1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the emailselfdefense package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
9 "Project-Id-Version: emailselfdefense 4.0\n"
10 "POT-Creation-Date: 2019-10-28 21:07+0100\n"
11 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: 8bit\n"
19 #. type: Attribute 'lang' of: <html>
23 #. type: Attribute 'content' of: <html><head><meta>
24 msgid "text/html; charset=utf-8"
27 #. type: Content of: <html><head><title>
28 msgid "Email Self-Defense - a guide to fighting surveillance with GnuPG encryption"
31 #. type: Attribute 'content' of: <html><head><meta>
32 msgid "GnuPG, GPG, openpgp, surveillance, privacy, email, Enigmail"
35 #. type: Attribute 'content' of: <html><head><meta>
37 "Email surveillance violates our fundamental rights and makes free speech "
38 "risky. This guide will teach you email self-defense in 40 minutes with "
42 #. type: Attribute 'content' of: <html><head><meta>
43 msgid "width=device-width, initial-scale=1"
46 #. type: Content of: <html><body><header><div><p>
48 "<strong>Please check your email for a confirmation link now. Thanks for "
49 "joining our list!</strong>"
52 #. type: Content of: <html><body><header><div><p>
54 "If you don't receive the confirmation link, send us an email at info@fsf.org "
55 "to be added manually."
58 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
62 #. type: Content of: <html><body><header><div><p>
63 msgid "Join us on microblogging services for day-to-day updates:"
66 #. type: Content of: <html><body><section><div><div><div><p><a>
67 msgid "<a href=\"https://status.fsf.org/fsf\">"
70 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
74 #. type: Content of: <html><body><section><div><div><div><p><a>
75 msgid " GNU Social</a> | <a href=\"http://microca.st/fsf\">"
78 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
82 #. type: Content of: <html><body><section><div><div><div><p>
84 " Pump.io</a> | <a "
85 "href=\"https://www.twitter.com/fsf\">Twitter</a>"
88 #. type: Content of: <html><body><header><div><p>
90 "<small><a href=\"https://www.fsf.org/twitter\">Read why GNU Social and "
91 "Pump.io are better than Twitter.</a></small>"
94 #. type: Content of: <html><body><header><div><p>
95 msgid "← Return to <a href=\"index.html\">Email Self-Defense</a>"
98 #. type: Content of: <html><body><footer><div><div><h4><a>
99 msgid "<a href=\"https://u.fsf.org/ys\">"
102 #. type: Attribute 'alt' of: <html><body><footer><div><div><h4><a><img>
103 msgid "Free Software Foundation"
106 #. type: Content of: <html><body><footer><div><p>
110 #. type: Content of: <html><body><footer><div><div><p>
112 "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software "
113 "Foundation</a>, Inc. <a "
114 "href=\"https://my.fsf.org/donate/privacypolicy.html\">Privacy "
115 "Policy</a>. Please support our work by <a "
116 "href=\"https://u.fsf.org/yr\">joining us as an associate member.</a>"
119 #. type: Content of: <html><body><footer><div><div><p>
121 "The images on this page are under a <a "
122 "href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons "
123 "Attribution 4.0 license (or later version)</a>, and the rest of it is under "
124 "a <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative "
125 "Commons Attribution-ShareAlike 4.0 license (or later version)</a>. Download "
127 "href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> "
128 "source code of Edward reply bot</a> by Andrew Engelbrecht "
129 "<sudoman@ninthfloor.org> and Josh Drake <zamnedix@gnu.org>, "
130 "available under the GNU Affero General Public License. <a "
131 "href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Why "
132 "these licenses?</a>"
135 #. type: Content of: <html><body><footer><div><div><p>
137 "Fonts used in the guide & infographic: <a "
138 "href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo "
140 "href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna "
142 "href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo "
143 "Narrow</a> by Omnibus-Type, <a "
144 "href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> "
148 #. type: Content of: <html><body><footer><div><div><p>
150 "Download the <a href=\"emailselfdefense_source.zip\">source package</a> for "
151 "this guide, including fonts, image source files and the text of Edward's "
155 #. type: Content of: <html><body><footer><div><div><p>
157 "This site uses the Weblabels standard for labeling <a "
158 "href=\"https://www.fsf.org/campaigns/freejs\">free JavaScript</a>. View the "
159 "JavaScript <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" "
160 "rel=\"jslicense\">source code and license information</a>."
163 #. type: Content of: <html><body><footer><div><p><a>
165 "Infographic and guide design by <a rel=\"external\" "
166 "href=\"http://jplusplus.org\"><strong>Journalism++</strong>"
169 #. type: Attribute 'alt' of: <html><body><footer><div><p><a><img>
173 #. type: Content of: <html><body><header><div><h1>
174 msgid "Email Self-Defense"
177 #. type: Content of: <html><body><header><div><ul><li>
178 msgid "<a class=\"current\" href=\"/en\">English - v4.0</a>"
181 #. type: Content of: <html><body><header><div><ul><li>
182 msgid "<a href=\"/ar\">العربية <span class=\"tip\">tip</span></a>"
185 #. type: Content of: <html><body><header><div><ul><li>
186 msgid "<a href=\"/cs\">čeština - v4.0</a>"
189 #. type: Content of: <html><body><header><div><ul><li>
190 msgid "<a href=\"/de\">Deutsch - v4.0</a>"
193 #. type: Content of: <html><body><header><div><ul><li>
194 msgid "<a href=\"/el\">ελληνικά - v3.0</a>"
197 #. type: Content of: <html><body><header><div><ul><li>
198 msgid "<a href=\"/es\">español - v4.0</a>"
201 #. type: Content of: <html><body><header><div><ul><li>
202 msgid "<a href=\"/fa\">فارسی - v4.0</a>"
205 #. type: Content of: <html><body><header><div><ul><li>
206 msgid "<a href=\"/fr\">français - v4.0</a>"
209 #. type: Content of: <html><body><header><div><ul><li>
210 msgid "<a href=\"/it\">italiano - v3.0</a>"
213 #. type: Content of: <html><body><header><div><ul><li>
214 msgid "<a href=\"/ja\">日本語 - v4.0</a>"
217 #. type: Content of: <html><body><header><div><ul><li>
218 msgid "<a href=\"/ko\">한국어 <span class=\"tip\">tip</span></a>"
221 #. type: Content of: <html><body><header><div><ul><li>
222 msgid "<a href=\"/ml\">മലയാളം <span class=\"tip\">tip</span></a>"
225 #. type: Content of: <html><body><header><div><ul><li>
226 msgid "<a href=\"/pt-br\">português do Brasil - v3.0</a>"
229 #. type: Content of: <html><body><header><div><ul><li>
230 msgid "<a href=\"/ro\">română - v3.0</a>"
233 #. type: Content of: <html><body><header><div><ul><li>
234 msgid "<a href=\"/ru\">русский - v4.0</a>"
237 #. type: Content of: <html><body><header><div><ul><li>
238 msgid "<a href=\"/sq\">Shqip - v4.0</a>"
241 #. type: Content of: <html><body><header><div><ul><li>
242 msgid "<a href=\"/sv\">svenska - v4.0</a>"
245 #. type: Content of: <html><body><header><div><ul><li>
246 msgid "<a href=\"/tr\">Türkçe - v4.0</a>"
249 #. type: Content of: <html><body><header><div><ul><li>
250 msgid "<a href=\"/zh-hans\">简体中文 - v4.0</a>"
253 #. type: Content of: <html><body><header><div><ul><li>
255 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Translation_Guide\"> "
256 "<strong><span style=\"color: #2F5FAA;\">Translate!</span></strong></a>"
259 #. type: Content of: <html><body><header><div><ul><li>
260 msgid "<a href=\"index.html\" class=\"current\">GNU/Linux</a>"
263 #. type: Content of: <html><body><header><div><ul><li>
264 msgid "<a href=\"mac.html\">Mac OS</a>"
267 #. type: Content of: <html><body><header><div><ul><li>
268 msgid "<a href=\"windows.html\">Windows</a>"
271 #. type: Content of: <html><body><header><div><ul><li>
272 msgid "<a href=\"workshops.html\">Teach your friends</a>"
275 #. type: Content of: <html><body><header><div><ul><li><a>
277 "<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email "
278 "encryption for everyone via %40fsf\"> Share "
281 #. type: Content of: <html><body><header><div><ul><li><a>
285 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
289 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
290 msgid "[Hacker News]"
293 #. type: Content of: <html><body><header><div><div><h3><a>
294 msgid "<a href=\"http://u.fsf.org/ys\">"
297 #. type: Content of: <html><body><header><div><div><div><p>
299 "We fight for computer users' rights, and promote the development of free (as "
300 "in freedom) software. Resisting bulk surveillance is very important to us."
