Kahomono - It Means Lucky

Random musings on whatever subject strikes my fancy that day.

Get Ready (part 2 of 2)

free-encryptionYesterday, I started giving you some suggestions for how to encrypt your Internet communications, in order to give cover to people who may be at risk from the impending reign of the Pumpkin.

The first thing I want to address is email.  When it comes to sending any sensitive communications via email, my only real recommendation is: DON’T.  Email was not designed to be secure and email security will probably never be anything more than a bolt-on.  That said, if you’re going to bolt something on, consider (in the order I prefer them): Enigmail, GnuPG and PGP.  None of these is easy to implement.  But all of them will secure email communications well if correctly installed and used at every endpoint, for every email.

Now, “if correctly installed and used at every endpoint, for every email” probably sounds like a trivial disclaimer, but consider this: if there is only a 0.1% chance that someone will mess up, and there are 100 people who each send 50 emails…. then the chances of your emails being exposed sit at 99.3%.  And that’s rounded down.

So how to communicate?  Text messaging.  But don’t just pick up your phone and start Swyping: first get Signal from Open Whisper.  Some guy named Ed Snowden has let it be known that this is his messaging platform of choice.  Talk about skin in the game!  Signal handles secure texting and voice calling, and it is free.  It runs on iOS and Android.  Again, every party to the communication has to have it, but the good news here is, once you have it running and you’re using it, there’s nothing left to screw up.

There’s also nothing for the manufacturer, whose servers help you make connections, to tell the government about you when the subpoenas arrive.  Signal is one of the elite set of communications platforms whose operation is Zero-Knowledge.  To over-simplify, this means that they know nothing about you and they do not ever handle the keys that can decrypt your messages.  Therefore, when the government asks (and they did!), they get nothing (which they did!).   And speaking of zero-knowledge, SpiderOak is your choice for file-sharing.

Finally – a word about social media.  If you know me by now you will not be surprised to learn that my word about social media is, NO.  There is exactly zero privacy on social media.  Closed groups are open.  Private messages are public.  There may be messages you would place on a bulletin board in Times Square: those belong on Facebook and Twitter.  Everything else, keep it inside solid messaging applications as discussed here.

Anyone seeking help with this can contact me via “private” message on Google Plus (yes, I use bulletin boards in Times Square, too).  My profile link is on this page.  I will respond to you personally and help any way I can, and I will presume that all your interest is in encrypting thousands and thousands of grocery lists.


Suggested further reading, at the EFF website

https://www.eff.org/deeplinks/2016/11/digital-security-tips-for-protesters

https://ssd.eff.org/en/module/attending-protests-united-states

Previous

Get Ready (part 1 of 2)

Next

Digital Hygiene

4 Comments

  1. Kat

    Would you suggest a VPN and if you would, which one(s)?

    • David Frier

      I would not prioritize that over the other things, especially if you’re using HTTPS Everywhere in strict mode.

  2. Sarah

    These were incredibly helpful, insightful pieces of wisdom to read. Thank you for sharing!

    • David Frier

      Thank you, that’s very kind!

Comments are closed.

Powered by WordPress & Theme by Anders Norén