-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathget_encrypted.html
More file actions
35 lines (35 loc) · 8.52 KB
/
get_encrypted.html
File metadata and controls
35 lines (35 loc) · 8.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<h1 id="get-encrypted">Get Encrypted</h1>
<p><a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)" title="Wikipedia: PRISM (surveillance program)">We know that our actions online are being monitored online.</a> There are lots of groups that want to know everything that you're doing online, for many reasons. You don't have to allow this behavior, there are tools that can be used to help maintain your <a href="https://ssd.eff.org/en/module/animated-overview-how-strong-encryption-can-help-avoid-online-surveillance" title="EFF: How encryption can help avoid online surveillance">personal privacy</a>. </p>
<p>The downside to managing your privacy is that when you are dealing with another party that party must also make an effort to maintain that privacy. And the technology and the tools are such that both ends must use the same tools. In a effort to make this a little easier I've prepared this document with some details about how to use tools that allow for fully encrypted end-to-end communication by default. </p>
<h2 id="tl-dr">TL;DR</h2>
<ul>
<li>Use <a href="https://protonmail.com" title="Secure your communications with Protonmail">Protonmail</a> for person-to-person email.</li>
<li>Use <a href="https://wire.com" title="Modern, private communications.">Wire</a> or Signal for <a href="https://itunes.apple.com/us/app/signal-private-messenger/id874139669" title="Signal for iOS">iOS</a> and <a href="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&referrer=utm_source%3DOWS%26utm_medium%3DWeb%26utm_campaign%3DNav" title="Signal for Android">Android</a> instead of SMS/gtalk/facebook messenger/etc</li>
<li>Use <a href="https://lastpass.com" title="Lastpass, Simplify your life">Lastpass</a> for passwords and other financial info (such as SSN, bank #, etc)</li>
<li>Use <a href="https://keybase.io" title="Keybase, keys for everyone">Keybase</a> for sharing files</li>
</ul>
<h2 id="email">Email</h2>
<p>Email is notoriously difficult to secure. Honestly, if you want to keep your private communications private you should avoid email entirely, there are just too many fundamental problems with the system for it to ever be truely secure. </p>
<p>However, for the moment anyway, email is a part of daily life. Most entities that you communicate with will NOT support private email communication in any way. What you can get with emails is: private communication between a small number of users, and at-rest encryption (meaning its not sitting around in plain text for someone to "find" and read). </p>
<p>Currently the best mix of features, ease-of-use, and security seems to be a service called <a href="https://protonmail.com" title="Secure your communications with Protonmail">Protonmail</a>. Make no mistake, Protonmail is far from perfect, but falls under the category of "better than gmail" when you take privacy into consideration. The biggest concern (at the time of this writing) is the lack of 2-factor authentication. Until that is done I wouldn't tie your financial accounts to it. </p>
<p>Protonmail supports pgp encryption between users, as long as all of those users are using Protonmail (more robust pgp support is planned). For this reason you will have the greatest level of privacy only sending to other accounts that are also using Protonmail. Basic accounts are free, and paid accounts start at $4/month. </p>
<p>A quick word about "self-destructing" messages: do not trust them. It is trivial to save a copy of a "self-destructing" message. I dislike the practice of offering the service as it is a misleading feature. Once a piece of data leaves your systems you no longer have any control over it. </p>
<h2 id="instant-messaging">Instant Messaging</h2>
<p>Instant messaging tools don't have the hangups of having to deal with the legacy email system, and are therefore free to greatly improve upon the security of the overall system. For that reason a secure messaging tool offers significantly more protection than encrypted email. If you can, you are probably better off using of the of following tools for communication. </p>
<h3 id="signal-protocol">Signal protocol</h3>
<p>The Signal protocol and the associated <a href="https://whispersystems.org" title="Privacy that fits in your pocket">Signal</a> software is developed by Open Whisper Systems, and headed up by Moxie Marlinspike, a well-known and trusted name in security and cryptography. The protocol is so well regarded that it has been adopted by giants such as Facebook and Google to drive the secure portions of their messaging platforms going foward. The Signal protocol supports both text and voice, as well as secure peer-to-peer file transfer. </p>
<p>For the moment Signal Desktop is limited to Android users, and requires a browser plugin. The iOS client is a little underdeveloped (I believe they are searching for a new iOS developer). For this reason I also need other options for day-to-day use.</p>
<p><a href="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&referrer=utm_source%3DOWS%26utm_medium%3DWeb%26utm_campaign%3DNav" title="Signal for Android">Signal for Android</a><br><a href="https://itunes.apple.com/us/app/signal-private-messenger/id874139669" title="Signal for iOS">Signal for iOS</a> </p>
<h3 id="otr">OTR</h3>
<p>Another good option for end-to-end encrypted is the <a href="https://en.wikipedia.org/wiki/Off-the-Record_Messaging" title="Off the Record Message protocol">OTR protocol</a>. The <a href="https://wire.com" title="Modern, private communications.">Wire</a> app uses OTR with an <a href="https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm" title="Axolotl Double Ratchet">axolotl ratchet</a> for key management. <a href="https://crypto.cat" title="Cryptocat">Cryptocat</a> is another good OTR based application.</p>
<p>Wire has a number of nice features, such as a desktop application, voice and video calling, and a useful chat UI.</p>
<p>Cryptocat is a desktop only application, so it has limited usefulness in real world situations.</p>
<h2 id="passwords-and-simple-notes">Passwords and simple notes</h2>
<p>It is very important to place a high amount of security around certain crucial pieces of information, such as passwords, social security numbers, bank account numbers, credit cards, and so on. Information that could be financially devestating if it got loose. Keeping that information encrypted is important, but so is being able to access it or share it in those special cases (such as with a spouse).</p>
<p><a href="https://lastpass.com" title="Lastpass, Simplify your life">Lastpass</a> is a fantasic tool, with a track record for excellence. It uses very high quality encryption methods, and supports many real world use cases, such as sharing access to certain information, and emergency access. It integrates with your browser for easy access form-filling.</p>
<p>I recommend using the "require password reprompt" option for accounts or notes with highly private data in them, this helps prevent someone from sitting down a your computer and getting access to critical data just because you didn't log out.</p>
<p>Lastpass costs $1 a month, and is easly the best $12 a year I spend on technology.</p>
<h2 id="ad-hoc-encryption-file-sharing-and-other-cryptography">Ad-hoc encryption, file sharing, and other cryptography</h2>
<p>PGP (as well as openpgp and gnupg) are great tools for public-key cryptography tasks such as file signing, and ad-hoc encryption. <a href="https://keybase.io" title="Keybase, keys for everyone">Keybase</a> is an attempt to make easy to use tools that allow for simple, and effective ways of using pgp to interact with others. It's built on proven public key cryptography and is in the process of adding some excellent utility. For the moment the most useful tools are those for ad-hoc encryption and file sharing. If you want to send me a file securely, you have two options: use my public key to encrypt the file then send that file through the application of your choice, or use the Keybase File System (KBFS). The KBFS currently gives you 10GB of space to share files, either publicly or privately. I am looking forward to iOS and Android utilities for Keybase. </p>
<p>You can also use Keybase as a way to encrypt backup files for achival purposes, but at the moment it does not excel at this (for example you can't do large numbers of file encryption/decryption easily). </p>
<p>At this time you need an invite for Keybase, but I have lots of invites, so hit me up (if I haven't already proactively sent you one). </p>