1) What is the Tor Project?
2) What is the Tor Browser Bundle?
3) What is Orbot?
4) What are some additional browser security addons?
5) What is TrueCrypt?
6) What is OTR?
7) What is Tails?
8) What is WhisperSystems?
9) What is bitmessage?
10) What is an ideal world to protect my privacy online?
What is the Tor Project
A free software implementation of second-generation onion routing, a system enabling its users to communicate anonymously on the Internet
What is the Tor Browser Bundle (TBB)?
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.
You can use Tor by installing the browser bundle at:
Download the browser bundle and extract it to some place on your local hard drive, I would suggest using an encrypted volume or removable media (such as a usb stick) that supports hardware encryption.
What is Orbot?
Orbot is an application that allows mobile phone users to access the web, instant messaging and email without being monitored or blocked by their mobile internet service provider. Orbot brings the features and functionality of Tor (read more below) to the Android mobile operating system.
Orbot 188.8.131.52 (packaging Tor 0.2.2.25) is currently available in the Android Market and from the Tor Project website.
You can use the Orweb Privacy Browser, which only works via Orbot and Tor.
You can also try Firefox Mobile with our ProxyMob Add-On to browse via the Tor network.
For Instant Messaging, please try Gibberbot which provides integrated, optional support for Orbot and Tor.
Transparent Proxying: You must root your device in order for Orbot to work transparently for all web and DNS traffic. If you root your device, whether it is 1.x or 2.x based, Orbot will automatically, transparently proxy all web traffic on port 80 and 443 and all DNS requests. This includes the built-in Browser, Gmail, YouTube, Maps and any other application that uses standard web traffic.
What are some additional browser security addons?
If you're not going the route of using the TBB or some other anonymizing services, you can use these
solutions and technologies to help to protect yourself online
HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web: Install HTTPS Everywhere today.
Adblock Plus blocks all annoying ads on the web by default: video ads on YouTube, Facebook ads, flashy banners, pop-ups, pop-unders and much more.
Simply install Adblock Plus to your browser (it is available for Firefox, Chrome and Opera) or your Android smartphone or tablet and all intrusive ads are automatically removed from any website you visit.
The EasyList subscriptions are lists of filters designed for Adblock Plus that automatically remove unwanted content from the internet, including annoying adverts, bothersome banners and troublesome tracking. The subscriptions are currently maintained by three authors, MonztA, Famlam and Khrin, who are ably assisted by an ample forum community.
Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior.
Ghostery tracks over 1,200 trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
What is truecrypt?
TrueCrypt is a freeware software application used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or (under Microsoft Windows except Windows 2000) the entire storage device (pre-boot authentication).
TrueCrypt supports Microsoft Windows, Mac OS X and Linux operating systems (using FUSE). Both 32-bit and 64-bit versions of these operating systems are supported, except for Windows IA-64 (not supported) and Mac OS X 10.6 Snow Leopard (runs as a 32-bit process). The version for Windows 7, Windows Vista, or Windows XP can encrypt the boot partition or entire boot drive. There is an independent, compatible implementation, tcplay, for DragonFly BSD and Linux.
TrueCrypt supports a concept called plausible denyability, by allowing a single "hidden volume" to be created within another volume. In addition, the Windows versions of TrueCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.
The TrueCrypt documentation lists many ways in which TrueCrypt's hidden volume deniability features may be compromised (e.g. by third party software which may leak information through temporary files, thumbnails, etc., to unencrypted disks) and possible ways to avoid this. In a paper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The study suggested the addition of a hidden operating system functionality; this feature was added in TrueCrypt 6.0. When a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks. The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released.
What is GnuPG?
GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.
GnuPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government.
Suggested reading: https://en.wikipedia.org/wiki/GnuPG
What is OTR?
Pidgin is a free and open source client that lets you organize and manage your different Instant Messaging (IM) accounts using a single interface. The Off-the-Record (OTR) plug-in designed for use with Pidgin ensures authenticated and secure communications between Pidgin users.
Both Pidgin and OTR are available for Microsoft Windows and for GNU/Linux. Another multi-protocol IM program for Microsoft Windows that supports OTR is Miranda IM. For the Mac OS we recommend using Adium, a multi-protocol IM program that supports the OTR plugin.
Pidgin is a free and open source Instant Messaging (IM) client that lets you organize and manage your different (IM) accounts through a single interface. Before you can start using Pidgin you must have an existing IM account, after which you will register that account to Pidgin. For instance, if you have an email account with Gmail, you can use their IM service GoogleTalk with Pidgin. The log-in details of your existing IM account are used to register and access your account through Pidgin.
Pidgin is strongly recommended for IM sessions, as it offers a greater degree of security than alternative messaging clients, and does not come bundled with unnecessary adware or spyware which may compromise your privacy and security.
