Public key encryption works like this: you have two keys– a public key and a private key. Your public key is just that; it’s something you share with the public. Think of it as more of a padlock though. When someone wants to send you an email, they lock it with this padlock. No one along the way can see what’s inside the email (not even your email provider). When you want to read the email you use your private key just like you would use a literal key to unlock, or rather decrypt, the message. Your private key is a carefully guarded string of numbers on your computer protected by a password. Enigmail makes this system easier by doing the work for you. It generates a set of keys for you, and it stores the private one. To decrypt messages, simply enter your password. Adding other people’s public keys is a bit more complicated. You can either have them emailed to you as an ASC file or given to you in person via USB thumb drive, or you can copy them off of the Internet if they’re posted publicly. A tutorial is available online at.
That’s all a bit complicated, isn’t it? Wouldn’t it be nice if there were a way to automate all of this completely? Thankfully, there is. I’m sure you’ve at least heard of Bitcoin before, but did you know there is a similar system for messaging? My favorite electronic communication medium is Bitmessage. It’s incredibly simple to use. There’s also an excellent tutorial. Consider this the preferred way for your group to communicate electronically.
Another option that somewhat automates encryption is MailPile. MailPile was coded by a group of Icelandic cryptographers and is a mid-step between hosting your own email and just using an email client. If you have a Raspberry Pi (or are willing to buy one for $35) that you can always leave on, this is a worthy consideration. Again, because of hardware constraints, I haven’t been able to test it out, but I corresponded extensively with the team. MailPile is like Thunderbird, only it can be accessed from other computers by providing a personal webmail. This webmail comes from a device you host, so it requires a computer (Raspberry Pi is a great option) that always has power and is always on in order to be used remotely. This option is extraordinarily convenient for when you’re away from your home computer but still want or need to encrypt your email.
Firefox is great on its own, but there are ways to make it more secure. This is accomplished via add-on software, which is written by people other than Firefox, that adds functionality to the browser. First on the list is Abine’s Blur (formerly DoNotTrackMe). This add-on has many features if you pay for them, but the free ones are awesome, too. The one I use the most is the email masking, where Blur adds an email on forms. This email will forward to your email, and you can turn it off if the company spams you. Abine also has an app for this. Blur will also generate passwords for you, but I haven’t ever used this. I prefer to come up with my own passwords. They’re easier to remember that way, plus a third party doesn’t know them. (Here is a hint on passwords. An easy way to come up with strong passwords is with gun terms; for example, Win.300m@g.) If you’re willing to pay for it, Blur will also mask credit card and phone numbers. Since I haven’t had need of this yet, I haven’t tried either of these services.
Another add-on is Hide My Ass Proxy. This add-on will proxy your Internet traffic through an off shore server, thereby hiding your location and identity. It’s like a lighter, weaker version of TOR. Ad Blocker Plus is another one I use, simply because it blocks most annoying pop-up ads, almost all of which are malware.
Lightbeam is another extremely helpful add-on. It monitors what external sites the websites you visit, connect to, and share your information with. It’s quite eye opening and can be used to convince others about the need to improve privacy online.
HTTPS Everywhere is an add-on that forces websites to use encrypted connections when available. For Thunderbird, there is TorBirdy, which routes your email traffic through TOR. This would be great, but every time I’ve tried it, it has made Thunderbird stop working. I currently have the add-on but keep it disabled.
