Trying to protect all your data from everyone all the time is impractical and exhausting. But, do not fear! Security is a process, and through thoughtful planning, you can assess what’s right for you. Security isn’t about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.

In computer security, a threat is a potential event that could undermine your efforts to defend your data. You can counter the threats you face by determining what you need to protect and from whom you need to protect it. This process is called “threat modeling.”

This guide will teach you how to threat model, or how to assess your risks for your digital information and how to determine what solutions are best for you.

What might threat modeling look like? Let’s say you want to keep your house and possessions safe, here are a few questions you might ask:

What do I have inside my home that is worth protecting?

• Assets could include: jewelry, electronics, financial documents, passports, or photos

Who do I want to protect it from?

• Adversaries could include: burglars, roommates, or guests

How likely is it that I will need to protect it?

• Does my neighborhood have a history of burglaries? How trustworthy are my roommates/guests? What are the capabilities of my adversaries? What are the risks I should consider?

How bad are the consequences if I fail?

• Do I have anything in my house that I cannot replace? Do I have the time or money to replace these things? Do I have insurance that covers goods stolen from my home?

How much trouble am I willing to go through to prevent these consequences?

• Am I willing to buy a safe for sensitive documents? Can I afford to buy a high-quality lock? Do I have time to open a security box at my local bank and keep my valuables there?

Once you have asked yourself these questions, you are in a position to assess what measures to take. If your possessions are valuable, but the risk of a break-in is low, then you may not want to invest too much money in a lock. But, if the risk is high, you’ll want to get the best lock on the market, and consider adding a security system.

Building a threat model helps you to understand the unique threats you face, your assets, your adversary, your adversary’s capabilities, and the likelihood of risks you face.

Threat modeling as a regular practice Anchor link

Keep in mind your threat model can change as your situation changes. Thus, conducting frequent threat modeling assessments is good practice.

Create your own threat model based on your own unique situation. Then mark your calendar for a date in the future. This will prompt you to review your threat model and check back in to assess whether it’s still relevant to your situation.

Telecommunication networks and the Internet have made communicating with people easier than ever, but have also made surveillance more prevalent than it has ever been in human history. Without taking extra steps to protect your privacy, every phone call, text message, email, instant message, voice over IP (VoIP) call, video chat, and social media message may be vulnerable to eavesdroppers.

Often the safest way to communicate with others is in person, without computers or phones being involved at all. Because this isn’t always possible, the next best thing is to use end-to-end encryption while communicating over a network if you need to protect the content of your communications.

Voice Calls Anchor link

When you make a call from a landline or a mobile phone, your call is not end-to-end encrypted. If you're using a mobile phone, your call may be (weakly) encrypted between your handset and the cell phone towers. However as your conversation travels through the phone network, it's vulnerable to interception by your phone company and, by extension, any governments or organizations that have power over your phone company. The easiest way to ensure you have end-to-end encryption on voice conversations is to use VoIP instead.

Beware! Most popular VoIP providers, such as Skype and Google Hangouts, offer transport encryption so that eavesdroppers cannot listen in, but the providers themselves are still potentially able to listen in. Depending on your threat model, this may or may not be a problem.

Some services that offer end-to-end encrypted VoIP calls include:

• WhatsApp
• Signal
• Jitsi 
• Silent Phone
• Zphone

In order to have end-to-end encrypted VoIP conversations, both parties must be using the same (or compatible) software.

Instant Messages Anchor link

Off-the-Record (OTR) is an end-to-end encryption protocol for real-time text conversations that can be used on top of a variety of services.

Some tools that incorporate OTR with instant messaging include:

• Pidgin (for Windows or Linux)
• Adium (for OS X)
• ChatSecure (for iPhone and Android)
• Jitsi (Linux, Windows, Mac OS)

What End-To-End Encryption Does Not Do Anchor link

End-to-end encryption only protects the content of your communication, not the fact of the communication itself. It does not protect your metadata—which is everything else, including the subject line of your email, or who you are communicating with and when.

