4 <meta http-equiv=
"content-type" content=
"text/html; charset=utf-8" />
5 <title>Email Self-Defense - a guide to fighting surveillance with GnuPG
7 <meta name=
"keywords" content=
"GnuPG, GPG, openpgp, surveillance, privacy,
8 email, security, GnuPG2, encryption" />
9 <meta name=
"description" content=
"Email surveillance violates our fundamental
10 rights and makes free speech risky. This guide will teach you email
11 self-defense in 40 minutes with GnuPG." />
12 <meta name=
"viewport" content=
"width=device-width, initial-scale=1" />
13 <link rel=
"stylesheet" href=
"../static/css/main.css" />
14 <link rel=
"shortcut icon"
15 href=
"../static/img/favicon.ico" />
18 <body><iframe src=
"//static.fsf.org/nosvn/banners/202211fundraiser/" scrolling=
"no" style=
"width: 100%; height: 150px; display: block; margin: 0; border: 0 none; overflow: hidden;"></iframe>
19 <!--<div style="text-align: center; padding: 2.5px; background-color: #a94442; color:#fcf8e3;"><p>Due to Enigmail's PGP functionality being migrated into Icedove and Thunderbird, steps 2 and 3 of the guide are currently out of date.</p><p> Thank you for your patience while we're working on a new round of updates.</p></div>-->
21 <!-- ~~~~~~~~~ GnuPG Header and introduction text ~~~~~~~~~ -->
22 <header class=
"row" id=
"header"><div>
24 <h1>Email Self-Defense
</h1>
26 <!-- Language list for browsers that do not have JS enabled -->
27 <ul id=
"languages" class=
"os">
28 <li><a class=
"current" href=
"/en">English - v5.0
</a></li>
29 <li><a href=
"/es">español - v5.0
</a></li>
30 <li><a href=
"/fr">français - v5.0
</a></li>
31 <li><a href=
"/tr">Türkçe - v5.0
</a></li>
32 <!--<li><a href="/cs">čeština - v4.0</a></li>
33 <li><a href="/de">Deutsch - v4.0</a></li>
34 <li><a href="/el">ελληνικά - v3.0</a></li>
35 <li><a href="/fa">فارسی - v4.0</a></li>
36 <li><a href="/it">italiano - v3.0</a></li>
37 <li><a href="/ja">日本語 - v4.0</a></li>
38 <li><a href="/pt-br">português do Brasil - v3.0</a></li>
39 <li><a href="/ro">română - v3.0</a></li>-->
40 <li><a href=
"/ru">русский - v5.0
</a></li>
41 <li><a href=
"/sq">Shqip - v5.0
</a></li>
42 <!--<li><a href="/sv">svenska - v4.0</a></li>-->
43 <li><a href=
"/zh-hans">简体中文 - v5.0
</a></li>
44 <li><strong><a href=
"https://libreplanet.org/wiki/GPG_guide/Translation_Guide">
45 Translate!
</a></strong></li>
48 <ul id=
"menu" class=
"os">
49 <li class=
"spacer"><a href=
"index.html">Set up guide
</a></li>
50 <!--<li><a href="mac.html">macOS</a></li>-->
51 <!--<li><a href="windows.html">Windows</a></li>-->
52 <li class=
"spacer"><a href=
"workshops.html" class=
"current">Teach your friends
</a></li>
54 href=
"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email%20encryption%20for%20everyone%20via%20%40fsf">
56 <img src=
"../static/img/gnu-social.png" class=
"share-logo"
57 alt=
"[GNU Social]" />
58 <img src=
"../static/img/mastodon.png" class=
"share-logo"
59 alt=
"[Mastodon]" />
60 <img src=
"../static/img/reddit-alien.png" class=
"share-logo"
61 alt=
"[Reddit]" />
62 <img src=
"../static/img/hacker-news.png" class=
"share-logo"
63 alt=
"[Hacker News]" /></a></li>
66 <!-- ~~~~~~~~~ FSF Introduction ~~~~~~~~~ -->
69 <h3><a href=
"https://u.fsf.org/ys"><img
70 alt=
"Free Software Foundation"
71 src=
"../static/img/fsf-logo.png" />
74 <div class=
"fsf-emphasis">
76 <p>We want to translate this guide
77 into more languages, and make a version for encryption on mobile
78 devices. Please donate, and help people around the world take the first
79 step towards protecting their privacy with free software.
