Public Wiki

Assuntos:

  1. Mensagens auto-destrutivas
  2. Links encriptados
  3. Pentest
  4. DNS
  5. Denúncia Anônima
  6. Roteadores
  7. Criptografia
  8. Senhas
  9. E-mail
  10. Redes Sociais
  11. Navegadores
  12. Buscadores
  13. Celulares
  14. Chat
  15. Vídeo-Chat
  16. Áudio-Chat
  17. Conexão
  18. Sistema Operacional
  19. Monitoramento de Tráfego
  20. Troca de Arquivos
  21. Mercado Aberto
  22. Microblogging
  23. Redes
  24. Moedas Descentralizadas
  25. Sites, histórias, manuais
  26. Drones
  27. Outras Ferramentas
  28. Jornalismo

Mensagens auto-destrutivas

  • Private Note: Privnote is a free web based service that allows you to send top secret notes over the internet. It’s fast, easy, and requires no password or user registration at all.

Link encriptados ou anônimos

  • anon.click: Create a SSL-protected anonymouse link from your url. By using this link you will hide your HTTP-REFERER. Webmasters can use anon.click to hide their website from appearing in the logs of referred pages as http-referrer. The webmasters of the linked page cannot see where the visitors came from.

Pentest (teste de penetração)

  • Metasploit: Our penetration testing software, Metasploit, helps verify
    vulnerabilities and manage security assessments. (privado. é preciso testar)
  • Vega Vulnerability Scanner: Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities.

DNS

  • DNScrypt: DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
  • DNS Leak test: When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.
  • CJDNS: Imagine an Internet where every packet is cryptographically protected from source to destination against espionage and forgery, getting an IP address is as simple as generating a cryptographic key, core routers move data without a single memory look up, and denial of service is a term read about in history books. Finally, becoming an ISP is no longer confined to the mighty telecoms, anyone can do it by running some wires or turning on a wireless device. This is the vision of cjdns.

Denúncia Anônima

  • Secure Drop: é uma plataforma open-source de entrega de documentos confidenciais por fontes anônimas. O sistema usa criptografia de forma a tornar a plataforma segura. Uma plataforma surge como uma ferramenta para tornar a comunicação entre jornalistas e “whistleblowers” mais segura.

  • Wikileaks: WikiLeaks is a multi-national media organization and associated library. It was founded by its publisher Julian Assange in 2006. It specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption. It has so far published more than 10 million documents and associated analyses.

Roteadores

Criptografia

  • EnigForm: is a Mozilla Firefox extension that provides you the ability to digitally sign HTTP requests, even those generated via AJAX calls. It implements the mechanism described in the white paper entitled OpenPGP Signing for HTTP by Arturo Buanzo Busleiman.
  • FirePGP (descontinuado): is a Firefox extension under MPL that provides an integrated interface to apply GnuPG operations to the text of any web page, including encryption, decryption, signing, and signature verification.

  • GnuPG? GNU Privacy Guard (GnuPG or GPG) é uma alternativa GPL ao aplicativo PGP de criptografia. GnuPG é compatível com a RFC 4880, o padrão da IETF para a especificação do OpenPGP. As versões atuais do PGP (e Filecrypt da Veridis) possuem interoperabilidade com o GnuPG e com outros sistemas compatíveis com o OpenPGP. GnuPG é parte da Free Software Foundation e do projeto de software GNU.

Senhas

Email

  • AnonBox: provides you free, completely anonymous one-time email addresses. Acquire one in our web interface and use it to receive emails up to the next day. Check for new emails in your browser.
  • Tutanota Tutanota automatically encrypts all your data on your device. Your emails as well as your contacts stay private. You can easily communicate with any of your friends end-to-end encrypted. Even subject and attachments are encrypted.github
  • Openmailbox:Our online solution offers free e-mail address hosting for a wide public in search of a high quality service inspired by a free philosophy and totally independent of all the existing large service companies on the web. The respect for our members’ privacy is our priority, which is why we do everything to ensure the security of the data that is entrusted to us.
  • Riseup: Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.

  • autistici: A/I nasceu há mais de 10 anos quando indivíduos e coletivos que lidavam como tecnologia, privacidade, ciberdireitos e ativismo político se encontraram na Itália. Nosso objetivo fundamental é fornecer ferramentas livres de comunicação em escala mundial, incentivando as pessoas a escolher meios livres de comunicação em detrimento dos comerciais. Nós gostaríamos de despertar a preocupação das pessoas sobre a necessidade de proteger a sua privacidade e de escapar dos abusos indiscriminadamente perpetrados por governos e corporações acerca de nossos dados e personalidades.