Metadata can provide extremely revealing information about you even when the content of your communication remains secret.

Metadata about your phone calls can give away some very intimate and sensitive information. For example:

• They know you rang a phone sex service at 2:24 am and spoke for 18 minutes, but they don't know what you talked about.
• They know you called the suicide prevention hotline from the Golden Gate Bridge, but the topic of the call remains a secret.
• They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour, but they don't know what was discussed.
• They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after, but the content of those calls remains safe from government intrusion.
• They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day, but nobody knows what you spoke about.

If you are calling from a cell phone, information about your location is metadata. In 2009, Green Party politician Malte Spitz sued Deutsche Telekom to force them to hand over six months of Spitz’s phone data, which he made available to a German newspaper. The resulting visualization showed a detailed history of Spitz’s movements.

Protecting your metadata will require you to use other tools, such as Tor, at the same time as end-to-end encryption.

For an example of how Tor and HTTPS work together to protect the contents of your communications and your metadata from a variety of potential attackers, you may wish to take a look at this explanation.

When encryption is used properly, your communications or information should only be readable by you and the person or people you’re communicating with. End-to-end encryption protects your data from surveillance by third parties, but if you’re unsure about the identity of the person you’re talking to, its usefulness is limited. That’s where key verification comes in. By verifying public keys, you and the person with whom you’re communicating add another layer of protection to your conversation by confirming each other’s identities, allowing you to be that much more certain that you’re talking to the right person.

Key verification is a common feature of protocols that use end-to-end encryption, such as PGP and OTR. On Signal, they're called "safety numbers." To verify keys without the risk of interference, it's advisable to use a secondary method of communicating other than the one you’re going to be encrypting; this is called out-of-band verification. For example, if you are verifying your OTR fingerprints, you might email your fingerprints to one another. In that example, email would be the secondary communications channel.

Adium is a free and open source instant messaging client for OS X that allows you to chat with individuals across multiple chat protocols, including Google Hangouts, Yahoo! Messenger, Windows Live Messenger, AIM, ICQ, and XMPP.

OTR (Off-the-record) is a protocol that allows people to have confidential conversations using the messaging tools they’re already familiar with. This should not be confused with Google's “Off the record,” which merely disables chat logging, and does not have encryption or verification capabilities. For Mac users, OTR comes built-in with the Adium client.

OTR employs end-to-end encryption. This means that you can use it to have conversations over services like Google Hangouts without those companies ever having access to the contents of the conversations.  However, the fact that you are having a conversation is visible to the provider.

Limitations: When Should I Not Use Adium + OTR? Anchor link

Technologists have a term to describe when a program or technology might be vulnerable to external attack: they say it has a large “attack surface.” Adium has a large attack surface. It is a complex program, which has not been written with security as a top priority. It almost certainly has bugs, some of which might be used by governments or even big companies to break into computers that are using it. Using Adium to encrypt your conversations is a great defense against the kind of untargeted dragnet surveillance that is used to spy on everyone's Internet conversations, but if you think you will be personally targeted by a well-resourced attacker (like a nation-state), you should consider stronger precautions, such as PGP-encrypted email.

How to Initiate an OTR Chat Anchor link

Once you have signed in to one or more of your accounts, you can start using OTR.

Remember: In order to have a conversation using OTR, both people need to be using a chat program that supports OTR.

Step 1: Initiate an OTR Chat

First, identify someone who is using OTR, and initiate a conversation with them in Adium by double-clicking on their name. Once you have opened the chat window, you will see a small, open lock in the upper left-hand corner of the chat window. Click on the lock and select “Initiate Encrypted OTR Chat.”

Step 2: Verify Your Connection

Once you have initiated the chat and the other person has accepted the invitation, you will see the lock icon close; this is how you know that your chat is now encrypted (congratulations!) – But wait, there’s still another step!

