1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the emailselfdefense package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
9 "Project-Id-Version: emailselfdefense ersion\n"
10 "POT-Creation-Date: 2018-06-23 08:15+0200\n"
11 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: 8bit\n"
19 #. type: Attribute 'lang' of: <html>
23 #. type: Attribute 'content' of: <html><head><meta>
24 msgid "text/html; charset=utf-8"
27 #. type: Content of: <html><head><title>
28 msgid "Email Self-Defense - a guide to fighting surveillance with GnuPG encryption"
31 #. type: Attribute 'content' of: <html><head><meta>
32 msgid "GnuPG, GPG, privacy, email, Enigmail"
35 #. type: Attribute 'content' of: <html><head><meta>
37 "Email surveillance violates our fundamental rights and makes free speech "
38 "risky. This guide will teach you email self-defense in 40 minutes with "
42 #. type: Attribute 'content' of: <html><head><meta>
43 msgid "width=device-width, initial-scale=1"
46 #. type: Content of: <html><body><header><div><p>
48 "<strong>Please check your email for a confirmation link now. Thanks for "
49 "joining our list!</strong>"
52 #. type: Content of: <html><body><header><div><p>
54 "If you don't receive the confirmation link, send us an email at info@fsf.org "
55 "to be added manually."
58 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
62 #. type: Content of: <html><body><header><div><p>
63 msgid "Join us on microblogging services for day-to-day updates:"
66 #. type: Content of: <html><body><section><div><div><div><p><a>
67 msgid "<a href=\"https://status.fsf.org/fsf\">"
70 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
74 #. type: Content of: <html><body><section><div><div><div><p><a>
75 msgid " GNU Social</a> | <a href=\"http://microca.st/fsf\">"
78 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
82 #. type: Content of: <html><body><section><div><div><div><p>
84 " Pump.io</a> | <a "
85 "href=\"https://www.twitter.com/fsf\">Twitter</a>"
88 #. type: Content of: <html><body><header><div><p>
90 "<small><a href=\"https://www.fsf.org/twitter\">Read why GNU Social and "
91 "Pump.io are better than Twitter.</a></small>"
94 #. type: Content of: <html><body><header><div><p>
95 msgid "← Return to <a href=\"index.html\">Email Self-Defense</a>"
98 #. type: Content of: <html><body><footer><div><div><h4><a>
99 msgid "<a href=\"https://u.fsf.org/ys\">"
102 #. type: Attribute 'alt' of: <html><body><footer><div><div><h4><a><img>
103 msgid "Free Software Foundation"
106 #. type: Content of: <html><body><footer><div><p>
110 #. type: Content of: <html><body><footer><div><div><p>
112 "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software "
113 "Foundation</a>, Inc. <a "
114 "href=\"https://my.fsf.org/donate/privacypolicy.html\">Privacy "
115 "Policy</a>. Please support our work by <a "
116 "href=\"https://u.fsf.org/yr\">joining us as an associate member.</a>"
119 #. type: Content of: <html><body><footer><div><div><p>
121 "The images on this page are under a <a "
122 "href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons "
123 "Attribution 4.0 license (or later version)</a>, and the rest of it is under "
124 "a <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative "
125 "Commons Attribution-ShareAlike 4.0 license (or later version)</a>. Download "
127 "href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\">source "
128 "code of Edward reply bot</a> by Andrew Engelbrecht "
129 "<sudoman@ninthfloor.org> and Josh Drake <zamnedix@gnu.org>, "
130 "available under the GNU Affero General Public License. <a "
131 "href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Why "
132 "these licenses?</a>"
135 #. type: Content of: <html><body><footer><div><div><p>
137 "Fonts used in the guide & infographic: <a "
138 "href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo "
140 "href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna "
142 "href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo "
143 "Narrow</a> by Omnibus-Type, <a "
144 "href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> "
148 #. type: Content of: <html><body><footer><div><div><p>
150 "Download the <a href=\"emailselfdefense_source.zip\">source package</a> for "
151 "this guide, including fonts, image source files and the text of Edward's "
155 #. type: Content of: <html><body><footer><div><div><p>
157 "This site uses the Weblabels standard for labeling <a "
158 "href=\"https://www.fsf.org/campaigns/freejs\">free JavaScript</a>. View the "
159 "JavaScript <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" "
160 "rel=\"jslicense\">source code and license information</a>."
163 #. type: Content of: <html><body><footer><div><p><a>
165 "Infographic and guide design by <a rel=\"external\" "
166 "href=\"http://jplusplus.org\"><strong>Journalism++</strong>"
169 #. type: Attribute 'alt' of: <html><body><footer><div><p><a><img>
173 #. type: Attribute 'content' of: <html><head><meta>
174 msgid "GnuPG, GPG, openpgp, surveillance, privacy, email, Enigmail"
177 #. type: Content of: <html><body><header><div><h1>
178 msgid "Email Self-Defense"
181 #. type: Content of: <html><body><header><div><ul><li>
182 msgid "<a class=\"current\" href=\"/en\">English - v4.0</a>"
185 #. type: Content of: <html><body><header><div><ul><li>
186 msgid "<a href=\"/ar\">العربية <span class=\"tip\">tip</span></a>"
189 #. type: Content of: <html><body><header><div><ul><li>
190 msgid "<a href=\"/cs\">Čeština - v4.0</a>"
193 #. type: Content of: <html><body><header><div><ul><li>
194 msgid "<a href=\"/de\">Deutsch - v3.0</a>"
197 #. type: Content of: <html><body><header><div><ul><li>
198 msgid "<a href=\"/el\">ελληνικά - v3.0</a>"
201 #. type: Content of: <html><body><header><div><ul><li>
202 msgid "<a href=\"/es\">español - v4.0</a>"
205 #. type: Content of: <html><body><header><div><ul><li>
206 msgid "<a href=\"/fa\">فارسی - v4.0</a>"
209 #. type: Content of: <html><body><header><div><ul><li>
210 msgid "<a href=\"/fr\">français - v4.0</a>"
213 #. type: Content of: <html><body><header><div><ul><li>
214 msgid "<a href=\"/it\">italiano - v3.0</a>"
217 #. type: Content of: <html><body><header><div><ul><li>
218 msgid "<a href=\"/ja\">日本語 - v4.0</a>"
221 #. type: Content of: <html><body><header><div><ul><li>
222 msgid "<a href=\"/ko\">한국어 <span class=\"tip\">tip</span></a>"
225 #. type: Content of: <html><body><header><div><ul><li>
226 msgid "<a href=\"/ml\">മലയാളം <span class=\"tip\">tip</span></a>"
229 #. type: Content of: <html><body><header><div><ul><li>
230 msgid "<a href=\"/pt-br\">português do Brasil - v3.0</a>"
233 #. type: Content of: <html><body><header><div><ul><li>
234 msgid "<a href=\"/ro\">română - v3.0</a>"
237 #. type: Content of: <html><body><header><div><ul><li>
238 msgid "<a href=\"/ru\">русский - v4.0</a>"
241 #. type: Content of: <html><body><header><div><ul><li>
242 msgid "<a href=\"/sq\">Shqip - v4.0</a>"
245 #. type: Content of: <html><body><header><div><ul><li>
246 msgid "<a href=\"/sv\">svenska - v4.0</a>"
249 #. type: Content of: <html><body><header><div><ul><li>
250 msgid "<a href=\"/tr\">Türkçe - v4.0</a>"
253 #. type: Content of: <html><body><header><div><ul><li>
254 msgid "<a href=\"/zh-hans\">简体中文 <span class=\"tip\">tip</span></a>"
257 #. type: Content of: <html><body><header><div><ul><li>
260 "href=\"https://libreplanet.org/wiki/GPG_guide/Translation_Guide\"><strong><span "
261 "style=\"color: #2F5FAA;\">Translate!</span></strong></a>"
264 #. type: Content of: <html><body><header><div><ul><li>
265 msgid "<a href=\"index.html\" class=\"current\">GNU/Linux</a>"
268 #. type: Content of: <html><body><header><div><ul><li>
269 msgid "<a href=\"mac.html\">Mac OS</a>"
272 #. type: Content of: <html><body><header><div><ul><li>
273 msgid "<a href=\"windows.html\">Windows</a>"
276 #. type: Content of: <html><body><header><div><ul><li>
277 msgid "<a href=\"workshops.html\">Teach your friends</a>"
280 #. type: Content of: <html><body><header><div><ul><li><a>
282 "<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email "
283 "encryption for everyone via %40fsf\">Share "
286 #. type: Content of: <html><body><header><div><ul><li><a>
290 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
294 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
295 msgid "[Hacker News]"
298 #. type: Content of: <html><body><header><div><div><h3><a>
299 msgid "<a href=\"http://u.fsf.org/ys\">"
302 #. type: Content of: <html><body><header><div><div><div><p>
304 "We fight for computer users' rights, and promote the development of free (as "
305 "in freedom) software. Resisting bulk surveillance is very important to us."
