4 <meta http-equiv=
"content-type" content=
"text/html; charset=utf-8" />
5 <title>Email Self-Defense - a guide to fighting surveillance with GnuPG
7 <meta name=
"keywords" content=
"GnuPG, GPG, openpgp, surveillance, privacy,
8 email, security, GnuPG2, encryption" />
9 <meta name=
"description" content=
"Email surveillance violates our fundamental
10 rights and makes free speech risky. This guide will teach you email
11 self-defense in 40 minutes with GnuPG." />
12 <meta name=
"viewport" content=
"width=device-width, initial-scale=1" />
13 <link rel=
"stylesheet" href=
"../static/css/main.css" />
14 <link rel=
"shortcut icon"
15 href=
"../static/img/favicon.ico" />
19 <!--<div style="text-align: center; padding: 2.5px; background-color: #a94442; color:#fcf8e3;"><p>Due to Enigmail's PGP functionality being migrated into Icedove and Thunderbird, steps 2 and 3 of the guide are currently out of date.</p><p> Thank you for your patience while we're working on a new round of updates.</p></div>-->
21 <!-- ~~~~~~~~~ GnuPG Header and introduction text ~~~~~~~~~ -->
22 <header class=
"row" id=
"header"><div>
24 <h1>Email Self-Defense
</h1>
26 <!-- Language list for browsers that do not have JS enabled -->
27 <ul id=
"languages" class=
"os">
28 <li><a class=
"current" href=
"/en">English - v5.0
</a></li>
29 <li><a href=
"/es">español - v5.0
</a></li>
30 <li><a href=
"/fr">français - v5.0
</a></li>
31 <li><a href=
"/tr">Türkçe - v5.0
</a></li>
32 <!--<li><a href="/cs">čeština - v4.0</a></li>
33 <li><a href="/de">Deutsch - v4.0</a></li>
34 <li><a href="/el">ελληνικά - v3.0</a></li>
35 <li><a href="/fa">فارسی - v4.0</a></li>-->
36 <li><a href=
"/it">italiano - v5.0
</a></li>
37 <!--<li><a href="/ja">日本語 - v4.0</a></li>-->
38 <li><a href=
"/pl">polski - v5.0
</a></li>
39 <!--<li><a href="/pt-br">português do Brasil - v3.0</a></li>
40 <li><a href="/ro">română - v3.0</a></li>-->
41 <li><a href=
"/ru">русский - v5.0
</a></li>
42 <li><a href=
"/sq">Shqip - v5.0
</a></li>
43 <!--<li><a href="/sv">svenska - v4.0</a></li>-->
44 <li><a href=
"/zh-hans">简体中文 - v5.0
</a></li>
45 <li><strong><a href=
"https://libreplanet.org/wiki/GPG_guide/Translation_Guide">
46 Translate!
</a></strong></li>
49 <ul id=
"menu" class=
"os">
50 <li class=
"spacer"><a href=
"index.html">Set up guide
</a></li>
51 <!--<li><a href="mac.html">macOS</a></li>-->
52 <!--<li><a href="windows.html">Windows</a></li>-->
53 <li class=
"spacer"><a href=
"workshops.html" class=
"current">Teach your friends
</a></li>
55 href=
"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email%20encryption%20for%20everyone%20via%20%40fsf">
57 <img src=
"../static/img/gnu-social.png" class=
"share-logo"
58 alt=
"[GNU Social]" />
59 <img src=
"../static/img/mastodon.png" class=
"share-logo"
60 alt=
"[Mastodon]" />
61 <img src=
"../static/img/reddit-alien.png" class=
"share-logo"
62 alt=
"[Reddit]" />
63 <img src=
"../static/img/hacker-news.png" class=
"share-logo"
64 alt=
"[Hacker News]" /></a></li>
67 <!-- ~~~~~~~~~ FSF Introduction ~~~~~~~~~ -->
70 <h3><a href=
"https://u.fsf.org/ys"><img
71 alt=
"Free Software Foundation"
72 src=
"../static/img/fsf-logo.png" />
75 <div class=
"fsf-emphasis">
77 <p>We want to translate this guide
78 into more languages, and make a version for encryption on mobile
79 devices. Please donate, and help people around the world take the first
80 step towards protecting their privacy with free software.
