[[Media:Guide_to_Computer_Security.pdf‎|'''Guide to Computer Security''']] was produced by tpka [[Colonel Abrams]] after a consultation with the [[Newgon.com]] forum community. It explains how you can protect data stored on your hard drive and stay anonymous on the internet. The guide should be read by anyone who has a special interest in avoiding the scrutiny of [[Vigilantism|cyber-vigilantes]] and corrupt law enforcement officers. It should ''not'', however be seen as a vital first step to participation in [[Newgon.com]] or any similar websites.

The guide can be downloaded as a PDF here: [[Media:Guide_to_Computer_Security.pdf‎|Guide to Computer Security]]

==Protecting data stored on your hard drive==

===Locking down Windows===
Windows at its default settings is an insecure operating system. Having been designed for mass
consumer/commercial usage, it tries to be all things to all people. Consequently, it has a tendency to run unnecessary services, store/hide private information in numerous, often hidden, locations, and exposes your PC to unnecessary security risks.

====Disable unneeded services====
Many of the services in Windows are unnecessary, and some are security risks (e.g. the 'Remote Registry' service, which permits third party network access to the computer's system settings). There are numerous online guides giving advice as to which services you can safely disable. [http://www.optimizingpc.com/optimize/windowsservices.html] [http://www.prestwood.com/aspsuite/kb/document_view.asp?qid=100274]

====System Restore points====
By default, Windows saves a backup of your system settings at regular intervals (and therefore may store information that is ideally kept sensitive) in case you need to roll-back the system to an earlier point in time. Most computer problems can be fixed via other methods however, and if you don't use/need System Restore you can disable it (via Control Panel / System / System Properties / System Restore tab).

====Hibernation====
If you don't use hibernation, ensure that this is disabled, since otherwise it will intermittently save anything that you are currently working on to your hard drive in plain text form – even encrypted documents – which could later be retrieved. (Control Panel / Power Options / Hibernate tab / uncheck 'Enable Hibernation').

====Pagefile/Swapfile====
By default, Windows creates a file on your hard drive (pagefile.sys) which it uses as additional computer memory, and it shifts running processes to this file on the hard drive when necessary. Many modern PCs have sufficient RAM (e.g. over 1 GB) not to need this file. You can disable it via Control Panel / System / Advanced tab / select 'Settings' button under the 'Performance' heading / Advanced tab / Virtual Memory / Change / select 'No Paging File' / click 'Set' / click 'Ok'.

'''NOTE''': Disabling the pagefile is contentious, and the debate around this is unresolved [http://www.codinghorror.com/blog/archives/000422.html] Provided you have a reasonably fast CPU and a decent amount of RAM, you should not encounter any problems. If you do need the paging file for some reason, or your RAM capacity is not sufficient to do without it, you should at least ensure that it is securely wiped when the computer powers off (see Section 1.3.1., below). In addition, the pagefile can be encrypted using a dedicated encryption product, such [http://www.jetico.com BestCrypt].

====Windows Security Center====
The built-in Security Center and Windows Firewall are highly ineffective. Disable them via the Control Panel, and use a third party Firewall instead (see Section 1.2, below).

====Windows Privacy Tools====
In addition to the above steps, you can utilize easy-to-use, one-off, privacy tools to tighten up Windows settings. See, e.g. [http://cmia.backtrace.org/index_en.html Security and Privacy Complete] and [http://www.xp-antispy.org/ XP Anti-Spy].

====Alternative Software====
Avoid using Microsoft software (e.g. Office, Outlook Express, Internet Explorer, Windows Media Player) so far as possible. Since they are designed to collaborate with one another, most of them leak personal information all over the place. Use open-source alternatives so far as possible (which typically also have the added benefit of being much less resource-hungry). For example, consider using:
*[http://www.openoffice.org Open Office suite] instead of MS Office (Word, Excel, etc). Particularly important for office software is to remember to disable 'auto-save' in the program options – since if you are working on an encrypted file the document may be saved to your drive as plain text during an auto-save.
*[http://www.mozilla.com Thunderbird] or [http://www.eudora.com/email/features/windows/ Eudora] instead of Outlook Express
*[http://www.mozilla.com Firefox] or [http://www.opera.com Opera] instead of Internet Explorer
*[http://www.videolan.org VLC Media Player] or [http://sourceforge.net/projects/guliverkli/ Media Player Classic] instead of Windows Media Player
*[http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm Foxit PDF Reader] instead of Adobe Acrobat Reader.

===Avoiding Malware===
The commonly talked about threats to computer data surround the execution of malevolent code on your PC, in the form of viruses, trojans, spyware, etc. Discussion of this topic usually revolves around damage to your data or identity theft by cyber-criminals for financial gain; but it is also crucial to ensure that you are protected from malware that could benefit other adversaries. One obvious aspect is keylogging software: you can come up with the most complex passwords to protect your data, but if there is a keylogger on your PC capturing each keystroke you enter, the password might become worthless. Equally insidious is the use of 'copware' – malware planted on your PC via LEA pecifically
targeting you [http://www.infiltrated.net/cipav.pimp]. Such software frequently arrives on the target's PC via email attachments. Standard email advice applies, e.g:

*Disable HTML in your emails – in most webmail and desktop email clients there is an option to do this in the settings (eg. in Thunderbird: 'View' menu / uncheck 'Display attachments inline' and check 'View message body as...plain text')
*Use Anti-Virus software that scans emails as well as files
*Don't open attachments from unknown sources

In addition, further advice includes:

*Check regularly for the presence of hardware keyloggers (a small device fitted to your PC designed to record keystrokes as an alternative to software keyloggers). The device will appear inconspicuous, and could, for example, resemble a traditional USB-type plug. Also consider applying a drop of paint (or, e.g. correction fluid) to the screws in the back of keyboards, making it easier to see if the hardware has been tampered with.
*When encrypting data, and where given the option to do so, use 'keyfiles' in addition to passwords. This is an available option with some encryption programs, which enables you to specify a file(s) on your hard-drive (perhaps a photo, for example) that must be entered in addition to a password. This will help protect against keyloggers (though not against malware that also captures mouse-movements).
*If practicable, you could also use an on screen keyboard (OSK) to enter passwords (thereby using the mouse rather than the keyboard).
*Zero-emission pads: Surveillance teams can remotely scan the electromagnetic emissions from your computer monitor, e.g. as you type a passphrase (google TEMPEST for technical details). You can use a replacement text editor that enables you to view and/or edit text in a special font and screen that allegedly 'diffuses the emissions from your computer monitor efficiently enough to defeat TEMPEST surveillance equipment', such as this one [http://geocities.com/phosphor2013/zep.zip]
*So far as security software is concerned, you should have one Firewall, one Anti-Virus (AV) program, and one Anti-Spyware (AS) program, all providing 'real-time' protection. For completeness, you could also install a second AV and/or AS program and/or dedicated anti-trojan software (such as [http://www.misec.net/ TrojanHunter]) – not to operate in 'real-time' (since a software conflict is possible) but just to perform regular scanning of your PC.
:Firewalls, AV and AS vary considerably in effectiveness (as well as in the amount of your PC's resources that they use). Check PC magazines for test results, or check online sources for the most effective protection. Good sources of information are sites such as [http://www.wilderssecurity.com Wilders Security Forums] and [http://www.matousec.com/projects/firewall-challenge/results.php Matousec].
:It is sometimes rumored – though to what extent this is likely is debatable – that major AV/AS companies may turn a 'blind-eye' to copware. Here is one advantage of using standalone products, e.g. separate AV, AS and Firewall software each from a different company, rather than the easier option of relying on a single security suite such as Norton or McAfee. In addition, some software is notorious for 'phoning home' regularly – Zone Alarm, for instance, frequently (more so than necessary) contacts its company's servers without notifying the user. It may therefore be desirable to turn off 'automatic updating', and manually update software at (say) daily intervals; and for persistent software (e.g. Zone Alarm) you can prevent it from contacting its servers by making simple changes to the Windows 'hosts' file [http://labnol.blogspot.com/2006/02/prevent-zonealarm-from-phoning-home.html].
*In counteracting malware, you should also keep an eye on which programs are running on your PC, and whether any software has set itself to startup when you boot Windows. Both can be checked via Windows' built-in tools:
**to view running processes, open Task Manager by right-clicking on the taskbar and selecting the 'processes' tab. You can identify any processes you do not recognize online, by looking them up at sites such as [http://www.whatsrunning.net/whatsrunning/ProcessInfoCentral.aspx].
**to check which programs are set to start when you boot Windows, go to Start / Run... then enter “msconfig” in the box (without the quote marks). In the window that appears, the last tab marked 'Startup' lists these items. Many of these are inserted by software, and are unnecessary. To check whether it needs to run at startup, identify the program at the following site: [http://www.sysinfo.org/startuplist.php] and uncheck any that are not needed. (Note, this has the added advantage of substantially reducing the PC's boot time).
:As an alternative to these built-in Windows tools, you could use a freeware program to keep a closer eye on running processes and startup items, such as [http://www.whatsrunning.net/whatsrunning/main.aspx What's Running], [http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Process Explorer] or [http://www.nirsoft.net/utils/cprocess.html CurrProcess]
*Keep up-to-date all your software that uses network connections, such as your browser, anti-virus software, and all security products.

