-----BEGIN PGP SIGNED MESSAGE----- The Encryption and Security FAQ - Revision 9 by Doctor Who Introduction First of all, my sincere thanks for the many anonymous suggestions and hints to improve this FAQ. If I have missed something, my apologies. Just remind me and I will do my best to check it through and possibly include it in the next revision. The FAQ is intended to help those who wish to improve their privacy. IF you view or store sensitive material on your computer this FAQ could be of help to you. It is not intended as a comprehensive overview of computer security, merely a means to that end. Links are provided throughout the FAQ. They are repeated in a list at the end for your convenience. This FAQ concentrates on computer security of sensitive data in the home. It also touches on privacy whilst online with Email and Usenet postings. Why do I need Encryption? That is for each individual to answer for themselves. How does encryption work? In its simplest sense, the plaintext is combined with a mathematical algorithm (a set of rules for processing data) such that the original text cannot be deduced from the output file, hence the data is now in encrypted form. To enable the process to be secure, a key (called the passphrase) is combined with this algorithm. Obviously the process must be reversible, but only with the aid of the correct key. Without the key, the process should be extremely difficult. The history and progress of encryption is beyond the scope of this FAQ, but the important point to understand is that the best modern encryption algorithms are virtually unbreakable by anyone so far as is known, including Government Agencies. I want my Hard Drive and my Email to be secure, how can I achieve this? You need two different types of encryption software. For Email you need a system of encryption called public key cryptography. This system uses a key pair. One key is secret and the other is made public. Anybody sending you mail simply encrypts their message to you with your public key. They can get this key either directly from you or from a public key server. The only way to decrypt this incoming message is with your secret key. Thus it is called asymmetrical encryption. It is a one way system of encryption, requiring the corresponding (secret) key to decrypt. Actually there is a lot more to it than this, but this is reducing the principle to its bare essentials. For your normal hard drive encryption, you will need a symmetrical type of encryption program. The same key is used to both encrypt and decrypt. Which Programs do I need? Let's deal with Email first. For your Email I recommend Pretty Good Privacy (PGP). It is virtually the de facto Net standard for Email cryptography. It is easily available and installed. PGP is available in several versions as freeware. For Dos I recommend version 2.6.3, for Win95 use version 5.5.3 The Dos version 2.6.3 is in a Zip file and easy to install. Version 5.5.3 is exceptionally easy to install because it comes as a self-extracting Zip. It is equally easy to configure and use. The source code has been published. The algorithm has, so far, survived critical analysis. PGP is available for many platforms, including Unix, OS2, Mac, Dos, Win95/98, NT. You can even work with the source code and compile your own version if you are truly paranoid! PGP has several DL sites. PGP (like all powerful crypto) is considered a munition by the American Government, which means its export is prohibited without a license. PGP is available here: http://www.pgpi.com/download/ The PGP FAQ is here: http://www.cryptography.org/getpgp.txt Note: A new Windows version 6.0 has just been released. However, so far as I am aware, the source code is not yet available. I would NOT recommend its use until the code has been released. It is only for use within the United States and Canada at present, but a hacked copy is available in Europe. Both versions seem to check out as identical, however, caution is advised until the source code is available. Additionally, the freeware version is not backward compatible with earlier versions using RSA keys. Which version should I use? If you are going to send anonymous Email through the Cypherpunk remailer system, you will need PGP version 2.6.3 for the United States and version 2.6.3i for all other countries. These versions are also available as 32 bit programs which speeds up the process of encryption/decryption but maintains their compatibility with the Cypherpunk system. You can also get a Windows version 5.5.3 for the States and 5.5.3i for the rest of the world. It is possible to install both the Dos and the Windows versions, but I have found it very cumbersome trying to synchronize the two separate keyrings of the two versions. There are also various restrictions on the choice of type of key to retain backward compatibility. I have experienced incompatibilities between the two versions, despite ensuring that both versions have supposedly compatible keys. The Windows Version 5.5.3(i) offers you a choice of key types, either RSA or Diffie-Hellman/DSS which is the default offered by PGP. The older Dos version 2.6.3(i) can only work with the RSA type of key. Most amateur, as opposed to commercial users, are still using RSA keys. There is no need to be fazed by the Dos version of PGP as there are programs available which do all the work for you. See later in the FAQ. Why are there two versions of PGP, RSA and Diffie-Hellman/DSS? RSA is registered in the United States (but not elsewhere) and a license is required to use it. There are PGP versions dedicated for the United States which use RSAREF, a free license version of RSA and an international version which uses normal RSA. Because of the United States ITAR (International Trade and Armaments Regulations) PGP can not be exported. The international version is a re-compiled version from the original source code exported legally in book form. Do not ask me to explain the absurdity of this situation, it is beyond rational explanation. After 20th September 2000 the license runs out on RSA and it will be freely useable by anyone. Diffie-Hellman/DSS uses two keys, one for encryption, Diffie-Hellman and one for signing, DSS or Digitally Signed Signature. Diffie-Hellman allows very large keys up to 8096 bits to be generated. These would give very long digital signatures so to reduce the signature size a smaller DSS key is used. Theoretically this must mean a slight reduction in absolute security of the signature, but this is negligible for all practical purposes. I've installed PGP, I'm ready to generate my keys, now what? Assuming you wish to correspond anonymously via the Cypherpunk remailer system, then create at least two separate key pairs. The first pair are for your Email usage. This first key should be signed and if you want others to have access to your key to enable them to send you encrypted Email, submit it to a key server, e.g. http://pgp5.ai.mit.edu/. You may want to adopt a Nym (anonymous name) for this key. If you do, then choose something that cannot be traced back to your Email address. I would recommend you also create another Nym which will use the other key pair. This second Nym should not allow fingering of your public key, nor should you submit it to the key servers, nor should you sign this key. This second Nym is for your highest security. You do not offer this public key to anybody. In fact for the maximum possible security, you should point your reply block for this Nym to a newsgroup, such as alt.anonymous.messages. All incoming mail to you via your Nym, even plaintext, should be encrypted from the Nym to alt.anonymous.messages. This ensures that everything sent or is received by you via your Nym is secret and virtually untraceable back to you. For more understanding of the pros and cons of signing these keys read the Nym FAQ. Where can I get the Nym FAQ? Send Email to: help@nym.alias.net - without a subject or body