If you aren’t aware of recent problems with digital privacy and cybersecurity you’re probably living on another planet. We are being bombarded with news about the NSA, foreign state sponsored cyber-attacks and just your plain ole hackers stealing private information and credit card numbers. So needless to say in this day and age it just makes sense to take some steps to secure your the information you want to keep private.
Let me start by saying that the apps discussed here are not guaranteed to keep your information safe.
For starters, one of the biggest problems with security is the human element. You need to use these things properly, create strong passwords, use different passwords for each application, log out when not in use etc. It is the human element that is the easiest to exploit. Humans are creatures of habit, relatively lazy and predictable. Typically the weakest link in the digital privacy chain is located between the seat and the keyboard. I’ve made an effort here to pick the most user friendly tools with the idea that if it’s easy to use you’ll be more apt to use it.
Secondly, if you’ve become a target of a government agency, especially one at the Federal level, well you’re in a world of hurt to begin with. I recently watched a video on surveilance where the speaker stated that “if they have 10 different options of spying on you that you know about, they have 13 ways of doing it” they WILL get your information, and it’s not the intent of this article to protect you against a full on investigation by the government.
Next, Physical access and in some cases remote access via special tools. You can be using the strongest encryption in the world, something that would take even the NSA millennia to crack, you can have a 100 character password with all random numbers and letters, upper and lower case and special characters. All of that means squat if someone has physical access to your system. They don’t need to crack your password if they’ve installed a keylogger and you type it in for them. There are also remote access tools that while not connected to your system they are passively gathering things such as keystrokes and screen shots, all incredibly hard to know and protect against. Even if you air gap your systems you’re still vulnerable. Again if you’ve become prey to this kind of surveillance you’ve probably been a bad boy or girl. The government doesn’t just randomly allocate and deploy these types of resources on average people, you’ve done something to pop up on the radar.
Finally, backdoors. Well, we now know there are backdoors being built into software and even hardware. On the hardware side, well you’re pretty much screwed. It’s the government messing with these types of backdoors (for now) and as mentioned, if you’ve got their attention, you’re screwed anyway. On the software side, barring scrutiny from the Feds, the best option is to use Open Source software. The code is available to be audited by independent parties and even yourself if you have that level of skill. In the list below you will see that I’ve tried to use open source or partially open software whenever possible.
Again as I mentioned before, the idea here was to pick applications that are relatively user friendly and also have good support communities with plenty of tutorials to get you on your way. I know there are other options and many might be better but you gotta be able to crawl before you can run. So lets get on with it.
File Encryption – TrueCrypt
So we all have files on our computers with personal information. Maybe its you familys’ social numbers, bank accounts, lists of birthdates, scanned copies of birth and marriage certificates, bitcoin wallets, that video you have of your boss and his secretary, the list goes on. The first thing you will want to do is to encrypt this information, and for that there is a tool called TrueCrypt.
TrueCrypt is quite a powerful tool. For starters it is open source, and it works with most popular operating systems such as Windows, Mac and Linux. It can be used to create a volume (container) where you can securely store files. It also has the ability to create hidden volumes, hidden operating systems, and even has a plausible deniability feature. You can also use it to encrypt things like USB drives which can be quite helpful.
Using it is pretty simple. Here is a video tutorial showing you the basics.
Note: There are things to be aware of while using TrueCrypt and as I mentioned before the weakest link in the chain is the meat bag using the software. So be aware that unencrypted data is left in RAM and depending on how you shutdown your computer that data can be recovered and used to open your files.
File Sharing/Cloud Storage backup – SpiderOak
In this day and age keeping all your files locally on your computer may be one of the safest bets but it’s not always practical. There are situations where having your files in the Cloud may be both convenient and/or necessary. Spider Oak is an application that will help you manage this securely. It allows you to backup, sync between multiple devices and share files in a secure manner. It works on Windows, Max, Linux, Android, iOS, with Blackberry and Windows Mobile coming soon.
There are similar options out there like DropBox but the big advantage with SpiderOak is that your files are encrypted on your computer before they are uploaded to the server. Even if someone gained access to your data it’s encrypted.
Unfortunately SpiderOak is not completely open source at this point and only some of the code has been released, but according the their website they intend to eventually open it all to the public.