===Cleaning / Erasing===
Windows stores a vast amount of information about your activities, which should be cleaned up on a regular basis.Note that such traces, along with any files that you chose to get rid of, should be securely erased rather than just deleted. This distinction between 'deleting' and 'erasing/wiping' is a crucial one. Deleting data in the standard way merely makes the data invisible to Windows – it remains on the hard disk until it is overwritten by other data. Instead of deleting, data should be securely 'erased' or 'wiped' (i.e. it is overwritten a number of times with random data so that it becomes unrecoverable).

====Erasing files====
There are numerous tools available for securely erasing files. One simple, freeware, tool is [http://www.heidi.ie/node/6 (Heidi) Eraser]. This has various features, one of which is to insert itself into your context menu, such that when you right-click a file, you just select 'Erase', and it will wipe the file according to the number of 'passes' that you specify. Another useful feature is 'Erase Secure Move': usually when you move files from one place to another, behind-the-scenes Windows actually copies the file to the new location, then deletes the existing file – which suffers from the above-mentioned issue of the deleted file being recoverable. With the Erase Secure Move option, after the file is copied to the new location, the existing file will be wiped, rather than just deleted.

'''NOTE''': Eraser can also be set to erase the Windows 'pagefile' on shutdown/restart (see 'Locking down Windows', Section 1.1, above).

====Erasing disk space====
Files that are deleted automatically by Windows (e.g. temporary files which it has created), or files that have been deleted by the standard method without having been wiped as above, will be simply be hidden in 'free disk space' until overwritten. To ensure that these have been removed, regularly wipe the 'free disk space' on your hard drive – again, Eraser (above) is good for this purpose.

====Cleaning traces====
Most software stores information about your usage – e.g. Internet browsers keep a record of details such as your browsing history, downloads, and cookies; PDF readers store a history of the last few files you've read; Office products keep a record of recently opened documents and perhaps unusual words used therein; media players store details of recently played files; Windows itself stores temporary files, prefetch data, memory dumps, and so on. A simple way to erase all such tracks in one go is to use dedicated 'cleaning' software. For example, [http://www.ccleaner.com/ CCleaner] is a decent freeware program which will erase these tracks for you. In the settings options, you can select the number of times such traces should be 'wiped', rather than simply deleted.

'''NOTE (1'''): All decent erasing/wiping/shredding software will allow you to specify the number of times that the data will be overwritten – typically, you can choose to overwrite data once, three times, seven times or thirty-five times, depending on the sensitivity of the data. There is some debate as to whether modern hard drives require as many passes to irrevocably destroy data – Googling this issue will produce much discussion. To be on the safe side, a minimum of three 'passes' is suggested. Naturally, the more 'passes' over the data you select, the longer it will take. Be aware that, say, shredding the entire free disk space on a hard drive (which may be hundreds of gigabytes) will take a significant amount of time.

'''NOTE (2)''': If wiping data on flash memory (e.g. USB sticks), wiping individual files is insufficient to make them irrecoverable, due to the way such memory writes data. See the special section on USB drives (Section 1.5, below).

===Encryption===
Broadly-speaking, “computer forensics” involves inspection of the computer hard drive for evidence as part of a legal investigation. In the event that your PC is seized, investigators or other adversaries will search it for the 'activity traces' referred to in the previous section, as well as stored files and documents, and other evidence of how the PC has been used (e.g. checking the Windows Registry for evidence of which USB drives have been used – since details of such devices, including their serial numbers, are stored there). The goal of encryption is to make data unintelligible, so that, even if your data is seized, it cannot be read.

A brief note on the medium which you may be using: first, there is the hard drive. Typically, Windows will be installed onto partition C of the hard drive (and unless you have created other partitions, this may make up the entire physical drive). Data may also be stored on external, USB hard drives; on flash memory drives (USB sticks / pen drives); on floppy disks, CDs and DVDs. It is important that, on whichever medium you store sensitive data, that data are encrypted.

====Individual files====
There are numerous tools available to encrypt data, offering various different options. Some software will simply encrypt individual files – they will still be visible on the hard disk, but a password will be required to open them. Other software offers a greater range of options, such as creating a 'vault' on your hard drive of a specific size, into which you can place sensitive files without having to encrypt each file individually.

[http://www.truecrypt.org TrueCrypt] is highly recommended for your encryption needs. It enables both the creation of encrypted files, as well as the ability to encrypt an entire hard drive partition, or an entire device (e.g. a USB stick). It also allows for the creation of 'hidden volumes' – a partition/device can be encrypted, then within this encrypted container a second, encrypted contained is created. This is primarily so that if you are forced to decrypt the 'outer'
volume, on which you might store a few sensitive-looking, but unimportant files, it will not be evident (and cannot be proved) that there is a second, hidden volume. (NB. For various security reasons, encrypting partitions or devices is preferable to encrypting individual files – the
TrueCrypt manual explains these in detail.)

The advantage of the open-source TrueCrypt over most other encryption software is the 'plausible deniability' aspect. It is impossible to prove that a partition or device encrypted with TrueCrypt is in fact encrypted. Upon forensic analysis, the partition or device appears to simply be filled with random data – as though there is nothing on the partition or device. This is crucial in authoritarian regimes, e.g. the United Kingdom, which has enacted a criminal offense (punishable by up to 2 years, or 10 years in terrorism cases) of 'failing to decrypt' (or provide the password to
enable decryption) when demanded by the authorities. Obviously for such a law to be used against you, it would have to be established that you had some encrypted material in the first place. With a TrueCrypt-encrypted device or partition, this should be impossible to prove.

'''NOTE''': If you are working with individual encrypted files (rather than storing files in a container or partition) and are using USB flash drives, see Section 1.5 on USB drives below.

====System Drive / Full Disk / Whole Disk Encryption====
The disadvantage of only encrypting individual files or external devices is that computer forensics can still reveal much about your computer usage from the system partition (the drive on which Windows is installed) and – importantly – sensitive details such as your browsing history, bookmarks, emails, and email contacts addresses, may be accessible. Details of your contacts is one of the first things an adversary will check for, which they will use to 'broaden' their investigation, perhaps by targeting those contacts. There is therefore an obligation to protect not only yourself, but also those with whom you correspond.

Computer forensics is essentially rendered ineffective by encrypting your entire system drive (typically the C: drive in Windows). This is the ideal position: if the adversary cannot access your hard drive to begin with, you have gone along way to defending your data. The latest versions of TrueCrypt (versions 5.0 and upwards) have an option for encryption of the system drive (or the entire hard drive, if it has more than one partition). It is very simple to use, and will ensure that no one can access your hard drive without first entering the correct password prior to the computer booting (and also makes it more difficult for adversaries to plant data on your hard drive). A detailed reading of the TrueCrypt manual is essential in order to encrypt the system drive effectively.

One consideration for those in countries in which failure to disclose a password is a criminal offense (just the UK at present, though this will undoubtedly be extended to other countries), is that where your entire hard drive (or just the system drive) is completely encrypted, you lose an element of plausible deniability. TrueCrypt system encryption, for example, stores its 'boot loader' (the information necessary for the computer to boot) on the first cylinder of the hard disk – which will obviously be visible to a forensics team. It is possible to remove the boot loader and instead boot from a CD which has the TC boot loader installed, though obviously this is more inconvenient.

In any event, whether or not the boot loader is present, it remains the case that it cannot be proved that the hard drive itself is encrypted – the remainder of the drive will still appear as random data. So from this point of view, you are still protected from 'failure to disclose password' laws. Nonetheless, having to explain away an internal hard drive with a TC boot loader, and “nothing else” on it, will be tedious (depending on how convincing you can be that you had “coincidentally, just recently wiped the hard drive”). Therefore it may be felt preferable to use other tactics to increase plausibility.

One such tactic is to install Windows to an external hard drive, or to a USB stick, and encrypt it with TrueCrypt. You can then keep your 'dummy' Windows installation with no compromising data on the PC's internal hard drive, and boot to the external hard drive or USB stick to use your 'real' Windows. Technically, Windows does not want to be installed to external devices – but it can be achieved. There are numerous guides available on the web; one of the most succinct set of instructions is available at [http://www.ngine.de/index.jsp?pageid=4176] – and the project also has a useful forum for resolving issues. For installing Windows to an external device to work, it is necessary that your PC's BIOS is capable of booting to external devices – most recent computers (built in the last few years) can do this, but if you have an older PC, check its ability to do so by doing a web search on its model.