308 #. type: Content of: <html><body><header><div><div><div><p>
310 "<strong>Please donate to support Email Self-Defense. We need to keep "
311 "improving it, and making more materials, for the benefit of people around "
312 "the world taking the first step towards protecting their privacy.</strong>"
315 #. type: Content of: <html><body><header><div><div><p><a>
318 "href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate\">"
321 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
325 #. type: Content of: <html><body><header><div><div><p><a>
326 msgid "<a id=\"infographic\" href=\"infographic.html\">"
329 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
330 msgid "View & share our infographic →"
333 #. type: Content of: <html><body><header><div><div><p>
335 "</a> Bulk surveillance violates our fundamental rights and makes free speech "
336 "risky. This guide will teach you a basic surveillance self-defense skill: "
337 "email encryption. Once you've finished, you'll be able to send and receive "
338 "emails that are scrambled to make sure a surveillance agent or thief "
339 "intercepting your email can't read them. All you need is a computer with an "
340 "Internet connection, an email account, and about forty minutes."
343 #. type: Content of: <html><body><header><div><div><p>
345 "Even if you have nothing to hide, using encryption helps protect the privacy "
346 "of people you communicate with, and makes life difficult for bulk "
347 "surveillance systems. If you do have something important to hide, you're in "
348 "good company; these are the same tools that whistleblowers use to protect "
349 "their identities while shining light on human rights abuses, corruption and "
353 #. type: Content of: <html><body><header><div><div><p>
355 "In addition to using encryption, standing up to surveillance requires "
356 "fighting politically for a <a "
357 "href=\"http://gnu.org/philosophy/surveillance-vs-democracy.html\">reduction "
358 "in the amount of data collected on us</a>, but the essential first step is "
359 "to protect yourself and make surveillance of your communication as difficult "
360 "as possible. This guide helps you do that. It is designed for beginners, but "
361 "if you already know the basics of GnuPG or are an experienced free software "
362 "user, you'll enjoy the advanced tips and the <a "
363 "href=\"workshops.html\">guide to teaching your friends</a>."
366 #. type: Content of: <html><body><section><div><div><h2>
367 msgid "<em>#1</em> Get the pieces"
370 #. type: Content of: <html><body><section><div><div><p>
372 "This guide relies on software which is <a "
373 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
374 "it's completely transparent and anyone can copy it or make their own "
375 "version. This makes it safer from surveillance than proprietary software "
376 "(like Windows). Learn more about free software at <a "
377 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
380 #. type: Content of: <html><body><section><div><div><p>
382 "Most GNU/Linux operating systems come with GnuPG installed on them, so you "
383 "don't have to download it. Before configuring GnuPG though, you'll need the "
384 "IceDove desktop email program installed on your computer. Most GNU/Linux "
385 "distributions have IceDove installed already, though it may be under the "
386 "alternate name \"Thunderbird.\" Email programs are another way to access the "
387 "same email accounts you can access in a browser (like Gmail), but provide "
391 #. type: Content of: <html><body><section><div><div><p>
393 "If you already have an email program, you can skip to <a "
394 "href=\"#step-1b\">Step 1.b</a>."
397 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
398 msgid "Step 1.A: Install Wizard"
401 #. type: Content of: <html><body><section><div><div><div><h3>
402 msgid "<em>Step 1.a</em> Set up your email program with your email account"
405 #. type: Content of: <html><body><section><div><div><div><p>
407 "Open your email program and follow the wizard (step-by-step walkthrough) "
408 "that sets it up with your email account."
411 #. type: Content of: <html><body><section><div><div><div><p>
413 "Look for the letters SSL, TLS, or STARTTLS to the right of the servers when "
414 "you're setting up your account. If you don't see them, you will still be "
415 "able to use encryption, but this means that the people running your email "
416 "system are running behind the industry standard in protecting your security "
417 "and privacy. We recommend that you send them a friendly email asking them to "
418 "enable SSL, TLS, or STARTTLS for your email server. They will know what "
419 "you're talking about, so it's worth making the request even if you aren't an "
420 "expert on these security systems."
423 #. type: Content of: <html><body><section><div><div><div><div><h4>
424 msgid "Troubleshooting"
427 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
428 msgid "The wizard doesn't launch"
431 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
433 "You can launch the wizard yourself, but the menu option for doing so is "
434 "named differently in each email program. The button to launch it will be in "
435 "the program's main menu, under \"New\" or something similar, titled "
436 "something like \"Add account\" or \"New/Existing email account.\""
439 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
440 msgid "The wizard can't find my account or isn't downloading my mail"
443 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
445 "Before searching the Web, we recommend you start by asking other people who "
446 "use your email system, to figure out the correct settings."
449 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
450 msgid "Don't see a solution to your problem?"
453 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
455 "Please let us know on the <a "
456 "href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">feedback "
460 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
461 msgid "Step 1.B: Tools -> Add-ons"
464 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
465 msgid "Step 1.B: Search Add-ons"
468 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
469 msgid "Step 1.B: Install Add-ons"
472 #. type: Content of: <html><body><section><div><div><div><h3>
473 msgid "<em>Step 1.b</em> Install the Enigmail plugin for your email program"
476 #. type: Content of: <html><body><section><div><div><div><p>
478 "In your email program's menu, select Add-ons (it may be in the Tools "
479 "section). Make sure Extensions is selected on the left. Do you see Enigmail? "
480 "Make sure it's the latest version. If so, skip this step."
483 #. type: Content of: <html><body><section><div><div><div><p>
485 "If not, search \"Enigmail\" with the search bar in the upper right. You can "
486 "take it from here. Restart your email program when you're done."
489 #. type: Content of: <html><body><section><div><div><div><p>
491 "There are major security flaws in versions of GnuPG prior to 2.2.8, and "
492 "Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, "
496 #. type: Content of: <html><body><section><div><div><div><p>
498 "Note: As of June 18, 2018, GnuPG 2.2.8 is unavailable for Debian stable and "
502 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
503 msgid "I can't find the menu."
506 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
508 "In many new email programs, the main menu is represented by an image of "
509 "three stacked horizontal bars."
512 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
513 msgid "My email looks weird"
516 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
518 "Enigmail doesn't tend to play nice with HTML, which is used to format "
519 "emails, so it may disable your HTML formatting automatically. To send an "
520 "HTML-formatted email without encryption or a signature, hold down the Shift "
521 "key when you select compose. You can then write an email as if Enigmail "
525 #. type: Content of: <html><body><section><div><div><h2>
526 msgid "<em>#2</em> Make your keys"
529 #. type: Content of: <html><body><section><div><div><p>
531 "To use the GnuPG system, you'll need a public key and a private key (known "
532 "together as a keypair). Each is a long string of randomly generated numbers "
533 "and letters that are unique to you. Your public and private keys are linked "
534 "together by a special mathematical function."
537 #. type: Content of: <html><body><section><div><div><p>
539 "Your public key isn't like a physical key, because it's stored in the open "
540 "in an online directory called a keyserver. People download it and use it, "
541 "along with GnuPG, to encrypt emails they send to you. You can think of the "
542 "keyserver as a phonebook; people who want to send you encrypted email can "
543 "look up your public key."
