|
|
[[TOC(noheading)]]
|
|
|
|
|
|
= Sponsor O Curriculum Modules =
|
|
|
# Sponsor O Curriculum Modules
|
|
|
The content below was authored in August 2014, during the week of the 11th. Modules 1 & 4 were written by K. Misata, and 2 & 3 were written by C. Childs. This content will not be used to replace any current existing documentation, but rather to create slides / content for the Sponsor O training curriculum.
|
|
|
|
|
|
We agreed on the modules below as they are some of the most frequently asked questions / frequently taught applications (Tor Browser, Tails, etc..).
|
|
|
|
|
|
Below, you will find the content for the Sponsor O train-the-trainer curriculum.
|
|
|
== Module 1: Introduction to Tor ==
|
|
|
'''TIME:''' estimated time to teach = 60 minutes with 20 minutes Q&A for live lectures.
|
|
|
## Module 1: Introduction to Tor
|
|
|
**TIME:** estimated time to teach = 60 minutes with 20 minutes Q&A for live lectures.
|
|
|
|
|
|
'''TECH REQUIREMENTS:''' none - this is an introductory lecture.
|
|
|
**TECH REQUIREMENTS:** none - this is an introductory lecture.
|
|
|
|
|
|
'''GOAL:''' This module will cover how The Tor Project came into existence, its mission, an overview of the community, and will introduce Tor's ecosystem.
|
|
|
**GOAL:** This module will cover how The Tor Project came into existence, its mission, an overview of the community, and will introduce Tor's ecosystem.
|
|
|
|
|
|
'''OBJECTIVES:''' Upon on completion of this module participants will understand the following concepts
|
|
|
**OBJECTIVES:** Upon on completion of this module participants will understand the following concepts
|
|
|
1) History of The Tor Project
|
|
|
2) Tor's Mission and Community Structure
|
|
|
3) What is Anonymity Anyway?
|
|
|
4) The Tor Ecosystem of Technologies and How They Work
|
|
|
|
|
|
=== LECTURE NOTES ===
|
|
|
The following are lecture notes designed to help guide the presenter through the module. These notes will also lay the foundation for the script for the online learning modules. Last, each section will have areas in '''BOLD''', these key points will be the basis for the slides. Suggestions on images for slides are also included and indicated by [IMAGE: X]
|
|
|
The following are lecture notes designed to help guide the presenter through the module. These notes will also lay the foundation for the script for the online learning modules. Last, each section will have areas in **BOLD**, these key points will be the basis for the slides. Suggestions on images for slides are also included and indicated by [IMAGE: X]
|
|
|
|
|
|
=== History of The Tor Project ===
|
|
|
### History of The Tor Project
|
|
|
|
|
|
* Original Onion Routing Technology
|
|
|
In 2002, Tor's founders Roger Dingledine and Nick Matthewson were students at MIT when they were introduced to Paul Syverson of the Naval Research Labs. The three worked together on the design, implementation, and deployment of the third-generation onion routing project of the U.S. Naval Research Laboratory. The primary purpose of onion routing was to protect government communications. Today, it is used every day for a wide variety of purposes by everyday people, the military, journalists, law enforcement officers, activists, and many others.
|
... | ... | @@ -31,24 +31,24 @@ In 2002, Tor's founders Roger Dingledine and Nick Matthewson were students at MI |
|
|
* Fueled by over 6000 volunteers donating bandwidth;'''
|
|
|
* Open Source technology that relies on the work and research of the larger Tor community to keep it viable.
|
|
|
|
|
|
'''Three Points to Remember - this may be used as a quiz:'''
|
|
|
**Three Points to Remember - this may be used as a quiz:**
|
|
|
|
|
|
* Tor is not an acronym - through the technology is based on the onion router, The Tor Project is not an acronym for The Onion Router. This is often misrepresented in the media. Tor is our name with the first letter only being capitalized.
|
|
|
* Tor's Technology is Free - as mentioned above The Tor Project is an open source project and the software is available to all.
|
|
|
* Tor's Network is Run by Volunteers
|
|
|
|
|
|
|
|
|
'''What is Onion Routing Technology?'''
|
|
|
**What is Onion Routing Technology?**
|
|
|
|
|
|
The Onion Routing program is made up of projects researching, designing, building, and analyzing anonymous communications systems. The focus is on practical systems for low-latency Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routing servers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the onion routing network.
