|
Hotbox Magazine Lifestyle Technology Encryption: Lessening the Psychic Impact of Big Brother In Your Day-To-Day Life
RSS Feeds
New Contenthotbox :: blogs
|
| Encryption: Lessening the Psychic Impact of Big Brother In Your Day-To-Day Life |
| Lifestyle - Technology |
| Written by Ændrew Rininsland |
| Sunday, 21 June 2009 18:32 |
|
It constantly astounds me how many people in the cannabis community have never even heard of encryption software yet remain constantly paranoid about the government spying on their communication.
Here’s how it is: the government has an enormous amount of data surveillance technology at their disposal, and a willingness to use it. People like activists are especially good targets for th This is where encryption software comes in. Modern encryption software uses an advanced mathematical algorithm to make data unreadable unless decrypted with an appropriate “key.” One of the most widely-used standards for online data encryption is called OpenPGP, which allows users to generate two keys: one for data encryption and one for decryption. Users give their public key (Which is really just a long string of meaningless text) to people they want to correspond with. Those people in turn generate their own public keys and exchange them. Then, when somebody wants to send an encrypted message, they encrypt the data with that person’s public key. The data is now unreadable until decrypted with the private key corresponding to the public key it was encrypted with. This prevents certain kinds of attacks because only the recipient needs to know a password to decrypt the data — if a trusted user later turns out not to be, they have neither your password nor your private key and can’t use your public key to decrypt anything sent to you. This article details how to install and use Enigmail for Thunderbird, a popular multi-platform open-source e-mail client produced by the Mozilla Foundation, the same people responsible for the Firefox web-browser. For the sake of simplicity I’ll only detail how to install and use Enigmail; however, Apple Mail users can check out GPGMail while Windows users with Microsoft Outlook can take a look at ByteFusion’s plugin as the steps are fairly similar. But first: a word about passwords. Passwords are important to keep safe and make very difficult to break. They are your last defense in an attack and thus should not be easy to guess with dictionary or brute-force methods. Adding a single extra character makes a password exponentially harder to break, as does using upper and lowercase letters, symbols and words not found in dictionaries. Of course, it should be memorable because your data’s screwed if you forget it; however, try for at least seven characters minimum. Try taking a memorable song lyric (That you don’t have a tendency to hum or sing on occasion!), replacing spaces with a symbol like an exclamation mark or an asterisks and capitalizing the last letter of every word. To use an example from Cypress Hill, “takE!a!hiT!froM!thE!bonG!420” is a very, very secure password and quite memorable. That said, it might be a bit long if you have to enter it 50 times a day. Regardless, entrusting your system security to something like “PassworD” is a bad idea. Your computer must first be secure for any encryption solution to be effective against prolonged attack. All security solutions are only as secure as their weakest element. OpenPGP may be one of the most effective encryption solutions on the market, however, if you use a weak password and have an insecure network or computer, your private key may become compromised and then it doesn’t make any difference how advanced the actual encryption algorithm was. The first step is to install GnuPG, which is the low-level OpenPGP software Enigmail uses to do its work. Windows users: download the file at ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe and install it. Mac OS X users should go to the MacGPG project and download the appropriate GNU Privacy Guard package for their version of OS X. Next, assuming you have Thunderbird already installed (If not, download and install it from getthunderbird.com), download the Enigmail package from enigmail.mozdev.org and save it somewhere easy to find. Then, in Thunderbird, go to Tools, Add-Ons, and click the “Install...” button. Locate the Enigmail package and click Open. Wait 5 seconds and click the Install button. Click the “Restart Thunderbird” button and wait while Thunderbird reopens. Once it has, click the new OpenPGP entry in the file menu bar and click Key Management. Go through the wizard and generate a new key pair. Once done, you’ll have your public and private key listed as your first entry in the Key Manager. Right-click the new entry and then select “Send Public Keys by Email.” This will open a new email entry with your public key attached to the message. You can then send it to anybody who also uses Enigmail. Import your contacts’ public keys once received by using the File, Import Keys from File or the Edit, Import Keys from Clipboard commands. You are now ready to send and receive encrypted email! When composing a new message, you can select to sign messages, encrypt them, or both. Click the OpenPGP button and select “Sign Message” to allow users who have accepted your public key to verify a particular message is coming from you. To encrypt data, select “Encrypt Message” and write your email as normal. Enigmail will use your recipient’s public key to encrypt your message when sending, or ask you for their public key if one hasn’t been used for the recipient’s email address. Then, when you receive an email encrypted with your key, it will ask you for your password and will then decrypt the message automatically. The above steps will take you quite far in preventing Big Brother from intercepting your email communication. Note, however, this does not extend to cellphone calls, SMS messages, forum messages, Facebook chat or Instant Messaging (Though many IM programs now have add-ons for OpenPGP-style encryption that you can use your existing keys for). Similar solutions also exist for mobile technology such as the Blackberry and iPhone platforms and encryption should especially be used when communicating with wireless devices. And, as has been already mentioned, your communication, whether encrypted or not, may be vulnerable if your computer or network is compromised, so enacting good security policies throughout is extremely important. Clearly, the entire field of information security cannot be summarized in a single article; however, if the cannabis community begins taking these basic first steps, we can prevent the government from encroaching into our lives more than it already has.
Ændrew's public key is available at aendrew.com/pgp/ or on his Hotbox Magazine profile.  
|
| Last Updated on Tuesday, 23 June 2009 22:38 |
is technology. People who consume or purchase drugs are also very good targets for this. It doesn’t take much to realize how dangerous people like activist leaders dealing with a particular drug culture can unintentionally be if vulnerable to this type of attack. Further, as privacy has become less of a concern than security in North America in recent years, the legal ability of the government to pry into an unsuspecting data flow has increased. For instance, increased government surveillance powers enable authorities in the U.S. to employ a technology called Carnivore at the ISP level to monitor the totality of a target’s online activities. How are citizens — and especially dissenting voices — supposed to cope with this invasion by government into their personal lives?
You need to login or register to post comments.
