so it's not pushed by accident.

More streamlining and simplifying the intro and the "what is a key?" section needed. Also adding a section on the web of trust.

This question came up in a crypto party I did in NYC and I had no good answer for the person. When I went online to look for a guide on how to verify checksums, I found hardly anything about it beyond the Tor and Tails sites about verifying their particular checksums.

PR incoming.

I've shortened this section slightly and pulled in some new information that's come out in the intervening two years.

This section should ideally focus on helping the user understand how Tor works, how to use it, and how to use it correctly. A small section on Tor for mobile users would probably benefit users. Updated images and screenshots would be helpful. Pitfalls such as unencrypted sites, Flash, additional extensions, and PDF documents should be explained as well. We know the NSA tried (and failed) to break Tor, that probably deserves a mention.

I think it's a little bit confusing to have the PGP images going back and forth between [email protected]. Can we change them to go from one e-mail address to a different one?

Needs some updates, including Manning's forename, and bringing up logs as something that can still catch you out if you're using OTR. About to submit a RP with more specific points.

The original Encryption Works mentions in passing that you can use PGP in other ways apart from e-mail encryption, but I'd like it to go into more detail, specifically talking about PGP file encryption. This [unless I'm much mistaken] adds another layer of security along with full-disk encryption and allows you to use a cloud provider like Dropbox with more confidence.

Here's some wording I was thinking of:

"As well as powering e-mail encryption with a desktop client like Apple Mail or Thunderbird, you can also use PGP to encrypt files on your hard-drive with your public key. This serves as a second layer of protection on top of hard-drive encryption and also allows you to use traditionally insecure cloud storage systems with a new degree of trust: with PGP-encrypted files, you can store documents on Dropbox that not even they can access or read."

We can also add screenshots, e.g. to point out how easy it is to encrypt on Mac with GPGTools installed:

O que sabemos sobre este serviço de email? Podemos confiar?

That said, this asks the larger Q of how much we should be giving step-by-step guides. I talk about Enigmail and your keychain assuming the reader's already set up PGP, but haven't provided a step-by-step guide. Is our prospective reader reading this with something like ssd.eff.org's PGP for Mac tutorial open in another tab?

Proposed wording:

How To Verify Someone's Key in Enigmail and View Signatures

If you're a journalist trying to get to grips with these privacy tools, it's useful to get together with colleagues and help one another with setup. In addition, you can verify one another, which makes it harder for you to be individually attacked. By having a key signed by colleagues and other people you trust, it's harder to be the victim of an attack where someone tries to steal your identity.

Here's how to verify someone's GPG key:

• Meet your colleagues face-to-face. Each person should bring their own laptop.
• Make sure your key is uploaded to a key-server. In the "Key Management" section of Enigmail, right-click and select "Upload Public Keys to Keyserver." It should suggest pgp.mit.edu by default, which will work fine.
• Search for your friend's key in the keyserver and download it into your keychain. Then, verbally verify that the fingerprints are the same. If you know your colleagues, this is enough, but if you're unsure of names, feel free to ask pople to bring some form of ID so you can double-check.
• Once you've verified their key is correct, you should sign it with yours.
• You can see who else has signed a person's key by clicking on it and choosing "View Signatures" from the "Select action ..." drop-down menu.
• In the end, each person should have an GPG keyring containing signed keys of each other person.

Warning: This guide has not updated in over a year. Freedom of the Press Foundation is working on an updated version. If you're interested in contributing, or have ideas for what this guide should cover, please submit issues on GitHub

Is this being edited // written somewhere? How can people contribute actively - do you need help writing it, or should we just point out errors // add suggestions here?

That code, that's open and public so that fellow cypherpunks may practice and play with it, which anyone in the world can freely use, makes the basis of the software and protocols that we can trust: TLS (the encryption that powers HTTPS), LUKS (disk encryption built-in to GNU/Linux), OpenPGP, Off-the-Record, and Tor.