  • espora.org: Espora.org es un proyecto cultural dedicado a la construcción de una infraestructura para el aprendizaje colectivo de tecnologías libres y a la socialización del conocimento a través de un servidor (una máquina conectada a la Internet) en el que desarrollamos recursos de manera autónoma.

  • Resistemail.com: Somos un servicio autónomo de correo electrónico que opera desde México.
    Creemos que debe de haber alternativas confiables a los correos mega-corporativos como gmail, yahoo o hotmail e incluso a otros servicios como el nuestro en otras partes del mundo. (Descestralizando el riseup)
    (Para contas de até 100MB, é gratuito. Acima disso e/ou com serviço de nuvem tem um preço lá)

  • Bitmessage: alternativa para o sistema de email atual. Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide “non-content” data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. If Bitmessage is completely new to you, you may wish to start by reading the whitepaper.

  • Espiv.net: Cybrigade is an autonomous collective with reference to the social struggles as these are expressed in cyberspace and also responsible for the administration of espiv.net & squat.gr services. Cybrigade members act voluntarily, since it’s not a company but rather an administrative collective that provides internet services without immediate reward (apart from the support of social and political movement in the virtual world). There’s no hierarchy, and all decisions are taken from the group’s assembly.
 Remailers 
 Serviços de email oferecidos por empresas, mas que são gratuitos e encriptados
  • ProtonMail: EMPRESA com servidor baseado na suíça, as mensagens ficam guardadas encriptadas, segurança realizada através de 2 senhas, gratuito, não guardam IP, multiplataforma.
  • https://www.hushmail.com/
  • https://mykolab.com/
  • https://www.mail1click.com/

Redes Sociais

  • disroot.org Disroot is a platform providing online services based on priciples of freedom, privacy, federation and decentralisation.
    No tracking, no ads, no profile, no data mining!
  • RetroShare: RetroShare é uma plataforma Friend-2-Friend (F2F) de comunicação descentralizada segura. Ela permite que tu converses (chat) e compartilhes arquivos de maneira segura entre amigxs e familiares, usando uma rede de confiança para autenticar os pares e OpenSSL para encriptar toda a comunicação. A RetroShare fornece compartilhamento de arquivos, chat, mensagens, fóruns e canais.

Navegadores

  • Extensões de segurança para Firefox aqui no we
  • Fak Domain Detective: evita entrar em sites falsos
  • Mailvelope: extensão para encriptação de emails
  • Lightbeam: Lightbeam é uma extensão do Firefox que usa visualizações interativas para mostrar quais sites acessados por estão interagindo com você na web. Enquanto navega, o Lightbeam revela todo o interior da Web nos dias atuais, incluindo as partes que não são evidentes para o usuário comum.
  • Self-destruction Coockies: Gets rid of a site’s cookies and LocalStorage as soon as you close its tabs. Protects against trackers and zombie-cookies. Trustworthy services can be whitelisted.
  • disconnect.me
  • uBlock

Buscadores


escrevendo “!g” e palavra chave a ser buscada, faz a busca no google criptografada

Celulares

  • Orfox: Navegador para android desenvolvido para combinar o Orweb com Firefox usando a rede TOR.

  • Threema: Threema is a proprietary encrypted instant messaging application for iOS, Android and Windows Phone.6 In addition to text messaging, users can send multimedia, locations, voice messages and files.
  • Telegram: aplicativo de código aberto que combina SMS e email: é possível, além de texto, enviar arquivos. Os grupos de contatos podem contar até 200 pessoas. O código do servidor do Telegram não é aberto, mas está prevista sua abertura até o final de 2014.
    Disponível para: Android, Iphone/Ipad, WindowsPhone
    Protocolo: MTProto (criptografia de ponta-a-ponta)
    A versão para DESKTOP NÃO tem mensagens encriptadas.

  • Cutegram: Cutegram is a free and opensource telegram clients for Linux, Windows, OS X and OpenBSD, focusing on user friendly, compatibility with desktop environments. Cutegram using Qt5, QML, libqtelegram, libappindication, AsemanQtTools technologies and Faenza icons and Twitter emojies graphic sets. It’s free and released under GPLv3 license.
  • Redphone: aplicativo que faz chamadas de voz encriptadas (ver mais sobre o protocolo)
    Disponível para: Android

  • Orbot: aplicativo de código-aberto para Android que direciona a conexão pela rede TOR.

