1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the PACKAGE package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
8 "Project-Id-Version: emailselfdefense 4.0\n"
9 "POT-Creation-Date: 2020-06-25 17:51+0200\n"
10 "PO-Revision-Date: 2020-12-14 23:22+0200\n"
11 "Last-Translator: Andrew V. Isakov <andrij.isakov@gmail.com>\n"
15 "Content-Type: text/plain; charset=UTF-8\n"
16 "Content-Transfer-Encoding: 8bit\n"
18 #. type: Attribute 'lang' of: <html>
22 #. type: Attribute 'content' of: <html><head><meta>
23 msgid "text/html; charset=utf-8"
24 msgstr "text/html; charset=utf-8"
26 #. type: Content of: <html><head><title>
27 msgid "Email Self-Defense - a guide to fighting surveillance with GnuPG encryption"
28 msgstr "E-mail самозахист - довідник боротьби проти налгяду з допомогою GnuPG шифрування"
30 #. type: Attribute 'content' of: <html><head><meta>
31 msgid "GnuPG, GPG, openpgp, surveillance, privacy, email, Enigmail"
34 # може краще "свободу самовираження"?
35 #. type: Attribute 'content' of: <html><head><meta>
37 "Email surveillance violates our fundamental rights and makes free speech "
38 "risky. This guide will teach you email self-defense in 40 minutes with "
40 msgstr "E-mail нагляд порушує наші найфундаментальніші права та робить свободу слова ризикованою. Цей довідник навчить вас e-mail самозахисту всього за 40 хвилин з GnuPG."
42 #. type: Attribute 'content' of: <html><head><meta>
43 msgid "width=device-width, initial-scale=1"
44 msgstr "width=device-width, initial-scale=1"
46 #. type: Content of: <html><body><header><div><p>
48 "<strong>Please check your email for a confirmation link now. Thanks for "
49 "joining our list!</strong>"
50 msgstr "<strong>Будь ласка перевірте чи прийшло на вашу електронну пошту посилання з підтвердженням. Щиро дякуємо, що долучаєтесь до розсилки!</strong>"
52 #. type: Content of: <html><body><header><div><p>
54 "If you don't receive the confirmation link, send us an email at info@fsf.org "
55 "to be added manually."
56 msgstr "Якщо ви не отримаєте посилання з підтвердженням, надішліть нам листа на info@fsf.org аби ми вас додали вручну."
58 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
62 #. type: Content of: <html><body><header><div><p>
63 msgid "Join us on microblogging services for day-to-day updates:"
64 msgstr "Приєднуйтесь до нас на сервісах мікроблоггінгу для щоденних оновлень:"
66 #. type: Content of: <html><body><section><div><div><div><p><a>
67 msgid "<a href=\"https://status.fsf.org/fsf\">"
68 msgstr "<a href=\"https://status.fsf.org/fsf\">"
70 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
74 #. type: Content of: <html><body><section><div><div><div><p><a>
75 msgid " GNU Social</a> | <a href=\"https://hostux.social/@fsf\">"
76 msgstr " GNU Social</a> | <a href=\"https://hostux.social/@fsf\">"
78 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
82 #. type: Content of: <html><body><section><div><div><div><p>
84 " Mastodon</a> | <a "
85 "href=\"https://www.twitter.com/fsf\">Twitter</a>"
86 msgstr " Mastodon</a> | <a href=\"https://www.twitter.com/fsf\">Twitter</a>"
88 #. type: Content of: <html><body><header><div><p>
90 "<small><a href=\"https://www.fsf.org/twitter\">Read why GNU Social and "
91 "Mastodon are better than Twitter.</a></small>"
92 msgstr "<small><a href=\"https://www.fsf.org/twitter\">Читайте чому GNU Social and Mastodon кращі за Twitter.</a></small>"
94 #. type: Content of: <html><body><header><div><p>
95 msgid "← Return to <a href=\"index.html\">Email Self-Defense</a>"
96 msgstr "← Повернутися на <a href=\"index.html\">E-mail самозахист</a>"
98 #. type: Content of: <html><body><footer><div><div><h4><a>
99 msgid "<a href=\"https://u.fsf.org/ys\">"
100 msgstr "<a href=\"https://u.fsf.org/ys\">"
102 #. type: Attribute 'alt' of: <html><body><footer><div><div><h4><a><img>
103 msgid "Free Software Foundation"
104 msgstr "Free Software Foundation"
106 #. type: Content of: <html><body><footer><div><p>
110 #. type: Content of: <html><body><footer><div><div><p>
112 "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software "
113 "Foundation</a>, Inc. <a "
114 "href=\"https://my.fsf.org/donate/privacypolicy.html\">Privacy "
115 "Policy</a>. Please support our work by <a "
116 "href=\"https://u.fsf.org/yr\">joining us as an associate member.</a>"
117 msgstr "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software Foundation</a>, Inc. <a href=\"https://my.fsf.org/donate/privacypolicy.html\">Політика конфіденційності</a>. Будь ласка підтримайте нашу роботу, <a href=\"https://u.fsf.org/yr\">долучаючись до нас як асоційований партнер.</a>"
119 #. type: Content of: <html><body><footer><div><div><p>
121 "The images on this page are under a <a "
122 "href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons "
123 "Attribution 4.0 license (or later version)</a>, and the rest of it is under "
124 "a <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative "
125 "Commons Attribution-ShareAlike 4.0 license (or later version)</a>. Download "
127 "href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> "
128 "source code of Edward reply bot</a> by Andrew Engelbrecht "
129 "<andrew@engelbrecht.io> and Josh Drake <zamnedix@gnu.org>, "
130 "available under the GNU Affero General Public License. <a "
131 "href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Why "
132 "these licenses?</a>"
133 msgstr "Зображення на цій сторінці ліцензуються <a href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons Attribution 4.0 ліцензією (чи пізнішою версією)</a>, всі інші елементи ліцензуються <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative Commons Attribution-ShareAlike 4.0 ліцензією (чи пізнішою версією)</a>. Завантажити <a href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> вихідний код Едварда, бота-відповідача,</a> створеного Андрієм Енгельбрехтом (Andrew Engelbrecht) <andrew@engelbrecht.io> та Джошем Дрейком (Josh Drake) <zamnedix@gnu.org>, доступним за ліцензією GNU Affero General Public License. <a href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Чому ці ліцензії?</a>"
135 #. type: Content of: <html><body><footer><div><div><p>
137 "Fonts used in the guide & infographic: <a "
138 "href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo "
140 "href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna "
142 "href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo "
143 "Narrow</a> by Omnibus-Type, <a "
144 "href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> "
146 msgstr "Шрифти використані в цьому довіднику & інфографіка: <a href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo Impallari, <a href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna Giedryś, <a href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo Narrow</a> by Omnibus-Type, <a href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> by Florian Cramer."
148 #. type: Content of: <html><body><footer><div><div><p>
150 "Download the <a href=\"emailselfdefense_source.zip\">source package</a> for "
151 "this guide, including fonts, image source files and the text of Edward's "
153 msgstr "Завантажити <a href=\"emailselfdefense_source.zip\">архів з вихідним кодом</a> для цього довідника, включно з шрифтами, вихідними зображеннями та текстом повідомлень Едварда."
155 #. type: Content of: <html><body><footer><div><div><p>
157 "This site uses the Weblabels standard for labeling <a "
158 "href=\"https://www.fsf.org/campaigns/freejs\">free JavaScript</a>. View the "
159 "JavaScript <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" "
160 "rel=\"jslicense\">source code and license information</a>."
161 msgstr "Цей сайт використовує Weblabels стандарт для маркування <a href=\"https://www.fsf.org/campaigns/freejs\">вільного JavaScript</a>. Переглянути вихідний код та інформацію про ліцензування <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" rel=\"jslicense\">JavaScript</a>."
163 #. type: Content of: <html><body><footer><div><p><a>
165 "Infographic and guide design by <a rel=\"external\" "
166 "href=\"http://jplusplus.org\"><strong>Journalism++</strong>"
169 #. type: Attribute 'alt' of: <html><body><footer><div><p><a><img>
173 #. type: Content of: <html><body><header><div><h1>
174 msgid "Email Self-Defense"
177 #. type: Content of: <html><body><header><div><ul><li>
178 msgid "<a class=\"current\" href=\"/en\">English - v4.0</a>"
181 #. type: Content of: <html><body><header><div><ul><li>
182 msgid "<a href=\"/ar\">العربية <span class=\"tip\">tip</span></a>"
185 #. type: Content of: <html><body><header><div><ul><li>
186 msgid "<a href=\"/cs\">čeština - v4.0</a>"
189 #. type: Content of: <html><body><header><div><ul><li>
190 msgid "<a href=\"/de\">Deutsch - v4.0</a>"
193 #. type: Content of: <html><body><header><div><ul><li>
194 msgid "<a href=\"/el\">ελληνικά - v3.0</a>"
197 #. type: Content of: <html><body><header><div><ul><li>
198 msgid "<a href=\"/es\">español - v4.0</a>"
201 #. type: Content of: <html><body><header><div><ul><li>
202 msgid "<a href=\"/fa\">فارسی - v4.0</a>"
205 #. type: Content of: <html><body><header><div><ul><li>
206 msgid "<a href=\"/fr\">français - v4.0</a>"
209 #. type: Content of: <html><body><header><div><ul><li>
210 msgid "<a href=\"/it\">italiano - v3.0</a>"
213 #. type: Content of: <html><body><header><div><ul><li>
214 msgid "<a href=\"/ja\">日本語 - v4.0</a>"
217 #. type: Content of: <html><body><header><div><ul><li>
218 msgid "<a href=\"/ko\">한국어 <span class=\"tip\">tip</span></a>"
221 #. type: Content of: <html><body><header><div><ul><li>
222 msgid "<a href=\"/ml\">മലയാളം <span class=\"tip\">tip</span></a>"
225 #. type: Content of: <html><body><header><div><ul><li>
226 msgid "<a href=\"/pt-br\">português do Brasil - v3.0</a>"
229 #. type: Content of: <html><body><header><div><ul><li>
230 msgid "<a href=\"/ro\">română - v3.0</a>"
233 #. type: Content of: <html><body><header><div><ul><li>
234 msgid "<a href=\"/ru\">русский - v4.0</a>"
237 #. type: Content of: <html><body><header><div><ul><li>
238 msgid "<a href=\"/sq\">Shqip - v4.0</a>"
241 #. type: Content of: <html><body><header><div><ul><li>
242 msgid "<a href=\"/sv\">svenska - v4.0</a>"
245 #. type: Content of: <html><body><header><div><ul><li>
246 msgid "<a href=\"/tr\">Türkçe - v4.0</a>"
249 #. type: Content of: <html><body><header><div><ul><li>
250 msgid "<a href=\"/zh-hans\">简体中文 - v4.0</a>"
253 #. type: Content of: <html><body><header><div><ul><li>
255 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Translation_Guide\"> "
256 "<strong><span style=\"color: #2F5FAA;\">Translate!</span></strong></a>"
259 #. type: Content of: <html><body><header><div><ul><li>
260 msgid "<a href=\"index.html\" class=\"current\">GNU/Linux</a>"
263 #. type: Content of: <html><body><header><div><ul><li>
264 msgid "<a href=\"mac.html\">Mac OS</a>"
267 #. type: Content of: <html><body><header><div><ul><li>
268 msgid "<a href=\"windows.html\">Windows</a>"
271 #. type: Content of: <html><body><header><div><ul><li>
272 msgid "<a href=\"workshops.html\">Teach your friends</a>"
275 #. type: Content of: <html><body><header><div><ul><li><a>
277 "<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email "
278 "encryption for everyone via %40fsf\"> Share "
281 #. type: Content of: <html><body><header><div><ul><li><a>
285 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
289 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
290 msgid "[Hacker News]"
293 #. type: Content of: <html><body><header><div><div><h3><a>
294 msgid "<a href=\"http://u.fsf.org/ys\">"
297 #. type: Content of: <html><body><header><div><div><div><p>
299 "We fight for computer users' rights, and promote the development of free (as "
300 "in freedom) software. Resisting bulk surveillance is very important to us."
303 #. type: Content of: <html><body><header><div><div><div><p>
305 "<strong>Please donate to support Email Self-Defense. We need to keep "
306 "improving it, and making more materials, for the benefit of people around "
307 "the world taking the first step towards protecting their privacy.</strong>"
310 #. type: Content of: <html><body><header><div><div><p><a>
313 "href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate\">"
316 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
320 #. type: Content of: <html><body><header><div><div><p><a>
321 msgid "<a id=\"infographic\" href=\"infographic.html\">"
324 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
325 msgid "View & share our infographic →"
328 #. type: Content of: <html><body><header><div><div><p>
330 "</a> Bulk surveillance violates our fundamental rights and makes free speech "
331 "risky. This guide will teach you a basic surveillance self-defense skill: "
332 "email encryption. Once you've finished, you'll be able to send and receive "
333 "emails that are scrambled to make sure a surveillance agent or thief "
334 "intercepting your email can't read them. All you need is a computer with an "
335 "Internet connection, an email account, and about forty minutes."
338 #. type: Content of: <html><body><header><div><div><p>
340 "Even if you have nothing to hide, using encryption helps protect the privacy "
341 "of people you communicate with, and makes life difficult for bulk "
342 "surveillance systems. If you do have something important to hide, you're in "
343 "good company; these are the same tools that whistleblowers use to protect "
344 "their identities while shining light on human rights abuses, corruption and "
348 #. type: Content of: <html><body><header><div><div><p>
350 "In addition to using encryption, standing up to surveillance requires "
351 "fighting politically for a <a "
352 "href=\"http://gnu.org/philosophy/surveillance-vs-democracy.html\">reduction "
353 "in the amount of data collected on us</a>, but the essential first step is "
354 "to protect yourself and make surveillance of your communication as difficult "
355 "as possible. This guide helps you do that. It is designed for beginners, but "
356 "if you already know the basics of GnuPG or are an experienced free software "
357 "user, you'll enjoy the advanced tips and the <a "
358 "href=\"workshops.html\">guide to teaching your friends</a>."
361 #. type: Content of: <html><body><section><div><div><h2>
362 msgid "<em>#1</em> Get the pieces"
365 #. type: Content of: <html><body><section><div><div><p>
367 "This guide relies on software which is <a "
368 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
369 "it's completely transparent and anyone can copy it or make their own "
370 "version. This makes it safer from surveillance than proprietary software "
371 "(like Windows). Learn more about free software at <a "
372 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
375 #. type: Content of: <html><body><section><div><div><p>
377 "Most GNU/Linux operating systems come with GnuPG installed on them, so you "
378 "don't have to download it. Before configuring GnuPG though, you'll need the "
379 "IceDove desktop email program installed on your computer. Most GNU/Linux "
380 "distributions have IceDove installed already, though it may be under the "
381 "alternate name \"Thunderbird.\" Email programs are another way to access the "
382 "same email accounts you can access in a browser (like Gmail), but provide "
386 #. type: Content of: <html><body><section><div><div><p>
388 "If you already have an email program, you can skip to <a "
389 "href=\"#step-1b\">Step 1.b</a>."
392 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
393 msgid "Step 1.A: Install Wizard"
396 #. type: Content of: <html><body><section><div><div><div><h3>
397 msgid "<em>Step 1.a</em> Set up your email program with your email account"
400 #. type: Content of: <html><body><section><div><div><div><p>
402 "Open your email program and follow the wizard (step-by-step walkthrough) "
403 "that sets it up with your email account."
406 #. type: Content of: <html><body><section><div><div><div><p>
408 "Look for the letters SSL, TLS, or STARTTLS to the right of the servers when "
409 "you're setting up your account. If you don't see them, you will still be "
410 "able to use encryption, but this means that the people running your email "
411 "system are running behind the industry standard in protecting your security "
412 "and privacy. We recommend that you send them a friendly email asking them to "
413 "enable SSL, TLS, or STARTTLS for your email server. They will know what "
414 "you're talking about, so it's worth making the request even if you aren't an "
415 "expert on these security systems."
418 #. type: Content of: <html><body><section><div><div><div><div><h4>
419 msgid "Troubleshooting"
422 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
423 msgid "The wizard doesn't launch"
426 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
428 "You can launch the wizard yourself, but the menu option for doing so is "
429 "named differently in each email program. The button to launch it will be in "
430 "the program's main menu, under \"New\" or something similar, titled "
431 "something like \"Add account\" or \"New/Existing email account.\""
434 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
435 msgid "The wizard can't find my account or isn't downloading my mail"
438 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
440 "Before searching the Web, we recommend you start by asking other people who "
441 "use your email system, to figure out the correct settings."