TLS, like the SSL it is derived from, suffers from a major problem: anyone designated as a "certificate authority" is capable of generating bogus certificates for any domain name in the world, allowing their possessors to impersonate that site in a way that most users and most browsers will never detect. And the list of certificate authorities is huge, and includes nasty governments all over the world.

For a sampling of breaches this has already caused, go to
https://duckduckgo.com/?kh=1&q=certificate+authority&sites=www.schneier.com%2Fblog
and read the first 10 or 20 hits.

TLS really needs to be rebuilt from the ground up to use a PGP-like "web of trust" security model, and EFF has a project in progress now, "Sovereign Keys", that shows promise of doing this in the future. But in the meantime, I suggest that we try to identify those CAs that we do need to trust and can trust, and publish it, so that people who need secure communications can disable all but those CAs in their browsers. (In Firefox this setting is under Tools -> Options -> Advanced -> Certificates.)

I got more feedback:

With respect to your audience, which includes journalists and potential whistle-blowers as well as experienced computer users and people already concerned with electronic privacy, you might consider framing the discussion around uses rather than methods. For example, a journalist might be concerned with establishing that an email comes from the alleged sender (hence authentication), a whistleblower might be concerned about having her or his work computer swept for transcripts of IM exchanges (hence forward secrecy) or having outgoing email searched for key documents (hence encryption), both parties might be worried about MITM (hence fingerprint identification). As I mentioned above new users often find my/your public/private complicated and it may be easier for people to wrap their heads around the methods if they can visualize the uses.

I think this is a great idea. I think it makes the most sense to add a new section (maybe at the end, after the Tails section) full of hypothetical examples, and what people should do in those situations.

Close this if it is already done.

We should add a section about two secure decentralized mail systems called BitMessage and I2P Bote. They are both serverless and hard to intercept.

Encryption Works 1.0 doesn't mention SecureDrop once -- I agree with Runa's suggestion that we should, but instead of a section, I just included a mention in the "about" section currently tucked in at the bottom (although maybe should be a prelude of sorts?)

In any case, this is the wording I've been toying with:

About Freedom of the Press Foundation

“A cantankerous press, an obstinate press, a ubiquitous press must be suffered by those in authority in order to preserve the even greater values of freedom of expression and the right of the people to know.”
—Judge Murray Gurfein, Pentagon Papers case, June 17, 1971

The Freedom of the Press Foundation is a 501(c)3 non-profit organization dedicated to helping support and defend public-interest journalism focused on exposing mismanagement, corruption, and law-breaking in government. We accept tax-deductible donations to a variety of journalism organizations that push for transparency and accountability, and we work to preserve and strengthen the rights guaranteed to the press under the First Amendment. We also manage SecureDrop, an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz. Click here to see a full list of news organizations which have implemented SecureDrop.

The guide is technically sound, but it is unclear who the target audience is and what level of technical proficiency is expected. Do we want to target journalists with some existing knowledge of digital security tools and threat models or a more general audience?

While PGP can be used to send encrypted emails, it can also be used to verify digital signatures for software (e.g. the Tor Browser Bundle). It might make sense to talk about some of the pitfalls when trusting the Thunderbird extension and talk about other ways to use PGP (e.g. copy/paste between browser and text editor). Perhaps also mention how one can export and import keys, as well as upload/download keys using a key server. I hear this section also has some missing steps.

We should convert "Encryption Works" to pandoc and use this as the single, canonical source for this document. @garrettr said he could convert the current document, and I will use pandoc when updating it later this year.

I do a lot of shit-talking on Skype but don't offer alternatives for voice calls. @lazzarello, wanna write a new calls section (and possibly video calls, if the technology is there yet)?

I do most of the Skype shit-talking in the 'Software You Can Trust' section, but I think it makes sense to leave it all in that section, but also add a new section for encrypted voice, maybe after OTR and PGP but before Tails.

Publishing with https://www.gitbook.io/ will give us the benefit of auto-generated books in [pdf, epub, mobi] format. This gives us the benefit of dynamic content along with the convenience of it being easily readable on e-readers, printable, etc.