If utilizing this method, your 'computer' effectively lives on your external device, while you maintain a dummy system on the internal drive. This has the added advantage of portability – your Windows installation can be kept in a secure place when not in use, etc. Again, the TrueCrypt boot loader will reside on the first cylinder of the external device – but it is certainly more plausible to have an external device with “nothing on it” than an internal drive (particularly if you take the extra step of removing the TrueCrypt boot loader and booting the device from a CD).

'''NOTE''': While the latest version of TrueCrypt (6.0 and upwards) now enables the creation of a hidden, encrypted system drive – by utilizing a 'dummy' system partition, with the real system partition hidden – at the time of writing it is not ideal: to ensure complete plausible deniability it has very stringent requirements, e.g. the real system partition should not be used to access the Internet (which partly defeats the object), files cannot be copied from the real partition to other
media, the dummy partition must be accessed regularly to make it appear plausible, etc. It may be felt that until a more substantive hidden operating system is available, this latest feature should be used circumspectly.

===Security Note on USB Drives and Wear-Leveling===
When writing data to a USB flash drive, a PC uses a 'logical address' on the drive. However, this logical address is distinct from the flash drive's 'physical block address' – since most USB flash drives use a 'wear leveling' technique. Wear leveling – i.e. shifting data around the physical blocks of the flash drive – prevents the same physical block being used over and over (in order to preserve the life of the USB drive).

Consequently, any time updated or new data are written to the flash drive, such data will be written to a new physical block, regardless of the address of the old block, and any old/amended data is just deleted (not wiped).

This raises a number of security issues, e.g:–

#Securely wiping' (e.g. with Eraser) an individual file on a flash drive is potentially ineffective, since the random data that is used to overwrite could be written to a different physical block; the existing data will simply be deleted, rather than wiped.
#Encrypting individual files could potentially suffer similar problems – e.g. when decrypting a file, amending it, then re-encrypting it.

These issues can be resolved by either securely wiping the entire flash drive (not just wiping individual files) or by encrypting the entire flash drive (rather than encrypting individual files on it) – since then it makes no difference to which physical block the new data is being written.

Ideally the latter approach should be used for all USB flash drives on which sensitive data is placed – encrypt or wipe the entire USB drive – as necessary. For any existing USB flash drives on which this approach has not been taken, it would be advisable to format and wipe the USB drive completely, then start using it afresh with this 'entire USB drive' approach.

===Other Methods===
There are of course many, many alternatives to the security suggestions outlined above, such as using any or all of the following:

====Live CDs====
Live CDs are an excellent alternative to encrypting the entire system drive. Essentially, an entire operating system (usually Linux-based) is on the CD, and whenever you want to boot to your OS, you simply boot the CD rather than booting to your hard disk. Should you not want to encrypt your hard drive, you could use the OS on there for all non-sensitive tasks, and use the Live CD for Internet access / other sensitive tasks.

Running an operating system from a Live CD means that the PC's hard drive does not get used at all – and is therefore not subject to problems of leaving behind 'traces' to be recovered by forensics. There are some limitations with Live CDs e.g. a limited range of software can be run from them, and since the CD is read-only (as the point is not to save any data, which could be recovered!) any data you do want to save while working within the CD, or settings you want to keep, should be saved to an (encrypted) USB drive. Its simplicity ensures that this remains an attractive alternative, and it is worth keeping an eye on developments in this area. For some examples of Live CDs, see [http://www.nu2.nu/pebuilder/ Bart's PE] on how to create your own live bootable Windows CD or see http://www.livecdlist.com/ for a list of pre-built, mostly Linux-based alternatives.

An excellent example of a pre-built option is the [http://www.browseanonymouslyanywhere.com Incognito Live CD] – this an operating system on a CD which is pre-configured to use the Tor network for all Internet access – including emails and web browsing.

====Portable Applications====
If installing an entire operating system to an external drive/USB stick, or using a Live CD, are not desired options, another alternative is to use 'portable applications' – standalone versions of existing software that can be run from a USB stick and do not save files or settings to your hard drive in the way that regular applications do. The idea is simply to prevent data being saved to your hard drive – the application files and data (including settings such as bookmarks, emails, etc), will be stored entirely on the USB device (which could be encrypted using a program such as TrueCrypt). See, for example, http://portableapps.com/ for an entire portable suite of software (including commonly-used programs such as Firefox, Thunderbird, Open Office, etc.).

The use of portable applications may prove a practical and easy method of protecting your most sensitive data without going to the lengths of full disk encryption. One drawback is that there will still be traces of the USB drive having been used on that PC, and any monitoring software (firewalls, AV, etc.) is likely to have a record of an application on the USB drive (eg Firefox) having been run, which you might be called upon to explain. Nevertheless, this is an inconvenience more than anything, and so long as the USB stick itself is encrypted, the data will be safe. To increase the protection, this method could be combined with the following option.

====System Drive Emulation software====
Such software effectively prevents data being written to your hard drive by creating a clone of the system partition (typically drive C: in Windows – which includes system files, page file, registry files, application data and program files, etc.) as it looks when it is booted, in the computer's RAM. Once the system is shut down/restarted, this clone will be restored, thereby returning your system drive to the position it was before any data was written. An example of such software is the freeware program [http://www.returnilvirtualsystem.com/index_files/rvspersonal.htm Returnil]. Simple to use, it is 'switched on' when necessary, and from that moment nothing that takes place (programs installed, software used, etc.) is permanently recorded; all normal computer operations appear to take place, but in fact these changes only take place for the duration of the session – upon restarting the PC there is no evidence that any such activity has occurred.

With reference to the previous item – Portable Applications – an advantage of using combining drive emulation software with running portable apps from a USB drive would be that, once the PC was shut down/restarted, there would be no evidence of the applications on the USB stick (eg Firefox) ever having been run (and further, no evidence that the USB stick was ever plugged into that computer).

====Virtual Machines====
Another alternative to running a separate installation of Windows on an encrypted device is to employ a virtual machine. Such software (e.g. VirtualBox, at www.virtualbox.org) enables you to create a virtual operating system on your existing computer. In this way, you could run a dummy copy of Windows (or any other OS) on the main hard drive, then boot to a virtual copy of Windows which could reside in an encrypted file or partition on the hard drive. One drawback of this technique (other than the additional system resources / RAM consumption it requires) is that it is not guaranteed that traces of the virtual systems may not still appear in the 'real' system, since the two systems share some resources (and frequently, a network connection).

==Protecting data while in transit over networks (Internet, Email, etc)==
Whenever data is on the move – whether in the form of sending/receiving email, surfing the web, chat, downloading via P2P, viewing streaming media files, etc – it is at risk of interception. Data is transferred via different protocols (e.g. 'http' for web traffic, 'pop3' or 'smtp' for email, 'ftp' for some file uploads/downloads, etc). All the 'standard' forms of protocol (including those just mentioned) are sent over networks in plain text format – meaning that the data is visible to anyone who intercepts the traffic (your ISP, crackers, LEA, etc). The goal is therefore to utilize methods of secure communication so far as possible, irrespective of the data that is being transferred.

===Email===
Most commercial email addresses (including any email addresses supplied by your ISP) typically use insecure protocols. This will be apparent by checking the ports they use to communicate. If you use a desktop email client (eg. Outlook, Outlook Express, Eudora, Thunderbird) you will find this information under the 'Settings' option. If your email communicates via standard ports (usually port 110 for POP3 (i.e. incoming email) and port 25 for SMTP (i.e. outgoing email), it is being transmitted unencrypted – and therefore potentially visible to everyone.

There are various techniques that can be employed to enhance the security of your emails:

*Check your email provider's website to see if they offer an encrypted option (i.e. sending and receiving email via SSL (secure socket layer)). Usually this will simply be a matter of changing the port used in your email client's account settings – e.g. changing the ports to ports 995 (SSL POP) and 465 (SSL SMTP).
*Avoid using email addresses provided by an ISP, and instead use dedicated email providers, such as Fastmail,Hushmail, SafeMail, and so on. Examples of such providers can be found in Section 3 below, or at [http://epic.org/privacy/tools.html EPIC's website]. Specialized email providers enhance your security by limiting the amount of information transferred to the recipient in the hidden email 'header' – which in the case of standard email providers (ISPs, Hotmail, etc) provide the recipient with far too much information, such as the IP address of your computer, the operating system that you use, and even which email client you used to send the email).
*Use a dedicated form of email encryption, such as PGP. This utilizes public key encryption – the drawback being that the people with whom you communicate must also use public key encryption. Encourage others that you correspond with to do this. See 2.1.1. for more information.
*Anonymous Remailers can be used to conceal from the recipient the origin of the email (see Section 2.3 for further details).

