- The Irish based Front Line Defenders charity has published
Digital Security & Privacy for Human Rights Defenders manual
We have a few minor quibbles ,but this is a very useful, clear and simple guide, which complements these hints and tips. It is of use to human rights activists living under repressive regimes, and also to UK based journalists, and political bloggers alike.
- The United States National Security Agency does not just snoop on foreigners and US citizens, it also publishes very useful practical documentation aimed at securing US Government and Business computer systems and networks.
Have a look at these open source Security Configuration Guides and checklists, and make sure that your computers are at least as well secured as the NSA recommendations:
These used to be available as NSA Security Configuration Guides, but these checklists have now mostly been moved to the:
National Institute of Standards and Technology (NIST):
- The NSA also publish an illustrated, step by step guide to secure document redaction or censorship from Microsoft Word 2007 to Adobe .pdf format:
- Thomas C.Green writes in The Register about Clearing swap and hibernation files properly - - probably especially important for laptop computers, which are especially vulnerable to loss or theft. See also his Windows hack for Web-surfing privacy and Internet anonymity for Windows power users gives some hints a techniques for using RAM disks rather than hard disk space for Windows and Web Browser temporary files and registry settings.
- Privacy International:- "Legal Protections and Barriers on the Right to Information, State Secrets and Protection of Sources in OSCE Participating States" - should be read by legislators, civil servants, investigative journalists, whistleblowers and bloggers in Europe, North America and Central Asia.
- Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders
- Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.
- Everyone's Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the Munk Centre for International Studies at the University of Toronto.
- How To Master Secret Work Some idea of the precautions necessary for making sure that you have not been followed to clandestine physical meetings, on foot or by car, can be gleaned from this re-print of advice and techniques given to ANC / Communist activists under the South African apartheid regime - African National Congress or South African Communist Party (or, if you are desperate, from here)
First published during the 'eighties as a series of articles in the SACP publication 'Umsebenzi'; later as a single pamphlet for underground operatives.
Following the Edward Snowden revelations about the extent of untargeted mass surveillance by NSA and GCHQ, some of these old school, pre-internet tips about operational security should still be of interest to today's political activist, even in supposedly more democratic countries than South Africa.
- A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages ), by experienced UK direct action political activists (www.activistsecurity.org). It is full of practical advice, on many of the topics in this blog, including physical meetings, surveillance, anonymous letters and mobile phones. They make the point that there are private sector snoopers as well as government ones who are interested in meetings and communications between whistleblowers or activists or journalists etc.
There is a mirror copy on this blog, in case your access to the original is blocked
[hat tip to Mr. Tor for his suggestion in the comments below]
- Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)
- Privacy International - Speaking of Terror: A survey of the effects of counter-terrorism legislation on freedom of the media in Europe (.pdf) includes sections on Protection of journalists' sources and materials, and Wiretapping and surveillance of journalists and on Limits on Photography.
- The Berkman Center for Internet and Society, at the University of Harvard, in the USA,has several research projects which examine the effectiveness of State and Corporate Internet Censorship and the tools and techniques used to achieve this,m and the arms race with the Censorship Circumvention tools and techniques. They have published a useful study of some of the most popular Circumvention tools and technologies, showing their trade offs between usability, speed, security, and effectiveness at breaching the Great Firewall of China and other repressive countries.
Unfortunately, exactly the same techniques which are useful in helping dissidents in very repressive countries, are also now needed to help to protect the anonymity of whistleblower sources and contacts with, or between, journalists, bloggers and political activists, here in the increasingly repressive United Kingdom
2007 Circumvention Landscape Report: Methods, Uses, and Tools
Published March 05, 2009
Authored by Hal Roberts, Ethan Zuckerman, John Palfrey
The following tools were included in the study:
Anonymizer Anonymous Surfing - an HTTP proxy tool
Anonymizer China - an HTTP proxy tool
DynaWeb FreeGate - an HTTP proxy tool
UltraReach - an HTTP proxy tool
Circumventor / CGIProxy - a CGI proxy tool
Psiphon - a CGI proxy tool
Tor - a randomized re-routing tool
JAP - a fixed re-routing tool
Coral - a distributed hosting tool
Hamachi - a IP tunneling tool
These tools were chosen to represent most of the most popular tools and to represent a range of different technical and organizational models. There are many tools with the same or similar functionality as the tools included in the study, including Gpass, Guardian, FirePhoenix, Invisible Browsing, Metaproxy, PHPProxy, a plethora of VPN and HTTP tunneling tools, and many others.
