data security">
<meta name="author" content="Amber Adams">
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="stylesheet" href="css/reveal.min.css">
<link rel="stylesheet" href="css/theme/simple.css" id="theme">
<!-- For syntax highlighting -->
<link rel="stylesheet" href="lib/css/zenburn.css">
<!-- If the query includes 'print-pdf', include the PDF print sheet -->
<script>
if( window.location.search.match( /print-pdf/gi ) ) {
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = 'css/print/pdf.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
}
</script>
<!--[if lt IE 9]>
<script src="lib/js/html5shiv.js"></script>
<![endif]-->
</head>
<body>
<div class="reveal">
<!-- Any section element inside of this container is displayed as a slide -->
<div class="slides">
<section>
<h2>Online Privacy using</h2>
<h2>GPG, TOR, and Tails</h2>
<p><small>
Created by <a href="http://amberadams.co">Amber Adams</a> / <a href="http://twitter.com/amberadams">@amberadams</a>
aka <a href="http://twitter.com/anarchival">@anarchival</a></small>
</p>
<p>
<small><a href="http://www.amberadams.co/privacy-talk">view this presentation on the Web</a></small>
</p>
</section>
<section>
<section>
<h2>Right to Privacy</h2>
<aide class="notes">
</aside>
</section>
<section>
<h2>The NSA</h2>
<li><a href="http://www.roguelynn.com/prism/">Lynn Root's presentation on NSA surveillance</a></li>
<li><a href="http://prism-break.org/en/">PRISM Break</a></li>
<li><a href="https://www.eff.org/deeplinks/2013/06/why-metadata-matters">Why Metadata Matters</a></li>
<li><a href="http://www.munkdebates.com/debates/state-surveillance">Greg Greenwald debates Michael Hayden</a></li>
<img width="538" height="303" src="images/yeswescan.jpg">
</section>
<section>
<h2>The Law</h2>
<li>SCOTUS ruling on <a href="http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf">warrants and cell phones</a>.</li>
<li>White House issues a <a href="http://www.whitehouse.gov/blog/2014/05/01/pcast-releases-report-big-data-and-privacy">report</a> on Big Data.</li>
<li>Net Neutrality and the <a href="https://www.youtube.com/watch?v=fpbOEoRrHyU">FCC</a>.</li>
</section>
<section>
<h2>Law Enforcement</h2>
<li>U.S. counter-terrorism officers <a href="http://boingboing.net/2013/01/01/foiad-fbi-documents-reveal-s.html">investigated</a> Occupy.</li>
<li>Subject to surveillance: <a href="http://www.trackedinamerica.org/timeline/civil_rights/intro/">Civil Rights</a> and <a href="http://www.npg.org.uk/collections/search/set/455/The+Suffragettes%3A+surveillance+photographs">Suffragettes.</a></li>
<li><a href="http://www.theguardian.com/technology/2013/jan/24/hacking-us-government-cyber-crackdown">Draconian prosecutions</a> of hackers such as Aaron Swartz, Andrew Auernheimer, Matthew Keys, Deric Lostutter, and others...</li>
<p>Coders are the new Communists?</p>
</section>
<section>
<h2>Heart Bleed</h2>
<p></p>
<img width="341" height="413" align="right" src="images/heartbleed.png">
<p align="center" >The <a href="http://heartbleed.com/">Heartbleed</a> bug is a programming</p>
<p>error in the <a href="https://www.openssl.org/">OpenSSL</a> library which</p>
<p>undergirds most of the</p>
<p>encrypted traffic on the Internet.
</p>
<p>(speaking of encrypted traffic,</p>
<p>even once the bug is fixed,</p>
<p>you should be using</p>
<p><a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a></p>
<p>from the <a href="https://www.eff.org/">EFF</a>).
</p>
</a>
</section>
<section>
<h2>Targeting Pregnancy</h2>
<p align="center">They know you're <a href="http://www.forbes.com/sites/kashmirhill/2014/04/29/you-can-hide-your-pregnancy-online-but-youll-feel-like-a-criminal/">pregnant</a>,</p>
<p>Maybe even before your <a href="http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/">family</a> does.</p>
<p>(you should install <a href="https://www.eff.org/deeplinks/2014/04/privacy-badger">Privacy Badger </a>from the EFF).</p>
<img width="300" height="399" src="images/target.png">
<aside class="notes">
Yahoo announced yesterday that like most other major search and retail sites, it will not honor Do Not Track requests from browsers.
