A+ A A-

Media Watch

Dear Mr Greenwald,

The stated rationale for not releasing the bulk of the Snowden documents is that it could endanger ongoing operations or personnel (assets). The immediate question is how many innocent lives are those ongoing operations and personnel putting in jeopardy because the comfort and safety of these agents is essentially guaranteed by their identities not being disclosed?

They hardly exercise the same levels of care for the lives of those they target than we must do as we tiptoe around the sensibilities of the most fearsome imperial juggernaut ever to threaten the hopes of free people. We must be extra careful to assure that we never endanger them, for their lives are more precious, more exceptional than the rest of our lives. 

The world has a right to know who the assets, moles, covert agents undermining their respective societies are.

We don't want to live in a world of mole, assets, double and triple agents. Why then take special measures to assure the safety of these agents betrayal and suffering? Why make their lives easy when they are making the world a miserable, unfair and brutal place? They are the ones assassinating democratically elected leaders, they are the ones stoking sectarian violence into civil wars. Expose them, make them uncomfortable, they are spooks, why must they always spook us? Maybe it's time that the spooks learn what it feels like to be as afraid as they make the world feel!

In the view of many great thinkers, these operations and persons whose safety you are protecting are not only not serving the security interests of the United States but quite the contrary - they are the willing agents of the most destructive force in the world today and are diminishing the security of the people of the United States and the entire world in the process.

By releasing the entire trove of documents you will be saving many more innocent lives than will be jeopardized.

Why protect them? Would it not be at least equitable to make their safety and security as compromised as they are making ours? Maybe a general warning that on a certain date all the documents will be released and anyone who is engaged in these covert activities has time to clear out or take cover. Bet the time has come to send a message to the spooks - We don't want to be spooked!

Haven't we all come to the conclusion that "ongoing operations and personnel" in foreign countries are precisely the problem in the world today? Should these agents of US imperialist aggression not feel as insecure as they are making us feel?

Can we not weigh the net suffering that the United States government inflicts on millions of innocent men women and children throughout the world against the relatively few numbers of personnel in actuality who are responsible for inflicting such suffering? Surely the greater suffering is that of the victims of the rapacious US foreign policy. Open the gates and send a warning to future spooks that their safety and anonymity cannot be guaranteed. That would go a long way towards fixing the problems in the world today.

A perfect solution, would involve deniability (the same thing the intelligence agencies use when they covertly commit their crimes). Since it is well known that many people have access to this trove of documents, it becomes a simple matter of plausible deniability by any one of the holders of these documents to simply pass them to someone who will do what needs to be done and publish the entire trove of documents.

The transmittal of the document trove can be accomplished anonymously and let the chips fall on the surveillance state where they may. It's time to gut the surveillance state. It's time to disempower the police state. It is time to become a fair and law abiding member of the planet earth once again.

I urge you to open the floodgates or else facilitate some third person or entity or automated process, which will do so. We are running out of time. We can gut this fascist police state here and now.

Voxnews Op Ed

Critics using BP America's Facebook page allege they have been harassed [Erika Blumenfeld/Al Jazeera]

Update: Public Relations firm Ogilvy has contacted Al Jazeera and denied that either "Griffin" or "Ken Smith" named as trolls in the report below have any affiliation with the company or with BP. Furthermore, in interests of full disclosure, it should be noted that Levin Papantonio, one of the partners of the law firm Levin, Papantonio, Thomas, Mitchell, Rafferty & Proctor, has recently been involved in legal action against BP.

New Orleans, United States - BP has been accused of hiring internet "trolls" to purposefully attack, harass, and sometimes threaten people who have been critical of how the oil giant has handled its disaster in the Gulf of Mexico.

The oil firm hired the international PR company Ogilvy & Mather to run the BP America Facebook page during the oil disaster, which released at least 4.9 million barrels of oil into the Gulf in what is to date the single largest environmental disaster in US history.

The page was meant to encourage interaction with BP, but when people posted comments that were critical of how BP was handling the crisis, they were often attacked, bullied, and sometimes directly threatened.

"Marie" was deeply concerned by the oil spill, and began posting comments on the BP America Facebook page. Today, she asks that she remain anonymous out of what she described to Al Jazeera as "fear for my personal safety should the BP trolls find out that I am the whistleblower in this case".

In internet slang, a troll is someone who sows online discord by starting arguments or upsetting people, often posting inflammatory messages in an online community, or even issuing physical threats.

Marie sought assistance from the Government Accountability Project (GAP), a non-profit group in Washington DC, and has produced boxes of documents and well-researched information that may show that the people harassing BP's critics online worked for BP or Ogilvy.

"We'd been hearing of this kind of harassment by BP when we were working on our health project [in the Gulf of Mexico], so it sparked our interest," GAP investigator Shanna Devine told Al Jazeera. "We saw Marie's documentation of more serious threats made on the BP page, and decided to investigate."

According to both Marie and Devine, some of the threats began on the page, but then escalated off the page.

Threats included identifying where somebody lived, an internet troll making reference to having a shotgun and making use of it, and "others just being more derogatory", according to Devine. "We've seen all this documentation and that's why we thought it was worth bringing to the ombudsman's office of BP, and we told them we thought some of it even warranted calling the police about."

Death threats

"We have thousands of documents regarding communications posted through various Facebook websites," said certified legal investigator Steve Lockman of Levin, Papantonio, Thomas, Mitchell, Rafferty & Proctor. "In addtion, we are in possession of communications between the federal government and the ombudsman's office of BP regarding the internet communications, and the federal government requesting BP to control the harassment through their Facebook page and their interactions."

"The harassment communications are not something that BP and their people are not aware of," Lockman told Al Jazeera. "It's not a hidden secret that the personal attacks, broadcast abuse, and type-written harassment were happening and continue to go on."

Marie provided the firm and Al Jazeera with files of complaint letters, computer screenshots of the abuse, and a list of Facebook profiles used by the people who harassed her and others.


"I was called a lot of names," Marie added. "I was called a streetwalker and a lot of things like that, and eventually had gun threats."

According to Marie, the harassment didn't remain on the BP page. Trolls often followed users to their personal Facebook pages and continued to harass them there.

"They resorted to very demeaning methods of abuse," Marie said. "They were racist, sexist, and threatened me and others with legal action and violence. They've insinuated that some commenters are 'child molesters', and have often used the tactic of mass reporting with the goal of having their targets completely removed from Facebook."

One troll using the name "Griffin" makes several allusions to gun violence, while another, named "Ken Smith" also harassed and threatened users, even going so far as to edit a photo of a BP critic's pet bird into the crosshairs of a gunsight, before posting the photo online - along with photos of an arsenal of semi-automatic weapons.

Another instance occurred involving "Griffin" and an environmentalist who posted a picture of a rendition of Mother Earth saying "Mother Earth Has Been Waiting for Her Day in Court, BP". "Griffin" posted a comment to the picture that read, "A few rounds from a .50 cal will stop that b**ch".

According to Marie, Lockman and GAP, BP's "astroturfing" efforts and use of "trolls" have been reported as pursuing users' personal information, then tracking and posting IP addresses of users, contacting their employers, threatening to contact family members, and using photos of critics' family members to create false Facebook profiles, and even threatening to affect the potential outcome of individual compensation claims against BP.

Marie, along with several other targets of harassment, wrote and sent two letters to BP America, asking the company to respond to the allegations and deal with the matter. Neither letter received a response, which is why Marie decided to contact GAP, as well as the law firm.

While Marie's evidence appears to tie Ogilvy and BP together via the trolls, the law firm Lockman works for is investigating further, in order to conclusively determine the extent of BP's involvement.

Spinning the disaster

Stephen Marino worked for Ogilvy during the BP disaster. BP had been a client of Ogilvy for five years before the spill, and when the disaster occurred, "we were responsible for all the social media for BP during the spill", Marino said during a lecture he gave at the University of Texas, Austin, on April 19, 2012.

His team, which he called the "digital influence team", was "responsible for the crisis response".  Marino told the audience that his job during the BP disaster was to run a reputation management campaign and gave this specific example of the depths to which Ogilvy worked to maintain a positive appearance for BP:

"We were putting out ads, if you guys remember those ads that came out where it would be Iris in the Gulf of Mexico and she'd be talking about how she grew up there and she wasn't going to go away," he explained . "The way we were working with the strategy on that was we would cut the ads one day, we would edit them overnight, we'd air them on Tuesday let's say, and then we'd look at social media to see what the response was to the ads - and based upon the feedback we were getting on social media, the advertising agency would then go back and re-cut the ads to fix the message to make it resonate more with what the constituents wanted… that was the first key strategy."

