
Encrypt Everything - rosser
http://encrypteverything.ca/index.php/Main_Page
======
spindritf
Installing, properly configuring and maintaining software like I2P, Tor, full-
disk encryption seem difficult to me and has many non-obvious pitfalls.
Instead of going through confusing tutorials and trying to get it right, I
would rather use turn-key, ready-to-use solutions made by someone more versed
than me.

Ubuntu allows you to set up an encrypted LVM on a whole drive with a single
setting in the installer. Just grab the ISO with the alternate installer[1]
and choose "use the whole disk for encrypted LVM" (or compatible) in the
partitioning tool. The installer also allows for advanced configuration, like
setting up swap and /tmp on partitions encrypted with one-time keys, while
still making it fairly difficult to screw up.

Tails comes with preinstalled and preconfigured Tor and I2P and, what's
important, with almost all other connectivity blocked. Just download it[2],
verify the signatures, and put on a USB key. Right now, it's difficult to add
persistent storage[3] but they're working on it. Also, as an additional
precaution, physically removing the USB key will make Tails shut down and wipe
memory.

[1] [http://www.ubuntu.com/download/ubuntu/alternative-
download#a...](http://www.ubuntu.com/download/ubuntu/alternative-
download#alternate) [2] <https://tails.boum.org/index.en.html> [3]
[https://tails.boum.org/forum/How_do_I_do_what_unetbootin_doe...](https://tails.boum.org/forum/How_do_I_do_what_unetbootin_does/#comment-
fc6a0040a29918839343a50396ef4082)

~~~
sliverstorm
_I would rather use turn-key, ready-to-use solutions made by someone more
versed than me._

Privacy doesn't work like that. It isn't set-it-and-forget-it. If you aren't
constantly policing yourself, all the full-disk encryption and Tor networks in
the world can't keep you anonymous.

~~~
wvs
Privacy doesn't, but encryption does. You don't want to set up Tor or I2P only
to find out later that traffic you thought was encrypted actually wasn't.

~~~
gcr
Hence the need for constant policing yourself and auditing the software you
use.

------
zokier
Hyperboles, image macros, Guy Fawkes masks, factual errors. Sounds like an
average Pirate Party operation. The intentions are good for sure, but I doubt
that this site is useful for a lot of people as it stands now. Of course it
being a wiki it has a chance to evolve and grow into an actual gold mine of
information. But I'm quite skeptical for now.

~~~
dasil003
Yes. I have a fondness in my heart for manic armless lazy-eye shouting guy,
but it really doesn't send the right signal.

------
FaceKicker
It's somewhat ironic that this site doesn't support https

------
summerdown2
> to counteract the increasing threat of total communications surveillance by
> governments

So I guess SSL man in the middle will be coming soon? If it isn't here
already, of course.

Doesn't anyone else feel that the answer to over-surveillance from the
government isn't a technological arms race but a political debate about the
virtues of freedom?

~~~
elemeno
It's already here and it's been here for a while.

I work in the financial industry where there are some strict regulatory
requirements about information flow (you know, things like like insider
trading and maintaining firewalls between different parts of big banks and
stuff like that) and all the large banks that I know of are performing an SSL
man-in-the-middle on their gateways and have been for quite a while.

Within a corporate setting it's very easy to do - you issue your own certs
which are set to be trusted by internal computers and reencrypt with those at
the gateways.

~~~
bigiain
That works when "the corporation" controls your desktop and the certs your
browser trusts, doesn't work so well when your (personal) smartphone or iPad
is connecting out of the office over the cell network.

The recent Mozilla/Trustwave (and DigiCert before) debacles make it very clear
that a nation-state level adversary is almost certainly capable of SSL mitm-
ing just about any internet traffic they want. Unless you're getting your data
in and out of your country via encrypted packets over ham radio (and into a
country you trust), there's just too few businesses a government agency would
have to "lean on" to ensure your SSL encrypted packets are reliably secure.

------
joejohnson
>>>Intermediate:

>>> \- Encypting your Entire Hard Drive with Truecrypt (Mac and Windows)

Do people recommend this method, or is Apple's built-in full disk encryption
sufficient?

~~~
derrida
I wouldn't trust Apple on security. They are currently producing computers
with ports that have direct access to the RAM. Also, you can root a mac with
physical access in about 10 seconds. (On startup CTRL-S , mount the hd, delete
find and delete .Apple*, restart). There is also that issue with the Indian
government. Also in the past they have had major problems with FileVault
(search 'VileFault').

~~~
jcoder
Unless this allows you to access a Mac that has FileVault disk encryption
turned on, without the key, it's a red herring. Also, today's FileVault is a
completely different technology than the previous home dir encryption (which
AFAIK was never broken, but had some frustrating limitations, mainly regarding
backup).

~~~
derrida
You can retrieve the key if the computer is turned on by dumping the memory
from a Firewire or Thunderbolt port. If these ports are disabled you could use
the Cold Boot Attack. This is the same with all computers, it's just that
Apple continue to make them with Thunderbolt.

There may be other ways...

'Unlocking FileVault': <http://www.youtube.com/watch?v=doGzuOYCNJE>

~~~
rdl
Apple has made some progress on protecting from DMA attacks -- when the screen
locker is enabled, you can't do it. The kernel uses Intel VT-d for this; I'm
not sure if Linux or Windows do the same yet.

I knocked Apple a bit for security issues 2006-2009, but they've made a
serious effort to fix things starting sometime in 2010 or 2011. I mean, iOS
and the iPhone platform is probably one of the most secure mobile OSes now
(RIM edges it out, but RIM sucks). OS X has added other security features as
well, starting with 10.6.

------
rmk2
This would be a lot nicer if the dm-crypt tutorial for GNU/Linux wasn't
directly copied from the ArchLinux Wiki, but without actually fixing links and
explanations...

It's not bad to collect these things, but it's not really well done, and one
could have linked better resources, such as Markus Gattol's site about dm-
crypt for linux[1], or at least the original resources...

[1]: <http://www.markus-gattol.name/ws/dm-crypt_luks.html>

------
nextstep
From the page called "Filling Out Webforms": _...So many websites began asking
you questions that seemed innocuous, but were actually designed to allow you
to be controlled; so that Chinese authorities could make sure you were unable
to view photos of Tiananmen Square, American authorities could make sure you
were unable to view magazines published by "enemy" countries, and corporations
were able to gather all your information to sell you as a data-package._

I consider myself rather paranoid, but I think this might be a litte
exaggerated. However, this is all definitely possible, and if the governments
haven't already begun mass surveillance, they probably will.

~~~
morganpyne
Certainly the UK seems to have taken a giant leap in this direction recently
(unless this is a misguided April fool article):

<http://www.bbc.co.uk/news/uk-politics-17576745>

I think you are deluding yourself though if you believe that most major govts
are not doing wholesale digital trawling to the best of their (advanced)
abilitites already, regardless of whatever legislation is currently in place.

------
user2459
Here are some tips from the EFF on encryption:
<https://ssd.eff.org/tech/encryption>

