Privacy

From Ggl's wiki

Contents 1 Anonymity and Privacy principles 1.1 Definitions 1.1.1 Anonymity 1.1.2 Privacy 1.1.3 Law 1.2 Where 1.2.1 At home 1.2.2 On the road : the nomad digital user 1.3 What to protect 1.3.1 DNS requests 1.3.2 Web browsing 1.3.3 Mail 1.3.4 File Sharing 1.3.5 Identity 1.3.6 Data 1.4 Who to protect from 1.4.1 ISP 1.4.2 Spammers 1.4.3 Government 1.4.4 IT companies 1.4.5 Kiddies 1.4.6 Cyber criminals 2 Tor 2.1 How Tor works 2.2 Installing Tor 2.3 Configuring Tor 2.4 Limits of Tor 3 Privoxy 3.1 How Privoxy works 3.2 Installing Privoxy 3.3 Configuring Privoxy 3.4 Limits of Privoxy 4 Mixminion 4.1 How Mixminion works 4.2 Installing Mixminion 4.3 Configuring Mixminion 4.4 Limits of Mixminion 5 Anonymous Networks 5.1 i2p 5.2 freenet 6 Anonymous webmail with crypto 6.1 hushmail 6.2 cryptomail 6.3 nodns 6.4 ciphire 7 Encryption 7.1 Encrypting mails 7.1.1 gnupg and the web of trust 7.1.2 S/Mime and certificates 7.2 Encrypting files 7.3 Encrypting a directory 7.4 Encrypting a partition 7.5 Problems with encryption 8 Other methods and musings 8.1 https proxies 8.2 covert channels 9 References

Anonymity and Privacy principles

Definitions

Anonymity

Privacy

Law

Where

At home

• xDSL
• Wifi on router/modem

On the road : the nomad digital user

• Wifi on hotspots

What to protect

DNS requests

Each DNS request you make allows someone else who can read it to determine what ressources you want to access (by the name of the domaine, the machine, or the service with dns srv entries). Most of the Internet services work with URI (Universal Resource Identifier) which contains FQDN (Fully Qualified Domain Name).

For example, when you access to google.com, you type :

http://www.google.com

http://

defines the services

google.com

the domain

www.

the host in the domain

If the domain or subdomain name is explicit someone may guess what type of information you want to get.

Web browsing

Mail

File Sharing

Identity

• login/password
• email addresses
• certificates
• personnal information (social security number, ID card number)
• billing information (credit card, bank data)

Data

• personnal data (documents, photos, videos)
• professionnal data (documents, contacts)

Who to protect from

ISP

• dslam, routers and geo-localisation
• transparent proxies
• m{t,d}a

Spammers

• privacy violation
• data mining

Government

• censorship
• spying
• surveillance

IT companies

• the DRM threat
• collecting commercial info

Kiddies

• intrusion
• data theft
• data destruction

Cyber criminals

• intrusion
• identity theft

Tor

How Tor works

Installing Tor

• the easy way on Debian
• everywhere with out of the box solutions

Configuring Tor

Limits of Tor

Privoxy

How Privoxy works

Shortly, Privoxy is a local HTTP{,S} proxy.

Installing Privoxy

Configuring Privoxy

Limits of Privoxy

Mixminion

How Mixminion works

Installing Mixminion

Configuring Mixminion

Limits of Mixminion

Anonymous Networks

i2p

freenet

Anonymous webmail with crypto

hushmail

cryptomail

nodns

ciphire

Encryption

Encrypting mails

gnupg and the web of trust

• Gnupg Quick Memo:

Export public key:

gpg -a --export <my_mail> > <pubkey_file>

Sign and encrypt:

gpg -r <recipient mail> -a -s -e <file> -o <outputfile>

Decrypt (and verify if signed):

gpg -d <encrypted_file>

Verify:

gpg --verify

S/Mime and certificates

• on a mta

Encrypting files

• gnupg

• the need to access to encrypted files from any host/os

Encrypting a directory

• On GNU/Linux

• On MS Windows

Encrypting a partition

Problems with encryption

• Sometimes files are partialy uncrypted in memory.

• Loosing the secret or private key

Other methods and musings

https proxies

covert channels

• known
• Ideas and PoCs

References

• EFF (Electronic Frontier Foundation
• Freehaven
• InfoAnarchy