444 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
445 msgid "Don't see a solution to your problem?"
448 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
450 "Please let us know on the <a "
451 "href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">feedback "
455 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
456 msgid "Step 1.B: Tools -> Add-ons"
459 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
460 msgid "Step 1.B: Search Add-ons"
463 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
464 msgid "Step 1.B: Install Add-ons"
467 #. type: Content of: <html><body><section><div><div><div><h3>
468 msgid "<em>Step 1.b</em> Install the Enigmail plugin for your email program"
471 #. type: Content of: <html><body><section><div><div><div><p>
473 "In your email program's menu, select Add-ons (it may be in the Tools "
474 "section). Make sure Extensions is selected on the left. Do you see Enigmail? "
475 "Make sure it's the latest version. If so, skip this step."
478 #. type: Content of: <html><body><section><div><div><div><p>
480 "If not, search \"Enigmail\" with the search bar in the upper right. You can "
481 "take it from here. Restart your email program when you're done."
484 #. type: Content of: <html><body><section><div><div><div><p>
486 "There are major security flaws in versions of GnuPG prior to 2.2.8, and "
487 "Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, "
491 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
492 msgid "I can't find the menu."
495 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
497 "In many new email programs, the main menu is represented by an image of "
498 "three stacked horizontal bars."
501 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
502 msgid "My email looks weird"
505 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
507 "Enigmail doesn't tend to play nice with HTML, which is used to format "
508 "emails, so it may disable your HTML formatting automatically. To send an "
509 "HTML-formatted email without encryption or a signature, hold down the Shift "
510 "key when you select compose. You can then write an email as if Enigmail "
514 #. type: Content of: <html><body><section><div><div><h2>
515 msgid "<em>#2</em> Make your keys"
518 #. type: Content of: <html><body><section><div><div><p>
520 "To use the GnuPG system, you'll need a public key and a private key (known "
521 "together as a keypair). Each is a long string of randomly generated numbers "
522 "and letters that are unique to you. Your public and private keys are linked "
523 "together by a special mathematical function."
526 #. type: Content of: <html><body><section><div><div><p>
528 "Your public key isn't like a physical key, because it's stored in the open "
529 "in an online directory called a keyserver. People download it and use it, "
530 "along with GnuPG, to encrypt emails they send to you. You can think of the "
531 "keyserver as a phonebook; people who want to send you encrypted email can "
532 "look up your public key."
535 #. type: Content of: <html><body><section><div><div><p>
537 "Your private key is more like a physical key, because you keep it to "
538 "yourself (on your computer). You use GnuPG and your private key together to "
539 "descramble encrypted emails other people send to you. <span "
540 "style=\"font-weight: bold;\">You should never share your private key with "
541 "anyone, under any circumstances.</span>"
544 #. type: Content of: <html><body><section><div><div><p>
546 "In addition to encryption and decryption, you can also use these keys to "
547 "sign messages and check the authenticity of other people's signatures. We'll "
548 "discuss this more in the next section."
551 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
552 msgid "Step 2.A: Make a Keypair"
555 #. type: Content of: <html><body><section><div><div><div><h3>
556 msgid "<em>Step 2.a</em> Make a keypair"
559 #. type: Content of: <html><body><section><div><div><div><p>
561 "The Enigmail Setup wizard may start automatically. If it doesn't, select "
562 "Enigmail → Setup Wizard from your email program's menu. You don't need "
563 "to read the text in the window that pops up unless you'd like to, but it's "
564 "good to read the text on the later screens of the wizard. Click Next with "
565 "the default options selected, except in these instances, which are listed in "
566 "the order they appear:"
569 #. type: Content of: <html><body><section><div><div><div><ul><li>
571 "On the screen titled \"Encryption,\" select \"Encrypt all of my messages by "
572 "default, because privacy is critical to me.\""
575 #. type: Content of: <html><body><section><div><div><div><ul><li>
577 "On the screen titled \"Signing,\" select \"Don't sign my messages by "
581 #. type: Content of: <html><body><section><div><div><div><ul><li>
583 "On the screen titled \"Key Selection,\" select \"I want to create a new key "
584 "pair for signing and encrypting my email.\""
587 #. type: Content of: <html><body><section><div><div><div><ul><li>
589 "On the screen titled \"Create Key,\" pick a strong password! You can do it "
590 "manually, or you can use the Diceware method. Doing it manually is faster "
591 "but not as secure. Using Diceware takes longer and requires dice, but "
592 "creates a password that is much harder for attackers to figure out. To use "
593 "it, read the section \"Make a secure passphrase with Diceware\" in <a "
594 "href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\"> "
595 "this article</a> by Micah Lee."
598 #. type: Content of: <html><body><section><div><div><div><p>
600 "If you'd like to pick a password manually, come up with something you can "
601 "remember which is at least twelve characters long, and includes at least one "
602 "lower case and upper case letter and at least one number or punctuation "
603 "symbol. Never pick a password you've used elsewhere. Don't use any "
604 "recognizable patterns, such as birthdays, telephone numbers, pets' names, "
605 "song lyrics, quotes from books, and so on."
608 #. type: Content of: <html><body><section><div><div><div><p>
610 "The program will take a little while to finish the next step, the \"Key "
611 "Creation\" screen. While you wait, do something else with your computer, "
612 "like watching a movie or browsing the Web. The more you use the computer at "
613 "this point, the faster the key creation will go."
616 #. type: Content of: <html><body><section><div><div><div><p>
618 "<span style=\"font-weight: bold;\">When the \"Key Generation Completed\" "
619 "screen pops up, select Generate Certificate and choose to save it in a safe "
620 "place on your computer (we recommend making a folder called \"Revocation "
621 "Certificate\" in your home folder and keeping it there). This step is "
622 "essential for your email self-defense, as you'll learn more about in <a "
623 "href=\"#section5\">Section 5</a>.</span>"
626 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
627 msgid "I can't find the Enigmail menu."
630 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
632 "In many new email programs, the main menu is represented by an image of "
633 "three stacked horizontal bars. Enigmail may be inside a section called "
637 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
638 msgid "The wizard says that it cannot find GnuPG."
641 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
643 "Open whatever program you usually use for installing software, and search "
644 "for GnuPG, then install it. Then restart the Enigmail setup wizard by going "
645 "to Enigmail → Setup Wizard."
648 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
649 msgid "More resources"
652 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
654 "If you're having trouble with our instructions or just want to learn more, "
656 "href=\"https://www.enigmail.net/documentation/Key_Management#Generating_your_own_key_pair\"> "
657 "Enigmail's wiki instructions for key generation</a>."
660 #. type: Content of: <html><body><section><div><div><div><div><h4>
664 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
665 msgid "Command line key generation"
668 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
670 "If you prefer using the command line for a higher degree of control, you can "
671 "follow the documentation from <a "
672 "href=\"https://www.gnupg.org/gph/en/manual/c14.html#AEN25\">The GNU Privacy "
673 "Handbook</a>. Make sure you stick with \"RSA and RSA\" (the default), "
674 "because it's newer and more secure than the algorithms the documentation "
675 "recommends. Also make sure your key is at least 2048 bits, or 4096 if you "
676 "want to be extra secure."
679 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
680 msgid "Advanced key pairs"
683 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
685 "When GnuPG creates a new keypair, it compartmentalizes the encryption "
686 "function from the signing function through <a "
687 "href=\"https://wiki.debian.org/Subkeys\">subkeys</a>. If you use subkeys "
688 "carefully, you can keep your GnuPG identity much more secure and recover "
689 "from a compromised key much more quickly. <a "
690 "href=\"https://alexcabal.com/creating-the-perfect-gpg-keypair/\">Alex "
691 "Cabal</a> and <a href=\"http://keyring.debian.org/creating-key.html\">the "
692 "Debian wiki</a> provide good guides for setting up a secure subkey "
696 #. type: Content of: <html><body><section><div><div><div><h3>
697 msgid "<em>Step 2.b</em> Upload your public key to a keyserver"
700 #. type: Content of: <html><body><section><div><div><div><p>
701 msgid "In your email program's menu, select Enigmail → Key Management."
704 #. type: Content of: <html><body><section><div><div><div><p>
706 "Right click on your key and select Upload Public Keys to Keyserver. You "
707 "don't have to use the default keyserver. If, after research, you would like "
708 "to change to a different default keyserver, you can change that setting "
709 "manually in the Enigmail preferences."
712 #. type: Content of: <html><body><section><div><div><div><p>
714 "Now someone who wants to send you an encrypted message can download your "
715 "public key from the Internet. There are multiple keyservers that you can "
716 "select from the menu when you upload, but they are all copies of each other, "
717 "so it doesn't matter which one you use. However, it sometimes takes a few "
718 "hours for them to match each other when a new key is uploaded."
721 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
722 msgid "The progress bar never finishes"
725 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
727 "Close the upload popup, make sure you are connected to the Internet, and try "
728 "again. If that doesn't work, try again, selecting a different keyserver."
731 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
732 msgid "My key doesn't appear in the list"
735 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
736 msgid "Try checking \"Display All Keys by Default.\""
739 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
740 msgid "More documentation"
743 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
745 "If you're having trouble with our instructions or just want to learn more, "
747 "href=\"https://www.enigmail.net/documentation/Key_Management#Distributing_your_public_key\"> "
748 "Enigmail's documentation</a>."
751 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
752 msgid "Uploading a key from the command line"
755 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
757 "You can also upload your keys to a keyserver through the <a "
758 "href=\"https://www.gnupg.org/gph/en/manual/x457.html\">command line</a>. <a "
759 "href=\"https://sks-keyservers.net/overview-of-pools.php\">The sks Web "
760 "site</a> maintains a list of highly interconnected keyservers. You can also "
761 "<a href=\"https://www.gnupg.org/gph/en/manual/x56.html#AEN64\">directly "
762 "export your key</a> as a file on your computer."
765 #. type: Content of: <html><body><section><div><div><div><h3>
766 msgid "GnuPG, OpenPGP, what?"
769 #. type: Content of: <html><body><section><div><div><div><p>
771 "In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP are "
772 "used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the "
773 "encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) "
774 "is the program that implements the standard. Enigmail is a plug-in program "
775 "for your email program that provides an interface for GnuPG."
778 #. type: Content of: <html><body><section><div><div><h2>
779 msgid "<em>#3</em> Try it out!"
782 #. type: Content of: <html><body><section><div><div><p>
784 "Now you'll try a test correspondence with a computer program named Edward, "
785 "who knows how to use encryption. Except where noted, these are the same "
786 "steps you'd follow when corresponding with a real, live person."
789 #. type: Content of: <html><body><section><div><div><div><h3>
790 msgid "<em>Step 3.a</em> Send Edward your public key"
793 #. type: Content of: <html><body><section><div><div><div><p>
795 "This is a special step that you won't have to do when corresponding with "
796 "real people. In your email program's menu, go to Enigmail → Key "
797 "Management. You should see your key in the list that pops up. Right click on "
798 "your key and select Send Public Keys by Email. This will create a new draft "
799 "message, as if you had just hit the Write button."
802 #. type: Content of: <html><body><section><div><div><div><p>
804 "Address the message to <a "
805 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Put at least one "
806 "word (whatever you want) in the subject and body of the email. Don't send "
810 #. type: Content of: <html><body><section><div><div><div><p>
812 "The lock icon in the top left should be yellow, meaning encryption is turned "
813 "on. We want this first special message to be unencrypted, so click the icon "
814 "once to turn it off. The lock should become grey, with a blue dot on it (to "
815 "alert you that the setting has been changed from the default). Once "
816 "encryption is off, hit Send."
819 #. type: Content of: <html><body><section><div><div><div><p>
821 "It may take two or three minutes for Edward to respond. In the meantime, you "
822 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
823 "Well</a> section of this guide. Once he's responded, head to the next "
824 "step. From here on, you'll be doing just the same thing as when "
825 "corresponding with a real person."
828 #. type: Content of: <html><body><section><div><div><div><p>
830 "When you open Edward's reply, GnuPG may prompt you for your password before "
831 "using your private key to decrypt it."
834 #. type: Content of: <html><body><section><div><div><div><h3>
835 msgid "<em>Step 3.b</em> Send a test encrypted email"
838 #. type: Content of: <html><body><section><div><div><div><p>
840 "Write a new email in your email program, addressed to <a "
841 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Make the subject "
842 "\"Encryption test\" or something similar and write something in the body."
845 #. type: Content of: <html><body><section><div><div><div><p>
847 "The lock icon in the top left of the window should be yellow, meaning "
848 "encryption is on. This will be your default from now on."
851 #. type: Content of: <html><body><section><div><div><div><p>
853 "Next to the lock, you'll notice an icon of a pencil. We'll get to this in a "
857 #. type: Content of: <html><body><section><div><div><div><p>
859 "Click Send. Enigmail will pop up a window that says \"Recipients not valid, "
860 "not trusted or not found.\""
863 #. type: Content of: <html><body><section><div><div><div><p>
865 "To encrypt an email to Edward, you need his public key, so now you'll have "
866 "Enigmail download it from a keyserver. Click Download Missing Keys and use "
867 "the default in the pop-up that asks you to choose a keyserver. Once it finds "
868 "keys, check the first one (Key ID starting with C), then select ok. Select "
869 "ok in the next pop-up."
872 #. type: Content of: <html><body><section><div><div><div><p>
874 "Now you are back at the \"Recipients not valid, not trusted or not found\" "
875 "screen. Check the box in front of Edward's key and click Send."
878 #. type: Content of: <html><body><section><div><div><div><p>
880 "Since you encrypted this email with Edward's public key, Edward's private "
881 "key is required to decrypt it. Edward is the only one with his private key, "
882 "so no one except him can decrypt it."
885 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
886 msgid "Enigmail can't find Edward's key"
889 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
891 "Close the pop-ups that have appeared since you clicked Send. Make sure you "
892 "are connected to the Internet and try again. If that doesn't work, repeat "
893 "the process, choosing a different keyserver when it asks you to pick one."
896 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
897 msgid "Unscrambled messages in the Sent folder"
900 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
902 "Even though you can't decrypt messages encrypted to someone else's key, your "
903 "email program will automatically save a copy encrypted to your public key, "
904 "which you'll be able to view from the Sent folder like a normal email. This "
905 "is normal, and it doesn't mean that your email was not sent encrypted."
908 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
910 "If you're still having trouble with our instructions or just want to learn "
911 "more, check out <a "
912 "href=\"https://www.enigmail.net/documentation/Signature_and_Encryption#Encrypting_a_message\"> "
913 "Enigmail's wiki</a>."
916 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
917 msgid "Encrypt messages from the command line"
920 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
922 "You can also encrypt and decrypt messages and files from the <a "
923 "href=\"https://www.gnupg.org/gph/en/manual/x110.html\">command line</a>, if "
924 "that's your preference. The option --armor makes the encrypted output appear "
925 "in the regular character set."
928 #. type: Content of: <html><body><section><div><div><div><h3>
929 msgid "<em>Important:</em> Security tips"
932 #. type: Content of: <html><body><section><div><div><div><p>
934 "Even if you encrypt your email, the subject line is not encrypted, so don't "
935 "put private information there. The sending and receiving addresses aren't "
936 "encrypted either, so a surveillance system can still figure out who you're "
937 "communicating with. Also, surveillance agents will know that you're using "
938 "GnuPG, even if they can't figure out what you're saying. When you send "
939 "attachments, Enigmail will give you the choice to encrypt them or not, "
940 "independent of the actual email."
943 #. type: Content of: <html><body><section><div><div><div><p>
945 "For greater security against potential attacks, you can turn off "
946 "HTML. Instead, you can render the message body as plain text. In order to do "
947 "this in Thunderbird, go to View > Message Body As > Plain Text."
950 #. type: Content of: <html><body><section><div><div><div><h3>
951 msgid "<em>Step 3.c</em> Receive a response"
954 #. type: Content of: <html><body><section><div><div><div><p>
956 "When Edward receives your email, he will use his private key to decrypt it, "
960 #. type: Content of: <html><body><section><div><div><div><p>
962 "It may take two or three minutes for Edward to respond. In the meantime, you "
963 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
964 "Well</a> section of this guide."
967 #. type: Content of: <html><body><section><div><div><div><h3>
968 msgid "<em>Step 3.d</em> Send a test signed email"
971 #. type: Content of: <html><body><section><div><div><div><p>
973 "GnuPG includes a way for you to sign messages and files, verifying that they "
974 "came from you and that they weren't tampered with along the way. These "
975 "signatures are stronger than their pen-and-paper cousins -- they're "
976 "impossible to forge, because they're impossible to create without your "
977 "private key (another reason to keep your private key safe)."
