How do we avoid surveillance and keep our private information private? Read on for a quick guide.
Start by encrypting your messages. Email is an inherently insecure medium, and any email you do not encrypt can and will be read by a third party.
The standard encryption method used for text-based communication is public-key encryption, which uses a public key to encrypt a message and a secret key to decrypt the encrypted message. A public key, as the name implies, can be shared freely online, as a public key alone cannot decrypt an encrypted message. We need a secret key corresponding to the public key used to encrypt a message for decryption.
The main point: given a public key, there is only one secret key that decrypts the messages encrypted with the public key in question. Secure communication, in this context, means keeping your secret key stored away safely, and publishing your public key so that people can use it to send you encrypted messages that can be decrypted only with your secret key.
The most popular public-key encryption technology is Pretty Good Privacy (PGP). A PGP tool takes plaintext such as
and spits out encrypted text:
-----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.0.62 Comment: https://keybase.io/crypto wcFMA52wsjxOtCGBARAApdD08LjlChvHpvMHmRv016nbYGjgGOCJA2SoU3rXAClq XkEisaK3q6fG0Ul+nxXdgPgWeycXQ48PRrB1jlQZL+WNYHCTRp62RsFAEIbAwceE 5svPIdsd42fJAPr93EwuUnQz+U4Hw1c66P/yYVtA77fPW+ovnNjjQp2UuubBpQlW 2v1mqtQ4TMxmqXjDfVJkNS6HKMbrHsgBY+4NliMPrYsvcxOypGHo+jnVf1oqana1 N7nNsdQnAzPd3n/q2blgjG7NkpVuOPMKwlmbPXflOD4GAxO4AWVyNbzMRlmEYfQE wwkO7uI+awwiorHeIKQJokY8y2Z14P2glhzitT6k6YZxzlxJuV4hBqi1164fzUIO J1ysK7SA8Me0RQ0zdFWEfWof3k4qlxDwo9dVaHTOjKmzdZOW+//KaGiTWmzym2nA vTWTw/8PPXD7hJljMOEF39GtO+CEcVkxONNTMkIAkUnNPmJzv5C0or2uHosCR0St KaiUt0C4bFxLNrNThaDCcPeD0pHcHUQ2q7AHWcPrMha60WUKlwicasOcAJbumVYo 7nz22CCDo3E4u3Z3wXn6qzJR098Pq1iDDtWad+/xd6LZQ0xLQC5HRCiwGqbJCAlg 7eONBEmzUKSjd0FegUSdoP+GYahVRlSHiNAzPVxFtvgz4e9drm35qXSMyZbtouzS SQHqNeB1WcF031KfemPucbEF5336EctMU/CTCrPkQ7pmGIX+sUMe1Hz742/wFkB8 P9E//G39GLPAuXUi17jheVsRqilXi5BnXCY= =56TE -----END PGP MESSAGE-----
The encrypted text can then be copy-and-pasted on to your email platform of choice, and the recipient can use their private key to decrypt the text.
Instant Messages with End-to-End Encryption
Now, copy-and-pasting PGP-encrypted messages might be too much of a hassle for instant messaging. It is convenient to use an instant messaging platform with built-in encryption capabilities.
The buzzword to look for here is end-to-end encryption. The most accessible instant messaging platform with end-to-end encryption capabilities is Facebook Messenger, but the encryption feature on Facebook Messenger has to be turned on manually for each conversation. A popular encrypted-by-default messaging platform is WhatsApp, which, incidentally, is also owned by Facebook.
If you don’t think you can trust Facebook to keep your messages safe, try the mobile messenger from Open Whisper Systems, the developers of the popular Signal encryption protocol that Facebook Messenger, WhatsApp, Google Allo, etc. use.
Secure Passwords and Password Managers
All this effort at encryption is wasted if you can’t keep your passwords safe.
Install HTTPS Everywhere, and do not use messaging platforms that fails to play nicely with it. Plain HTTP is insecure and should not be used to send passwords and other sensitive information.
Get a password manager, a tool that generates difficult passwords and keeps them securely stored, so you don’t have to remember them. Use the longest password each messaging platform allows, and change your passwords regularly with your password manager’s randomly-generated passwords.