Merge branch 'abcdd-master-patch-50700' into 'master'

Update guide_german.md, guide_english.md files

See merge request !1

guide_english.md

 An Activist's Guide to Information Security
 ===========================================
-This guide aims to be a concise overview on information security for anyone in emancipatory struggles against structures of power.
+This guide aims to be a short overview on information security for anyone in emancipatory struggles against structures of power.
+
 It represents assembled knowledge and best practices from personal experience, conversations with hackers and fellow activists, hacker conferences, and university courses on computer security and cryptography.
+
 Nonetheless, the best security is sharing skills with trusted people.
 
 If you have any corrections, questions or additions, please contact us.
+
 Our perspective is mostly from western countries, we especially welcome additions about repression and tactics in other places of the world.
 
 Introduction
 ============
-Technological progress has made it next to impossible to defend against a sufficiently powerful attacker (a [scary example](https://www.cs.tau.ac.il/~tromer/mobilesc/)).
-Fortunately, most of us don't have the NSA hard on our heals, and local authorities are usually limited in their possibilities (e.g. this [article](https://electrospaces.blogspot.de/2017/06/dutch-russian-cyber-crime-case-reveals.html) about police cooperation).
+Technological progress has made it extremely hard to defend against a sufficiently powerful attacker (a [scary example](https://www.cs.tau.ac.il/~tromer/mobilesc/)).
+
+Fortunately, most of us don't have the multicountry operations hard on our heals, and local authorities are usually limited in their possibilities (e.g. this [article](https://electrospaces.blogspot.de/2017/06/dutch-russian-cyber-crime-case-reveals.html) about police cooperation).
+
 The trick is to be sufficiently careful while staying functional.
 
 This guide tries to point out the possibilities and their trade-offs.
-Is split into the following sections:
+
+It is split into the following sections:
 
 - **Security Culture** introduces the social side of things.
 - **Physical Security** describes securing physical access to information.
@@ -24,32 +30,38 @@ Is split into the following sections:
 
 Security Culture
 ================
-- **The need to know principle**: share information only with those who need it.
+- **The need to know principle**: share sensitive information only with those who need it. Make sure that the others also understand this rule.
 - Establish a culture where people realize when not to ask curious questions and don't take offense when information is not shared with them.
 - It is not necessary to know who is in which group and participated in which action - don't brag about it and stop others if they do. You can't accidentally reveal something you don't know.
-- Do not keep unnecessary information (e.g. meeting minutes) and keep your house clean of incriminating material. Also, do not make pictures on actions, not even pixelated ones, they may incriminate people anyway ([source](https://www.wired.com/2016/09/machine-learning-can-identify-pixelated-faces-researchers-show/)).
-- Do not connect pseudonyms with their public information (e.g., if possible, do not store people's activist email addresses with their name or group).
-- Don't let paranoia paralyze you: try to keep a realistic assessment of the threat model and don't suspect people to be snitches just because they don't conform to subcultural norms.
+- Do not keep unnecessary information (e.g. meeting minutes) and keep your house clean of incriminating material. Also, do not make pictures on actions if that's not your task, not even pixelated ones, they may incriminate people anyway ([source](https://www.wired.com/2016/09/machine-learning-can-identify-pixelated-faces-researchers-show/)).
+- Do not connect pseudonyms with their public information (e.g., if possible, do not store people's activist email addresses with their name or group, phone numbers with nicknames on your phone or piece of paper).
+- Be example to others - sometimes it is hard to follow the complicated rules of established security culture. However if you agreed upon them, than you have to follow them. Follow the agreements and ask questions if something is unclear.
+- Everybody makes mistakes. The worst situation would be not to learn from them. So don't be afraid to acknowledge those and be open to criticism from your fellow activists.
+- Always take in consideration your threat model: if you are trying to organize in open there are different rules applied to your security culture, than when you are running tight affinity group that can work outside of the law frame.
 
 Physical Security
 =================
 While few of our homes can successfully resist a police raid, measures can be taken to fend off fascist thugs or rogue state agents.
 
 **Obscurity**: It can be useful to live at a place not registered as your official address, and without obvious subcultural symbols on the outside.
-Still, be prepared for sufficiently motivated forces of darkness to find and attack your home.
+
+Still, be prepared for sufficiently motivated forces of evil to find and attack your home.
 
 **Passive defense**: Protecting a home from the evils on the outside necessarily means forming an in-group.
+
 A reasonable front door and handpicked distribution of keys go a long way.
+
 Barred ground level and basement windows and anti-splinter films on the glass offer additional reinforcement.
 
-**Active defense**: An alarm horn and a lighting system on the outside may mainly help against physical attacks, but they can also buy valuable time in case of a police raid.
+**Active defense**: An alarm horn and a lighting system on the outside may mainly help against physical attacks, but they can also buy valuable time in case of a police raid and notify neighbors about the police presence.
 
 **Process**: Have a short guide on dealing with police raids and your lawyers' (mobile) numbers on the inside of the front door and next to the landline phone, if you still have one.
 
 In some jurisdictions, having people's private rooms marked with their name may help to argue against a search when it is only against specific residents.
+
 However, it obviously also reveals the inhabitants' names to visitors and does only point out the existing legal situation to police who often ignore it anyway.
 
-Be aware that the police and state agencies may be allowed to legally stop and search you outside your home, and that you may even be detained for refusing to hand over passwords to your devices in some jurisdictions ([source](https://theintercept.com/2017/09/23/police-schedule-7-uk-rabbani-gchq-passwords/)).
+Be aware that the police and state agencies may be allowed to legally stop and search you outside your home, and that you may even be detained for refusing to hand over passwords to your devices in some some countries ([source](https://theintercept.com/2017/09/23/police-schedule-7-uk-rabbani-gchq-passwords/)).
 