980 #. type: Content of: <html><body><section><div><div><div><p>
982 "You can sign messages to anyone, so it's a great way to make people aware "
983 "that you use GnuPG and that they can communicate with you securely. If they "
984 "don't have GnuPG, they will be able to read your message and see your "
985 "signature. If they do have GnuPG, they'll also be able to verify that your "
986 "signature is authentic."
989 #. type: Content of: <html><body><section><div><div><div><p>
991 "To sign an email to Edward, compose any message to him and click the pencil "
992 "icon next to the lock icon so that it turns gold. If you sign a message, "
993 "GnuPG may ask you for your password before it sends the message, because it "
994 "needs to unlock your private key for signing."
997 #. type: Content of: <html><body><section><div><div><div><p>
999 "With the lock and pencil icons, you can choose whether each message will be "
1000 "encrypted, signed, both, or neither."
1003 #. type: Content of: <html><body><section><div><div><div><h3>
1004 msgid "<em>Step 3.e</em> Receive a response"
1007 #. type: Content of: <html><body><section><div><div><div><p>
1009 "When Edward receives your email, he will use your public key (which you sent "
1010 "him in <a href=\"#step-3a\">Step 3.A</a>) to verify the message you sent has "
1011 "not been tampered with and to encrypt his reply to you."
1014 #. type: Content of: <html><body><section><div><div><div><p>
1016 "Edward's reply will arrive encrypted, because he prefers to use encryption "
1017 "whenever possible. If everything goes according to plan, it should say "
1018 "\"Your signature was verified.\" If your test signed email was also "
1019 "encrypted, he will mention that first."
1022 #. type: Content of: <html><body><section><div><div><div><p>
1024 "When you receive Edward's email and open it, Enigmail will automatically "
1025 "detect that it is encrypted with your public key, and then it will use your "
1026 "private key to decrypt it."
1029 #. type: Content of: <html><body><section><div><div><div><p>
1031 "Notice the bar that Enigmail shows you above the message, with information "
1032 "about the status of Edward's key."
1035 #. type: Content of: <html><body><section><div><div><h2>
1036 msgid "<em>#4</em> Learn the Web of Trust"
1039 #. type: Content of: <html><body><section><div><div><p>
1041 "Email encryption is a powerful technology, but it has a weakness; it "
1042 "requires a way to verify that a person's public key is actually "
1043 "theirs. Otherwise, there would be no way to stop an attacker from making an "
1044 "email address with your friend's name, creating keys to go with it and "
1045 "impersonating your friend. That's why the free software programmers that "
1046 "developed email encryption created keysigning and the Web of Trust."
1049 #. type: Content of: <html><body><section><div><div><p>
1051 "When you sign someone's key, you are publicly saying that you've verified "
1052 "that it belongs to them and not someone else."
1055 #. type: Content of: <html><body><section><div><div><p>
1057 "Signing keys and signing messages use the same type of mathematical "
1058 "operation, but they carry very different implications. It's a good practice "
1059 "to generally sign your email, but if you casually sign people's keys, you "
1060 "may accidently end up vouching for the identity of an imposter."
1063 #. type: Content of: <html><body><section><div><div><p>
1065 "People who use your public key can see who has signed it. Once you've used "
1066 "GnuPG for a long time, your key may have hundreds of signatures. You can "
1067 "consider a key to be more trustworthy if it has many signatures from people "
1068 "that you trust. The Web of Trust is a constellation of GnuPG users, "
1069 "connected to each other by chains of trust expressed through signatures."
1072 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1073 msgid "Section 4: Web of Trust"
1076 #. type: Content of: <html><body><section><div><div><div><h3>
1077 msgid "<em>Step 4.a</em> Sign a key"
1080 #. type: Content of: <html><body><section><div><div><div><p>
1081 msgid "In your email program's menu, go to Enigmail → Key Management."
1084 #. type: Content of: <html><body><section><div><div><div><p>
1086 "Right click on Edward's public key and select Sign Key from the context "
1090 #. type: Content of: <html><body><section><div><div><div><p>
1091 msgid "In the window that pops up, select \"I will not answer\" and click ok."
1094 #. type: Content of: <html><body><section><div><div><div><p>
1096 "Now you should be back at the Key Management menu. Select Keyserver → "
1097 "Upload Public Keys and hit ok."
1100 #. type: Content of: <html><body><section><div><div><div><p>
1102 "You've just effectively said \"I trust that Edward's public key actually "
1103 "belongs to Edward.\" This doesn't mean much because Edward isn't a real "
1104 "person, but it's good practice."
1107 #. type: Content of: <html><body><section><div><div><div><h3>
1108 msgid "Identifying keys: Fingerprints and IDs"
1111 #. type: Content of: <html><body><section><div><div><div><p>
1113 "People's public keys are usually identified by their key fingerprint, which "
1114 "is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 (for "
1115 "Edward's key). You can see the fingerprint for your public key, and other "
1116 "public keys saved on your computer, by going to Enigmail → Key "
1117 "Management in your email program's menu, then right clicking on the key and "
1118 "choosing Key Properties. It's good practice to share your fingerprint "
1119 "wherever you share your email address, so that people can double-check that "
1120 "they have the correct public key when they download yours from a keyserver."
1123 #. type: Content of: <html><body><section><div><div><div><p>
1125 "You may also see public keys referred to by a shorter key ID. This key ID is "
1126 "visible directly from the Key Management window. These eight character key "
1127 "IDs were previously used for identification, which used to be safe, but is "
1128 "no longer reliable. You need to check the full fingerprint as part of "
1129 "verifying you have the correct key for the person you are trying to "
1130 "contact. Spoofing, in which someone intentionally generates a key with a "
1131 "fingerprint whose final eight characters are the same as another, is "
1132 "unfortunately common."
1135 #. type: Content of: <html><body><section><div><div><div><h3>
1136 msgid "<em>Important:</em> What to consider when signing keys"
1139 #. type: Content of: <html><body><section><div><div><div><p>
1141 "Before signing a person's key, you need to be confident that it actually "
1142 "belongs to them, and that they are who they say they are. Ideally, this "
1143 "confidence comes from having interactions and conversations with them over "
1144 "time, and witnessing interactions between them and others. Whenever signing "
1145 "a key, ask to see the full public key fingerprint, and not just the shorter "
1146 "key ID. If you feel it's important to sign the key of someone you've just "
1147 "met, also ask them to show you their government identification, and make "
1148 "sure the name on the ID matches the name on the public key. In Enigmail, "
1149 "answer honestly in the window that pops up and asks \"How carefully have you "
1150 "verified that the key you are about to sign actually belongs to the "
1151 "person(s) named above?\""
1154 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1155 msgid "Master the Web of Trust"
1158 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1160 "Unfortunately, trust does not spread between users the way <a "
1161 "href=\"http://fennetic.net/irc/finney.org/~hal/web_of_trust.html\">many "
1162 "people think</a>. One of best ways to strengthen the GnuPG community is to "
1164 "href=\"https://www.gnupg.org/gph/en/manual/x334.html\">understand</a> the "
1165 "Web of Trust and to carefully sign as many people's keys as circumstances "
1169 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1170 msgid "Set ownertrust"
1173 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1175 "If you trust someone enough to validate other people's keys, you can assign "
1176 "them an ownertrust level through Enigmails's key management window. Right "
1177 "click on the other person's key, go to the \"Select Owner Trust\" menu "
1178 "option, select the trustlevel and click OK. Only do this once you feel you "
1179 "have a deep understanding of the Web of Trust."
1182 #. type: Content of: <html><body><section><div><div><h2>
1183 msgid "<em>#5</em> Use it well"
1186 #. type: Content of: <html><body><section><div><div><p>
1188 "Everyone uses GnuPG a little differently, but it's important to follow some "
1189 "basic practices to keep your email secure. Not following them, you risk the "
1190 "privacy of the people you communicate with, as well as your own, and damage "
1194 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1195 msgid "Section 5: Use it Well (1)"
1198 #. type: Content of: <html><body><section><div><div><div><h3>
1199 msgid "When should I encrypt? When should I sign?"
1202 #. type: Content of: <html><body><section><div><div><div><p>
1204 "The more you can encrypt your messages, the better. If you only encrypt "
1205 "emails occasionally, each encrypted message could raise a red flag for "
1206 "surveillance systems. If all or most of your email is encrypted, people "
1207 "doing surveillance won't know where to start. That's not to say that only "
1208 "encrypting some of your email isn't helpful -- it's a great start and it "
1209 "makes bulk surveillance more difficult."
1212 #. type: Content of: <html><body><section><div><div><div><p>
1214 "Unless you don't want to reveal your own identity (which requires other "
1215 "protective measures), there's no reason not to sign every message, whether "
1216 "or not you are encrypting. In addition to allowing those with GnuPG to "
1217 "verify that the message came from you, signing is a non-intrusive way to "
1218 "remind everyone that you use GnuPG and show support for secure "
1219 "communication. If you often send signed messages to people that aren't "
1220 "familiar with GnuPG, it's nice to also include a link to this guide in your "
1221 "standard email signature (the text kind, not the cryptographic kind)."
1224 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1225 msgid "Section 5: Use it Well (2)"
1228 #. type: Content of: <html><body><section><div><div><div><h3>
1229 msgid "Be wary of invalid keys"
1232 #. type: Content of: <html><body><section><div><div><div><p>
1234 "GnuPG makes email safer, but it's still important to watch out for invalid "
1235 "keys, which might have fallen into the wrong hands. Email encrypted with "
1236 "invalid keys might be readable by surveillance programs."
1239 #. type: Content of: <html><body><section><div><div><div><p>
1241 "In your email program, go back to the first encrypted email that Edward sent "
1242 "you. Because Edward encrypted it with your public key, it will have a "
1243 "message from Enigmail at the top, which most likely says \"Enigmail: Part of "
1244 "this message encrypted.\""
1247 #. type: Content of: <html><body><section><div><div><div><p>
1249 "<b>When using GnuPG, make a habit of glancing at that bar. The program will "
1250 "warn you there if you get an email signed with a key that can't be "
1254 #. type: Content of: <html><body><section><div><div><div><h3>
1255 msgid "Copy your revocation certificate to somewhere safe"
1258 #. type: Content of: <html><body><section><div><div><div><p>
1260 "Remember when you created your keys and saved the revocation certificate "
1261 "that GnuPG made? It's time to copy that certificate onto the safest digital "
1262 "storage that you have -- the ideal thing is a flash drive, disk, or hard "
1263 "drive stored in a safe place in your home, not on a device you carry with "
1267 #. type: Content of: <html><body><section><div><div><div><p>
1269 "If your private key ever gets lost or stolen, you'll need this certificate "
1270 "file to let people know that you are no longer using that keypair."
1273 #. type: Content of: <html><body><section><div><div><div><h3>
1274 msgid "<em>Important:</em> act swiftly if someone gets your private key"
1277 #. type: Content of: <html><body><section><div><div><div><p>
1279 "If you lose your private key or someone else gets ahold of it (say, by "
1280 "stealing or cracking your computer), it's important to revoke it immediately "
1281 "before someone else uses it to read your encrypted email or forge your "
1282 "signature. This guide doesn't cover how to revoke a key, but you can follow "
1284 "href=\"https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/\">instructions</a>. "
1285 "After you're done revoking, make a new key and send an email to everyone "
1286 "with whom you usually use your key to make sure they know, including a copy "
1290 #. type: Content of: <html><body><section><div><div><div><h3>
1291 msgid "Webmail and GnuPG"
1294 #. type: Content of: <html><body><section><div><div><div><p>
1296 "When you use a web browser to access your email, you're using webmail, an "
1297 "email program stored on a distant website. Unlike webmail, your desktop "
1298 "email program runs on your own computer. Although webmail can't decrypt "
1299 "encrypted email, it will still display it in its encrypted form. If you "
1300 "primarily use webmail, you'll know to open your email client when you "
1301 "receive a scrambled email."
1304 #. type: Content of: <html><body><section><div><div><h2>
1305 msgid "<a href=\"next_steps.html\">Great job! Check out the next steps.</a>"
1308 #. type: Content of: <html><body><header><div><p>
1309 msgid "← Read the <a href=\"index.html\">full guide</a>"
1312 #. type: Content of: <html><body><header><div><h3><a>
1315 "href=\"https://fsf.org/share?u=https://u.fsf.org/zc&t=How public-key "
1316 "encryption works. Infographic via %40fsf\">"
1319 #. type: Content of: <html><body><header><div><h3>
1320 msgid " Share our infographic </a> with the hashtag #EmailSelfDefense"
1323 #. type: Attribute 'alt' of: <html><body><header><div><p><img>
1324 msgid "View & share our infographic"
1327 #. type: Content of: <html><body><header><div><ul><li>
1328 msgid "<a href=\"index.html\">GNU/Linux</a>"
1331 #. type: Content of: <html><body><header><div><ul><li>
1332 msgid "<a href=\"mac.html\" class=\"current\">Mac OS</a>"
1335 #. type: Content of: <html><body><section><div><div><p>
1337 "This guide relies on software which is <a "
1338 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
1339 "it's completely transparent and anyone can copy it or make their own "
1340 "version. This makes it safer from surveillance than proprietary software "
1341 "(like Windows or Mac OS). To defend your freedom as well as protect yourself "
1342 "from surveillance, we recommend you switch to a free software operating "
1343 "system like GNU/Linux. Learn more about free software at <a "
1344 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
1347 #. type: Content of: <html><body><section><div><div><p>
1349 "To get started, you'll need the IceDove desktop email program installed on "
1350 "your computer. For your system, IceDove may be known by the alternate name "
1351 "\"Thunderbird.\" Email programs are another way to access the same email "
1352 "accounts you can access in a browser (like Gmail), but provide extra "
1356 #. type: Content of: <html><body><section><div><div><div><h3>
1357 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPGTools"
1360 #. type: Content of: <html><body><section><div><div><div><p>
1362 "GPGTools is a software package that includes GnuPG. <a "
1363 "href=\"https://gpgtools.org/#gpgsuite\">Download</a> and install it, "
1364 "choosing default options whenever asked. After it's installed, you can close "
1365 "any windows that it creates."
1368 #. type: Content of: <html><body><section><div><div><div><p>
1370 "There are major security flaws in versions of GnuPG provided by GPGTools "
1371 "prior to 2018.3. Make sure you have GPGTools 2018.3 or later."
1374 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1375 msgid "Step 1.C: Tools -> Add-ons"
1378 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1379 msgid "Step 1.C: Search Add-ons"
1382 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1383 msgid "Step 1.C: Install Add-ons"
1386 #. type: Content of: <html><body><section><div><div><div><h3>
1387 msgid "<em>Step 1.c</em> Install the Enigmail plugin for your email program"
1390 #. type: Content of: <html><body><section><div><div><div><p>
1392 "There are major security flaws in Enigmail prior to version 2.0.7. Make sure "
1393 "you have Enigmail 2.0.7 or later."
1396 #. type: Content of: <html><body><section><div><div><div><p>
1398 "For greater security against potential attacks, you can turn off "
1399 "HTML. Instead, you can render the message body as plain text."
1402 #. type: Content of: <html><body><header><div><h1>
1406 #. type: Content of: <html><body><section><div><div><h2>
1407 msgid "<em>#6</em> Next steps"
1410 #. type: Content of: <html><body><section><div><div><p>
1412 "You've now completed the basics of email encryption with GnuPG, taking "
1413 "action against bulk surveillance. These next steps will help make the most "
1414 "of the work you've done."
1417 #. type: Content of: <html><body><section><div><div><div><h3>
1418 msgid "Join the movement"
1421 #. type: Content of: <html><body><section><div><div><div><p>
1423 "You've just taken a huge step towards protecting your privacy online. But "
1424 "each of us acting alone isn't enough. To topple bulk surveillance, we need "
1425 "to build a movement for the autonomy and freedom of all computer users. Join "
1426 "the Free Software Foundation's community to meet like-minded people and work "
1427 "together for change."