text. This is essential reading before you set up a Nym. What about the data on my Hard Drive? PGP is excellent for Email, but for data storage it is essential to use an "on-the-fly" encryption/decryption program. On-the-fly means the data is ALWAYS in encrypted form on the drive, it is only decrypted in memory (and possibly in the notorious Windows Swap file - more about that problem later). When the drive is mounted, this means after entering the correct passphrase and the drive is visible as plaintext, each read/write to the drive decrypts to memory or encrypts to the disk as necessary. It should be impossible to write to the drive when unmounted. If it were read, it would appear as gibberish. The advantages of this on-the-fly encryption/decryption cannot be too strongly emphasized. It means that at all times your files will remain in encrypted form on your hard drive. If a power failure occurred you are not left stranded with sensitive material lying around in plain text, except in the swap file! Yet once you have entered your passphrase you can see the contents of the encrypted partition, just as if it were plaintext. There are several of this type of program, with more appearing all the time. What is most important is that you use some form of encryption. There are many lesser programs that offer file by file encryption/decryption, but these offer unacceptably high security risks and should be avoided. There are other more practical advantages to on-the-fly encryption if you have a large hard drive. Just try decrypting several Megabytes or even Gigabytes of files each time you boot your computer, remembering they must all be re-encrypted at the end of the session and their plaintext equivalents securely wiped! With large drives using strong crypto it could take hours, an absurd scenario. I have Windows 95/98, what should I use? There are several programs that offer on-the-fly encryption/decryption. I have only had experience of one with Windows: BestCrypt. I strongly commend BestCrypt for its very strong security and ease of use. BestCrypt is commercial ware. It costs around 90 Dollars US. Its authors are in Finland thus outside the ITAR restrictions of the United States. You have a choice of three different algorithms: DES, Blowfish, GOST. A full explanation of these algorithms is included with the documentation. I would choose either Blowfish or GOST. DES is no longer considered strong crypto and is in any case slow. Note: A new version 6.00 is available in beta test form. I believe it addresses at least one of the minor bugs that I have discovered in the existing version. Whether it is wise to entrust all your file data to a beta version is an individual choice. I am sticking with the existing version until Version 6.00 is in final release, which is set for 1st December, 1998. Which is best, BLOWfish or GOST? How long is a piece of string? It is impossible to answer. The BLOWfish algorithm was designed by Bruce Schneier in 1993. He has given away his intellectual property rights to the algorithm in the interests of the wider crypto community. In my opinion a very generous action. The source code is available and has withstood 5 years of crypto-analytical scrutiny. GOST is a Russian crypto, a fallout from the cold war period. Probably strong, but.... One major advantage of Blowfish is its speed. It was written specifically for the 32 bit microprocessor. It is much faster than DES and GOST. The Blowfish algorithm can be implemented with variable key sizes from 32 to 448 bits. BestCrypt have chosen to use 256. This cannot be changed by the user and represents a compromise between absurdly high strength and speed. BLOWfish is my personal choice, but you decide what is best for you. How flexible is BestCrypt?? BestCrypt can create any number of encrypted partitions called containers of mixed sizes up to 2 Gigabytes each, with a maximum of 8 mounted at any one time. BestCrypt offers other facilities, such as floppy disk encryption, hot key crash close and timeout close - if these are not intuitively obvious, all is explained in the help file. BestCrypt talk about virtual drives and containers which may confuse some people. The container is the name given to the encrypted partition. When viewed in Windows Explorer it will look like a very large file, in fact it looks identical whether mounted or unmounted. When mounted an extra drive letter appears in Explorer. If you click on this drive letter, its contents will be displayed by Explorer exactly as if it were a normal drive or partition in plaintext. You can download a 30 day trial version to try before you buy. I urge you to try it. BestCrypt is available from Jetico: http://www.jetico.sci.fi. What are the advantages of BestCrypt? 1. On the fly encryption/decryption 2. Easy to install and set up within Win95/98. 3. Can be easily manipulated as a Windows file for backup purposes. 4. Totally transparent in use, i.e. when mounted. 5. Can be set up on a Jaz drive, if required. 6. User determines the size of the container, up to 2 Gigabytes. 7. Includes a freebie wipe free space utility What are the disadvantages? 1. Commercial ware and so costs money. 2. The source code has not been published, but it does use the BLOWfish algorithm, which has been published. 3. Care must be taken to only mount the container when off-line to prevent hacking. 4. Maximum size of container limited to 2 Gigabytes. 5. Writes to the Registry, thus impossible to hide its presence. Is there anything cheaper than BestCrypt? Yes. A new on-the-fly Hard Drive encryption program has very recently surfaced, called ScramDisk. It is new and early reports suggest there are a few minor bugs, but it is free. This is what is claimed about it: "ScramDisk is a Hard Drive encryption program that runs under Windows 95 & 98 and provides a number of 'high security' ciphers including 3DES, Blowfish and IDEA. Encryption is done in CBC-mode using random IV & pre-encryption whitening values. The program uses SHA-1 as the passphrase hash algorithm". One advantage of ScramDisk is it does not write to your Registry. This suggests that you could install it on, say, a Jaz drive and run it from there. When you finish your session you simply remove and hide the Jaz drive disk. There is then nothing left on your computer to suggest you are using encryption. This may be very useful in some countries with insecure/totalitarian Governments, such as France, Iraq, Iran, China and possibly shortly the whole of the European Union. Two things to consider about this: 1. Where will you securely hide the Jaz disk? 2. A removable media magnetic drive of any sort is inherently less rugged than a floppy or optical. This means more care will have to be taken when handling it. If you want ScramDisk try here: http://www.hertreg.ac.uk/ss/ Is ScramDisk easy to install? It requires a more technical insight into its installation than does BestCrypt, suggesting moderate computer literacy is required. As this is a new program, some may wish to await peer review before trusting it completely. The Author's offer to publish the source code is very welcome. I suspect there will be more refined versions published before long. I believe Version 2 has just been published. I have read reports that it is incompatible with Jack be Nymble, referred to later in this FAQ. I hate Windows, what about us Dos users? If you are running old faithful DOS or Win3.XX, then I recommend SecureDrive for your Hard Drive encryption. This is intended to encrypt whole drives (or partitions) up to the Dos limit. It is extremely powerful, it uses the IDEA algorithm with a 128 bit key size. It operates with on-the-fly encryption/decryption. Better still, the source code is available for those who understand such things, to prove that there are no back doors. As powerful as PGP, but specifically designed to hide files and folders on your computer. It encrypts the whole drive or partition except for