</aside>
</section>
<section>
<h2>Criminals</h2>
<p align="center"><a href="http://gawker.com/5950981/unmasking-reddits-violentacrez-the-biggest-troll-on-the-web">Creeps</a> can use your own computer</p><p><a href="http://www.smh.com.au/digital-life/consumer-security/how-hackers-can-switch-on-your-webcam-and-control-your-computer-20130402-2gvwv.html">to stalk you</a> often with terrible <a href="http://www.huffingtonpost.com/2012/10/11/amanda-todd-suicide-bullying_n_1959909.html">consequences</a>.</p>
<img width="475" height="325" src="images/identity-theft.jpg">
</section>
</section>
<section>
<p><h3>
hack or be hacked</h3>
</p>
<h2>SOLUTIONS</h2>
<aside class="notes">
discussion of ethics of hacking, how blurry the line is between good guys and bad guys, "you have nothing to hide if you're not doing anything wrong" NSA compromising security on the Internet by creating backdoors, weakening crypto opens up attack from people we definitely can't trust
</aside>
</section>
<section>
<section>
<h2>The Onion Router</h2>
<img width="550" height="423" src="images/ogresonions.jpg"></p>
<aside class="notes">
Onion routing was conceived in the mid-90s by the US Naval Research Laboratory, and initially developed into what is now known as the TOR network in 2002. It was designed for the primary purpose of protecting government communications, and secondarily to give citizens in other countries living under anti-democratic censorship a means of accessing the Internet with less threat of government reprisal. Today it's used by a wide range of people even beyond the usual suspects, which of course includes the military, journalists, dissidents and activists, law enforcement, and criminals.
</aside>
</section>
<section>
<h2>Traffic Analysis</h2>
<p> <a href="http://tools-on.net/privacy.shtml">Sherlock Holmes</a> reveals your IP, specs on your system
</p>
<p>easy to find your location <a href="http://ip-lookup.net/">based on your IP</a>
</p>
<p>before even <a href="http://www.tuxradar.com/content/how-sniff-network-traffic-wireshark">analysing the content</a> of your unencrypted messages
</p>
<img width="559" height="432" src="images/analysis.png"></p>
<aside class="notes">
When we connect to the Internet without any proxy or encryption in place, we are broadcasting a great deal of information about our location, our computer system and its potential weaknesses, what sites or servers we are connecting to as well as all of the information we are transmitting to those sites and servers. It's quite simple for a bad actor, whether that's our own government or a stalker or other hacker, to use a packet sniffer like Wireshark to analyze your traffic and learn an awful lot about you and even steal your information such as logins and passwords. I've included a few links here for your reference just to get a feel for how much information we're potentially revealing and how easy it is for someone else to capture.
</aside>
</section>
<section>
<h2>Proxies & Encryption</h2>
<img width="670" height="368" src="images/tor-onion.png"></p>
<p><a href="http://getfoxyproxy.org/">FoxyProxy</a></p>
<p><a href="https://www.hidemyass.com/">Hide My Ass</a></p>
<aside class="notes">
TOR solves the privacy problem of traffic analysis in two ways: through anonymity and encryption. TOR will route your network traffic through three nodes before reaching the destination via the last node (called an exit node). At each node, the request is encrypted using the public key of the next node in the chain, thereby creating a layer of encryption at each level and fulfilling the onion metaphor. The same process happens in reverse with the response. Of course, this means that your traffic is most vulnerable to eavesdropping when leaving the onion routing network, so ideally your sensitive communications should take place entirely within the network.
Tor is a service that helps you to protect your anonymity while using the Internet.