</p>
84 href=
"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate"><img
86 src=
"../static/img/en/donate.png" /></a></p>
88 </div><!-- End #fsf-intro -->
90 <!-- ~~~~~~~~~ Guide Introduction ~~~~~~~~~ -->
93 <p><a id=
"infographic"
94 href=
"infographic.html"><img
95 src=
"../static/img/en/infographic-button.png"
96 alt=
"View & share our infographic →" /></a>
97 Understanding and setting up email encryption sounds like a daunting task
98 to many people. That's why helping your friends with GnuPG plays such an
99 important role in helping spread encryption. Even if only one person shows
100 up, that's still one more person using encryption who wasn't before. You have
101 the power to help your friends keep their digital love letters private, and
102 teach them about the importance of free software. If you use GnuPG to send and
103 receive encrypted email, you're a perfect candidate for leading a workshop!
</p>
105 </div><!-- End .intro -->
106 </div></header><!-- End #header -->
108 <!-- ~~~~~~~~~ Section 1: Get your friends or community interested ~~~~~~~~~
110 <section style=
"padding-top: 0px;" class=
"row" id=
"section1">
111 <div style=
"padding-top: 0px;">
113 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
114 <div class=
"section-intro">
115 <p style=
"margin-top: 0px;" class=
"image"><img
116 src=
"../static/img/en/screenshots/workshop-section1-update.png"
117 alt=
"A small workshop among friends" /></p>
118 <h2><em>#
1</em> Get your friends or community interested
</h2>
120 <p>If you hear friends grumbling about their lack of privacy, ask them if
121 they're interested in attending a workshop on Email Self-Defense. If your
122 friends don't grumble about privacy, they may need some convincing. You might
123 even hear the classic
"if you've got nothing to hide, you've got nothing to
124 fear" argument against using encryption.
</p>
126 <p>Here are some talking points you can use to help explain why it's worth
127 it to learn GnuPG. Mix and match whichever you think will make sense to
130 </div><!-- End .section-intro -->
131 <div id=
"step-aa" class=
"step">
132 <div class=
"sidebar">
133 <!-- Workshops image commented out from here, to be used above instead.
135 <p><img id="workshops-image"
136 src="../static/img/en/screenshots/workshop-section1.png"
137 alt="Workshop icon"></p>-->
138 </div><!-- /.sidebar -->
141 <h3>Strength in numbers
</h3>
143 <p>Each person who chooses to resist mass surveillance with encryption makes
144 it easier for others to resist as well. People normalizing the use of strong
145 encryption has multiple powerful effects: it means those who need privacy
146 the most, like potential whistle-blowers and activists, are more likely to
147 learn about encryption. More people using encryption for more things also
148 makes it harder for surveillance systems to single out those that can't
149 afford to be found, and shows solidarity with those people.
</p>
151 </div><!-- End .main -->
154 <h3>People you respect may already be using encryption
</h3>
156 <p>Many journalists, whistleblowers, activists, and researchers use GnuPG,
157 so your friends might unknowingly have heard of a few people who use it
158 already. You can search for
"BEGIN PUBLIC KEY BLOCK" + keyword to help make
159 a list of people and organizations who use GnuPG whom your community will
160 likely recognize.
</p>
162 </div><!-- End .main -->
165 <h3>Respect your friends' privacy
</h3>
167 <p>There's no objective way to judge what constitutes privacy-sensitive
168 correspondence. As such, it's better not to presume that just because you
169 find an email you sent to a friend innocuous, your friend (or a surveillance
170 agent, for that matter!) feels the same way. Show your friends respect by
171 encrypting your correspondence with them.
</p>
173 </div><!-- End .main -->
176 <h3>Privacy technology is normal in the physical world
</h3>
178 <p>In the physical realm, we take window blinds, envelopes, and closed doors
179 for granted as ways of protecting our privacy. Why should the digital realm
180 be any different?
</p>
182 </div><!-- End .main -->
185 <h3>We shouldn't have to trust our email providers with our privacy
</h3>
187 <p>Some email providers are very trustworthy, but many have incentives not
188 to protect your privacy and security. To be empowered digital citizens,
189 we need to build our own security from the bottom up.
</p>
191 </div><!-- End .main -->
192 </div><!-- End #step-aa .step -->
193 </div></section><!-- End #section1 -->
195 <!-- ~~~~~~~~~ Section 2: Plan The Workshop ~~~~~~~~~ -->
196 <section class=
"row" id=
"section2"><div>
198 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
199 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
200 margin-bottom: 0px;">
202 <h2><em>#
2</em> Plan The Workshop
</h2>
204 <p>Once you've got at least one interested friend, pick a date and start
205 planning out the workshop. Tell participants to bring their computer and
206 ID (for signing each other's keys). If you'd like to make it easy for the
207 participants to use
<a href=
"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/">Diceware
</a> for choosing passphrases, get a pack of dice
208 beforehand. Make sure the location you select has an easily accessible
209 Internet connection, and make backup plans in case the connection stops
210 working on the day of the workshop. Libraries, coffee shops, and community
211 centers make great locations. Try to get all the participants to set up
212 an email client based on Thunderbird before the event. Direct them to their
213 email provider's IT department or help page if they run into errors.