</p>
85 href=
"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate"><img
87 src=
"../static/img/en/donate.png" /></a></p>
89 </div><!-- End #fsf-intro -->
91 <!-- ~~~~~~~~~ Guide Introduction ~~~~~~~~~ -->
94 <p><a id=
"infographic"
95 href=
"infographic.html"><img
96 src=
"../static/img/en/infographic-button.png"
97 alt=
"View & share our infographic →" /></a>
98 Understanding and setting up email encryption sounds like a daunting task
99 to many people. That's why helping your friends with GnuPG plays such an
100 important role in helping spread encryption. Even if only one person shows
101 up, that's still one more person using encryption who wasn't before. You have
102 the power to help your friends keep their digital love letters private, and
103 teach them about the importance of free software. If you use GnuPG to send and
104 receive encrypted email, you're a perfect candidate for leading a workshop!
</p>
106 </div><!-- End .intro -->
107 </div></header><!-- End #header -->
109 <!-- ~~~~~~~~~ Section 1: Get your friends or community interested ~~~~~~~~~
111 <section style=
"padding-top: 0px;" class=
"row" id=
"section1">
112 <div style=
"padding-top: 0px;">
114 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
115 <div class=
"section-intro">
116 <p style=
"margin-top: 0px;" class=
"image"><img
117 src=
"../static/img/en/screenshots/workshop-section1-update.png"
118 alt=
"A small workshop among friends" /></p>
119 <h2><em>#
1</em> Get your friends or community interested
</h2>
121 <p>If you hear friends grumbling about their lack of privacy, ask them if
122 they're interested in attending a workshop on Email Self-Defense. If your
123 friends don't grumble about privacy, they may need some convincing. You might
124 even hear the classic
"if you've got nothing to hide, you've got nothing to
125 fear" argument against using encryption.
</p>
127 <p>Here are some talking points you can use to help explain why it's worth
128 it to learn GnuPG. Mix and match whichever you think will make sense to
131 </div><!-- End .section-intro -->
132 <div id=
"step-aa" class=
"step">
133 <div class=
"sidebar">
134 <!-- Workshops image commented out from here, to be used above instead.
136 <p><img id="workshops-image"
137 src="../static/img/en/screenshots/workshop-section1.png"
138 alt="Workshop icon"></p>-->
139 </div><!-- /.sidebar -->
142 <h3>Strength in numbers
</h3>
144 <p>Each person who chooses to resist mass surveillance with encryption makes
145 it easier for others to resist as well. People normalizing the use of strong
146 encryption has multiple powerful effects: it means those who need privacy
147 the most, like potential whistle-blowers and activists, are more likely to
148 learn about encryption. More people using encryption for more things also
149 makes it harder for surveillance systems to single out those that can't
150 afford to be found, and shows solidarity with those people.
</p>
152 </div><!-- End .main -->
155 <h3>People you respect may already be using encryption
</h3>
157 <p>Many journalists, whistleblowers, activists, and researchers use GnuPG,
158 so your friends might unknowingly have heard of a few people who use it
159 already. You can search for
"BEGIN PUBLIC KEY BLOCK" + keyword to help make
160 a list of people and organizations who use GnuPG whom your community will
161 likely recognize.
</p>
163 </div><!-- End .main -->
166 <h3>Respect your friends' privacy
</h3>
168 <p>There's no objective way to judge what constitutes privacy-sensitive
169 correspondence. As such, it's better not to presume that just because you
170 find an email you sent to a friend innocuous, your friend (or a surveillance
171 agent, for that matter!) feels the same way. Show your friends respect by
172 encrypting your correspondence with them.
</p>
174 </div><!-- End .main -->
177 <h3>Privacy technology is normal in the physical world
</h3>
179 <p>In the physical realm, we take window blinds, envelopes, and closed doors
180 for granted as ways of protecting our privacy. Why should the digital realm
181 be any different?
</p>
183 </div><!-- End .main -->
186 <h3>We shouldn't have to trust our email providers with our privacy
</h3>
188 <p>Some email providers are very trustworthy, but many have incentives not
189 to protect your privacy and security. To be empowered digital citizens,
190 we need to build our own security from the bottom up.
</p>
192 </div><!-- End .main -->
193 </div><!-- End #step-aa .step -->
194 </div></section><!-- End #section1 -->
196 <!-- ~~~~~~~~~ Section 2: Plan The Workshop ~~~~~~~~~ -->
197 <section class=
"row" id=
"section2"><div>
199 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
200 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
201 margin-bottom: 0px;">
203 <h2><em>#
2</em> Plan The Workshop
</h2>
205 <p>Once you've got at least one interested friend, pick a date and start
206 planning out the workshop. Tell participants to bring their computer and
207 ID (for signing each other's keys). If you'd like to make it easy for the
208 participants to use
<a href=
"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/">Diceware
</a> for choosing passphrases, get a pack of dice
209 beforehand. Make sure the location you select has an easily accessible
210 Internet connection, and make backup plans in case the connection stops
211 working on the day of the workshop. Libraries, coffee shops, and community
212 centers make great locations. Try to get all the participants to set up
213 an email client based on Thunderbird before the event. Direct them to their
214 email provider's IT department or help page if they run into errors.