303 #. type: Content of: <html><body><header><div><div><div><p>
305 "<strong>Please donate to support Email Self-Defense. We need to keep "
306 "improving it, and making more materials, for the benefit of people around "
307 "the world taking the first step towards protecting their privacy.</strong>"
310 #. type: Content of: <html><body><header><div><div><p><a>
313 "href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate\">"
316 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
320 #. type: Content of: <html><body><header><div><div><p><a>
321 msgid "<a id=\"infographic\" href=\"infographic.html\">"
324 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
325 msgid "View & share our infographic →"
328 #. type: Content of: <html><body><header><div><div><p>
330 "</a> Bulk surveillance violates our fundamental rights and makes free speech "
331 "risky. This guide will teach you a basic surveillance self-defense skill: "
332 "email encryption. Once you've finished, you'll be able to send and receive "
333 "emails that are scrambled to make sure a surveillance agent or thief "
334 "intercepting your email can't read them. All you need is a computer with an "
335 "Internet connection, an email account, and about forty minutes."
338 #. type: Content of: <html><body><header><div><div><p>
340 "Even if you have nothing to hide, using encryption helps protect the privacy "
341 "of people you communicate with, and makes life difficult for bulk "
342 "surveillance systems. If you do have something important to hide, you're in "
343 "good company; these are the same tools that whistleblowers use to protect "
344 "their identities while shining light on human rights abuses, corruption and "
348 #. type: Content of: <html><body><header><div><div><p>
350 "In addition to using encryption, standing up to surveillance requires "
351 "fighting politically for a <a "
352 "href=\"http://gnu.org/philosophy/surveillance-vs-democracy.html\">reduction "
353 "in the amount of data collected on us</a>, but the essential first step is "
354 "to protect yourself and make surveillance of your communication as difficult "
355 "as possible. This guide helps you do that. It is designed for beginners, but "
356 "if you already know the basics of GnuPG or are an experienced free software "
357 "user, you'll enjoy the advanced tips and the <a "
358 "href=\"workshops.html\">guide to teaching your friends</a>."
361 #. type: Content of: <html><body><section><div><div><h2>
362 msgid "<em>#1</em> Get the pieces"
365 #. type: Content of: <html><body><section><div><div><p>
367 "This guide relies on software which is <a "
368 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
369 "it's completely transparent and anyone can copy it or make their own "
370 "version. This makes it safer from surveillance than proprietary software "
371 "(like Windows). Learn more about free software at <a "
372 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
375 #. type: Content of: <html><body><section><div><div><p>
377 "Most GNU/Linux operating systems come with GnuPG installed on them, so you "
378 "don't have to download it. Before configuring GnuPG though, you'll need the "
379 "IceDove desktop email program installed on your computer. Most GNU/Linux "
380 "distributions have IceDove installed already, though it may be under the "
381 "alternate name \"Thunderbird.\" Email programs are another way to access the "
382 "same email accounts you can access in a browser (like Gmail), but provide "
386 #. type: Content of: <html><body><section><div><div><p>
388 "If you already have an email program, you can skip to <a "
389 "href=\"#step-1b\">Step 1.b</a>."
392 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
393 msgid "Step 1.A: Install Wizard"
396 #. type: Content of: <html><body><section><div><div><div><h3>
397 msgid "<em>Step 1.a</em> Set up your email program with your email account"
400 #. type: Content of: <html><body><section><div><div><div><p>
402 "Open your email program and follow the wizard (step-by-step walkthrough) "
403 "that sets it up with your email account."
406 #. type: Content of: <html><body><section><div><div><div><p>
408 "Look for the letters SSL, TLS, or STARTTLS to the right of the servers when "
409 "you're setting up your account. If you don't see them, you will still be "
410 "able to use encryption, but this means that the people running your email "
411 "system are running behind the industry standard in protecting your security "
412 "and privacy. We recommend that you send them a friendly email asking them to "
413 "enable SSL, TLS, or STARTTLS for your email server. They will know what "
414 "you're talking about, so it's worth making the request even if you aren't an "
415 "expert on these security systems."
418 #. type: Content of: <html><body><section><div><div><div><div><h4>
419 msgid "Troubleshooting"
422 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
423 msgid "The wizard doesn't launch"
426 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
428 "You can launch the wizard yourself, but the menu option for doing so is "
429 "named differently in each email program. The button to launch it will be in "
430 "the program's main menu, under \"New\" or something similar, titled "
431 "something like \"Add account\" or \"New/Existing email account.\""
434 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
435 msgid "The wizard can't find my account or isn't downloading my mail"
438 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
440 "Before searching the Web, we recommend you start by asking other people who "
441 "use your email system, to figure out the correct settings."
444 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
445 msgid "Don't see a solution to your problem?"
448 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
450 "Please let us know on the <a "
451 "href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">feedback "
455 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
456 msgid "Step 1.B: Tools -> Add-ons"
459 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
460 msgid "Step 1.B: Search Add-ons"
463 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
464 msgid "Step 1.B: Install Add-ons"
467 #. type: Content of: <html><body><section><div><div><div><h3>
468 msgid "<em>Step 1.b</em> Install the Enigmail plugin for your email program"
471 #. type: Content of: <html><body><section><div><div><div><p>
473 "In your email program's menu, select Add-ons (it may be in the Tools "
474 "section). Make sure Extensions is selected on the left. Do you see Enigmail? "
475 "Make sure it's the latest version. If so, skip this step."
478 #. type: Content of: <html><body><section><div><div><div><p>
480 "If not, search \"Enigmail\" with the search bar in the upper right. You can "
481 "take it from here. Restart your email program when you're done."
484 #. type: Content of: <html><body><section><div><div><div><p>
486 "There are major security flaws in versions of GnuPG prior to 2.2.8, and "
487 "Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, "
491 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
492 msgid "I can't find the menu."
495 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
497 "In many new email programs, the main menu is represented by an image of "
498 "three stacked horizontal bars."
501 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
502 msgid "My email looks weird"
505 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
507 "Enigmail doesn't tend to play nice with HTML, which is used to format "
508 "emails, so it may disable your HTML formatting automatically. To send an "
509 "HTML-formatted email without encryption or a signature, hold down the Shift "
510 "key when you select compose. You can then write an email as if Enigmail "
514 #. type: Content of: <html><body><section><div><div><h2>
515 msgid "<em>#2</em> Make your keys"
518 #. type: Content of: <html><body><section><div><div><p>
520 "To use the GnuPG system, you'll need a public key and a private key (known "
521 "together as a keypair). Each is a long string of randomly generated numbers "
522 "and letters that are unique to you. Your public and private keys are linked "
523 "together by a special mathematical function."
526 #. type: Content of: <html><body><section><div><div><p>
528 "Your public key isn't like a physical key, because it's stored in the open "
529 "in an online directory called a keyserver. People download it and use it, "
530 "along with GnuPG, to encrypt emails they send to you. You can think of the "
531 "keyserver as a phonebook; people who want to send you encrypted email can "
532 "look up your public key."