</aside>
</section>
<section>
<h2>Installation & Use</h2>
<p>Download and install the <a href="https://www.torproject.org/download/download-easy.html.en">package</a>.</p>
<p>Start the TOR browser, click Connect.</p>
<p>Use *only* the TOR browser</p>
<p>Use HTTPS (enabled by default)</p>
<p>Use bridges and/or find company</p>
<p>Don't torrent</p>
<p>Don't enable or install browser plugins</p>
<p>Don't open documents through TOR while online</p>
</a>
</section>
<section>
<h2>Hidden Services</h2>
<p>Explore the <a href="http://thehiddenwiki.org/">Deep, Dark, Mysterious Net</a>.</p>
<p>Host your own <a href="https://github.com/whackashoe/tor-hidden-service-setup">hidden services</a> on a virtual machine.</p>
<p>Host your own <a href="http://lifehacker.com/5952148/how-to-create-a-super-private-bittorrent-community-for-you-and-your-friends">torrents</a> while you're at it, too.</p>
<aside class="notes">
A hidden service needs to advertise its existence in the Tor network before clients will be able to contact it. Therefore, the service randomly picks some relays, builds circuits to them, and asks them to act as introduction points by telling them its public key. By using a full Tor circuit, it's hard for anyone to associate an introduction point with the hidden server's IP address. While the introduction points and others are told the hidden service's identity or public key, they don't know the hidden server's actual location or IP address.
The hidden service assembles a hidden service descriptor, containing its public key and a summary of each introduction point, and signs this descriptor with its private key. It uploads that descriptor to a distributed hash table. The descriptor will be found by clients requesting XYZ.onion where XYZ is a 16 character name derived from the service's public key. After this step, the hidden service is set up.
A client that wants to contact a hidden service needs to learn about its onion address first. After that, the client can initiate connection establishment by downloading the descriptor from the distributed hash table. If there is a descriptor for XYZ.onion (the hidden service could also be offline or have left long ago, or there could be a typo in the onion address), the client now knows the set of introduction points and the right public key to use. Around this time, the client also creates a circuit to another randomly picked relay and asks it to act as rendezvous point by telling it a one-time secret.
It's unfortunate that the Dark Net is used by criminals such as pedophiles, but it has the potential to be an Internet relatively immune from other types of government censorship that most of us would probably not approve of.
</aside>
</section>
</section>
<section>
<section>
<h2>THE COMMAND LINE</h2>
<aside class="notes">
If you've never operated your computer from the command line but have always used a GUI (graphical user interface), then you are severely limiting what you can do on your computer. You might even be causing yourself unnecessary pain. In the beginning, all operations on your computer were done from a command line. There were no GUIs. Of course, Mac and Windows came along and changed all that, and it made computers simpler to use for a much wider range of people. Unfortunately, the GUI interface still remained underpowered in comparison to the command line. To this day, there are operations that are trivial on the command line that are impossible from the GUI, and some things you can do in the GUI that are still far more efficient from the command line. One of my frustrations with Windows, in fact, is how many different programs are written and even sold for cash money that perform the sorts of operations that can be done using a UNIX command line from a free as in beer operating system with just a few keystrokes. This is also illustrated by the Automator program on Macs, if any of you have played with that. Apple took various generic UNIX commands - like, "divide this file into many files by paragraphs" or "create a pdf" and attached them to buttons which can be placed in whatever order you wish them to run, with a file input and an output. Or you could just use the command line by typing in the text commands and running the script without bothering with Automator, which frankly by comparison feels a little slow and clunky and limiting to me, even though it allows you to write and run scripts in the GUI. I encourage all of you to dive into using the command line, not only because you need it for some of the privacy and security things we're about to do, but because it will make you a much powerful computer user. It might seem weird at first if you've never used it, but it's really not that mysterious once you learn a few simple commands.