</p>
216 <p>Estimate that the workshop will take at least forty minutes plus ten minutes
217 for each participant. Plan extra time for questions and technical glitches.
</p>
219 <p>The success of the workshop requires understanding and catering to
220 the unique backgrounds and needs of each group of participants. Workshops
221 should stay small, so that each participant receives more individualized
222 instruction. If more than a handful of people want to participate, keep the
223 facilitator to participant ratio high by recruiting more facilitators, or by
224 facilitating multiple workshops. Small workshops among friends work great!
</p>
226 </div><!-- End .section-intro -->
227 </div></section><!-- End #section2 -->
229 <!-- ~~~~~~~~~ Section 3: Follow The Guide ~~~~~~~~~ -->
230 <section class=
"row" id=
"section3"><div>
232 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
233 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
234 margin-bottom: 0px;">
236 <h2><em>#
3</em> Follow the guide as a group
</h2>
238 <p>Work through the Email Self-Defense guide a step at a time as a group. Talk
239 about the steps in detail, but make sure not to overload the participants
240 with minutia. Pitch the bulk of your instructions to the least tech-savvy
241 participants. Make sure all the participants complete each step before the
242 group moves on to the next one. Consider facilitating secondary workshops
243 afterwards for people that had trouble grasping the concepts, or those that
244 grasped them quickly and want to learn more.
</p>
246 <p>In
<a href=
"index.html#section2">Section
2</a> of the guide, make
247 sure the participants upload their keys to the same keyserver so that
248 they can immediately download each other's keys later (sometimes
249 there is a delay in synchronization between keyservers). During
<a
250 href=
"index.html#section3">Section
3</a>, give the participants the option to
251 send test messages to each other instead of or as well as Edward. Similarly,
252 in
<a href=
"index.html#section4">Section
4</a>, encourage the participants
253 to sign each other's keys. At the end, make sure to remind people to safely
254 back up their revocation certificates.
</p>
256 </div><!-- End .section-intro -->
259 <!-- ~~~~~~~~~ Section 4: Explain the pitfalls ~~~~~~~~~ -->
260 <section class=
"row" id=
"section4"><div>
262 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
263 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
264 margin-bottom: 0px;">
266 <h2><em>#
4</em> Explain the pitfalls
</h2>
268 <p>Remind participants that encryption works only when it's explicitly used;
269 they won't be able to send an encrypted email to someone who hasn't already
270 set up encryption. Also remind participants to double-check the encryption icon
271 before hitting send, and that subjects and timestamps are never encrypted.
</p>
274 href=
"https://www.gnu.org/proprietary/proprietary.html">dangers
275 of running a proprietary system
</a> and
276 advocate for free software, because without it, we can't
<a
277 href=
"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance">meaningfully
278 resist invasions of our digital privacy and autonomy
</a>.
</p>
280 </div><!-- End .section-intro -->
281 </div></section><!-- End #section4 -->
283 <!-- ~~~~~~~~~ Section 5: Explain The Pitfalls ~~~~~~~~~ -->
284 <section id=
"section5" class=
"row"><div>
286 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
287 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
288 margin-bottom: 0px;">
290 <h2><em>#
5</em> Share additional resources
</h2>
292 <p>GnuPG's advanced options are far too complex to teach in a single
293 workshop. If participants want to know more, point out the advanced subsections
294 in the guide and consider organizing another workshop. You can also share
295 <a href=
"https://www.gnupg.org/documentation/index.html">GnuPG's
</a>
296 official documentation and mailing lists, and the
<a href=
"https://libreplanet.org/wiki/GPG_guide/Public_Review">Email Self-Defense feedback
</a> page. Many GNU/Linux distribution's Web
297 sites also contain a page explaining some of GnuPG's advanced features.
</p>
299 </div><!-- End .section-intro -->
300 </div></section><!-- End #section5 -->
302 <!-- ~~~~~~~~~ Section 6: Next steps ~~~~~~~~~ -->
303 <section class=
"row" id=
"section6"><div>
305 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
306 <div class=
"section-intro" style=
"border: none; padding-bottom: 0px;
307 margin-bottom: 0px;">
309 <h2><em>#
6</em> Follow up
</h2>
311 <p>Make sure everyone has shared email addresses and public key fingerprints
312 before they leave. Encourage the participants to continue to gain GnuPG
313 experience by emailing each other. Send them each an encrypted email one
314 week after the event, reminding them to try adding their public key ID to
315 places where they publicly list their email address.