535 #. type: Content of: <html><body><section><div><div><p>
537 "Your private key is more like a physical key, because you keep it to "
538 "yourself (on your computer). You use GnuPG and your private key together to "
539 "descramble encrypted emails other people send to you. <span "
540 "style=\"font-weight: bold;\">You should never share your private key with "
541 "anyone, under any circumstances.</span>"
544 #. type: Content of: <html><body><section><div><div><p>
546 "In addition to encryption and decryption, you can also use these keys to "
547 "sign messages and check the authenticity of other people's signatures. We'll "
548 "discuss this more in the next section."
551 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
552 msgid "Step 2.A: Make a Keypair"
555 #. type: Content of: <html><body><section><div><div><div><h3>
556 msgid "<em>Step 2.a</em> Make a keypair"
559 #. type: Content of: <html><body><section><div><div><div><p>
561 "The Enigmail Setup wizard may start automatically. If it doesn't, select "
562 "Enigmail → Setup Wizard from your email program's menu. You don't need "
563 "to read the text in the window that pops up unless you'd like to, but it's "
564 "good to read the text on the later screens of the wizard. Click Next with "
565 "the default options selected, except in these instances, which are listed in "
566 "the order they appear:"
569 #. type: Content of: <html><body><section><div><div><div><ul><li>
571 "On the screen titled \"Encryption,\" select \"Encrypt all of my messages by "
572 "default, because privacy is critical to me.\""
575 #. type: Content of: <html><body><section><div><div><div><ul><li>
577 "On the screen titled \"Signing,\" select \"Don't sign my messages by "
581 #. type: Content of: <html><body><section><div><div><div><ul><li>
583 "On the screen titled \"Key Selection,\" select \"I want to create a new key "
584 "pair for signing and encrypting my email.\""
587 #. type: Content of: <html><body><section><div><div><div><ul><li>
589 "On the screen titled \"Create Key,\" pick a strong password! You can do it "
590 "manually, or you can use the Diceware method. Doing it manually is faster "
591 "but not as secure. Using Diceware takes longer and requires dice, but "
592 "creates a password that is much harder for attackers to figure out. To use "
593 "it, read the section \"Make a secure passphrase with Diceware\" in <a "
594 "href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\"> "
595 "this article</a> by Micah Lee."
598 #. type: Content of: <html><body><section><div><div><div><p>
600 "If you'd like to pick a password manually, come up with something you can "
601 "remember which is at least twelve characters long, and includes at least one "
602 "lower case and upper case letter and at least one number or punctuation "
603 "symbol. Never pick a password you've used elsewhere. Don't use any "
604 "recognizable patterns, such as birthdays, telephone numbers, pets' names, "
605 "song lyrics, quotes from books, and so on."
608 #. type: Content of: <html><body><section><div><div><div><p>
610 "The program will take a little while to finish the next step, the \"Key "
611 "Creation\" screen. While you wait, do something else with your computer, "
612 "like watching a movie or browsing the Web. The more you use the computer at "
613 "this point, the faster the key creation will go."
616 #. type: Content of: <html><body><section><div><div><div><p>
618 "<span style=\"font-weight: bold;\">When the \"Key Generation Completed\" "
619 "screen pops up, select Generate Certificate and choose to save it in a safe "
620 "place on your computer (we recommend making a folder called \"Revocation "
621 "Certificate\" in your home folder and keeping it there). This step is "
622 "essential for your email self-defense, as you'll learn more about in <a "
623 "href=\"#section5\">Section 5</a>.</span>"
626 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
627 msgid "I can't find the Enigmail menu."
630 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
632 "In many new email programs, the main menu is represented by an image of "
633 "three stacked horizontal bars. Enigmail may be inside a section called "
637 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
638 msgid "The wizard says that it cannot find GnuPG."
641 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
643 "Open whatever program you usually use for installing software, and search "
644 "for GnuPG, then install it. Then restart the Enigmail setup wizard by going "
645 "to Enigmail → Setup Wizard."
648 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
649 msgid "More resources"
652 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
654 "If you're having trouble with our instructions or just want to learn more, "
656 "href=\"https://www.enigmail.net/documentation/Key_Management#Generating_your_own_key_pair\"> "
657 "Enigmail's wiki instructions for key generation</a>."
660 #. type: Content of: <html><body><section><div><div><div><div><h4>
664 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
665 msgid "Command line key generation"
668 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
670 "If you prefer using the command line for a higher degree of control, you can "
671 "follow the documentation from <a "
672 "href=\"https://www.gnupg.org/gph/en/manual/c14.html#AEN25\">The GNU Privacy "
673 "Handbook</a>. Make sure you stick with \"RSA and RSA\" (the default), "
674 "because it's newer and more secure than the algorithms the documentation "
675 "recommends. Also make sure your key is at least 2048 bits, or 4096 if you "
676 "want to be extra secure."
679 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
680 msgid "Advanced key pairs"
683 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
685 "When GnuPG creates a new keypair, it compartmentalizes the encryption "
686 "function from the signing function through <a "
687 "href=\"https://wiki.debian.org/Subkeys\">subkeys</a>. If you use subkeys "
688 "carefully, you can keep your GnuPG identity much more secure and recover "
689 "from a compromised key much more quickly. <a "
690 "href=\"https://alexcabal.com/creating-the-perfect-gpg-keypair/\">Alex "
691 "Cabal</a> and <a href=\"http://keyring.debian.org/creating-key.html\">the "
692 "Debian wiki</a> provide good guides for setting up a secure subkey "
696 #. type: Content of: <html><body><section><div><div><div><h3>
697 msgid "<em>Step 2.b</em> Upload your public key to a keyserver"
700 #. type: Content of: <html><body><section><div><div><div><p>
701 msgid "In your email program's menu, select Enigmail → Key Management."
704 #. type: Content of: <html><body><section><div><div><div><p>
706 "Right click on your key and select Upload Public Keys to Keyserver. You "
707 "don't have to use the default keyserver. If, after research, you would like "
708 "to change to a different default keyserver, you can change that setting "
709 "manually in the Enigmail preferences."
712 #. type: Content of: <html><body><section><div><div><div><p>
714 "Now someone who wants to send you an encrypted message can download your "
715 "public key from the Internet. There are multiple keyservers that you can "
716 "select from the menu when you upload, but they are all copies of each other, "
717 "so it doesn't matter which one you use. However, it sometimes takes a few "
718 "hours for them to match each other when a new key is uploaded."
721 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
722 msgid "The progress bar never finishes"
725 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
727 "Close the upload popup, make sure you are connected to the Internet, and try "
728 "again. If that doesn't work, try again, selecting a different keyserver."
731 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
732 msgid "My key doesn't appear in the list"
735 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
736 msgid "Try checking \"Display All Keys by Default.\""
739 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
740 msgid "More documentation"
743 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
745 "If you're having trouble with our instructions or just want to learn more, "
747 "href=\"https://www.enigmail.net/documentation/Key_Management#Distributing_your_public_key\"> "
748 "Enigmail's documentation</a>."
751 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
752 msgid "Uploading a key from the command line"
755 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
757 "You can also upload your keys to a keyserver through the <a "
758 "href=\"https://www.gnupg.org/gph/en/manual/x457.html\">command line</a>. <a "
759 "href=\"https://sks-keyservers.net/overview-of-pools.php\">The sks Web "
760 "site</a> maintains a list of highly interconnected keyservers. You can also "
761 "<a href=\"https://www.gnupg.org/gph/en/manual/x56.html#AEN64\">directly "
762 "export your key</a> as a file on your computer."
765 #. type: Content of: <html><body><section><div><div><div><h3>
766 msgid "GnuPG, OpenPGP, what?"
769 #. type: Content of: <html><body><section><div><div><div><p>
771 "In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP are "
772 "used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the "
773 "encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) "
774 "is the program that implements the standard. Enigmail is a plug-in program "
775 "for your email program that provides an interface for GnuPG."