1430 #. type: Content of: <html><body><section><div><div><div><p>
1432 "<small>Read <a href=\"https://www.fsf.org/twitter\">why GNU Social and "
1433 "Mastodon are better than Twitter</a>, and <a "
1434 "href=\"http://www.fsf.org/facebook\">why we don't use Facebook</a>.</small>"
1437 #. type: Content of: <html><body><section><div><div><div><div><p>
1438 msgid "Low-volume mailing list"
1441 #. type: Content of: <html><body><section><div><div><div><div><form>
1443 "<input type=\"text\" value=\"Type your email...\" name=\"email-Primary\" "
1444 "id=\"frmEmail\" /> <input type=\"submit\" value=\"Add me\" "
1445 "name=\"_qf_Edit_next\" /> <input type=\"hidden\" "
1446 "value=\"https://emailselfdefense.fsf.org/en/confirmation.html\" "
1447 "name=\"postURL\" /> <input type=\"hidden\" value=\"1\" name=\"group[25]\" /> "
1448 "<input type=\"hidden\" "
1449 "value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=391\" "
1450 "name=\"cancelURL\" /> <input type=\"hidden\" value=\"Edit:cancel\" "
1451 "name=\"_qf_default\" />"
1454 #. type: Content of: <html><body><section><div><div><div><div><p>
1456 "<small>Read our <a "
1457 "href=\"https://my.fsf.org/donate/privacypolicy.html\">privacy "
1458 "policy</a>.</small>"
1461 #. type: Content of: <html><body><section><div><div><div><h3>
1462 msgid "Bring Email Self-Defense to new people"
1465 #. type: Content of: <html><body><section><div><div><div><p>
1467 "Understanding and setting up email encryption is a daunting task for "
1468 "many. To welcome them, make it easy to find your public key and offer to "
1469 "help with encryption. Here are some suggestions:"
1472 #. type: Content of: <html><body><section><div><div><div><ul><li>
1474 "Lead an Email Self-Defense workshop for your friends and community, using "
1475 "our <a href=\"workshops.html\">teaching guide</a>."
1478 #. type: Content of: <html><body><section><div><div><div><ul><li>
1480 "Use <a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Encrypt "
1481 "with me using Email Self-Defense %40fsf\">our sharing page</a> to compose a "
1482 "message to a few friends and ask them to join you in using encrypted "
1483 "email. Remember to include your GnuPG public key fingerprint so they can "
1484 "easily download your key."
1487 #. type: Content of: <html><body><section><div><div><div><ul><li>
1489 "Add your public key fingerprint anywhere that you normally display your "
1490 "email address. Some good places are: your email signature (the text kind, "
1491 "not the cryptographic kind), social media profiles, blogs, Websites, or "
1492 "business cards. At the Free Software Foundation, we put ours on our <a "
1493 "href=\"https://fsf.org/about/staff\">staff page</a>."
1496 #. type: Content of: <html><body><section><div><div><div><h3>
1497 msgid "Protect more of your digital life"
1500 #. type: Content of: <html><body><section><div><div><div><p>
1502 "Learn surveillance-resistant technologies for instant messages, hard drive "
1503 "storage, online sharing, and more at <a "
1504 "href=\"https://directory.fsf.org/wiki/Collection:Privacy_pack\"> the Free "
1505 "Software Directory's Privacy Pack</a> and <a "
1506 "href=\"https://prism-break.org\">prism-break.org</a>."
1509 #. type: Content of: <html><body><section><div><div><div><p>
1511 "If you are using Windows, Mac OS or any other proprietary operating system, "
1512 "we recommend you switch to a free software operating system like "
1513 "GNU/Linux. This will make it much harder for attackers to enter your "
1514 "computer through hidden back doors. Check out the Free Software Foundation's "
1515 "<a href=\"http://www.gnu.org/distros/free-distros.html\">endorsed versions "
1519 #. type: Content of: <html><body><section><div><div><div><h3>
1520 msgid "Optional: Add more email protection with Tor"
1523 #. type: Content of: <html><body><section><div><div><div><p>
1525 "<a href=\"https://www.torproject.org/about/overview.html.en\">The Onion "
1526 "Router (Tor) network</a> wraps Internet communication in multiple layers of "
1527 "encryption and bounces it around the world several times. When used "
1528 "properly, Tor confuses surveillance field agents and the global surveillance "
1529 "apparatus alike. Using it simultaneously with GnuPG's encryption will give "
1530 "you the best results."
1533 #. type: Content of: <html><body><section><div><div><div><p>
1535 "To have your email program send and receive email over Tor, install the <a "
1536 "href=\"https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/\">Torbirdy "
1537 "plugin</a> the same way you installed Enigmail, by searching for it through "
1541 #. type: Content of: <html><body><section><div><div><div><p>
1543 "Before beginning to check your email over Tor, make sure you understand <a "
1544 "href=\"https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide\"> "
1545 "the security tradeoffs involved</a>. This <a "
1546 "href=\"https://www.eff.org/pages/tor-and-https\">infographic</a> from our "
1547 "friends at the Electronic Frontier Foundation demonstrates how Tor keeps you "
1551 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1552 msgid "Section 6: Next Steps"
1555 #. type: Content of: <html><body><section><div><div><div><p>
1556 msgid "← <a href=\"index.html\">Return to the guide</a>"
1559 #. type: Content of: <html><body><section><div><div><div><h3>
1560 msgid "Make Email Self-Defense tools even better"
1563 #. type: Content of: <html><body><section><div><div><div><p>
1565 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Leave "
1566 "feedback and suggest improvements to this guide</a>. We welcome "
1567 "translations, but we ask that you contact us at <a "
1568 "href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a> before you start, so "
1569 "that we can connect you with other translators working in your language."
1572 #. type: Content of: <html><body><section><div><div><div><p>
1574 "If you like programming, you can contribute code to <a "
1575 "href=\"https://www.gnupg.org/\">GnuPG</a> or <a "
1576 "href=\"https://www.enigmail.net/home/index.php\">Enigmail</a>."
1579 #. type: Content of: <html><body><section><div><div><div><p>
1581 "To go the extra mile, support the Free Software Foundation so we can keep "
1582 "improving Email Self-Defense, and make more tools like it."
1585 #. type: Content of: <html><body><header><div><ul><li>
1586 msgid "<a href=\"windows.html\" class=\"current\">Windows</a>"
1589 #. type: Content of: <html><body><section><div><div><div><h3>
1590 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPG4Win"
1593 #. type: Content of: <html><body><section><div><div><div><p>
1595 "GPG4Win is a software package that includes GnuPG. <a "
1596 "href=\"https://www.gpg4win.org/\">Download</a> and install it, choosing "
1597 "default options whenever asked. After it's installed, you can close any "
1598 "windows that it creates."
1601 #. type: Content of: <html><body><section><div><div><div><p>
1603 "There are major security flaws in versions of GnuPG provided by GPG4Win "
1604 "prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later."
1607 #. type: Content of: <html><body><header><div><ul><li>
1608 msgid "<a href=\"workshops.html\" class=\"current\">Teach your friends</a>"
1611 #. type: Content of: <html><body><header><div><ul><li><a>
1613 "<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email "
1614 "encryption for everyone via %40fsf\">Share "
1617 #. type: Content of: <html><body><header><div><div><div><p>
1619 "We want to translate this guide into more languages, and make a version for "
1620 "encryption on mobile devices. Please donate, and help people around the "
1621 "world take the first step towards protecting their privacy with free "
1625 #. type: Content of: <html><body><header><div><div><p><a>
1627 "<a id=\"infographic\" "
1628 "href=\"https://emailselfdefense.fsf.org/en/infographic.html\">"
1631 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
1632 msgid "View & share our infographic →"
1635 #. type: Content of: <html><body><header><div><div><p>
1637 "</a> Understanding and setting up email encryption sounds like a daunting "
1638 "task to many people. That's why helping your friends with GnuPG plays such "
1639 "an important role in helping spread encryption. Even if only one person "
1640 "shows up, that's still one more person using encryption who wasn't "
1641 "before. You have the power to help your friends keep their digital love "
1642 "letters private, and teach them about the importance of free software. If "
1643 "you use GnuPG to send and receive encrypted email, you're a perfect "
1644 "candidate for leading a workshop!"
1647 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
1648 msgid "A small workshop among friends"
1651 #. type: Content of: <html><body><section><div><div><h2>
1652 msgid "<em>#1</em> Get your friends or community interested"
1655 #. type: Content of: <html><body><section><div><div><p>
1657 "If you hear friends grumbling about their lack of privacy, ask them if "
1658 "they're interested in attending a workshop on Email Self-Defense. If your "
1659 "friends don't grumble about privacy, they may need some convincing. You "
1660 "might even hear the classic \"if you've got nothing to hide, you've got "
1661 "nothing to fear\" argument against using encryption."
1664 #. type: Content of: <html><body><section><div><div><p>
1666 "Here are some talking points you can use to help explain why it's worth it "
1667 "to learn GnuPG. Mix and match whichever you think will make sense to your "
1671 #. type: Content of: <html><body><section><div><div><div><h3>
1672 msgid "Strength in numbers"
1675 #. type: Content of: <html><body><section><div><div><div><p>
1677 "Each person who chooses to resist mass surveillance with encryption makes it "
1678 "easier for others to resist as well. People normalizing the use of strong "
1679 "encryption has multiple powerful effects: it means those who need privacy "
1680 "the most, like potential whistle-blowers and activists, are more likely to "
1681 "learn about encryption. More people using encryption for more things also "
1682 "makes it harder for surveillance systems to single out those that can't "
1683 "afford to be found, and shows solidarity with those people."
1686 #. type: Content of: <html><body><section><div><div><div><h3>
1687 msgid "People you respect may already be using encryption"
1690 #. type: Content of: <html><body><section><div><div><div><p>
1692 "Many journalists, whistleblowers, activists, and researchers use GnuPG, so "
1693 "your friends might unknowingly have heard of a few people who use it "
1694 "already. You can search for \"BEGIN PUBLIC KEY BLOCK\" + keyword to help "
1695 "make a list of people and organizations who use GnuPG whom your community "
1696 "will likely recognize."
1699 #. type: Content of: <html><body><section><div><div><div><h3>
1700 msgid "Respect your friends' privacy"
1703 #. type: Content of: <html><body><section><div><div><div><p>
1705 "There's no objective way to judge what constitutes privacy-sensitive "
1706 "correspondence. As such, it's better not to presume that just because you "
1707 "find an email you sent to a friend innocuous, your friend (or a surveillance "
1708 "agent, for that matter!) feels the same way. Show your friends respect by "
1709 "encrypting your correspondence with them."
1712 #. type: Content of: <html><body><section><div><div><div><h3>
1713 msgid "Privacy technology is normal in the physical world"
1716 #. type: Content of: <html><body><section><div><div><div><p>
1718 "In the physical realm, we take window blinds, envelopes, and closed doors "
1719 "for granted as ways of protecting our privacy. Why should the digital realm "
1723 #. type: Content of: <html><body><section><div><div><div><h3>
1724 msgid "We shouldn't have to trust our email providers with our privacy"
1727 #. type: Content of: <html><body><section><div><div><div><p>
1729 "Some email providers are very trustworthy, but many have incentives not to "
1730 "protect your privacy and security. To be empowered digital citizens, we need "
1731 "to build our own security from the bottom up."
1734 #. type: Content of: <html><body><section><div><div><h2>
1735 msgid "<em>#2</em> Plan The Workshop"
1738 #. type: Content of: <html><body><section><div><div><p>
1740 "Once you've got at least one interested friend, pick a date and start "
1741 "planning out the workshop. Tell participants to bring their computer and ID "
1742 "(for signing each other's keys). If you'd like to make it easy for the "
1743 "participants to use Diceware for choosing passwords, get a pack of dice "
1744 "beforehand. Make sure the location you select has an easily accessible "
1745 "Internet connection, and make backup plans in case the connection stops "
1746 "working on the day of the workshop. Libraries, coffee shops, and community "
1747 "centers make great locations. Try to get all the participants to set up an "
1748 "Enigmail-compatible email client before the event. Direct them to their "
1749 "email provider's IT department or help page if they run into errors."
1752 #. type: Content of: <html><body><section><div><div><p>
1754 "Estimate that the workshop will take at least forty minutes plus ten minutes "
1755 "for each participant. Plan extra time for questions and technical glitches."
1758 #. type: Content of: <html><body><section><div><div><p>
1760 "The success of the workshop requires understanding and catering to the "
1761 "unique backgrounds and needs of each group of participants. Workshops should "
1762 "stay small, so that each participant receives more individualized "
1763 "instruction. If more than a handful of people want to participate, keep the "
1764 "facilitator to participant ratio high by recruiting more facilitators, or by "
1765 "facilitating multiple workshops. Small workshops among friends work great!"
1768 #. type: Content of: <html><body><section><div><div><h2>
1769 msgid "<em>#3</em> Follow the guide as a group"
1772 #. type: Content of: <html><body><section><div><div><p>
1774 "Work through the Email Self-Defense guide a step at a time as a group. Talk "
1775 "about the steps in detail, but make sure not to overload the participants "
1776 "with minutia. Pitch the bulk of your instructions to the least tech-savvy "
1777 "participants. Make sure all the participants complete each step before the "
1778 "group moves on to the next one. Consider facilitating secondary workshops "
1779 "afterwards for people that had trouble grasping the concepts, or those that "
1780 "grasped them quickly and want to learn more."
1783 #. type: Content of: <html><body><section><div><div><p>
1785 "In <a href=\"index.html#section2\">Section 2</a> of the guide, make sure the "
1786 "participants upload their keys to the same keyserver so that they can "
1787 "immediately download each other's keys later (sometimes there is a delay in "
1788 "synchronization between keyservers). During <a "
1789 "href=\"index.html#section3\">Section 3</a>, give the participants the option "
1790 "to send test messages to each other instead of or as well as "
1791 "Edward. Similarly, in <a href=\"index.html#section4\">Section 4</a>, "
1792 "encourage the participants to sign each other's keys. At the end, make sure "
1793 "to remind people to safely back up their revocation certificates."
1796 #. type: Content of: <html><body><section><div><div><h2>
1797 msgid "<em>#4</em> Explain the pitfalls"
1800 #. type: Content of: <html><body><section><div><div><p>
1802 "Remind participants that encryption works only when it's explicitly used; "
1803 "they won't be able to send an encrypted email to someone who hasn't already "
1804 "set up encryption. Also remind participants to double-check the encryption "
1805 "icon before hitting send, and that subjects and timestamps are never "
1809 #. type: Content of: <html><body><section><div><div><p>
1812 "href=\"https://www.gnu.org/proprietary/proprietary.html\">dangers of running "
1813 "a proprietary system</a> and advocate for free software, because without it, "
1815 "href=\"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance\">meaningfully "
1816 "resist invasions of our digital privacy and autonomy</a>."
1819 #. type: Content of: <html><body><section><div><div><h2>
1820 msgid "<em>#5</em> Share additional resources"
1823 #. type: Content of: <html><body><section><div><div><p>
1825 "GnuPG's advanced options are far too complex to teach in a single "
1826 "workshop. If participants want to know more, point out the advanced "
1827 "subsections in the guide and consider organizing another workshop. You can "
1829 "href=\"https://www.gnupg.org/documentation/index.html\">GnuPG's</a> and <a "
1830 "href=\"https://www.enigmail.net/index.php/documentation\">Enigmail's</a> "
1831 "official documentation and mailing lists. Many GNU/Linux distribution's Web "
1832 "sites also contain a page explaining some of GnuPG's advanced features."
1835 #. type: Content of: <html><body><section><div><div><h2>
1836 msgid "<em>#6</em> Follow up"
1839 #. type: Content of: <html><body><section><div><div><p>
1841 "Make sure everyone has shared email addresses and public key fingerprints "
1842 "before they leave. Encourage the participants to continue to gain GnuPG "
1843 "experience by emailing each other. Send them each an encrypted email one "
1844 "week after the event, reminding them to try adding their public key ID to "
1845 "places where they publicly list their email address."
1848 #. type: Content of: <html><body><section><div><div><p>
1850 "If you have any suggestions for improving this workshop guide, please let us "
1851 "know at <a href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a>."
1853 # SOME DESCRIPTIVE TITLE
1854 # Copyright (C) YEAR Free Software Foundation, Inc.
1855 # This file is distributed under the same license as the PACKAGE package.
1856 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
1860 "Project-Id-Version: emailselfdefense 4.0\n"
1861 "POT-Creation-Date: 2020-06-25 17:51+0200\n"
1862 "PO-Revision-Date: 2020-12-14 23:22+0200\n"
1863 "Last-Translator: Andrew V. Isakov <andrij.isakov@gmail.com>\n"
1866 "MIME-Version: 1.0\n"
1867 "Content-Type: text/plain; charset=UTF-8\n"
1868 "Content-Transfer-Encoding: 8bit\n"
1870 #. type: Attribute 'lang' of: <html>
1874 #. type: Attribute 'content' of: <html><head><meta>
1875 msgid "text/html; charset=utf-8"
1876 msgstr "text/html; charset=utf-8"
1878 #. type: Content of: <html><head><title>
1879 msgid "Email Self-Defense - a guide to fighting surveillance with GnuPG encryption"
1880 msgstr "E-mail самозахист - довідник боротьби проти налгяду з допомогою GnuPG шифрування"
1882 #. type: Attribute 'content' of: <html><head><meta>
1883 msgid "GnuPG, GPG, openpgp, surveillance, privacy, email, Enigmail"
1886 # може краще "свободу самовираження"?