546 #. type: Content of: <html><body><section><div><div><p>
548 "Your private key is more like a physical key, because you keep it to "
549 "yourself (on your computer). You use GnuPG and your private key together to "
550 "descramble encrypted emails other people send to you. <span "
551 "style=\"font-weight: bold;\">You should never share you private key with "
552 "anyone, under any circumstances.</span>"
555 #. type: Content of: <html><body><section><div><div><p>
557 "In addition to encryption and decryption, you can also use these keys to "
558 "sign messages and check the authenticity of other people's signatures. We'll "
559 "discuss this more in the next section."
562 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
563 msgid "Step 2.A: Make a Keypair"
566 #. type: Content of: <html><body><section><div><div><div><h3>
567 msgid "<em>Step 2.a</em> Make a keypair"
570 #. type: Content of: <html><body><section><div><div><div><p>
572 "The Enigmail Setup wizard may start automatically. If it doesn't, select "
573 "Enigmail → Setup Wizard from your email program's menu. You don't need "
574 "to read the text in the window that pops up unless you'd like to, but it's "
575 "good to read the text on the later screens of the wizard. Click Next with "
576 "the default options selected, except in these instances, which are listed in "
577 "the order they appear:"
580 #. type: Content of: <html><body><section><div><div><div><ul><li>
582 "On the screen titled \"Encryption,\" select \"Encrypt all of my messages by "
583 "default, because privacy is critical to me.\""
586 #. type: Content of: <html><body><section><div><div><div><ul><li>
588 "On the screen titled \"Signing,\" select \"Don't sign my messages by "
592 #. type: Content of: <html><body><section><div><div><div><ul><li>
594 "On the screen titled \"Key Selection,\" select \"I want to create a new key "
595 "pair for signing and encrypting my email.\""
598 #. type: Content of: <html><body><section><div><div><div><ul><li>
600 "On the screen titled \"Create Key,\" pick a strong password! You can do it "
601 "manually, or you can use the Diceware method. Doing it manually is faster "
602 "but not as secure. Using Diceware takes longer and requires dice, but "
603 "creates a password that is much harder for attackers figure out. To use it, "
604 "read the section \"Make a secure passphrase with Diceware\" in <a "
605 "href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\">this "
606 "article</a> by Micah Lee."
609 #. type: Content of: <html><body><section><div><div><div><p>
611 "If you'd like to pick a password manually, come up with something you can "
612 "remember which is at least twelve characters long, and includes at least one "
613 "lower case and upper case letter and at least one number or punctuation "
614 "symbol. Never pick a password you've used elsewhere. Don't use any "
615 "recognizable patterns, such as birthdays, telephone numbers, pets' names, "
616 "song lyrics, quotes from books, and so on."
619 #. type: Content of: <html><body><section><div><div><div><p>
621 "The program will take a little while to finish the next step, the \"Key "
622 "Creation\" screen. While you wait, do something else with your computer, "
623 "like watching a movie or browsing the Web. The more you use the computer at "
624 "this point, the faster the key creation will go."
627 #. type: Content of: <html><body><section><div><div><div><p>
629 "<span style=\"font-weight: bold;\">When the \"Key Generation Completed\" "
630 "screen pops up, select Generate Certificate and choose to save it in a safe "
631 "place on your computer (we recommend making a folder called \"Revocation "
632 "Certificate\" in your home folder and keeping it there). This step is "
633 "essential for your email self-defense, as you'll learn more about in <a "
634 "href=\"#section5\">Section 5</a>.</span>"
637 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
638 msgid "I can't find the Enigmail menu."
641 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
643 "In many new email programs, the main menu is represented by an image of "
644 "three stacked horizontal bars. Enigmail may be inside a section called "
648 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
649 msgid "The wizard says that it cannot find GnuPG."
652 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
654 "Open whatever program you usually use for installing software, and search "
655 "for GnuPG, then install it. Then restart the Enigmail setup wizard by going "
656 "to Enigmail → Setup Wizard."
659 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
660 msgid "More resources"
663 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
665 "If you're having trouble with our instructions or just want to learn more, "
667 "href=\"https://enigmail.wiki/Key_Management#Generating_your_own_key_pair\">Enigmail's "
668 "wiki instructions for key generation</a>."
671 #. type: Content of: <html><body><section><div><div><div><div><h4>
675 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
676 msgid "Command line key generation"
679 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
681 "If you prefer using the command line for a higher degree of control, you can "
682 "follow the documentation from <a "
683 "href=\"https://www.gnupg.org/gph/en/manual/c14.html#AEN25\">The GNU Privacy "
684 "Handbook</a>. Make sure you stick with \"RSA and RSA\" (the default), "
685 "because it's newer and more secure than the algorithms the documentation "
686 "recommends. Also make sure your key is at least 2048 bits, or 4096 if you "
687 "want to be extra secure."
690 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
691 msgid "Advanced key pairs"
694 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
696 "When GnuPG creates a new keypair, it compartmentalizes the encryption "
697 "function from the signing function through <a "
698 "href=\"https://wiki.debian.org/Subkeys\">subkeys</a>. If you use subkeys "
699 "carefully, you can keep your GnuPG identity much more secure and recover "
700 "from a compromised key much more quickly. <a "
701 "href=\"https://alexcabal.com/creating-the-perfect-gpg-keypair/\">Alex "
702 "Cabal</a> and <a href=\"http://keyring.debian.org/creating-key.html\">the "
703 "Debian wiki</a> provide good guides for setting up a secure subkey "
707 #. type: Content of: <html><body><section><div><div><div><h3>
708 msgid "<em>Step 2.b</em> Upload your public key to a keyserver"
711 #. type: Content of: <html><body><section><div><div><div><p>
712 msgid "In your email program's menu, select Enigmail → Key Management."
715 #. type: Content of: <html><body><section><div><div><div><p>
717 "Right click on your key and select Upload Public Keys to Keyserver. Use the "
718 "default keyserver in the popup."
721 #. type: Content of: <html><body><section><div><div><div><p>
723 "Now someone who wants to send you an encrypted message can download your "
724 "public key from the Internet. There are multiple keyservers that you can "
725 "select from the menu when you upload, but they are all copies of each other, "
726 "so it doesn't matter which one you use. However, it sometimes takes a few "
727 "hours for them to match each other when a new key is uploaded."
730 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
731 msgid "The progress bar never finishes"
734 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
736 "Close the upload popup, make sure you are connected to the Internet, and try "
737 "again. If that doesn't work, try again, selecting a different keyserver."
740 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
741 msgid "My key doesn't appear in the list"
744 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
745 msgid "Try checking \"Display All Keys by Default.\""
748 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
749 msgid "More documentation"
752 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
754 "If you're having trouble with our instructions or just want to learn more, "
756 "href=\"https://www.enigmail.net/documentation/quickstart-ch2.php#id2533620\">Enigmail's "
760 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
761 msgid "Uploading a key from the command line"
764 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
766 "You can also upload your keys to a keyserver through the <a "
767 "href=\"https://www.gnupg.org/gph/en/manual/x457.html\">command line</a>. <a "
768 "href=\"https://sks-keyservers.net/overview-of-pools.php\">The sks Web "
769 "site</a> maintains a list of highly interconnected keyservers. You can also "
770 "<a href=\"https://www.gnupg.org/gph/en/manual/x56.html#AEN64\">directly "
771 "export your key</a> as a file on your computer."
774 #. type: Content of: <html><body><section><div><div><div><h3>
775 msgid "GnuPG, OpenPGP, what?"
778 #. type: Content of: <html><body><section><div><div><div><p>
780 "In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP are "
781 "used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the "
782 "encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) "
783 "is the program that implements the standard. Enigmail is a plug-in program "
784 "for your email program that provides an interface for GnuPG."
787 #. type: Content of: <html><body><section><div><div><h2>
788 msgid "<em>#3</em> Try it out!"