Now I’d like to offer some general tips to help maintain your online privacy and security. All the software in the world won’t make up for any security mistakes you make. As former FBI most wanted hacker Kevin Mitnik says, “Humans are the weakest link in any security system.” First, use common sense when you fill out forms. Ask yourself, “Does this person/organization really need this information?” If the answer is no, don’t give it to them. Don’t reveal your address, real name, or certainly your birthday (I can’t think of very many legitimate reasons anyone needs this). If you need to supply an email address, hop over to www.getairmail.com or a similar service and use a temporary email (or Blur). I’ve used this method to download nearly fifty different survival books in PDF format without giving away my email address. If you create a social media profile (though I recommend you don’t), use a pseudonym. This will prevent future employers from simply Googling you and perhaps discriminating against you for your political or religious beliefs. It can also afford you a bit of plausible deniability, if your employer or anyone criticizes you for something you posted. Additionally, now you can’t be friended or followed by people you may not want to be associate with online. Don’t click on suspicious ads. Before you go to a URL, make sure you typed it in correctly. For YouTube especially, there are several malware sites that use URLs like yuotube.com and youtbue.com. Log out of your accounts every time you close your browser, and don’t leave your browser up all night. Put your computer in airplane mode when you don’t need the Internet. Use long passwords (sixteen characters minimum) that include letters, numbers, capitals, and symbols. If you can, also include punctuation. For passwords that protect banking information or anything else particularly valuable, don’t use combinations based on anything in the dictionary. In this case, even something like tH^s-iSS&meye, stRONG@paSS%ord aren’t good enough. A really strong password resembles a Bitcoin address with symbols: lfmT6!77djLw84$(dkYY6v#14StiLmOp. Clear your cookies and cache frequently. Always update everything on your computer. Even though it may not say so, most updates include security fixes. A common tactic among hackers is to find computers that are running un-updated software and use well-known attacks without having to do any work. When you see that bubble announcing an update, click it and update immediately!
For mobile security, realize that you give up a lot of privacy when you buy a mobile phone. The best thing to do is to buy a pay-as-you-go phone and never store any contacts on it. Don’t attach it to your email, and preferably get one that you can easily remove the battery from. Try to get one that flips and only has a number pad. Not only will this remove the temptation to check your email or surf the web, you’re less likely to get robbed for your phone. Note that any anonymity that you have is ruined the moment someone else stores your name and number as a contact in their phone. Good luck trying to convince people not to put you in their contacts.
After a cheap pay-as-you-go phone, my next recommendation is at the opposite end of the spectrum. Blackphone is designed specifically to foil the NSA and is produced by Silent Circle– a service that voluntarily shut down their email service rather than reveal their customers’ information to the NSA. They are also now part of the Darkmail team. Communication between Blackphone users is encrypted, including calls and texts. They also have features that let the users know if their communication is being monitored.
As far as run of the mill smartphones go, Android (being open source) is better than iOS. Yes, Android is owned by Google, but it was open source before that and can still be turned into a rather secure mobile OS. I have never owned an Android phone though, so I can’t offer specific tips. There are many tip available at the following this website.
iOS is strictly the property of Apple and thus extraordinarily vulnerable to government surveillance. There is a little bit you can do. Get the DoNotTrack app and the ChatSecure App. While you’re at it, get 2nd Vote– an app that grades companies by their political stances. While not security related, they allow you to make informed purchases. Use OperaMini instead of Safari. It is owned by a Norwegian software company and will also save you money by using less bandwidth. Be sure to turn off ad tracking: Settings > General > About > Advertising. Reset your advertising identifier while you’re at it. If you must stick with Windows, I have some advice. First, Windows 7 is preferable to Windows 8 for a variety of reasons. Security is better on Windows 7, and the user interface of Windows 8 just stinks. Also, the Electronic Frontier Foundation (a group that works to improve digital security and privacy) and Amnesty International teamed up to design software to scan Windows computers for malware known to be used by government surveillance organizations (and hackers, as well). I highly recommend Detekt.
As for wifi modems, I prefer to buy from Cisco, since they openly and proactively work to prevent the NSA from compromising their users’ privacy.
A few of my readers may have noticed that I didn’t mention encrypting the entire hard drive. Previously, I would have mentioned this and recommended TrueCrypt, a now defunct open source encryption software. Unfortunately, last year the developers of TrueCrypt released a mysterious letter saying that TrueCrypt could no longer be trusted, and that they would no longer be releasing periodic updates. It is widely believed that the NSA pressured them into quitting. Since it was open source, hopefully someone will take up the baton, but this has not yet happened to my knowledge. I have not been able to find and review an appropriate open source alternative.
I would like to again repeat that even after implementing all or some of these steps, you are not immune to the NSA. If they choose to single you out, they will succeed. Never store on a computer any extremely sensitive information that you wouldn’t want the government (or anyone else) to know. Once it’s on a computer, there is a chance, however small, that it can be retrieved, even if you attempt to delete it or destroy your hard drive. Physically write down (or better yet, just memorize) your prepping checklists and plans. Also, remember that everything described in this article is only secure until someone finds a way around it. In Christ and Liberty.