Chris Paulos, an attorney with the firm investigating Marie's case, believes this is a perfect example of "subversive attempts by corporations to put forward their ideology of what we should think about them, and doing it in a way that is not decipherable to the average person".

According to Paulos, the public should be concerned about this because we can no longer tell if people online are truly who they say they are, "or are working for a corporation and talking their script to control the dialogue about whatever issue they are addressing".

"We are in unprecedented times with technology, and [in] the disparity between the power of corporations and autonomous consumers," Paulos told Al Jazeera. " Citizens United has basically emboldened corporations with their ability to speak as individuals with First Amendment rights. Ever since that decision, corporations have been outspoken and vigorously protecting themselves while doing it."

BP's response

Billie Garde, BP's deputy ombudsman, in a letter to the Government Accountability Project dated December 18, 2012, stated clearly that "BP America contracts management of its Facebook page to Ogilvy Public Relations" and added, "Ogilvy manages all of BP America's social media matters".

p. 1
p. 2
p. 3
"According to BP America, Ogilvy has a group of 10 individuals in different time zones that perform comment screening of the page," wrote Garde.

Interestingly, Garde's letter addressed the fact that, at that time, according to Ogilvy's data, 91 percent of all the comments on BP's Facebook page were considered to be "unsupportive" of BP, while only nine percent were considered "supportive".  She added that "i n previous years, the number of comments that were 'unsupportive of BP was larger than the present 91 per cent ".

Her letter stated that Ogilvy follows a "three strike" policy for all comments, "meaning if they find a comment to be in violation of the commenting policy, they delete the comment and record a 'strike' against the user, and three strikes means a user is no longer able to comment on the page. It is also noted that Ogilvy will delete offending comments and send a note to the user indicating the comment was inappropriate".

Garde added: "BP America has informed our office that Ogilvy strictly adheres to the Commenting Policy as stated on the BP America Facebook page. This policy serves as the guidelines that Ogilvy follows when evaluating the appropriateness of comments. Ogilvy does not evaluate a comment with respect to it being a positive or negative statement towards BP. Likewise, they do not delete any comments based on either of these qualifiers."

According to Garde, BP America's Director of Employee Concerns Oversight, Mike Wilson, was apprised of the situation. Wilson was provided examples of harassment and was asked if the examples were reviewed by Ogilvy. "The discussion is ongoing, and Mr Wilson is addressing these specific concerns internally," Garde added.

A BP spokesman provided the following statement for Al Jazeera: "The BP America Facebook page, and its moderators, do not endorse or dictate any user activity. All users' comments and actions are their own. BP created the BP America Facebook page to engage the public in an informative conversation about our ongoing commitment to America and to facilitate constructive dialogue for any and all who wish to participate. No users are compensated for participating in the Facebook community. More information on our commenting policy can be found here ."

Marie, however, staunchly believes that BP is responsible for the pro-BP Facebook trolls.

"I have no doubt that they are, and I've found the links between the trolls and their friends who work for BP," she told Al Jazeera. "The Government Accountability Project, through the inquiry they're conducting for me, is still trying to find out. But we are being stonewalled on the other end, as far as BP doing some type of an internal investigation into these connections that I've uncovered."

According to Marie, the harassment "almost ceased completely at around the same time GAP received Garde's letter. I say 'almost' because at least two of the people who were involved in the prior harassment are still allowed to comment on BP's page to this day, and [one of those] was still checking on people's profiles to obtain their state of residence, and would use this against them on the page."

'Terroristic threats'

Lockman's investigation continues, as do the efforts of recovering additional documentation and sifting through information on hand that links the trolls to both BP and Ogilvy as well as to other subcontracted companies used by BP as creative storytellers.

"The information we possess regarding Marie's claims, printed out, fills two file boxes, and that does not include all the DVDs which are currently being duplicated at this time," Lockman said. "It is an unbelievable amount of documentation that has been developed. This documentation, support materials, and information is coming from several different sources. It is like a spider web and we just got started."