1887 #. type: Attribute 'content' of: <html><head><meta>
1889 "Email surveillance violates our fundamental rights and makes free speech "
1890 "risky. This guide will teach you email self-defense in 40 minutes with "
1892 msgstr "E-mail нагляд порушує наші найфундаментальніші права та робить свободу слова ризикованою. Цей довідник навчить вас e-mail самозахисту всього за 40 хвилин з GnuPG."
1894 #. type: Attribute 'content' of: <html><head><meta>
1895 msgid "width=device-width, initial-scale=1"
1896 msgstr "width=device-width, initial-scale=1"
1898 #. type: Content of: <html><body><header><div><p>
1900 "<strong>Please check your email for a confirmation link now. Thanks for "
1901 "joining our list!</strong>"
1902 msgstr "<strong>Будь ласка перевірте чи прийшло на вашу електронну пошту посилання з підтвердженням. Щиро дякуємо, що долучаєтесь до розсилки!</strong>"
1904 #. type: Content of: <html><body><header><div><p>
1906 "If you don't receive the confirmation link, send us an email at info@fsf.org "
1907 "to be added manually."
1908 msgstr "Якщо ви не отримаєте посилання з підтвердженням, надішліть нам листа на info@fsf.org аби ми вас додали вручну."
1910 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1914 #. type: Content of: <html><body><header><div><p>
1915 msgid "Join us on microblogging services for day-to-day updates:"
1916 msgstr "Приєднуйтесь до нас на сервісах мікроблоггінгу для щоденних оновлень:"
1918 #. type: Content of: <html><body><section><div><div><div><p><a>
1919 msgid "<a href=\"https://status.fsf.org/fsf\">"
1920 msgstr "<a href=\"https://status.fsf.org/fsf\">"
1922 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
1923 msgid "[GNU Social]"
1924 msgstr "[GNU Social]"
1926 #. type: Content of: <html><body><section><div><div><div><p><a>
1927 msgid " GNU Social</a> | <a href=\"https://hostux.social/@fsf\">"
1928 msgstr " GNU Social</a> | <a href=\"https://hostux.social/@fsf\">"
1930 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
1934 #. type: Content of: <html><body><section><div><div><div><p>
1936 " Mastodon</a> | <a "
1937 "href=\"https://www.twitter.com/fsf\">Twitter</a>"
1938 msgstr " Mastodon</a> | <a href=\"https://www.twitter.com/fsf\">Twitter</a>"
1940 #. type: Content of: <html><body><header><div><p>
1942 "<small><a href=\"https://www.fsf.org/twitter\">Read why GNU Social and "
1943 "Mastodon are better than Twitter.</a></small>"
1944 msgstr "<small><a href=\"https://www.fsf.org/twitter\">Читайте чому GNU Social and Mastodon кращі за Twitter.</a></small>"
1946 #. type: Content of: <html><body><header><div><p>
1947 msgid "← Return to <a href=\"index.html\">Email Self-Defense</a>"
1948 msgstr "← Повернутися на <a href=\"index.html\">E-mail самозахист</a>"
1950 #. type: Content of: <html><body><footer><div><div><h4><a>
1951 msgid "<a href=\"https://u.fsf.org/ys\">"
1952 msgstr "<a href=\"https://u.fsf.org/ys\">"
1954 #. type: Attribute 'alt' of: <html><body><footer><div><div><h4><a><img>
1955 msgid "Free Software Foundation"
1956 msgstr "Free Software Foundation"
1958 #. type: Content of: <html><body><footer><div><p>
1962 #. type: Content of: <html><body><footer><div><div><p>
1964 "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software "
1965 "Foundation</a>, Inc. <a "
1966 "href=\"https://my.fsf.org/donate/privacypolicy.html\">Privacy "
1967 "Policy</a>. Please support our work by <a "
1968 "href=\"https://u.fsf.org/yr\">joining us as an associate member.</a>"
1969 msgstr "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software Foundation</a>, Inc. <a href=\"https://my.fsf.org/donate/privacypolicy.html\">Політика конфіденційності</a>. Будь ласка підтримайте нашу роботу, <a href=\"https://u.fsf.org/yr\">долучаючись до нас як асоційований партнер.</a>"
1971 #. type: Content of: <html><body><footer><div><div><p>
1973 "The images on this page are under a <a "
1974 "href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons "
1975 "Attribution 4.0 license (or later version)</a>, and the rest of it is under "
1976 "a <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative "
1977 "Commons Attribution-ShareAlike 4.0 license (or later version)</a>. Download "
1979 "href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> "
1980 "source code of Edward reply bot</a> by Andrew Engelbrecht "
1981 "<andrew@engelbrecht.io> and Josh Drake <zamnedix@gnu.org>, "
1982 "available under the GNU Affero General Public License. <a "
1983 "href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Why "
1984 "these licenses?</a>"
1985 msgstr "Зображення на цій сторінці ліцензуються <a href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons Attribution 4.0 ліцензією (чи пізнішою версією)</a>, всі інші елементи ліцензуються <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative Commons Attribution-ShareAlike 4.0 ліцензією (чи пізнішою версією)</a>. Завантажити <a href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> вихідний код Едварда, бота-відповідача,</a> створеного Андрієм Енгельбрехтом (Andrew Engelbrecht) <andrew@engelbrecht.io> та Джошем Дрейком (Josh Drake) <zamnedix@gnu.org>, доступним за ліцензією GNU Affero General Public License. <a href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Чому ці ліцензії?</a>"
1987 #. type: Content of: <html><body><footer><div><div><p>
1989 "Fonts used in the guide & infographic: <a "
1990 "href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo "
1992 "href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna "
1994 "href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo "
1995 "Narrow</a> by Omnibus-Type, <a "
1996 "href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> "
1997 "by Florian Cramer."
1998 msgstr "Шрифти використані в цьому довіднику & інфографіка: <a href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo Impallari, <a href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna Giedryś, <a href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo Narrow</a> by Omnibus-Type, <a href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> by Florian Cramer."
2000 #. type: Content of: <html><body><footer><div><div><p>
2002 "Download the <a href=\"emailselfdefense_source.zip\">source package</a> for "
2003 "this guide, including fonts, image source files and the text of Edward's "
2005 msgstr "Завантажити <a href=\"emailselfdefense_source.zip\">архів з вихідним кодом</a> для цього довідника, включно з шрифтами, вихідними зображеннями та текстом повідомлень Едварда."
2007 #. type: Content of: <html><body><footer><div><div><p>
2009 "This site uses the Weblabels standard for labeling <a "
2010 "href=\"https://www.fsf.org/campaigns/freejs\">free JavaScript</a>. View the "
2011 "JavaScript <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" "
2012 "rel=\"jslicense\">source code and license information</a>."
2013 msgstr "Цей сайт використовує Weblabels стандарт для маркування <a href=\"https://www.fsf.org/campaigns/freejs\">вільного JavaScript</a>. Переглянути вихідний код та інформацію про ліцензування <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" rel=\"jslicense\">JavaScript</a>."
2015 #. type: Content of: <html><body><footer><div><p><a>
2017 "Infographic and guide design by <a rel=\"external\" "
2018 "href=\"http://jplusplus.org\"><strong>Journalism++</strong>"
2021 #. type: Attribute 'alt' of: <html><body><footer><div><p><a><img>
2022 msgid "Journalism++"
2025 #. type: Content of: <html><body><header><div><h1>
2026 msgid "Email Self-Defense"
2029 #. type: Content of: <html><body><header><div><ul><li>
2030 msgid "<a class=\"current\" href=\"/en\">English - v4.0</a>"
2033 #. type: Content of: <html><body><header><div><ul><li>
2034 msgid "<a href=\"/ar\">العربية <span class=\"tip\">tip</span></a>"
2037 #. type: Content of: <html><body><header><div><ul><li>
2038 msgid "<a href=\"/cs\">čeština - v4.0</a>"
2041 #. type: Content of: <html><body><header><div><ul><li>
2042 msgid "<a href=\"/de\">Deutsch - v4.0</a>"
2045 #. type: Content of: <html><body><header><div><ul><li>
2046 msgid "<a href=\"/el\">ελληνικά - v3.0</a>"
2049 #. type: Content of: <html><body><header><div><ul><li>
2050 msgid "<a href=\"/es\">español - v4.0</a>"
2053 #. type: Content of: <html><body><header><div><ul><li>
2054 msgid "<a href=\"/fa\">فارسی - v4.0</a>"
2057 #. type: Content of: <html><body><header><div><ul><li>
2058 msgid "<a href=\"/fr\">français - v4.0</a>"
2061 #. type: Content of: <html><body><header><div><ul><li>
2062 msgid "<a href=\"/it\">italiano - v3.0</a>"
2065 #. type: Content of: <html><body><header><div><ul><li>
2066 msgid "<a href=\"/ja\">日本語 - v4.0</a>"
2069 #. type: Content of: <html><body><header><div><ul><li>
2070 msgid "<a href=\"/ko\">한국어 <span class=\"tip\">tip</span></a>"
2073 #. type: Content of: <html><body><header><div><ul><li>
2074 msgid "<a href=\"/ml\">മലയാളം <span class=\"tip\">tip</span></a>"
2077 #. type: Content of: <html><body><header><div><ul><li>
2078 msgid "<a href=\"/pt-br\">português do Brasil - v3.0</a>"
2081 #. type: Content of: <html><body><header><div><ul><li>
2082 msgid "<a href=\"/ro\">română - v3.0</a>"
2085 #. type: Content of: <html><body><header><div><ul><li>
2086 msgid "<a href=\"/ru\">русский - v4.0</a>"
2089 #. type: Content of: <html><body><header><div><ul><li>
2090 msgid "<a href=\"/sq\">Shqip - v4.0</a>"
2093 #. type: Content of: <html><body><header><div><ul><li>
2094 msgid "<a href=\"/sv\">svenska - v4.0</a>"
2097 #. type: Content of: <html><body><header><div><ul><li>
2098 msgid "<a href=\"/tr\">Türkçe - v4.0</a>"
2101 #. type: Content of: <html><body><header><div><ul><li>
2102 msgid "<a href=\"/zh-hans\">简体中文 - v4.0</a>"
2105 #. type: Content of: <html><body><header><div><ul><li>
2107 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Translation_Guide\"> "
2108 "<strong><span style=\"color: #2F5FAA;\">Translate!</span></strong></a>"
2111 #. type: Content of: <html><body><header><div><ul><li>
2112 msgid "<a href=\"index.html\" class=\"current\">GNU/Linux</a>"
2115 #. type: Content of: <html><body><header><div><ul><li>
2116 msgid "<a href=\"mac.html\">Mac OS</a>"
2119 #. type: Content of: <html><body><header><div><ul><li>
2120 msgid "<a href=\"windows.html\">Windows</a>"
2123 #. type: Content of: <html><body><header><div><ul><li>
2124 msgid "<a href=\"workshops.html\">Teach your friends</a>"
2127 #. type: Content of: <html><body><header><div><ul><li><a>
2129 "<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email "
2130 "encryption for everyone via %40fsf\"> Share "
2133 #. type: Content of: <html><body><header><div><ul><li><a>
2137 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
2141 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
2142 msgid "[Hacker News]"
2145 #. type: Content of: <html><body><header><div><div><h3><a>
2146 msgid "<a href=\"http://u.fsf.org/ys\">"
2149 #. type: Content of: <html><body><header><div><div><div><p>
2151 "We fight for computer users' rights, and promote the development of free (as "
2152 "in freedom) software. Resisting bulk surveillance is very important to us."
2155 #. type: Content of: <html><body><header><div><div><div><p>
2157 "<strong>Please donate to support Email Self-Defense. We need to keep "
2158 "improving it, and making more materials, for the benefit of people around "
2159 "the world taking the first step towards protecting their privacy.</strong>"
2162 #. type: Content of: <html><body><header><div><div><p><a>
2165 "href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate\">"
2168 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
2172 #. type: Content of: <html><body><header><div><div><p><a>
2173 msgid "<a id=\"infographic\" href=\"infographic.html\">"
2176 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
2177 msgid "View & share our infographic →"
2180 #. type: Content of: <html><body><header><div><div><p>
2182 "</a> Bulk surveillance violates our fundamental rights and makes free speech "
2183 "risky. This guide will teach you a basic surveillance self-defense skill: "
2184 "email encryption. Once you've finished, you'll be able to send and receive "
2185 "emails that are scrambled to make sure a surveillance agent or thief "
2186 "intercepting your email can't read them. All you need is a computer with an "
2187 "Internet connection, an email account, and about forty minutes."
2190 #. type: Content of: <html><body><header><div><div><p>
2192 "Even if you have nothing to hide, using encryption helps protect the privacy "
2193 "of people you communicate with, and makes life difficult for bulk "
2194 "surveillance systems. If you do have something important to hide, you're in "
2195 "good company; these are the same tools that whistleblowers use to protect "
2196 "their identities while shining light on human rights abuses, corruption and "
2200 #. type: Content of: <html><body><header><div><div><p>
2202 "In addition to using encryption, standing up to surveillance requires "
2203 "fighting politically for a <a "
2204 "href=\"http://gnu.org/philosophy/surveillance-vs-democracy.html\">reduction "
2205 "in the amount of data collected on us</a>, but the essential first step is "
2206 "to protect yourself and make surveillance of your communication as difficult "
2207 "as possible. This guide helps you do that. It is designed for beginners, but "
2208 "if you already know the basics of GnuPG or are an experienced free software "
2209 "user, you'll enjoy the advanced tips and the <a "
2210 "href=\"workshops.html\">guide to teaching your friends</a>."
2213 #. type: Content of: <html><body><section><div><div><h2>
2214 msgid "<em>#1</em> Get the pieces"
2217 #. type: Content of: <html><body><section><div><div><p>
2219 "This guide relies on software which is <a "
2220 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
2221 "it's completely transparent and anyone can copy it or make their own "
2222 "version. This makes it safer from surveillance than proprietary software "
2223 "(like Windows). Learn more about free software at <a "
2224 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
2227 #. type: Content of: <html><body><section><div><div><p>
2229 "Most GNU/Linux operating systems come with GnuPG installed on them, so you "
2230 "don't have to download it. Before configuring GnuPG though, you'll need the "
2231 "IceDove desktop email program installed on your computer. Most GNU/Linux "
2232 "distributions have IceDove installed already, though it may be under the "
2233 "alternate name \"Thunderbird.\" Email programs are another way to access the "
2234 "same email accounts you can access in a browser (like Gmail), but provide "
2238 #. type: Content of: <html><body><section><div><div><p>
2240 "If you already have an email program, you can skip to <a "
2241 "href=\"#step-1b\">Step 1.b</a>."
2244 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
2245 msgid "Step 1.A: Install Wizard"
2248 #. type: Content of: <html><body><section><div><div><div><h3>
2249 msgid "<em>Step 1.a</em> Set up your email program with your email account"
2252 #. type: Content of: <html><body><section><div><div><div><p>
2254 "Open your email program and follow the wizard (step-by-step walkthrough) "
2255 "that sets it up with your email account."
2258 #. type: Content of: <html><body><section><div><div><div><p>
2260 "Look for the letters SSL, TLS, or STARTTLS to the right of the servers when "
2261 "you're setting up your account. If you don't see them, you will still be "
2262 "able to use encryption, but this means that the people running your email "
2263 "system are running behind the industry standard in protecting your security "
2264 "and privacy. We recommend that you send them a friendly email asking them to "
2265 "enable SSL, TLS, or STARTTLS for your email server. They will know what "
2266 "you're talking about, so it's worth making the request even if you aren't an "
2267 "expert on these security systems."
2270 #. type: Content of: <html><body><section><div><div><div><div><h4>
2271 msgid "Troubleshooting"
2274 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2275 msgid "The wizard doesn't launch"
2278 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2280 "You can launch the wizard yourself, but the menu option for doing so is "
2281 "named differently in each email program. The button to launch it will be in "
2282 "the program's main menu, under \"New\" or something similar, titled "
2283 "something like \"Add account\" or \"New/Existing email account.\""
2286 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2287 msgid "The wizard can't find my account or isn't downloading my mail"
2290 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2292 "Before searching the Web, we recommend you start by asking other people who "
2293 "use your email system, to figure out the correct settings."
