Gibberfish, Inc./Gibberfish User Documentation

Thank you for signing up for Gibberfish, Inc! We have set up a private server for you and assigned it the web address:

Before you can start using it, you must log in to the management portal on your server and enter a passphrase which will be used to encrypt your data. Choosing a strong encryption passphrase is essential. The stronger your passphrase is, the harder it is for an attacker to access your files. We recommend using the Diceware method to generate a passphrase at least six words long.

Once you have selected a passphrase, please save it to a secure password manager, such as KeePass, and make a backup copy. If your server is rebooted, it will be necessary to log in and re-enter your passphrase to unlock your files. If you lose your passphrase, you will lose access to your data. We cannot reset or recover it for you. Please take a moment to create a suitable passphrase before proceeding.

    1. For your privacy, the management portal is only accessible through the Tor anonymity network. In order to access Tor you will need to install the Tor Browser, which is a specially modified version of Firefox. It can be downloaded at 

    2. Open the Tor browser and type the following into the address bar:

You may have noticed that this url does not use HTTPS, which is the standard for secure web browsing. This is because Tor already protects your traffic with multiple layers of encryption, making HTTPS unneccessary.

    3. Log in to the management portal:

username: portal_admin 
password: correct horse battery staple

    4. On the next screen, type in the encryption passphrase you have chosen to protect your data. Please review it for accuracy before hitting ‘Enter’. This will initiate the process of encrypting and installing your new cloud. Once complete, it will display the username and password you can use to access your cloud at the address listed at the top of this letter. You may continue to use the Tor browser from this point, or switch to a normal browser. Please change your password once you have logged in.

If you run into any trouble, please contact us at info@gibberfish.org.

GIBBERFISH QUICKSTART

Welcome to Gibberfish! Our focus is on your privacy and security, but we need you to be an equal participant. Below are a couple of suggestions to get you started.

Never use a passphrase for your Gibberfish login that you use anywhere else. 

Always generate a unique passphrase for any service, account or device. 

Using this method ensures you only need to remember one  passphrase: the one to unlock your key vault. 

By ‘robust’ we mean procedures that have been established or vetted by trusted security experts. These include, but are not limited to, the Electronic Frontier Foundation (EFF), the Guardian Project and Tor project.

We use ‘consistent’ to emphasize that the intermittent use of any security practice is as bad as not using one at all. Once you develop a threat model and a strategy to defeat it, you must apply that strategy every time you engage in private activities. 

Every user must understand your group’s Threat Model and consistently use the same security practices.

For more information on Threat Models, please refer to this excellent primer produced by the EFF.

When you first log in, your chat roster on the right side of the screen will be empty. From the menu at the bottom you can Add Contact. Just start typing and it will automatically search for existing users on the server, or you can type in the XMPP address of external users.