Here’s a video that walks you though the application. This is the official SpiderOak YouTube Channel so you’ll be able to find other information and tutorials there as well.
Spideroak’s free accounts come with 2 free GB’s of storage, but if you click this link and sign up we both get 1GB extra storage for life! (maxes out at 10GB)
Encrypted Webmail – Mailvelope
With the exception of my work email, I pretty much exclusively use a webmail interface for all my email specifically Gmail. Now I know Google is the devil but that’s a discussion for another time. This application however will help you tame the beast. Of course there are dedicated “secure” email services but that’s not within the scope of this article.
The biggest problem with using webmail is being able to encrypt your messages easily. There are plenty of options out there for email clients like Outlook and Thunderbird but If you’re using the webmail interface for Gmail, Yahoo, Outlook.com etc., your options are limited. Enter Mailvelope.
Mailvelope is a browser plugin for Chrome and Firefox that allows you to encrypt your messages through the webmail interface. The plugin is based on the OpenPGP encryption standard and uses Public-key cryptography. How this works is pretty simple, after you install the plugin you will need to create a keypair which contains both a public and private key. The private key needs to be kept with you and secure (see note below). Never share your private key with anyone. The public key is what you share with whomever needs to send you an encrypted message. They use this public key to encrypt the message, and send it out to you. Once it is encrypted the only key that can open it is your private key with the propper password.
What makes Mailvelop so simple to use is the interface. Rather than try to explain how to use Mailvelope here is a short video demonstrating how easy it is to use.
One thing to note and in reference to the physical access disclaimer above, your private key is stored on your computer in a SQLite database as plain text. If someone has physical access to your system the can retrieve this key. However, even if they have the key they still need to know your password in order to open the encrypted message. So, USE STRONG PASSWORDS!
VPN Client – OpenVPN
There are several reasons you might want to use a Virtual Private Network or VPN. One is security another is anonymity.
Most people know when they go online they are sending data back and forth, often times in the clear. They also know that their computer/connection has a unique number that identifies them and where they are located called an IP Address. A VPN helps with both of these issues.
When you log into a network especially a public one like say at the local Panera, you have no idea who is capture your data or even if you are connected directly to their network and not the victim of a man in the middle attack using something like the wifi pineapple. A VPN will create what is best described as an encrypted tunnel between you and whatever you are connecting too.
A VPN also helps to hide your IP address so that the the entity at the other end doesn’t know exactly where you are coming from. This is helpful when lets say you trying to access a website that is blocked in your country or you just want to remain anonymous. Now keep in mind the VPN service will know your real IP Address, so if they get a visit from the feds asking questions they might give you up, that is unless they don’t keep logs. More about that later.
Here is a nice simple description of how it works.
To use a VPN you need two things: a program on your computer that manages the connection and a service in which you connect through.
OpenVPN is that program that handles the connection to the service you’ve chosen. Here is how you set it up:
PrivateInternetAccess.com does not collect or log any traffic or use of its Virtual Private Network (“VPN”) or Proxy.
They also have lots of positive reviews from respected sources. There are no bandwidth limits. They allow torrent downloads, they accept bitcoin payments and are reasonably priced. If you’d like to check them out click the affiliate banner, keeping in mind we do get compensated if you subscribe.
Password Manager – KeePass
So every single application we’ve mentioned so far requires a password and we know strong passwords are huge. How the hell are you supposed to remember all of these passwords. Well KeePass might help. What is KeePass you might ask?
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
So I know what you’re thinking. If someone gets my password then they will have access to all the others. This is true, good incentive to keep your password safe, Remember that human element I talked about? So don’t tape your password to the underside of your desk.
Another thing that KeePass is able to do is use a keyfile. So in order to login you need to type the correct password and load the key file to gain access. You can keep this file on a USB thumbdrive that you always have in your possession. This creates a sort of two factor authentication system. Even though it’s an option, never use just a keyfile.
Here is a good video overview on how to use KeePass.
Bonus – TAILS
I figured I finish off the list with a little bonus for those that are more paranoid than the average bear. TAILS is a full on Linux based operation you can run from a thumb drive or DVD. It is designed with privacy in mind and has many of the applications I spoke of here already built in. It also uses TOR which is something I didn’t get into but is extremely useful in keeping you anonymous on the web. If you feel so inclined to go to this level have at it. It is free and open source.