Privacy enhancing applications and systems
Email: thomas[at]northernsecurity.netUrl: www.northernsecurity.net
Updated: 050525 List of applications and systems that prevents traffic analysis, supports encryption or in other ways improves your privacy on the Internet.
Note that the systems mentioned below can often be used in combination with the applications, Tor works perfectly for example with Firefox+Privoxy, Irssi and Gaim.
Basics
Before you start using the below applications and systems it's important to learn the basics: removing the cache, cookies and history from your web browser. Remember to set cache and history to a minimal amount and most sites dont need you to accept cookies to work, so enabling them is usually not recommended at all. Mozilla Firefox: Edit - Preferences - Privacy - Clear All - Clear All Information.Internet Explorer: View or Tools menu - Internet Options - General page, click on Delete files and Clear History. The rule of thumb is that you shouldn't save any information that you don't need, so when you are done using an application: remove the logs. In many cases logging isn't even necessary and should therefore not be enabled. Same goes for anything else, if you dont need it, remove it. Do not allow the browser to save passwords or form information. Firefox
Go to Edit - Preferences - Privacy - Cookies, disabled cookies and use Exceptions to create a list of sites that needs to set cookies for it to work. If you don't visit site that needs cookies, disable them all together.
prefs.js in your profile directory should include something like
user_pref("network.cookie.cookieBehavior", 2);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("pref.privacy.disable_button.clear_cookies", false);
user_pref("pref.privacy.disable_button.cookie_exceptions", false);
user_pref("privacy.item.cookies", true);
Add the following to user.js in your profile directory, you might need to create the file.
The following code will allow cnn.com and bbc.co.uk to use javascript and disable it for any other site. Disable javascript
if you dont need it.
# javascript whitelist
user_pref("capability.policy.policynames", "whitelist");
user_pref("capability.policy.default.javascript.enabled", "noAccess");
user_pref("capability.policy.whitelist.sites", "http://www.cnn.com http://www.bbc.co.uk");
user_pref("capability.policy.whitelist.javascript.enabled", "allAccess");
If you don't like manual editing, you might be interested in NoScript.
Prevent web pages from changing the text in the status bar:
# ban blind links
user_pref("capability.policy.default.Window.status", "noAccess");
In later versions of Firefox, you need to get a nightly-build at the moment,
you can enable the browser to do remote domain name look ups.
This is needed if you suspect that someone is tracking your browsing by
logging DNS requests or if you are using, for example, Tor. Read this for an explanation.The option network.proxy.socks_remote_dns is available via about:config and should look like
network.proxy.socks_remote_dns user set boolean trueRemove the default search engines from the searchplugins directory and use the Scroogle plugin instead. External documents:
EFF's Top 12 Ways to Protect Your Online Privacy
How to Blog Safely (About Work or Anything Else)
Privacy threats on the web
Blogging
Invisiblog.com"invisiblog.com lets you publish a weblog using GPG and the Mixmaster anonymous remailer network."
Chat
Most IRC-clients support SSL (XChat, Mirc, Irssi and Gossip for example) so those wont be listed. SILC"SILC Project develops the Secure Internet Live Conferencing protocol, which provides secure conferencing services." SILCnet could be viewed as a secure alternative to Internet Relay Chat.
"GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions." Hushmail
"Hush uses industry standard algorithms as specified by the OpenPGP standard (RFC 2240) to ensure the security, privacy and authenticity of your email." Web based, requires java. Mixmaster
"Mixmaster is the type II remailer protocol and the most popular implementation of it.
Remailers provide protection against traffic analysis and allow sending email anonymously or pseudonymously. Mixmaster consists of both client and server installations and is designed to run on several operation systems including but not limited to *BSD, Linux and Microsoft Windows." Mixminion
"Mixminion is the reference implementation of the Type III Anonymous Remailer protocol."
Instant messaging
Gaim"Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows." The only reason Gaim is on the list is that is supports SILC by default. See below for plugins or alternatives to the standard version. Gaim-Encryption
"Gaim-Encryption uses NSS to provide transparent RSA encryption as a Gaim plugin." Off-the-Record Messaging
"Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing encryption, authentication, deniability, perfect forward secrecy." Gaim plugin. PSI
Jabber client compatible with AIM, ICQ, MSNM and YahooM. Got GnuPG support.
Systems
I2P"I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. [...] I2P is not inherently an "outproxy" network - the client you send a message to is the cryptographic identifier, not some IP address, so the message must be addressed to someone running I2P." Jap
When using JAP, instead of "connecting directly to a webserver, users take a detour, connecting with encryption through several intermediaries, so-called mixes." Tor
"Tor is a network-within-a-network that allows people and groups to improve their privacy and security on the Internet." Tor uses mixes and the development is supported by the Electronic Frontier Foundation.
VoIP
SkypeSkype uses 256-bit AES encryption and 1536 to 2048 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login. NOTE: Proprietary protocol and closed source.
Web
FreenetThe Freenet network is entirely decentralized and publishers and consumers of information are anonymous. Privoxy
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads among other things.