<!-- Language list for browsers that do not have JS enabled -->
<ul id="languages" class="os">
<li><a class="current" href="/en">English - v4.0</a></li>
-<li><a href="/cs">Ä\8ceština - v4.0</a></li>
-<li><a href="/de">Deutsch - v3.0</a></li>
+<li><a href="/cs">Ä\8deština - v4.0</a></li>
+<li><a href="/de">Deutsch - v4.0</a></li>
<li><a href="/el">ελληνικά - v3.0</a></li>
<li><a href="/es">español - v4.0</a></li>
<li><a href="/fa">فارسی - v4.0</a></li>
<li><a href="/sq">Shqip - v4.0</a></li>
<li><a href="/sv">svenska - v4.0</a></li>
<li><a href="/tr">Türkçe - v4.0</a></li>
-<li><a
-href="https://libreplanet.org/wiki/GPG_guide/Translation_Guide"><strong><span
-style="color: #2F5FAA;">Translate!</span></strong></a></li>
+<li><a href="/zh-hans">简体中文 - v4.0</a></li>
+<li><a href="https://libreplanet.org/wiki/GPG_guide/Translation_Guide">
+<strong><span style="color: #2F5FAA;">Translate!</span></strong></a></li>
</ul>
<ul id="menu" class="os">
<li class="spacer"><a href="index.html">GNU/Linux</a></li>
<li><a href="mac.html">Mac OS</a></li>
<li><a href="windows.html" class="current">Windows</a></li>
-<li><a href="workshops.html">Teach your friends</a></li>
-<li><a href="https://fsf.org/share?u=https://u.fsf.org/zb&t=Email
-encryption for everyone via %40fsf">Share
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/gnu-social.png"
-class="share-logo"
+<li class="spacer"><a href="workshops.html">Teach your friends</a></li>
+<li class="spacer"><a
+href="https://fsf.org/share?u=https://u.fsf.org/zb&t=Email encryption for everyone via %40fsf">
+Share
+<img src="//static.fsf.org/nosvn/enc-dev0/img/gnu-social.png" class="share-logo"
alt="[GNU Social]" />
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/pump.io.png"
-class="share-logo"
+<img src="//static.fsf.org/nosvn/enc-dev0/img/pump.io.png" class="share-logo"
alt="[Pump.io]" />
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/reddit-alien.png"
-class="share-logo"
+<img src="//static.fsf.org/nosvn/enc-dev0/img/reddit-alien.png" class="share-logo"
alt="[Reddit]" />
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/hacker-news.png"
-class="share-logo"
-alt="[Hacker News]" />
-</a></li>
+<img src="//static.fsf.org/nosvn/enc-dev0/img/hacker-news.png" class="share-logo"
+alt="[Hacker News]" /></a></li>
</ul>
<!-- ~~~~~~~~~ FSF Introduction ~~~~~~~~~ -->
<p class="notes">This guide relies on software which is <a
href="https://www.gnu.org/philosophy/free-sw.html">freely licensed</a>; it's
completely transparent and anyone can copy it or make their own version. This
-makes it safer from surveillance than proprietary software (like Windows). To
-defend your freedom as well as protect yourself from surveillance, we recommend
-you switch to a free software operating system like GNU/Linux. Learn more
-about free software at <a href="https://u.fsf.org/ys">fsf.org</a>.</p>
+makes it safer from surveillance than proprietary software (like Windows or Mac
+OS). To defend your freedom as well as protect yourself from surveillance, we
+recommend you switch to a free software operating system like GNU/Linux. Learn
+more about free software at <a href="https://u.fsf.org/ys">fsf.org</a>.</p>
<p>To get started, you'll need the IceDove desktop email program installed
on your computer. For your system, IceDove may be known by the alternate name
<p>Open your email program and follow the wizard (step-by-step walkthrough)
that sets it up with your email account.</p>
+<p>Look for the letters SSL, TLS, or STARTTLS to the right of the servers
+when you're setting up your account. If you don't see them, you will still
+be able to use encryption, but this means that the people running your email
+system are running behind the industry standard in protecting your security
+and privacy. We recommend that you send them a friendly email asking them
+to enable SSL, TLS, or STARTTLS for your email server. They will know what
+you're talking about, so it's worth making the request even if you aren't
+an expert on these security systems.</p>
+
<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
<div class="troubleshooting">
<dl>
<dt>The wizard doesn't launch</dt>
<dd>You can launch the wizard yourself, but the menu option for doing so is
-named differently in each email programs. The button to launch it will be in
+named differently in each email program. The button to launch it will be in
the program's main menu, under "New" or something similar, titled something
like "Add account" or "New/Existing email account."</dd>
options whenever asked. After it's installed, you can close any windows that
