Installing, properly configuring and maintaining software like I2P, Tor, full-disk encryption seem difficult to me and has many non-obvious pitfalls. Instead of going through confusing tutorials and trying to get it right, I would rather use turn-key, ready-to-use solutions made by someone more versed than me.
Ubuntu allows you to set up an encrypted LVM on a whole drive with a single setting in the installer. Just grab the ISO with the alternate installer[1] and choose "use the whole disk for encrypted LVM" (or compatible) in the partitioning tool. The installer also allows for advanced configuration, like setting up swap and /tmp on partitions encrypted with one-time keys, while still making it fairly difficult to screw up.
Tails comes with preinstalled and preconfigured Tor and I2P and, what's important, with almost all other connectivity blocked. Just download it[2], verify the signatures, and put on a USB key. Right now, it's difficult to add persistent storage[3] but they're working on it. Also, as an additional precaution, physically removing the USB key will make Tails shut down and wipe memory.
The complexity and presentation of encryption tools are the biggest things preventing them from being used by everyday people. I have a CS degree from a university you've heard of, have been using Linux for much of my computing career, and am a professional programmer, and even I found the I2P front page and "gentle introduction" intimidating and obtuse. I spent 15 minutes reading it and I literally have no idea exactly what it does.
It's even more important to start encrypting everything when agencies like the NSA are building datacenters of never-before-seen size to store everyone's communications forever. Without getting too tin-foil-hat about things, it's not a big stretch for me to imagine--given what NSA is publicly doing today--a world where the government can pull up things you said in an offhand email two decades ago as evidence against you.
Encryption everywhere is so important now and will only get more important as governments wise up to technology. Someone needs to make it easy for people to do.
Can I suggest the "Tor Browser Bundle[1]" -- I've only tried it on Mac OS X, but it seems to nicely, and easily integrate a Tor proxy and a pre-configured Firefox for one-click anonymous browsing.
I would rather use turn-key, ready-to-use solutions made by someone more versed than me.
Privacy doesn't work like that. It isn't set-it-and-forget-it. If you aren't constantly policing yourself, all the full-disk encryption and Tor networks in the world can't keep you anonymous.
Switching on FileVault 2 on OSX makes things significantly more work and difficult for someone to attack you on that vector. Many times all you need is to make it annoying and expensive enough to be secure.
Most people in the USA have locks that can be picked in 10 seconds with an auto jiggler and windows that can be broken with a large rock. Most people don't have walls, interior locks and bars that will start making thieves to carry power tools. Yet that is enough to stop a lot of casual theft.
Privacy doesn't, but encryption does. You don't want to set up Tor or I2P only to find out later that traffic you thought was encrypted actually wasn't.
Hyperboles, image macros, Guy Fawkes masks, factual errors. Sounds like an average Pirate Party operation. The intentions are good for sure, but I doubt that this site is useful for a lot of people as it stands now. Of course it being a wiki it has a chance to evolve and grow into an actual gold mine of information. But I'm quite skeptical for now.
Their marketing message is very weak. I love the message, but it could be done better.
Most people would never imagine online banking and shopping without encryption. Neither would the financial institutions or the stores.
However, widespread use of encryption seems to come to an end there.
I thought differently about this in the past, but today I wonder if widespread encryption for the mass market would weaken their own security. Sending someone an encrypted message does not protect that message if the receiver passes it along on unencrypted channels.
The rumor of Wikileaks collecting a good deal of secret documents through Tor nodes makes one wonder if even few of the "elite" really understand security and encryption.
I would like encryption to be mandatory. I would like to not have to avoid public Wifi for concern of being hacked. I want to be able to send my employees server credentials via email.
I think we will move in that direction, and the big companies will be responsible.
> to counteract the increasing threat of total communications surveillance by governments
So I guess SSL man in the middle will be coming soon? If it isn't here already, of course.
Doesn't anyone else feel that the answer to over-surveillance from the government isn't a technological arms race but a political debate about the virtues of freedom?
The answer is to do both. You can have a political debate about freedom and come to sane conclusions. Ten years or one terrorist attack later and you're back having the same debate with a possibly different conclusion. And don't forget, every country in the World would need to have this debate. And I'm pretty sure, countries will always consider the surveillance of people in foreign countries fare game if they can get away with it. The US and the UK (my home) certainly will.