- The Crown Prosecution Service's Decision on prosecution - Mr Christopher Galley and Mr Damian Green MP is worth reading, especially the legal opinion on
22. As already noted, Mr Galley was arrested for an alleged offence of misconduct in public office and Mr Green was arrested for an alleged offence of aiding and abetting, counselling or procuring the alleged offence by Mr Galley and of conspiring with Mr Galley for him to commit the offence of misconduct.
23. This is not a case which falls within the framework of the Official Secrets Acts
This CPS Decision also mentions that
9. The leaked document was the "Asylum and Immigration High Level Monthly Performance Report July 2007". It was marked "Restricted-Management". A copy was recovered by the police from Mr Green's Parliamentary office bearing the name "Galley" in manuscript. In his interview with the police, Mr Galley denied passing this document to anyone.
- Whistleblowing and Whitehall - A review of how the policies of Government Departments comply with accepted good practice on whistleblowing (.doc) - 2007 report by the Public Concern at Work whistleblowing charity.
- This research gives an overview of internet snooping and censorship technologies, including British Telecom's CleanFeed system, and some ways in which this can be avoided, thereby preserving some whistleblower source / political dissident anonymity:
Technical Report Number 653
University of Cambridge
Dr. Richard Clayton's home pageand contact details.
- How To Communicate Securely in Repressive Environments - a blog post with useful comments and links, and a Word (.doc) version, by Patrick Philippe Meier
- Public Concern at Work, together with the British Standards Institute, have produced a useful Whistleblowing Arrangements policy document for public and private sector organisations in the United Kingdom (free for individual use).
In partnership with PcaW, British Standards has published a Code of Practice on whistleblowing arrangements under the classification PAS 1998/2008. PCaW is delighted that, to mark the tenth anniversary of the UK's whistleblowing regime, BSI has agreed that the Code will be available for free for individual use.
We hope you find the Code helpful. If you do, please note that PCaW has developed a range of practical support to help organisations comply with and benefit from the Code.
Copies of this Code are available for free for individual use under licence by download from here or from www.bsigroup.com/PAS1998. For printed and own-branded copies or for a network licence, please contact BSI at email@example.com.
Thank you for filling in the form:
- FLOSS Manuals - Circumvention Tools - Bypassing Internet Censorship (available as a single web page for printing or as a .pdf file)
Is a neatly written and illustrated guide to to various Proxy and Virtual Private Network tools and services.
* CIRCUMVENTION TOOLS
* ABOUT THIS MANUAL
* WHAT IS CIRCUMVENTION
* AM I BEING CENSORED?
* DETECTION AND ANONYMITY
* HOW THE NET WORKS
* WHO CONTROLS THE NET
* FILTERING TECHNIQUES
* FIRST TECHNIQUES
* SIMPLE TRICKS
* USING A WEB PROXY
* USING PHProxy
* USING PSIPHON
* USING PSIPHON2
* USING PSIPHON2 OPEN NODES
* ADVANCED TECHNIQUES
* ADVANCED BACKGROUND
* HTTP PROXIES
* INSTALLING SWITCH PROXY
* USING SWITCH PROXY
* TOR: THE ONION ROUTER
* USING TOR BROWSER BUNDLE
* USING TOR IM BROWSER BUNDLE
* USING TOR WITH BRIDGES
* USING JON DO
* WHAT IS VPN?
* SSH TUNNELLING
* SOCKS PROXIES
* HELPING OTHERS
* INSTALLING WEB PROXIES
* INSTALLING PHProxy
* INSTALLING PSIPHON
* SETTING UP A TOR RELAY
* RISKS OF OPERATING A PROXY
* FURTHER RESOURCES
The Whistleblower's Handbook
How to Be an Effective Resister
Brian Martin, The Whistleblower's Handbook: How to Be an Effective Resister (Charlbury, UK: Jon Carpenter; Sydney: Envirobook, 1999). Out of print from 2008.
