Keeping private communications private is an important part of personal security. One of the most common forms of communication in the world today is e-mail. In all but the most remote areas it is usually possible to find an Internet connection and have access to e-mail. If you have access to the Internet you can always set-up a free e-mail account with major service providers such as Yandex https://www.yandex.com/. And even in the most remote regions of the world, if you are a HAM radio operator, it is still possible to establish e-mail contact over HF radio using services such as WinLink https://www.winlink.org/.
So, most people - or at least most people reading this blog on-line - probably already have e-mail, or a social media account such as ВКонтакте (VKontakte) https://vk.com/ that allows you to send and receive private messages. But private messages do not mean secure messages. Anyone who is able to intercept your unencrypted e-mail can read it, and of course your Internet Service Provider, and any mail server that handles your e-mail, could copy and store it for future reference. Fortunately, there is an answer to unsecure e-mail and that answer is encryption.
Pretty Good Privacy or PGP was developed by the American mathematician Phil Zimmermann and released to the public in 1991. Since that time PGP has become an unofficial standard for personal e-mail encryption. Today PGP is implemented in many products as the Open PGP Standard. Although the math behind PGP is complex, using PGP to protect your personal e-mail is quite easy. As a very simplified description of how PGP works: when you set up PGP you create a key-pair, a public key and a secret key. The public key allows messages to be encrypted, but not decrypted. The secret key allows messages encrypted with the public key to be decrypted.
You provided your PGP public key to anyone who might want to send you a secure message. You can even post your public key to your web-page, or upload it to public key servers so that it can be found by others who want to contact you. Of course, you must keep you PGP secret key protected - it is after all "secret". As long as you are the only person with access to your secret key, then you will be the only person capable of decrypting and reading messages encrypted with your public key.
PGP is available for free from many sources. If you use web-mail, and use either the Chrome or Firefox browser you can download an add-on for these browsers called Mailvelope https://www.mailvelope.com/en/ that integrates PGP encryption / decryption into the browsers. If you use the Windows operating system, you can download Open PGP Standard applications such as GPG4WIN https://www.gpg4win.org/ and a portable version called GPG4USB https://www.gpg4usb.org/. All of these PGP implementations and many others like them, that you can find on-line, are cross compatible as long as they use the Open PGP Standard.
There are several tutorials on-line that will teach you how to get PGP / GnuPG up and running on your computer. A few examples of tutorials on YouTube are:
- Setup PGP Encrypted Email for GMAIL, YAHOO and other Web Based Programs
- How to Encrypt Gmail, Outlook, or Yahoo Webmail Using PGP
- Email Encryption for Everyone - Hak5 1410.1
- Hak5 1411.1, Sharing Public Keys
As with any new program that you might choose to install and run on your computer, there can be a small learning curve as you get used to the way the program functions, but with PGP that learning curve is quite small, and there is a lot of help available for those who want to begin using PGP.
Even if you don’t want to use PGP to encrypt all of your e-mail (but you really should), having the ability to encrypt e-mail is important. As with any other type of preparedness it is important to obtain the proper tools (i.e. PGP) and to practice (i.e. send and receive encrypted e-mail) to develop and maintain your skills.
The best practice is to use encryption for all of your messages, not just when you’re doing something you consider worth protecting. This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive. So, take some time to set up PGP and practice secure communication with your friends and family.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.