it creates.</p>
+<p>There are major security flaws in versions of GnuPG provided by GPG4Win
+prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later.</p>
+
</div><!-- End .main -->
</div><!-- End #step1-b .step -->
<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
<div id="step-1c" class="step">
<div class="sidebar">
-
<ul class="images">
-<li><img
-src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-01-tools-addons.png"
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-01-tools-addons.png"
alt="Step 1.C: Tools -> Add-ons" /></li>
-<li><img
-src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-02-search.png"
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-02-search.png"
alt="Step 1.C: Search Add-ons" /></li>
-<li><img
-src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-03-install.png"
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-03-install.png"
alt="Step 1.C: Install Add-ons" /></li>
</ul>
<h3><em>Step 1.c</em> Install the Enigmail plugin for your email program</h3>
<p>In your email program's menu, select Add-ons (it may be in the Tools
-section). Make sure Extensions is selected on the left. Do you see Enigmail? If
-so, skip this step.</p>
+section). Make sure Extensions is selected on the left. Do you see Enigmail?
+Make sure it's the latest version. If so, skip this step.</p>
<p>If not, search "Enigmail" with the search bar in the upper right. You
can take it from here. Restart your email program when you're done.</p>
+<p>There are major security flaws in Enigmail prior to version 2.0.7. Make
+sure you have Enigmail 2.0.7 or later.</p>
+
<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
<div class="troubleshooting">
<dd>In many new email programs, the main menu is represented by an image of
three stacked horizontal bars.</dd>
+<dt>My email looks weird</dt>
+<dd>Enigmail doesn't tend to play nice with HTML, which is used to format
+emails, so it may disable your HTML formatting automatically. To send an
+HTML-formatted email without encryption or a signature, hold down the Shift
+key when you select compose. You can then write an email as if Enigmail
+wasn't there.</dd>
+
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
</div><!-- /.troubleshooting -->
</div><!-- End .main -->
-</div><!-- End #step-1c .step -->
+</div><!-- End #step-1b .step -->
</div></section><!-- End #section1 -->
<!-- ~~~~~~~~~ Section 2: Make your keys ~~~~~~~~~ -->
<li>On the screen titled "Create Key," pick a strong password! You can
do it manually, or you can use the Diceware method. Doing it manually
is faster but not as secure. Using Diceware takes longer and requires
-dice, but creates a password that is much harder for attackers figure
+dice, but creates a password that is much harder for attackers to figure
out. To use it, read the section "Make a secure passphrase with Diceware" in <a
-href="https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/">this
-article</a> by Micah Lee.</li>
+href="https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/">
+this article</a> by Micah Lee.</li>
</ul>
<p>If you'd like to pick a password manually, come up with something
<dt>More resources</dt>
<dd>If you're having trouble with our
instructions or just want to learn more, check out <a
-href="https://enigmail.wiki/Key_Management#Generating_your_own_key_pair">Enigmail's
-wiki instructions for key generation</a>.</dd>
-
-<dt>My email looks weird</dt>
-<dd>Enigmail doesn't tend to play nice with HTML, which is used to format
-emails, so it may disable your HTML formatting automatically. To send an
-HTML-formatted email without encryption or a signature, hold down the Shift
-key when you select compose. You can then write an email as if Enigmail
-wasn't there.</dd>
+href="https://enigmail.wiki/Key_Management#Generating_your_own_key_pair">
+Enigmail's wiki instructions for key generation</a>.</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
<dt>More documentation</dt>
<dd>If you're having trouble with our
instructions or just want to learn more, check out <a
-href="https://www.enigmail.net/documentation/quickstart-ch2.php#id2533620">Enigmail's
-documentation</a>.</dd>
+href="https://www.enigmail.net/index.php/en/documentation">
+Enigmail's documentation</a>.</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
<dt>More resources</dt>
<dd>If you're still having trouble with our
instructions or just want to learn more, check out <a
-href="https://enigmail.wiki/Signature_and_Encryption#Encrypting_a_message">Enigmail's
-wiki</a>.</dd>
+href="https://enigmail.wiki/Signature_and_Encryption#Encrypting_a_message">