the boot sector, unlike BestCrypt which limits itself to your chosen size. It is simplicity itself to install. Just unzip the file and read the install notes. It takes about one hour per Gigabyte to encrypt a drive or partition, depending on your processor speed, probably the same time as BestCrypt. One potentially strong advantage of SecureDrive over Bestcrypt is its ability to feign the use of a keyfile. Taken from the Install Notes (quote): "Since SecureDrive can encrypt disks using either a passphrase or keyfile or both. One devious defense against "rubber hose" cryptography is to set up a keyfile on your hard disk, but then overwrite and erase it. (But leave the environment variable). Each time you invoke LOGIN or CRYPTDSK, you will get a warning message that the keyfile cannot be opened. So it appears you have just destroyed your keyfile. But in reality your disk(s) can just be encrypted by a (strong) passphrase. But the only way your adversary can prove that a keyfile is not required is to guess the passphrase!" Very clever indeed. If you wish to use SecureDrive it is available here: ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdr14b.zip or here: http://www.stack.nl/~galactus/remailers/securedrive.html What advantages does SecureDrive have? 1. Freeware 2. On-the-fly encryption/decryption 3. Totally open source code, thus no back doors. 4. The ability to incorporate a keyfile at start up 5. More difficult to copy and crack off site 6. Passphrase is entered at Dos level, reducing the risk of a "Trojan horse" attack on your passphrase 7. Maximum size of partition only limited by Dos Disadvantages: 1. Only works with Dos, Win3.XX or early versions of Win95 (pre OSR2). 2. Difficult to copy in encrypted form for backup purposes. 3. Difficult for the inexperienced user to control the size of the encrypted partition, unless he allows it full reign. 4. Cannot be used with a Jaz drive or a CD-Writer. Regrettably, SecureDrive is a 16 bit program and appears to be FAT16 compliant only. For further reading and many security related links and a glossary of security terms try here: http://www.io.com/~ritter/GLOSSARY.HTM I use Mac, OS2, Linux, Unix, NT (fill in your choice), what about me? Sorry. I have no experience of any system other than Dos and Windows. But you could do a search for yourself here for example: For NT ... "Sentry" http://www.softwinter.com/sdown.html BestCrypt now also has a version for NT at http://www.jetico.sci.fi/ For the Mac ... CryptDisk http://www.primenet.com/~wprice/cdisk.html PGPDisk http://www.nai.com/default_pgp.asp I have heard that there are programs that HIDE and Encrypt, are these any good? I advise caution. First of all, to the best of my knowledge, they do not publish their encryption algorithms. Be very cautious of any such program. Secondly, they only "hide" the file from the Windows operating system. Any technician could find those files in seconds. Yes, they are encrypted, but how strong is that encryption? Ask yourself, is it subject to the United States ITAR export controls? If not, it must be relatively weak crypto. Be very wary of snake oil. Remember, there is a considerable difference between hiding files from your wife/girl/boyfriend and hiding them from Big Brother with all the resources he can bring to cracking your system. Never under-estimate the snooper. Getting it right is far cheaper than getting it wrong! What about simple file by file encryption? I strongly urge you to use on-the-fly encryption/decryption. Nevertheless, you may need a simple file by file encryption tool, but with the strongest possible security. PGP can be coaxed into this, but it is very clumsy in its Dos version, compared to some programs. This after all, is not its prime purpose. There are many of this type of program, possibly some are free. I have used two, Kremlin and blowfish Advanced 97. Kremlin entwines itself into your Registry and offers a file wipe facility for shutdown, very useful. BFA 97 uses a rather smart browser, it also offers a file wipe facility. It is simpler to use than Kremlin. Naturally, it uses the blowfish algorithm, but the author now offers alternative algorithms as well. It is shareware and cheaper than Kremlin. Kremlin is here: http://www.mach5.com/kremlin/index.html BFA 97 is here: http://www-hze.rz.fht-esslingen.de/~tis5maha/software.html Tell me more, tell me more, tell me more... As the majority of users are likely to be using Win95, I will concentrate on the BestCrypt program, but substitute ScramDisk or SecureDrive if this applies to you. I strongly urge you to invest in at least two hard drives of equal size. Partition each drive such as to allow up to 2 Gigabytes for the BestCrypt container or whatever you can spare, depending on the size of your drives. These two separate partitions on each Hard Drive, one encrypted and the other plaintext for your Windows programs, etc, can each be copied to the corresponding second Hard Drive for backup purposes - more about how to do this later. The BestCrypt encrypted container is mounted by either clicking on the file or on the BestCrypt icon on your Desktop. When you do this, a window opens showing all the Hard Drives and all the BestCrypt containers that are available. Click on any one and a passphrase box opens. In this passphrase box you are offered a drive letter to allocate to this container. This is why it is called a virtual drive. For all practical purposes, after mounting, it seems like a drive. You can either accept the default Windows chosen drive letter, or change it to something else, provided it is not already in use. You can allocate the same drive letter to more than one container, provided you only open one of them at a time, otherwise it will default to a different letter. Once you allocate a drive letter, BestCrypt will remember it and use it until you choose to change it. This is very useful if you backup your BestCrypt container from one partition to another. One point to remember, if you have any shortcuts pointing to this drive letter on your desktop or in the drive itself or in the Windows Start menu, you will need to keep to the same letter every time you mount, otherwise the shortcuts will not function. I would not recommend leaving trails from the start menu or on the Desktop, but that is up to each of you. I would keep all the shortcuts in the root of the drive itself, together with all programs that you will use, plus all the files that you choose to DL. I will give my recommendations later. When the drive is mounted it is seen in My Computer and in Explorer as "Crypted-Disk", or whatever volume name you give it (Hint: Do NOT use a volume name that is descriptive of the volume's contents!) This icon can then be clicked on and opened. The shortcuts to the programs residing within this virtual drive will then be seen as if they were on your desktop. You can use the same passphrase for all containers should you wish, perhaps even the same as you use for PGP. There are arguments for and against this, which I will not go into here. If you install PGP within the encrypted drive (most strongly recommended), you need not bother with any passphrases for your PGP keys, except as a precautionary means to identify different keys. More on this later in the FAQ. Are there any precautions in using BestCrypt? Yes. You must never defrag the drive on which the encrypted container resides unless the container is dismounted. You can defrag the container itself when mounted and you can defrag the drive on which the container is stored, provided the container is closed. To attempt to defrag a drive with an open BestCrypt container could be disastrous and cause the container to be irreparably damaged with consequential total loss of data. The moral is of course to always back up your data, hence my suggestion for two drives. I believe this slight drawback has been fixed in version 6.00. Another precaution is to decide the size of