791 #. type: Content of: <html><body><section><div><div><p>
793 "Now you'll try a test correspondence with a computer program named Edward, "
794 "who knows how to use encryption. Except where noted, these are the same "
795 "steps you'd follow when corresponding with a real, live person."
798 #. type: Content of: <html><body><section><div><div><div><h3>
799 msgid "<em>Step 3.a</em> Send Edward your public key"
802 #. type: Content of: <html><body><section><div><div><div><p>
804 "This is a special step that you won't have to do when corresponding with "
805 "real people. In your email program's menu, go to Enigmail → Key "
806 "Management. You should see your key in the list that pops up. Right click on "
807 "your key and select Send Public Keys by Email. This will create a new draft "
808 "message, as if you had just hit the Write button."
811 #. type: Content of: <html><body><section><div><div><div><p>
813 "Address the message to <a "
814 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Put at least one "
815 "word (whatever you want) in the subject and body of the email. Don't send "
819 #. type: Content of: <html><body><section><div><div><div><p>
821 "The lock icon in the top left should be yellow, meaning encryption is turned "
822 "on. We want this first special message to be unencrypted, so click the icon "
823 "once to turn it off. The lock should become grey, with a blue dot on it (to "
824 "alert you that the setting has been changed from the default). Once "
825 "encryption is off, hit Send."
828 #. type: Content of: <html><body><section><div><div><div><p>
830 "It may take two or three minutes for Edward to respond. In the meantime, you "
831 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
832 "Well</a> section of this guide. Once he's responded, head to the next "
833 "step. From here on, you'll be doing just the same thing as when "
834 "corresponding with a real person."
837 #. type: Content of: <html><body><section><div><div><div><p>
839 "When you open Edward's reply, GnuPG may prompt you for your password before "
840 "using your private key to decrypt it."
843 #. type: Content of: <html><body><section><div><div><div><h3>
844 msgid "<em>Step 3.b</em> Send a test encrypted email"
847 #. type: Content of: <html><body><section><div><div><div><p>
849 "Write a new email in your email program, addressed to <a "
850 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Make the subject "
851 "\"Encryption test\" or something similar and write something in the body."
854 #. type: Content of: <html><body><section><div><div><div><p>
856 "The lock icon in the top left of the window should be yellow, meaning "
857 "encryption is on. This will be your default from now on."
860 #. type: Content of: <html><body><section><div><div><div><p>
862 "Next to the lock, you'll notice an icon of a pencil. We'll get to this in a "
866 #. type: Content of: <html><body><section><div><div><div><p>
868 "Click Send. Enigmail will pop up a window that says \"Recipients not valid, "
869 "not trusted or not found.\""
872 #. type: Content of: <html><body><section><div><div><div><p>
874 "To encrypt an email to Edward, you need his public key, so now you'll have "
875 "Enigmail download it from a keyserver. Click Download Missing Keys and use "
876 "the default in the pop-up that asks you to choose a keyserver. Once it finds "
877 "keys, check the first one (Key ID starting with C), then select ok. Select "
878 "ok in the next pop-up."
881 #. type: Content of: <html><body><section><div><div><div><p>
883 "Now you are back at the \"Recipients not valid, not trusted or not found\" "
884 "screen. Check the box in front of Edward's key and click Send."
887 #. type: Content of: <html><body><section><div><div><div><p>
889 "Since you encrypted this email with Edward's public key, Edward's private "
890 "key is required to decrypt it. Edward is the only one with his private key, "
891 "so no one except him can decrypt it."
894 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
895 msgid "Enigmail can't find Edward's key"
898 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
900 "Close the pop-ups that have appeared since you clicked Send. Make sure you "
901 "are connected to the Internet and try again. If that doesn't work, repeat "
902 "the process, choosing a different keyserver when it asks you to pick one."
905 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
906 msgid "Unscrambled messages in the Sent folder"
909 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
911 "Even though you can't decrypt messages encrypted to someone else's key, your "
912 "email program will automatically save a copy encrypted to your public key, "
913 "which you'll be able to view from the Sent folder like a normal email. This "
914 "is normal, and it doesn't mean that your email was not sent encrypted."
917 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
919 "If you're still having trouble with our instructions or just want to learn "
920 "more, check out <a "
921 "href=\"https://enigmail.wiki/Signature_and_Encryption#Encrypting_a_message\">Enigmail's "
925 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
926 msgid "Encrypt messages from the command line"
929 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
931 "You can also encrypt and decrypt messages and files from the <a "
932 "href=\"https://www.gnupg.org/gph/en/manual/x110.html\">command line</a>, if "
933 "that's your preference. The option --armor makes the encrypted output appear "
934 "in the regular character set."
937 #. type: Content of: <html><body><section><div><div><div><h3>
938 msgid "<em>Important:</em> Security tips"
941 #. type: Content of: <html><body><section><div><div><div><p>
943 "Even if you encrypt your email, the subject line is not encrypted, so don't "
944 "put private information there. The sending and receiving addresses aren't "
945 "encrypted either, so a surveillance system can still figure out who you're "
946 "communicating with. Also, surveillance agents will know that you're using "
947 "GnuPG, even if they can't figure out what you're saying. When you send "
948 "attachments, Enigmail will give you the choice to encrypt them or not, "
949 "independent of the actual email."
952 #. type: Content of: <html><body><section><div><div><div><p>
954 "For greater security against potential attacks, you can turn off "
955 "HTML. Instead, you can render the message body as plain text. In order to do "
956 "this in Thunderbird, go to View > Message Body As > Plain Text."
959 #. type: Content of: <html><body><section><div><div><div><h3>
960 msgid "<em>Step 3.c</em> Receive a response"
963 #. type: Content of: <html><body><section><div><div><div><p>
965 "When Edward receives your email, he will use his private key to decrypt it, "
966 "then use your public key (which you sent him in <a href=\"#step-3a\">Step "
967 "3.A</a>) to encrypt his reply to you."
970 #. type: Content of: <html><body><section><div><div><div><p>
972 "It may take two or three minutes for Edward to respond. In the meantime, you "
973 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
974 "Well</a> section of this guide."
977 #. type: Content of: <html><body><section><div><div><div><p>
979 "When you receive Edward's email and open it, Enigmail will automatically "
980 "detect that it is encrypted with your public key, and then it will use your "
981 "private key to decrypt it."
984 #. type: Content of: <html><body><section><div><div><div><p>
986 "Notice the bar that Enigmail shows you above the message, with information "
987 "about the status of Edward's key."
990 #. type: Content of: <html><body><section><div><div><div><h3>
991 msgid "<em>Step 3.d</em> Send a test signed email"
994 #. type: Content of: <html><body><section><div><div><div><p>
996 "GnuPG includes a way for you to sign messages and files, verifying that they "
997 "came from you and that they weren't tampered with along the way. These "
998 "signatures are stronger than their pen-and-paper cousins -- they're "
999 "impossible to forge, because they're impossible to create without your "
1000 "private key (another reason to keep your private key safe)."
1003 #. type: Content of: <html><body><section><div><div><div><p>
1005 "You can sign messages to anyone, so it's a great way to make people aware "
1006 "that you use GnuPG and that they can communicate with you securely. If they "
1007 "don't have GnuPG, they will be able to read your message and see your "
1008 "signature. If they do have GnuPG, they'll also be able to verify that your "
1009 "signature is authentic."
1012 #. type: Content of: <html><body><section><div><div><div><p>
1014 "To sign an email to Edward, compose any message to him and click the pencil "
1015 "icon next to the lock icon so that it turns gold. If you sign a message, "
1016 "GnuPG may ask you for your password before it sends the message, because it "
1017 "needs to unlock your private key for signing."
1020 #. type: Content of: <html><body><section><div><div><div><p>
1022 "With the lock and pencil icons, you can choose whether each message will be "
1023 "encrypted, signed, both, or neither."