778 #. type: Content of: <html><body><section><div><div><h2>
779 msgid "<em>#3</em> Try it out!"
782 #. type: Content of: <html><body><section><div><div><p>
784 "Now you'll try a test correspondence with a computer program named Edward, "
785 "who knows how to use encryption. Except where noted, these are the same "
786 "steps you'd follow when corresponding with a real, live person."
789 #. type: Content of: <html><body><section><div><div><div><h3>
790 msgid "<em>Step 3.a</em> Send Edward your public key"
793 #. type: Content of: <html><body><section><div><div><div><p>
795 "This is a special step that you won't have to do when corresponding with "
796 "real people. In your email program's menu, go to Enigmail → Key "
797 "Management. You should see your key in the list that pops up. Right click on "
798 "your key and select Send Public Keys by Email. This will create a new draft "
799 "message, as if you had just hit the Write button."
802 #. type: Content of: <html><body><section><div><div><div><p>
804 "Address the message to <a "
805 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Put at least one "
806 "word (whatever you want) in the subject and body of the email. Don't send "
810 #. type: Content of: <html><body><section><div><div><div><p>
812 "The lock icon in the top left should be yellow, meaning encryption is turned "
813 "on. We want this first special message to be unencrypted, so click the icon "
814 "once to turn it off. The lock should become grey, with a blue dot on it (to "
815 "alert you that the setting has been changed from the default). Once "
816 "encryption is off, hit Send."
819 #. type: Content of: <html><body><section><div><div><div><p>
821 "It may take two or three minutes for Edward to respond. In the meantime, you "
822 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
823 "Well</a> section of this guide. Once he's responded, head to the next "
824 "step. From here on, you'll be doing just the same thing as when "
825 "corresponding with a real person."
828 #. type: Content of: <html><body><section><div><div><div><p>
830 "When you open Edward's reply, GnuPG may prompt you for your password before "
831 "using your private key to decrypt it."
834 #. type: Content of: <html><body><section><div><div><div><h3>
835 msgid "<em>Step 3.b</em> Send a test encrypted email"
838 #. type: Content of: <html><body><section><div><div><div><p>
840 "Write a new email in your email program, addressed to <a "
841 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Make the subject "
842 "\"Encryption test\" or something similar and write something in the body."
845 #. type: Content of: <html><body><section><div><div><div><p>
847 "The lock icon in the top left of the window should be yellow, meaning "
848 "encryption is on. This will be your default from now on."
851 #. type: Content of: <html><body><section><div><div><div><p>
853 "Next to the lock, you'll notice an icon of a pencil. We'll get to this in a "
857 #. type: Content of: <html><body><section><div><div><div><p>
859 "Click Send. Enigmail will pop up a window that says \"Recipients not valid, "
860 "not trusted or not found.\""
863 #. type: Content of: <html><body><section><div><div><div><p>
865 "To encrypt an email to Edward, you need his public key, so now you'll have "
866 "Enigmail download it from a keyserver. Click Download Missing Keys and use "
867 "the default in the pop-up that asks you to choose a keyserver. Once it finds "
868 "keys, check the first one (Key ID starting with C), then select ok. Select "
869 "ok in the next pop-up."
872 #. type: Content of: <html><body><section><div><div><div><p>
874 "Now you are back at the \"Recipients not valid, not trusted or not found\" "
875 "screen. Check the box in front of Edward's key and click Send."
878 #. type: Content of: <html><body><section><div><div><div><p>
880 "Since you encrypted this email with Edward's public key, Edward's private "
881 "key is required to decrypt it. Edward is the only one with his private key, "
882 "so no one except him can decrypt it."
885 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
886 msgid "Enigmail can't find Edward's key"
889 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
891 "Close the pop-ups that have appeared since you clicked Send. Make sure you "
892 "are connected to the Internet and try again. If that doesn't work, repeat "
893 "the process, choosing a different keyserver when it asks you to pick one."
896 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
897 msgid "Unscrambled messages in the Sent folder"
900 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
902 "Even though you can't decrypt messages encrypted to someone else's key, your "
903 "email program will automatically save a copy encrypted to your public key, "
904 "which you'll be able to view from the Sent folder like a normal email. This "
905 "is normal, and it doesn't mean that your email was not sent encrypted."
908 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
910 "If you're still having trouble with our instructions or just want to learn "
911 "more, check out <a "
912 "href=\"https://www.enigmail.net/documentation/Signature_and_Encryption#Encrypting_a_message\"> "
913 "Enigmail's wiki</a>."
916 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
917 msgid "Encrypt messages from the command line"
920 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
922 "You can also encrypt and decrypt messages and files from the <a "
923 "href=\"https://www.gnupg.org/gph/en/manual/x110.html\">command line</a>, if "
924 "that's your preference. The option --armor makes the encrypted output appear "
925 "in the regular character set."
928 #. type: Content of: <html><body><section><div><div><div><h3>
929 msgid "<em>Important:</em> Security tips"
932 #. type: Content of: <html><body><section><div><div><div><p>
934 "Even if you encrypt your email, the subject line is not encrypted, so don't "
935 "put private information there. The sending and receiving addresses aren't "
936 "encrypted either, so a surveillance system can still figure out who you're "
937 "communicating with. Also, surveillance agents will know that you're using "
938 "GnuPG, even if they can't figure out what you're saying. When you send "
939 "attachments, Enigmail will give you the choice to encrypt them or not, "
940 "independent of the actual email."
943 #. type: Content of: <html><body><section><div><div><div><p>
945 "For greater security against potential attacks, you can turn off "
946 "HTML. Instead, you can render the message body as plain text. In order to do "
947 "this in Thunderbird, go to View > Message Body As > Plain Text."
950 #. type: Content of: <html><body><section><div><div><div><h3>
951 msgid "<em>Step 3.c</em> Receive a response"
954 #. type: Content of: <html><body><section><div><div><div><p>
956 "When Edward receives your email, he will use his private key to decrypt it, "
960 #. type: Content of: <html><body><section><div><div><div><p>
962 "It may take two or three minutes for Edward to respond. In the meantime, you "
963 "might want to skip ahead and check out the <a href=\"#section5\">Use it "
964 "Well</a> section of this guide."
967 #. type: Content of: <html><body><section><div><div><div><h3>
968 msgid "<em>Step 3.d</em> Send a test signed email"
971 #. type: Content of: <html><body><section><div><div><div><p>
973 "GnuPG includes a way for you to sign messages and files, verifying that they "
974 "came from you and that they weren't tampered with along the way. These "
975 "signatures are stronger than their pen-and-paper cousins -- they're "
976 "impossible to forge, because they're impossible to create without your "
977 "private key (another reason to keep your private key safe)."
980 #. type: Content of: <html><body><section><div><div><div><p>
982 "You can sign messages to anyone, so it's a great way to make people aware "
983 "that you use GnuPG and that they can communicate with you securely. If they "
984 "don't have GnuPG, they will be able to read your message and see your "
985 "signature. If they do have GnuPG, they'll also be able to verify that your "
986 "signature is authentic."
989 #. type: Content of: <html><body><section><div><div><div><p>
991 "To sign an email to Edward, compose any message to him and click the pencil "
992 "icon next to the lock icon so that it turns gold. If you sign a message, "
993 "GnuPG may ask you for your password before it sends the message, because it "
994 "needs to unlock your private key for signing."
997 #. type: Content of: <html><body><section><div><div><div><p>
999 "With the lock and pencil icons, you can choose whether each message will be "
1000 "encrypted, signed, both, or neither."
1003 #. type: Content of: <html><body><section><div><div><div><h3>
1004 msgid "<em>Step 3.e</em> Receive a response"
1007 #. type: Content of: <html><body><section><div><div><div><p>
1009 "When Edward receives your email, he will use your public key (which you sent "
1010 "him in <a href=\"#step-3a\">Step 3.A</a>) to verify the message you sent has "
1011 "not been tampered with and to encrypt his reply to you."