</p>
317 <p>If you have any suggestions for improving this workshop guide, please
318 let us know at
<a href=
"mailto:campaigns@fsf.org">campaigns@fsf.org
</a>.
</p>
320 </div><!-- End .section-intro -->
321 </div></section><!-- End #section6 -->
322 <!-- ~~~~~~~~~ Footer ~~~~~~~~~ -->
323 <footer class=
"row" id=
"footer"><div>
326 <h4><a href=
"https://u.fsf.org/ys"><img
327 alt=
"Free Software Foundation"
328 src=
"../static/img/fsf-logo.png" /></a></h4>
330 <p>Copyright
© 2014-
2021 <a
331 href=
"https://u.fsf.org/ys">Free Software Foundation
</a>, Inc.
<a
332 href=
"https://my.fsf.org/donate/privacypolicy.html">Privacy Policy
</a>. Please
333 support our work by
<a href=
"https://u.fsf.org/yr">joining us as an associate
336 <p>The images on this page are under a
<a
337 href=
"https://creativecommons.org/licenses/by/4.0/">Creative Commons
338 Attribution
4.0 license (or later version)
</a>, and the rest of it is under
339 a
<a href=
"https://creativecommons.org/licenses/by-sa/4.0">Creative Commons
340 Attribution-ShareAlike
4.0 license (or later version)
</a>. Download the
<a
341 href=
"https://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz">
342 source code of Edward reply bot
</a> by Andrew Engelbrecht
343 <andrew@engelbrecht.io
> and Josh Drake
<zamnedix@gnu.org
>,
344 available under the GNU Affero General Public License.
<a
345 href=
"https://www.gnu.org/licenses/license-list.html#OtherLicenses">Why these
348 <p>Fonts used in the guide
& infographic:
<a
349 href=
"https://www.google.com/fonts/specimen/Dosis">Dosis
</a> by Pablo
350 Impallari,
<a href=
"https://www.google.com/fonts/specimen/Signika">Signika
</a>
351 by Anna Giedry
ś,
<a
352 href=
"https://www.google.com/fonts/specimen/Archivo+Narrow">Archivo
353 Narrow
</a> by Omnibus-Type,
<a
354 href=
"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls">PXL-
2000</a>
355 by Florian Cramer.
</p>
357 <p>Download the
<a href=
"emailselfdefense_source.zip">source package
</a>
358 for this guide, including fonts, image source files and the text of Edward's
361 <p>This site uses the Weblabels standard for labeling
<a
362 href=
"https://www.fsf.org/campaigns/freejs">free JavaScript
</a>. View
363 the JavaScript
<a href=
"https://weblabels.fsf.org/emailselfdefense.fsf.org/"
364 rel=
"jslicense">source code and license information
</a>.
</p>
366 </div><!-- /#copyright -->
368 <p class=
"credits">Infographic and guide design by
<a rel=
"external"
369 href=
"https://jplusplus.org"><strong>Journalism++
</strong><img
370 src=
"../static/img/jplusplus.png"
371 alt=
"Journalism++" /></a></p><!-- /.credits -->
372 </div></footer><!-- End #footer -->
374 <script type=
"text/javascript"
375 src=
"../static/js/jquery-1.11.0.min.js"></script>
376 <script type=
"text/javascript"
377 src=
"../static/js/scripts.js"></script>
379 <script type=
"text/javascript">
380 // @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3
&dn=gpl-
2.0.txt GPL-
2.0-or-later
381 var _paq = _paq || [];
382 _paq.push([
"trackPageView"]);
383 _paq.push([
"enableLinkTracking"]);
386 var u = ((
"https:" == document.location.protocol) ?
"https" :
"http") +
"://"+
"piwik.fsf.org//";
387 _paq.push([
"setTrackerUrl", u+
"piwik.php"]);
388 _paq.push([
"setSiteId",
"13"]);
389 var d=document, g=d.createElement(
"script"), s=d.getElementsByTagName(
"script")[
0]; g.
type=
"text/javascript";
390 g.defer=true; g.async=true; g.src=u+
"piwik.js"; s.parentNode.insertBefore(g,s);
394 <!-- End Piwik Code -->
395 <!-- Piwik Image Tracker -->
396 <!-- <noscript><img src="https://piwik.fsf.org//piwik.php?idsite=13&rec=1" style="border:0" alt="" /></noscript> -->