1026 #. type: Content of: <html><body><section><div><div><div><h3>
1027 msgid "<em>Step 3.e</em> Receive a response"
1030 #. type: Content of: <html><body><section><div><div><div><p>
1032 "When Edward receives your email, he will use your public key (which you sent "
1033 "him in <a href=\"#step-3a\">Step 3.A</a>) to verify that your signature is "
1034 "authentic and the message you sent has not been tampered with."
1037 #. type: Content of: <html><body><section><div><div><div><p>
1039 "Edward's reply will arrive encrypted, because he prefers to use encryption "
1040 "whenever possible. If everything goes according to plan, it should say "
1041 "\"Your signature was verified.\" If your test signed email was also "
1042 "encrypted, he will mention that first."
1045 #. type: Content of: <html><body><section><div><div><h2>
1046 msgid "<em>#4</em> Learn the Web of Trust"
1049 #. type: Content of: <html><body><section><div><div><p>
1051 "Email encryption is a powerful technology, but it has a weakness; it "
1052 "requires a way to verify that a person's public key is actually "
1053 "theirs. Otherwise, there would be no way to stop an attacker from making an "
1054 "email address with your friend's name, creating keys to go with it and "
1055 "impersonating your friend. That's why the free software programmers that "
1056 "developed email encryption created keysigning and the Web of Trust."
1059 #. type: Content of: <html><body><section><div><div><p>
1061 "When you sign someone's key, you are publicly saying that you've verified "
1062 "that it belongs to them and not someone else."
1065 #. type: Content of: <html><body><section><div><div><p>
1067 "Signing keys and signing messages use the same type of mathematical "
1068 "operation, but they carry very different implications. It's a good practice "
1069 "to generally sign your email, but if you casually sign people's keys, you "
1070 "may accidently end up vouching for the identity of an imposter."
1073 #. type: Content of: <html><body><section><div><div><p>
1075 "People who use your public key can see who has signed it. Once you've used "
1076 "GnuPG for a long time, your key may have hundreds of signatures. You can "
1077 "consider a key to be more trustworthy if it has many signatures from people "
1078 "that you trust. The Web of Trust is a constellation of GnuPG users, "
1079 "connected to each other by chains of trust expressed through signatures."
1082 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1083 msgid "Section 4: Web of Trust"
1086 #. type: Content of: <html><body><section><div><div><div><h3>
1087 msgid "<em>Step 4.a</em> Sign a key"
1090 #. type: Content of: <html><body><section><div><div><div><p>
1091 msgid "In your email program's menu, go to Enigmail → Key Management."
1094 #. type: Content of: <html><body><section><div><div><div><p>
1096 "Right click on Edward's public key and select Sign Key from the context "
1100 #. type: Content of: <html><body><section><div><div><div><p>
1101 msgid "In the window that pops up, select \"I will not answer\" and click ok."
1104 #. type: Content of: <html><body><section><div><div><div><p>
1106 "Now you should be back at the Key Management menu. Select Keyserver → "
1107 "Upload Public Keys and hit ok."
1110 #. type: Content of: <html><body><section><div><div><div><p>
1112 "You've just effectively said \"I trust that Edward's public key actually "
1113 "belongs to Edward.\" This doesn't mean much because Edward isn't a real "
1114 "person, but it's good practice."
1117 #. type: Content of: <html><body><section><div><div><div><h3>
1118 msgid "Identifying keys: Fingerprints and IDs"
1121 #. type: Content of: <html><body><section><div><div><div><p>
1123 "People's public keys are usually identified by their key fingerprint, which "
1124 "is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 (for "
1125 "Edward's key). You can see the fingerprint for your public key, and other "
1126 "public keys saved on your computer, by going to Enigmail → Key "
1127 "Management in your email program's menu, then right clicking on the key and "
1128 "choosing Key Properties. It's good practice to share your fingerprint "
1129 "wherever you share your email address, so that people can double-check that "
1130 "they have the correct public key when they download yours from a keyserver."
1133 #. type: Content of: <html><body><section><div><div><div><p>
1135 "You may also see public keys referred to by a shorter key ID. This key ID is "
1136 "visible directly from the Key Management window. These eight character key "
1137 "IDs were previously used for identification, which used to be safe, but is "
1138 "no longer reliable. You need to check the full fingerprint as part of "
1139 "verifying you have the correct key for the person you are trying to "
1140 "contact. Spoofing, in which someone intentionally generates a key with a "
1141 "fingerprint whose final eight characters are the same as another, is "
1142 "unfortunately common."
1145 #. type: Content of: <html><body><section><div><div><div><h3>
1146 msgid "<em>Important:</em> What to consider when signing keys"
1149 #. type: Content of: <html><body><section><div><div><div><p>
1151 "Before signing a person's key, you need to be confident that it actually "
1152 "belongs to them, and that they are who they say they are. Ideally, this "
1153 "confidence comes from having interactions and conversations with them over "
1154 "time, and witnessing interactions between them and others. Whenever signing "
1155 "a key, ask to see the full public key fingerprint, and not just the shorter "
1156 "key ID. If you feel it's important to sign the key of someone you've just "
1157 "met, also ask them to show you their government identification, and make "
1158 "sure the name on the ID matches the name on the public key. In Enigmail, "
1159 "answer honestly in the window that pops up and asks \"How carefully have you "
1160 "verified that the key you are about to sign actually belongs to the "
1161 "person(s) named above?\""
1164 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1165 msgid "Master the Web of Trust"
1168 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1170 "Unfortunately, trust does not spread between users the way <a "
1171 "href=\"http://fennetic.net/irc/finney.org/~hal/web_of_trust.html\">many "
1172 "people think</a>. One of best ways to strengthen the GnuPG community is to "
1174 "href=\"https://www.gnupg.org/gph/en/manual/x334.html\">understand</a> the "
1175 "Web of Trust and to carefully sign as many people's keys as circumstances "
1179 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1180 msgid "Set ownertrust"
1183 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1185 "If you trust someone enough to validate other people's keys, you can assign "
1186 "them an ownertrust level through Enigmails's key management window. Right "
1187 "click on the other person's key, go to the \"Select Owner Trust\" menu "
1188 "option, select the trustlevel and click OK. Only do this once you feel you "
1189 "have a deep understanding of the Web of Trust."
1192 #. type: Content of: <html><body><section><div><div><h2>
1193 msgid "<em>#5</em> Use it well"
1196 #. type: Content of: <html><body><section><div><div><p>
1198 "Everyone uses GnuPG a little differently, but it's important to follow some "
1199 "basic practices to keep your email secure. Not following them, you risk the "
1200 "privacy of the people you communicate with, as well as your own, and damage "
1204 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1205 msgid "Section 5: Use it Well (1)"
1208 #. type: Content of: <html><body><section><div><div><div><h3>
1209 msgid "When should I encrypt? When should I sign?"
1212 #. type: Content of: <html><body><section><div><div><div><p>
1214 "The more you can encrypt your messages, the better. If you only encrypt "
1215 "emails occasionally, each encrypted message could raise a red flag for "
1216 "surveillance systems. If all or most of your email is encrypted, people "
1217 "doing surveillance won't know where to start. That's not to say that only "
1218 "encrypting some of your email isn't helpful -- it's a great start and it "
1219 "makes bulk surveillance more difficult."
1222 #. type: Content of: <html><body><section><div><div><div><p>
1224 "Unless you don't want to reveal your own identity (which requires other "
1225 "protective measures), there's no reason not to sign every message, whether "
1226 "or not you are encrypting. In addition to allowing those with GnuPG to "
1227 "verify that the message came from you, signing is a non-intrusive way to "
1228 "remind everyone that you use GnuPG and show support for secure "
1229 "communication. If you often send signed messages to people that aren't "
1230 "familiar with GnuPG, it's nice to also include a link to this guide in your "
1231 "standard email signature (the text kind, not the cryptographic kind)."