Al Jazeera asked the firm Lockman works for what the possible legal ramifications would be for the alleged actions of BP and Ogilvy.

"What these guys are doing is bordering on illegal," said Paulos the attorney. "Marie's allegations are that these guys have made overt acts beyond what they did online, and it does sound like people who've been the victims of these actions believe they are in imminent danger of bodily harm, and that can become the basis for a claim of assault."

Paulos went on to say that if people who had pending claims against BP were being targeted "it can become a claim of extortion or fraud, depending on how the money is being used". The same applies in cases where money or other benefits are offered in exchange for ceasing the harrassment.

Yet these are not the worst possible crimes.

"They [BP/Ogilvy] are obviously trying to silence folks who are opposed or critical of what they are doing," Paulos claimed. "But it appears as though it has moved into threats that can be considered terroristic threats depending on the intent behind them, so there are a lot of laws they can be treading on, including stalking, and tortious interference with someone's businesses. I understand they've called the workplaces of people on the websites, and depending on what's being said that may become actionable under US civil law. So there are a lot of ways they could be breaching the law based on the intent of their communication and how that has been received." 

Paulos believes Marie's case is an example of how corporations such as BP use their money and power to take advantage of a lack of adequate legal regulations over the use of internet trolls and vigorous PR campaigns, and that this should give the general public pause.

"Marie's story shows that corporations do not refrain from cyber-bullying, and they are doing it in a very aggressive fashion."

Other harassment

Linda Hooper Bui, an associate professor of entomology at Louisiana State University, experienced a different form of harassment from BP while working on a study about the impact of the oil disaster on spiders and insects.

"BP was desperately trying to control the science, and that was what I ran into," Bui told Al Jazeera. According to her, BP's chief science officer "tried to intimidate me", and the harassment included BP "bullying my people" who were working in the field with her on her study that revealed how "insects and spiders in the oiled areas were completely decimated".

While collecting data for the study, Bui and her colleagues regularly ran into problems with BP, she said.

"Local sheriffs working under the auspices of BP, as well as personnel with Wildlife and Fisheries, the US Coast Guard - all of these folks working under BP were preventing us from doing our job," Bui explained. "We were barred from going into areas to collect data where we had previous data."

Bui said personnel from the USCG, Fish and Wildlife, and even local sheriffs departments, always accompanied by BP staff, worked to prevent her from entering areas to collect data, confiscated her samples, and "if I'd refused to oblige they would have arrested me" - despite her having state permits to carry out her work.

Bui has also been harassed online, by what she thinks was "a BP troll", but she remained primarily concerned about what BP was doing to block her science. Her frustration about this prompted her to write an opinion article for The New York Times , titled A Gulf Science Blackout .

That is when she received a call from BP.

"August 24, 2010, at 7:15am the morning my op-ed was published, I received a call from BP's chief science officer who tried to get me to be quiet," Bui said. "He said he'd solve my problem, and asked me how much money I needed."

Bui explained to him she was only interested in being allowed to conduct her studies, and was not interested in working with BP, "that I was publishing science and it involved the entire scientific community", and she never heard back from him.

She believes her method of dealing with the overall situation was a success. "When somebody starts to mess with me, I publicise it and say: 'Don't f**k with me,'" she concluded. "And if you do, I'm going to go very public with it, and that's what I did."

BP did not respond to Al Jazeera for comment regarding her specific allegation.

GAP's Shanna Devine told Al Jazeera she believes the onus is on BP to investigate the possibility that there is a connection between the harassment and Ogilvy and BP employees.

"But so far they've taken a very hands-off approach," she explained. "They've not taken responsibility and they are not willing to share information with us."

Follow Dahr Jamail on Twitter: @DahrJamail


Encryption and Operational Security for Journalists

Very important caveat: These tools MAY NOT be 100% effective. The latest information we have is that they are likely to help protect your communications, but governments including the U.S. have made progress in breaking or circumventing some cryptographic technologies.

If you or your source is truly a high-value target of a government, protecting yourself will require far more effort. To get an idea of what people do when they are really serious about security, please read this post first:http://grugq.github.io/blog/2013/06/13/ignorance-is-strength/

Now that you have seen what you might need to do in the future, let's move on to what you should download in the meantime.