+Enigmail's wiki</a>.</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
send attachments, Enigmail will give you the choice to encrypt them or not,
independent of the actual email.</p>
+<p>For greater security against potential attacks, you can turn off
+HTML. Instead, you can render the message body as plain text.</p>
+
</div><!-- End .main -->
</div><!-- End #step-headers_unencrypted .step-->
<form enctype="application/x-www-form-urlencoded" action="/mk_path.cgi"
method="get">
-<p><strong>From:</strong><input type="text" placeholder="xD41A008"
+<p><strong>From:</strong><input type="text" value="xD41A008"
name="FROM"></p>
-<p><strong>To:</strong><input type="text" placeholder="50BD01x4" name="TO"></p>
+<p><strong>To:</strong><input type="text" value="50BD01x4" name="TO"></p>
<p class="buttons"><input type="submit" value="trust paths" name="PATHS"><input
type="reset" value="reset" name=".reset"></p>
wherever you share your email address, so that people can double-check that
they have the correct public key when they download yours from a keyserver.</p>
-<p class="notes">You may also see public keys referred to by their key ID,
-which is simply the last eight digits of the fingerprint, like C09A61E8 for
-Edward. The key ID is visible directly from the Key Management window. This
-key ID is like a person's first name (it is a useful shorthand but may not be
-unique to a given key), whereas the fingerprint actually identifies the key
-uniquely without the possibility of confusion. If you only have the key ID,
-you can still look up the key (as well as its fingerprint), like you did in
-Step 3, but if multiple options appear, you'll need the fingerprint of the
-person to whom you are trying to communicate to verify which one to use.</p>
+<p class="notes">You may also see public keys referred to by a shorter
+key ID. This key ID is visible directly from the Key Management
+window. These eight character key IDs were previously used for
+identification, which used to be safe, but is no longer reliable. You
+need to check the full fingerprint as part of verifying you have the
+correct key for the person you are trying to contact. Spoofing, in
+which someone intentionally generates a key with a fingerprint whose
+final eight characters are the same as another, is unfortunately
+common.</p>
</div><!-- End .main -->
</div><!-- End #step-identify_keys .step-->
this message encrypted."</p>
<p><b>When using GnuPG, make a habit of glancing at that bar. The program
-will warn you there if you get an email encrypted with a key that can't
+will warn you there if you get an email signed with a key that can't
be trusted.</b></p>
</div><!-- End .main -->
Attribution 4.0 license (or later version)</a>, and the rest of it is under
a <a href="https://creativecommons.org/licenses/by-sa/4.0">Creative Commons
Attribution-ShareAlike 4.0 license (or later version)</a>. Download the <a
-href="http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz">source
-code of Edward reply bot</a> by Andrew Engelbrecht
+href="http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz">
+source code of Edward reply bot</a> by Andrew Engelbrecht
<sudoman@ninthfloor.org> and Josh Drake <zamnedix@gnu.org>,
available under the GNU Affero General Public License. <a
href="http://www.gnu.org/licenses/license-list.html#OtherLicenses">Why these
alt="Journalism++" /></a></p><!-- /.credits -->
</div></footer><!-- End #footer -->
-<script src="//static.fsf.org/nosvn/enc-dev0/js/jquery-1.11.0.min.js"></script>
-<script src="//static.fsf.org/nosvn/enc-dev0/js/scripts.js"></script>
+<script type="text/javascript"
+src="//static.fsf.org/nosvn/enc-dev0/js/jquery-1.11.0.min.js"></script>
+<script type="text/javascript"
+src="//static.fsf.org/nosvn/enc-dev0/js/scripts.js"></script>
<!-- Piwik -->
-<script type="text/javascript" >
-// @license magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later
+<script type="text/javascript" ><!--
+// @license magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later
var pkBaseURL = (("https:" == document.location.protocol) ? "https://piwik.fsf.org/" : "http://piwik.fsf.org/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
try {
piwikTracker.enableLinkTracking();
} catch( err ) {}
// @license-end
-</script><noscript><p><img src="//piwik.fsf.org/piwik.php?idsite=13" style="border:0" alt="" /></p></noscript>
+--></script>
+<noscript><p><img
+src="//piwik.fsf.org/piwik.php?idsite=13" style="border:0"
+alt="" /></p></noscript>
<!-- End Piwik Tracking Code -->
-
</body>
</html>