Thanks to all the NYC Anarchist Bookfair who came to the joint ATS/Plankhead workshop on Basic Tech Security. For those of you reading this who have no idea what I’m talking about, uh, I did a joint workshop with ATS on Basic Tech Security at the Anarchist Bookfair. I mean, duh. You probably could have surmised that from reading the first sentence.
Anyway, as promised, here’s an easy reference guide to some of the stuff we talked about. If you have any further questions, leave a comment on this post, or email me at Zacqary@plankhead.com. Read on for, in no particular order, all of those things:
A strong password is designed to take a prohibitively long time for a computer to break by brute force (guessing “aaaaaa”, then “aaaaab”, and so on and so on) or dictionary attack (guessing every word from the dictionary, and other common passwords). It must be long (12 characters or more is good), and contain at least one:
- Uppercase letter
- Lowercase letter
- Punctuation/other symbol
Some websites will not allow you to include punctuation symbols in your password. They are stupid, stupid websites, but if you must deal with them, at least use both cases of letters and numbers.
Remembering strong passwords:
You could make your password a full, grammatically correct sentence, complete with spaces. For example:
I eat bagels at 7:05 AM.
Of course, now that I suggested that as a strong password, do not actually use that sentence as a password. Make up your own similar thing.
Another strategy is to get a PasswordCard. It’s a very useful way of creating and remembering strong passwords.
Useful Firefox Add-ons
- BetterPrivacy — Deletes all of your Flash cookies every time you quit Firefox. Flash cookies are those nasty, Flash-based cookies which aren’t easy to delete, and sometimes replaces regular cookies you delete.
- Ghostery — Prevents major web advertisers from tracking your browsing behavior.
- Beef Taco — Very similar to Ghostery. Use one or the other, or both.
- Google Sharing — Anonymizes your Google searches by sending them through a proxy server (similar to Tor), so that Google can’t tell it’s you that’s searching.
- TrackMeNot — Searches for random garbage (in the background) on Google, Yahoo, Bing, and AOL Search every minute or so. That way your real searches are needles in a haystack, and the search engines can’t build a profile on you.
- HTTPS Everywhere — Forces Firefox to use HTTPS, an encrypted method of accessing web sites, whenever it’s possible.
- Adblock Plus — Prevents almost all ads on the web from ever reaching your computer. This only provides a little bit of anti-tracking (use Ghostery or Beef Taco for that), but at least it makes the web prettier. Trust me, the difference is night and day. Get this one. You’ll wonder how you survived without it.
Setting it up
- If you need an email provider you can trust, contact firstname.lastname@example.org for an invitation to RiseUp.net.
- Download and install GPG (Windows version | Mac version). This is an encryption library necessary for your email encryption to work. Think of it like how you need to install Flash in order for YouTube to work.
- Download and set up Thunderbird. Here’s how to set it up with a RiseUp.net email address, or how to set it up with a Gmail address. If you have a different email provider, check the Help section of their website.
- Once Thunderbird is set up, download Enigmail.
- With Enigmail installed, there will be a new option in Thuderbird’s menu bar (File, Edit, etc.) called OpenPGP. Go to OpenPGP > Key Management. Now, in the new Key Management window, go to Generate > New Key Pair. Follow the instructions. Use a strong passphrase, and remember it.
- If your key was created successfully, it will show up in the Key Management window. (You may need to check “Display All Keys By Default” if it’s not there).
- In this list, right-click your key and select “Upload Public Keys to Keyserver”. This way other people can send you encrypted email.
Sending an encrypted email
- Write an email as normal. Before sending it, click the OpenPGP button (should be next to Attach) and make sure “Encrypt Message” is checked.
- If this is the first encrypted email you’ve sent to a certain recipient, a box will show up saying “Recipients not valid, not trusted or not found”. Click the button that says “Download missing keys”, and click OK. (If the default server, pool.sks-keyservers.net, doesn’t work, try the other three)
- Assuming the recipient’s key could be found, it will now show up in the big list in the box. Click the checkbox next to their name, and then click OK.
Receiving encrypted email
As long as you’re reading the email with Thunderbird, it should just work automatically. You may be prompted to enter your passphrase before it will decrypt your email.