</aside>
</section>
<section>
<h2>The Terminal</h2>
<p>Mac: Finder -> Applications -> Utilities -> Terminal</p>
<p>Linux: Browse to your Terminal application</p>
<p><small>(you probably already know where it is)</small></p>
<p>Windows: Install and use <a href="http://www.cygwin.com/">Cygwin</a></p>
<p>or partition your hard drive and dual boot to <a href="http://www.everydaylinuxuser.com/2013/09/install-ubuntu-linux-alongside-windows.html">Linux</a></p>
<p><small>Linux Installfest @ <a href="http://phreaknic.info">PhreakNIC</a>, Halloween weekend at the Maxwell House Hotel in Nashville.</small></p>
<img width="256" height="256" src="images/terminal.png">
</section>
<section>
<h2>Learning to Love the CLI</h2>
<p>A short <a href="cli.learncodethehardway.org/book/">introduction</a> on the Web.</p>
<p>The <a href="https://www.kernel.org/doc/man-pages/">man</a>(ual) pages.</p>
<p><a href="http://www.amazon.com/Beginning-Was-Command-Line-ebook/dp/B0011GA08E/ref=sr_1_5?s=digital-text&ie=UTF8&qid=1398912530&sr=1-5&keywords=comm">In the Beginning Was the Command Line</a> by Neal Stephenson.
</a>
<img width="360" height="299" src="images/sandwich.png">
</section>
</section>
<section>
<section>
<h2>GNUPG</h2>
<img width="448" height="274" src="images/security.png">
<aside class="notes">
Pretty Good Privacy enables you to encrypt your email and files, and also ensure that the people you think you are emailing are really the people you are emailing. You do this by creating a public and private key for yourself using cryptographic sotware. The person on the other end of the communication also creates their own public and private key. You exchange public keys. When you encrypt email destined for that person, your system encrypts it in such a way that only that person's system with its private key installed can decrypt it. We will be using GNUPG, also known as GPG, to accomplish this. Although it's probably the best option available, it's not trivial to get it running.
</aside>
</section>
<section>
<h2>Installation & Use</h2>
<p>Mac: <a href="https://gpgtools.org/">GPG Tools</a></p>
<p>Windows: <a href="http://www.gpg4win.org/">GPG4Win</a></p>
<p>Linux: <pre><code>
gpg --version
sudo apt-get install gnupg
</pre></code>
</section>
<section>
<h2>Create Your Keys</h2>
<p><pre><code>
gpg --gen-key
</pre></code>
<li>Choose option #1: RSA and RSA</li>
<li>2048 is the default encryption strength, but you can go lower or higher</<li>
<li>You can choose your key to Never expire, or set an expiration</li>
<li>Type 'y' to confirm choices</li>
<li>assign the user, an email address, and an optional comment</li>
<li>dozens of tiny hamsters, spinning in their cages, generating crypto!</li>
</a>
</section>
<section>
<h2>Add Accounts to Your Key</h2>
<p><pre><code>
--edit-key 12345678
adduid
</pre></code>
</a>
</section>
<section>
<h2>Exporting Your Public Key</h2>
<p><pre><code>
gpg --armor --output mykeyname.asc --export
</pre></code>
<li>attach the file mykeyname.asc to emails you send</li>
<li>other GPG users can import this key into their trusted database</li>
<li>once you have exchanged keys, you can exchange encrypted mail</li>
<li>mail clients can handle this attachment automagically; most webmail requires manual attachment</li>
</a>
</section>
<section>
<h2>Import a Trusted Key</h2>
<p><pre><code>
gpg --import pubkeyfile.asc
</pre></code></p>
<h2>importing from keyservers</h2>
<p><pre><code>
gpg --keyserver http://www.KeyServerUrl.com --keyserver-options honor-http-proxy --search-keys Email@Address.com
</pre></code>
</section>
<section>
<h2>Move Your Keys</h2>
<p><pre><code>
user@desktop$ cp -r ~/.gnupg /media/jumpdrive/
user@laptop$ cp -r /media/jumpdrive/.gnupg ~/
</pre></code>
</a>
</section>
<section>
<h2>Encrypting Local Files</h2>
<p><pre><code>
gpg --encrypt commies.list > commies.list.gpg
gpg --decrypt pink.list > pink.list
</pre></code>
<li>you will encrypt the file for a person(s) in your keychain</li>
<li>to encrypt an entire directory, pack it into a .tar first</li>
<li>remember to delete the original, unencrypted file!</li>
</a>
</section>
<section>
<h2>Mail Clients</h2>
<p><a href="https://www.enigmail.net/home/index.php">Enigmail</a> plugin for <a href="http://www.mozilla.org/en-US/thunderbird/">Thunderbird</a></p>
<p><a href="https://wiki.gnome.org/Apps/Evolution">Evolution</a> Mail: Edit -> Preferences -> Accounts -> Security Tab -> Key ID</p>
<li>remember to delete the original, unencrypted file!</li>
</a>
</section>
<section>
<h2>Revoking a Key</h2>
<p><pre><code>
gpg --output revoke.asc --gen-revoke 12345678
</pre></code>
</a>
</section>
</section>
<section>
<section>
<h1>OTR</h1>
<aside class="notes">
Oh hey, these are some notes. They'll be hidden in your presentation, but you can see them if you open the speaker notes window (hit 's' on your keyboard).
