In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.
Within the software center search for "mumble" and install the client then run it. Skip through the audio setup wizard.
@@ -273,9 +273,9 @@ Click on "add new" to add a new server and enter the default domain name for theInstall F-Droid
@@ -293,7 +293,7 @@ Press the plus button to add a Mumble server.-Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the About screen of the Administrator control panel, your username (which can also be anything) and the VoIP server password which can be found in the README file on the Freedombone. +Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the About screen of the Administrator control panel, your username (which can also be anything) and the mumble password which can be found in the Passwords section of the Administrator control panel.
diff --git a/website/EN/app_tox.html b/website/EN/app_tox.html index 2ba0f0bf..2895b7dc 100644 --- a/website/EN/app_tox.html +++ b/website/EN/app_tox.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- +-Tox is an encrypted peer-to-peer messaging system and so should work without Freedombone. It uses a system of nodes which act as a sort of directory service allowing users to find and connect to each other. The Tox node ID on the Freedombone can be found within the README within your home directory. If you have other users connect to your node then you will be able to continue chatting even when no other nodes are available. +Tox is an encrypted peer-to-peer messaging system and so should work without Freedombone. It uses a system of nodes which act as a sort of directory service allowing users to find and connect to each other. The Tox node ID on the Freedombone can be found within App Settings under tox within the Administrator control panel. If you have other users connect to your node then you will be able to continue chatting even when no other nodes are available.
-Log into your system with:
diff --git a/website/EN/installation.html b/website/EN/installation.html index c8754be1..b1386388 100644 --- a/website/EN/installation.html +++ b/website/EN/installation.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - +You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the freedombone-image command.
@@ -371,9 +371,9 @@ If the image build fails with an error such as "Error reading from server. ReBefore installing Freedombone you will need a few things.
@@ -387,17 +387,17 @@ Before installing Freedombone you will need a few things.There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Jessie onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
@@ -415,9 +415,9 @@ freedombone menuconfigCurrently the following boards are supported:
@@ -495,9 +495,9 @@ Using the password 'freedombone'. Take a note of the new login password and thenQemu is currently supported, since it's s fully free software system. You can run a 64 bit Qemu image with:
@@ -514,44 +514,44 @@ The default login will be username 'fbone' and password 'freedombone'. Take a noDuring the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities
If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.
-If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more Keydrives. +If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more Keydrives.
Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.
-Any manual post-installation setup instructions or passwords can be found in /home/username/README. You should remove any passwords from that file and store them within a password manager such as KeepassX. +Any manual post-installation setup instructions or passwords can be found in /home/username/README.
@@ -667,16 +667,16 @@ On your internet router, typically under firewall settings, open the following p
After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:
This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the Disk Utility application. Then plug it into the Freedombone system, then from your local machine run:
@@ -691,9 +691,9 @@ Select Administrator controls then Backup and Restore then BackThis breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the Disk Utility application. Plug it into the Freedombone system then from your local machine run the following commands:
@@ -713,9 +713,9 @@ Fragments are randomly assigned and so you will need at least three or four keydYou can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.
@@ -732,9 +732,9 @@ freedombone-clientTo administer the system after installation log in via ssh, become the root user and then launch the control panel.
diff --git a/website/EN/usage.html b/website/EN/usage.html index 9fe104e7..30cc694b 100644 --- a/website/EN/usage.html +++ b/website/EN/usage.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - +-After the system has installed a README file will be generated which contains passwords and some brief advice on using the installed systems. You can read this with the following commands: +After the system has installed a README file will be generated which contains any advice on particular apps installed. Ordinarily you won't need to read it though. You can access it with the following commands:
ssh username@domainname -p 2222 -emacs ~/README +editor ~/README
-You should transfer any passwords to a password manager such as KeepassX and then delete them from the README file. To save the file after removing passwords use CTRL-x CTRL-s. -
- --To exit you can either just close the terminal or use CTRL-x CTRL-c followed by the exit command. +To exit if you're using emacs (which is the default editor, but can be changed to vim) you can either just close the terminal or use CTRL-x CTRL-c followed by the exit command.
To improve ssh security you can generate an ssh key pair on your system and then upload the public key to the Freedombone.
@@ -430,9 +426,9 @@ If you wish to only use ssh keys then log in to the Freedombone, become the rootYou can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following:
@@ -474,9 +470,9 @@ Subsequently even if dynamic DNS isn't working you may still be able to administLog into the system with: