The Basics

Contents:
I. Internet Explores & Search Engines
II. Email
III. Social Media & Instant Messaging


Calling this section ‘The Basics’ is from the outset an exercise in failure.

The fact is that the world of online cryptography is anything but basic. For example, the CryptoParty Handbook is itself 327 pages long and even then it’s not a comprehensive record of all programs and methods available.

Due to the changing nature of technology, it is unlikely there will never be a definitive manual for cryptography. With the new technology constantly being developed, for example the sudden spread of the smart phone and portable media, encryption technology must also evolve. Accordingly, as these new encryption tools are released, their counter-forces are already looking for ways to breach their security. It is for this reason that these programs are frequently updated or made defunct. The encryption community is very vocal when a breach is reported and it is essential to keep up with the latest updates in order to protect your anonymity.

With so many programs available, it is also important to note that no one set of programs will suit every individual or all circumstances. It is crucial to find programs that are targeted towards your needs and compliment the ways in which you already use the Internet.

Despite this, below we have attempted to condense and simplify the world of cryptography into three main areas: Internet Explorers & Search Engines, Email and Social Media & Instant Messaging. This article should serve only as a starting point, to guide you on your way as you embark on your journey into the world of online cryptography.

PART I: Internet Explorers & Search Engines

Tor homepage. Source: Screenshot

Tor homepage. Source: Screenshot

Considering Internet explorers are generally the gateway to the web, it seems logical to begin our discussion with Tor. Tor, a free download, is largely undisputed as the front-runner in anonymous browsers. Additionally, it’s a good starting point for beginners due to its usability, with the design and home page mimicking traditional browsers.

tordiagram

The Tor network. Source: A Cryptic World

The differences take place behind the scenes. Tor works to enable online anonymity through creating a global network of volunteer servers (known as nodes) and feeding your activity through a minimum of three of these. This means that, while it may be possible to access your activity as it enters or exits the network, it is not possible to assign that activity to a single location or IP address. This removes the possibility of being identified as the user.

Duck Duck Go homepage. Source: screenshot.

Duck Duck Go homepage. Source: Screenshot

For the average user, Tor is a valuable privacy tool, particularly when coupled with an anonymous search engine. One option, as endorsed by the CryptoParty Handbook, is Duck Duck Go. Duck Duck Go does not track your searches, nor collect your personal information. It is for these reasons, however, that search results may differ from traditional search engines. This is because they cannot offer you results tailored to you specifically, based on your past searches, as they are not collecting your personal data and search history.

PART II: Email

There are two ways we can access our email: through web-based servers (e.g. Gmail or Hotmail) or computer-based programs.

The first step in protecting your emails is to download a computer-based program, such as Mozilla’s Thunderbird. Once again, Thunderbird wins points for usability, making it easy for beginners to make the switch, particularly as it works with your current email address. The program, which is free to download, allows for greater privacy and security over web-based email services and its computer-based competitors.

Thunderbird homepage. Source: Screenshot.

Thunderbird homepage. Source: Screenshot

Essential to email security is the type of connection between you and your email provider’s mail server. Where possible, you should connect with SSL (Secure Socket Layer) and TLS (Transport Layer Security). This can be configured easily through Thunderbird when setting up your account.

Even with a secure connection, however, your privacy is only safe from your computer, to the server. It cannot be guaranteed all the way to the recipient. This is where email encryption comes in. The basic protocol we will discuss is PGP (Pretty Good Privacy), which uses end-to-end encryption. This means it is impenetrable to third party interference during that process.

Screen Shot 2015-10-16 at 3.52.25 pm

The encryption and decryption process. Source: A Cryptic World

This PGP system is based on keys. Each person has two keys: one public and one private. Every time you want to encrypt an email, it is necessary to have these files, so it is recommended that they be stored on a USB – much like a physical key. Your public key is given to people so they can encrypt emails to be sent to you and vice versa – you must have your recipient’s public key to reply via encryption. Your private key is used to decrypt these emails when they arrive.

For PGP to work with Thunderbird, it is necessary to download two programs: GNU Privacy Guard (GPG) and Enigmail. GPG is the software that facilitates PGP, whereas Enigmail is an add-on that allows the software to work within the Thunderbird interface. Enigmail allows you a simple way to create your own set of keys, while also keeping track of your correspondent’s public keys. Of course, this process can inevitably become more complicated. For a more detailed explanation of using keys in day-to-day practice, I direct you to the CryptoParty Handbook.

Part III: Social Media & Instant Messaging

It’s clear that social media has become ingrained in the way we communicate and use the Internet, raising new challenges for cryptography. For example, how many of you turn to Facebook Chat to communicate with friends, family and colleagues? Perhaps it would surprise people to know that Facebook Chat failed five of the seven criteria used by the Electronic Frontier Foundation (EFF) to evaluate the security of instant messaging programs, in their Secure Messaging Scorecard.

Secure Messaging Scorecard. Source: EFF, https://www.eff.org/secure-messaging-scorecard

Secure Messaging Scorecard. Source: EFF

It is also an interesting area due to the nature of social media sites which revolve around creating a ‘profile,’ which is fundamentally at odds with anonymity. Despite this, a number of secure instant messaging programs have been developed, as can be seen in the Secure Messaging Scorecard. Some examples are ChatSecure, which works in conjunction with Google and Facebook, or Pidgin, which is a secure chat client capable of end-to-end encryption and is available through the iTunes store. Both of these satisfied all of the seven tests posed by the EFF.

Pidgin 'About' page. Source: Screenshot

Pidgin ‘About’ page. Source: Screenshot

For a more detailed review of instant messaging apps, see the In Action section of this website.

Thumbnail Photo Source: Flickr/Peter Hellberg

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s