</aside>
</section>
<section>
<h2>Off The Record Messaging</h2>
<p>Encryption</p>
<p><small>No one else can read your instant messages.</small></p>
<p>Authentication</p>
<p><small>You are assured the correspondent is who you think it is.</small></p>
<p>Deniability</p>
<p><small>The messages you send do not have digital signatures that are checkable by a third party.</small></p>
<p>Perfect forward secrecy</p>
<p><small>If you lose control of your private keys, no previous conversation is compromised.</small></p>
</section>
<section>
<h2>Installation & Use</h2>
<p>Install <a href="http://www.pidgin.im/">Pidgin</a>.</p>
<p>Install <a href="https://otr.cypherpunks.ca/index.php#downloads">OTR</a>.</p>
<pre><code data-trim contenteditable>
sudo apt-get install pidgin
sudo apt-get install pidgin-otr
</pre></code>
<p>Enable OTR plugin & generate key.</p>
<p>Manage permissions.</p>
</a>
</section>
</section>
<section>
<section>
<h2>Tails</h2>
<p>TOR</p>
<p><small>All software is configured to connect to the Internet through Tor. If an application tries to connect to the Internet directly, the connection is automatically blocked.</small></p>
<p>Use Anywhere, Leave No Trace</p>
<p><small> "Amnesic" because the only storage space it uses is the RAM on your computer, which is automatically erased when the computer shuts down.</small></p>
<p>Cryptographic Tools</p>
<p><small>LUKS, Linux standard for disk encryption</small></p>
<p><small>HTTPS Everywhere</small></p>
<p><small>encrypt and sign emails, documents with OpenPGP</small></p>
<p><small>protect IMs with OTR</small></p>
<p><small>securely delete files with Nautilus Wipe</small></p>
<aside class="notes">
Oh hey, these are some notes. They'll be hidden in your presentation, but you can see them if you open the speaker notes window (hit 's' on your keyboard).
</aside>
</section>
<section>
<h2>Installation & Use</h2>
<p>Download the <a href="https://tails.boum.org/download/index.en.html">Tails ISO</a> using <a href="http://www.utorrent.com/">bittorrent</a></h2>
<p>Download and verify the Tails <a href="https://tails.boum.org/doc/get/verify_the_iso_image_using_the_command_line/index.en.html">signing key.</a></p>
<p>Burn the ISO image to a disc.</p>
<p>Boot your computer from the disc.</p>
</section>
</section>
<section>
<h1>THE END</h1>
</section>
</div>
</div>
<script src="lib/js/head.min.js"></script>
<script src="js/reveal.min.js"></script>
<script>
// Full list of configuration options available here:
// https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: true,
theme: Reveal.getQueryHash().theme, // available themes are in /css/theme
transition: Reveal.getQueryHash().transition || 'default', // default/cube/page/concave/zoom/linear/fade/none
// Parallax scrolling
// parallaxBackgroundImage: 'https://s3.amazonaws.com/hakim-static/reveal-js/reveal-parallax-1.jpg',
// parallaxBackgroundSize: '2100px 900px',
// Optional libraries used to extend on reveal.js
dependencies: [
{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },
{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
{ src: 'plugin/zoom-js/zoom.js', async: true, condition: function() { return !!document.body.classList; } },
{ src: 'plugin/notes/notes.js', async: true, condition: function() { return !!document.body.classList; } }
]
});
</script>
</body>
</html>