the BestCrypt container, then partition your Hard Drive to that size. When you create the new container, BestCrypt will tell you the maximum size available within that partition. This partitioning of your Hard Drive takes the BestCrypt container off your normal drive C. This is recommended, otherwise it can take forever to defrag drive C as Windows will always endeavor to keep this very large file contiguous. If you are particularly lazy and never defrag your Hard Drive, it is possible under the worst case conditions for the BestCrypt container to become so fragmented that it will not mount. This will happen if there are more than 50 discrete fragments to the container. Always defrag regularly or better still use a separate partition. The BestCrypt containers cannot be deleted from within Windows. To delete/erase/wipe a BestCrypt container, you must do it through the BestCrypt control panel. It takes only as long as it takes to type in your Passphrase, then puff, your BestCrypt data is no more. Be very aware, this will irrevocably and irreversibly lose your data. It simply scrambles the passphrase checking part of the BestCrypt file. The encrypted data is now inaccessible and safely lost forever. The only way to recover it now would be by a brute force attack on the data - for all practical purposes an impossible task. Incidentally, although you cannot delete a BestCrypt container within Windows, it can be done when in Dos. You can also overwrite it within Windows by copying another similar named file over it. To Windows it is just another (possibly very large) file. Can BestCrypt encrypt Floppies? Yes. This is a very useful function - see later. Does using Encryption slow things up? Yes, there is a small speed penalty because your computer has to constantly encrypt to write to disk and decrypt to read from it. It is also the major reason given by the "decrypt all files together" type of programmer for you to buy his wares. These days this overhead is almost unnoticeable with any modern Pentium based machine. How can I partition my Hard Drive? I recommend Partition Magic. It makes partitioning your Hard Drive very easy. Better still, Partition Magic offers easy copying from one partition to another, even your Drive C. This is very useful. If you are unlucky enough to lose a drive (a virus, or whatever) you can use Partition Magic to copy it all back. It works in DOS and is very simple to use. It is commercial ware and costs around 70 Dollars. The manual forgets to tell you that before you can copy across from one drive or partition to another you must first delete (using the program) the destination drive or partition. Unless this is done the copy command stays grayed out! I have noticed other programs from PowerQuest which suggest similar functions, but I have never used them so cannot vouch for them or offer any opinion about them. Partition Magic is available from: http://www.powerquest.com/ I believe there are freeware or shareware programs available - do a search on www.tucows.com or on www.shareware.net How large should I make the BestCrypt containers? The sizes of the BestCrypt containers are entirely up to you. There is no reason why you shouldn't make them of 1020 Mb if you are going to backup to a 1 Gigabyte Jaz drive or double that if you are fortunate enough to have the 2 Gigabyte version. To save time you only need to create one container, then copy it using Explorer. It is quicker to do this than to get BestCrypt to encrypt another partition from scratch. If you want the benefits of an external hard drive, I would recommend the Jaz drive. The drawback is the cost of the media. I have no experience of the SyQuest equivalent. Are there any bugs with BestCrypt? I have found only two. The first is it cannot create a container to the full capacity of a CD-RW disk. For some reason it can only encrypt to one quarter of the available space. You can work around this by creating it on your Hard Drive and copying it across. A CD-Writer is excellent for archiving, but very slow in my experience and prone to crashes! Present implementations are far too slow to use as a substitute Hard Drive. The second minor bug is when you request floppy disk secure mode with a previously encrypted floppy. For some reason on my system, at least, it always displays: "Check floppy password error". It then offers three choices, retry: yes, no or cancel. If this happens to you, simply click on NO and you will find access is available to the floppy. To avoid this, I always uncheck the password check box first. Ignore the bug (if it appears on your system) and you have a very useful adjunct to your encryption armory. Incidentally, attempting to read from an encrypted floppy without first inputting the passphrase (i.e. setting secure floppy mode in BestCrypt) and Windows tells you the floppy has not been formatted and will offer to format the disk. Might be a useful feature. In earlier versions I wrongly claimed that it was not possible to do a diskcopy with an encrypted floppy. It is, but before reading the copy, remove it from drive A. This clears the Windows cache and it should then be possible to check the copy is encrypted and when in floppy secure mode, readable as plaintext. What are the precautions to be taken with the Passphrase? In earlier versions of this FAQ, I strongly recommended great care be taken to ensure a secure (which means long) passphrase is chosen. I would recommend a passphrase of at least 20 random characters, which is very difficult to remember, or 30 plus of a more easily remembered text and figures based passphrase. Remember the adage, strength in length applies to crypto passphrases. However, provided you keep your PGP keyring within the encrypted drive there is no absolute need to bother with a passphrase at all for PGP. This may sound extreme, but the protection of your privacy is ensured by the encrypted drive. It is quite possible that the consequences of someone accessing your encrypted drive's data is marginally more serious than their ability to access your PGP secret keys. If you decide to forego a passphrase for your PGP keyring, be absolutely certain that all your backups of the keyrings are in encrypted form. I suggest a possible solution to this later in the FAQ. Isn't there some risk with my passphrase always being held in memory? There is a slight risk of someone hacking into your computer whilst online and yes, they may be able to read anything that is in your swapfile or even your encrypted hard drive if it is mounted. If you believe this is a significant risk to you, then I recommend you try the BestCrypt+ hardware option. This requires a floppy disk containing a 128 bit randomly generated keyfile plus a passphrase be input before Windows is started. This at least ensures that any snooper cannot at a later date use your passphrase alone to open your encrypted drive. Even if your keyfile is stolen, it cannot alone open the BestCrypt container. It still requires your passphrase on boot. Remember to make at least one backup of your keyfile or otherwise if it is lost..... If I go to all these lengths, am I truly safe? Not completely. There is still the faint possibility of a tempest attack. Tempest is an acronym for Transient ElectroMagnetic Pulse Emanation Surveillance. This is the science of monitoring at a distance electronic signals carried on wires or displayed on a monitor. Although of only slight significance to the average user, it is of enormous significance to serious cryptography snoopers. To minimize a tempest attack you should screen all the cables between your computer and your accessories, particularly your monitor. A non CRT monitor screen such as those used by laptops offers a considerable reduction in radiated emissions, so may be considered by the truly paranoid. More serious (more paranoid?) users may wish to consider screening their room. This sounds absurd but is routine with certain Government