GoalPlatformTool NameDifficultyWebsite
More anonymous Web browsing Both Tor Browser Bundle * * torproject.org (downloads)
Secure IM Mac Adium * * adium.im
Secure IM Windows Pidgin + OTR * * * pidgin.im
Encrypted email + text Windows GPG4Win * * * * * gpg4win.org
Encrypted email + text Mac GPG Tools * * * * * gpgtools.org
Sending encrypted email Both Thunderbird + Enigmail * * * * * mozilla.org/thunderbird
Protecting files on your computer Both TrueCrypt * * * truecrypt.org
More secure file deletion Both CCleaner * * piriform.com/ccleaner (Windows)
piriform.com/mac/ccleaner (Mac)
Encrypted group chat Both CryptoCat * crypto.cat

Tor Browser Bundle



  1. Download the tor-browser-2.4.17-beta-1_en-US.exe file. Make sure you choose to "Download" it rather than "Run", since where you put the file matters. Save it to your Downloads folder or your Desktop.
  2. Once it’s fully downloaded, double-click the file. It will show a prompt asking you where to extract the files to — you shouldn’t need to touch this. Simply click "Extract." You'll see a "Tor Browser" folder appear next to the file you downloaded.
  3. Delete the tor-browser-2.4.17-beta-1_en-US.exe file you originally downloaded.

Mac OS X

  1. Download the TorBrowser-2.4.17-beta-1-osx-i386-en-US.zip file.
  2. Once it’s fully downloaded, double-click the file to unpack it. You'll see a TorBrowser_en-US app appear next to the .zip file you double-clicked.
  3. Move the TorBrowser_en-US app to your Applications folder.
  4. Delete the TorBrowser-2.4.17-beta-1-osx-i386-en-US.zip file you originally downloaded.


  1. Open the Tor Browser application.
    • Windows: Go to the "Tor Browser" folder you extracted, and open the Start Tor Browser program inside it.
    • Mac: Open TorBrowser in your Applications.
      • Mountain Lion users: you might get an error that the app “can’t be opened because it is from an unidentified developer”. If this happens, right-click on the app (or hold down “Control” on your keyboard and then click on the app) to show a menu on the file. Then hold down the "Option (Alt)" button on your keyboard and click the “Open” option in the menu. You will be asked if you are “sure you want to open [the app].” Once you click “Open,” you won’t need to go through these steps again for this app.
  2. You will see a “Vidalia Control Panel” pop up. You can ignore it and simply wait as the Tor software starts to connect to the network. This may take a few minutes.
  3. Once Tor is ready, the browser will automatically appear. It should also load a page that tests whether you are connected to Tor or not.

    To further test out the Tor browser connection, you can try to access the following site in the Tor browser:http://tigas3l7uusztiqu.onion/
    This is simply a copy of my personal website, hosted at a ".onion" address. These addresses are only accessible via Tor, so this is a fairly bulletproof method for testing out your copy of Tor.

    If everything works as expected, then you’re browsing with Tor!

  4. When you are done using Tor, you can close down the browser normally — but make sure you also press "Exit" on the Vidalia window, too.

Details & Gotchas

Tor works by relaying your traffic through three other computers, each of which can only see the traffic that it recevies and the traffic that it relays back out. (Traffic is encrypted three times: the traffic you send out can only be decrypted by the first machine you send it to. The message it decrypts gives it instructions to send the rest of the data to the second computer. The second computer is the only one that can decrypt the traffic at that point. ...And so on. "Tor" stands for "The Onion Router", due to the layered way that this works.)

Tor only tunnels the raw traffic from your browser — it does not sanitize any of the information you actually send. So, if you are logging into websites under your real identity while using Tor, you are likely still leaking this to the website you are visiting — and you are likely leaking it to the final node in the Tor circuit.

Because Tor relies on volunteers providing computers to act as relays, the anonymity that Tor provides has limitations — if an adversary controls a large portion of Tor nodes, they can analyze and correlate Tor traffic.

