A three-minute guide to online security

3 m

How do we avoid surveillance and keep our private information private? Read on for a quick guide.

Email Encryption

Start by encrypting your messages. Email is an inherently insecure medium, and any email you do not encrypt can and will be read by a third party.

The standard encryption method used for text-based communication is public-key encryption, which uses a public key to encrypt a message and a secret key to decrypt the encrypted message. A public key, as the name implies, can be shared freely online, as a public key alone cannot decrypt an encrypted message. We need a secret key corresponding to the public key used to encrypt a message for decryption.

The main point: given a public key, there is only one secret key that decrypts the messages encrypted with the public key in question. Secure communication, in this context, means keeping your secret key stored away safely, and publishing your public key so that people can use it to send you encrypted messages that can be decrypted only with your secret key.

The most popular public-key encryption technology is Pretty Good Privacy (PGP). A PGP tool takes plaintext such as

Hello, world!

and spits out encrypted text:

Version: Keybase OpenPGP v2.0.62
Comment: https://keybase.io/crypto


The encrypted text can then be copy-and-pasted on to your email platform of choice, and the recipient can use their private key to decrypt the text.

Keybase offers a nice platform for maintaining PGP keys, as well as a simple tool for encrypting and decrypting text-based messages. If you would prefer to have a desktop application, try out GnuPG.

Instant Messages with End-to-End Encryption

Now, copy-and-pasting PGP-encrypted messages might be too much of a hassle for instant messaging. It is convenient to use an instant messaging platform with built-in encryption capabilities.

The buzzword to look for here is end-to-end encryption. The most accessible instant messaging platform with end-to-end encryption capabilities is Facebook Messenger, but the encryption feature on Facebook Messenger has to be turned on manually for each conversation. A popular encrypted-by-default messaging platform is WhatsApp, which, incidentally, is also owned by Facebook.

If you don’t think you can trust Facebook to keep your messages safe, try the mobile messenger from Open Whisper Systems, the developers of the popular Signal encryption protocol that Facebook Messenger, WhatsApp, Google Allo, etc. use.

Secure Passwords and Password Managers

All this effort at encryption is wasted if you can’t keep your passwords safe.

Don’t log into a messaging platform on devices you cannot trust. Keylogging, the act of recording and stealing what you type on to a computer, is easy and widespread.

Install HTTPS Everywhere, and do not use messaging platforms that fails to play nicely with it. Plain HTTP is insecure and should not be used to send passwords and other sensitive information.

Get a password manager, a tool that generates difficult passwords and keeps them securely stored, so you don’t have to remember them. Use the longest password each messaging platform allows, and change your passwords regularly with your password manager’s randomly-generated passwords.

My favorite password manager is pass. It is free and open source, but not exactly the most user-friendly application. Popular commercial passwrd managers include LastPass and 1Password.

Further Reading