Agencies. Are there any other precautions I should take? Make copies of all your PGP keys, a textfile of all your passwords and program registration codes, copies of INI files for critical programs, secret Bank Account numbers and anything else that is so critical your life would be inconvenienced if it were lost. These individual files should all be stored in a folder called "Safe" on your encrypted drive. Encrypt a floppy with BestCrypt using your usual passphrase and copy this folder onto the floppy. Whenever you update "Safe", you should also update your floppy backup to ensure synchronization. Now copy the self extracting Zip file for the BestCrypt program plus a plaintext file of the registration key for the BestCrypt program onto another floppy - DO NOT ENCRYPT THIS SECOND FLOPPY! Both these floppies should be kept apart from your computer in case of theft, fire or any other interference. If the worst happens you should be able to restore your data from your backups on your Jaz or CD-R and use this floppy to re-install the BestCrypt program to allow you access again. Making backups is a boring business. We can always think of a zillion better things to do, but if ever you get a system crash you will be convinced of its worth. Trust me, I speak from experience... What to put in your newly created Encrypted Drive You need to take care over which programs to choose. Some Newsreaders and Image Viewers and Emailers can either write critical information to your Registry, early Anawave Gravity wrote your News Providers passwords in plaintext, ACDSee will show the drive\folder path of your last access, Eudora and AnonPost will send revealing info when attempting to communicate anonymously. For what it's worth, here are my choices for these critical programs: 1. Agent (or FreeAgent) for the newsreader, and basic Emailing. Agent will write to the registry, so its presence cannot be disguised, but this is probably not too serious. 2. I recommend the latest version of ACDSee as your viewer. Make certain that if you use the cache facility, you set it up within the encrypted drive. This allows easy previewing of thumbprints and click and Zoom to examine image quality. ACDSee will write to the registry and will always disclose the last drive\folder accessed in the registry. If this bothers you, I suggest using VuePro. Allow VuePro to install itself in its default (Windows) folder, but do not allow VuePro to become the default viewer for your system. Now move (not copy) the three files, onto the encrypted drive. VuePro generates an ini file. This ini file will reveal the drive path and name of the last file accessed, even worse than ACDSee, so make certain it is installed within the encrypted drive (this is why it should not be allowed to become the default viewer). You could use Thumbs Plus. This similarly will write to the registry, but you can ensure that its self-generated database is stored within your encrypted drive. Thumbs Plus does not reveal anything except its location in the registry. VuePro on its own, is a little clumsy for general viewing, it needs Thumbs as well, whereas ACDSee can combine the best of both, but regrettably tell everyone your last drive and folder accessed! Your decision. I will concentrate on ACDSee for the purposes of simplicity. ACDSee is here: http://www.acdsystems.com VuePro is here: http://www.hamrick.com/ Thumbs Plus is here: http://www.cerious.com 3. I strongly recommend Jack be Nymble (JBN) for your Nym accounts and sending and posting anonymously. This is a very sophisticated program and requires much dedication and concentration to get the best out of it. It is freeware and cannot be too strongly recommended in my humble opinion. It can automate many functions in setting up and managing a Nym, including automatic decryption of incoming messages. It requires the Dos version of PGP, but will help you configure it. It likewise will help you configure the Mixmaster chain of anonymous remailers. Because of the United States ITAR you must be a United States or Canadian resident to use Mixmaster. (Aside here, if you are truly anonymous, how will they know?). JBN is excellent for all your encrypted mail. It has many options, too many to list individually - read the manual. It can also ensure your Usenet postings are truly anonymous. You will have to experiment with the appropriate mail2news gateway. Not all support all groups. Also, be prepared for some considerable unreliability from these remailers as they are apparently under constant attack from spammers. Jack be Nymble is available here: http://members.tripod.com/~l4795/jbn/index.html 4. For browsing I find Netscape Gold the best. You can direct it to locate its Bookmarks file on the encrypted drive. The later versions want to create user profiles and worse want to put them in exposed folders. Be careful! All versions will write to the registry, but this is difficult to avoid with any browser. I most strongly suggest you do not use Microsoft Internet Explorer. It will insist on keeping things within Windows, be very careful with that one! This is especially the case for MS Mail and MS News and Outlook. Of course, you can always use MSIE as a normal browser on your desktop for non-critical browsing and Email, should you wish. Note: MSIE4 has a feature which can import favourites, it does it just by clicking on "Import favourites". It will automatically find and display your Netscape browser's bookmarks from your encrypted drive if the encrypted drive is open. As a precaution I would delete the feature if it is not required. 5. Many files are compressed. The most popular is Zip. I recommend obtaining a copy of WinZip from here: http://www.winzip.com. Or, do a search for PKunzip which is freeware, I believe. 6. Any person who browses the Net should ensure they have a good virus detector. There are many to choose from, some are freeware, others are shareware or commercial ware. I use Norton's only because I like its Live Update Feature. It allows you to update the virus list online. Useful and so easy. What folders do I need on my Encrypted Drive? These are my suggestions. Obviously adjust to suit your needs. Create two new folders in the root of your encrypted drive, name them "Programs" and "Library". All the above programs, except the virus detector and WinZip, should now be installed into the folder "Programs". Create two more folders under Library naming them "! - Incoming" and "Zzz", Ensure there is a space between "!" and "incoming" This ensures that "! - incoming" is always at the top of the list of folders, making it very easy to locate each time. Still in the Library folder, create a set of folders starting from "00" (zero, zero) through "9" and another set from "A" through "Z", finally throw in one more of "!!" for those files that have a symbol as their first character. You should now have all these additional folders inside Library, starting with "! - Incoming" at the top and finishing with "Zzz" at the bottom. Should you wish to add a "specials" folder for your favorite pics, call it "! - Specials". Likewise if you wish to have sub-folder for your text downloads, create "Z - text". Install ACDSee into its choice of default directory on drive C (remember your cannot hide its presence as it insists on writing to the registry, as does Thumbs and to a lesser extent VuePro). There are numerous other options, too many to list here. Enjoy experimenting. I found that using the cache facility always slows up ACDSee when I want to change folders, so I have stopped using it. Go into Agent\Group\Default Properties then browse and choose X:\Library\! - Incoming, for both "directory for saving attached files" and "Temporary Directory for Launching Attached Files". Go to Group\Default\Properties\Post and ensure both "Prevent Usenet messages from being archived X-No-Archive" and "Observe no archive requests from original message in follow ups" are both checked. It is simplicity itself to move pics from "! - incoming" to wherever. Just highlight all those pics you wish to move and drag them using the mouse to the chosen numbered or lettered folder depending on the first letter of their file name. Easy! One of the most useful features of both ACDSee and Thumbs is that if you have downloaded dupes, you can offer them to their respective folders and the programs will show you a thumbnail of the pic, plus give you the file sizes, so you can replace if you have one of a better resolution. How can I ensure my temporary files do not give away info? Regrettably, despite all your best efforts Windows will still save to a swap file unless you perversely disallow Windows from using one and risk program lock-ups. This is an unavoidable risk with Windows. To minimize this problem you must use a wipe utility. BestCrypt includes a disk free space wipe utility which works whilst in Windows, but do not trust it to completely wipe the swapfile. It is impossible for any utility to do this truly effectively whilst Windows is still running. However, do not despair there are ways around every problem. 