The Crypto Paper
Written by @CryptoSeb and taken offline recently. Archived, updated and web-friendly now on Privacy Guides by PrivacyTools.io.
Table of Contents
The paper covers four different threat models:
- 1st Threat-Model: Common Internet Users
- The difference between Privacy, Security and Anonymity
- Defining Your Threat-Model
- Your primary tool to keep data secure: Encryption
- Your first choice for better internet privacy: Firefox Browser
- How does HTTPS / Browser Encryption work?
- Choosing and Using Strong Passwords and Manage them easily
- Hashing & Authentication: How are your passwords stored on websites?
- Once it is out on the Internet, it's impossible to take it back or erase for good
- 2nd Threat-Model: Tech Geeks
- A Starting Place for Business and Tech Geeks
- Securely Transmitting Information - Messaging & Calling
- Secure Email in Switzerland: ProtonMail
- Daily go-to Secure Messaging Apps for Better Privacy
- Messaging privately and securely with the XMPP/Jabber Protocol
- Messaging with Signal by Open Whisper Systems
- Apple's iMessage Service and Privacy
- Storing & Sharing in the Cloud: Finding the Right Provider to Protect Your Privacy
- Securing Online Accounts: Always use Two-Factor Authentication
- Full Disk Encryption: Strongest Counter to Surveillance, Attack and Theft of Your Devices
- A Complete Guide to Virtual Private Networks (VPNs)
- Firewalling Your Network Connections: Windows, MacOS and Linux
- 3rd Threat-Model: Investigative Journalists, Government Members, CEOs
- How is the Five Eyes Intelligence Alliance Related to Your Privacy?
- Breaking Down a Privacy Service: What's Really Under the Rug?
- The Importance of Free and Open-Source Software for Privacy Tools
- GPG/PGP Based Encryption & Authentication for Emails
- Gaining Anonymity: The Tor Network & Tor Browser Bundle
- Keeping Personal Information Out and Using an Alias to Hide Your Real Identity
- Cell Phones are not Devices that Aid in Being Anonymous
- What is Metadata and how can it hurt your Privacy?
- Anonymity and the Challange of Payment Methods
- Deleting and Decluttering Data to Improve Privacy
- Secure Operating Systems: Tails, Debian and Qubes OS
- 4th Threat-Model: Whistleblowers and Investigative Journalists Under Threat
- The Issues with Free and Open-Source Software for Privacy Tools
- Using Virtual Private Networks (VPN) and Tor Together
- Advanced Password Management and Storage
- Advanced Encryption Chapter
- Acceptable Places to Communicate Securely with Another Party
- File-Change Detection or Integrity Monitoring Systems
- Emergency Preparedness: A Plan for Worst Case Scenarios
About the Authors
Hello. My name is CryptoSeb or just Seb. Back in 2015, some online friends and I noticed a gap in the information being provided to people to better their knowledge of security, privacy, and anonymity in our ever-changing digital world. We could find papers, forum posts, and discussion around little bits and pieces but we had to do the searching ourselves and put it all together. It really wasn’t suitable for like 75% of the Internet population. So in early 2016, I had this idea of writing a paper that would encompass everything related to security, privacy, and anonymity but tailor it to all walks of Internet users; whether that is my 59-year-old grandma, or Edward Snowden like individuals. This paper, titled “The Crypto Paper” resembles the beginning of my alias because it largely a collection of my own personal thoughts, knowledge, and experiences. As well, this paper is not going to be something that strikes every individual in a good spot 100% of the time – you WILL disagree with some of what is included and that is perfectly fine. We encourage you to submit corrections or give suggestions on how we can improve it.
Bitmarauder As a cypherpunk and wanderer on these here wires, from time to time you will find that my hands feel the need make note of what I've learned in my travels in search for truth and freedom. By trade/study I work in infosec. My anonymity and privacy when necessary are huge.