|
|
|
|
|
|
|
|
|
=== Tor's Mission ===
|
|
|
### Tor's Mission
|
|
|
|
|
|
'''Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention.''' We build innovative, sustainable technology solutions to help people take control of their lives and be free. Keeping the doors to freedom of expression open is what Tor does best.
|
|
|
**Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention.** We build innovative, sustainable technology solutions to help people take control of their lives and be free. Keeping the doors to freedom of expression open is what Tor does best.
|
|
|
|
|
|
=== Community [IMAGE: Crowd] ===
|
|
|
''' Who uses Tor: '''
|
|
|
### Community [IMAGE: Crowd]
|
|
|
** Who uses Tor: **
|
|
|
* Researchers
|
|
|
* Military
|
|
|
* Law Enforcement
|
... | ... | @@ -67,7 +67,7 @@ Many people often think we are either an enormous organization with offices all |
|
|
* Real People - our organization and our extended community is made up of regular people in over 90 countries around the world.
|
|
|
|
|
|
|
|
|
=== How Tor Makes a Difference ===
|
|
|
### How Tor Makes a Difference
|
|
|
|
|
|
* Protecting Online Privacy for All
|
|
|
* Partnering with Academics and Research Institutions
|
... | ... | @@ -76,7 +76,7 @@ Many people often think we are either an enormous organization with offices all |
|
|
* Defeating Censorship
|
|
|
* Fighting Domestic Violence
|
|
|
|
|
|
=== Commonly Asked Questions ===
|
|
|
### Commonly Asked Questions
|
|
|
|
|
|
* How Safe is Tor?
|
|
|
* What do you do about the bad actors who use Tor?
|
... | ... | @@ -86,7 +86,7 @@ Many people often think we are either an enormous organization with offices all |
|
|
=== What does anonymity really mean? ===
|
|
|
This is a difficult question and one we suspect will be on many people's minds for a long time to come. However we can begin to look at it in these ways.
|
|
|
|
|
|
''' Is it just wishful thinking?: '''
|
|
|
** Is it just wishful thinking?: **
|
|
|
|
|
|
* “You can’t prove it to me!”
|
|
|
* “Promise you won’t look.”
|
... | ... | @@ -95,31 +95,31 @@ This is a difficult question and one we suspect will be on many people's minds f |
|
|
* “Isn’t the Internet already anonymous?”
|
|
|
|
|
|
|
|
|
''' Often people want answers to what anonymity means including:'''
|
|
|
** Often people want answers to what anonymity means including:**
|
|
|
|
|
|
* '''Prove it....''' it’s a strong word with lots of meanings - statistical analysis allow suspicion to become certainty.
|
|
|
* '''Promise you won’t tell/look/remember...''' does everyone have the same incentives, abilities and integrity?
|
|
|
* '''The Internet is already anonymous...''' think we all know the answer to this today.
|
|
|
* '''I'm not doing anything wrong so why should I be anonymous...''' people often feel that if they aren't doing anything bad or secret then why should they use tools like Tor. Well, we like to remind people that both benign and malicious actors can be looking and collecting information about you and though that may seem OK today, we don't have the crystal ball to the future telling us how that information may be used accurate or in a skewed manner against us.
|
|
|
* **Prove it....** it’s a strong word with lots of meanings - statistical analysis allow suspicion to become certainty.
|
|
|
* **Promise you won’t tell/look/remember...** does everyone have the same incentives, abilities and integrity?
|
|
|
* **The Internet is already anonymous...** think we all know the answer to this today.
|
|
|
* **I'm not doing anything wrong so why should I be anonymous...** people often feel that if they aren't doing anything bad or secret then why should they use tools like Tor. Well, we like to remind people that both benign and malicious actors can be looking and collecting information about you and though that may seem OK today, we don't have the crystal ball to the future telling us how that information may be used accurate or in a skewed manner against us.
|
|
|
|
|
|
|
|
|
''' But how do we make sense of all of this? Try and think of anonymity this way...'''
|
|
|
** But how do we make sense of all of this? Try and think of anonymity this way...**
|
|
|
|
|
|
* '''Anonymity Loves Company''' - hiding in the crowd of other people
|
|
|
* '''Look like the rest of the crowd''' - if we all look the same we will all be protected.