1014 #. type: Content of: <html><body><section><div><div><div><p>
1016 "Edward's reply will arrive encrypted, because he prefers to use encryption "
1017 "whenever possible. If everything goes according to plan, it should say "
1018 "\"Your signature was verified.\" If your test signed email was also "
1019 "encrypted, he will mention that first."
1022 #. type: Content of: <html><body><section><div><div><div><p>
1024 "When you receive Edward's email and open it, Enigmail will automatically "
1025 "detect that it is encrypted with your public key, and then it will use your "
1026 "private key to decrypt it."
1029 #. type: Content of: <html><body><section><div><div><div><p>
1031 "Notice the bar that Enigmail shows you above the message, with information "
1032 "about the status of Edward's key."
1035 #. type: Content of: <html><body><section><div><div><h2>
1036 msgid "<em>#4</em> Learn the Web of Trust"
1039 #. type: Content of: <html><body><section><div><div><p>
1041 "Email encryption is a powerful technology, but it has a weakness; it "
1042 "requires a way to verify that a person's public key is actually "
1043 "theirs. Otherwise, there would be no way to stop an attacker from making an "
1044 "email address with your friend's name, creating keys to go with it and "
1045 "impersonating your friend. That's why the free software programmers that "
1046 "developed email encryption created keysigning and the Web of Trust."
1049 #. type: Content of: <html><body><section><div><div><p>
1051 "When you sign someone's key, you are publicly saying that you've verified "
1052 "that it belongs to them and not someone else."
1055 #. type: Content of: <html><body><section><div><div><p>
1057 "Signing keys and signing messages use the same type of mathematical "
1058 "operation, but they carry very different implications. It's a good practice "
1059 "to generally sign your email, but if you casually sign people's keys, you "
1060 "may accidently end up vouching for the identity of an imposter."
1063 #. type: Content of: <html><body><section><div><div><p>
1065 "People who use your public key can see who has signed it. Once you've used "
1066 "GnuPG for a long time, your key may have hundreds of signatures. You can "
1067 "consider a key to be more trustworthy if it has many signatures from people "
1068 "that you trust. The Web of Trust is a constellation of GnuPG users, "
1069 "connected to each other by chains of trust expressed through signatures."
1072 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1073 msgid "Section 4: Web of Trust"
1076 #. type: Content of: <html><body><section><div><div><div><h3>
1077 msgid "<em>Step 4.a</em> Sign a key"
1080 #. type: Content of: <html><body><section><div><div><div><p>
1081 msgid "In your email program's menu, go to Enigmail → Key Management."
1084 #. type: Content of: <html><body><section><div><div><div><p>
1086 "Right click on Edward's public key and select Sign Key from the context "
1090 #. type: Content of: <html><body><section><div><div><div><p>
1091 msgid "In the window that pops up, select \"I will not answer\" and click ok."
1094 #. type: Content of: <html><body><section><div><div><div><p>
1096 "Now you should be back at the Key Management menu. Select Keyserver → "
1097 "Upload Public Keys and hit ok."
1100 #. type: Content of: <html><body><section><div><div><div><p>
1102 "You've just effectively said \"I trust that Edward's public key actually "
1103 "belongs to Edward.\" This doesn't mean much because Edward isn't a real "
1104 "person, but it's good practice."
1107 #. type: Content of: <html><body><section><div><div><div><h3>
1108 msgid "Identifying keys: Fingerprints and IDs"
1111 #. type: Content of: <html><body><section><div><div><div><p>
1113 "People's public keys are usually identified by their key fingerprint, which "
1114 "is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 (for "
1115 "Edward's key). You can see the fingerprint for your public key, and other "
1116 "public keys saved on your computer, by going to Enigmail → Key "
1117 "Management in your email program's menu, then right clicking on the key and "
1118 "choosing Key Properties. It's good practice to share your fingerprint "
1119 "wherever you share your email address, so that people can double-check that "
1120 "they have the correct public key when they download yours from a keyserver."
1123 #. type: Content of: <html><body><section><div><div><div><p>
1125 "You may also see public keys referred to by a shorter key ID. This key ID is "
1126 "visible directly from the Key Management window. These eight character key "
1127 "IDs were previously used for identification, which used to be safe, but is "
1128 "no longer reliable. You need to check the full fingerprint as part of "
1129 "verifying you have the correct key for the person you are trying to "
1130 "contact. Spoofing, in which someone intentionally generates a key with a "
1131 "fingerprint whose final eight characters are the same as another, is "
1132 "unfortunately common."
1135 #. type: Content of: <html><body><section><div><div><div><h3>
1136 msgid "<em>Important:</em> What to consider when signing keys"
1139 #. type: Content of: <html><body><section><div><div><div><p>
1141 "Before signing a person's key, you need to be confident that it actually "
1142 "belongs to them, and that they are who they say they are. Ideally, this "
1143 "confidence comes from having interactions and conversations with them over "
1144 "time, and witnessing interactions between them and others. Whenever signing "
1145 "a key, ask to see the full public key fingerprint, and not just the shorter "
1146 "key ID. If you feel it's important to sign the key of someone you've just "
1147 "met, also ask them to show you their government identification, and make "
1148 "sure the name on the ID matches the name on the public key. In Enigmail, "
1149 "answer honestly in the window that pops up and asks \"How carefully have you "
1150 "verified that the key you are about to sign actually belongs to the "
1151 "person(s) named above?\""
1154 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1155 msgid "Master the Web of Trust"
1158 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1160 "Unfortunately, trust does not spread between users the way <a "
1161 "href=\"http://fennetic.net/irc/finney.org/~hal/web_of_trust.html\">many "
1162 "people think</a>. One of best ways to strengthen the GnuPG community is to "
1164 "href=\"https://www.gnupg.org/gph/en/manual/x334.html\">understand</a> the "
1165 "Web of Trust and to carefully sign as many people's keys as circumstances "
1169 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1170 msgid "Set ownertrust"
1173 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1175 "If you trust someone enough to validate other people's keys, you can assign "
1176 "them an ownertrust level through Enigmails's key management window. Right "
1177 "click on the other person's key, go to the \"Select Owner Trust\" menu "
1178 "option, select the trustlevel and click OK. Only do this once you feel you "
1179 "have a deep understanding of the Web of Trust."
1182 #. type: Content of: <html><body><section><div><div><h2>
1183 msgid "<em>#5</em> Use it well"
1186 #. type: Content of: <html><body><section><div><div><p>
1188 "Everyone uses GnuPG a little differently, but it's important to follow some "
1189 "basic practices to keep your email secure. Not following them, you risk the "
1190 "privacy of the people you communicate with, as well as your own, and damage "
1194 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1195 msgid "Section 5: Use it Well (1)"
1198 #. type: Content of: <html><body><section><div><div><div><h3>
1199 msgid "When should I encrypt? When should I sign?"
1202 #. type: Content of: <html><body><section><div><div><div><p>
1204 "The more you can encrypt your messages, the better. If you only encrypt "
1205 "emails occasionally, each encrypted message could raise a red flag for "
1206 "surveillance systems. If all or most of your email is encrypted, people "
1207 "doing surveillance won't know where to start. That's not to say that only "
1208 "encrypting some of your email isn't helpful -- it's a great start and it "
1209 "makes bulk surveillance more difficult."
1212 #. type: Content of: <html><body><section><div><div><div><p>
1214 "Unless you don't want to reveal your own identity (which requires other "
1215 "protective measures), there's no reason not to sign every message, whether "
1216 "or not you are encrypting. In addition to allowing those with GnuPG to "
1217 "verify that the message came from you, signing is a non-intrusive way to "
1218 "remind everyone that you use GnuPG and show support for secure "
1219 "communication. If you often send signed messages to people that aren't "
1220 "familiar with GnuPG, it's nice to also include a link to this guide in your "
1221 "standard email signature (the text kind, not the cryptographic kind)."