At this time, you have initiated an unverified, encrypted chat. This means that while your communications are encrypted, you have not yet determined and verified the identity of the person you are chatting with. Unless you are in the same room and can see each other’s screens, it is important that you verify each other’s identities. For more information, read the module on Key Verification.

To verify another user’s identity using Adium, click again on the lock, and select “Verify.” You will be shown a window that displays both your key and the key of the other user. Some versions of Adium only support manual fingerprint verification. This means that, using some method, you and the person with whom you’re chatting will need to check to make sure that the keys that you are being shown by Adium match precisely.

The easiest way to do this is to read them aloud to one another in person, but that’s not always possible. There are different ways to accomplish this with varying degrees of trustworthiness. For example, you can read your keys aloud to one another on the phone if you recognize each other’s voices or send them using another verified method of communication such as PGP. Some people publicize their key on their website, Twitter account, or business card.

The most important thing is that you verify that every single letter and digit matches perfectly.

Step 3: Disable Logging

Now that you have initiated an encrypted chat and verified your chat partner’s identity, there’s one more thing you need to do. Unfortunately, Adium logs your OTR-encrypted chats by default, saving them to your hard drive. This means that, despite the fact that they’re encrypted, they are being saved in plain text on your hard drive.

To disable logging, click “Adium” in the menu at the top of your screen, then “Preferences.” In the new window, select “General” and then disable “Log messages” and “Log OTR-secured chats.” Remember, though, that you do not have control over the person with whom you are chatting—she could be logging or taking screenshots of your conversation, even if you yourself have disabled logging.

Your settings should now look like this:

Also, when Adium displays notifications of new messages, the contents of those messages may be logged by the OS X Notification Center. This means that while Adium leaves no trace of your communications on your own computer or your correspondent's, either your or their computer's version of OS X may preserve a record. To prevent this, you may want to disable notifications.

To do this, select "Events" in the Preferences window, and look for any entries that say "Display a notification." For each entry, expand it by clicking the gray triangle, and then click the newly-exposed line that say "Display a notification," then click the minus icon ("-") at the lower left to remove that line." If you are worried about records left on your computer, you should also turn on full-disk encryption, which will help protect this data from being obtained by a third party without your password.

Pretty Good Privacy (PGP) is a way to protect your email communications from being read by anyone except their intended recipients. It can protect against companies, governments, or criminals spying on your Internet connection, and, to a lesser extent, it can save your email from being read if the computer on which they are stored is stolen or broken into.

It can also be used to prove that an email came from a particular person, instead of being a fake message sent by another sender (it is otherwise very easy for email to be fabricated). Both of these are important defenses if you're being targeted for surveillance or misinformation.

To use PGP, you will need to install some extra software that will work with your current email program. You will also need to create a private key, which you will keep private. The private key is what you will use to decrypt emails sent to you, and to digitally sign emails that you send to show they truly came from you. Finally, you'll learn how to distribute your public key—a small chunk of information that others will need to know before they can send you encrypted mail, and that they can use to verify emails you send.

Installing Mozilla Thunderbird Anchor link

Click the Download icon in the Dock and then click the Thunderbird 45.2.0.dmg file.

A window will open indicating your progress.

A window will open with the Thunderbird icon and a link to your Applications folder. Drag Thunderbird to the Applications folder.

A window with a progress bar will open, when it is done, it will close.

Make sure to eject the mounted DMG files.

Installing Enigmail Anchor link

Enigmail is installed in a different way from Mozilla Thunderbird and GnuPG. As mentioned before, Enigmail is an Add-on for Mozilla Thunderbird. Click the “Menu button,” also called the Hamburger button and select “Add Ons.”

You'll be taken to an Add-ons Manager tab. Enter "Enigmail" into the Add-on search field to look for Enigmail on the Mozilla Add-on site.

Enigmail will be the first option. Click the "Install" button.

After the Enigmail add-on is installed Mozilla Thunderbird will ask to restart the browser to activate Enigmail. Click the “Restart Now” button and Mozilla Thunderbird will restart.