====PGP====
In 'public key' cryptography, two different keys are used: one key is secret and the other is made public. Anybody sending you an email simply encrypts their message to you using your public key. The public key is obviously not secret – in fact it may be spread widely so that anybody can find it if they wish to send you encrypted email (you can upload the key to a public key server to do this; though you may prefer just to give your public key to specific correspondents). The only way to decrypt an incoming message is with your secret key. The process works in reverse when sending email: you encrypt an email using the recipient's public key, which only they can decrypt using their
private key.

The original, and most well-known, program of this type is PGP, invented by Phil Zimmerman. There is now an OpenPGP standard, with which all software using public key cryptography should comply. Consequently, other programs are becoming popular, such as the open-source [http://www.gnupng.org GNU Privacy Guard (GnuPG)], which is OpenPGP compliant and compatible with other Open PGP tools (including PGP itself).

After downloading the software, you simply use it to create a pair of keys – one public and one secret key. The public key can then be given to your correspondents which they will use to encrypt messages to you, which you can then decrypt using your private key. There are some programs which make the process of encrypting/decrypting easier via the use of 'add-ons'. Some email clients (e.g. Thunderbird) have add-ons (e.g. [http://enigmail.mozdev.org/home/index.php Enigmail], which takes care of the encryption/decryption process on your behalf; the Firefox browser also has an add-on (see [http://getfiregpg.org/ FireGPG]) which enables you to easily encrypt text for pasting into a website, for example.

===Web-Surfing===
Whenever you request a web page via your Internet browser, in very basic terms what is happening is this: your browser sends the request for data to the server hosting that website, which then replies, and transfers the data to your computer, which is then recreated in your browser. Consequently, any request you make (whether by clicking on a link, or manually entering the site address) is transferred over the Internet via standard protocols (see introduction to this section, above) – typically for the Internet this will be http.

Accordingly, this request for a particular web page is sent over the networks in plain text and so will be visible to anyone who is monitoring your activity (e.g. your ISP or other adversaries), and also reveals to the site you are visiting information about who you are (your computer's unique IP address) and information about your computer (which browser you use, what language/location settings you use, what the current time is on your PC, etc). In addition, in order to find that site, your browser needs to translate the address of the web page (e.g. (“amazon.com”) into its numeric equivalent – which it does by consulting a domain name (DNS) server. In a standard home Internet connection, the DNS server will be owned by your ISP – so the ISP has a second method of recording which sites you visit. Note that you can change your DNS server to one not owned by your ISP: see [http://www.opendns.com/ OpenDNS] for the relevant address to use.

The upshot of the above is clear: both the site you visit, and your ISP (and anyone intercepting), knows the unique IP address assigned to your computer, and what data you are viewing. To avoid this, various options are available to 'anonymize' and/or encrypt your web surfing:

====Free proxies====
This is the weakest level of 'anonymity' – these are sites (e.g. http://www.w3privacy.com) which enable you to access another site, without that latter site seeing your IP address, i.e. your request is sent to the 'end' site using the proxy site as a intermediary. In such a case, the site you ultimately visit sees the request for data as emanating from the proxy site, not from your computer. This does not protect you against surveillance by your ISP, and the data transferred is typically unencrypted and therefore visible to anyone else monitoring your connections.

====Commercial software====
These are companies (e.g. Anonymizer, see Section 3 for an extensive list) which provide software which effectively bypasses surveillance from your ISP by creating an encrypted 'tunnel' between your computer and that company's server. In practice, this means that before making the data transfer from your PC (in the form of, say, a request for a web page), the software will encrypt this request, and then direct it to be forwarded from your ISP's servers to the proxy company's server. When it reaches the latter, the request will be decrypted and forwarded on to the relevant website. When that website returns the data, the reverse will take place. The effect of this is that:

#your ISP cannot see which websites you are accessing – all it can see is that you are communicating with the company's server, not which websites you visit thereafter. (So if you were surfing the web for (say) 3 hours, from your ISP's point of view, they could see that traffic was passing back and forwards to your PC, but you would only appear to be receiving traffic from one address (the proxy company's server), and the contents of that traffic would be encrypted)
#the website you are visiting cannot see who you are – since as far as they know, they are receiving the request for data from the proxy company's server, and simply return it to that server.

The weak link in this chain will be apparent. While you are protected from your ISP, and from the websites you visit, the commercial proxy company knows who you are and (potentially, if they keep logs, what you are doing). The significance of this will vary according to the circumstance. If the sites you are visiting are merely sensitive (rather than illegal in your jurisdiction), the fact that the commercial proxy knows what you are doing is of little importance (particularly if – as recommended – you chose one in a different jurisdiction to your home country). You may, for example, simply not want your ISP to know that you visit boychat.org. The commercial proxy would be adequate for such uses.

Check the terms and conditions of the commercial proxy company – in particular, whether they keep logs of your activity (for example, some log everything; some do not log origin and destination, but only record the quantity of data passing through, etc). Also, check which forms of data they will support – some commercial proxies will only encrypt Internet traffic (the http protocol), others (genuine 'VPNs') will encrypt all forms of protocol (whether it is Internet, email, file-sharing, etc). For additional security, look for a commercial proxy that offers anonymous payment methods and, ideally, is outside the US/EU.

In summary: the advantage of using a commercial proxy is that it gives you a level of protection from monitoring by your ISP, and from the sites you visit, and generally you suffer little or no loss of speed in browsing. A potential disadvantage is that the commercial proxy knows who you are. For this reason, when accessing more sensitive sites, you may wish to employ other methods, such as Tor.

====Tor====
The basic idea of [http://www.torproject.org/ Tor] is to protect your privacy by disguising the route of data to and from your PC, as well as encrypting the traffic.

Broadly-speaking, the Tor software will create a chain of at least 3 proxies, through which your data will pass – each interim stage in this chain only knows who sent the data to it (the previous proxy) and who it should forward data to (the next proxy in the chain).

Effectively, this means that if you want to visit, say, Site A, Tor will encrypt this request, and pass it to the first link in the chain (Proxy 1), with encrypted instructions on where to send it thereafter. Proxy 1 will forward the encrypted request to Proxy 2, Proxy 2 will forward it to Proxy 3, etc. Thus, Proxy 1 only knows Proxy 2, Proxy 2 only knows Proxy 1 and Proxy 3, Proxy 3 only knows Proxy 2. The final link in this chain (known as the 'exit node') transfers the request to your ultimate destination (Site A). The process is then repeated in reverse. From the point of view of the user, this process happens invisibly – once the software is up and running, you merely use your browser as normal.

(It should be noted at this point that once the data leaves the final link in the chain, it is no longer encrypted – at least until data is returned from your final destination to the first link in the return journey. This is only really significant if you are providing identifying information, e.g. entering a password into a webmail server – since then it is apparent that the request has come from you).

The obvious advantage of this procedure is that there is no commercial proxy in the middle. No single point in the chain knows both you and your ultimate destination. This is arguably the most secure form of anonymizing web traffic.

Some disadvantages are:

#There is an initial learning curve with Tor – nevertheless, there is extensive documentation on the Tor website to assist with this, and once you have set it up and used it a few times, it becomes second nature.
#As part of this learning curve, it is crucial that you configure your browser correctly, and a second piece of software – e.g. Privoxy – should be used to filter data such as your computer's DNS requests (see above) over the Tor network. Again: this is not as complicated as it sounds in abstract, and is made easier for Windows users by the GUI package (Vidalia) which includes all the necessary software (including Privoxy, and a quick-configuration button for Firefox users).
#It should also be pointed out that when using Tor, your browsing will be slowed considerably – which is to an extent inevitable given the number of different servers the traffic passes through, each of which may have different bandwidth allotments. Tor will therefore be unsuitable for downloading large files (and possibly streaming data, such as Youtube or other streaming media). Its primary use will be for visiting particularly sensitive websites.
#Related to the previous point, at the present time Tor only encrypts limited forms of protocol – primarily http traffic – which effectively limits its use to visiting web sites.
#There have been a number of stories about breaching Tor's anonymity. Such instances tend to be a consequence of user implementation, rather than any flaw in Tor itself. More specifically, when using Tor, ensure that Javascript is disabled in your browser (since it is due to malicious scripts that Tor can be compromised. This can be done manually (in Firefox, go to Tools / Options / Content / uncheck 'enable Javascript'), or through the use of an Add-on such as [http://noscript.net/ NoScript], which automatically blocks scripts unless you permit them on a sire-by-site basis.

It will be clear from the above consideration of Email and Web Surfing that there is no 'perfect' solution to online anonymity. Experts would say that 'true' anonymity is impossible. As long as you are transferring data from one computer to another over a network, there will be attempts made to intercept or track that data content and movement. Nonetheless, utilizing a combination of the above methods, depending on the circumstances and the sensitivity of your activities, offers significant protection against surveillance.

'''NOTE''': Regardless of whether an anonymous connection is used, your browser should be as secure as possible, since there are numerous browser vulnerabilities that can expose your PC to malware. Javascript, Flash, Shockwave objects – all of these can compromise your anonymity. Firefox is highly recommended as a more secure browser than Internet Explorer, and can be further customized with Add-ons to increase security. NoScript, referred to above, is particularly desirable. Other security-related Add-ons are referred to in the Links section, below.