1224 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1225 msgid "Section 5: Use it Well (2)"
1228 #. type: Content of: <html><body><section><div><div><div><h3>
1229 msgid "Be wary of invalid keys"
1232 #. type: Content of: <html><body><section><div><div><div><p>
1234 "GnuPG makes email safer, but it's still important to watch out for invalid "
1235 "keys, which might have fallen into the wrong hands. Email encrypted with "
1236 "invalid keys might be readable by surveillance programs."
1239 #. type: Content of: <html><body><section><div><div><div><p>
1241 "In your email program, go back to the first encrypted email that Edward sent "
1242 "you. Because Edward encrypted it with your public key, it will have a "
1243 "message from Enigmail at the top, which most likely says \"Enigmail: Part of "
1244 "this message encrypted.\""
1247 #. type: Content of: <html><body><section><div><div><div><p>
1249 "<b>When using GnuPG, make a habit of glancing at that bar. The program will "
1250 "warn you there if you get an email signed with a key that can't be "
1254 #. type: Content of: <html><body><section><div><div><div><h3>
1255 msgid "Copy your revocation certificate to somewhere safe"
1258 #. type: Content of: <html><body><section><div><div><div><p>
1260 "Remember when you created your keys and saved the revocation certificate "
1261 "that GnuPG made? It's time to copy that certificate onto the safest digital "
1262 "storage that you have -- the ideal thing is a flash drive, disk, or hard "
1263 "drive stored in a safe place in your home, not on a device you carry with "
1267 #. type: Content of: <html><body><section><div><div><div><p>
1269 "If your private key ever gets lost or stolen, you'll need this certificate "
1270 "file to let people know that you are no longer using that keypair."
1273 #. type: Content of: <html><body><section><div><div><div><h3>
1274 msgid "<em>Important:</em> act swiftly if someone gets your private key"
1277 #. type: Content of: <html><body><section><div><div><div><p>
1279 "If you lose your private key or someone else gets ahold of it (say, by "
1280 "stealing or cracking your computer), it's important to revoke it immediately "
1281 "before someone else uses it to read your encrypted email or forge your "
1282 "signature. This guide doesn't cover how to revoke a key, but you can follow "
1284 "href=\"https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/\">instructions</a>. "
1285 "After you're done revoking, make a new key and send an email to everyone "
1286 "with whom you usually use your key to make sure they know, including a copy "
1290 #. type: Content of: <html><body><section><div><div><div><h3>
1291 msgid "Webmail and GnuPG"
1294 #. type: Content of: <html><body><section><div><div><div><p>
1296 "When you use a web browser to access your email, you're using webmail, an "
1297 "email program stored on a distant website. Unlike webmail, your desktop "
1298 "email program runs on your own computer. Although webmail can't decrypt "
1299 "encrypted email, it will still display it in its encrypted form. If you "
1300 "primarily use webmail, you'll know to open your email client when you "
1301 "receive a scrambled email."
1304 #. type: Content of: <html><body><section><div><div><h2>
1305 msgid "<a href=\"next_steps.html\">Great job! Check out the next steps.</a>"
1308 #. type: Content of: <html><body><header><div><p>
1309 msgid "← Read the <a href=\"index.html\">full guide</a>"
1312 #. type: Content of: <html><body><header><div><h3><a>
1315 "href=\"https://fsf.org/share?u=https://u.fsf.org/zc&t=How public-key "
1316 "encryption works. Infographic via %40fsf\">"
1319 #. type: Content of: <html><body><header><div><h3>
1320 msgid " Share our infographic </a> with the hashtag #EmailSelfDefense"
1323 #. type: Attribute 'alt' of: <html><body><header><div><p><img>
1324 msgid "View & share our infographic"
1327 #. type: Content of: <html><body><header><div><ul><li>
1328 msgid "<a href=\"index.html\">GNU/Linux</a>"
1331 #. type: Content of: <html><body><header><div><ul><li>
1332 msgid "<a href=\"mac.html\" class=\"current\">Mac OS</a>"
1335 #. type: Content of: <html><body><section><div><div><p>
1337 "This guide relies on software which is <a "
1338 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
1339 "it's completely transparent and anyone can copy it or make their own "
1340 "version. This makes it safer from surveillance than proprietary software "
1341 "(like Windows or Mac OS). To defend your freedom as well as protect yourself "
1342 "from surveillance, we recommend you switch to a free software operating "
1343 "system like GNU/Linux. Learn more about free software at <a "
1344 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
1347 #. type: Content of: <html><body><section><div><div><p>
1349 "To get started, you'll need the IceDove desktop email program installed on "
1350 "your computer. For your system, IceDove may be known by the alternate name "
1351 "\"Thunderbird.\" Email programs are another way to access the same email "
1352 "accounts you can access in a browser (like Gmail), but provide extra "
1356 #. type: Content of: <html><body><section><div><div><div><h3>
1357 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPGTools"
1360 #. type: Content of: <html><body><section><div><div><div><p>
1362 "GPGTools is a software package that includes GnuPG. <a "
1363 "href=\"https://gpgtools.org/#gpgsuite\">Download</a> and install it, "
1364 "choosing default options whenever asked. After it's installed, you can close "
1365 "any windows that it creates."
1368 #. type: Content of: <html><body><section><div><div><div><p>
1370 "There are major security flaws in versions of GnuPG provided by GPGTools "
1371 "prior to 2018.3. Make sure you have GPGTools 2018.3 or later."
1374 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1375 msgid "Step 1.C: Tools -> Add-ons"
1378 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1379 msgid "Step 1.C: Search Add-ons"
1382 #. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img>
1383 msgid "Step 1.C: Install Add-ons"
1386 #. type: Content of: <html><body><section><div><div><div><h3>
1387 msgid "<em>Step 1.c</em> Install the Enigmail plugin for your email program"
1390 #. type: Content of: <html><body><section><div><div><div><p>
1392 "There are major security flaws in Enigmail prior to version 2.0.7. Make sure "
1393 "you have Enigmail 2.0.7 or later."
1396 #. type: Content of: <html><body><section><div><div><div><p>
1398 "For greater security against potential attacks, you can turn off "
1399 "HTML. Instead, you can render the message body as plain text."
1402 #. type: Content of: <html><body><header><div><h1>
1406 #. type: Content of: <html><body><section><div><div><h2>
1407 msgid "<em>#6</em> Next steps"
1410 #. type: Content of: <html><body><section><div><div><p>
1412 "You've now completed the basics of email encryption with GnuPG, taking "
1413 "action against bulk surveillance. These next steps will help make the most "
1414 "of the work you've done."
1417 #. type: Content of: <html><body><section><div><div><div><h3>
1418 msgid "Join the movement"
1421 #. type: Content of: <html><body><section><div><div><div><p>
1423 "You've just taken a huge step towards protecting your privacy online. But "
1424 "each of us acting alone isn't enough. To topple bulk surveillance, we need "
1425 "to build a movement for the autonomy and freedom of all computer users. Join "
1426 "the Free Software Foundation's community to meet like-minded people and work "
1427 "together for change."