This requires a few changes to the repo structure. See https://github.com/GitbookIO/gitbook

The guide should include a section about Tails 1.1, I think covering how to use the system on a daily (at least regular) basis would be beneficial for a lot of readers.

The guide should ideally mention SecureDrop and explain what it is, briefly how it works, and perhaps also list some of the media organizations currently using it.

Currently all of the links in encryption_works.md point to raw.github.com, which is a weird way to do it. I suspect this was done to get Github's auto-generated Markdown to work automatically. We should be able to instead use local links, e.g.

![](images/torbrowser.png)

instead of

![](https://raw.github.com/micahflee/encryption-works/master/images/torbrowser.png)

This is important because it breaks PDF rendering with Pandoc. It will also create problems as we edit the document and add new images.

The guide seems to assume the reader is U.S. based and that NSA surveillance is at the core of her threat model. We should alter the framing to make it a bit more generic and interesting to a wider audience. While we should still mention the NSA, it would be good to focus on all the other very realistic threats most journalists face. Perhaps also re-title the guide something like "Encryption Works: A Guide to Protecting Your Privacy for Journalists, Sources, and Everyone Else."

TrueCrypt was (effectively) taken offline by its developers in May 2014. The sites truecrypt.org and truecrypt.sourceforge.net still exist, but all you can obtain there is a "crippled" version of the program, version 7.2, which is identical to the last "real" version, 7.1a, except that they've disabled the creation of new TrueCrypt volumes.

The only explanation given is that Windows Vista (and later versions) offer volume encryption of their own. But as your document (and ssd.eff.org) point out, Microsoft is known to put NSA backdoors in its products, so that's not a reasonable alternative even for Windows users, and of course the Mac and Linux users who rely on TC don't have that as an option anyway.

I would like to see this product resurrected under new ownership. And I have copies of TrueCrypt 7.1a, both binary and source, and am willing to share them. But unless that happens I'm afraid we'll have to refer to TrueCrypt in the past tense.

Pandoc can render encryption_works.md to a number of formats. We currently offer html, pdf, and odt copies of the paper on the FPF site. I just tested the PDF rendering and it looks pretty good, but there are some issues that need to be fixed:

• Some image formatting is messed up
• Table of contents
• Footnotes (links work fine though)
• Page numbers

Streamlining and simplifying down the language. PR incoming.

Encryption Works 1.0 was titled Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance. I think that the guide is geared toward a larger audience than just people who are worried specifically about the NSA -- good passphrase knowledge, two-factor auth, etc. will prevent against fitting attacks and social engineering, which is something journalists (and others) have to protect against.

With all that in mind, my proposed title for the updated Encryption Works is: Encryption Works: A Guide to Protecting Your Privacy for Journalists, Sources, and Everyone Else.

There's been some discussion around the fact that the Encryption Works guide exists in multiple formats: LibreOffice/OpenDocument, PDF and Markdown files all included in this repository.

It's hard to keep all of these updated simultaneously, and there are some differences between them. Ideally, we should have a single canonical source document that receives edits, and conversion should be automatic or at least very easy, with little manual work required.

In steps @garrettr:

I recommend that we switch over to using pandoc and have a single,
canonical source of the document.

Pandoc supports an extended syntax for markdown, including all the
features Kevin mentioned he wanted from OpenOffice. See [0] for the full
list.

It also interconverts between a crazy variety of formats, including PDF
and OpenOffice. I think the PDFs it produces are pretty, since it uses
LaTeX for typesetting.

It would be nice to use Travis or something so updated versions of the
markdown file are automatically run through Pandoc and updated on the
website. This should be very easy to do.

I am willing to convert the existing document to pandoc markdown as a
starting point for this.

[0] http://johnmacfarlane.net/pandoc/README.html

Readers would benefit from more detailed information about how they can create anonymous emails account (in the 'workflow' section), other than just "find another email provider to use instead."

Currently, the section on smart passphrases is housed in passphrases, between "keypairs and keychains" and a section on Gpg4win and GPGTools, which feels random to me.

I suggest creating a new section on threat modeling which includes an intro as to what TM is, but also has subsections on operational security, passphrases, full-disk encryption and physical security.