|
|
|
* '''Hides who is communicating with whom''' - if you want to have a truly private conversation with someone using tools to achieve that is necessary in today's digital environment.
|
|
|
* '''Inputs, outputs and in-between''' - it's important to remember we can just look at protecting what is being sent or who it's going to. Lots of sophisticated eavesdroppers look at the traffic flows before they reach their destination.
|
|
|
* **Anonymity Loves Company** - hiding in the crowd of other people
|
|
|
* **Look like the rest of the crowd** - if we all look the same we will all be protected.
|
|
|
* **Hides who is communicating with whom** - if you want to have a truly private conversation with someone using tools to achieve that is necessary in today's digital environment.
|
|
|
* **Inputs, outputs and in-between** - it's important to remember we can just look at protecting what is being sent or who it's going to. Lots of sophisticated eavesdroppers look at the traffic flows before they reach their destination.
|
|
|
* Use Tor...
|
|
|
|
|
|
|
|
|
In the end, though, good information security is rarely about fending off sophisticated cyber attacks and Hollywood-style hackers. It’s about understanding the motives and capabilities of those who might want to attack you, and developing consistent habits based on those assessments.
|
|
|
|
|
|
== Module 2: The Tor Browser ==
|
|
|
'''TIME:''' Estimated - 60 minutes, with 15 minutes of Q&A.
|
|
|
## Module 2: The Tor Browser
|
|
|
**TIME:** Estimated - 60 minutes, with 15 minutes of Q&A.
|
|
|
|
|
|
'''TECH REQUIREMENTS:''' Laptop running a current version of Linux, Windows or OSX (if hands-on). Must be x86-based.
|
|
|
**TECH REQUIREMENTS:** Laptop running a current version of Linux, Windows or OSX (if hands-on). Must be x86-based.
|
|
|
|
|
|
'''GOAL:''' For all participants to feel comfortable installing, verifying and running the Tor Browser. Also, all participants should feel comfortable with retrieving and using both custom and built-in bridges.
|
|
|
**GOAL:** For all participants to feel comfortable installing, verifying and running the Tor Browser. Also, all participants should feel comfortable with retrieving and using both custom and built-in bridges.
|
|
|
|
|
|
=== How the TBB protects your privacy===
|
|
|
* https://www.mozilla.org/en-US/firefox/organizations/
|
... | ... | @@ -130,61 +130,61 @@ In the end, though, good information security is rarely about fending off sophis |
|
|
|
|
|
The Tor Browser is based on Mozilla's Extended Support Release (ESR) Firefox branch. We have a series of patches against this browser to enhance privacy and security. Browser behavior is additionally augmented through the Torbutton extension, though we are in the process of moving this functionality into direct Firefox patches. We also change a number of Firefox preferences from their defaults.
|
|
|
|
|
|
=== Downloading the TBB ===
|
|
|
### Downloading the TBB
|
|
|
* https://www.torproject.org/projects/torbrowser.html.en
|
|
|
* https://blog.torproject.org/blog/ways-get-tor-browser-bundle
|
|
|
|
|
|
=== Verifying the TBB ===
|
|
|
### Verifying the TBB
|
|
|
* https://www.torproject.org/docs/verifying-signatures.html.en
|
|
|
* https://www.torproject.org/docs/signing-keys.html.en
|
|
|
|
|
|
'''Why?'''
|
|
|
**Why?**
|
|
|
|
|
|
How do you know that the Tor program you have is really the one we made? Many Tor users have very real adversaries who might try to give them a fake version of Tor — and it doesn't matter how secure and anonymous Tor is if you're not running the real Tor.
|
|
|
|
|
|
'''What?'''
|
|
|
**What?**
|
|
|
|
|
|
Each file on our download page is accompanied by a file with the same name as the package and the extension ".asc". These .asc files are GPG signatures. They allow you to verify the file you've downloaded is exactly the one that we intended you to get. For example, tor-browser-2.3.25-13_en-US.exe is accompanied by tor-browser-2.3.25-13_en-US.exe.asc.
|
|
|
|
|
|
'''How?'''
|
|
|
**How?**
|
|
|
|
|
|
'''Windows:''' http://gpg4win.org/download.html
|
|
|
**Windows:** http://gpg4win.org/download.html
|
|
|
|
|
|
Once gpg4win is installed, use GnuPG to import the key that signed your package. Since GnuPG for Windows is a command-line tool, you will need to use cmd.exe. Unless you edit your PATH environment variable, you will need to tell Windows the full path to the GnuPG program. If you installed GnuPG with the default values, the path should be something like this:
|
|
|
{{{
|
|
|
```
|
|
|
C:\Program Files\Gnu\GnuPg\gpg.exe.