1. In Windows, go to My Computer\Control Panel\System\Performance\Virtual memory. Click "Let me specify my own virtual memory settings". Enter identical settings in both boxes. I suggest 150 Mbytes. Click OK. Windows will tell you what you've done and complain and ask you if you are sure you wish to continue, click YES. Windows will then want to re-boot. Allow it to do so. After re-booting you can see the file in Windows Explorer as Win386.SWP. If you run games which require large swapfiles, or run many programs simultaneously, you may need to increase the size. But remember, the larger it is the longer it will take to securely wipe on shutdown and the greater the wear and tear on your hard drive. 2. Use Notepad to write the following simple Batch file. Put it in the root of your C: drive. Give the batch file a name. I suggest W.bat, but any convenient letter or name will suffice, but NOT Win.bat or confusion will occur with the Win.com which starts Windows. Add it as the last line of your Autoexec.bat file. This will ensure it runs automatically on every shutdown, avoiding that "Oh, I'm too tired and can't be bothered, I'll do it tomorrow" syndrome. W.bat = CD\WINDOWS Win Mode co80 cd\ Scorch [win386.swp] /nodel Scorch [c:\progra~1\cache\*.*] Scorch [c:\windows\cookies\*.*] Scorch [c:\windows\history\*.*] Scorch [c:\windows\recent\*.*] Scorch [c:\windows\spool\fax\*.*] Scorch [c:\windows\spool\printers\*.*] Scorch [c:\windows\temp\*.*] Scorch [c:\windows\tempor~1\*.*] Scorch [c:\windows\web\*.*] Zapempty Zapempty Note 1: Choose whichever of the above folders applies to your system, likewise add any others that are not shown but required. Note 2: This simple idea will not work with Windows 98. You will either need to use Kremlin (but see warning below) within Windows prior to shutdown or exit to Dos and then run the Bat file manually. CD\Windows followed by Win tells your computer to start Windows. The subsequent lines only operate on shut down. Mode co80 is to prevent your computer hanging at the "It is now safe to switch off your computer" screen, but exits to Dos. Scorch is a freeware wipe utility. The format of enclosing the file to be wiped in square brackets is to minimize disastrous errors. Read the documentation that comes with it before use. There are several other options, which are best gleaned from the included documentation. Scorch is available here: Http://www.mist.demon.co.uk/realdelete/index.html. Ordinarily two wipes should be enough for all practical purposes. If you are a propeller head, then choose any number of wipes that you feel happy with. Remember, for anybody to recover data off your drive after just one effective wipe would involve dismantling the drive and a microscopic examination of each cylinder, sector by sector. Extremely costly and very time consuming, so only likely if you are considered an exceptionally worthy person to investigate! Extra wipes after the first are just icing on the cake. Zapempty wipes the empty areas of your hard drive. It is freeware and available here: http://www.sky.net/~voyageur/wipeutil.htm. The Zip file contains several other useful wipe utilities, besides Zapempty. Note 1: Some reports spread alarm that up to 35 wipes are required for effective wiping. Probably true, but there is more mileage in investigating your Windows Registry, together with any pieces of paper that might contain your passphrase, etc. The corollary is you should take the greatest care over what you install and what you keep in and around your computer. Note 2: In earlier versions of the FAQ I recommended Kremlin as a wipe facility on closing down Windows. I have found a few problems with that. First it interferes with the exiting to Dos when running Partition Magic and similarly it caused severe problems when it wiped the temp files after running Live Update for Norton Anti-Virus. I had to uninstall Norton then re-install from scratch. My fault I should have switched off the Kremlin wipe facility before closing down. But in view of these problems, I have changed to doing all critical file wiping from Dos. Hence the rather longer Bat file above. It is cheaper as well, this way uses freeware programs! That completes the first part of the FAQ. This second part has more to do with ensuring privacy online. It may be useful. Again it is offered in good faith. Please evaluate and make your own decisions regarding its usefulness before committing any resources. Can you suggest any other precautions I should take to preserve my Privacy? Common sense should prevail. It is quite pointless going to all the bother of installing powerful crypto to protect yourself from unwarranted intrusions into your privacy and then leave trails within your computer environment. Take care that you never write down your passphrase. So foolish, yet so many think they can hide it in the pages of a book, or stuck beneath a drawer. I would also earnestly urge you never to print anything from your computer that is the least bit compromising. Privacy is about containing your data within a secure environment, in this case within the encrypted container. Once it is outside that container, the container is redundant. Moral: Never let anything out of that container that is not strictly kosher. I download binaries (pictures) that may be compromising, am I safe? No. Whilst you are online anyone could be monitoring your account. I am NOT saying your local ISP will do this, but they COULD! If your activities have aroused the suspicion of the authorities, this is the first thing they are likely to do, especially your Email. Can anything be done to prevent my ISP (or the authorities) doing this? Yes. You need to encrypt your data-stream to and from your desktop to a remote host. This host should preferably be sited in a different State or country to your own. I know of only two such hosts. Both offer a news service. One also claims it offers a totally uncensored all available groups service. Who are these two Remote Hosts: Cyberpass and Minder. I have had personal experience only of Cyberpass whose news feeds are restricted. You will need to additionally subscribe to a News Provider such as Altopia or similar for a fully uncensored news service. Minder say they have a full uncensored news feed from Slurp (a well known source for freedom of speech and anti-censorship of all kinds). Note: Both Supernews and Newscene now heavily censor they list of available newsgroups. Before subscribing to any dedicated News Provider always check that they provide what you are expecting to receive. How do I go about Encrypting to either of these remote hosts? You will need SSH (Secure Shell). To quote from the SSH FAQ: SSH is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp. Additionally, ssh provides secure X connections and secure forwarding of