HT4W mirror copy of The Whistleblower's Handbook (.pdf)
1. Seven common mistakes 3
2. The problem 7
3. Speaking out and the consequences 10
4. Personal assessment: what should I do? 18
5. Preparation 23
6. Official channels 29
7. Building support 45
8. Case studies: considering options 65
9. Surviving 77
10. Whistleblower groups 82
Seven common mistakes
Seven mistakes which are commonly made
by those aiming to expose wrongdoing:
• Trusting too much
• Not having enough evidence
• Using the wrong style
• Not waiting for the right opportunity
• Not building support
• Playing the opponent's game
• Not knowing when to stop.
- Flash memory / USB devices (thumbdrives, digital camera or mobile phone memory cards etc) is very hard to securely erase:
Reliably Erasing Data From Flash-Based Solid State Drives (.pdf)
∗, Laura M. Grupp∗, Frederick E. Spada†, Steven Swanson∗
∗Department of Computer Science and Engineering, University of California, San Diego
†Center for Magnetic Recording and Research, University of California, San Diego
- Hacker OPSEC blog by by @thegrugq with interesting links to counter intelligence examples and documents, which emphasises the need for comparmentalisation between your normal life and your "secret" one or between your normal family and business contacts and any confidential sources or contacts.
- Spy Blog "Bring and Swap" presentation given at recent CryptoParty / CryptoFestival events: (.pdf) & (.pptx)
- European Federation of Journalists Top Tips for Journalists Covering the 2014 Winter Olympics includes useful tips about SmartPhones etc. N.B. also do not trust any "free" USB charging devices for SmartPhones or Tablets etc. - these can be a malware installation vector.
- Information Security for Journalists version 1.1 by @ArjenKamphuis Arjen Kamphuis and @SilkieCarlo Silkie Carlo, in association with @cijournalismThe Centre for Investigative Journalism - detailed practical step by step guide helping Journalists protect their sources from compromised electronic communications e.g. PGP/GPG file or email encryption, TrueCrypt disk volume encryption, OTR encrypted instant messaging, phones and Tor anonymous web browsing. This e-book takes a pragmatic attitude to the importance of risk analysis and the different levels of security / anonymity which apply in practice.
Information Security for Journalists version 1.1 (.pdf) on Arjen's website.
N.B. a copy of this version 1.1 (.pdf) is also mirrored here at HT4W
Preface - Silkie 7
Preface - Arjen 8
Chapter 1: Protecting the System 14
Your computer model 14
Buying the right laptop 16
Modifying your hardware 20
Buying your laptop anonymously 22
Guarding your laptop 23
Detectability measures 24
Chapter 2: Operating System 25
Ubuntu install instructions 29
Booting from USB 31
Ubuntu privacy tweaks 32
Tails install instructions 32
Clean and prepare a USB stick 33
Cloning Tails USB sticks 34
Installing Tails manually via UNetbootin 35
Installing Tails manually via Linux 36
Updating Tails 38
Using Tails 39
Using Tails via bridges/circumventing censorship 39
Creating a persistent volume 41
Using KeePassX 42
Email in Tails 42
Chapter 3: Safe Browsing 48
A general purpose browser 49
Chapter 4: Data 53
Troubleshooting TrueCrypt installations 54
Encrypt a file with TrueCrypt 55
Hidden encrypted volumes 57
Encrypting hard drives 60
Sharing data securely 60
Securely deleting files 62
Physical erasure 63
Chapter 5: Email 65
Email metadata 66
Email encryption 66
Key pairs 67
Verifying keys 67
Protecting your identity and location 68
Basic notes about email encryption 68
Installation instructions for encrypted email 69
Configuring Thunderbird 71
Send an email 75
Chapter 6: Instant Messaging 77
Adium instructions (Mac) 77
Pidgin instructions (Linux/Windows) 78
Getting started with OTR chat 79
Chapter 7: Phones & Voice/Video Calling Over Internet 82
Mobile security 82
Internet voice and video calling 85
Chapter 8: Passwords 86
Password cracking: understanding the risk 86
How to create a strong password 88
About the authors 93