2296 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2297 msgid "Don't see a solution to your problem?"
2300 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2302 "Please let us know on the <a "
2303 "href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">feedback "
2307 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
2308 msgid "Step 1.B: Tools -> Add-ons"
2311 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
2312 msgid "Step 1.B: Search Add-ons"
2315 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
2316 msgid "Step 1.B: Install Add-ons"
2319 #. type: Content of: <html><body><section><div><div><div><h3>
2320 msgid "<em>Step 1.b</em> Install the Enigmail plugin for your email program"
2323 #. type: Content of: <html><body><section><div><div><div><p>
2325 "In your email program's menu, select Add-ons (it may be in the Tools "
2326 "section). Make sure Extensions is selected on the left. Do you see Enigmail? "
2327 "Make sure it's the latest version. If so, skip this step."
2330 #. type: Content of: <html><body><section><div><div><div><p>
2332 "If not, search \"Enigmail\" with the search bar in the upper right. You can "
2333 "take it from here. Restart your email program when you're done."
2336 #. type: Content of: <html><body><section><div><div><div><p>
2338 "There are major security flaws in versions of GnuPG prior to 2.2.8, and "
2339 "Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, "
2340 "or later versions."
2343 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2344 msgid "I can't find the menu."
2347 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2349 "In many new email programs, the main menu is represented by an image of "
2350 "three stacked horizontal bars."
2353 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2354 msgid "My email looks weird"
2357 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2359 "Enigmail doesn't tend to play nice with HTML, which is used to format "
2360 "emails, so it may disable your HTML formatting automatically. To send an "
2361 "HTML-formatted email without encryption or a signature, hold down the Shift "
2362 "key when you select compose. You can then write an email as if Enigmail "
2366 #. type: Content of: <html><body><section><div><div><h2>
2367 msgid "<em>#2</em> Make your keys"
2370 #. type: Content of: <html><body><section><div><div><p>
2372 "To use the GnuPG system, you'll need a public key and a private key (known "
2373 "together as a keypair). Each is a long string of randomly generated numbers "
2374 "and letters that are unique to you. Your public and private keys are linked "
2375 "together by a special mathematical function."
2378 #. type: Content of: <html><body><section><div><div><p>
2380 "Your public key isn't like a physical key, because it's stored in the open "
2381 "in an online directory called a keyserver. People download it and use it, "
2382 "along with GnuPG, to encrypt emails they send to you. You can think of the "
2383 "keyserver as a phonebook; people who want to send you encrypted email can "
2384 "look up your public key."
2387 #. type: Content of: <html><body><section><div><div><p>
2389 "Your private key is more like a physical key, because you keep it to "
2390 "yourself (on your computer). You use GnuPG and your private key together to "
2391 "descramble encrypted emails other people send to you. <span "
2392 "style=\"font-weight: bold;\">You should never share your private key with "
2393 "anyone, under any circumstances.</span>"
2396 #. type: Content of: <html><body><section><div><div><p>
2398 "In addition to encryption and decryption, you can also use these keys to "
2399 "sign messages and check the authenticity of other people's signatures. We'll "
2400 "discuss this more in the next section."
2403 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
2404 msgid "Step 2.A: Make a Keypair"
2407 #. type: Content of: <html><body><section><div><div><div><h3>
2408 msgid "<em>Step 2.a</em> Make a keypair"
2411 #. type: Content of: <html><body><section><div><div><div><p>
2413 "The Enigmail Setup wizard may start automatically. If it doesn't, select "
2414 "Enigmail → Setup Wizard from your email program's menu. You don't need "
2415 "to read the text in the window that pops up unless you'd like to, but it's "
2416 "good to read the text on the later screens of the wizard. Click Next with "
2417 "the default options selected, except in these instances, which are listed in "
2418 "the order they appear:"
2421 #. type: Content of: <html><body><section><div><div><div><ul><li>
2423 "On the screen titled \"Encryption,\" select \"Encrypt all of my messages by "
2424 "default, because privacy is critical to me.\""
2427 #. type: Content of: <html><body><section><div><div><div><ul><li>
2429 "On the screen titled \"Signing,\" select \"Don't sign my messages by "
2433 #. type: Content of: <html><body><section><div><div><div><ul><li>
2435 "On the screen titled \"Key Selection,\" select \"I want to create a new key "
2436 "pair for signing and encrypting my email.\""
2439 #. type: Content of: <html><body><section><div><div><div><ul><li>
2441 "On the screen titled \"Create Key,\" pick a strong password! You can do it "
2442 "manually, or you can use the Diceware method. Doing it manually is faster "
2443 "but not as secure. Using Diceware takes longer and requires dice, but "
2444 "creates a password that is much harder for attackers to figure out. To use "
2445 "it, read the section \"Make a secure passphrase with Diceware\" in <a "
2446 "href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\"> "
2447 "this article</a> by Micah Lee."
2450 #. type: Content of: <html><body><section><div><div><div><p>
2452 "If you'd like to pick a password manually, come up with something you can "
2453 "remember which is at least twelve characters long, and includes at least one "
2454 "lower case and upper case letter and at least one number or punctuation "
2455 "symbol. Never pick a password you've used elsewhere. Don't use any "
2456 "recognizable patterns, such as birthdays, telephone numbers, pets' names, "
2457 "song lyrics, quotes from books, and so on."
2460 #. type: Content of: <html><body><section><div><div><div><p>
2462 "The program will take a little while to finish the next step, the \"Key "
2463 "Creation\" screen. While you wait, do something else with your computer, "
2464 "like watching a movie or browsing the Web. The more you use the computer at "
2465 "this point, the faster the key creation will go."
2468 #. type: Content of: <html><body><section><div><div><div><p>
2470 "<span style=\"font-weight: bold;\">When the \"Key Generation Completed\" "
2471 "screen pops up, select Generate Certificate and choose to save it in a safe "
2472 "place on your computer (we recommend making a folder called \"Revocation "
2473 "Certificate\" in your home folder and keeping it there). This step is "
2474 "essential for your email self-defense, as you'll learn more about in <a "
2475 "href=\"#section5\">Section 5</a>.</span>"
2478 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2479 msgid "I can't find the Enigmail menu."
2482 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2484 "In many new email programs, the main menu is represented by an image of "
2485 "three stacked horizontal bars. Enigmail may be inside a section called "
2489 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2490 msgid "The wizard says that it cannot find GnuPG."
2493 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2495 "Open whatever program you usually use for installing software, and search "
2496 "for GnuPG, then install it. Then restart the Enigmail setup wizard by going "
2497 "to Enigmail → Setup Wizard."
2500 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2501 msgid "More resources"
2504 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2506 "If you're having trouble with our instructions or just want to learn more, "
2508 "href=\"https://www.enigmail.net/documentation/Key_Management#Generating_your_own_key_pair\"> "
2509 "Enigmail's wiki instructions for key generation</a>."
2512 #. type: Content of: <html><body><section><div><div><div><div><h4>
2516 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2517 msgid "Command line key generation"
2520 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2522 "If you prefer using the command line for a higher degree of control, you can "
2523 "follow the documentation from <a "
2524 "href=\"https://www.gnupg.org/gph/en/manual/c14.html#AEN25\">The GNU Privacy "
2525 "Handbook</a>. Make sure you stick with \"RSA and RSA\" (the default), "
2526 "because it's newer and more secure than the algorithms the documentation "
2527 "recommends. Also make sure your key is at least 2048 bits, or 4096 if you "
2528 "want to be extra secure."
2531 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2532 msgid "Advanced key pairs"
2535 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2537 "When GnuPG creates a new keypair, it compartmentalizes the encryption "
2538 "function from the signing function through <a "
2539 "href=\"https://wiki.debian.org/Subkeys\">subkeys</a>. If you use subkeys "
2540 "carefully, you can keep your GnuPG identity much more secure and recover "
2541 "from a compromised key much more quickly. <a "
2542 "href=\"https://alexcabal.com/creating-the-perfect-gpg-keypair/\">Alex "
2543 "Cabal</a> and <a href=\"http://keyring.debian.org/creating-key.html\">the "
2544 "Debian wiki</a> provide good guides for setting up a secure subkey "
2548 #. type: Content of: <html><body><section><div><div><div><h3>
2549 msgid "<em>Step 2.b</em> Upload your public key to a keyserver"
2552 #. type: Content of: <html><body><section><div><div><div><p>
2553 msgid "In your email program's menu, select Enigmail → Key Management."
2556 #. type: Content of: <html><body><section><div><div><div><p>
2558 "Right click on your key and select Upload Public Keys to Keyserver. You "
2559 "don't have to use the default keyserver. If, after research, you would like "
2560 "to change to a different default keyserver, you can change that setting "
2561 "manually in the Enigmail preferences."
2564 #. type: Content of: <html><body><section><div><div><div><p>
2566 "Now someone who wants to send you an encrypted message can download your "
2567 "public key from the Internet. There are multiple keyservers that you can "
2568 "select from the menu when you upload, but they are all copies of each other, "
2569 "so it doesn't matter which one you use. However, it sometimes takes a few "
2570 "hours for them to match each other when a new key is uploaded."
2573 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2574 msgid "The progress bar never finishes"
2577 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2579 "Close the upload popup, make sure you are connected to the Internet, and try "
2580 "again. If that doesn't work, try again, selecting a different keyserver."
2583 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2584 msgid "My key doesn't appear in the list"
2587 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2588 msgid "Try checking \"Display All Keys by Default.\""
2591 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2592 msgid "More documentation"
2595 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2597 "If you're having trouble with our instructions or just want to learn more, "
2599 "href=\"https://www.enigmail.net/documentation/Key_Management#Distributing_your_public_key\"> "
2600 "Enigmail's documentation</a>."
2603 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2604 msgid "Uploading a key from the command line"
2607 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2609 "You can also upload your keys to a keyserver through the <a "
2610 "href=\"https://www.gnupg.org/gph/en/manual/x457.html\">command line</a>. <a "
2611 "href=\"https://sks-keyservers.net/overview-of-pools.php\">The sks Web "
2612 "site</a> maintains a list of highly interconnected keyservers. You can also "
2613 "<a href=\"https://www.gnupg.org/gph/en/manual/x56.html#AEN64\">directly "
2614 "export your key</a> as a file on your computer."
2617 #. type: Content of: <html><body><section><div><div><div><h3>
2618 msgid "GnuPG, OpenPGP, what?"
2621 #. type: Content of: <html><body><section><div><div><div><p>
2623 "In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP are "
2624 "used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the "
2625 "encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) "
2626 "is the program that implements the standard. Enigmail is a plug-in program "
2627 "for your email program that provides an interface for GnuPG."
2630 #. type: Content of: <html><body><section><div><div><h2>
2631 msgid "<em>#3</em> Try it out!"
2634 #. type: Content of: <html><body><section><div><div><p>
2636 "Now you'll try a test correspondence with a computer program named Edward, "
2637 "who knows how to use encryption. Except where noted, these are the same "
2638 "steps you'd follow when corresponding with a real, live person."
2641 #. type: Content of: <html><body><section><div><div><div><h3>
2642 msgid "<em>Step 3.a</em> Send Edward your public key"
2645 #. type: Content of: <html><body><section><div><div><div><p>
2647 "This is a special step that you won't have to do when corresponding with "
2648 "real people. In your email program's menu, go to Enigmail → Key "
2649 "Management. You should see your key in the list that pops up. Right click on "
2650 "your key and select Send Public Keys by Email. This will create a new draft "
2651 "message, as if you had just hit the Write button."
2654 #. type: Content of: <html><body><section><div><div><div><p>
2656 "Address the message to <a "
2657 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Put at least one "
2658 "word (whatever you want) in the subject and body of the email. Don't send "
2662 #. type: Content of: <html><body><section><div><div><div><p>
2664 "The lock icon in the top left should be yellow, meaning encryption is turned "
2665 "on. We want this first special message to be unencrypted, so click the icon "
2666 "once to turn it off. The lock should become grey, with a blue dot on it (to "
2667 "alert you that the setting has been changed from the default). Once "
2668 "encryption is off, hit Send."
2671 #. type: Content of: <html><body><section><div><div><div><p>
2673 "It may take two or three minutes for Edward to respond. In the meantime, you "
2674 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
2675 "Well</a> section of this guide. Once he's responded, head to the next "
2676 "step. From here on, you'll be doing just the same thing as when "
2677 "corresponding with a real person."
2680 #. type: Content of: <html><body><section><div><div><div><p>
2682 "When you open Edward's reply, GnuPG may prompt you for your password before "
2683 "using your private key to decrypt it."
2686 #. type: Content of: <html><body><section><div><div><div><h3>
2687 msgid "<em>Step 3.b</em> Send a test encrypted email"
2690 #. type: Content of: <html><body><section><div><div><div><p>
2692 "Write a new email in your email program, addressed to <a "
2693 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Make the subject "
2694 "\"Encryption test\" or something similar and write something in the body."
2697 #. type: Content of: <html><body><section><div><div><div><p>
2699 "The lock icon in the top left of the window should be yellow, meaning "
2700 "encryption is on. This will be your default from now on."
2703 #. type: Content of: <html><body><section><div><div><div><p>
2705 "Next to the lock, you'll notice an icon of a pencil. We'll get to this in a "
2709 #. type: Content of: <html><body><section><div><div><div><p>
2711 "Click Send. Enigmail will pop up a window that says \"Recipients not valid, "
2712 "not trusted or not found.\""
2715 #. type: Content of: <html><body><section><div><div><div><p>
2717 "To encrypt an email to Edward, you need his public key, so now you'll have "
2718 "Enigmail download it from a keyserver. Click Download Missing Keys and use "
2719 "the default in the pop-up that asks you to choose a keyserver. Once it finds "
2720 "keys, check the first one (Key ID starting with C), then select ok. Select "
2721 "ok in the next pop-up."
2724 #. type: Content of: <html><body><section><div><div><div><p>
2726 "Now you are back at the \"Recipients not valid, not trusted or not found\" "
2727 "screen. Check the box in front of Edward's key and click Send."
2730 #. type: Content of: <html><body><section><div><div><div><p>
2732 "Since you encrypted this email with Edward's public key, Edward's private "
2733 "key is required to decrypt it. Edward is the only one with his private key, "
2734 "so no one except him can decrypt it."
2737 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2738 msgid "Enigmail can't find Edward's key"
2741 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2743 "Close the pop-ups that have appeared since you clicked Send. Make sure you "
2744 "are connected to the Internet and try again. If that doesn't work, repeat "
2745 "the process, choosing a different keyserver when it asks you to pick one."
2748 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2749 msgid "Unscrambled messages in the Sent folder"
2752 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2754 "Even though you can't decrypt messages encrypted to someone else's key, your "
2755 "email program will automatically save a copy encrypted to your public key, "
2756 "which you'll be able to view from the Sent folder like a normal email. This "
2757 "is normal, and it doesn't mean that your email was not sent encrypted."
2760 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2762 "If you're still having trouble with our instructions or just want to learn "
2763 "more, check out <a "
2764 "href=\"https://www.enigmail.net/documentation/Signature_and_Encryption#Encrypting_a_message\"> "
2765 "Enigmail's wiki</a>."
2768 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
2769 msgid "Encrypt messages from the command line"
2772 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
2774 "You can also encrypt and decrypt messages and files from the <a "
2775 "href=\"https://www.gnupg.org/gph/en/manual/x110.html\">command line</a>, if "
2776 "that's your preference. The option --armor makes the encrypted output appear "
2777 "in the regular character set."
2780 #. type: Content of: <html><body><section><div><div><div><h3>
2781 msgid "<em>Important:</em> Security tips"
2784 #. type: Content of: <html><body><section><div><div><div><p>
2786 "Even if you encrypt your email, the subject line is not encrypted, so don't "
2787 "put private information there. The sending and receiving addresses aren't "
2788 "encrypted either, so a surveillance system can still figure out who you're "
2789 "communicating with. Also, surveillance agents will know that you're using "
2790 "GnuPG, even if they can't figure out what you're saying. When you send "
2791 "attachments, Enigmail will give you the choice to encrypt them or not, "
2792 "independent of the actual email."
2795 #. type: Content of: <html><body><section><div><div><div><p>
2797 "For greater security against potential attacks, you can turn off "
2798 "HTML. Instead, you can render the message body as plain text. In order to do "
2799 "this in Thunderbird, go to View > Message Body As > Plain Text."