When Mozilla Thunderbird restarts an additional window will open up that will start the process of setting up the Enigmail add-on. Keep the “Start setup now” button selected and click the “Continue” button.

We believe Enigmail’s “standard configuration” option to be a good choice. Click the “Continue” button.

Now you will start creating your private key and public key.

Optional configuration steps Anchor link

Display Fingerprints and Key Validity

The next steps are completely optional but they can be helpful when using OpenPGP and Enigmail. Briefly, the Key ID is a small part of the fingerprint. When it comes to verifying that a public key belongs to a particular person the fingerprint is the best way. Changing the default display makes it easier to read the fingerprints of the certificates you know about. Click the configuration button, then the Enigmail option, then Key Management.

A window will open showing two columns: Name and Key ID.

On the far right there is a small button. Click that button to configure the columns. Unclick the Key ID option and click the Fingerprint option and the Key Validity option.

Now there will be three columns: Name, Key Validity, and Fingerprint.

Letting others know you are using PGP Anchor link

Now that you have PGP, you want to let others know that you are using it so they can also send you encrypted messages using PGP.

Using PGP doesn't completely encrypt your email so that the sender and receiver information is encrypted. Encrypting the sender and receiver information would break email. Using Thunderbird with the Enigmail add-on gives you an easy way to encrypt and decrypt the content of your email.

Let's look at three different ways you can let people know you are using PGP.

Let people know you are using PGP with an email

You can easily email your public key to another person by sending them a copy as an attachment.

Click the "Write" button in Mozilla Thunderbird.

Fill in an address and a subject, perhaps something my “my public key,” click the “Attach My Public Key” button. If you have already imported a PGP key for the person you are sending the PGP key to, the Lock icon in the Enigmail bar will be highlighted. As an additional option, you can also click the Pencil icon to sign the email, giving the recipient a way to verify the authenticity of the email later.

A window will pop open asking you if you forgot to add an attachment. This is a bug in the interaction between Enigmail and Mozilla Thunderbird, but don’t worry, your public key will be attached. Click the “No, Send Now” button.

Let people know you are using PGP on your website

In addition to letting people know via email, you can post your public key on your website. The easiest way is to upload the file and link to it. This guide won't go into how to do those things, but you should know how to export the key as a file to use in the future.

Click the configuration button, then the Enigmail option, then Key Management.

Highlight the key in bold, then right-click to bring up the menu and select Export keys to file.

Anchor link

A small window will pop up with three buttons. Click the “Export Public Keys Only” button.

Now a window will open so you can save the file. In order to make it easier to find in the future please save the file to the Documents folder. Now you can use this file as you wish.

Make sure you don't click the “Export Secret Keys” button because exporting the secret key could allow others to impersonate you if they are able to guess your password.

Uploading to a keyserver

Keyservers make it easier to search for and download public keys of others. Most modern keyservers are synchronizing, meaning that a public key uploaded to one server will eventually reach all servers.

Although uploading your public key to a keyserver might be a convenient way of letting people know that you have a public PGP certificate, you should know that due to the nature of how keyservers work there is no way to delete public keys once they are uploaded.

Before uploading your public key to a keyserver, it is good to take a moment to consider whether you want the whole world to know that you have a public certificate without the ability to remove this information at a later time.

If you choose to upload your public key to keyservers, you will go back to the Enigmail Key Management window.

Right-click your PGP key and select the Upload Public Keys to Keyserver option.

Sending PGP Encrypted Mail Anchor link

Now you will send your first encrypted email to a recipient.

In the main Mozilla Thunderbird window click the “Write” button. A new window will open.

Write your message, and enter a recipient. For this test, select a recipient whose public key you already have. Enigmail will detect this and automatically encrypt the email.

The subject line won't be encrypted, so choose something innocuous, like "hello."