Repositórios:

OS pra celular:

  • securegen.org: O Securegen é uma distribuição para celulares Android livre, segura e que respeita a privacidade de seus usuários.
  • Replicant: Replicant é um projeto de Software Livre que pretende substituir os softwares proprietários presentes em diversos celulares e smartphones que precisam fazer uso de todo potencial do hardware ou de outras funcionalidades dos dispositivos.

  • CyanogenMod: CyanogenMod is an aftermarket firmware for a number of cell phones based on the open-source Android operating system. It offers features not found in the official Android based firmwares of vendors.

Apps:
  • ObscuraCam: é uma aplicação para telefones móveis desenvolvida pelo Projeto Guardião que permite desfocar/pixelar partes de fotografias ou videos para preservar a identidade das pessoas.

Outras coisas

Chat (IM)

  • irc (com https!): esse link vai para o servidor do indymedia.
  • jabber (XMPP)
  • OTR: allows you to have private conversations over instant messaging by providing: Encryption (no one else can read your instant messages), Authentication (you are assured the correspondent is who you think it is), Deniability (the messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified), Perfect forward secrecy (If you lose control of your private keys, no previous conversation is compromised).
  • Prosody: Prosody is a modern XMPP communication server. It aims to be easy to set up and configure, and efficient with system resources. Additionally, for developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols.
  • Ricochet: Ricochet is a different approach to instant messaging that doesn’t trust anyone in protecting your privacy.
    • Eliminate metadata. Nobody knows who you are, who you talk to, or what you say.
    • Stay anonymous. Share what you want, without sharing your identity and location.
    • Nobody in the middle. There are no servers to monitor, censor, or hack.
    • Safe by default. Security isn’t secure until it’s automatic and easy to use.
  • Briar: Peer-to-peer encrypted messaging and forums, Messages are stored securely on your device, not in the cloud, Connect directly with nearby contacts – no Internet access required, Free and open source software.
  • Hack.Chat:Welcome to hack.chat, a minimal, distraction-free chat application.

Vídeo-chat

Tox is a free (as in liberty and price) peer to peer, distributed, multimedia messenger.

Using existing technologies such as dispersed networking and strong cryptography, Tox can provide a superior instant messaging experience than current market offerings. Files can be shared as fast as you and your partner’s Internet connection allows, audio calls are instantaneous, and there are no arbitrary limits to how many people you can have in a group conversation.

Tox’s goal is to get secure messaging in the hands of everyone because we feel it’s necessary in a world where our privacy is often overlooked; which means our efforts are free of charge with absolutely no strings attached. There are no advertisements; you are not the product and absolutely no data is collected from our users. We are here for altruistic purposes, which is why we rely on the community to help us make Tox better.

Áudio-chat

  • mumble

Conexão

  • Black Riseup:This is the home of the Riseup “Black” services, our new enhanced security VPN and (soon) Email. These services require the Bitmask application.

Sistema Operacional

  • Whonix: Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation.
    Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. With Whonix, you can use applications and run servers anonymously over the internet. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.
    Whonix is free as in price and freedom, and it has been rated 5/5 stars by users of sourceforge.net.
  • Debian: O Debian é um sistema operacional (SO) livre para seu computador. Um sistema operacional é um conjunto de programas básicos e utilitários que fazem seu computador funcionar.

  • TAILS: Tails é um sistema operacional live, que você pode usar em quase qualquer computador a partir de um DVD, de uma memória USB ou de um cartão SD. Ele tem como objetivo preservar sua privacidade e seu anonimato, e te auxilia a:
    • usar a Internet de forma anônima e evitar
    • todas as conexões feitas à Internet são passam necessariamente pela rede
    • não deixar rastros no computador que você estiver utilizando, a menos que você explicitamente queira que isso aconteça;
    • usar ferramentas criptográficas do estado da arte para criptografar seus arquivos, email e mensagens instantâneas.

  • SubGraph: Subgraph believes that the best way to empower people to communicate and live freely is to develop technology that is secure, free, open-source, and verifiably trustworthy.
    Subgraph OS was designed from the ground-up to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks.
    Subgraph OS is designed to be difficult to attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on the integrity of installable software packages.

Monitoramento de tráfego

  • Wireshark: is a network protocol analyzer for Unix and Windows
  • Aircrack-ng
  • Vega: Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Troca de arquivos

  • bittorrent
  • Syncthing: Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it’s transmitted over the Internet.
  • CrypABytes: Messages and files are encrypted using a public key and can only be decrypted using the passphrase entered when your key is created. Your data is never stored in plaintext, and is impossible to decrypt without your passphrase.
  • OnionShare: aplicativo de troca direta de arquivos via Tor. Ele gera um endereço .onion para um arquivo hospedado no seu computador. Você então pode compartilhar este link e qualquer pessoa pode baixar o arquivo, mantendo uploader e o downloader anônimxs.