1234 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1235 msgid "Section 5: Use it Well (2)"
1238 #. type: Content of: <html><body><section><div><div><div><h3>
1239 msgid "Be wary of invalid keys"
1242 #. type: Content of: <html><body><section><div><div><div><p>
1244 "GnuPG makes email safer, but it's still important to watch out for invalid "
1245 "keys, which might have fallen into the wrong hands. Email encrypted with "
1246 "invalid keys might be readable by surveillance programs."
1249 #. type: Content of: <html><body><section><div><div><div><p>
1251 "In your email program, go back to the first encrypted email that Edward sent "
1252 "you. Because Edward encrypted it with your public key, it will have a "
1253 "message from Enigmail at the top, which most likely says \"Enigmail: Part of "
1254 "this message encrypted.\""
1257 #. type: Content of: <html><body><section><div><div><div><p>
1259 "<b>When using GnuPG, make a habit of glancing at that bar. The program will "
1260 "warn you there if you get an email signed with a key that can't be "
1264 #. type: Content of: <html><body><section><div><div><div><h3>
1265 msgid "Copy your revocation certificate to somewhere safe"
1268 #. type: Content of: <html><body><section><div><div><div><p>
1270 "Remember when you created your keys and saved the revocation certificate "
1271 "that GnuPG made? It's time to copy that certificate onto the safest digital "
1272 "storage that you have -- the ideal thing is a flash drive, disk, or hard "
1273 "drive stored in a safe place in your home, not on a device you carry with "
1277 #. type: Content of: <html><body><section><div><div><div><p>
1279 "If your private key ever gets lost or stolen, you'll need this certificate "
1280 "file to let people know that you are no longer using that keypair."
1283 #. type: Content of: <html><body><section><div><div><div><h3>
1284 msgid "<em>Important:</em> act swiftly if someone gets your private key"
1287 #. type: Content of: <html><body><section><div><div><div><p>
1289 "If you lose your private key or someone else gets ahold of it (say, by "
1290 "stealing or cracking your computer), it's important to revoke it immediately "
1291 "before someone else uses it to read your encrypted email or forge your "
1292 "signature. This guide doesn't cover how to revoke a key, but you can follow "
1294 "href=\"https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/\">instructions</a>. "
1295 "After you're done revoking, make a new key and send an email to everyone "
1296 "with whom you usually use your key to make sure they know, including a copy "
1300 #. type: Content of: <html><body><section><div><div><div><h3>
1301 msgid "Webmail and GnuPG"
1304 #. type: Content of: <html><body><section><div><div><div><p>
1306 "When you use a web browser to access your email, you're using webmail, an "
1307 "email program stored on a distant website. Unlike webmail, your desktop "
1308 "email program runs on your own computer. Although webmail can't decrypt "
1309 "encrypted email, it will still display it in its encrypted form. If you "
1310 "primarily use webmail, you'll know to open your email client when you "
1311 "receive a scrambled email."
1314 #. type: Content of: <html><body><section><div><div><h2>
1315 msgid "<a href=\"next_steps.html\">Great job! Check out the next steps.</a>"
1318 #. type: Content of: <html><body><header><div><p>
1319 msgid "← Read the <a href=\"index.html\">full guide</a>"
1322 #. type: Content of: <html><body><header><div><h3><a>
1325 "href=\"https://fsf.org/share?u=https://u.fsf.org/zc&t=How public-key "
1326 "encryption works. Infographic via %40fsf\">"
1329 #. type: Content of: <html><body><header><div><h3>
1330 msgid " Share our infographic </a> with the hashtag #EmailSelfDefense"
1333 #. type: Attribute 'alt' of: <html><body><header><div><p><img>
1334 msgid "View & share our infographic"
1337 #. type: Content of: <html><body><header><div><ul><li>
1338 msgid "<a href=\"index.html\">GNU/Linux</a>"
1341 #. type: Content of: <html><body><header><div><ul><li>
1342 msgid "<a href=\"mac.html\" class=\"current\">Mac OS</a>"
1345 #. type: Content of: <html><body><section><div><div><p>
1347 "This guide relies on software which is <a "
1348 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
1349 "it's completely transparent and anyone can copy it or make their own "
1350 "version. This makes it safer from surveillance than proprietary software "
1351 "(like Mac OS). To defend your freedom as well as protect yourself from "
1352 "surveillance, we recommend you switch to a free software operating system "
1353 "like GNU/Linux. Learn more about free software at <a "
1354 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
1357 #. type: Content of: <html><body><section><div><div><p>
1359 "To get started, you'll need the IceDove desktop email program installed on "
1360 "your computer. For your system, IceDove may be known by the alternate name "
1361 "\"Thunderbird.\" Email programs are another way to access the same email "
1362 "accounts you can access in a browser (like Gmail), but provide extra "
1366 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1368 "You can launch the wizard yourself, but the menu option for doing so is "
1369 "named differently in each email programs. The button to launch it will be in "
1370 "the program's main menu, under \"New\" or something similar, titled "
1371 "something like \"Add account\" or \"New/Existing email account.\""
1374 #. type: Content of: <html><body><section><div><div><div><h3>
1375 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPGTools"
1378 #. type: Content of: <html><body><section><div><div><div><p>
1380 "GPGTools is a software package that includes GnuPG. <a "
1381 "href=\"https://gpgtools.org/#gpgsuite\">Download</a> and install it, "
1382 "choosing default options whenever asked. After it's installed, you can close "
1383 "any windows that it creates."
1386 #. type: Content of: <html><body><section><div><div><div><p>
1388 "There are major security flaws in versions of GnuPG provided by GPGTools "
1389 "prior to 2018.3. Make sure you have GPGTools 2018.3 or later."
1392 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1393 msgid "Step 1.C: Tools -> Add-ons"
1396 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1397 msgid "Step 1.C: Search Add-ons"
1400 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1401 msgid "Step 1.C: Install Add-ons"
1404 #. type: Content of: <html><body><section><div><div><div><h3>
1405 msgid "<em>Step 1.c</em> Install the Enigmail plugin for your email program"
1408 #. type: Content of: <html><body><section><div><div><div><p>
1410 "There are major security flaws in Enigmail prior to version 2.0.7. Make sure "
1411 "you have Enigmail 2.0.7 or later."
1414 #. type: Content of: <html><body><section><div><div><div><p>
1416 "For greater security against potential attacks, you can turn off "
1417 "HTML. Instead, you can render the message body as plain text."
1420 #. type: Content of: <html><body><header><div><h1>
1424 #. type: Content of: <html><body><section><div><div><h2>
1425 msgid "<em>#6</em> Next steps"
1428 #. type: Content of: <html><body><section><div><div><p>
1430 "You've now completed the basics of email encryption with GnuPG, taking "
1431 "action against bulk surveillance. These next steps will help make the most "
1432 "of the work you've done."
1435 #. type: Content of: <html><body><section><div><div><div><h3>
1436 msgid "Join the movement"
1439 #. type: Content of: <html><body><section><div><div><div><p>
1441 "You've just taken a huge step towards protecting your privacy online. But "
1442 "each of us acting alone isn't enough. To topple bulk surveillance, we need "
1443 "to build a movement for the autonomy and freedom of all computer users. Join "
1444 "the Free Software Foundation's community to meet like-minded people and work "
1445 "together for change."