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
Erinn Clark signs the Tor Browser Bundles. Import her key '''(0x416F061063FEE659)''' by starting cmd.exe and typing:
|
|
|
Erinn Clark signs the Tor Browser Bundles. Import her key **(0x416F061063FEE659)** by starting cmd.exe and typing:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
"C:\Program Files\Gnu\GnuPg\gpg.exe" --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x416F061063FEE659
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
After importing the key, you can verify that the fingerprint is correct:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
"C:\Program Files\Gnu\GnuPg\gpg.exe" --fingerprint 0x416F061063FEE659
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
You should see:
|
|
|
{{{
|
|
|
```
|
|
|
pub 2048R/63FEE659 2003-10-16
|
|
|
Key fingerprint = 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659
|
|
|
uid Erinn Clark <erinn@torproject.org>
|
|
|
uid Erinn Clark <erinn@debian.org>
|
|
|
uid Erinn Clark <erinn@double-helix.org>
|
|
|
sub 2048R/EB399FD7 2003-10-16
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
To verify the signature of the package you downloaded, you will need to download the ".asc" file as well. Assuming you downloaded the package and its signature to your Desktop, run:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
"C:\Program Files\Gnu\GnuPg\gpg.exe" --verify C:\Users\Alice\Desktop\tor-browser-3.6.3_en-US.exe.asc C:\Users\Alice\Desktop\tor-browser-3.6.3_en-US.exe
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
The output should say "Good signature":
|
|
|
{{{
|
|
|
```
|
|
|
gpg: Signature made Wed 31 Aug 2011 06:37:01 PM EDT using RSA key ID 63FEE659
|
|
|
gpg: Good signature from "Erinn Clark <erinn@torproject.org>"
|
|
|
gpg: aka "Erinn Clark <erinn@debian.org>"
|
... | ... | @@ -192,33 +192,33 @@ gpg: Signature made Wed 31 Aug 2011 06:37:01 PM EDT using RSA key ID 63FEE659 |
|
|
gpg: WARNING: This key is not certified with a trusted signature!
|
|
|
gpg: There is no indication that the signature belongs to the owner.
|
|
|
Primary key fingerprint: 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
Notice that there is a warning because you haven't assigned a trust index to this person. This means that GnuPG verified that the key made that signature, but it's up to you to decide if that key really belongs to the developer. The best method is to meet the developer in person and exchange key fingerprints.
|
|
|
|
|
|
'''OS X:''' https://gpgtools.org/
|
|
|
**OS X:** https://gpgtools.org/
|
|
|
|
|
|
Once gpgtools is installed, use GnuPG to import the key that signed your package. Erinn Clark signs the Tor Browser Bundles. Import her key (0x416F061063FEE659) by starting the terminal (under "Applications") and typing:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x416F061063FEE659
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
After importing the key, you can verify that the fingerprint is correct:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
gpg --fingerprint 0x416F061063FEE659
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
To verify the signature of the package you downloaded, you will need to download the ".asc" file as well. Assuming you downloaded the package and its signature to your Desktop, run:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
gpg --verify /Users/Alice/TorBrowser-3.6.3-osx-i386-en-US.zip{.asc,}
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
The output should say "Good signature":
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
gpg: Signature made Wed 31 Aug 2011 06:37:01 PM EDT using RSA key ID 63FEE659
|
|
|
gpg: Good signature from "Erinn Clark <erinn@torproject.org>"
|
|
|
gpg: aka "Erinn Clark <erinn@debian.org>"
|
... | ... | @@ -226,15 +226,15 @@ gpg: Signature made Wed 31 Aug 2011 06:37:01 PM EDT using RSA key ID 63FEE659 |
|
|
gpg: WARNING: This key is not certified with a trusted signature!
|
|
|
gpg: There is no indication that the signature belongs to the owner.
|
|
|
Primary key fingerprint: 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
Notice that there is a warning because you haven't assigned a trust index to this person. This means that GnuPG verified that the key made that signature, but it's up to you to decide if that key really belongs to the developer. The best method is to meet the developer in person and exchange key fingerprints.