</p>
215 <p>Estimate that the workshop will take at least forty minutes plus ten minutes
216 for each participant. Plan extra time for questions and technical glitches.
</p>
218 <p>The success of the workshop requires understanding and catering to
219 the unique backgrounds and needs of each group of participants. Workshops
220 should stay small, so that each participant receives more individualized
221 instruction. If more than a handful of people want to participate, keep the
222 facilitator to participant ratio high by recruiting more facilitators, or by
223 facilitating multiple workshops. Small workshops among friends work great!
</p>
225 </div><!-- End .section-intro -->
226 </div></section><!-- End #section2 -->
228 <!-- ~~~~~~~~~ Section 3: Follow The Guide ~~~~~~~~~ -->
229 <section class=
"row" id=
"section3"><div>
231 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
232 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
233 margin-bottom: 0px;">
235 <h2><em>#
3</em> Follow the guide as a group
</h2>
237 <p>Work through the Email Self-Defense guide a step at a time as a group. Talk
238 about the steps in detail, but make sure not to overload the participants
239 with minutia. Pitch the bulk of your instructions to the least tech-savvy
240 participants. Make sure all the participants complete each step before the
241 group moves on to the next one. Consider facilitating secondary workshops
242 afterwards for people that had trouble grasping the concepts, or those that
243 grasped them quickly and want to learn more.
</p>
245 <p>In
<a href=
"index.html#section2">Section
2</a> of the guide, make
246 sure the participants upload their keys to the same keyserver so that
247 they can immediately download each other's keys later (sometimes
248 there is a delay in synchronization between keyservers). During
<a
249 href=
"index.html#section3">Section
3</a>, give the participants the option to
250 send test messages to each other instead of or as well as Edward. Similarly,
251 in
<a href=
"index.html#section4">Section
4</a>, encourage the participants
252 to sign each other's keys. At the end, make sure to remind people to safely
253 back up their revocation certificates.
</p>
255 </div><!-- End .section-intro -->
258 <!-- ~~~~~~~~~ Section 4: Explain the pitfalls ~~~~~~~~~ -->
259 <section class=
"row" id=
"section4"><div>
261 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
262 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
263 margin-bottom: 0px;">
265 <h2><em>#
4</em> Explain the pitfalls
</h2>
267 <p>Remind participants that encryption works only when it's explicitly used;
268 they won't be able to send an encrypted email to someone who hasn't already
269 set up encryption. Also remind participants to double-check the encryption icon
270 before hitting send, and that subjects and timestamps are never encrypted.
</p>
273 href=
"https://www.gnu.org/proprietary/proprietary.html">dangers
274 of running a proprietary system
</a> and
275 advocate for free software, because without it, we can't
<a
276 href=
"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance">meaningfully
277 resist invasions of our digital privacy and autonomy
</a>.
</p>
279 </div><!-- End .section-intro -->
280 </div></section><!-- End #section4 -->
282 <!-- ~~~~~~~~~ Section 5: Explain The Pitfalls ~~~~~~~~~ -->
283 <section id=
"section5" class=
"row"><div>
285 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
286 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
287 margin-bottom: 0px;">
289 <h2><em>#
5</em> Share additional resources
</h2>
291 <p>GnuPG's advanced options are far too complex to teach in a single
292 workshop. If participants want to know more, point out the advanced subsections
293 in the guide and consider organizing another workshop. You can also share
294 <a href=
"https://www.gnupg.org/documentation/index.html">GnuPG's
</a>
295 official documentation and mailing lists, and the
<a href=
"https://libreplanet.org/wiki/GPG_guide/Public_Review">Email Self-Defense feedback
</a> page. Many GNU/Linux distribution's Web
296 sites also contain a page explaining some of GnuPG's advanced features.
</p>
298 </div><!-- End .section-intro -->
299 </div></section><!-- End #section5 -->
301 <!-- ~~~~~~~~~ Section 6: Next steps ~~~~~~~~~ -->
302 <section class=
"row" id=
"section6"><div>
304 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
305 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
306 margin-bottom: 0px;">
308 <h2><em>#
6</em> Follow up
</h2>
310 <p>Make sure everyone has shared email addresses and public key fingerprints
311 before they leave. Encourage the participants to continue to gain GnuPG
312 experience by emailing each other. Send them each an encrypted email one
313 week after the event, reminding them to try adding their public key ID to
314 places where they publicly list their email address.