1430 #. type: Content of: <html><body><section><div><div><div><p>
1432 "<small>Read <a href=\"https://www.fsf.org/twitter\">why GNU Social and "
1433 "Pump.io are better than Twitter</a>, and <a "
1434 "href=\"http://www.fsf.org/facebook\">why we don't use Facebook</a>.</small>"
1437 #. type: Content of: <html><body><section><div><div><div><div><p>
1438 msgid "Low-volume mailing list"
1441 #. type: Content of: <html><body><section><div><div><div><div><form>
1443 "<input type=\"text\" value=\"Type your email...\" name=\"email-Primary\" "
1444 "id=\"frmEmail\" /> <input type=\"submit\" value=\"Add me\" "
1445 "name=\"_qf_Edit_next\" /> <input type=\"hidden\" "
1446 "value=\"https://emailselfdefense.fsf.org/en/confirmation.html\" "
1447 "name=\"postURL\" /> <input type=\"hidden\" value=\"1\" name=\"group[25]\" /> "
1448 "<input type=\"hidden\" "
1449 "value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=391\" "
1450 "name=\"cancelURL\" /> <input type=\"hidden\" value=\"Edit:cancel\" "
1451 "name=\"_qf_default\" />"
1454 #. type: Content of: <html><body><section><div><div><div><div><p>
1456 "<small>Read our <a "
1457 "href=\"https://my.fsf.org/donate/privacypolicy.html\">privacy "
1458 "policy</a>.</small>"
1461 #. type: Content of: <html><body><section><div><div><div><h3>
1462 msgid "Bring Email Self-Defense to new people"
1465 #. type: Content of: <html><body><section><div><div><div><p>
1467 "Understanding and setting up email encryption is a daunting task for "
1468 "many. To welcome them, make it easy to find your public key and offer to "
1469 "help with encryption. Here are some suggestions:"
1472 #. type: Content of: <html><body><section><div><div><div><ul><li>
1474 "Lead an Email Self-Defense workshop for your friends and community, using "
1475 "our <a href=\"workshops.html\">teaching guide</a>."
1478 #. type: Content of: <html><body><section><div><div><div><ul><li>
1480 "Use <a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Encrypt "
1481 "with me using Email Self-Defense %40fsf\">our sharing page</a> to compose a "
1482 "message to a few friends and ask them to join you in using encrypted "
1483 "email. Remember to include your GnuPG public key fingerprint so they can "
1484 "easily download your key."
1487 #. type: Content of: <html><body><section><div><div><div><ul><li>
1489 "Add your public key fingerprint anywhere that you normally display your "
1490 "email address. Some good places are: your email signature (the text kind, "
1491 "not the cryptographic kind), social media profiles, blogs, Websites, or "
1492 "business cards. At the Free Software Foundation, we put ours on our <a "
1493 "href=\"https://fsf.org/about/staff\">staff page</a>."
1496 #. type: Content of: <html><body><section><div><div><div><h3>
1497 msgid "Protect more of your digital life"
1500 #. type: Content of: <html><body><section><div><div><div><p>
1502 "Learn surveillance-resistant technologies for instant messages, hard drive "
1503 "storage, online sharing, and more at <a "
1504 "href=\"https://directory.fsf.org/wiki/Collection:Privacy_pack\"> the Free "
1505 "Software Directory's Privacy Pack</a> and <a "
1506 "href=\"https://prism-break.org\">prism-break.org</a>."
1509 #. type: Content of: <html><body><section><div><div><div><p>
1511 "If you are using Windows, Mac OS or any other proprietary operating system, "
1512 "we recommend you switch to a free software operating system like "
1513 "GNU/Linux. This will make it much harder for attackers to enter your "
1514 "computer through hidden back doors. Check out the Free Software Foundation's "
1515 "<a href=\"http://www.gnu.org/distros/free-distros.html\">endorsed versions "
1519 #. type: Content of: <html><body><section><div><div><div><h3>
1520 msgid "Optional: Add more email protection with Tor"
1523 #. type: Content of: <html><body><section><div><div><div><p>
1525 "<a href=\"https://www.torproject.org/about/overview.html.en\">The Onion "
1526 "Router (Tor) network</a> wraps Internet communication in multiple layers of "
1527 "encryption and bounces it around the world several times. When used "
1528 "properly, Tor confuses surveillance field agents and the global surveillance "
1529 "apparatus alike. Using it simultaneously with GnuPG's encryption will give "
1530 "you the best results."
1533 #. type: Content of: <html><body><section><div><div><div><p>
1535 "To have your email program send and receive email over Tor, install the <a "
1536 "href=\"https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/\">Torbirdy "
1537 "plugin</a> the same way you installed Enigmail, by searching for it through "
1541 #. type: Content of: <html><body><section><div><div><div><p>
1543 "Before beginning to check your email over Tor, make sure you understand <a "
1544 "href=\"https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide\"> "
1545 "the security tradeoffs involved</a>. This <a "
1546 "href=\"https://www.eff.org/pages/tor-and-https\">infographic</a> from our "
1547 "friends at the Electronic Frontier Foundation demonstrates how Tor keeps you "
1551 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1552 msgid "Section 6: Next Steps"
1555 #. type: Content of: <html><body><section><div><div><div><p>
1556 msgid "← <a href=\"index.html\">Return to the guide</a>"
1559 #. type: Content of: <html><body><section><div><div><div><h3>
1560 msgid "Make Email Self-Defense tools even better"
1563 #. type: Content of: <html><body><section><div><div><div><p>
1565 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Leave "
1566 "feedback and suggest improvements to this guide</a>. We welcome "
1567 "translations, but we ask that you contact us at <a "
1568 "href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a> before you start, so "
1569 "that we can connect you with other translators working in your language."
1572 #. type: Content of: <html><body><section><div><div><div><p>
1574 "If you like programming, you can contribute code to <a "
1575 "href=\"https://www.gnupg.org/\">GnuPG</a> or <a "
1576 "href=\"https://www.enigmail.net/home/index.php\">Enigmail</a>."
1579 #. type: Content of: <html><body><section><div><div><div><p>
1581 "To go the extra mile, support the Free Software Foundation so we can keep "
1582 "improving Email Self-Defense, and make more tools like it."
1585 #. type: Content of: <html><body><header><div><ul><li>
1586 msgid "<a href=\"windows.html\" class=\"current\">Windows</a>"
1589 #. type: Content of: <html><body><section><div><div><div><h3>
1590 msgid "<em>Step 1.b</em> Get GnuPG by downloading GPG4Win"
1593 #. type: Content of: <html><body><section><div><div><div><p>
1595 "GPG4Win is a software package that includes GnuPG. <a "
1596 "href=\"https://www.gpg4win.org/\">Download</a> and install it, choosing "
1597 "default options whenever asked. After it's installed, you can close any "
1598 "windows that it creates."
1601 #. type: Content of: <html><body><section><div><div><div><p>
1603 "There are major security flaws in versions of GnuPG provided by GPG4Win "
1604 "prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later."
1607 #. type: Content of: <html><head><title>
1608 msgid "Email Self-Defense - Teach your friends!"
1611 #. type: Content of: <html><body><header><div><ul><li>
1612 msgid "<a href=\"workshops.html\" class=\"current\">Teach your friends</a>"
1615 #. type: Content of: <html><body><header><div><ul><li><a>
1617 "<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email "
1618 "encryption for everyone via %40fsf\">Share "
1621 #. type: Content of: <html><body><header><div><div><div><p>
1623 "We want to translate this guide into more languages, and make a version for "
1624 "encryption on mobile devices. Please donate, and help people around the "
1625 "world take the first step towards protecting their privacy with free "
1629 #. type: Content of: <html><body><header><div><div><p><a>
1631 "<a id=\"infographic\" "
1632 "href=\"https://emailselfdefense.fsf.org/en/infographic.html\">"
1635 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
1636 msgid "View & share our infographic →"
1639 #. type: Content of: <html><body><header><div><div><p>
1641 "</a> Understanding and setting up email encryption sounds like a daunting "
1642 "task to many people. That's why helping your friends with GnuPG plays such "
1643 "an important role in helping spread encryption. Even if only one person "
1644 "shows up, that's still one more person using encryption who wasn't "
1645 "before. You have the power to help your friends keep their digital love "
1646 "letters private, and teach them about the importance of free software. If "
1647 "you use GnuPG to send and receive encrypted email, you're a perfect "
1648 "candidate for leading a workshop!"