===Other Network Usage (Chat, Anonymous Remailers, File-Sharing)===
Similar anonymity considerations apply to any form of network activity, including Chat, P2P/File-Sharing, Usenet, etc. Typically, all such traffic is carried unencrypted over public networks, and is therefore capable of surveillance by the ISP and interception from other adversaries. Wherever possible, utilize security and anonymity tools to protect the privacy of such data.

*For chat/IM, [http://www.cypherpunks.ca/otr/ OTR (Off The Record)] is an excellent plugin. Even if your contacts' private keys are determined, your private conversations are not compromised.
*For posting messages on Usenet, consider using an anonymous remailer, which forwards messages without revealing where they originally came from. Anonymous remailers utilize the same 'onion router' principle behind Tor: they remove personal data from the message, encrypt it, and pass it through a chain of 'post offices' until the last remailer in the chain forwards the message to the recipient. As with Tor, the idea is to make the message untraceable to the sender.
:The main issue with remailers is whether/how a recipient can reply to the message, given that its source is untraceable. Different types of remailers handle this differently. 'Pseudonymous remailers' are the most basic: they are typically unencrypted, and merely apply a pseudonym to the sender and forward the message to the recipient, who can then reply via the remailer. 'Cypherpunk remailers' typically encrypt the message and pass it through numerous hops on the chain to the recipient; generally the recipient cannot reply to such messages. 'Mixmaster' and 'Mixminion' remailers offer more advanced features, and seek to address issues such as the capacity for the recipient to reply to a message that has come from an 'untraceable' source. These generally require dedicated software.
:One example of such software is OmniMix: http://www.danner-net.de/om.htm, which is designed for Windows, and can be used to send email and Usenet postings through the Mixmaster anonymous remailer network. OmniMix is straightforward to install, and can also be run from a removable device such as a USB stick.
*When downloading from file-sharing networks (e.g. Limewire, Shareaza, etc.), it is important to know that not only is the traffic unencrypted (and therefore visible to, e.g. your ISP), your IP address is made available to anyone you are sharing with – and there is every possibility that the latter could be LEA or other adversary. A new breed of 'anonymous' networks are continually being developed, which generally seek to utilize the onion routing principle – traffic is encrypted and the origin/destination of the requested file are proxied. For examples of these, see:
**[http://freenetproject.org/ Freenet]
**[http://www.gnunet.org/ GNU Net]
**[http://antsp2p.sourceforge.net/ Ants]
**[http://www.stealthnet.de/en_index.php StealthNet]

For a more detailed comparison of the different programs available, see http://www.zeropaid.com/software/file-sharing/ and http://www.anonymous-p2p.org/programs.html

==Useful Links==
'''NOTE''':Inclusion of links should not be taken to imply endorsement of particular software

===Cleaning traces, erasing and general encryption software===
*[http://www.ccleaner.com/ CCleaner] - shreds/wipes sensitive traces of activity
*[http://www.heidi.ie/node/6 Heidi Eraser] - secure erasing software for individual files and free disk space
*[http://www.dban.org/ Darik's Boot and Nuke (DBAN)] - a boot disk that does a government-standard wipe of hard drives
*[http://www.truecrypt.org TrueCrypt] - open-source encryption software
*[http://www.jetico.com BestCrypt] - commercial encryption software

===Email providers, remailers, and email encryption===
*[http://www.fastmail.fm/ Fastmail] - email provider
*[http://www.hushmail.com Hushmail]- email provider
*[http://www.alicemail.net Alice Mail] - email provider
*[http://www.anonymousspeech.com Anonymous Speech] - email provider
*[http://www.cotse.net Cotse] - email and SSH provider
*[http://www.stack.nl/~galactus/remailers/bg2pgp.txt Beginner's Guide to PGP] - email encryption guide
*[http://axion.physics.ubc.ca/pgp-begin.html PGP for beginners] - email encryption guide
*[http://www.cryptography.org/getpgp.txt The PGP Faq] - email encryption guide
*[http://www.pgpi.org/ PGP] - email encryption software
*[http://www.gnupg.org GnuPG] - Linux/Windows email encryption
*[http://www.gpg4win.org/ GPG4Win] - Windows-based email encryption
*[http://enigmail.mozdev.org Enigmail]- plugin for Thunderbird Email client to manage encryption
*[http://quicksilvermail.net QuickSilver] - email remailer client
*[http://www.danner-net.de/om.htm OmniMix] - anonymous remailer
*[http://www.cypherpunks.ca/otr/ OTR (Off The Record)]- a plugin for encyrpting chat/IM

===Anonymity online===
*[http://www.torproject.org/ Tor] - open source anonymity project
*[http://www.i2p2.de/index I2P] – Anonymity, similar to Tor
*[http://www.janusvm.com/ JanusVM] - Anonymity, similar to Tor
*[https://www.relakks.com Relakks] – commercial VPN
*[http://goldens.com/ Goldens] - commercial VPN
*[http://xerobank.com/ Xerobank] - commercial VPN
*[http://shadowvpn.com/ ShadowVPN] – commercial VPN (consumer version of Xerobank)
*[http://www.jondos.de/en/ JonDos] - commercial VPN
*[http://www.steganos.com Steganos] – commercial VPN
*[http://www.swissvpn.net/ SwissVPN] – commercial VPN
*[http://www.cryptotunnel.com CryptoTunnel] – commercial VPN
*[https://www.anonymizer.com Anonymizer] – commercial VPN
*[http://www.trilightzone.org/index.html TrilightZone] – commercial VPN
*[http://www.privoxy.org/ Privoxy] - web filter proxy
*[http://www.proxomitron.info/index.html Proxomitron] - web filter proxy
*[http://www.opendns.com/ OpenDNS] - set your DNS addresses using OpenDNS, instead of using your ISP's DNSs.
*[http://www.stunnel.org/ Stunnel] - use in conjunction with SSL-equipped connections

'''NOTE''': When purchasing commercial products, ensure you check the providers' terms & conditions, particularly regarding their jurisdiction, privacy, reporting and logging policies. Do some research on the different companies' products, e.g. by searching their name at Wilders Security Forums. Use alternative methods of payment wherever possible, such as using prepaid web money/debit cards that you don't need ID to buy.

===Firefox add-ons===
*[http://noscript.net/ NoScript]- Many browser security holes are related to Javascript. Block scripts entirely, until expressedly permitted on a site-by-site basis.
*[http://cookieculler.mozdev.org/ CoookieCuller] - can be set up to delete all cookies, or just but keep cookies for trusted sites
*[http://flashblock.mozdev.org/ FlashBlock] - blocks flash content until you permit it
*[https://addons.mozilla.org/en-US/firefox/addon/125 SwitchProxy] - Manage and switch between proxies
*[http://getfiregpg.org/ FireGPG] - a Firefox plugin that facilitates the use of GnuPGP encryption
*[https://addons.mozilla.org/en-US/firefox/addon/953 Refcontrol] - blocks or fakes your referrer ID

===Miscellaneous privacy/security software===
*[http://cmia.backtrace.org/index_en.html Security and Privacy Complete] - tighten up Windows security
*[http://www.xp-antispy.org/ XP Anti-Spy] - tighten up Windows security
*[http://keepass.info/ KeePass] - an open-source password manager
*[http://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx TweakUI] - change some hidden Windows settings
*[http://www.nirsoft.net/utils/cports.html CurrPorts] - see your open ports
*[http://www.nirsoft.net/utils/cprocess.html CurrProcess] - See info about processes running in your computer
*[http://windirstat.info/ WinDirStat] - disk usage statistics viewer and cleanup tool
*[http://phoenixlabs.org/pg2/ PeerGuardian 2] - open-source software for blocking anti-p2p organizations, but could also block known governments' and corporations' IP addresses for non-p2p purposes
*[http://www.7-zip.org/ 7-zip] - compression & encryption tool
*[http://peazip.sourceforge.net/ PeaZip] - open-source compression & encryption tool
*[http://www.cs.fit.edu/~mmahoney/compression/#paq PAQ]– open-source high-compression tool
*[http://www.sandboxie.com Sandboxie] – run your browser inside a 'sandbox' to prevent malware from gaining access to your system
*Pre-paid debit cards / Anonymous web money: see http://www.card444.com and http://www.money-around-the-world.com/ (US), [http://www.paysafecard.com PaySafeCard](EU)

===Sources for technical advice/support===
*[http://www.wilderssecurity.com Wilders Security Forums]- forums for information relating to security matters and a vast range of security/privacy software
*[http://epic.org/privacy/tools.html EPIC 'Online Guide to Practical Privacy Tools'] - a vast array of links to privacy software
*[http://www.somersaultforums.org/techforum/ Sommersault's Technical Forums]– a friendly forum for advice on computers matters
*[http://forums.truecrypt.org TrueCrypt Forums](or any other software site for product-specific information)
*An old BoyChat post with useful advice on how not to accidentally out yourself: https://www.boychat.org/messages/1107524.htm

<u>'''FINAL NOTE'''</u>: If you follow the procdures outlined in this guide, you will be a long way to protecting yourself -- but please remember that there is no such thing as 100% computer security. Stay safe.