</p>
316 <p>If you have any suggestions for improving this workshop guide, please
317 let us know at
<a href=
"mailto:campaigns@fsf.org">campaigns@fsf.org
</a>.
</p>
319 </div><!-- End .section-intro -->
320 </div></section><!-- End #section6 -->
321 <!-- ~~~~~~~~~ Footer ~~~~~~~~~ -->
322 <footer class=
"row" id=
"footer"><div>
325 <h4><a href=
"https://u.fsf.org/ys"><img
326 alt=
"Free Software Foundation"
327 src=
"../static/img/fsf-logo.png" /></a></h4>
329 <p>Copyright
© 2014-
2021 <a
330 href=
"https://u.fsf.org/ys">Free Software Foundation
</a>, Inc.
<a
331 href=
"https://my.fsf.org/donate/privacypolicy.html">Privacy Policy
</a>. Please
332 support our work by
<a href=
"https://u.fsf.org/yr">joining us as an associate
335 <p>The images on this page are under a
<a
336 href=
"https://creativecommons.org/licenses/by/4.0/">Creative Commons
337 Attribution
4.0 license (or later version)
</a>, and the rest of it is under
338 a
<a href=
"https://creativecommons.org/licenses/by-sa/4.0">Creative Commons
339 Attribution-ShareAlike
4.0 license (or later version)
</a>. Download the
<a
340 href=
"https://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz">
341 source code of Edward reply bot
</a> by Andrew Engelbrecht
342 <andrew@engelbrecht.io
> and Josh Drake
<zamnedix@gnu.org
>,
343 available under the GNU Affero General Public License.
<a
344 href=
"https://www.gnu.org/licenses/license-list.html#OtherLicenses">Why these
347 <p>Fonts used in the guide
& infographic:
<a
348 href=
"https://www.google.com/fonts/specimen/Dosis">Dosis
</a> by Pablo
349 Impallari,
<a href=
"https://www.google.com/fonts/specimen/Signika">Signika
</a>
350 by Anna Giedry
ś,
<a
351 href=
"https://www.google.com/fonts/specimen/Archivo+Narrow">Archivo
352 Narrow
</a> by Omnibus-Type,
<a
353 href=
"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls">PXL-
2000</a>
354 by Florian Cramer.
</p>
356 <p>Download the
<a href=
"emailselfdefense_source.zip">source package
</a>
357 for this guide, including fonts, image source files and the text of Edward's
360 <p>This site uses the Weblabels standard for labeling
<a
361 href=
"https://www.fsf.org/campaigns/freejs">free JavaScript
</a>. View
362 the JavaScript
<a href=
"https://weblabels.fsf.org/emailselfdefense.fsf.org/"
363 rel=
"jslicense">source code and license information
</a>.
</p>
365 </div><!-- /#copyright -->
367 <p class=
"credits">Infographic and guide design by
<a rel=
"external"
368 href=
"https://jplusplus.org"><strong>Journalism++
</strong><img
369 src=
"../static/img/jplusplus.png"
370 alt=
"Journalism++" /></a></p><!-- /.credits -->
371 </div></footer><!-- End #footer -->
373 <script type=
"text/javascript"
374 src=
"../static/js/jquery-1.11.0.min.js"></script>
375 <script type=
"text/javascript"
376 src=
"../static/js/scripts.js"></script>
378 <script type=
"text/javascript">
379 // @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3
&dn=gpl-
2.0.txt GPL-
2.0-or-later
380 var _paq = _paq || [];
381 _paq.push([
"trackPageView"]);
382 _paq.push([
"enableLinkTracking"]);
385 var u = ((
"https:" == document.location.protocol) ?
"https" :
"http") +
"://"+
"piwik.fsf.org//";
386 _paq.push([
"setTrackerUrl", u+
"piwik.php"]);
387 _paq.push([
"setSiteId",
"13"]);
388 var d=document, g=d.createElement(
"script"), s=d.getElementsByTagName(
"script")[
0]; g.
type=
"text/javascript";
389 g.defer=true; g.async=true; g.src=u+
"piwik.js"; s.parentNode.insertBefore(g,s);
393 <!-- End Piwik Code -->
394 <!-- Piwik Image Tracker -->
395 <!-- <noscript><img src="https://piwik.fsf.org//piwik.php?idsite=13&rec=1" style="border:0" alt="" /></noscript> -->