|
|
|
|
|
|
''' Linux:''' Most Linux distributions come with gpg preinstalled, so users who want to verify the Tor Browser for Linux (or the source tarball) can just follow along with the instructions above for "Mac OS X".
|
|
|
** Linux:** Most Linux distributions come with gpg preinstalled, so users who want to verify the Tor Browser for Linux (or the source tarball) can just follow along with the instructions above for "Mac OS X".
|
|
|
|
|
|
=== Successfully use the TBB ===
|
|
|
### Successfully use the TBB
|
|
|
|
|
|
'''Windows'''
|
|
|
**Windows**
|
|
|
|
|
|
1. Visit https://www.torproject.org/projects/torbrowser.html.en
|
|
|
2. Download the latest stable Tor Browser for "Microsoft Windows"
|
... | ... | @@ -242,7 +242,7 @@ Notice that there is a warning because you haven't assigned a trust index to thi |
|
|
4. Follow the signature verification steps in 'Verifying the TBB'.
|
|
|
|
|
|
|
|
|
'''Linux'''
|
|
|
**Linux**
|
|
|
|
|
|
1. Visit https://www.torproject.org/projects/torbrowser.html.en
|
|
|
2. Download the latest stable Tor Browser for "Linux"
|
... | ... | @@ -250,7 +250,7 @@ Notice that there is a warning because you haven't assigned a trust index to thi |
|
|
4. Follow the signature verification steps in 'Verifying the TBB'.
|
|
|
|
|
|
|
|
|
'''OSX'''
|
|
|
**OSX**
|
|
|
|
|
|
1. Visit https://www.torproject.org/projects/torbrowser.html.en
|
|
|
2. Download the latest stable Tor Browser for "Mac OS X"
|
... | ... | @@ -258,36 +258,36 @@ Notice that there is a warning because you haven't assigned a trust index to thi |
|
|
4. Follow the signature verification steps in 'Verifying the TBB'.
|
|
|
|
|
|
|
|
|
=== Successfully acquire / use bridges with the TBB ===
|
|
|
### Successfully acquire / use bridges with the TBB
|
|
|
* https://bridges.torproject.org/
|
|
|
* https://blog.torproject.org/blog/ways-get-tor-browser-bundle
|
|
|
|
|
|
'''How to use built-in bridges'''
|
|
|
**How to use built-in bridges**
|
|
|
|
|
|
When to use
|
|
|
* If you cannot reach the Tor network
|
|
|
|
|
|
When you launch the bundle, select the option to configure additional settings, and navigate to the bridge page. Once you reach the bridge page, you should see a drop-down menu that contains "obfs3", "fte", and "FlashProxy".
|
|
|
|
|
|
'''Custom Bridges'''
|
|
|
**Custom Bridges**
|
|
|
|
|
|
When to use
|
|
|
* If you cannot reach the Tor network
|
|
|
* If using Tor is dangerous in your region
|
|
|
|
|
|
'''How to acquire'''
|
|
|
**How to acquire**
|
|
|
|
|
|
* visit https://bridges.torproject.org/
|
|
|
* email bridges@torproject.org
|
|
|
* email help@rt.torproject.org (only if previous two fail)
|
|
|
|
|
|
'''How to use custom bridges'''
|
|
|
**How to use custom bridges**
|
|
|
|
|
|
When you launch the bundle, try selecting the option to configure additional settings, and navigate to the bridge page. Once you reach the bridge page, you should see a text box; this is where you enter the bridges you have retrieved using one of the previous methods.
|
|
|
|
|
|
=== Support ===
|
|
|
### Support
|
|
|
|
|
|
'''Still need help?'''
|
|
|
**Still need help?**
|
|
|
|
|
|
If you have any questions, trouble connecting to Tor network, or need to talk to a human, please contact our support team at:
|
|
|
|
... | ... | @@ -298,29 +298,29 @@ If you have any questions, trouble connecting to Tor network, or need to talk to |
|
|
* help-fr@rt.torproject.org for French
|
|
|
* help-zh@rt.torproject.org for Mandarin
|
|
|
|
|
|
== Module 3: Tails ==
|
|
|
'''Module 3:''' Downloading and running Tails
|
|
|
## Module 3: Tails
|
|
|
**Module 3:** Downloading and running Tails
|
|
|
|
|
|
'''Time:''' ?? (this is going to be a long one, I would need to test-drive this before having any idea how long it will take with a group)
|
|
|
**Time:** ?? (this is going to be a long one, I would need to test-drive this before having any idea how long it will take with a group)
|
|
|
|
|
|
'''TECH REQUIREMENTS:''' Laptop running a current version of Linux, Windows or OSX (if hands-on). Must be x86-based.
