An interesting perspective on Internet privacy techniques can be found here.
PGP (Message Encryption)
Enigmail with Thunderbird
By far the easiest method for encrypting email is using the Enigmail add-on for the Thunderbird email client. It creates PGP key pairs, stores and retrieves keys from keyrings, and encrypts and decrypts messages automatically.
- Menu -> Applications -> Accessories --> Passwords and Encryption Keys
Tor (Network Privacy)
Tor is a project to allow privacy while using the Internet and to limit usage tracking. It routes your traffic through several anonymous nodes, so that your usage appears to come from an IP other than your own. (There are always risks when using the Internet that even Tor can not help with, though. Read this.) Using Tor can slow down your Internet usage significantly, depending on how much traffic is being passed through the Tor network (routine file-sharing or large downloads will also significantly reduce performance of the Tor network.)
- Install the Privoxy http proxy:
sudo apt-get install privoxy
- Install Tor by following the instructions here. Note that the instructions require port 11371 on your firewall to be open to use the gpg keyserver (and download the key for the debian package). Then see the Tor installation guide for details.
- For more installation tips, see this page.
Vidalia (Tor interface)
Vidalia is the recommended Qt4-based GUI frontend for Tor. If not installed with Tor, install:
sudo apt-get install vidalia
Torbutton (Firefox plug-in)
DNS Servers and Search engines
- Most users rely on the DNS server of their ISP (Internet Service Provider). DNS queries can be recorded, however, and theoretically correlated by an ISP to the data traffic to/from a user's IP address serviced by that ISP. A somewhat less trackable solution is to use a DNS service that does not belong to your ISP. This can belong to any another commercial ISP or to a third party service such as OpenDNS, Comodo, ScrubIT, Google (though slightly less secure due to Google's own tracking mechanisms), another free DNS service, or (for maximum security) a publicly-available international DNS server. For example, a Verizon customer could use the AT&T DNS servers or the OpenDNS servers. An AT&T customer could use one of the Verizon servers or the Google servers. It is important to use a reliable DNS provider, however, as man-in-the-middle DNS redirection and DNS cache poisoning attacks are increasingly common. Stick to one of the major DNS services (just not your own ISP's DNS service).
The DNS server setting can be changed in the router's settings (recommended) or individually for each computer. If changing on an individual computer, use the Network Manager or Wicd settings, or edit /etc/resolv.conf manually and change the nameservers to the addresses you desire to use:
sudo gedit /etc/resolv.conf
- Many search engines track your search requests (notably Google, Bing, and Yahoo) and keep logs of the searches they receive from your IP address. DuckDuckGo.com is a filtered search engine that has made its reputation not only by promising not to track searches, but also by providing a secure (encrypted), Tor-capable and anonymized search portal. Point your browser to https://duckduckgo.com. It can be used with your Torbutton turned on.
- Many censorship/filtering/tracking techniques (that use deep packet inspection) cannot be used with secure (SSL/TLS encrypted) websites (denoted by https:// ). Use them whenever possible. For example, use the secure Wikimedia portal for Wikipedia (and other Wikimedia services) instead of the insecure portal(s).
- Many websites keep logs of referring http headers (which can be correlated with cookies to track your browsing activities). To turn off the passage of referral headers in Firefox, see this info.
- Certificate authorities charge a fee to store and verify certificates. However, many websites use self-signed certificates that are not registered with any certifying authority. A free system of certificate "network notaries" has emerged called Perspectives. A certificate's validity (even if self-signed) can be checked using a Firefox plugin. For more info see this article.
- CAcert.org is a free certifying authority that maintains weak certificates that are recognized by many open source operating systems, but not by Firefox or most browsers. (For browsers that do not include CAcert.org recognition, certificates appear to be self-signed certificates.) While Debian incorporates CACert.org's root certificate by default, Ubuntu derivatives do not (Canonical was originally founded with funds earned from Thawte, a certifying authority founded by Mark Shuttleworth.)