1448 #. type: Content of: <html><body><section><div><div><div><p>
1450 "<small>Read <a href=\"https://www.fsf.org/twitter\">why GNU Social and "
1451 "Pump.io are better than Twitter</a>, and <a "
1452 "href=\"http://www.fsf.org/facebook\">why we don't use Facebook</a>.</small>"
1455 #. type: Content of: <html><body><section><div><div><div><div><p>
1456 msgid "Low-volume mailing list"
1459 #. type: Content of: <html><body><section><div><div><div><div><form>
1461 "<input type=\"text\" placeholder=\"Type your email...\" "
1462 "name=\"email-Primary\" id=\"frmEmail\" /> <input type=\"submit\" value=\"Add "
1463 "me\" name=\"_qf_Edit_next\" /> <input type=\"hidden\" "
1464 "value=\"https://emailselfdefense.fsf.org/en/confirmation.html\" "
1465 "name=\"postURL\" /> <input type=\"hidden\" value=\"1\" name=\"group[25]\" /> "
1466 "<input type=\"hidden\" "
1467 "value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=391\" "
1468 "name=\"cancelURL\" /> <input type=\"hidden\" value=\"Edit:cancel\" "
1469 "name=\"_qf_default\" />"
1472 #. type: Content of: <html><body><section><div><div><div><div><p>
1474 "<small>Read our <a "
1475 "href=\"https://my.fsf.org/donate/privacypolicy.html\">privacy "
1476 "policy</a>.</small>"
1479 #. type: Content of: <html><body><section><div><div><div><h3>
1480 msgid "Bring Email Self-Defense to new people"
1483 #. type: Content of: <html><body><section><div><div><div><p>
1485 "Understanding and setting up email encryption is a daunting task for "
1486 "many. To welcome them, make it easy to find your public key and offer to "
1487 "help with encryption. Here are some suggestions:"
1490 #. type: Content of: <html><body><section><div><div><div><ul><li>
1492 "Lead an Email Self-Defense workshop for your friends and community, using "
1493 "our <a href=\"workshops.html\">teaching guide</a>."
1496 #. type: Content of: <html><body><section><div><div><div><ul><li>
1498 "Use <a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Encrypt "
1499 "with me using Email Self-Defense %40fsf\">our sharing page</a> to compose a "
1500 "message to a few friends and ask them to join you in using encrypted "
1501 "email. Remember to include your GnuPG public key fingerprint so they can "
1502 "easily download your key."
1505 #. type: Content of: <html><body><section><div><div><div><ul><li>
1507 "Add your public key fingerprint anywhere that you normally display your "
1508 "email address. Some good places are: your email signature (the text kind, "
1509 "not the cryptographic kind), social media profiles, blogs, Websites, or "
1510 "business cards. At the Free Software Foundation, we put ours on our <a "
1511 "href=\"https://fsf.org/about/staff\">staff page</a>."
1514 #. type: Content of: <html><body><section><div><div><div><h3>
1515 msgid "Protect more of your digital life"
1518 #. type: Content of: <html><body><section><div><div><div><p>
1520 "Learn surveillance-resistant technologies for instant messages, hard drive "
1521 "storage, online sharing, and more at <a "
1522 "href=\"https://directory.fsf.org/wiki/Collection:Privacy_pack\"> the Free "
1523 "Software Directory's Privacy Pack</a> and <a "
1524 "href=\"https://prism-break.org\">prism-break.org</a>."
1527 #. type: Content of: <html><body><section><div><div><div><p>
1529 "If you are using Windows, Mac OS or any other proprietary operating system, "
1530 "we recommend you switch to a free software operating system like "
1531 "GNU/Linux. This will make it much harder for attackers to enter your "
1532 "computer through hidden back doors. Check out the Free Software Foundation's "
1533 "<a href=\"http://www.gnu.org/distros/free-distros.html\">endorsed versions "
1537 #. type: Content of: <html><body><section><div><div><div><h3>
1538 msgid "Optional: Add more email protection with Tor"
1541 #. type: Content of: <html><body><section><div><div><div><p>
1543 "<a href=\"https://www.torproject.org/about/overview.html.en\">The Onion "
1544 "Router (Tor) network</a> wraps Internet communication in multiple layers of "
1545 "encryption and bounces it around the world several times. When used "
1546 "properly, Tor confuses surveillance field agents and the global surveillance "
1547 "apparatus alike. Using it simultaneously with GnuPG's encryption will give "
1548 "you the best results."
1551 #. type: Content of: <html><body><section><div><div><div><p>
1553 "To have your email program send and receive email over Tor, install the <a "
1554 "href=\"https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/\">Torbirdy "
1555 "plugin</a> the same way you installed Enigmail, by searching for it through "
1559 #. type: Content of: <html><body><section><div><div><div><p>
1561 "Before beginning to check your email over Tor, make sure you understand <a "
1562 "href=\"https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide\">the "
1563 "security tradeoffs involved</a>. This <a "
1564 "href=\"https://www.eff.org/pages/tor-and-https\">infographic</a> from our "
1565 "friends at the Electronic Frontier Foundation demonstrates how Tor keeps you "
1569 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1570 msgid "Section 6: Next Steps"
1573 #. type: Content of: <html><body><section><div><div><div><p>
1574 msgid "← <a href=\"index.html\">Return to the guide</a>"
1577 #. type: Content of: <html><body><section><div><div><div><h3>
1578 msgid "Make Email Self-Defense tools even better"
1581 #. type: Content of: <html><body><section><div><div><div><p>
1583 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Leave "
1584 "feedback and suggest improvements to this guide</a>. We welcome "
1585 "translations, but we ask that you contact us at <a "
1586 "href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a> before you start, so "
1587 "that we can connect you with other translators working in your language."
1590 #. type: Content of: <html><body><section><div><div><div><p>
1592 "If you like programming, you can contribute code to <a "
1593 "href=\"https://www.gnupg.org/\">GnuPG</a> or <a "
1594 "href=\"https://www.enigmail.net/home/index.php\">Enigmail</a>."
1597 #. type: Content of: <html><body><section><div><div><div><p>
1599 "To go the extra mile, support the Free Software Foundation so we can keep "
1600 "improving Email Self-Defense, and make more tools like it."
1603 #. type: Content of: <html><body><header><div><ul><li>
1604 msgid "<a href=\"windows.html\" class=\"current\">Windows</a>"
1607 #. type: Content of: <html><body><section><div><div><p>
1609 "This guide relies on software which is <a "
1610 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
1611 "it's completely transparent and anyone can copy it or make their own "
1612 "version. This makes it safer from surveillance than proprietary software "
1613 "(like Windows). To defend your freedom as well as protect yourself from "
1614 "surveillance, we recommend you switch to a free software operating system "
1615 "like GNU/Linux. Learn more about free software at <a "
1616 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
1619 #. type: Content of: <html><body><section><div><div><div><h3>
1620 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPG4Win"
1623 #. type: Content of: <html><body><section><div><div><div><p>
1625 "GPG4Win is a software package that includes GnuPG. <a "
1626 "href=\"https://www.gpg4win.org/\">Download</a> and install it, choosing "
1627 "default options whenever asked. After it's installed, you can close any "
1628 "windows that it creates."
1631 #. type: Content of: <html><body><section><div><div><div><p>
1633 "There are major security flaws in versions of GnuPG provided by GPG4Win "
1634 "prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later."
1637 #. type: Content of: <html><head><title>
1638 msgid "Email Self-Defense - Teach your friends!"
1641 #. type: Content of: <html><body><header><div><ul><li>
1642 msgid "<a href=\"workshops.html\" class=\"current\">Teach your friends</a>"
1645 #. type: Content of: <html><body><header><div><div><div><p>
1647 "We want to translate this guide into more languages, and make a version for "
1648 "encryption on mobile devices. Please donate, and help people around the "
1649 "world take the first step towards protecting their privacy with free "
1653 #. type: Content of: <html><body><header><div><div><p><a>
1655 "<a id=\"infographic\" "
1656 "href=\"https://emailselfdefense.fsf.org/en/infographic.html\">"
1659 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
1660 msgid "View & share our infographic →"
1663 #. type: Content of: <html><body><header><div><div><p>
1665 "</a> Understanding and setting up email encryption sounds like a daunting "
1666 "task to many people. That's why helping your friends with GnuPG plays such "
1667 "an important role in helping spread encryption. Even if only one person "
1668 "shows up, that's still one more person using encryption who wasn't "
1669 "before. You have the power to help your friends keep their digital love "
1670 "letters private, and teach them about the importance of free software. If "
1671 "you use GnuPG to send and receive encrypted email, you're a perfect "
1672 "candidate for leading a workshop!"
