privacy-toolkit/SESSION-NOTES.md

# Privacy Toolkit - Session Notes

## 2025-11-12 - Initial Repository Setup

### 🎯 What We Built

Created a modular privacy toolkit with automated installation scripts for security-focused tools.

### ✅ Completed Tools (5)

1. **Dangerzone** - Document sanitization (Freedom of Press Foundation)
   - Container-based PDF/Office sanitization
   - Includes GPG keyring permission fix
   - Full threat model documentation

2. **croc** - Secure P2P file transfer
   - PAKE-based encryption
   - Simple curl | bash installation

3. **age** - Modern file encryption
   - Simpler than GPG
   - Installed via apt

4. **VeraCrypt** - Full disk encryption
   - Encrypted containers and full disk encryption
   - Launchpad .deb download
   - Version 1.26.7

5. **Cryptomator** - Cloud storage encryption
   - Client-side encryption for cloud files
   - Interactive .deb vs AppImage choice
   - **Includes full verification guide** (GPG + SHA256)

### 📁 Repository Structure

```
privacy-toolkit/
├── README.md                      # Main documentation
├── TOOLS-LIST.md                  # Progress checklist
├── TOOLS-REFERENCE.md             # Detailed tool descriptions
├── SESSION-NOTES.md               # This file
└── tools/
    ├── age/
    │   └── install.sh
    ├── croc/
    │   └── install.sh
    ├── cryptomator/
    │   ├── install.sh
    │   └── VERIFICATION.md        # GPG verification guide
    ├── dangerzone/
    │   ├── install.sh
    │   └── README.md
    └── veracrypt/
        └── install.sh
```

### 🔐 Key Features

- **Modular Design**: Each tool is self-contained
- **Security-First**: GPG verification, checksums, official sources
- **Educational**: Threat models explain WHY you need each tool
- **Consistent**: Same script structure across all tools
- **Practical**: Real-world verification example for Cryptomator

### 🎓 Security Practices Documented

Example verification workflow (Cryptomator):
1. Download .deb + .asc signature
2. Import GPG key
3. Verify fingerprint: `5811 7AFA 1F85 B3EE C154 677D 615D 449F E6E6 A235`
4. Check SHA256 checksum
5. Verify GPG signature
6. Install if all checks pass

### 📊 Status

- **Tools Completed**: 5/30+
- **Priority Tools**: 1/6 (Dangerzone)
- **Documentation**: Comprehensive for completed tools
- **Git**: Not yet initialized (ready to be)

### 🎯 Next Steps

Potential additions:
- mat2 (metadata removal)
- Signal Desktop
- Tor Browser
- BleachBit
- firejail
- OnionShare
- ExifTool

### 💡 Design Decisions

1. **Cryptomator: .deb vs AppImage**
   - Script offers choice
   - Recommendation: .deb for better system integration
   - AppImage for portability

2. **VeraCrypt: Version locking**
   - Hardcoded 1.26.7 for stability
   - Manual update recommended over auto-latest

3. **Dangerzone: GPG keyring fix**
   - Includes chmod 644 fix for /etc/apt/keyrings/
   - Solves permission denied error

### 🔗 Resources

- Official Cryptomator releases: https://github.com/cryptomator/cryptomator/releases
- Dangerzone: https://dangerzone.rocks/
- VeraCrypt: https://veracrypt.fr/
- Age: https://github.com/FiloSottile/age
- Croc: https://github.com/schollz/croc

---

**Created**: 2025-11-12
**Tools**: 5 complete, 25+ planned
**Focus**: Security, privacy, encryption, sanitization

## SimpleX Installation Discovery

**Issue**: SimpleX .deb packages have library compatibility issues across multiple distros.

**Confirmed broken:**
- Debian Trixie: Crashes with `SIGSEGV in libHSzstd`
- Pop!_OS: Required AppImage

**Solution**: Always use AppImage for SimpleX
- Script: `tools/simplex/install-appimage.sh`
- Location: `~/.local/bin/SimpleX.AppImage`
- Works universally across distros

**Lesson**: For complex cross-platform apps with many dependencies, prefer AppImage over distro-specific packages.