Mercado aberto

Microblogging

(tipo twitter)

  • http://twister.net.co/: Peer-to-peer microblogging. Because twister is completely decentralized no one can censor you. No one can remove your posts. Your account cannot be blocked. Private communication (Direct Messages) are protected with end-to-end encryption. Both content and metadata (the recipient address) are protected. The IP address you use to access twister is not recorded on any server. Your online presence is not announced.

Redes

  • PirateBox
  • Firechat
  • guifi.net : guifi.net is a telecommunications network, is open, free and neutral because is built through a peer to peer agreement where everyone can join the network by providing his connection, and therefore, extending the network and gaining connectivity to all
  • RedesLivres.org.br
  • commotionwireless.net: Commotion is a free, open-source communication tool that uses wireless devices to create decentralized mesh networks. Commotion provides a way for you to share your Internet connection with the people around you, but it is not a replacement for your Internet connection.

Redes de Celular

Moedas descentralizadas

  • Bitcoin: criptomoeda cuja criação e transferência é baseada em protocolos código fonte aberto de criptografia que é independente de qualquer autoridade central. Um bitcoin pode ser transferido por um computador ou smartphone sem recurso a uma instituição financeira intermediária. O conceito foi introduzido em 2008 num paper publicado por um programador com o pseudônimo de Satoshi Nakamoto que o chamou de sistema eletrônico de pagamento peer to peer. (wikipedia)
    • Quanto uma bitcoin gera de carbono para ser minerada: http://www.coindesk.com/carbon-footprint-bitcoin/
    • The Rise and Rise of Bitcoin: documentário sobre bitcoin. Mostra muito bem a faceta milionária desta tecnologia.
    • Sidechains: proposta técnica mais recente para interligação de moedas (principalmente virtuais). Interessante como prognóstico.

  • Litecoin
  • Darkcoin

Sites, historias, manuais

(livros, zines, docs, vídeos etc.)

Drones

Outras ferramentas

- PDFy: compartilhar PDFs sem conta sem anúncios (não está aceitando uploads momentaneamente)
- PostImage: subir imagens/PDF gratuitamente, podendo deletá-las depois.
- Mergely: ferramenta online para comparação de textos (diff)

Jornalismo

  • Freedom of Press Foudation: As technology continues to change journalism, it also challenges the rights of journalists around the world. Freedom of the Press Foundation is committed to advocating for the rights of all journalists in the digital world—whether it’s in the public sphere, the courtroom, and wherever necessary.

Recent Pages Create Page »

Title Updated
Como usar o we (básico) chúy 12:03AM
Devemos admitir, caímos na Armadilha da Internet desobediente Sunday
quando feministas são usadas pelas tecnologias patriarcais ninguem Saturday
Cathy O’Neil, Weapons of Math Destruction chúy Aug 11
[Poa] Oficina de Segurança Digital Para Ativistas - 11 de Junho absorto Jun 08
Aplicativos para android bagre Jun 02
Uma alternativa para quem usa Whatsapp Iconoclasta May 21
Como usar GPG para criptografar e assinar mensagens chúy May 18
Senhas mais seguras chúy May 14
Coletânea - transição da web hoje absorto May 02
[LIVRO] No Place to Hide - Sem Lugar Para se Esconder absorto Apr 23
Comandos para obter infos sobre rede em linux chúy Apr 10
OficinaScribus absorto Apr 05
OpenWrt - Wireless Freedom chúy Feb 16
Redes sem Fio no Mundo em Desenvolvimento koike Feb 15
Criando senhas seguras e fácils de lembrar com diceware bagre Jan 27
[Tutorial] Hackeando WiFi Alma Negra Jan 19
smart girls guide to privacy chúy Jan 16
Obfuscation chúy Jan 13
[notícia] Abin tem megabanco de dados sobre movimentos sociais chúy 2016-12-07
Notícias cibernéticas chúy 2016-12-07
[livro] Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers josipopsi 2016-12-05
[livro] Sweigart, Al hacking secret ciphers with python chúy 2016-12-01
Vigilância das Comunicações pelo Estado Brasileiro chúy 2016-11-25
commotion kbabout measure-03 0 0 chúy 2016-11-16
Android sem GooglePlay chúy 2016-11-11
linux distribuicoes chúy 2016-09-08
Vulnerabilidades no software da urna eletronica br chúy 2016-09-08
Extensões do Firefox para privacidade chúy 2016-07-29
Foda-se o Google - Comitê Invisível
Tinta de Urucum
2016-07-23