Reviewing / Content Editing
Originally, I had these high hopes for this paper to get peer-reviewed by some big(ger) name people in the privacy/security industry and even though many of them agreed to take on the task, lives are busy and the paper is 61 pages. So I am just going to have to settle with a little more harsh criticism from the public. I know there has to be places in here where I am dead wrong or you think I should add/take out something so I encourage you to really speak up if you see the need. I intend on publishing an edited version 1-2 months from the initial release.
Note: Contact information of the authors removed since they've decided to take the paper offline.
Reasons Behind The CryptoPaper
Back in mid 2015, I (among other friends) started to see a real issue with the people using the Internet. Not only were they using it completely incorrectly on so many different levels, but they didn’t have the resources to acquire accurate knowledge and change their behaviors. It isn’t necessarily the fact that people want to use the Internet incorrectly, it’s just that we have come from Windows 95, 50 pound desktop computers, 512mb of RAM, and Minesweeper, to petabyte servers, Google, self-driving cars, and ransomware in the course of 16 years. We have made technological leaps forward and it is literally consuming the massive portion of the population who weren’t born/raised in this era or who don’t have an interest in becoming “tech-savvy”. And yes, consuming is the right word. I swear if a computer could eat you, some of the 65-year-old people trying to text their grandchildren would be gone. That phone would have a mental break down as they ‘attempt’ to use it correctly and just eat them.
But I have nothing against people who cannot seem to understand the security/privacy/anonymity aspects revolving around technology. That is actually the reason for this paper being developed in the first place. I want all my grandmas to be successful Internet users and not have to approach it with such a disconnect. Furthermore, we want avid tech people to also find a benefit and learn a little as well.
Designing something of this magnitude wasn’t as easy as you would think. I needed a way to separate the content so it had some sort of “flow” to it. But I also needed it to be something that wouldn’t lose the less experienced people right off the start. The idea I came up with was the split it into four categories of people:
- Common Internet Folk
- Business & Tech Geeks
- Government Level Individuals
- Edward Snowden?
As you move up from one category to the next, the information becomes more intensive and techy. I hope that this method ensures adequate learning on behalf of ALL Internet individuals and we definitely encourage you to learn in the sections where you are lost. This is meant to be a tool of knowledge to promote your learning!
Finally, I am able to say that The Crypto Paper is complete! It is a huge achievement for me to say that. Writing this paper has taken countless hours, lots of research, and one too many discussions with people who have more knowledge and experience than myself. One of the older fellows that I have nightly coffee with made a comment to me that it was nearly impossible for him to keep up with the advancements we are making in technology and the way he talked about it, it was almost like he was just trying to stay afloat. This hit me as rather concerning. If we are moving this fast into a digitized world, where will my parents be in 5, 10, 20 years time? Would they be able to keep up? Or would they feel just as helpless? I got a lot of the inspiration for writing this paper from the amount of people I talk to who have zero clue how to keep up, stay secure, and even properly run a business in our Internet world today. But because I have been involved in, and always really interested in learning about security, privacy, and anonymity, I wasn’t just going to stop with the basics. I have had a fair amount of previous experience with the areas covered in this paper. So I figured it would be a great challenge to take on and I definitely had fun.
Even if you were only able to get through the first category/section before being completely lost, I hope you were able to take something away from The Crypto Paper. And if you made it all the way to the end and had some concerns with things I have written about or views that I have, I encourage you to get in touch and discuss them with me. I mentioned in the introduction that this is largely a construction of the experiences and knowledge I have had and acquired over the last few years being a part of this “scene” so I know it will definitely not be perfect. Everyone who is well versed in these fields will have their own views on the topics discussed and many will have a lot more knowledge than myself. So if you are one of these individuals, please don’t be shy. Out of all of this, I want it to be a learning tool for not only those reading, but also myself. I will work on and improve this paper as I have time and as I receive criticisms and suggestions.
Please feel free to contact either of us with any and all concerns, questions, or feedback. We look forward to hearing from you! Official Subreddit: https://reddit.com/r/cryptopaper
Thanks so much for reading. I encourage you to link to this paper, print it off, share it in any way you see fit. Just please do not alter the paper in a way that would discredit the many hours I have put into developing and writing it and the many hours others have spent reviewing it before it went public.