If you’re just an average user concerned about your privacy
Use Tor when browsing. You don’t have to use Tor all the time (it does slow things down considerably and some sites will also block Tor traffic). But if you are looking at or for something that you feel is sensitive, then either set up your browser to work with Tor or use the Tor browser.
Use a password manager. It doesn’t matter how many surveys and reports come out that tell people to use different passwords and complex passwords, a huge percentage of us maintain borderline idiotic approaches. The simple answer is: get a password manager. It will protect you.
Use two-factor authentication. Many services such as Gmail, Twitter, Dropbox, Hotmail, and Facebook offer this now for no charge. So even if your password does get exposed, you still have a backup such as a text message to your phone to secure your information.
Use apps that protect your information. Snowden suggests the smartphone app Signal, which encrypts both your phone calls and texts. It’s free and easy to use. Although of course, following a high-profile argument with the FBI, it would appear that Apple’s messaging service is also pretty secure (although Snowden would probably have doubts).
Use the HTTPS Everywhere browser plug-in. This comes from the Electronic Frontier Foundation (EFF) and will try to force all browser communication to be encrypted.
Encrypt your hard drive. This is comparatively easy these days but you have to be careful to do two things: one, have a longish phrase to make it worthwhile; and two, make damn sure you remember that phrase. There will be a slowdown in performance but nothing too bad if you have a modern machine.
Be smart with your security questions. Stop using your mother’s maiden name for everything. Likewise your first school. The key is to mix things up as much as possible so if someone does get into one of your accounts, they can’t use the same information to get in everywhere else.
After reading this I installed Whisper Systems Signal on my Android devices, and encouraged my friends and family to do the same.
Signal allows you to send encrypted texts and phone calls, all free of charge, combining the original apps TextSecure and RedPhone.
At Open Whisper Systems, we want everyone to have access to advanced secure communication tools that are as easy and reliable to use as making a normal phone call or sending a normal text message.
Over the past year, we’ve been working to bring the privacy software we’ve developed for Android to the iPhone, and today we’re releasing Signal – free, worldwide, encrypted voice calls for iPhone, and fully compatible with RedPhone for Android.
This free app is a no brainer for anyone who values their privacy, available on Android and iOS.
Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server’s IP address (and thus its network location), a hidden service is accessed through its onion address. The Tor network understands these addresses and can route data to and from hidden services, even to those hosted behind firewalls or network address translators (NAT), while preserving the anonymity of both parties. Tor is necessary to access hidden services.
Hidden services have been deployed on the Tor network since 2004. Other than the database that stores the hidden-service descriptors, Tor is decentralized by design; there is no direct readable list of all hidden services, although a number of hidden services catalogue publicly known onion addresses.
Rather than pay a web host (although I love my current provider, the support team are fantastic!) I will host my own data on the darknet.
To keep the costs to a minimum, I wanted a low powered device, as it will be running continuously. I’ve old PC’s and laptops but they still gobble up power, voilà Raspberry Pi.
Tor Project have instructions on how to create an hidden service, and as the device I’ve ordered comes with a trimmed version of Debian, Raspbian, Wheezy, the Linux path should be easy enough to follow… famous last words 🙂
Now eager for the kit to arrive, so I can start to play!
While on my search for anonymous and meta free email, I cam across this article at The Daily Dot.
It seems like Tor Mail could have been what I was looking for, even though it was based in the dark web. It’s now been closed down, apparently due to bad people carrying out sick nefarious activities that I wouldn’t want to be associated with… or the Feds made up lies to capture it, who knows?
Anyway, Tor mail is no more, but below are a few options that I look to test out, and it seems that looking for a solution on the clear web was quite naive.
BitMessage is a decentralized, encrypted and peer-to-peer messenger. This program has seen a surge in popularity since the Snowden leaks.
TorChat is an easy-to-use anonymous messenger designed to fit nicely into the Tor environment. It has been widely used across the Dark Net spectrum since before Tor Mail’s fall.
PrivNote is a Clear Net messenger service that deletes notes once they’re read. Silk Road vendor RxKing prefers this service, but others refuse to use it, citing multiple security concerns.
SMS4TOR is a Tor-friendly version of PrivNote that has gained considerable traction thanks to its base a Tor hidden service.
I2P-Bote uses the I2P anonymizing software to provide a decentralized, encrypted, verified email service. The service is only in alpha and, due to its reliance on I2P, will probably not be widely adopted.
Privatdemail is an email service with a focus on privacy (as opposed to anonymity). Here’s a fun fact: You apparently can’t email Israel because the servers are located in an Arab country that forbids it. That policy will not inspire confidence, but even so, Privatdemail is already in use.
RiseUp is an email service built for “liberatory social change.” Users must apply and be approved for accounts, proving that they are activists fighting for positive change, which is whatever RiseUp’s founders deem it to be. In exchange, RiseUp keeps minimal logs, encrypts your data and defends your communications unlike many corporate email services.
Nym is a remailer that allows you to send encrypted emails without them being traced back to you, the sender.
Mixmail is a remailer similar to Nym but is much easier to use. It strips out identifying factors like an IP address, making a quick, anonymous email an easy proposition.
Jabber is a popular open-source, decentralized messaging system. It’s widely used by journalists already, particularly in the Middle East.
Tox.im is a currently-in-development tool that promises to allow encrypted and decentralized video and text chat reminiscent of Skype—only without Microsoft allowing the American government to listen in as they do.