TAKE THE TIME TO ENCRYPT YOUR PRIVATE CONVERSATIONS
I’ve never been too worried about spies or hackers monitoring my everyday correspondences, but recent heightened tension over online espionage has made me a bit more cautious. The U.S. last week accused China of being a threat to cyber security. President Obama even brought the subject up in his congratulatory phone call to new President Xi Jinping. The New York Times reporter that unveiled then-Premiere Wen Jiabao’s massive fortune reported hackers tried to access his email, one of many such cases. On top of that, a recent report from the Data Center of China Internet says 35 percent of Android apps are stealing private user info that has nothing to do with the apps’ functions, including text message content.
So if you’re worried someone might be snooping, then encrypting your daily digital communication can put you at ease. Even if this doesn’t seem like a real concern to you, it’s worth making the extra effort. Like seatbelts and airbags, encryption is a preventative just-in-case measure that everyone should adopt.
For iPhones and Android handsets, a number of apps can encrypt both text messages and phone calls. If you’re sending a message you want kept private, I would avoid using messaging apps like WeChat or WhatsApp. WeChat can be ordered to hand over information to the Chinese government, while the encryption for WhatsApp has its own share of security problems.
As for your emails, several encryption options exist depending on your desired level of security, email client, and inconvenience tolerance. The two main encryption methods are PGP/MIME and S/MIME. The difference between the two for our purposes is nearly insignificant, but you can read a more detailed comparison here.
Mac OSX and iOS support of S/MIME is built in, which makes things a lot easier. You’ve probably noticed the strange five-kilobyte attachment stuck to emails from some Mac users(smime.p7s). If you want to use S/MIME on a Windows client (non-browser), you can get a free certificate at Comodo. Here are the instructions for using it.
If you prefer PGP, Outlook users can use the Gpg4win plugin, and there’s EnigMail for Thunderbird and Seamonkey.
A number of PGP Firefox and Chrome extensions are available to Gmail users: Mail-Crypt (for Chrome), firegpg (Firefox, discontinued but might work?), Mailvelope (Chrome & Firefox, also works in Yahoo! Mail), or GPGTools (if you’re using OSX Mail). A Google search for Gmail encryption will bring up links for SafeGmail. However, one expert told me, “SafeGmail advertises itself as ‘Easy & Free PGP (Pretty Good Privacy) Encryption for Gmail.’ Thing is, they don’t actually use PGP to encrypt your email, they roll their own custom encryption and use PGP in ways that aren’t meaningful for your email.” Also, SafeGmail deletes your message after a certain number of days.
PGP uses a combination of a private and public key to make sure only the person you’re sending an email to can decrypt it. Most of the above encrypters also have key generators. Make yourself a key pair using your name and email address, then copy and paste the public key to a keyserver. Now anyone can search your name or email to obtain your public key and send you encrypted email. Conversely, you can find their public key to send them encrypted email. Now you can choose who you want to be able to read your mail from the list of public keys you’ve accumulated. Make sure to include yourself so you can decrypt your own messages later.
Setting up encryption can be a bit of a hassle, but you’ll breathe a little easier knowing neither big brother nor black-hat crooks can read what you’ve been up to.
Chris Burgess contributed to this article