arbitrary TCP connections. If you want more info about SSH, visit their home page at: http://www.cs.hut.fi/ssh/#other The FAQ, plus loads more info is available here: http://wsspinfo.cern.ch/faq/computer-security/ssh-faq There is an NG devoted to SSH at: comp.security.ssh Also, loads of Nym info at : alt.privacy.anon-server There are freebie versions around, but I have no experience of them or where to find them. Doubtless the NG's will help you. You can buy a commercial implementation from Datafellows, called F-Secure. They allow a 30 day free trial period. A newer version will shortly be released, I believe. F-Secure is available here: http://Europe.DataFellows.com/cgi-bin/sshcgi/desktopreg.cgi. Can I use Cyberpass or Minder as my local ISP? Yes. Cyberpass now also operate as an ISP from anywhere within the United States at local call rates. It may be possible to subscribe anonymously, but that does not guarantee anonymity. I recommend you use them for a shell account. This does mean paying for two separate accounts, but that is for you to decide on how important is your anonymity. What is a Shell account? For anybody who does not understand the difference between a dialup and a shell account, the dialup is what it says. It is your normal account with your Internet Service Provider (ISP). A shell account is accessed after going on line with your usual ISP. With a shell account you log into your ISP then use the Net to make a connection to a remote server. All your Net activities, Email, Usenet, Web browsing are then done through this remote host. To get the full benefit you should use encryption from your Desktop to this remote host. If the remote host is located in another country, better still. To get the maximum benefit, you should ensure your registration with this host server is done anonymously. Note: For you to use a remote host, you only require a dialup facility which allows the use of the Windows dialup networking protocol. Most ISP's will offer help in configuring the dialup connection from Windows. Regrettably, as yet there is no universal standard. Some offer software to help you set it up easily. Ask before subscribing. These dialup connections are usually cheaper than a fully blown bells and whistles ISP such as AOL. I have tested the system with AOL and it appears to work ok. OK, I've got my dialup working, how do I connect to the Remote? The procedure with Cyberpass and F-Secure for example, would be to first log onto your ISP. Minimize its startup screen. You then start F-Secure. You are asked to enter your passphrase for logging into Cyberpass. F-Secure then contacts Cyberpass' server asking to open a connection. Cyberpass reply with their RSA public key. Your copy of F-Secure checks this key for authenticity from previous connections - very important to prevent intermediate hacking and then generates a random 128 bit session key, encrypts it with the RSA public key from Cyberpass and sends it back with the request "let's use this key". All data transfer between Cyberpass and your computer, including sending your Cyberpass password, are now sent encrypted using that session key with either DES, 3DES or blowfish (your choice) for the duration of that connection. Some servers only support DES or 3DES, I believe. Do NOT use DES. This has already been compromised and shown to be weak crypto by today's standards. 3DES can be slow. I recommend blowfish for speed and security. I also recommend disconnecting at irregular intervals and remaking the connection. This purges the system and ensures a new route to the host with a new session key. Why not save money and just use Cyberpass as the ISP? For a dialup account with Cyberpass, you rely on Cyberpass keeping your name anonymous and not monitoring your activities (unless they are compelled by a legal warrant to release your account details). If you have subscribed anonymously and Cyberpass have no idea who you are, you can quite easily be traced immediately via the phone Company. Coming into a shell account via another ISP means the authorities must coordinate their searches when you are online and work with probably a different authority in another State or country. Still possible, but much more bother. With constant and irregular breaks to the host and it becomes even more difficult to trace you. How do I set up the Anonymous account with Cyberpass? A Cyberpass shell account will cost 7.00 USD per month. The account must be paid six months upfront. Therefore, an anonymous shell account will cost you 42 USD per six months. You need to send Cyberpass a few alternative user names, plus your choice of an eight letter password (case sensitive), plus 42 Dollars. You then watch the Cyberpass bulletin board at: http://www.cyberpass.net/top/help/news.html until you see your user id posted up telling you the account is active. You will receive mail on first logging in which tells you your Cyberpass Email address. Their address for payment is: Infonex Internet Inc. Attn: Anonymous Accounts 8415 La Mesa Blvd. Suite 3B La Mesa, CA 91941 Do not include any personal information. They expect you to choose a username and an eight character password, case sensitive. Include a half dozen usernames just in case there are problems with prior use. Be imaginative, remember your username can be figures as well as letters. Keep copies of your proposed usernames and your eight character password, in case you forget them before the account becomes active. You should immediately change this initial password on your first log-in by typing "passwd" at the command line prompt and follow the instructions. Send your account details with the money. This does not compromise your anonymity in any way, provided you do not put a return address on the envelope! Do not send bills, send a money order. You need to trust them to implement your account. I have found them to be excellent. What about Minder? The following is a verbatim quote from their system administrator: "The service which provides our newsfeed, slurp.net, does not censor their feed for any reason. If the group you are looking for exists, they carry it. We do offer SSH logins and in fact we encourage our users to do so. The price schedule for shell accounts (www.minder.net/services.html) is as follows: 1 month/USD5 6 months/USD25 12 months/USD50 Payments should be sent to: Minder Network Services 69 South Locust Ave. Marlton, NJ 08053 USA Your username/password information can be sent to us in several ways, depending on your personal security concerns: encrypted with the appended PGP key, sent as plaintext, or sent with your payment". Their Email address and key follow at the end of the FAQ. This is cheaper than Cyberpass and considerably cheaper than Cyberpass plus an additional News Provider. However, I have no experience of Minder, so I advice caution. Try them and see... How do I configure my News Reader and Browser with Cyberpass? Easy. Read the FAQ at http://anonymizer.com/ssh.html. Once connected via F-Secure, you simply minimize the startup screen and then use your browser, email, etc in the usual way. To ensure they route their connection through Cyberpass (or whatever remote host you choose) you need to specify "localhost" in the proxy connection settings. This is straying into the territory of information that comes with these programs. The Anonymizer FAQ explains it in detail and quite lucidly. The bottom line is, it ensures you are virtually anonymous with whomever you communicate and more importantly, the data is hidden from prying eyes. Minder is cheaper at around 5 Dollars per month. Please check with Minder for more details, www.minder.com. I have no idea whether they offer anonymous registration as does Cyberpass. If anyone knows anything, please supply feedback. What about the data between Cyberpass and the News Provider, is this encrypted? No. From cyberpass onwards it is in plaintext. Until the News Providers take security