2802 #. type: Content of: <html><body><section><div><div><div><h3>
2803 msgid "<em>Step 3.c</em> Receive a response"
2806 #. type: Content of: <html><body><section><div><div><div><p>
2808 "When Edward receives your email, he will use his private key to decrypt it, "
2809 "then reply to you."
2812 #. type: Content of: <html><body><section><div><div><div><p>
2814 "It may take two or three minutes for Edward to respond. In the meantime, you "
2815 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
2816 "Well</a> section of this guide."
2819 #. type: Content of: <html><body><section><div><div><div><h3>
2820 msgid "<em>Step 3.d</em> Send a test signed email"
2823 #. type: Content of: <html><body><section><div><div><div><p>
2825 "GnuPG includes a way for you to sign messages and files, verifying that they "
2826 "came from you and that they weren't tampered with along the way. These "
2827 "signatures are stronger than their pen-and-paper cousins -- they're "
2828 "impossible to forge, because they're impossible to create without your "
2829 "private key (another reason to keep your private key safe)."
2832 #. type: Content of: <html><body><section><div><div><div><p>
2834 "You can sign messages to anyone, so it's a great way to make people aware "
2835 "that you use GnuPG and that they can communicate with you securely. If they "
2836 "don't have GnuPG, they will be able to read your message and see your "
2837 "signature. If they do have GnuPG, they'll also be able to verify that your "
2838 "signature is authentic."
2841 #. type: Content of: <html><body><section><div><div><div><p>
2843 "To sign an email to Edward, compose any message to him and click the pencil "
2844 "icon next to the lock icon so that it turns gold. If you sign a message, "
2845 "GnuPG may ask you for your password before it sends the message, because it "
2846 "needs to unlock your private key for signing."
2849 #. type: Content of: <html><body><section><div><div><div><p>
2851 "With the lock and pencil icons, you can choose whether each message will be "
2852 "encrypted, signed, both, or neither."
2855 #. type: Content of: <html><body><section><div><div><div><h3>
2856 msgid "<em>Step 3.e</em> Receive a response"
2859 #. type: Content of: <html><body><section><div><div><div><p>
2861 "When Edward receives your email, he will use your public key (which you sent "
2862 "him in <a href=\"#step-3a\">Step 3.A</a>) to verify the message you sent has "
2863 "not been tampered with and to encrypt his reply to you."
2866 #. type: Content of: <html><body><section><div><div><div><p>
2868 "Edward's reply will arrive encrypted, because he prefers to use encryption "
2869 "whenever possible. If everything goes according to plan, it should say "
2870 "\"Your signature was verified.\" If your test signed email was also "
2871 "encrypted, he will mention that first."
2874 #. type: Content of: <html><body><section><div><div><div><p>
2876 "When you receive Edward's email and open it, Enigmail will automatically "
2877 "detect that it is encrypted with your public key, and then it will use your "
2878 "private key to decrypt it."
2881 #. type: Content of: <html><body><section><div><div><div><p>
2883 "Notice the bar that Enigmail shows you above the message, with information "
2884 "about the status of Edward's key."
2887 #. type: Content of: <html><body><section><div><div><h2>
2888 msgid "<em>#4</em> Learn the Web of Trust"
2891 #. type: Content of: <html><body><section><div><div><p>
2893 "Email encryption is a powerful technology, but it has a weakness; it "
2894 "requires a way to verify that a person's public key is actually "
2895 "theirs. Otherwise, there would be no way to stop an attacker from making an "
2896 "email address with your friend's name, creating keys to go with it and "
2897 "impersonating your friend. That's why the free software programmers that "
2898 "developed email encryption created keysigning and the Web of Trust."
2901 #. type: Content of: <html><body><section><div><div><p>
2903 "When you sign someone's key, you are publicly saying that you've verified "
2904 "that it belongs to them and not someone else."
2907 #. type: Content of: <html><body><section><div><div><p>
2909 "Signing keys and signing messages use the same type of mathematical "
2910 "operation, but they carry very different implications. It's a good practice "
2911 "to generally sign your email, but if you casually sign people's keys, you "
2912 "may accidently end up vouching for the identity of an imposter."
2915 #. type: Content of: <html><body><section><div><div><p>
2917 "People who use your public key can see who has signed it. Once you've used "
2918 "GnuPG for a long time, your key may have hundreds of signatures. You can "
2919 "consider a key to be more trustworthy if it has many signatures from people "
2920 "that you trust. The Web of Trust is a constellation of GnuPG users, "
2921 "connected to each other by chains of trust expressed through signatures."
2924 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
2925 msgid "Section 4: Web of Trust"
2928 #. type: Content of: <html><body><section><div><div><div><h3>
2929 msgid "<em>Step 4.a</em> Sign a key"
2932 #. type: Content of: <html><body><section><div><div><div><p>
2933 msgid "In your email program's menu, go to Enigmail → Key Management."
2936 #. type: Content of: <html><body><section><div><div><div><p>
2938 "Right click on Edward's public key and select Sign Key from the context "
2942 #. type: Content of: <html><body><section><div><div><div><p>
2943 msgid "In the window that pops up, select \"I will not answer\" and click ok."
2946 #. type: Content of: <html><body><section><div><div><div><p>
2948 "Now you should be back at the Key Management menu. Select Keyserver → "
2949 "Upload Public Keys and hit ok."
2952 #. type: Content of: <html><body><section><div><div><div><p>
2954 "You've just effectively said \"I trust that Edward's public key actually "
2955 "belongs to Edward.\" This doesn't mean much because Edward isn't a real "
2956 "person, but it's good practice."
2959 #. type: Content of: <html><body><section><div><div><div><h3>
2960 msgid "Identifying keys: Fingerprints and IDs"
2963 #. type: Content of: <html><body><section><div><div><div><p>
2965 "People's public keys are usually identified by their key fingerprint, which "
2966 "is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 (for "
2967 "Edward's key). You can see the fingerprint for your public key, and other "
2968 "public keys saved on your computer, by going to Enigmail → Key "
2969 "Management in your email program's menu, then right clicking on the key and "
2970 "choosing Key Properties. It's good practice to share your fingerprint "
2971 "wherever you share your email address, so that people can double-check that "
2972 "they have the correct public key when they download yours from a keyserver."
2975 #. type: Content of: <html><body><section><div><div><div><p>
2977 "You may also see public keys referred to by a shorter key ID. This key ID is "
2978 "visible directly from the Key Management window. These eight character key "
2979 "IDs were previously used for identification, which used to be safe, but is "
2980 "no longer reliable. You need to check the full fingerprint as part of "
2981 "verifying you have the correct key for the person you are trying to "
2982 "contact. Spoofing, in which someone intentionally generates a key with a "
2983 "fingerprint whose final eight characters are the same as another, is "
2984 "unfortunately common."
2987 #. type: Content of: <html><body><section><div><div><div><h3>
2988 msgid "<em>Important:</em> What to consider when signing keys"
2991 #. type: Content of: <html><body><section><div><div><div><p>
2993 "Before signing a person's key, you need to be confident that it actually "
2994 "belongs to them, and that they are who they say they are. Ideally, this "
2995 "confidence comes from having interactions and conversations with them over "
2996 "time, and witnessing interactions between them and others. Whenever signing "
2997 "a key, ask to see the full public key fingerprint, and not just the shorter "
2998 "key ID. If you feel it's important to sign the key of someone you've just "
2999 "met, also ask them to show you their government identification, and make "
3000 "sure the name on the ID matches the name on the public key. In Enigmail, "
3001 "answer honestly in the window that pops up and asks \"How carefully have you "
3002 "verified that the key you are about to sign actually belongs to the "
3003 "person(s) named above?\""
3006 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
3007 msgid "Master the Web of Trust"
3010 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
3012 "Unfortunately, trust does not spread between users the way <a "
3013 "href=\"http://fennetic.net/irc/finney.org/~hal/web_of_trust.html\">many "
3014 "people think</a>. One of best ways to strengthen the GnuPG community is to "
3016 "href=\"https://www.gnupg.org/gph/en/manual/x334.html\">understand</a> the "
3017 "Web of Trust and to carefully sign as many people's keys as circumstances "
3021 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
3022 msgid "Set ownertrust"
3025 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
3027 "If you trust someone enough to validate other people's keys, you can assign "
3028 "them an ownertrust level through Enigmails's key management window. Right "
3029 "click on the other person's key, go to the \"Select Owner Trust\" menu "
3030 "option, select the trustlevel and click OK. Only do this once you feel you "
3031 "have a deep understanding of the Web of Trust."
3034 #. type: Content of: <html><body><section><div><div><h2>
3035 msgid "<em>#5</em> Use it well"
3038 #. type: Content of: <html><body><section><div><div><p>
3040 "Everyone uses GnuPG a little differently, but it's important to follow some "
3041 "basic practices to keep your email secure. Not following them, you risk the "
3042 "privacy of the people you communicate with, as well as your own, and damage "
3046 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
3047 msgid "Section 5: Use it Well (1)"
3050 #. type: Content of: <html><body><section><div><div><div><h3>
3051 msgid "When should I encrypt? When should I sign?"
3054 #. type: Content of: <html><body><section><div><div><div><p>
3056 "The more you can encrypt your messages, the better. If you only encrypt "
3057 "emails occasionally, each encrypted message could raise a red flag for "
3058 "surveillance systems. If all or most of your email is encrypted, people "
3059 "doing surveillance won't know where to start. That's not to say that only "
3060 "encrypting some of your email isn't helpful -- it's a great start and it "
3061 "makes bulk surveillance more difficult."
3064 #. type: Content of: <html><body><section><div><div><div><p>
3066 "Unless you don't want to reveal your own identity (which requires other "
3067 "protective measures), there's no reason not to sign every message, whether "
3068 "or not you are encrypting. In addition to allowing those with GnuPG to "
3069 "verify that the message came from you, signing is a non-intrusive way to "
3070 "remind everyone that you use GnuPG and show support for secure "
3071 "communication. If you often send signed messages to people that aren't "
3072 "familiar with GnuPG, it's nice to also include a link to this guide in your "
3073 "standard email signature (the text kind, not the cryptographic kind)."
3076 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
3077 msgid "Section 5: Use it Well (2)"
3080 #. type: Content of: <html><body><section><div><div><div><h3>
3081 msgid "Be wary of invalid keys"
3084 #. type: Content of: <html><body><section><div><div><div><p>
3086 "GnuPG makes email safer, but it's still important to watch out for invalid "
3087 "keys, which might have fallen into the wrong hands. Email encrypted with "
3088 "invalid keys might be readable by surveillance programs."
3091 #. type: Content of: <html><body><section><div><div><div><p>
3093 "In your email program, go back to the first encrypted email that Edward sent "
3094 "you. Because Edward encrypted it with your public key, it will have a "
3095 "message from Enigmail at the top, which most likely says \"Enigmail: Part of "
3096 "this message encrypted.\""
3099 #. type: Content of: <html><body><section><div><div><div><p>
3101 "<b>When using GnuPG, make a habit of glancing at that bar. The program will "
3102 "warn you there if you get an email signed with a key that can't be "
3106 #. type: Content of: <html><body><section><div><div><div><h3>
3107 msgid "Copy your revocation certificate to somewhere safe"
3110 #. type: Content of: <html><body><section><div><div><div><p>
3112 "Remember when you created your keys and saved the revocation certificate "
3113 "that GnuPG made? It's time to copy that certificate onto the safest digital "
3114 "storage that you have -- the ideal thing is a flash drive, disk, or hard "
3115 "drive stored in a safe place in your home, not on a device you carry with "
3119 #. type: Content of: <html><body><section><div><div><div><p>
3121 "If your private key ever gets lost or stolen, you'll need this certificate "
3122 "file to let people know that you are no longer using that keypair."
3125 #. type: Content of: <html><body><section><div><div><div><h3>
3126 msgid "<em>Important:</em> act swiftly if someone gets your private key"
3129 #. type: Content of: <html><body><section><div><div><div><p>
3131 "If you lose your private key or someone else gets ahold of it (say, by "
3132 "stealing or cracking your computer), it's important to revoke it immediately "
3133 "before someone else uses it to read your encrypted email or forge your "
3134 "signature. This guide doesn't cover how to revoke a key, but you can follow "
3136 "href=\"https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/\">instructions</a>. "
3137 "After you're done revoking, make a new key and send an email to everyone "
3138 "with whom you usually use your key to make sure they know, including a copy "
3142 #. type: Content of: <html><body><section><div><div><div><h3>
3143 msgid "Webmail and GnuPG"
3146 #. type: Content of: <html><body><section><div><div><div><p>
3148 "When you use a web browser to access your email, you're using webmail, an "
3149 "email program stored on a distant website. Unlike webmail, your desktop "
3150 "email program runs on your own computer. Although webmail can't decrypt "
3151 "encrypted email, it will still display it in its encrypted form. If you "
3152 "primarily use webmail, you'll know to open your email client when you "
3153 "receive a scrambled email."
3156 #. type: Content of: <html><body><section><div><div><h2>
3157 msgid "<a href=\"next_steps.html\">Great job! Check out the next steps.</a>"
3160 #. type: Content of: <html><body><header><div><p>
3161 msgid "← Read the <a href=\"index.html\">full guide</a>"
3164 #. type: Content of: <html><body><header><div><h3><a>
3167 "href=\"https://fsf.org/share?u=https://u.fsf.org/zc&t=How public-key "
3168 "encryption works. Infographic via %40fsf\">"
3171 #. type: Content of: <html><body><header><div><h3>
3172 msgid " Share our infographic </a> with the hashtag #EmailSelfDefense"
3175 #. type: Attribute 'alt' of: <html><body><header><div><p><img>
3176 msgid "View & share our infographic"
3179 #. type: Content of: <html><body><header><div><ul><li>
3180 msgid "<a href=\"index.html\">GNU/Linux</a>"
3183 #. type: Content of: <html><body><header><div><ul><li>
3184 msgid "<a href=\"mac.html\" class=\"current\">Mac OS</a>"
3187 #. type: Content of: <html><body><section><div><div><p>
3189 "This guide relies on software which is <a "
3190 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
3191 "it's completely transparent and anyone can copy it or make their own "
3192 "version. This makes it safer from surveillance than proprietary software "
3193 "(like Windows or Mac OS). To defend your freedom as well as protect yourself "
3194 "from surveillance, we recommend you switch to a free software operating "
3195 "system like GNU/Linux. Learn more about free software at <a "
3196 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
3199 #. type: Content of: <html><body><section><div><div><p>
3201 "To get started, you'll need the IceDove desktop email program installed on "
3202 "your computer. For your system, IceDove may be known by the alternate name "
3203 "\"Thunderbird.\" Email programs are another way to access the same email "
3204 "accounts you can access in a browser (like Gmail), but provide extra "
3208 #. type: Content of: <html><body><section><div><div><div><h3>
3209 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPGTools"
3212 #. type: Content of: <html><body><section><div><div><div><p>
3214 "GPGTools is a software package that includes GnuPG. <a "
3215 "href=\"https://gpgtools.org/#gpgsuite\">Download</a> and install it, "
3216 "choosing default options whenever asked. After it's installed, you can close "
3217 "any windows that it creates."
3220 #. type: Content of: <html><body><section><div><div><div><p>
3222 "There are major security flaws in versions of GnuPG provided by GPGTools "
3223 "prior to 2018.3. Make sure you have GPGTools 2018.3 or later."
3226 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
3227 msgid "Step 1.C: Tools -> Add-ons"
3230 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
3231 msgid "Step 1.C: Search Add-ons"
3234 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
3235 msgid "Step 1.C: Install Add-ons"
3238 #. type: Content of: <html><body><section><div><div><div><h3>
3239 msgid "<em>Step 1.c</em> Install the Enigmail plugin for your email program"
3242 #. type: Content of: <html><body><section><div><div><div><p>
3244 "There are major security flaws in Enigmail prior to version 2.0.7. Make sure "
3245 "you have Enigmail 2.0.7 or later."
3248 #. type: Content of: <html><body><section><div><div><div><p>
3250 "For greater security against potential attacks, you can turn off "
3251 "HTML. Instead, you can render the message body as plain text."
3254 #. type: Content of: <html><body><header><div><h1>
3258 #. type: Content of: <html><body><section><div><div><h2>
3259 msgid "<em>#6</em> Next steps"
3262 #. type: Content of: <html><body><section><div><div><p>
3264 "You've now completed the basics of email encryption with GnuPG, taking "
3265 "action against bulk surveillance. These next steps will help make the most "
3266 "of the work you've done."