The body of the email was encrypted and transformed. For example the text above will be transformed into something like this:

Revoking the PGP Key Anchor link

Revoking Your PGP Key Through the Enigmail Interface

The PGP keys generated by Enigmail automatically expire after five years. So if you lose all your files, you can hope that people will know to ask you for another key once the key has expired.

You might have a good reason to disable the PGP key before it expires. Perhaps you want to generate a new, stronger PGP key. The easiest way to revoke your own PGP key in Enigmail is through the Enigmail Key Manager.

Right click on your PGP key, it's in bold, and select the "Revoke Key" option.

A window will pop up letting you know what happens and asking for your confirmation. Click the “Revoke Key” button.

The password window opens, enter your password for the PGP key and click to "OK" button.

Now a new window will open up letting you know you succeeded. Click the “OK” button.

When you go back to the Enigmail Key Management window you'll notice a change to your PGP key. It is now grayed out and italicized.

Revoking a PGP Key with a Revocation Certificate

Like we mentioned before, you might have a good reason to disable the PGP key before it expires. Similarly, others might have good reasons to revoke an existing key. In the previous section you might have noticed that Enigmail generates and imports a revocation certificate internally when you use the Enigmail Key Manager to revoke a key.

You might get sent revocation certificates from friends as a notice that they want to revoke their key. Since you already have a revocation certificate, you will use the one you generated earlier to revoke your own key.

Start with the Enigmail Key Manager and click the “File” menu and select “Import Keys from File.”

A window will open up so you can select the revocation certificate. Click on the file, and click the “Open” button.

You'll get a notification that the certificate was imported successfully and that a key was revoked. Click the “OK” button.

When you go back to the Enigmail Key Management window you'll notice a change to your PGP key. It is now grayed out and italicized.

Now that you have all the proper tools, try sending your own PGP-encrypted email.

How KeePassX works Anchor link

KeePassX works with files called password databases, which are exactly what they sound like—files that store a database of all your passwords. These databases are encrypted when they’re stored on your computer’s hard disk, so if your computer is off and someone steals it they won’t be able to read your passwords.

Password databases can be encrypted via three methods: using a master password, using a keyfile, or both. Let’s look at the pros and cons of each.

Using a Keyfile Anchor link

Alternatively, you can use a keyfile to encrypt your password database. A keyfile acts the same way a password would—every time you want to decrypt your password database you will need to provide that keyfile to KeePassX. A keyfile should be stored on a USB drive or some other portable media, and only inserted into your computer when you want to open your password database. The benefit of this is that even if somebody gets access to your computer’s hard disk (and thus your password database) they still won’t be able to decrypt it without the keyfile stored in the external media. (Additionally, a keyfile can be much harder for an adversary to guess than a normal password.) The downside is that any time you want to access your password database, you’ll need to have that external media handy (and if you lose it or it gets damaged, then you won’t be able to open your password database).

Using a keyfile instead of a password is the closest thing to having an actual physical key to open your password database—all you need to do is insert your USB drive, select the keyfile, and presto! If you do choose to use a keyfile instead of a master password, though, make sure your USB drive is stored somewhere safe—anyone who finds it will be able to open your password database.

Getting Started with KeePassX Anchor link

Once you’ve installed KeePassX, go ahead and launch it. Once it’s started, select “New Database” from the File menu. A dialog will pop up which will ask you to enter a master password and/or use a keyfile. Select the appropriate checkbox(es) based on your choice. Note that if you want to see the password you’re typing in (instead of obscuring it with dots) you can click the button with the “eye” to the right. Also note that you can use any existing file as a keyfile—an image of your cat for example, could be used as a keyfile. You’ll just need to make sure the file you choose never gets modified, because if its contents are changed then it will no longer work for decrypting your password database. Also be aware that sometimes opening a file in another program can be enough to modify it; the best practice is to not open the file except to unlock KeePassX. (It is safe to move or rename the keyfile, though.)