'''<u>Disclaimer</u>: All material provided in this guide is intended as introductory guidance only, and should not be used as an alternative to undertaking your own research. No representation is made as to the current accuracy of the information and links provided.'''

[[Category:Advice]]

Guide to Computer Security (Archive)

2009-06-10T07:02:29Z

Innormal: Finished wikitext. Errors to watch for: extra line breaks, bad bullets/numbering, awkward links

Guide to Computer Security (Archive)

2009-06-10T06:11:12Z

Innormal: Started wikitexting

Talk:Guide to Computer Security (Archive)

2009-06-08T23:05:43Z

Innormal: /* Wikitext? */

==Wikitext?==

Would it not be better to have a wikitext version of this document? What with the constantly changing nature of this technology? [[User:The Admins|The Admins]] 20:59, 8 June 2009 (UTC)

:Sounds good to me... I'll do it if nobody has any objections [[User:Innormal|Innormal]]

NewgonWiki:Mirror Project

2009-06-06T03:13:40Z

Innormal:

__NOTOC__We encourage use of the following resources to help build NewgonWiki articles. Where the material is available under the GNU FD License, it may be copied fully. This does not mean that it should, as new content must always conform to our accepted quality controls.

==[http://boywiki.org BoyWiki.org]==

Back online. Some excellent articles, but some need vetting for obvious BL/FS-bias, fact-checking, preachy/sentimental tone, babbling, formatting, etc.

'''Categories''' (please expand articles from these and delete)

* http://en.boywiki.org/wiki/Category:Famous_boylovers Famous boylovers
* http://en.boywiki.org/wiki/Category:People People
* http://en.boywiki.org/wiki/Category:Famous_people Famous people
* http://en.boywiki.org/wiki/Category:Encyclopedia

'''Articles''' (theirs, ours)

* http://en.boywiki.org/wiki/NAMBLA_Bulletin [[NAMbLA Bulletin]]
* http://en.boywiki.org/wiki/Will_Mcbride [[Will McBride]]
* http://en.boywiki.org/wiki/Paidika:_The_Journal_of_Paedophilia [[Paidika]]

==[http://williamapercy.com/wiki/ William Percy]==

See [http://williamapercy.com/wiki/index.php?title=Portal:Scholars_%26_Activists] for example. Some of this site has been hastily bodged (watch out for Wikipedia facsimiles), but there exist some gems.

==[http://en.wikipedia.org Wikipedia]==

Excellent source, but just check for bias. Will be good for sex offender issues and others where the editors are "on our side" (satanic panic, etc).

==[http://newgon.com/redir.php?http://web.archive.org/web/*/http://www.childlover.org CL Wiki]==

An admin now has personal copies of just about all the useful articles we could retrieve, and plans to vet and eventually upload them. But by all means, someone can take a dive/see what they can find in this old wreck.

==[http://newgon.com/prd PRD]==

Really old, pre-wiki resource we have archived. Lots of research and literature.

==[[Alcibiades info|Alcibiades]]==

Some beginning materials. Few citations/sources, though... and might be some bias.

Temp: Alcibiades info

2009-06-06T03:08:33Z

Innormal: For the mirror project. Could somebody please categorize this (I'm not sure what to put it as)?

This is the contents of a file that was sent to me by 'Alcibaides', who was a member of [[PIE]] in the 70s/80s. He was active on boylover.net until he was arrested in July 2008. Before he was arrested he was beginning to compile historical documents relating to pro-pedophile activism.

==Groups==
[[The Berry List]]
:(= "BL" ) Early US-based internet chatroom for invited notables from the pre-internet paedophile movement, a simple precursor to BLISS, BL.net and other more ambitious vehicles for online paedophile communication.

[[CAPM]]
:The Campaign Against Public Morals was initially formed in 1980 as a defence committee for Tom O’Carroll and his PIE co-defendants at the 1981 trial for “Conspiracy to corrupt public morals”. The committee was soon hi-jacked by two radical paedophiles (Dave Landau and Tim Brown) with a different agenda, hostile to PIE, so that O’Carroll resigned from his own defence committee. In 1981 CAPM produced a quasi-anarchist booklet that was as much a critique of O’Carroll, his book, PIE and its politics as it was of the trial and society’s disdain for the freedoms and capacities of children. Their political analysis was strong, their sense of solidarity less so.

[[Childhood Sensuality Circle]]
:A radical/libertarian US lobby located in San Diego – but seemingly just the one person Valida Davila – who addressed questions such as circumcision and the rights of children to sexual self-determination. Released the “C.S.C. Nusleter” in the early 1980s. See also the San Diego based Sexual Freedom League.

[[DPA]] (Danish Pedophile Association) [http://danpedop.sexualpolitik.se]
:DPA wound up formally in 2004 pending government investigation. A Ministry of Justice report in 2005 exonerated the group of any illegality and took the view there would be no legal grounds for shutting it down. DPA still maintains a webpage in Danish/English (though stressing that the group is no longer active).

[[Gwain]]
:(circa 1993) A London based group formed as a response unit to reports and items appearing in the media. This “Readers & Writers Group”, which included some individuals with a background in PIE or Minor Problems, met regularly for several years, inviting guests from the press or academic research fields. Negotiations with a BBC producer towards a “fly on the wall” programme about life as a paedophile in the UK came to nothing, but several members participated in a Channel 4 programme “The Devil Among Us” by Guardian columnist Dea Birkett.

[[PAL]] (The Paedophile Action for Liberation)
:The Paedophile Action for Liberation was a more militant agitprop group established in London circa 1977. Short-lived, it folded after a venomous front-page tabloid spread on its inaugural meeting. One of its founder members, Keith Hose, became the second chairman of PIE.

[[PFS]] (The Paedophile Frienship Service)
:The Paedophile Friendship Service was a one-man outfit in Wood Green, London, set up by a former committee member of PIE who had sold colleagues’ names and addresses to the tabloid press. Released a couple of editions of “P.F.S. News” and Promptly Folded Silently.

[[Pedofil Arbeidsgruppe i Norge]]
:Paedophile Workgroup of Norway. Between 1975-81 published the NAFP Bulletin from an Oslo postbox. Scanned versions available at http://www.pedofili.info/Bulletin.htm

[[The Rene Guyon Society]]
:US group of the late 70s which was the true source of the motto “Sex before 8 or else it’s too late” – often falsely attributed in the media to NAMBLA.

[[Sexual Freedom League]]
:San Diego group of the the late 70s with an emphasis less on paedophile relationships that incest and a generalised sexual freedom within families.

==People==
[[Hardy Sigrid Scheller]]
:Driving force behind (and founder of?) the Swiss paedophile group S.A.P., the only European group with a heterosexual paedophile leaning. <confirmation needed>

[[Peter Tatchell]]
:Prominent UK gay rights campaigner and central figure of the protest group Outrage. An occasional TV pundit for controversial issues, he has frequently attracted notoriety for staging very public confrontations with figures such as the Archbishop of Canterbury and Robert Mugabe. Author of “The Battle for Bermondsey”, describing his abortive attempt to win a London parliamentary seat for the Labour Party.

[[Frank Torey]]
:US ex-patriate editor of Coltsfoot Press, PAN magazine, personal friend of Edward Brongersma and a prominent link in the paedophile grapevine worldwide, notably for those who wanted no part of the organised paedophile groups. Died circa 1995 < confirm >

==Journals/Publications==
[[The Betrayal of Youth]]
:(= “Boy”) Anthology of essays on paedophile questions edited and self-published in 1984 by former PIE committee member Warren Middleton, who was one of the defendants at the first “Conspiracy to Corrupt Public Morals” trial.

[[Better Life magazine]]
:1970s American precursor of the journals and newsletters released by later paedophile groups, “Better Life” (= “BL”) published in Beverly Hills California, was an A4 magazine of artwork, photos, essays and poetry. The Jan/Feb 1976 edition (vol 3/1) carried a Frits Bernard article “The Phenomenon of Pedophilia” (reprinted in the June 76 C.S.C. Nusleter).

[[The Body Politic]]
:Canadian upmarket gay journal which published the highly controverisal article “Men Loving Boys Loving Men”, circa 1980, resulting in several attempted prosecutions against the paper. See also Gay Community News Boston – these two were exemplary among the mainstream gay press for their unequivocal supportive stance on consenting paedophile (man/boy) relationships.