seriously, you have no choice. May I suggest you all send emails to the various News Providers suggesting they start offering SSH encryption to their clients. If this bothers you I suggest trying Minder, they are certainly considerably cheaper. Can I be anonymous as far as other Web sites are concerned? Yes. Visit the Anonymizer at: http://www.anonymizer.com/ - there are others, but I have no experience of them. I use a dedicated News Provider, how do I connect? Follow the Anonymizer help exactly as shown on the Anonymizer FAQ, but instead of inputting news.cyberpass.net as the news provider, enter your News Provider's site URL, e.g. news.supernews.com. You will have to configure Agent (or whichever newsreader you are using) for a news server log in, exactly as now. How can I post anonymously to Newsgroups? I would NEVER trust a third party that knows your identity. This means I would never recommend posting via a third party site offering you an anonymous account that requires your true Email address to sign up. Even if you managed to open an account anonymously (by sending money by snail mail with no return address or identification, other than your proposed user id and password), you could be traced by your ISP logins. This means so-called anonymous connections to hotmail.com and similar free Emailers could be traced back to your true ISP if someone were sufficiently motivated to make the effort. What do you suggest to maximize my anonymity whilst posting? My suggestion is to always use a Nym and post Vs. nym.alias.net provided you a. Always point your Nym reply block back to a newsgroup such as alt.anonymous.messages b. Use Jack be Nymble (JBN) with a JBN generated random conventional passphrase for the reply block. c. Post using Mixmaster chaining with at least three remailers d Use an encrypted channel to a remote host server such as Cyberpass c Ensure that you subscribe to this remote host anonymously Provided you do all the above, you should be reasonably safe. It is still theoretically possible to do a trace, but it would involve a lot of effort. Note: You cannot use Mixmaster for your reply blocks. Due to the greater anonymity of Mixmaster it is impossible at present for them to handle replies. However, you could and most definitely should use Mixmaster for all posting. How can I post graphics to NewsGroups? Sorry, I do not know. I have never done so. My hobby starts and stops at encryption. Can you offer any help in setting up a Nym? Regrettably there are many pitfalls in setting up an effective Nym. The first one is in actually asking for the list of Nyms available. I would suggest that this should only be done the once and if possible, sent to a different Email address to your usual one. I know this sounds paranoid, but true anonymity is not easy to achieve. Yet another way, is to get the list of used Nyms sent to your true Email address, then set up a Nym several weeks later. Once you have a Nym, all future requests for the list should be sent to that Nym. To be anonymous, you will need JBN, PGP and Mixmaster. JBN will help you configure these, including modifying your autoexec.bat file. I recommend that all three programs be installed within your encrypted drive. When you start JBN you will normally be shown the Message Folder. This is the default folder for all your Email and Postings to Usenet. However, to set up a Nym, you should use the Nym folder. Keep only your Nym configuration messages in that folder. Do not put your Email or Postings into the Nym folder, keep them in the Message Folder for better filing. Hints for setting up a Nym: 1. Make certain that you have generated a new key for your Nym. 2. Make certain that you send this key with your first configuration message. Also, make certain that you sign your configuration request with this key. 3. Type in your chosen Nym, e.g. if mynym were your chosen Nym, type mynym@alias.nym.net. Also, most important, type in mynym into the name box, otherwise you will not be able to save your passphrases to a file and automatically decrypt incoming messages. 4. Always tick the Send Key, Nym Commands, Create, Cryptrec, Nobcc and the Reply Block boxes, but keep the other boxes clear (at least until you are better able to understand their purposes. 5. For your first Nym I recommend keeping the reply block very simple, so simply press the Active button next to the 1 box for just one active reply block. 6. The first remailer should be Nym-Server (obviously). On the line Encrypt-Key, press the little "R" button. At the very bottom of the box, you will see an instruction telling you to type a number of random keystrokes. Do so. You will then see a line of random text appear in the Encrypt-Key line. Now press Set and this random text will appear next to the Nym-server and will conventionally encrypt your reply block message with that passphrase. 7. Further down the box, choose Anon-Post-To from the drop down menu in the first box marked Final Headers. 8. Now choose alt.anonymous.messages from the choice of groups (note if this is not available you will need to add it in the Books section of the Menus). 9. In the second line of the Final Headers choose Subject from the drop down menu. 10. Alongside this, type a subject that you will easily remember. You could press the R button and generate a random text line and copy and paste it into this window should you choose. 11. Remember to press Update, to ensure that the chosen conventional passphrase is stored in your Nym Accounts registry within JBN. 12. Before sending, press Stats to update the stats list. When the Stats box opens, press Tools on the Menu bar and choose Update Cypherpunk keys then Update Mixmaster keys. These steps are all mentioned in the excellent manual, but are sometimes forgotten and one of the reasons why people are unable to create their Nyms. When sending, always (if possible) choose Mixmaster as your first choice of class of remailers. Note: You cannot use Mixmaster directly for your Reply Block, but you can choose Cypherpunk Remailers that support mixmaster. If this sounds complicated, again, please see the manual. If it is too much, just point your reply block directly to alt.anonymous.messages and you will still enjoy first class anonymity without the worry that you may have done something silly. You can add extra reply blocks at a later stage, should you choose. Remember: the more parallel Reply Blocks, the greater the chances of your being identified, all else being equal. This is why many seriously paranoid people use alt.anonymous.messages as their incoming Email message dumping ground. None of the above is in itself a panacea to avoid reading (and understanding) the JBN manual. You would be most unwise to attempt to create a serious Nym without some understanding of the possibilities available with this very sophisticated program. Conclusion I must repeat that this is not intended as a definitive statement on computer security. It is offered in good faith as a starting point. Many will choose to implement things in a different way. That is what freedom is about. The important thing to remember is to use encryption, whatever else you do. To send Email without encryption is equivalent to sending a letter on a postcard. Fine for sea-side postcards but hardly a good idea if you wish to preserve your privacy. One last bit of information: 1. Never ask of anyone nor give anyone, your TRUE Email address. 2. Never DL any file with .exe, .com or .bat extension from a dubious source. 3. Never offer to trade any illegal material, nor ever respond to those seeking it, even anonymously. If you believe any part of this FAQ is wrong, misleading or could be improved, please post your comments and I will take them onboard. To respond to me personally, please email me at Doctor_who@nym.alias.net and include your PGP key with your message if you expect an encrypted answer. Note: I cannot respond to Diffie-Hellman/DSS keys, only RSA.