Once you’ve successfully initialized your password database, you should save it by choosing “Save Database” from the File menu. (Note that if you want, you can move the password database file later to wherever you like on your hard disk, or move it to other computers—you’ll still be able to open it using KeePassX and the password/keyfile you specified before.)

Storing/generating/editing Passwords Anchor link

To create a new password or store a password you already have, right-click on the Group in which you want to store the password, and choose “Add New Entry” (you can also choose “Entries > Add New Entry” from the menubar). For basic password usage, do the following:

• Enter a descriptive title you can use to recognize this password entry in the “Title” field.
• Enter the username associated with this password entry in the “Username” field. (This can be blank if there is no username.)
• Enter your password in the “Password” field. If you’re creating a new password (i.e. if you’re signing up for a new website and you want to create a new, unique, random password) click the “Gen” button to the right. This will pop up a password generator dialog which you can use to generate a random password. There are several options in this dialog, including what sorts of characters to include and how long to make the password.
  • Note that if you generate a random password, it’s not necessary that you remember (or even know!) what that password is! KeePassX stores it for you, and any time you need it you’ll be able to copy/paste it into the appropriate program. This is the whole point of a password safe—you can use different long random passwords for each website/service, without even knowing what the passwords are!
  • Because of this, you should make the password as long as the service will allow and use as many different types of characters as possible.
  • Once you’re satisfied with the options, click “Generate” in the lower right to generate the password, and then click “OK.” The generated random password will automatically be entered in the “Password” and “Repeat” fields for you. (If you’re not generating a random password, then you’ll need to enter your chosen password again in the “Repeat” field.)

• Finally, click OK. Your password is now stored in your password database. To make sure the changes are saved, be sure to save the edited password database by going to “File > Save Database.” (Alternatively, if you made a mistake, you can close and then re-open the database file and all changes will be lost.)

If you ever need to change/edit the stored password, you can just choose the Group it’s in and then double-click on its title in the right-hand pane, and the “New Entry” dialog will pop up again.

Advanced Use Anchor link

One of the most useful features of KeePassX is that it can automatically type in usernames and passwords for you into other programs when you press a special combination of keys on your keyboard. Note that although this feature is only available under Linux, other password safes like KeePass (on which KeePassX was based) support this feature on other operating systems, and it works similarly.

To enable this feature, do the following.

1. Choose your global hotkey. Choose “Settings” from the “Extras” menu, and then choose “Advanced” in the pane on the left. Click inside the “Global Auto-Type Shortcut” field, and then press the shortcut-key combination you wish to use. (For example, press and hold Ctrl, Alt, and Shift, and then hit “p.” You can use any key combination you like, but you’ll want to make sure that it doesn’t conflict with hotkeys other applications use, so try to stay away from things like Ctrl+X or Alt+F4.) Once you’re satisfied, click “OK.”

2. Setup auto-type for a specific password. Make sure that you have the window open where you’ll want to enter the password. Then go to KeePassX, find the entry for which you want to enable auto-type, and double-click on the entry’s title to open up the “New Entry” dialog.

3. Click the “Tools” button in the bottom left, and select “Auto-Type: Select target window.” In the dialog that pops up, expand the drop-down box and choose the title of the window in which you want the username and password to be entered. Click OK, and then click OK again.

Test it out! Now in order to autotype your username and password, go to the window/website where you want KeePassX to autotype your username/password for you. Make sure your cursor is in the text box for your username, and then hit the combination of keys you chose above for the global hotkey. As long as KeePassX is open (even if it’s minimized or not focused) your username and password should automatically be entered.

Note that depending on how the website/window is set up, this feature may not work 100% correctly right off the bat. (It might enter the username but not the password, for example.) You can troubleshoot and customize this feature, though—for more information we recommend looking at the KeePass documentation here. (Although there are some differences between KeePass and KeePassX, that page should be enough to guide you in the right direction.)

It is recommended that you use a key combination that is difficult to hit accidentally. You don't want to accidentally paste your bank account password into a Facebook post!