Adium (Mac OS X)


  1. Download the Adium_1.5.7.dmg file.
  2. Once it’s fully downloaded, double-click the file to mount it. The window should automatically appear.
  3. Copy the Adium app from inside to your Applications folder.
  4. Eject the "Adium 1.5.7" mount on your desktop, then delete the Adium_1.5.7.dmg file you originally downloaded.

First-time usage

Adium supports using chat accounts of all types, including AOL Instant Messenger, Facebook Chat, and Google Talk. You can use these accounts with Adium and use OTR encryption just fine. But this still gives metadata to the service: AIM/Facebook/Google still knows who you are talking to and how often. (They just don’t have the content of your messages now.)

Instead of using an existing account, we’ll go about setting up a separate “secure” account at jabber.ccc.de. This is a chat service provided by the Chaos Computer Club — a German hacker/activism group known for open data and privacy advocacy — and is used by many in the security community.

  1. The first time you open Adium, a "Welcome to Adium!" window will open. Ignore it and close the window.
  2. In the top-left of your screen, open the "Adium" menu and go to "Preferences."
  3. In the "Accounts" tab, press the "+" (plus sign) button and choose "XMPP (Jabber)".
  4. Pick a username you want (stick to letters/numbers/underscores) and add "@jabber.ccc.de" to the end of it. Enter this in the "Jabber ID" field.
    • i.e.: mtigas@jabber.ccc.de, test12345@jabber.ccc.de, etc.
  5. Enter a password for this account. (Ideally you won't use the same password as on other sites.)
  6. Click "Register New Account."
  7. Enter jabber.ccc.de in the Server field. (Leave Port set to 5222.) Click "Request New Account."
  8. You'll get a message that your account was successfully registered. (If not, repeat steps 4-7 again, but with a different account name.)
  9. Before leaving this menu, go to the "Privacy" tab and change the Encryption option to "Force encryption and refuse plaintext".
  10. Press OK. Adium should connect your account automatically. You can now close the settings window.
    • If you get a "Verify Certificate" warning, click "Show Certificate", check the "Always trust "jabber.ccc.de" when connecting to "jabber.ccc.de", and then press "Continue".


Adium should automatically connect to jabber.ccc.de and log you in when you open it.

To add someone to your buddy list:

  1. Go to Contact (at the top of your screen) and hit "Add Contact".
  2. Change Contact Type to "XMPP".
  3. Type their username in the Jabber ID field.
    • You can test this out by trying to add me:  This email address is being protected from spambots. You need JavaScript enabled to view it.
  4. You can type their real name in under Alias since usernames aren’t always intuitive.
  5. Press "Add".

When someone adds you to their buddy list, you will see an Authorization Request pop up. Press "Authorize & Add" to accept them and to add them to your own buddy list.

When instant messaging somebody:

The first time you talk to somebody with OTR encryption, you will need to verify that the user you are chatting with is actually the person they say they are.

Adium should prompt you for an OTR Fingerprint Verification. Note the "purported fingerprint" for your buddy. Using some other communication method (phone, etc.), verify this key. Then hit "Accept". If you can't verifiy it right now, you can hit "Verify Later" and simply chat with the person, but this does not prevent someone from pretending to be the buddy you want to talk to.

For more security

You can set Adium to tunnel your jabber.ccc.de connection over Tor. This routes your connection over Tor so that the Chaos Computer Club servers cannot identify you by IP address.

  1. In the top-left of your screen, open the "Adium" menu and go to "Preferences."
  2. In the "Accounts" tab, click on your jabber.ccc.de account and then press "Edit".
  3. Under the "Proxy" tab, check the "Connect using proxy" box and use the following settings. Leave "Username" and "Password" blank.
    • Type: "SOCKS5"
    • Server:
    • Port: 9150
  4. Under the "Options" tab, set the Connect Server to okj7xc6j2szr2y75.onion.
  5. Press "OK".
  6. Launch Tor Browser Bundle (as above). Wait for the browser to finish connecting and for the Tor browser to show up.
  7. Uncheck the checkbox for your jabber.ccc.de account and then re-check it.

From now on, you will need to launch Tor Browser Bundle and wait for it to connect before launching Adium. Connecting tojabber.ccc.de will be very slow when you first open Adium, but your chat connections will be tunneled such that your IP address cannot be inferred by the chat server.