3269 #. type: Content of: <html><body><section><div><div><div><h3>
3270 msgid "Join the movement"
3273 #. type: Content of: <html><body><section><div><div><div><p>
3275 "You've just taken a huge step towards protecting your privacy online. But "
3276 "each of us acting alone isn't enough. To topple bulk surveillance, we need "
3277 "to build a movement for the autonomy and freedom of all computer users. Join "
3278 "the Free Software Foundation's community to meet like-minded people and work "
3279 "together for change."
3282 #. type: Content of: <html><body><section><div><div><div><p>
3284 "<small>Read <a href=\"https://www.fsf.org/twitter\">why GNU Social and "
3285 "Mastodon are better than Twitter</a>, and <a "
3286 "href=\"http://www.fsf.org/facebook\">why we don't use Facebook</a>.</small>"
3289 #. type: Content of: <html><body><section><div><div><div><div><p>
3290 msgid "Low-volume mailing list"
3293 #. type: Content of: <html><body><section><div><div><div><div><form>
3295 "<input type=\"text\" value=\"Type your email...\" name=\"email-Primary\" "
3296 "id=\"frmEmail\" /> <input type=\"submit\" value=\"Add me\" "
3297 "name=\"_qf_Edit_next\" /> <input type=\"hidden\" "
3298 "value=\"https://emailselfdefense.fsf.org/en/confirmation.html\" "
3299 "name=\"postURL\" /> <input type=\"hidden\" value=\"1\" name=\"group[25]\" /> "
3300 "<input type=\"hidden\" "
3301 "value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=391\" "
3302 "name=\"cancelURL\" /> <input type=\"hidden\" value=\"Edit:cancel\" "
3303 "name=\"_qf_default\" />"
3306 #. type: Content of: <html><body><section><div><div><div><div><p>
3308 "<small>Read our <a "
3309 "href=\"https://my.fsf.org/donate/privacypolicy.html\">privacy "
3310 "policy</a>.</small>"
3313 #. type: Content of: <html><body><section><div><div><div><h3>
3314 msgid "Bring Email Self-Defense to new people"
3317 #. type: Content of: <html><body><section><div><div><div><p>
3319 "Understanding and setting up email encryption is a daunting task for "
3320 "many. To welcome them, make it easy to find your public key and offer to "
3321 "help with encryption. Here are some suggestions:"
3324 #. type: Content of: <html><body><section><div><div><div><ul><li>
3326 "Lead an Email Self-Defense workshop for your friends and community, using "
3327 "our <a href=\"workshops.html\">teaching guide</a>."
3330 #. type: Content of: <html><body><section><div><div><div><ul><li>
3332 "Use <a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Encrypt "
3333 "with me using Email Self-Defense %40fsf\">our sharing page</a> to compose a "
3334 "message to a few friends and ask them to join you in using encrypted "
3335 "email. Remember to include your GnuPG public key fingerprint so they can "
3336 "easily download your key."
3339 #. type: Content of: <html><body><section><div><div><div><ul><li>
3341 "Add your public key fingerprint anywhere that you normally display your "
3342 "email address. Some good places are: your email signature (the text kind, "
3343 "not the cryptographic kind), social media profiles, blogs, Websites, or "
3344 "business cards. At the Free Software Foundation, we put ours on our <a "
3345 "href=\"https://fsf.org/about/staff\">staff page</a>."
3348 #. type: Content of: <html><body><section><div><div><div><h3>
3349 msgid "Protect more of your digital life"
3352 #. type: Content of: <html><body><section><div><div><div><p>
3354 "Learn surveillance-resistant technologies for instant messages, hard drive "
3355 "storage, online sharing, and more at <a "
3356 "href=\"https://directory.fsf.org/wiki/Collection:Privacy_pack\"> the Free "
3357 "Software Directory's Privacy Pack</a> and <a "
3358 "href=\"https://prism-break.org\">prism-break.org</a>."
3361 #. type: Content of: <html><body><section><div><div><div><p>
3363 "If you are using Windows, Mac OS or any other proprietary operating system, "
3364 "we recommend you switch to a free software operating system like "
3365 "GNU/Linux. This will make it much harder for attackers to enter your "
3366 "computer through hidden back doors. Check out the Free Software Foundation's "
3367 "<a href=\"http://www.gnu.org/distros/free-distros.html\">endorsed versions "
3371 #. type: Content of: <html><body><section><div><div><div><h3>
3372 msgid "Optional: Add more email protection with Tor"
3375 #. type: Content of: <html><body><section><div><div><div><p>
3377 "<a href=\"https://www.torproject.org/about/overview.html.en\">The Onion "
3378 "Router (Tor) network</a> wraps Internet communication in multiple layers of "
3379 "encryption and bounces it around the world several times. When used "
3380 "properly, Tor confuses surveillance field agents and the global surveillance "
3381 "apparatus alike. Using it simultaneously with GnuPG's encryption will give "
3382 "you the best results."
3385 #. type: Content of: <html><body><section><div><div><div><p>
3387 "To have your email program send and receive email over Tor, install the <a "
3388 "href=\"https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/\">Torbirdy "
3389 "plugin</a> the same way you installed Enigmail, by searching for it through "
3393 #. type: Content of: <html><body><section><div><div><div><p>
3395 "Before beginning to check your email over Tor, make sure you understand <a "
3396 "href=\"https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide\"> "
3397 "the security tradeoffs involved</a>. This <a "
3398 "href=\"https://www.eff.org/pages/tor-and-https\">infographic</a> from our "
3399 "friends at the Electronic Frontier Foundation demonstrates how Tor keeps you "
3403 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
3404 msgid "Section 6: Next Steps"
3407 #. type: Content of: <html><body><section><div><div><div><p>
3408 msgid "← <a href=\"index.html\">Return to the guide</a>"
3411 #. type: Content of: <html><body><section><div><div><div><h3>
3412 msgid "Make Email Self-Defense tools even better"
3415 #. type: Content of: <html><body><section><div><div><div><p>
3417 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Leave "
3418 "feedback and suggest improvements to this guide</a>. We welcome "
3419 "translations, but we ask that you contact us at <a "
3420 "href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a> before you start, so "
3421 "that we can connect you with other translators working in your language."
3424 #. type: Content of: <html><body><section><div><div><div><p>
3426 "If you like programming, you can contribute code to <a "
3427 "href=\"https://www.gnupg.org/\">GnuPG</a> or <a "
3428 "href=\"https://www.enigmail.net/home/index.php\">Enigmail</a>."
3431 #. type: Content of: <html><body><section><div><div><div><p>
3433 "To go the extra mile, support the Free Software Foundation so we can keep "
3434 "improving Email Self-Defense, and make more tools like it."
3437 #. type: Content of: <html><body><header><div><ul><li>
3438 msgid "<a href=\"windows.html\" class=\"current\">Windows</a>"
3441 #. type: Content of: <html><body><section><div><div><div><h3>
3442 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPG4Win"
3445 #. type: Content of: <html><body><section><div><div><div><p>
3447 "GPG4Win is a software package that includes GnuPG. <a "
3448 "href=\"https://www.gpg4win.org/\">Download</a> and install it, choosing "
3449 "default options whenever asked. After it's installed, you can close any "
3450 "windows that it creates."
3453 #. type: Content of: <html><body><section><div><div><div><p>
3455 "There are major security flaws in versions of GnuPG provided by GPG4Win "
3456 "prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later."
3459 #. type: Content of: <html><body><header><div><ul><li>
3460 msgid "<a href=\"workshops.html\" class=\"current\">Teach your friends</a>"
3463 #. type: Content of: <html><body><header><div><ul><li><a>
3465 "<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email "
3466 "encryption for everyone via %40fsf\">Share "
3469 #. type: Content of: <html><body><header><div><div><div><p>
3471 "We want to translate this guide into more languages, and make a version for "
3472 "encryption on mobile devices. Please donate, and help people around the "
3473 "world take the first step towards protecting their privacy with free "
3477 #. type: Content of: <html><body><header><div><div><p><a>
3479 "<a id=\"infographic\" "
3480 "href=\"https://emailselfdefense.fsf.org/en/infographic.html\">"
3483 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
3484 msgid "View & share our infographic →"
3487 #. type: Content of: <html><body><header><div><div><p>
3489 "</a> Understanding and setting up email encryption sounds like a daunting "
3490 "task to many people. That's why helping your friends with GnuPG plays such "
3491 "an important role in helping spread encryption. Even if only one person "
3492 "shows up, that's still one more person using encryption who wasn't "
3493 "before. You have the power to help your friends keep their digital love "
3494 "letters private, and teach them about the importance of free software. If "
3495 "you use GnuPG to send and receive encrypted email, you're a perfect "
3496 "candidate for leading a workshop!"
3499 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
3500 msgid "A small workshop among friends"
3503 #. type: Content of: <html><body><section><div><div><h2>
3504 msgid "<em>#1</em> Get your friends or community interested"
3507 #. type: Content of: <html><body><section><div><div><p>
3509 "If you hear friends grumbling about their lack of privacy, ask them if "
3510 "they're interested in attending a workshop on Email Self-Defense. If your "
3511 "friends don't grumble about privacy, they may need some convincing. You "
3512 "might even hear the classic \"if you've got nothing to hide, you've got "
3513 "nothing to fear\" argument against using encryption."
3516 #. type: Content of: <html><body><section><div><div><p>
3518 "Here are some talking points you can use to help explain why it's worth it "
3519 "to learn GnuPG. Mix and match whichever you think will make sense to your "
3523 #. type: Content of: <html><body><section><div><div><div><h3>
3524 msgid "Strength in numbers"
3527 #. type: Content of: <html><body><section><div><div><div><p>
3529 "Each person who chooses to resist mass surveillance with encryption makes it "
3530 "easier for others to resist as well. People normalizing the use of strong "
3531 "encryption has multiple powerful effects: it means those who need privacy "
3532 "the most, like potential whistle-blowers and activists, are more likely to "
3533 "learn about encryption. More people using encryption for more things also "
3534 "makes it harder for surveillance systems to single out those that can't "
3535 "afford to be found, and shows solidarity with those people."
3538 #. type: Content of: <html><body><section><div><div><div><h3>
3539 msgid "People you respect may already be using encryption"
3542 #. type: Content of: <html><body><section><div><div><div><p>
3544 "Many journalists, whistleblowers, activists, and researchers use GnuPG, so "
3545 "your friends might unknowingly have heard of a few people who use it "
3546 "already. You can search for \"BEGIN PUBLIC KEY BLOCK\" + keyword to help "
3547 "make a list of people and organizations who use GnuPG whom your community "
3548 "will likely recognize."
3551 #. type: Content of: <html><body><section><div><div><div><h3>
3552 msgid "Respect your friends' privacy"
3555 #. type: Content of: <html><body><section><div><div><div><p>
3557 "There's no objective way to judge what constitutes privacy-sensitive "
3558 "correspondence. As such, it's better not to presume that just because you "
3559 "find an email you sent to a friend innocuous, your friend (or a surveillance "
3560 "agent, for that matter!) feels the same way. Show your friends respect by "
3561 "encrypting your correspondence with them."
3564 #. type: Content of: <html><body><section><div><div><div><h3>
3565 msgid "Privacy technology is normal in the physical world"
3568 #. type: Content of: <html><body><section><div><div><div><p>
3570 "In the physical realm, we take window blinds, envelopes, and closed doors "
3571 "for granted as ways of protecting our privacy. Why should the digital realm "
3575 #. type: Content of: <html><body><section><div><div><div><h3>
3576 msgid "We shouldn't have to trust our email providers with our privacy"
3579 #. type: Content of: <html><body><section><div><div><div><p>
3581 "Some email providers are very trustworthy, but many have incentives not to "
3582 "protect your privacy and security. To be empowered digital citizens, we need "
3583 "to build our own security from the bottom up."
3586 #. type: Content of: <html><body><section><div><div><h2>
3587 msgid "<em>#2</em> Plan The Workshop"
3590 #. type: Content of: <html><body><section><div><div><p>
3592 "Once you've got at least one interested friend, pick a date and start "
3593 "planning out the workshop. Tell participants to bring their computer and ID "
3594 "(for signing each other's keys). If you'd like to make it easy for the "
3595 "participants to use Diceware for choosing passwords, get a pack of dice "
3596 "beforehand. Make sure the location you select has an easily accessible "
3597 "Internet connection, and make backup plans in case the connection stops "
3598 "working on the day of the workshop. Libraries, coffee shops, and community "
3599 "centers make great locations. Try to get all the participants to set up an "
3600 "Enigmail-compatible email client before the event. Direct them to their "
3601 "email provider's IT department or help page if they run into errors."
3604 #. type: Content of: <html><body><section><div><div><p>
3606 "Estimate that the workshop will take at least forty minutes plus ten minutes "
3607 "for each participant. Plan extra time for questions and technical glitches."
3610 #. type: Content of: <html><body><section><div><div><p>
3612 "The success of the workshop requires understanding and catering to the "
3613 "unique backgrounds and needs of each group of participants. Workshops should "
3614 "stay small, so that each participant receives more individualized "
3615 "instruction. If more than a handful of people want to participate, keep the "
3616 "facilitator to participant ratio high by recruiting more facilitators, or by "
3617 "facilitating multiple workshops. Small workshops among friends work great!"
3620 #. type: Content of: <html><body><section><div><div><h2>
3621 msgid "<em>#3</em> Follow the guide as a group"
3624 #. type: Content of: <html><body><section><div><div><p>
3626 "Work through the Email Self-Defense guide a step at a time as a group. Talk "
3627 "about the steps in detail, but make sure not to overload the participants "
3628 "with minutia. Pitch the bulk of your instructions to the least tech-savvy "
3629 "participants. Make sure all the participants complete each step before the "
3630 "group moves on to the next one. Consider facilitating secondary workshops "
3631 "afterwards for people that had trouble grasping the concepts, or those that "
3632 "grasped them quickly and want to learn more."
3635 #. type: Content of: <html><body><section><div><div><p>
3637 "In <a href=\"index.html#section2\">Section 2</a> of the guide, make sure the "
3638 "participants upload their keys to the same keyserver so that they can "
3639 "immediately download each other's keys later (sometimes there is a delay in "
3640 "synchronization between keyservers). During <a "
3641 "href=\"index.html#section3\">Section 3</a>, give the participants the option "
3642 "to send test messages to each other instead of or as well as "
3643 "Edward. Similarly, in <a href=\"index.html#section4\">Section 4</a>, "
3644 "encourage the participants to sign each other's keys. At the end, make sure "
3645 "to remind people to safely back up their revocation certificates."
3648 #. type: Content of: <html><body><section><div><div><h2>
3649 msgid "<em>#4</em> Explain the pitfalls"
3652 #. type: Content of: <html><body><section><div><div><p>
3654 "Remind participants that encryption works only when it's explicitly used; "
3655 "they won't be able to send an encrypted email to someone who hasn't already "
3656 "set up encryption. Also remind participants to double-check the encryption "
3657 "icon before hitting send, and that subjects and timestamps are never "
3661 #. type: Content of: <html><body><section><div><div><p>
3664 "href=\"https://www.gnu.org/proprietary/proprietary.html\">dangers of running "
3665 "a proprietary system</a> and advocate for free software, because without it, "
3667 "href=\"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance\">meaningfully "
3668 "resist invasions of our digital privacy and autonomy</a>."
3671 #. type: Content of: <html><body><section><div><div><h2>
3672 msgid "<em>#5</em> Share additional resources"
3675 #. type: Content of: <html><body><section><div><div><p>
3677 "GnuPG's advanced options are far too complex to teach in a single "
3678 "workshop. If participants want to know more, point out the advanced "
3679 "subsections in the guide and consider organizing another workshop. You can "
3681 "href=\"https://www.gnupg.org/documentation/index.html\">GnuPG's</a> and <a "
3682 "href=\"https://www.enigmail.net/index.php/documentation\">Enigmail's</a> "
3683 "official documentation and mailing lists. Many GNU/Linux distribution's Web "
3684 "sites also contain a page explaining some of GnuPG's advanced features."
3687 #. type: Content of: <html><body><section><div><div><h2>
3688 msgid "<em>#6</em> Follow up"
3691 #. type: Content of: <html><body><section><div><div><p>
3693 "Make sure everyone has shared email addresses and public key fingerprints "
3694 "before they leave. Encourage the participants to continue to gain GnuPG "
3695 "experience by emailing each other. Send them each an encrypted email one "
3696 "week after the event, reminding them to try adding their public key ID to "
3697 "places where they publicly list their email address."
3700 #. type: Content of: <html><body><section><div><div><p>
3702 "If you have any suggestions for improving this workshop guide, please let us "
3703 "know at <a href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a>."