1675 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
1676 msgid "A small workshop among friends"
1679 #. type: Content of: <html><body><section><div><div><h2>
1680 msgid "<em>#1</em> Get your friends or community interested"
1683 #. type: Content of: <html><body><section><div><div><p>
1685 "If you hear friends grumbling about their lack of privacy, ask them if "
1686 "they're interested in attending a workshop on Email Self-Defense. If your "
1687 "friends don't grumble about privacy, they may need some convincing. You "
1688 "might even hear the classic \"if you've got nothing to hide, you've got "
1689 "nothing to fear\" argument against using encryption."
1692 #. type: Content of: <html><body><section><div><div><p>
1694 "Here are some talking points you can use to help explain why it's worth it "
1695 "to learn GnuPG. Mix and match whichever you think will make sense to your "
1699 #. type: Content of: <html><body><section><div><div><div><h3>
1700 msgid "Strength in numbers"
1703 #. type: Content of: <html><body><section><div><div><div><p>
1705 "Each person who chooses to resist mass surveillance with encryption makes it "
1706 "easier for others to resist as well. People normalizing the use of strong "
1707 "encryption has multiple powerful effects: it means those who need privacy "
1708 "the most, like potential whistle-blowers and activists, are more likely to "
1709 "learn about encryption. More people using encryption for more things also "
1710 "makes it harder for surveillance systems to single out those that can't "
1711 "afford to be found, and shows solidarity with those people."
1714 #. type: Content of: <html><body><section><div><div><div><h3>
1715 msgid "People you respect may already be using encryption"
1718 #. type: Content of: <html><body><section><div><div><div><p>
1720 "Many journalists, whistleblowers, activists, and researchers use GnuPG, so "
1721 "your friends might unknowingly have heard of a few people who use it "
1722 "already. You can search for \"BEGIN PUBLIC KEY BLOCK\" + keyword to help "
1723 "make a list of people and organizations who use GnuPG whom your community "
1724 "will likely recognize."
1727 #. type: Content of: <html><body><section><div><div><div><h3>
1728 msgid "Respect your friends' privacy"
1731 #. type: Content of: <html><body><section><div><div><div><p>
1733 "There's no objective way to judge what constitutes privacy-sensitive "
1734 "correspondence. As such, it's better not to presume that just because you "
1735 "find an email you sent to a friend innocuous, your friend (or a surveillance "
1736 "agent, for that matter!) feels the same way. Show your friends respect by "
1737 "encrypting your correspondence with them."
1740 #. type: Content of: <html><body><section><div><div><div><h3>
1741 msgid "Privacy technology is normal in the physical world"
1744 #. type: Content of: <html><body><section><div><div><div><p>
1746 "In the physical realm, we take window blinds, envelopes, and closed doors "
1747 "for granted as ways of protecting our privacy. Why should the digital realm "
1751 #. type: Content of: <html><body><section><div><div><div><h3>
1752 msgid "We shouldn't have to trust our email providers with our privacy"
1755 #. type: Content of: <html><body><section><div><div><div><p>
1757 "Some email providers are very trustworthy, but many have incentives not to "
1758 "protect your privacy and security. To be empowered digital citizens, we need "
1759 "to build our own security from the bottom up."
1762 #. type: Content of: <html><body><section><div><div><h2>
1763 msgid "<em>#2</em> Plan The Workshop"
1766 #. type: Content of: <html><body><section><div><div><p>
1768 "Once you've got at least one interested friend, pick a date and start "
1769 "planning out the workshop. Tell participants to bring their computer and ID "
1770 "(for signing each other's keys). If you'd like to make it easy for the "
1771 "participants to use Diceware for choosing passwords, get a pack of dice "
1772 "beforehand. Make sure the location you select has an easily accessible "
1773 "Internet connection, and make backup plans in case the connection stops "
1774 "working on the day of the workshop. Libraries, coffee shops, and community "
1775 "centers make great locations. Try to get all the participants to set up an "
1776 "Enigmail-compatible email client before the event. Direct them to their "
1777 "email provider's IT department or help page if they run into errors."
1780 #. type: Content of: <html><body><section><div><div><p>
1782 "Estimate that the workshop will take at least forty minutes plus ten minutes "
1783 "for each participant. Plan extra time for questions and technical glitches."
1786 #. type: Content of: <html><body><section><div><div><p>
1788 "The success of the workshop requires understanding and catering to the "
1789 "unique backgrounds and needs of each group of participants. Workshops should "
1790 "stay small, so that each participant receives more individualized "
1791 "instruction. If more than a handful of people want to participate, keep the "
1792 "facilitator to participant ratio high by recruiting more facilitators, or by "
1793 "facilitating multiple workshops. Small workshops among friends work great!"
1796 #. type: Content of: <html><body><section><div><div><h2>
1797 msgid "<em>#3</em> Follow the guide as a group"
1800 #. type: Content of: <html><body><section><div><div><p>
1802 "Work through the Email Self-Defense guide a step at a time as a group. Talk "
1803 "about the steps in detail, but make sure not to overload the participants "
1804 "with minutia. Pitch the bulk of your instructions to the least tech-savvy "
1805 "participants. Make sure all the participants complete each step before the "
1806 "group moves on to the next one. Consider facilitating secondary workshops "
1807 "afterwards for people that had trouble grasping the concepts, or those that "
1808 "grasped them quickly and want to learn more."
1811 #. type: Content of: <html><body><section><div><div><p>
1813 "In <a href=\"index.html#section2\">Section 2</a> of the guide, make sure the "
1814 "participants upload their keys to the same keyserver so that they can "
1815 "immediately download each other's keys later (sometimes there is a delay in "
1816 "synchronization between keyservers). During <a "
1817 "href=\"index.html#section3\">Section 3</a>, give the participants the option "
1818 "to send test messages to each other instead of or as well as "
1819 "Edward. Similarly, in <a href=\"index.html#section4\">Section 4</a>, "
1820 "encourage the participants to sign each other's keys. At the end, make sure "
1821 "to remind people to safely back up their revocation certificates."
1824 #. type: Content of: <html><body><section><div><div><h2>
1825 msgid "<em>#4</em> Explain the pitfalls"
1828 #. type: Content of: <html><body><section><div><div><p>
1830 "Remind participants that encryption works only when it's explicitly used; "
1831 "they won't be able to send an encrypted email to someone who hasn't already "
1832 "set up encryption. Also remind participants to double-check the encryption "
1833 "icon before hitting send, and that subjects and timestamps are never "
1837 #. type: Content of: <html><body><section><div><div><p>
1840 "href=\"https://www.gnu.org/proprietary/proprietary.html\">dangers of running "
1841 "a proprietary system</a> and advocate for free software, because without it, "
1843 "href=\"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance\">meaningfully "
1844 "resist invasions of our digital privacy and autonomy</a>."
1847 #. type: Content of: <html><body><section><div><div><h2>
1848 msgid "<em>#5</em> Share additional resources"
1851 #. type: Content of: <html><body><section><div><div><p>
1853 "GnuPG's advanced options are far too complex to teach in a single "
1854 "workshop. If participants want to know more, point out the advanced "
1855 "subsections in the guide and consider organizing another workshop. You can "
1857 "href=\"https://www.gnupg.org/documentation/index.html\">GnuPG's</a> and <a "
1858 "href=\"https://www.enigmail.net/documentation/index.php\">Enigmail's</a> "
1859 "official documentation and mailing lists. Many GNU/Linux distribution's Web "
1860 "sites also contain a page explaining some of GnuPG's advanced features."
1863 #. type: Content of: <html><body><section><div><div><h2>
1864 msgid "<em>#6</em> Follow up"
1867 #. type: Content of: <html><body><section><div><div><p>
1869 "Make sure everyone has shared email addresses and public key fingerprints "
1870 "before they leave. Encourage the participants to continue to gain GnuPG "
1871 "experience by emailing each other. Send them each an encrypted email one "
1872 "week after the event, reminding them to try adding their public key ID to "
1873 "places where they publicly list their email address."
1876 #. type: Content of: <html><body><section><div><div><p>
1878 "If you have any suggestions for improving this workshop guide, please let us "
1879 "know at <a href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a>."