Encryption & Privacy


I often get into discussion with people regarding privacy and the argument I get most often is that "I don't have anything to hide". Now I will know what to reply.
Without encryption of files, emails, messages etc. it is just a matter of knowledge who can access them. If a file is encrypted, with a sufficient password, opening the file and extracting the contained information within will take longer than it would make worth obtaining it.

Security and password protection should not be an option, but a necessity.

Must Read "Encyption Works:..."

File Encryption



I am using TrueCrypt to encrypt my files, which is an open source software available on Linux, Windows and Mac as well and does a wonderful job. The development of Truecrypt has been abandoned a few months ago due to unknown reasons. Ever since there are those who believe the encryption is compromised and those who are still using it. I am personally still using it and know I.T. departments who use it as well.

An alternative is the use of EncFS on Linux and Bitlocker on Windows 8.1

 

Email Encryption

 

Mailing Client (Mozilla Thunderbird)



Enigmail showing a decrypted message

Even though you normally access your emails through a HTTPS protocol, this doesn't provide full protection. This is only an encryption between your computer and the server you are accessing.

More security is available with end-to-end encryption, such as PGP (Pretty Good Privacy), which effectively allows only the recipient to read the emails, even the servers can't see the body of the message. PGP encryption can be used in a variety of ways, probably the simplest form is through Enigmail  (using GnuPG) and Mozilla Thunderbird mailing client.

Read my blog entry about open-source email encryption:
Email Encryption using Enigmail and GnuPG in Mozilla Thunderbird.

In Browser


Mailvelope integration in webmail UI


If you are not and don't want to use a mailing client (you should, really ) then there is a JavaScript implementation of OpenPGP (OpenPGP.js) brought to the web browsers by Mailvelope and there is also Mymail-crypt for Chrome only. I have no guide for this, but Hak5 did a nice tutorial. However, there was a security vulnerability discovered with both of these browser Plug-ins, namely they store the Private key in plain text in a database. AKA if somebody has access to your computer, s/he can pull your private keys.

Encrypted Chat


Chatting with others over the internet is a basic activity, but often servers store the messages for endless times in their ever-growing databases. I don't think I have to mention any services by name here. If you want to safely chat with others and want to be sure that noone else can read the messages except the person you are talking to, then you need a service cryptocat.

"Cryptocat is a browser-based XMPP client that provides multi-user (and private) instant messaging inside chatrooms. It uses the OTR protocol for encrypted two-party chat and the (upcoming) mpOTR protocol for encrypted multi-party chat."

Cryptocat is available for Firefox, Chrome and Safary alike, of course, all OS.

Other than cryptocat, many IM software like Pidgin or Jitsi allow OTR (Off the Record) plugins/feature that encrypt chat messages.


Encrypted VOIP and Video Chat


The previously mentioned Jitsi is also a good option for encrypted video chats or VOIP communication. It can be used as an alternative to Skype that doesn't allow end-to-end encryption.


Jitsi

SMS Encryption

Phones often contain more personal and private information that computers. Hence it is important to keep our communications encrypted.

I suggest the use of TextSecure for Android users. This software replaces the Google Hangouts SMS app and integrates itself into the OS. It allows the sending of traditional, unencrypted SMS messages to non-TextSecure users. In case a contact also has the app installed on their device, TextSecure does a key exchange and from this point on the messages are encrypted by default.

Furthermore, TextSecure can increase security and privacy by using PUSH messages instead of SMS, which also avoids carrier fees as the messages will go through the internet. Encrypted, of course.

Encrypted Phone Calls


RedPhone is an Android app that allows secure calls between users, going through the internet. Hence you need internet connection (mobile or WiFi) to make calls and it only works among RedPhone users.

1 comment: