As a follow-up to Get Ready (part 1, part 2), I want to make sure you have some basic digital hygiene steps to follow for your data at home, not just what you send out over the ‘Net and into the world.
If there’s a theme to all of this, you’ve probably noticed by now that it’s, “Encrypt, Encrypt, Encrypt!”. Your phones, your tablets and your computers’ hard disks should all be encrypted. This might add a spot of inconvenience: you’ll have to enter a passphrase to boot your computer, you’ll have to switch to a reasonably strong PIN or password to unlock your phone. Well, make like a Nike customer, and Just Do It. I hope you never have to find out how important it is. What’s that? You say you have nothing on your phone or laptop worth hiding?
If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
So let’s not hear any more of that, okay?
Also, get a password manager so that you can have decent passwords. Whatever goofy workarounds you may have seen recommended in the past by some guy, there’s really no substitute for a good strong 20+ character string of truly random characters. The convenience/inconvenience factor here should be a net positive, because good password managers do the login action for you. Check out and start using one today! LastPass1Password or KeePass. I don’t care. insert Nike slogan here
We can do this. My offer stands – contact me via “private” message on Google+ and I will help you any way I can, no questions asked.
Yesterday, I started giving you some suggestions for how to encrypt your Internet communications, in order to give cover to people who may be at risk from the impending reign of the Pumpkin.
The first thing I want to address is email. When it comes to sending any sensitive communications via email, my only real recommendation is: DON’T. Email was not designed to be secure and email security will probably never be anything more than a bolt-on. That said, if you’re going to bolt something on, consider (in the order I prefer them): Enigmail, GnuPG and PGP. None of these is easy to implement. But all of them will secure email communications well if correctly installed and used at every endpoint, for every email.
Now, “if correctly installed and used at every endpoint, for every email” probably sounds like a trivial disclaimer, but consider this: if there is only a 0.1% chance that someone will mess up, and there are 100 people who each send 50 emails…. then the chances of your emails being exposed sit at 99.3%. And that’s rounded down.
So how to communicate? Text messaging. But don’t just pick up your phone and start Swyping: first get Signal from Open Whisper. Some guy named Ed Snowden has let it be known that this is his messaging platform of choice. Talk about skin in the game! Signal handles secure texting and voice calling, and it is free. It runs on iOS and Android. Again, every party to the communication has to have it, but the good news here is, once you have it running and you’re using it, there’s nothing left to screw up.
There’s also nothing for the manufacturer, whose servers help you make connections, to tell the government about you when the subpoenas arrive. Signal is one of the elite set of communications platforms whose operation is Zero-Knowledge. To over-simplify, this means that they know nothing about you and they do not ever handle the keys that can decrypt your messages. Therefore, when the government asks (and they did!), they get nothing (which they did!). And speaking of zero-knowledge, SpiderOak is your choice for file-sharing.
Finally – a word about social media. If you know me by now you will not be surprised to learn that my word about social media is, NO. There is exactly zero privacy on social media. Closed groups are open. Private messages are public. There may be messages you would place on a bulletin board in Times Square: those belong on Facebook and Twitter. Everything else, keep it inside solid messaging applications as discussed here.
Anyone seeking help with this can contact me via “private” message on Google Plus (yes, I use bulletin boards in Times Square, too). My profile link is on this page. I will respond to you personally and help any way I can, and I will presume that all your interest is in encrypting thousands and thousands of grocery lists.
The legendary spiteful streak of President-Elect Pumpkin is about to be combined with command over the greatest surveillance apparatus in human history.
Here’s why you should start encrypting everything… abso-frikkin-lutely everything! Even if your plans for the next four years are to keep your head down, stay out of trouble, you can help the people planning massive protests or civil disobedience.
By encrypting all your email, text messaging, and web traffic, you add to the volume of encrypted internet matter that the surveillance apparatus has to crack to figure out what needs its loving attention. Even if your own messages never rise above the “excitement” level of telling your partner to add milk to the grocery list, it’s helpful. Amping up the volume they have to deal with is what gives the people a chance to flip the script on surveillance. The apparatus is huge, but it’s finite.
That’s part of the idea behind HTTPS Everywhere from the Electronic Frontier Foundation. If you use Firefox, Chrome or Opera you can add this extension to your browser. (If you don’t use Firefox, Chrome or Opera, pick one and start!)
In part 2, tomorrow, I will give some recommendations for encrypting your messaging, and safety ideas to practice on social media.