Changes between Version 8 and Version 9 of security


Ignore:
Timestamp:
Aug 17, 2017, 12:10:09 PM (4 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • security

    v8 v9  
    88
    99 Privacy::
    10   Who can see my communications?  Is it only the people I expect?  What does privacy mean when sending the same message to many people?  Who can breach the privacy?
     10  Who can see my communications?  Is it only the people I expect?  What does privacy mean when sending the same message to many people?  Who can breach the privacy? Am I protecting the privacy of my members or the people I'm working with?
    1111 Authenticity::
    1212  When I receive messages, how do i know who they're from?  Are they really from that person?  When I communicate messages where my identity is important and relevant, how can the people I'm communicating with know that my messages are really from me?
     
    1616  Is the communications medium i'm using something I can rely on?  Who controls the medium?  Can it be shut down or interrupted?  Will it be there when I need it urgently?
    1717
    18 == Jumping off points ==
    19  * [http://help.riseup.net/security/measures/ E-mail security suggestions from riseup.net]
    20  * [http://www.indymedia.org.uk/en/static/security.html Web browsing security suggestions from Indymedia UK]
    21  * [http://cmrg.fifthhorseman.net/wiki/TrustedPhysicalConsole Is the machine you are using secure? Do you have a Trusted Physical Console?]
    22  * Learn about (and use!) OpenPGP for e-mail.  A good way to start is with [http://enigmail.mozdev.org enigmail], an OpenPGP plugin for [http://mozilla.com/thunderbird the Thunderbird e-mail program].
    23  * If you use webmail (gmail, etc) and you want to use OpenPGP, look at [http://getfiregpg.org/ FireGPG], an OpenPGP plugin for [http://mozilla.com/firefox the Firefox Web browser].
     18Discussing this themes with your fellow organizers and activists is an excellent first step toward building security. Keep in mind that improvements in one area (like privacy) may lead to a decrease in security in another area (like reliability/access).
     19
     20One resource you may find helpful is a [https://network.progressivetech.org/system/files/ptp-digital-security-overview-worksheet.pdf worksheet developed by the Progressive Technology Project]. Try filling out both pages.
     21
     22You may also be interested in [https://riseup.net/en/security Riseup's security tutorial].
     23
     24== Resources ==
     25
     26 * Sending messages. One activity we engage in every single day is sending each other messages. Sending messages crosses all four themes, so picking the right method will depend on, for example, how you compare your need for privacy with your need for reliability.
     27  * Email is the oldest and most universal form of exchanging messages.
     28   * [wiki:faq/email/openpgp OpenPGP] is a method that allows you to encrypt your messages in a way that not even your Internet provider can decipher them. However, it is hard to setup and requires both you and the recipient are using it
     29   * Webmail vs a desktop or mobile client. Webmail is very convenient - if you have memorized your password, you can access it anywhere. However, it also means that all of your email is saved on the server, which could be subpoenaed. Alternatively, you can use a desktop or mobile client that downloads your email, removing it from the server. However, your phone or computer can be lost or subpoenaed. There is no right answer! But at MF/PL you can [wiki:/faq/email/configure-email choose between webmail or a client] based on your needs.
     30  * Other forms of instant messaging
     31   * All May First/People Link members can use [wiki:/how-to/jabber jabber] - which works on your computer and on your phone and supports end-to-end encryption.
     32   * Another popular, free and secure messaging applications is called [https://whispersystems.org/ Signal by Whisper Systems].
     33  * Web sites
     34  * Databases