We should strive for technical solutions which make mass surveillance either impossible, or more realistically so expensive it becomes infeasible. Money talks.
I work in the financial industry where there are some strict regulatory requirements about information flow (you know, things like like insider trading and maintaining firewalls between different parts of big banks and stuff like that) and all the large banks that I know of are performing an SSL man-in-the-middle on their gateways and have been for quite a while.
Within a corporate setting it's very easy to do - you issue your own certs which are set to be trusted by internal computers and reencrypt with those at the gateways.
That works when "the corporation" controls your desktop and the certs your browser trusts, doesn't work so well when your (personal) smartphone or iPad is connecting out of the office over the cell network.
The recent Mozilla/Trustwave (and DigiCert before) debacles make it very clear that a nation-state level adversary is almost certainly capable of SSL mitm-ing just about any internet traffic they want. Unless you're getting your data in and out of your country via encrypted packets over ham radio (and into a country you trust), there's just too few businesses a government agency would have to "lean on" to ensure your SSL encrypted packets are reliably secure.
Keep in mind too, that "encrypt everything" only solves part of the "problem" of communications surveillance.
If the apparently-not-april-fools-gag reports out of the UK [1] over the weekend are to be believed, police agencies are deciding amongst themselves that the time/date/length/frequency/endpoints of any internet communication are things that they don't need warrants or oversight for.
Encrypting the _contents_ of your email/texts/phonecalls/websitevisits still gives them access to the social graph in which you're communicating.
Suppose one of your "brogrammer" colleaues sends out email to a group of recipients every Friday afternoon, one to you with some regular work-related business, and a dozen to his 'bros'. You send your usual response, and so do his bros, then he texts a particular number, gets a call back from that number. When that number becomes part of an investigation and turns out ,say, to be a cocaine dealers "burner phone" - guess what _you_ just started to look like part of? And if you've got some hacktivist-motivated software in place to strongly encrypt the mail between you and your coworker, how do you think _that's_ going to look to the investigators? (feel free to invent your own bad scenario about the "war on terror" or the "saving children from pedophiles" or the "occupy movement" or "overzealous corporate IP enforcement" instead of the "war on drugs")
I don't know how to solve that - but some TOR-like multi-juristiction-distributed email/text/IM routing mechanism, where the source/destination information is part of the encrypted payload so "they" only get to see the hop between you and your nearest node, along with (crypographically) randomised message forwarding delays, payload padding, and "bogus messages" to mitigate traffic analysis (the first to stop someone noticing "Alice sent a message into node 1 and Bob simultaneously received a message from node 2", the second prevents leaks like "Alice sent a 13.2k message into node 1, and Bob received a 13.2k message from node 2", and the third to solve "Alice sent 8 messages into node 1 and Bob received 8 messages from node 2")
>some TOR-like multi-juristiction-distributed email/text/IM routing mechanism, where the source/destination information is part of the encrypted payload so "they" only get to see the hop between you and your nearest node, along with (crypographically) randomised message forwarding delays, payload padding, and "bogus messages" to mitigate traffic analysis
You're right of course. Finding alternatives like these should never be a long term solution, but only a temporary solution. Because if we treat it like a technical problem and not a political one, then it will only be a matter of time before they find ways to make those solutions illegal, or to monitor and breach them through the Government's agencies.
This would be a lot nicer if the dm-crypt tutorial for GNU/Linux wasn't directly copied from the ArchLinux Wiki, but without actually fixing links and explanations...
It's not bad to collect these things, but it's not really well done, and one could have linked better resources, such as Markus Gattol's site about dm-crypt for linux[1], or at least the original resources...
Filevault 2 is pretty good. It's built into the OS, so it's a lot more likely people will use it than to install another package.
Obviously you need to make sure you have a good backup scheme in place, and escrow the decryption key somewhere (ideally, printed).
There are some functionality advantages to Truecrypt (deniable volumes, etc.), but Filevault is pretty good. I'd feel equally comfortable with either one. (I'd prefer OPEL, the drive encryption on-controller, for performance reasons, but Mac OS X doesn't support that.)
Once you do that, you have a lot of other things to worry about before "which widely accepted disk crypto package should I use for FDE" becomes the biggest question.