 Traditional Communication
 =========================
@@ -58,27 +70,34 @@ With a reasonably safe home, let's relax and see what our comrades were up to, s
 Face to Face Communication
 --------------------------
 Modern technology enables the surveillance of the spoken word from far away and even microphone-unfriendly places such as swimming pools and concert halls can theoretically be surveyed with modern noise-cancelling technology.
-However, taking a walk is still a fairly secure way of communication, when it is reasonably unlikely that hidden microphones are placed in clothes and accessories (that means no mobile phones, too!).
+
+However, taking a walk is still a fairly secure way of communication, when it is reasonably unlikely that hidden microphones are placed in clothes and accessories (that means no mobile phones, too!) - there were some cases of police putting microphones into rucksack or clothes in some european countries
+
 If more security is needed, one can resort to writing on paper in a sight-protected place (e.g. under a blanket).
 
 Closed rooms can be monitored even more easily, thus sensitive meetings in established autonomous centers, alternative house projects, lefty bars and the like are strongly discouraged!
-Speaking of face to face, modern technology can even "unmask" masked protesters ([illustration](https://twitter.com/zeynep/status/904683388354867201), [paper](https://arxiv.org/abs/1708.09317)), and video surveillance of common meeting places is another reason to avoid them for sensitive meetings.
+Video surveillance of common meeting places is another reason to avoid them for sensitive assemblies.
 
 Letters
 -------
 Hopefully you already figured that relying on the confidentiality of snail mail is a gamble at best (e.g. a [German article](http://www.tagesspiegel.de/politik/anfrage-der-linkspartei-1500-post-mitarbeiter-helfen-bei-ueberwachung-von-verdaechtigen/20337660.html) about mail surveillance).
-Code words are a last refuge for the imprisoned and desperate, but history has shown that relying on a secret method (e.g. swapping letters) alone to hide information is easily broken.
+
+Code words are a last refuge for the imprisoned and desperate, but history has shown that relying on a secret method (e.g. swapping letters or using other technics) alone to hide information is easily broken.
 
 (Mobile) Phones
 ---------------
 Most importantly, all information (calls, texts, mobile Internet) exchanged via the (mobile) phone network should be considered captured by state agencies and potentially other enemies.
+
 They use ETSI wiretapping interfaces mandatory in all mobile network equipment sold in the EU (and thus available everywhere) ([source](https://en.wikipedia.org/wiki/Lawful_interception)), but on top of that, other motivated actors can capture data in a local mobile radio cell with a few hundred Euros worth of equipment ([source](https://ferrancasanovas.wordpress.com/cracking-and-sniffing-gsm-with-rtl-sdr-concept/)).
 
 ### Mobile phones themselves are identifiable!
 The second most important thing to know about mobile phones is that they have a unique IMEI number, that identifies it in the mobile network.
+
 Your phone's IMEI is registered in the operator network together with SIM card.
+
 **That means when you put a new SIM card into your old phone, it can be easily linked to your old SIM card.**
-So for a safe phone, both SIM card and phone need to be acquired and used in a way that does not link them to any other information, i.e. by buying phones with cash and getting pre-registered SIM cards or registering them anonymously providing fake information (where at all possible), for example via TOR (see below).
+So for a safe phone, both SIM card and phone need to be acquired and used in a way that does not link them to any other information, i.e. by buying phones with cash and getting pre-registered SIM cards or registering them anonymously providing fake information (where at all possible), for example via TOR (see below). In EU you might consider getting SIM cards from countries that don't have mandatory SIM registration.
+
 Besides law enforcement, even private corporations may be able to obtain the data your mobile number was registered with ([source](https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024)).
 
 ### Location Tracking
@@ -87,6 +106,7 @@ This information is routinely stored by mobile carriers and therefore available
 For users of centralized location services (like Google Maps), the police may be able to obtain extremely accurate long time location profiles from the provider ([source](https://www.cnet.com/how-to/how-to-delete-and-disable-your-google-location-history/)).
 
 With targeted surveillance, triangulation and querying data from the phone can locate it down to 50m ([source](https://en.wikipedia.org/wiki/U-TDOA)), or even 5m with a GPS-equipped phone ([source](https://de.wikipedia.org/wiki/GSM-Ortung#cite_note-3GPP43059-3)).
+
 To get a more time-accurate location profile, state agencies may use so-called stealth pings / silent SMS to make a mobile phone contact its base station more often ([source](https://en.wikipedia.org/wiki/Short_Message_Service#Silent_SMS)).
 
 As a last resort, police can use so-called *IMSI-catchers* which pretend to be the strongest network cell available, and then record what phones book into them, potentially even recording calls and text messages ([source](https://en.wikipedia.org/wiki/IMSI-catcher), [some real-world examples](https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies)).
@@ -99,7 +119,9 @@ Much controversy exists whether it is possible to tap mobile microphones even wh
 We *guess* that that this is at maximum used against high profile targets, because if any hicksville cop shop was able to use that, the evidence of it would be better known by now.
 
 Open source mobile operating systems offer no protection against those attacks, because there is usually a direct connection from the microphone to the (always closed source, as to comply with regulations) baseband firmware and it can not reliably be powered off.
+
 To make matters worse, mobile phones without SIM card might still pre-register to the strongest network (for emergency services), and there is no way to check if "offline / airplane mode" is actually what it promises to be.
+
 On smartphones, malicious apps provide additional surveillance (see *Smartphones* below).
 
 To err on the side of caution, it is advisable to leave your phone at home when visiting a sensitive meeting, or at least take out your phone's battery a good couple of km from the meeting point, because the attendants, (cell tower) location, time and duration of a sensitive meeting can easily be spotted by 30 people switching off their phones simultaneously.