The Calyx Institute is a research, education and legal support group devoted to researching and implementing privacy technology and tools to promote free speech, free expression, civic engagement and privacy rights on the Internet.
The need for appropriate tools and programs and associated knowledge to provide anonymity and privacy online is evident in how quickly Internet activity is being integrated into civic and political life around the globe.
The Organization will continue to develop and improve technology to transform the way the telecommunications industry works in terms of cybersecurity, privacy and freedom of expression. This will be accomplished through research and development, legal advocacy and defense, and by distributing information and open source software as widely as possible for the benefit of the general public.
hey folks. i was thinking of writing a bash script to backup my bookmarks regularly across the network. any idea where the iceweasel/firefox bookmarks are kept? or how to do the whole thing? encrypted?
Why don't you just set up Sync in IceTurtle?
thats why i put my post in the privacy and security area, i dont want to send all my bookmarks and whatnot (mostly animal porn sites) up to someone elses server where they can look through their stuff and laugh at people having sex with rabbits. my bookmarks are a reflection of me and therefore private. i was hoping more for a solution that is simple (like using GPG and tar to encrypt and package my bookmarks and then send via SCP to another computer on my lan).
i figured someone has done this. i have started on a script and unless anyone gets to me first i suppose ill post it before too long.
mostly animal porn sites
That's surprisingly honest considering the creepiness level. I guess you'll have to figure it out, I don't wanna have nothing to do with rabbit orgies.
well thats not exactly what my bookmarks are, but you get the point.
RT: Tell me about the most outrageous thing that you came across during your work at the NSA.
WB: The violations of the constitution and any number of laws that existed at the time. That was the part that I could not be associated with. That’s why I left. They were building social networks on who is communicating and with whom inside this country. So that the entire social network of everybody, of every US citizen was being compiled overtime. So, they are taking from one company alone roughly 320 million records a day. That’s probably accumulated probably close to 20 trillion over the years. The original program that we put together to handle this to be able to identify terrorists anywhere in the world and alert anyone that they were in jeopardy. We would have been able to do that by encrypting everybody’s communications except those, who were targets. So, in essence you would protect their identities and the information about them until you could develop probable cause, and once you showed your probable cause, then you could do a decrypt and target them. And we could do that and isolate those people all alone. It wasn’t a problem at all. There was no difficulty in that.
Possibly true, but have in mind RT stands for Russia Today and yeah
Possibly true, but have in mind RT stands for Russia Today and yeah
An excellent point. I understand that it is a good idea to take everything they say with a grain of salt
It is generally a good idea to take whatever anyone says with a pinch of salt, state and economic agendas are quite dominant in mass media.
The problem with quotes on the internet is you never know if they are genuine
On the original note, I just found DenyHosts that will watch your failed login attempts and add incessant IP addresses to your deny hosts file. I just put it in today after looking at /var/log/auth.log - Had like a few hundred attempts at my ssh at 4 am this morning. And I'm nobody!! Here's a link to a wiki page for it:
http://www.tomschaefer.org/wiki/index.p … _Denyhosts
Sometimes you run across a problem where regex is the best answer. Then you have two problems.
Freddythunder: setting a non-default port in /etc/ssh/sshd_config helps a lot too.
I use fail2ban.
Like many already said: i2p is very good.
Thank you all for contributing to and maintaining this topic.
As I have been reading through this thread I thought of a few things I'd like to mention:
On the first page in the addon-section there are some addons which don't appear to be that trustworthy. In particular:
1) SSL-Blacklist doesn't seem to be available much longer.
2) Showip Some users over at mozilla.org suspect this addon to be spyware.
3) BrowserProtect The same with this one.
4) Hide-My-IP Seems to be commercial software. Only supported on OSX and Win. Also how does it work? Who collects the data? What do they use it for? Why bother wasting time, money and trust with this tool when you could be using TOR?
Does anyone know how http://time.is/ finds my exact hometown? When i lookup my ip on different services, the result is never my city. So.. why is time.is so exact? Does anyone know?
Yup. It uses your IP-address to locate you. Try using it with TOR and you will see the difference.
If you want to get rid of your useragent entirely, create a new String preference in about:config
and leave it blank.
I would strongly advise against this. Not using a user-agent lets you stick out like hell from the crowd of browsers out there. Go to panopticlick.eff.org to verify what I just wrote.
See the section on Firefox in my thread on security for a better configuration.
In the security thread I already mentioned twice in this short post O:) I go over a lot of stuff that hasn't been discussed here. So if you're interested just have a look. I will be updating that post regularly as soon as I think it needs updating. That could be because I have to refine/revise what I wrote there - or because someone pointed me to a better solution or another tool/config to use. What I want to get at is: there will be some change going on in that thread and you are heartily invited to contribute to it.
Maybe over time it becomes so comprehensive that I (or some volunteer) will host it as a separate website/blog to make the content available to a larger audience.
Last edited by sorcerer's_apprentice (2013-02-11 23:52:38)
Change the link for CookieSafe (Firefox add-on) to:
This topic is all the more valuable given the revelations about the NSA/PRiSM/Boundless Informant nightmare.
Oh wow, this is fantastic! Just the sort of thing I was looking for! Much thanks to everyone who has contributed their knowledge and skill.
Now this is a great topic. Thanks to everyone.
Phear the Penguin.
I am not CrAzY. And I have a paper from the doctors to prove it!
encrypt emails in transit
use gpg with mutt check out archwiki mutt for setting up gpg and using encrypted saved passwords.
if you use public networks like cafe's,libraries,hotels,etc. or woried about sniffers why not encrypt those messeges with simple mutt config inputs. other clients are probably more self explanitory
set pgp_decode_command = "gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f" set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f" set pgp_decrypt_command = "gpg --passphrase-fd 0 --no-verbose --batch --output - %f" set pgp_sign_command = "gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f" set pgp_clearsign_command = "gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f" set pgp_encrypt_only_command = "pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --e set pgp_encrypt_sign_command = "pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign % set pgp_import_command = "gpg --no-verbose --import -v %f" set pgp_export_command = "gpg --no-verbose --export --armor %r" set pgp_verify_key_command = "gpg --no-verbose --batch --fingerprint --check-sigs %r" set pgp_list_pubring_command = "gpg --no-verbose --batch --with-colons --list-keys %r" set pgp_list_secring_command = "gpg --no-verbose --batch --with-colons --list-secret-keys %r" set pgp_autosign = yes set pgp_sign_as = 0x######## # to find your public key use gpg --list-keys set pgp_replyencrypt = yes set pgp_timeout = 1800 set pgp_good_sign = "^gpg: Good signature from"
the default server in debian gpg is a front for many servers so it will let your public key be known to the servers it pipes to.
for better privacy in that not putting your used keys on sites would entail giving them to the resipient by other means and editing the above.
Last edited by bleach (2013-09-28 08:40:18)
obstacles are only in your mind. how you deal with them is what "matters".
According to the following article, NetworkManager stores wi-fi passwords in plain text by default. There are tips in the article for making your setup more secure, to include not using NetworkManager.
Linux User #586672
Come and Die -- Kyle Idleman