[[Coltsfoot Press]]
:Ex-patriate American publisher John Stamford established Spartacus Press in Baarn, near Amsterdam, to produce travel guides and photo magazines in English for the gay market. Under the label Coltsfoot Press his colleague Frank Torey launched PAN magazine in 1979 – later Paedo Alert News, when the publisher Pan threatened a lawsuit – for the homosexual paedophile (or “BL”) market. PAN was an A5 glossy boy magazine interspersed with articles, short stories and news reports. Coltsfoot Press went on to publish erotic boy fiction, anthologies of paedophile stories – Panthology - and the autobiography of prominent Dutch paedophile Senator Edward Brongersma, a personal friend of Torey’s.

[[Contact!]]
:Cheaply produced A5 newsletter for PIE which consisted entirely of members’ letters. After the 1981 PIE trial had rendered it illegal for rank & file members to communicate directly by post, this was the only means to enable them to hear one another’s voices prior to the advent of internet bulletin boards. Published from 1982/83, Contact! 6 resulted in the second PIE trial, of editor Steven Freeman and two committee colleagues, Roger Nash and David Joy, on charges of “incitement” to illegal sexual activities with children – it had contained a letter examining the question of intercourse. Nash and Joy (neither of whom were connected with the editing of that paper) were imprisoned in 1984. Steven Freeman left the UK prior to the trial to seek political asylum in Holland, but six years later was deported back to the UK and stood trial in 1991. He too was imprisoned, for “publishing an obscene article”. PIE wound up shortly after the 1984 trial, its committee too demoralised to continue.

[[Coq]]
:A Danish company producing pornographic magazines and films for the homosexual paedophile market during the 1970s and early 80s, when it was not an offense in most countries to buy or possess such material.

[[Panthology]]
:Annual series of softback anthologies of “stories about boy-love” published by Pan-Spartacus, Amsterdam and edited by Frank Torey. Most of the contributors were pseudonymous. “Panthology One” (1981), 192pp, ISBN 90 70154 15 3 (including works by Casimir Dukahz, Hakim). “Panthology Two” (1982), 192pp, ISBN 90 70154 21 2 (including works by Casimir Dukahz, Kevin Esser, Hakim).

==Non-fiction books==
[[Beispiel Peter Schult: Pådophilie im Öffentlichen Diskurs]]
:(“Paedophilia in Public Discourse – E.g. Peter Schult”) by Florian Mildenberger, pub: Bibliothek Rosa Winkel. Schult also wrote an autobiography – “Besuche im Sackgassen” from the same publisher.

[[Childhood and Sexuality: a radical Christian approach]]
:John L Randall : Dorrance Publishing (Pittsburgh) 1992 : hardback 298pp : ISBN 0-8059-3284-4 : “In this provocative treatise, John L Randall uses both thorough research and strong arguments to challenge some of the most widely held beliefs of Western civilisation in the twentieth century. Now in the days when it seems that some form of child abuse is being discussed almost every night on the news we have someone who supports – and defends very persuasively – the theory that children, from birth, are indeed sexual, and that attempts to deny their sexuality are, at best, misguided.” <flyleaf>

[[The Child Lovers: a study of paedophiles in society]]
:Glenn D Wilson and David N Cox. The fruits of a voluntary survey conducted on members of the Paedophile Information Exchange circa 1980, and interviews with selected respondents. The authors used a survey of the male readership of the “Sun” tabloid as their control sample, and the resulting study is as shallow as that would suggest. The data from their survey is scrupulously tabulated, but the self-selecting sample of PIE’s members was too small to have any wider significance. The individual interviews provide a sketch portrait of how a handful of paedophiles viewed their sexuality and the boys that attracted them.

[[Indecent Assault]]
:Autobiographical account by former Peace News editor and environmentalist campaigner Roger Moody of his arrest and abortive prosecution on charges of “indecent assault”.

[[Male Intergenerational Intimacy: Historical, socio-psychological and legal perspectives]]
:1991 anthology by the Journal of Homosexuality (Harrington Park Press) comprising 22 articles and reviews by 19 authors “on topics ranging from the changing iconography of boyhood in European painting to the medicalisation of pederasty in pre-WWII Germany to counselling boy-lovers”. [Source: NAMBLA Bulletin 12/14]

[[Pedophilia: a Factual Report]]
:Dr Frits Bernard : Enclave (Rotterdam), 1985 : ISBN 90-71179-02-8 : English translation of original “Pedofilie”, Aquarius (Bussum), 1975 : Extended German edition “Pädophilie - von der Liebe mit Kindern”, Achenbach (Lollar), 1979, updated again as “Kinderschänder? Pädophilie - von der Liebe mit Kindern”, Foerster (Berlin / Frankfurt), 1982. English edition reprinted in 2002 by Books Reborn : 101pp : Full text available online (including an index of the author’s published articles and public interviews, 1947-85) at http://www.ipce.info/booksreborn/bernard/factual.htm

==Websites==
[[JGAA's internet]]
:Norwegian/English extended homepage/blog launched in 1996 by a 41-year old Bergen software developer who introduces himself: “Some people consider me to be some kind of a rebel, and they might very well be right. I do attack anyone that tries to enforce their views down my throat. I'm not a nice guy. I have very strong opinions, and I have the courage to question the common ‘truth’. I do not accept injustice or public lies. But I'm not a criminal either. I don't steal and I don't do drugs. I am loyal to my friends - but I am very careful with whom I call my friends. It's hard to find people worth trust and respect these days. I can handle shit, trouble and War. I cannot handle treason.” < checked Oct 08 > http://www.jgaa.com/ (N.B. Now offline, archive at http://web.archive.org/web/20080210012857/http://www.jgaa.com/)

NewgonWiki:Uncommon Sense

2009-06-06T03:04:48Z

Innormal: linked ed 2, fixed date discrepancy

'''[[Uncommon Sense]]''' is the quarterly webmagazine published by [[Newgon.com]]. This is our portal for the project - not an encyclopedia article.

The magazine will cover a broad range of topics within our web site's existent area of interest. It will be well-illustrated, easy-reading and written in good humor. Sections and content for the magazine will be an open issue.

The magazine's home is [http://newgon.com/blog our WordPress site] and this on-wiki page. The next issue is developed on [[Uncommon Sense: Working Draft]].

==Back-Issues==

*[[Uncommon Sense Edition 1]] - 16 Feb, 2009.
*[[Uncommon Sense Edition 2]] - 16 May, 2009.

==Get involved in editing==

We invite input from everyone. If you are already known to those who edit, or have other credentials, you may apply as per [[NewgonWiki:Getting involved]].

If you do not wish to have an account on this wiki, you can contribute via [http://newgon.com/blog/?p=1 WordPress].

==Link to our most recent copy==

When the first edition is published, we shall also publish a html banner here, linking to the current edition page.

Uncommon Sense

2009-06-06T03:03:53Z

Innormal: linked ed 2

'''[http://newgon.com/blog/ Uncommon Sense]''' is a Webmagazine published by [[Newgon.com]] and its contributors. It originally started life as a web-log and spin-off of the censored [[blogging]] site [[Game ON!]], but was moved to a quarterly, on-wiki format after the establishment of forums and MediaWiki on the domain.

==Life as a blog==

Uncommon Sense garnered 59 posts and 424 comments during its time as a running web-log.

The most frequent contributors were [[Juan-Gonzalez Llort]], [[Steve Diamond]] and [[Strato]]. A full list can be found on the [http://newgon.com/blog/?page_id=8 site itself].

==Regular features==

*Editorials
*State of the movement
*News Digest
*Letters to the Editor
*On the forums
*This 3 months in anti-pedophilia
*Links and recommended reading

==Issues==

*[[Uncommon Sense Edition 1]] - 16 Feb, 2009.
*[[Uncommon Sense Edition 2]] - 16 May, 2009.

==Internal Links==

*[[NewgonWiki:Uncommon Sense]] - Project portal.
*[[Uncommon Sense: Working Draft]]

[[Category:Official Encyclopedia]][[Category:Cyber Activism]][[Category:Publications & Documents]][[Category:Pubs: Magazines & Newspapers]]

Talk:Uncommon Sense: Working Draft

2009-05-31T22:43:15Z

Innormal:

Forums -

http://boychat.org/messages/1167632.htm

Also note that Boy Zoom has opened: boyzoom.eu (boyzoom.eu/forum/ to skip the flash intro) [[User:Innormal|Innormal]] 22:43, 31 May 2009 (UTC)

Talk:Historical analogies for MAPs and allies

2009-05-31T15:44:51Z

Innormal: New page: =Witch-hunt= *Witches' Sabbat - no evidence of => 'pedophile rings', perhaps *"Uncurability" - there was no cure for witchcraft => sex offender registry; sex offenders have unchanging natu...

Sexting

2009-05-16T06:46:03Z

Innormal: Polishing...