Pidgin (Windows)



First-time usage

Pidgin supports using chat accounts of all types, including AOL Instant Messenger, Facebook Chat, and Google Talk. You can use these accounts with Pidgin and use OTR encryption just fine. But this still gives metadata to the service: AIM/Facebook/Google still knows who you are talking to and how often. (They just don’t have the content of your messages now.)

Instead of using an existing account, we’ll go about setting up a separate “secure” account at jabber.ccc.de. This is a chat service provided by the Chaos Computer Club — a German hacker/activism group known for open data and privacy advocacy — and is used by many in the security community.


Pidgin should automatically connect to jabber.ccc.de and log you in when you open it.

To add someone to your buddy list:


When instant messaging somebody:


For more security

You can set Pidgin to tunnel your jabber.ccc.de connection over Tor.


Thunderbird + Enigmail

  • Website:
  • Download:

TODO / DRAFT. Below instructions are early draft-quality at this point.


1: Install GPG4Win (Windows) or GPGTools (Mac OS X)

  • GPG4Win: Download the full GPG4Win package and then install it as you would a normal program.
  • GPGTools: Download the GPGTools/GPGSuite package and open it. Double-click the "pkg" file inside it to install the toolkit.

2: Install Thunderbird

3: Set up your e-mail account

Open up Thunderbird and set up your Gmail account (or whichever e-mail account you want to use). Thunderbird should prompt you and walk you through it when it starts up (if you haven't already set up an account). If you have issues, see their documentation.

4: Install Enigmail into Thunderbird

  • In the top menu, go to Tools->Add Ons.
  • Click on the "Extensions" tab.
  • At the top of that window, there will be a "gear" icon to the left of the search box. Click it and choose "Install Add-on From File..."
  • Go to the "enigmail-1.5.2-tb+sm.xpi" file you downloaded and choose that to install it.
  • The add-on screen will say that Thunderbird should restart before it’s active, so let it do that.

Now that Thunderbird’s open again, if you’re still in the "Add-ons Manager" tab, close that to go back to your inbox.

5: Generate a GPG key

In the top menu, you'll now see "OpenPGP". Click that and go to "Key Management".

This Key Management screen should be empty unless you already generated a GPG key in another program. To generate a key:

  • While in "Key Management" screen, click on "Generate" in the top menu and then "New Key Pair".
  • Choose the e-mail address you set up and make sure "Use generated key for the selected identity" is checked.
  • Type in a password to protect this key. Leave "Comment" blank. (This is a note that shows up next to your name. If you make multiple keys or if you have an alias or nickname that everyone uses, you can put that info here.)
  • Under "Advanced" tab, change "Key size" to 4096.
  • Generate the key.
  • When it asks you if you want to make a Revocation Certificate, just skip that step for now.

In "Key Management", you'll see a listing for your name & email address. It should be in bold, which means that it’s a key containing the "private" portion of the key.

6: Upload the GPG key somewhere

(NOTE: Skip this step if your e-mail address is sensitive & should not be published in any public directories.)

The "public" part of the GPG key is the part that other people need so that they can send you encrypted mails. You can either upload this to your website or to a "key server" (which is basically an e-mail directory that shows if there are GPG keys available for a given e-mail address). These instructions are for uploading to a key server, since that's usually the easiest way to go.

In the "Key Management" window, right-click on the entry for your name/e-mail. Click "Upload keys to keyserver". Type "pgp.mit.edu" in as the keyserver and press OK to upload. (There shouldn't be any confirmation prompt. An "uploading" screen should appear and then it should just go away.)

You can test if it worked by going to http://pgp.mit.edu/ and searching for your name or e-mail address.

7: How to send an encrypted e-mail to someone.

If you're e-mailing someone who already has a PGP key -- basically, anybody who has done the above steps -- you can start sending them encrypted messages and they can start sending you encrypted messages.

In the "Key Management" window, click on "Keyserver" at the top menu and click "Search for Keys".