I got feedback about the 'Encrypting, Decrypting, and Signatures' subsection in the '"Pretty Good Privacy" (PGP) Email Encryption' section.

In the email example on pp.18-20, the discussion would be clearer if the screenshot email weren't from and to you. For newcomers to public-key encryption, there is often confusion about my/your public/private keys.

I think this makes a lot of sense, and should take the time to set up new email addresses and keys to explain how it works better.

The original Encryption Works doesn't mention Signal or TextSecure -- a section should be added explaining what the apps do and why it's a good idea to use them.

There's been some discussion on Slack as to what Encryption Works should be -- I know it's not a how-to document (see ssd.eff.org for that), but in the discussion of PGP, I think a section on what it doesn't do is important for understanding it.

I've created a fork for the spanish version, but i don't know if this is right or if would be better to have a encryption_works_es.md in the origina project...?

What about recommending TorBirdy for email anonymization. I like it, but find it very hard to install. I think it would be very beneficial to give a step-by-step guide on how to install it.

I'm unconvinced that Encryption Works should include many how-tos, since these things go out of date pretty quickly. With that in mind, I'd like to pull out the section talking about what software to use with OTR and replace it with a link to The Intercept's guide to Chatting In Secret While We're All Being Watched.

PR incoming.

we're doing the fork + pull method

It would be great if Encryption Works was published in a way that would allow readers to comment on individual paragraphs, similar to what you see on medium.com.

One of the things I wanted to do with EW 2.0 was reflect two years of Snowden revelations, new writings, talks, etc. I really liked Snowden's "The World Says No to Surveillance.". Let's open the last section with it. (I've also reworked some of the language.)

Parts of this section can be simplified down -- mentioning the socialist millionaire problem and hash collisions is probably a little beyond the purview of EW.

The original Encryption Works has a section of keys and key exchanges. It mostly deals with the fact that if your private key is compromised, an attacker can man-in-the-middle you. I think it's important to mention MITM attacks but I want to expand the section to describe what keys do, in the simplest terms I could.
e

In the "Tails" section, the screenshots are for a previous version of the software. It should look something like:

I know the document is geared towards encryption rather than authentication but as you already have a small section on authentication in PGP and a section on creating secure passwords, could there also be a section on the various methods of 2 factor authentication and login? Sorry if this it too much trouble, I'm not an expert or a writer. I'd just be interested in learning about authenticators, key fobs, yubikey, cellphone authentication, etc so I'm just wishing for it. Mark me down for a +1 wish.

I think there's some confusion we should address as to what Google Chat's in-browser "off the record" setting does versus cypherpunks' OTR.

The Workflow section, at the bottom of the Tails section, briefly mentions making anonymous Jabber and email accounts. I think this should be fleshed out more because it's actually much more difficult and annoying that it seems.

Also, I think Workflow should be it's own major section.

For Jabber, I mention going to https://register.jabber.org/ to create a new Jabber account, but they disabled new account creation awhile ago. There's a list of public Jabber servers here http://xmpp.net/, and many of them require you to use your chat client to do account creation, and many also require you to copy and paste a URL to see a CAPTCHA. I should walk through this whole process.

For email, it turns out making an anonymous email account is a huge pain. Many email services require a phone number for account creation. Many require a secondary email address. Many don't seem to work, or at least not over Tor. Many would work fine but don't support IMAP or POP, so can't be used with Claws Mail or Thunderbird. I also don't know what email services to recommend. In this case of anonymous email services, being able to easily create an account with Tor and a fake name is more important than the security or jurisdiction of the server.

Rip out the whole section and replace with a link to Schneier's Choosing Secure Passwords

I hear Jitsi is a good alternative to Pidgin, it even comes with OTR installed and enabled by default (I have not used this tool myself). This section should ideally explain that users should wait for the encrypted session to be established before saying anything more than "hi" or "ping". It would be helpful to mention alternative ways to exchange fingerprints, I hear some people use Twitter DMs for this purpose (whether that is something we want to recommend is something we should discuss).