|
|
|
**TECH REQUIREMENTS:** Laptop running a current version of Linux, Windows or OSX (if hands-on). Must be x86-based.
|
|
|
|
|
|
'''Goal:''' For everyone to feel comfortable downloading, verifying and burning/"installing" Tails. Also, all users should feel comfortable with the process for using bridges within Tails.
|
|
|
**Goal:** For everyone to feel comfortable downloading, verifying and burning/"installing" Tails. Also, all users should feel comfortable with the process for using bridges within Tails.
|
|
|
|
|
|
=== How to download / verify Tails ===
|
|
|
### How to download / verify Tails
|
|
|
First, visit https://tails.boum.org/download/index.en.html#first_time and read through this page. It is extremely helpful for new Tails users, and is important that they read / understand it. (Possibly pull content from this page for slides, it is very well done)
|
|
|
|
|
|
=== How to successfully boot Tails ===
|
|
|
### How to successfully boot Tails
|
|
|
|
|
|
'''Burning:'''
|
|
|
**Burning:**
|
|
|
|
|
|
The Tails documentation recommends following Ubuntu's guide at https://help.ubuntu.com/community/BurningIsoHowto, it covers all major platforms and has images to help guide users.
|
|
|
|
|
|
'''Booting:'''
|
|
|
**Booting:**
|
|
|
|
|
|
This process will be different per-machine, due to differences in bios utilities. In general, follow the steps below:
|
|
|
|
|
|
'''Selecting "boot" menu:'''
|
|
|
**Selecting "boot" menu:**
|
|
|
1. Reboot your machine with the Tails disk in the tray.
|
|
|
2. Some machines have a "boot menu" that can be accessed during start up, which allows you to modify which device you want to boot from without changing the boot order permanently. If your machine supports this, you should see a message saying "Press F12(or some other key) for boot menu", or a similar message.
|
|
|
3. Press the key for the boot menu, and select your CD/DVD tray.
|
... | ... | @@ -328,7 +328,7 @@ This process will be different per-machine, due to differences in bios utilities |
|
|
|
|
|
OR
|
|
|
|
|
|
'''Changing boot order:'''
|
|
|
**Changing boot order:**
|
|
|
1. Reboot your computer with the CD/DVD in the tray.
|
|
|
2. When your machine turns back on, there will likely be something that reads "Press F12(or some other key) to enter setup", or a similar message. Press this key.
|
|
|
3. Once your bios setup comes up (this should be pretty obvious, usually says 'bios' in some form at the top), look through the menus for 'boot order'.
|
... | ... | @@ -336,36 +336,36 @@ OR |
|
|
5. Save and exit.
|
|
|
6. Tails should now boot.
|
|
|
|
|
|
=== How to successfully acquire / use bridges in Tails ===
|
|
|
### How to successfully acquire / use bridges in Tails
|
|
|
* https://tails.boum.org/doc/first_steps/startup_options/bridge_mode/index.en.html
|
|
|
* https://tails.boum.org/doc/first_steps/startup_options/network_configuration/index.en.html
|
|
|
|
|
|
== Module 4: Tips and Tricks to Improve Digital Safety ==
|
|
|
'''TIME:''' estimated time to teach = 60 minutes with 30 minutes Q&A for live lectures.
|
|
|
## Module 4: Tips and Tricks to Improve Digital Safety
|
|
|
**TIME:** estimated time to teach = 60 minutes with 30 minutes Q&A for live lectures.
|
|
|
|
|
|
'''TECH REQUIREMENTS:''' none - this is not a hands-on lecture.
|
|
|
**TECH REQUIREMENTS:** none - this is not a hands-on lecture.
|
|
|
|
|
|
'''GOAL:''' This module is intended to be the final in the series and touches on topics spanning beyond Tor in order to provide participants with a broader understanding of digital safety and where the knowledge they acquired from the first 4 modules fit in.