  • You can look for someone's e-mail address in here. Test it out on mine: mike AT tig DOT as (change words to punctuation to make it a real e-mail address)
  • Sometimes someone has multiple keys (since old ones sometimes expire or are lost). Mine is 6E0E9923.
  • This ID is very important to verify with people, since nothing stops a person from generating a fake "Mike Tigas <...>" key and uploading it to a server. (They won't be able to send e-mail from my Gmail account, but they can make it confusing & hard for people to find my correct key.) This is why my business cards & website & Twitter bio all mention my key ID.
  • Click the checkbox" next to my 6E0E9923 entry and press OK to download it from the keyserver.
  • Some output will appear. Click OK.
  • Now, there will be an entry for me in your Key Management window. It will not be bold, because you only have the "public" portion of the key.

Now that you have the public key for me, you can test sending an encrypted message.Close the Key Management window and write a message in Thunderbird.

  • Address it to me: mike AT tig DOT as (of course, turn this into a real e-mail address)
  • Write whatever message you'd like.
  • Click on "OpenPGP" in the message window and you'll get some options. You'll want to sign and encrypt the message. (PGP/MIME is useful if you are sending attachments, but it only works with people who have Enigmail, and not with people who use PGP in other ways. So I try to avoid it.)
  • In the bottom-right corner, you'll see a pencil and a key icon -- which represent signing & encrypting. You can use these instead of opening the OpenPGP menu, too. (Make sure to look at these before sending any message — I've heard that Enigmail sometimes turns off encryption randomly, so it's good habit to make sure to explicitly check this every time you need to send a message.)
  • Send the message. Thunderbird will ask you for the password you used when you set up the GPG key (back in step 5).

8: Receiving encrypted mail from others

The other person will have to basically do the things in step 7, but with your e-mail address instead.

When you receive a message, Thunderbird will ask you for the password you used for the GPG key, so that it can unlock it and decrypt that message.

9: Sharing the key with other people

Since you uploaded your key in step 6, you'll need to tell people where to find it and make sure you publish this information in several places so that there's some level of verification. A good way to do this is:

  • search for your name at pgp.mit.edu
  • find the entry for you and click the link where the ID is (not the "Name " part).
  • link to this page on your blog or e-mail people a link to this page.

This isn't the only way to do this.

If you skipped step 6, you'll want to directly share your key and sidestep the whole directory system. You can use the Key Management window and press "Export Keys to File" or "Send Public Keys by Email". Make sure you export the Public Key only. Sharing this file or sending this message will let the recipient add the key to their own computer. (From the Key Management window: File->Import Keys from File, or if received from an e-mail and copied it: Edit->Import Keys from Clipboard.)

When exporting your Public Key to a file, you can upload this file to your blog or somewhere and link to it from a place where folks would be able to find.

Now you basically have a system where people who know about PGP can e-mail you securely:

  1. They can find you in a keyserver and use that key to e-mail you
  2. They can find your key on your website (or if you have e-mailed them that link directly) and have seen that your key ID matches in several places.

Media Watch (you're being lied to)

Vox Exposes CNN as US taxpayer subsidize…

Vox Exposes CNN as US taxpayer subsidized propaganda

Vox dismantles the argument that RT News is any more state sponsored than CNN is, (or the rest of th... Read more

CNN caught inserting fake gunshots into …

CNN caught inserting fake gunshots into broadcast

The Anatomy of a Media Hoax.In this video Voxnews analyzes what appears as fraudulently inserted gun... Read more

Stephen Hawking Says "There Is No G…

Stephen Hawking Says "There Is No God" - Media Ignores Statement

The worlds leading physicist Stephen Hawking categorically announced that there is no god. All major... Read more

Open Letter to Glen Greenwald - Voxnews …

Dear Mr Greenwald,The stated rationale for not releasing the bulk of the Snowden documents is that i... Read more

BP 'trolling' its Facebook critics

Critics using BP America's Facebook page allege they have been harassed [Erika Blumenfel... Read more

Encryption and Operational Security for …

Encryption and Operational Security for Journalists Very important caveat: These tools MAY NOT be 1... Read more

THE POLLS ARE FAKE (have been for a long…

by Andrew StephensHomogeneous News Polls are used to determine the public’s opinion on many topics,... Read more

Richard Dawkins Destroys Bill O'Reilly

Watch Author and Oxford Professor Richard Dawkins, destroy the dissembling imbicile Bill O'Reilly on... Read more

copyright 2012 vox information sciences

Login or Register



User Registration
or Cancel