I never get that argument. I could download TrueCrypts source code, but that would take forever to read, if I could even read it all. So I'm basically taking the internet's consensus that someone has read the source and it does what it says it does. Is this a safer bet?
Would you rather use a program vetted by a wide variety of unassociated security researchers, or one whose manufacturer merely insists it was very careful programming?
My take on this is that if it's open source and lots of people are using it, malicious individuals will be scouring the source trying to find attack vectors which then, hopefully, would be more likely to become public than attack vectors in private software.
I wouldn't trust Apple on security. They are currently producing computers with ports that have direct access to the RAM. Also, you can root a mac with physical access in about 10 seconds. (On startup CTRL-S , mount the hd, delete find and delete .Apple*, restart). There is also that issue with the Indian government. Also in the past they have had major problems with FileVault (search 'VileFault').
>They are currently producing computers with ports that have direct access to the RAM.
You mean, like every device with PCI slot or FireWire port? It's hardly just Apple that provides DMA.
Rooting Windows doesn't take too long either, and to get data (the real reason to root a device) it's not like it's necessary. Just pull the HD and plug it into another machine - you already have physical access. Physical access == game over, unless you have good encryption, and the kind of machine or OS makes no difference.
The FileVault issues are a good point, though I don't know what changes have occurred since full-disk encryption came out with 10.7. VileFault's attack vector readme lists DMA (true on any DMA device, though easier on some) and reading unencrypted data to look for passwords - only DMA seems viable with full disk encryption.
Enabling FileVault disables Firewire/Thunderbolt DMA access when the screen is locked, or always when a firmware password is enabled.
pmset -a destroyfvkeyonstandby 1 hibernatemode 25
That command will disable light suspend mode. When the lid is closed, the laptop will hibernate, writing its memory to disk (encrypted) and power off, clearing the encryption key from memory.
Unless this allows you to access a Mac that has FileVault disk encryption turned on, without the key, it's a red herring. Also, today's FileVault is a completely different technology than the previous home dir encryption (which AFAIK was never broken, but had some frustrating limitations, mainly regarding backup).
You can retrieve the key if the computer is turned on by dumping the memory from a Firewire or Thunderbolt port. If these ports are disabled you could use the Cold Boot Attack. This is the same with all computers, it's just that Apple continue to make them with Thunderbolt.
Apple has made some progress on protecting from DMA attacks -- when the screen locker is enabled, you can't do it. The kernel uses Intel VT-d for this; I'm not sure if Linux or Windows do the same yet.
I knocked Apple a bit for security issues 2006-2009, but they've made a serious effort to fix things starting sometime in 2010 or 2011. I mean, iOS and the iPhone platform is probably one of the most secure mobile OSes now (RIM edges it out, but RIM sucks). OS X has added other security features as well, starting with 10.6.
From the page called "Filling Out Webforms":
...So many websites began asking you questions that seemed innocuous, but were actually designed to allow you to be controlled; so that Chinese authorities could make sure you were unable to view photos of Tiananmen Square, American authorities could make sure you were unable to view magazines published by "enemy" countries, and corporations were able to gather all your information to sell you as a data-package.
I consider myself rather paranoid, but I think this might be a litte exaggerated. However, this is all definitely possible, and if the governments haven't already begun mass surveillance, they probably will.
I think you are deluding yourself though if you believe that most major govts are not doing wholesale digital trawling to the best of their (advanced) abilitites already, regardless of whatever legislation is currently in place.
Ubuntu allows you to set up an encrypted LVM on a whole drive with a single setting in the installer. Just grab the ISO with the alternate installer[1] and choose "use the whole disk for encrypted LVM" (or compatible) in the partitioning tool. The installer also allows for advanced configuration, like setting up swap and /tmp on partitions encrypted with one-time keys, while still making it fairly difficult to screw up.
Tails comes with preinstalled and preconfigured Tor and I2P and, what's important, with almost all other connectivity blocked. Just download it[2], verify the signatures, and put on a USB key. Right now, it's difficult to add persistent storage[3] but they're working on it. Also, as an additional precaution, physically removing the USB key will make Tails shut down and wipe memory.
[1] http://www.ubuntu.com/download/ubuntu/alternative-download#a... [2] https://tails.boum.org/index.en.html [3] https://tails.boum.org/forum/How_do_I_do_what_unetbootin_doe...