1651 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
1652 msgid "A small workshop among friends"
1655 #. type: Content of: <html><body><section><div><div><h2>
1656 msgid "<em>#1</em> Get your friends or community interested"
1659 #. type: Content of: <html><body><section><div><div><p>
1661 "If you hear friends grumbling about their lack of privacy, ask them if "
1662 "they're interested in attending a workshop on Email Self-Defense. If your "
1663 "friends don't grumble about privacy, they may need some convincing. You "
1664 "might even hear the classic \"if you've got nothing to hide, you've got "
1665 "nothing to fear\" argument against using encryption."
1668 #. type: Content of: <html><body><section><div><div><p>
1670 "Here are some talking points you can use to help explain why it's worth it "
1671 "to learn GnuPG. Mix and match whichever you think will make sense to your "
1675 #. type: Content of: <html><body><section><div><div><div><h3>
1676 msgid "Strength in numbers"
1679 #. type: Content of: <html><body><section><div><div><div><p>
1681 "Each person who chooses to resist mass surveillance with encryption makes it "
1682 "easier for others to resist as well. People normalizing the use of strong "
1683 "encryption has multiple powerful effects: it means those who need privacy "
1684 "the most, like potential whistle-blowers and activists, are more likely to "
1685 "learn about encryption. More people using encryption for more things also "
1686 "makes it harder for surveillance systems to single out those that can't "
1687 "afford to be found, and shows solidarity with those people."
1690 #. type: Content of: <html><body><section><div><div><div><h3>
1691 msgid "People you respect may already be using encryption"
1694 #. type: Content of: <html><body><section><div><div><div><p>
1696 "Many journalists, whistleblowers, activists, and researchers use GnuPG, so "
1697 "your friends might unknowingly have heard of a few people who use it "
1698 "already. You can search for \"BEGIN PUBLIC KEY BLOCK\" + keyword to help "
1699 "make a list of people and organizations who use GnuPG whom your community "
1700 "will likely recognize."
1703 #. type: Content of: <html><body><section><div><div><div><h3>
1704 msgid "Respect your friends' privacy"
1707 #. type: Content of: <html><body><section><div><div><div><p>
1709 "There's no objective way to judge what constitutes privacy-sensitive "
1710 "correspondence. As such, it's better not to presume that just because you "
1711 "find an email you sent to a friend innocuous, your friend (or a surveillance "
1712 "agent, for that matter!) feels the same way. Show your friends respect by "
1713 "encrypting your correspondence with them."
1716 #. type: Content of: <html><body><section><div><div><div><h3>
1717 msgid "Privacy technology is normal in the physical world"
1720 #. type: Content of: <html><body><section><div><div><div><p>
1722 "In the physical realm, we take window blinds, envelopes, and closed doors "
1723 "for granted as ways of protecting our privacy. Why should the digital realm "
1727 #. type: Content of: <html><body><section><div><div><div><h3>
1728 msgid "We shouldn't have to trust our email providers with our privacy"
1731 #. type: Content of: <html><body><section><div><div><div><p>
1733 "Some email providers are very trustworthy, but many have incentives not to "
1734 "protect your privacy and security. To be empowered digital citizens, we need "
1735 "to build our own security from the bottom up."
1738 #. type: Content of: <html><body><section><div><div><h2>
1739 msgid "<em>#2</em> Plan The Workshop"
1742 #. type: Content of: <html><body><section><div><div><p>
1744 "Once you've got at least one interested friend, pick a date and start "
1745 "planning out the workshop. Tell participants to bring their computer and ID "
1746 "(for signing each other's keys). If you'd like to make it easy for the "
1747 "participants to use Diceware for choosing passwords, get a pack of dice "
1748 "beforehand. Make sure the location you select has an easily accessible "
1749 "Internet connection, and make backup plans in case the connection stops "
1750 "working on the day of the workshop. Libraries, coffee shops, and community "
1751 "centers make great locations. Try to get all the participants to set up an "
1752 "Enigmail-compatible email client before the event. Direct them to their "
1753 "email provider's IT department or help page if they run into errors."
1756 #. type: Content of: <html><body><section><div><div><p>
1758 "Estimate that the workshop will take at least forty minutes plus ten minutes "
1759 "for each participant. Plan extra time for questions and technical glitches."
1762 #. type: Content of: <html><body><section><div><div><p>
1764 "The success of the workshop requires understanding and catering to the "
1765 "unique backgrounds and needs of each group of participants. Workshops should "
1766 "stay small, so that each participant receives more individualized "
1767 "instruction. If more than a handful of people want to participate, keep the "
1768 "facilitator to participant ratio high by recruiting more facilitators, or by "
1769 "facilitating multiple workshops. Small workshops among friends work great!"
1772 #. type: Content of: <html><body><section><div><div><h2>
1773 msgid "<em>#3</em> Follow the guide as a group"
1776 #. type: Content of: <html><body><section><div><div><p>
1778 "Work through the Email Self-Defense guide a step at a time as a group. Talk "
1779 "about the steps in detail, but make sure not to overload the participants "
1780 "with minutia. Pitch the bulk of your instructions to the least tech-savvy "
1781 "participants. Make sure all the participants complete each step before the "
1782 "group moves on to the next one. Consider facilitating secondary workshops "
1783 "afterwards for people that had trouble grasping the concepts, or those that "
1784 "grasped them quickly and want to learn more."
1787 #. type: Content of: <html><body><section><div><div><p>
1789 "In <a href=\"index.html#section2\">Section 2</a> of the guide, make sure the "
1790 "participants upload their keys to the same keyserver so that they can "
1791 "immediately download each other's keys later (sometimes there is a delay in "
1792 "synchronization between keyservers). During <a "
1793 "href=\"index.html#section3\">Section 3</a>, give the participants the option "
1794 "to send test messages to each other instead of or as well as "
1795 "Edward. Similarly, in <a href=\"index.html#section4\">Section 4</a>, "
1796 "encourage the participants to sign each other's keys. At the end, make sure "
1797 "to remind people to safely back up their revocation certificates."
1800 #. type: Content of: <html><body><section><div><div><h2>
1801 msgid "<em>#4</em> Explain the pitfalls"
1804 #. type: Content of: <html><body><section><div><div><p>
1806 "Remind participants that encryption works only when it's explicitly used; "
1807 "they won't be able to send an encrypted email to someone who hasn't already "
1808 "set up encryption. Also remind participants to double-check the encryption "
1809 "icon before hitting send, and that subjects and timestamps are never "
1813 #. type: Content of: <html><body><section><div><div><p>
1816 "href=\"https://www.gnu.org/proprietary/proprietary.html\">dangers of running "
1817 "a proprietary system</a> and advocate for free software, because without it, "
1819 "href=\"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance\">meaningfully "
1820 "resist invasions of our digital privacy and autonomy</a>."
1823 #. type: Content of: <html><body><section><div><div><h2>
1824 msgid "<em>#5</em> Share additional resources"
1827 #. type: Content of: <html><body><section><div><div><p>
1829 "GnuPG's advanced options are far too complex to teach in a single "
1830 "workshop. If participants want to know more, point out the advanced "
1831 "subsections in the guide and consider organizing another workshop. You can "
1833 "href=\"https://www.gnupg.org/documentation/index.html\">GnuPG's</a> and <a "
1834 "href=\"https://www.enigmail.net/index.php/documentation\">Enigmail's</a> "
1835 "official documentation and mailing lists. Many GNU/Linux distribution's Web "
1836 "sites also contain a page explaining some of GnuPG's advanced features."
1839 #. type: Content of: <html><body><section><div><div><h2>
1840 msgid "<em>#6</em> Follow up"
1843 #. type: Content of: <html><body><section><div><div><p>
1845 "Make sure everyone has shared email addresses and public key fingerprints "
1846 "before they leave. Encourage the participants to continue to gain GnuPG "
1847 "experience by emailing each other. Send them each an encrypted email one "
1848 "week after the event, reminding them to try adding their public key ID to "
1849 "places where they publicly list their email address."
1852 #. type: Content of: <html><body><section><div><div><p>
1854 "If you have any suggestions for improving this workshop guide, please let us "
1855 "know at <a href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a>."