privacy-toolkit/SESSION-NOTES.md

Privacy Toolkit - Session Notes

2025-11-12 - Initial Repository Setup

🎯 What We Built

Created a modular privacy toolkit with automated installation scripts for security-focused tools.

✅ Completed Tools (5)

1. Dangerzone - Document sanitization (Freedom of Press Foundation)

   • Container-based PDF/Office sanitization
   • Includes GPG keyring permission fix
   • Full threat model documentation

2. croc - Secure P2P file transfer

   • PAKE-based encryption
   • Simple curl | bash installation

3. age - Modern file encryption

   • Simpler than GPG
   • Installed via apt

4. VeraCrypt - Full disk encryption

   • Encrypted containers and full disk encryption
   • Launchpad .deb download
   • Version 1.26.7

5. Cryptomator - Cloud storage encryption

   • Client-side encryption for cloud files
   • Interactive .deb vs AppImage choice
   • Includes full verification guide (GPG + SHA256)

📁 Repository Structure

privacy-toolkit/
├── README.md                      # Main documentation
├── TOOLS-LIST.md                  # Progress checklist
├── TOOLS-REFERENCE.md             # Detailed tool descriptions
├── SESSION-NOTES.md               # This file
└── tools/
    ├── age/
    │   └── install.sh
    ├── croc/
    │   └── install.sh
    ├── cryptomator/
    │   ├── install.sh
    │   └── VERIFICATION.md        # GPG verification guide
    ├── dangerzone/
    │   ├── install.sh
    │   └── README.md
    └── veracrypt/
        └── install.sh

🔐 Key Features

• Modular Design: Each tool is self-contained
• Security-First: GPG verification, checksums, official sources
• Educational: Threat models explain WHY you need each tool
• Consistent: Same script structure across all tools
• Practical: Real-world verification example for Cryptomator

🎓 Security Practices Documented

Example verification workflow (Cryptomator):

1. Download .deb + .asc signature
2. Import GPG key
3. Verify fingerprint: 5811 7AFA 1F85 B3EE C154 677D 615D 449F E6E6 A235
4. Check SHA256 checksum
5. Verify GPG signature
6. Install if all checks pass

📊 Status

• Tools Completed: 5/30+
• Priority Tools: 1/6 (Dangerzone)
• Documentation: Comprehensive for completed tools
• Git: Not yet initialized (ready to be)

🎯 Next Steps

Potential additions:

• mat2 (metadata removal)
• Signal Desktop
• Tor Browser
• BleachBit
• firejail
• OnionShare
• ExifTool

💡 Design Decisions

1. Cryptomator: .deb vs AppImage

   • Script offers choice
   • Recommendation: .deb for better system integration
   • AppImage for portability

2. VeraCrypt: Version locking

   • Hardcoded 1.26.7 for stability
   • Manual update recommended over auto-latest

3. Dangerzone: GPG keyring fix

   • Includes chmod 644 fix for /etc/apt/keyrings/
   • Solves permission denied error

🔗 Resources

• Official Cryptomator releases: https://github.com/cryptomator/cryptomator/releases
• Dangerzone: https://dangerzone.rocks/
• VeraCrypt: https://veracrypt.fr/
• Age: https://github.com/FiloSottile/age
• Croc: https://github.com/schollz/croc

---

Created: 2025-11-12 Tools: 5 complete, 25+ planned Focus: Security, privacy, encryption, sanitization

SimpleX Installation Discovery

Issue: SimpleX .deb packages have library compatibility issues across multiple distros.

Confirmed broken:

• Debian Trixie: Crashes with SIGSEGV in libHSzstd
• Pop!_OS: Required AppImage

Solution: Always use AppImage for SimpleX

• Script: tools/simplex/install-appimage.sh
• Location: ~/.local/bin/SimpleX.AppImage
• Works universally across distros

Lesson: For complex cross-platform apps with many dependencies, prefer AppImage over distro-specific packages.