|
|
|
**GOAL:** This module is intended to be the final in the series and touches on topics spanning beyond Tor in order to provide participants with a broader understanding of digital safety and where the knowledge they acquired from the first 4 modules fit in.
|
|
|
|
|
|
'''OBJECTIVES:''' Upon on completion of this module participants will understand the following concepts
|
|
|
**OBJECTIVES:** Upon on completion of this module participants will understand the following concepts
|
|
|
1. Additional technologies which can improve digital safety - including OTR, Orbot
|
|
|
2. Changes in behavior to increase digital safety or put someone at risk
|
|
|
3. Understanding more key terms including encryption, PGP, OTR, etc.
|
|
|
4. Recommendations on where to go next for more information.
|
|
|
|
|
|
|
|
|
=== LECTURE NOTES ===
|
|
|
The following are lecture notes designed to help guide the presenter through the module. These notes will also lay the foundation for the script for the online learning modules. Last, each section will have areas in '''BOLD''', these key points will be the basis for the slides. Suggestions on images for slides are also included and indicated by [IMAGE: X]
|
|
|
### LECTURE NOTES
|
|
|
The following are lecture notes designed to help guide the presenter through the module. These notes will also lay the foundation for the script for the online learning modules. Last, each section will have areas in **BOLD**, these key points will be the basis for the slides. Suggestions on images for slides are also included and indicated by [IMAGE: X]
|
|
|
|
|
|
In this final module of our introductory series we will discuss other key technologies, behaviors, and familiarize you with terminologies to help you raise your digital safety even higher. We encourage you to contact some of the resources mentioned in this module for further instructions and insights. This module is intended to be the final in the series and touches on topics spanning beyond Tor in order to provide participants with a broader understanding of digital safety and where the knowledge they acquired from the first 4 modules fit in.
|
|
|
|
|
|
=== Humans in the System ===
|
|
|
When we are discussing digital security, it is important to remember that there are humans in the system and by design we are all flawed.
|
|
|
|
|
|
=== What are we putting out in the wild? ===
|
|
|
### What are we putting out in the wild?
|
|
|
First, before even thinking about technology solutions being more aware of what you put out there into the wild is important. Though you may not be doing anything nefarious, someone may still be watching and waiting. Sharing all parts of our personal and professional lives on social media and the Internet is becoming so common place that people are almost unconscious. Many strongly believe that what they put on Facebook can only be seen by certain people and that by putting inappropriate content on the Internet with the intention of being "funny" may not be in the long run.
|
|
|
|
|
|
=== What technologies are you using? ===
|
|
|
### What technologies are you using?
|
|
|
Do your own inventory and look at what technologies you are using and how. This should offer a glimpse of where security / privacy awareness should or can be increased.
|
|
|
|
|
|
* Emails
|
... | ... | @@ -375,10 +375,10 @@ Do your own inventory and look at what technologies you are using and how. This |
|
|
|
|
|
When we are talking about communication and in today's world it isn’t just a single bucket - the lines are constantly being blurred. Consider communications with sources, conducting research, personal contacts, and professional activities - how are they all connected, where do overlaps exist which may create risk, what devices are being used?
|
|
|
|
|
|
=== No such thing as 100% security ===
|
|
|
### No such thing as 100% security
|
|
|
Though there are many products out there that offer the "best" security or "100%" security it's critical to remember that nothing can be completely secure. For all the reasons discussed above - when there are humans in the system there will always be flaws either in design or in use. Also, human beings are unpredictable and many people spend a lot of energy focusing on the bad actors in the world. Our recommendation is to educate yourself on where you are vulnerable and adopt either technologies or changes in behavior to offset those risks.
|
|
|
|
|
|
=== Top 5 things to remember ===
|
|
|
### Top 5 things to remember
|
|
|
* Anonymity Loves Company
|
|
|
Over a 1/2 million people every day use Tor and other anonymity tools. Are some of those people malicious? Probably, but the majority are not. We are working to help ensure that anonymity no longer is a dirty word implying that someone is doing something nefarious.
|
|
|
|
... | ... | @@ -393,7 +393,7 @@ Know where you are online and be cautious with how much information you give out |
|
|
|
|
|
* Use Tor
|
|
|
|
|
|
=== Helpful links ===
|
|
|
### Helpful links
|
|
|
* https://torproject.org
|
|
|
* https://torproject.org/torbrowser
|
|
|
* https://blog.torproject.org
|
... | ... | |