Off-the-Record (OTR) messaging is a plugin developed specifically for Pidgin. It offers the following privacy and security features:
Authentication: You are assured the correspondent is who you think it is.
Deniability: After the chat session is finished, messages cannot be identified as originating from either your correspondent or you.
Encryption: No one else can access and read your instant messages.
Perfect Forward Security: If third party obtains your private keys, no previous conversations are compromised.
Note: Pidgin must be installed before the OTR plugin.
Note: All users are encouraged to learn as much as possible about the privacy and security policies of their Instant Messaging Service Provider.
What is Tails?
Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.
It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer's original operating system. It is based on Debian GNU/Linux.
You can get the pre configured anonymizer system that looks like Windows 7 on a bootable DVD from jomahali.de
What is Whisper Systems?
WhisperSystems is an opensource project dedicated to helping to secure your mobile devices file systems and communications.
RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
Use the default system dialer and contacts apps to make calls as you normally would.
RedPhone will give you the opportunity to upgrade to encrypted calls whenever possible.
RedPhone calls are encrypted end-to-end, but function just like you're used to.
RedPhone uses your normal phone number to make and receive calls, so you don't need yet another identifier.
TextSecure encrypts your text messages over the air and on your phone. It's almost identical to the normal text messaging application, and is just as easy to use.
A full replacment for the default text messaging application.
All messages are encrypted locally, so if your phone is lost, your messages will be safe.
Messages to other TextSecure users are encrypted over the air, protecting your communication in transit.
Google Chrome Warning
This Browser sends the name of the file you're downloading to Google for whitelist checking; stores your IP address associated with the file for a few weeks.
Every URL you even begin to type in the address bar is sent to Google, in whole or in fragments, for auto-completion purposes.
Connects to Google every 30 minutes to download a list of malicious URLs, so the fact that you even have Chrome open is transmitted to Google.
Asks you to login to your Google account, so your browsing tabs, history, etc. is stored on Google servers.
Connects to websites in the background before you are even finished typing them in, without your explicit instruction.
Contains an RLZ identifier, an encoded string sent together with all queries to Google.
Summary: There is nothing, nothing, you can do in Chrome that isn't transmitted to Google through some channel.
Welcome to the botnet.
A fork of Firefox optimized for modern CPU architectures. Does not include Firefox's Australis GUI.
A WebKit based browser aimed towards GNU/Linux users. Sports a cleaned up GUI that integrates better with most desktop environments, a built in ad blocker, and a unified history/bookmarks/RSS reader window.
A lightweight WebKit based browser. Features a built-in ad blocker and cookie manager.
What is bitmessage?
It's completely free
No advertisements anywhere
No tracking with Google Analytics or other services at all
Send and receive E-Mails from/to Bitmessage addresses
Send and receive E-Mails from/to other E-Mail addresses
Personal Bitmessage address
Use the E-Mail client you are satisfied with and all its features (address book, spam filter, folders, rules, etc).
Instant delivery (no POW) if your contact has an @bitmessage.ch address too.
Server supports IMAP, POP3 and SMTP
SSL secured with a valid certificate
Easy readable alias address
No Proxy or TOR required but TOR hidden service and I2P address available (see FAQ)
Webmail Access from everywhere.
Two webmail systems, one optimized for bitmessage compatibility, one for all E-Mail features (attachments, MIME, ...)
Auto responder if you are away or want to set up a mailing list.
Auto forwarder to an external address.
Two auto signatures (Plain Text and HTML).
Rules for automatic message filtering.
A free anonymous email service that allows you to retain your complete privacy and when coupled with gnupg it will allow you to have a completely secure messaging platform that cannot be cracked or tracked by anyone.
What would this look like in an ideal world?
For general web-browsing use Tails from an encrypted/hidden partition on removable media. You will not have flash and/or java support but with the implementation of HTML5 it won't matter for much longer. If you absolutely have to use a site that requires Java or Flash, then your identity might be exposed.
You can create hidden/encrypted volumes for multiple virtual machines that you use for other things, like "vulnerability assessments".
While your ISP cannot intercept your communications and neither can the government in these scenarios they can see that you are sending a large amount of encrypted traffic from your location, which could raise a red flag for certain 3-letter acronyms interested in your activities.
Using the technique of encryption within encryption you could use multiple "proxified" connections using ssh/tor and other means to obfuscate your traffic. It is possible to use tails as a virtual machine with all of it's traffic proxied to a remote SSH session. This will effectively send all your tor traffic via an ssh session,
The government is coming after your privacy, using the technologies outlined here will make it very difficult if not impossible to be able to track you online.
Some random helpful free tools.