[[Image:Sexting-tips.jpg|thumb|An article from [http://erstarnews.com/content/view/7770/26 Star News] warns of the "dangers of sexting."]]'''"Sexting"''' is a term coined by the media to describe the use of text messaging for sexual purposes - sending nude or suggestive pictures, sexual messages, and so on. It is essentially a technologically updated version of the "I'll show you mine..." game. The trend has worried many; while some continue to be horrified by young people's sexuality, most take issue with the implications of this electronic form of teenage sexuality. The most publicized sexting cases have involved pictures (originally intended for one person) that are circulated among school populations, prompting many to speculate that such pictures (often classified as [[child pornography]]) eventually make their way to the internet.

The internet, of course, is an old friend of those who object to child sexuality. The standard arguments regarding internet content have been applied to sexting: nothing will stay private, everything is permanent, nothing is truly anonymous, and everyone could be a predator.

==Frequency==
[http://www.thenationalcampaign.org/ The National Campaign to Prevent Teen and Unplanned Pregnancy] released a [http://www.thenationalcampaign.org/sextech/PDF/SexTech_PressReleaseFIN.pdf study (pdf)] in December 2008 that concluded about one in five teens have sent or posted a nude or semi-nude picture of themselves on the internet. The study was conducted online by an independent firm; it queried 653 teens aged 13-19.

Some of the more interesting findings of the study are:
*20% of teens (13-19) say they have sent/posted nude or semi-nude pictures
*39% of teens say they have sent/posted sexually suggestive messages
*75% of teens say sending sexually suggestive content "can have serious negative consequences" (this is slightly misleading; see the study for clarification).

==Legal Action==
Legal consequences of sexting remain murky. Phillip Alpert, 18, was convicted for sending child pornography and forced to register as a sex offender after he sent nude photographs of his 16-year-old girlfriend to her friends and family. He has since been kicked out of college, lost many friends, and has had trouble finding a job. [http://edition.cnn.com/2009/CRIME/04/07/sexting.busts/index.html 3]

A Pennsylvania case, however, had a much different outcome. The case involved two photos of three teenage girls (one with bras on, one with exposed breasts). A district attorney attempted to force the girls to participate in a "re-education" program, threatening child pornography charges. With the help of the ACLU, a federal judge ruled that the district attorney could not charge the girls with the production of child pornography.

In May 2009, the Missouri Senate amended an omnibus crime bill, potentially making sexting a class B misdemeanor, though the minor would not have to register as a sex offender. [http://www.stltoday.com/blogzone/political-fix/political-fix/2009/05/sexting-could-become-a-misdemeanor-for-minors/ 4]

==Jesse Logan==
Jessica Logan, an 18-year-old American girl, committed suicide in July 2008, after having images of her nude body circulated at her school. The media - and Jesse's mother, Cynthia Logan - have singled out the photos as the cause of Jesse's suicide, and now uphold Jesse as what can happen from sexting.[http://www.msnbc.msn.com/id/29546030/ 1]

In May 2009, Senators Bob Menendez and Debbie Wasserman-Schultz introduced The Safety Internet Act. The act proposes to provide funding for non-profit organizations concerned with internet safety, in order to allow such organizations to work with schools and integrate internet safety into classroom curricula.[http://politicalticker.blogs.cnn.com/2009/05/13/congress-to-push-for-education-on-sexting/ 2]. Cynthia Logan attended the press conference, and stressed that her daughter's school did not take action.

==External Links==
*[http://www.thenationalcampaign.org/sextech/ Sex and Tech - The National Campaign]
*[http://erstarnews.com/content/view/7770/26 Beware of sexting]
*[http://www.rd.com/living-healthy/parent-alert-teens-and-porn/article125454.html Parent Alert: Teens and Porn]
*[http://www.prospect.org/cs/articles?article=whats_the_matter_with_teen_sexting What's the Matter With Teen Sexting?]
*[http://writ.news.findlaw.com/hilden/20090513.html Why Sexting Should Not Be Prosecuted as "Contributing to the Delinquency of a Minor"]

Sexting

2009-05-16T06:42:54Z

Innormal: New page: [[Image:Sexting-tips.jpg|thumb|An article from [http://erstarnews.com/content/view/7770/26 Star News] warns of the "dangers of sexting."]]'''"Sexting"''' is a term coined by the media to d...

[[Image:Sexting-tips.jpg|thumb|An article from [http://erstarnews.com/content/view/7770/26 Star News] warns of the "dangers of sexting."]]'''"Sexting"''' is a term coined by the media to describe the use of text messaging for sexual purposes - sending nude or suggestive pictures, sexual messages, and so on. It is essentially a technologically updated version of "I'll show you mine...." While some continue to be horrified by young people's sexuality, most take issue with the new, electronic form of teenage sexuality. The most publicized sexting cases have involved pictures (originally intended for one person) that are circulated among school populations, prompting many to speculate that such pictures (often classified as [[child pornography]]) eventually make their way to the internet.

The internet, of course, is an old friend of those who object to child sexuality. The standard arguments regarding internet content have been applied to sexting: nothing will stay private, everything is permanent, nothing is truly anonymous, and everyone could be a predator.

==Frequency==
[http://www.thenationalcampaign.org/ The National Campaign to Prevent Teen and Unplanned Pregnancy] released a [http://www.thenationalcampaign.org/sextech/PDF/SexTech_PressReleaseFIN.pdf study (pdf)] in December 2008 that concluded about one in five teens have sent or posted a nude or semi-nude picture of themselves on the internet. The study was conducted online by an independent firm; it queried 653 teens aged 13-19.

Some of the more interesting findings of the study are:
*20% of teens (13-19) say they have sent/posted nude or semi-nude pictures
*39% of teens say they have sent/posted sexually suggestive messages
*75% of teens say sending sexually suggestive content "can have serious negative consequences" (this is slightly misleading; see the study for clarification)

==Legal Action==
Legal consequences of sexting remain murky. Phillip Alpert, 18, was convicted for sending child pornography and forced to register as a sex offender after he sent nude photographs of his 16-year-old girlfriend to her friends and family. He has since been kicked out of college, lost many friends, and has had trouble finding a job. [http://edition.cnn.com/2009/CRIME/04/07/sexting.busts/index.html 3]

A Pennsylvania case, however, had a much different outcome. The case involved two photos of three teenage girls (one with bras on, one with exposed breasts). A district attorney attempted to force the girls to participate in a "re-education" program, threatening child pornography charges. With the help of the ACLU, a federal judge ruled that the district attorney could not charge the girls with the production of child pornography.

In May 2009, the Missouri Senate amended an omnibus crime bill, potentially making sexting a class B misdemeanor, though the minor would not have to register as a sex offender. [http://www.stltoday.com/blogzone/political-fix/political-fix/2009/05/sexting-could-become-a-misdemeanor-for-minors/ 4]

==Jesse Logan==
Jessica Logan, an 18-year-old American girl, committed suicide in July 2008, after having images of her nude body circulated at her school. The media - and Jesse's mother, Cynthia Logan - have singled out the photos as the cause of Jesse's suicide, and now uphold Jesse as what can happen from sexting.[http://www.msnbc.msn.com/id/29546030/ 1]

In May 2009, Senators Bob Menendez and Debbie Wasserman-Schultz introduced The Safety Internet Act. The act proposes to provide funding for non-profit organizations concerned with internet safety, in order to allow such organizations to work with schools and integrate internet safety into classroom curricula.[http://politicalticker.blogs.cnn.com/2009/05/13/congress-to-push-for-education-on-sexting/ 2]. Cynthia Logan attended the press conference, and stressed that her daughter's school did not take action.

==External Links==
*[http://www.thenationalcampaign.org/sextech/ Sex and Tech - The National Campaign]
*[http://erstarnews.com/content/view/7770/26 Beware of sexting]
*[http://www.rd.com/living-healthy/parent-alert-teens-and-porn/article125454.html Parent Alert: Teens and Porn]
*[http://www.prospect.org/cs/articles?article=whats_the_matter_with_teen_sexting What's the Matter With Teen Sexting?]
*[http://writ.news.findlaw.com/hilden/20090513.html Why Sexting Should Not Be Prosecuted as "Contributing to the Delinquency of a Minor"]

File:Sexting-tips.jpg

2009-05-16T06:40:48Z

Innormal: For 'Sexting'. From: http://erstarnews.com/content/view/7770/26

For 'Sexting'. From: http://erstarnews.com/content/view/7770/26

File:Bettyboop.jpg

2009-05-15T04:58:16Z

Innormal: For Uncommon Sense (issue 2). From: http://commons.wikimedia.org/wiki/File:Bettyboop-poorcinderella1934.jpg (public domain)

For Uncommon Sense (issue 2). From: http://commons.wikimedia.org/wiki/File:Bettyboop-poorcinderella1934.jpg (public domain)

Newgon Promotional Material (Archive)

File:SlaveryBusseatsFlyer.png

2008-10-18T21:46:59Z

Innormal:

File:SlaveryBusFlyer.png

2008-10-18T21:46:20Z

Innormal: