Electronic Self-Protection
November 12, 2016 12:17 PM   Subscribe

How to encrypt your entire life in less than an hour "In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy."

For more in-depth privacy enhancement, check out PrivacyTools.io, a site dedicated to listing tools to help you secure your online life. Privacy and security as far as the eye can see!
posted by XtinaS (47 comments total) 176 users marked this as a favorite
 
Related recent MetaTalk thread: Encrypted communications, with some discussions on how to encrypt communications, and comments on why TOR isn't the simple solution it was once supposed to be.
posted by filthy light thief at 12:26 PM on November 12, 2016 [5 favorites]


Both Windows and MacOS have built-in full-disk encryption. You just need to turn it on.

Windows BitLocker is only available in the pro editions I think. It's definitely not an option in my install of the home edition of Windows 10.
posted by Lentrohamsanin at 12:34 PM on November 12, 2016 [3 favorites]


I know more than a few people who do full disk encryption, but don't encrypt their backups.

Also, regarding phone thumbprints. I understand you don't have to use your thumb or other digits. And no I don't mean that, you can't use *that* to unlock your phone when out on the street.
posted by edd at 12:52 PM on November 12, 2016


Tip #7 is to use Tor, but then one sees comments like this:
"Also unless you want to do an incredible amount of work learning and configuring stay away from TOR, it's quite literally dangerous to use - not my opinion but the security researchers at a recent meetup. (if you want to touch TOR the tor browser is fairly safe for purely looking around)"
...so I don't know what to believe about whether it's compromised by/insufficiently obscuring to state-level surveillance.

I occasionally use the TunnelBear VPN service, and assume it's proof against ISP snooping but would bend to governmental pressure if they started waterboarding engineers.
posted by mumkin at 1:03 PM on November 12, 2016


edd I know more than a few people who do full disk encryption, but don't encrypt their backups.

You just made me double-check that my drive clone is encrypted. It is. And my Time Machine is encrypted too, though it wasn't until I upgraded to Sierra (d'oh.)

I'm pretty sure my cloud backup, Backblaze, is also encrypted, but that's kinda on them. :-/
posted by SansPoint at 1:06 PM on November 12, 2016


I think the point about Tor is that while the browser works well, it's insanely easy to leak your identity. Log into Facebook once and it's all over.
posted by JoeZydeco at 1:15 PM on November 12, 2016 [4 favorites]


Pretty sure TunnelBear is run out of Canada...
posted by sixswitch at 1:37 PM on November 12, 2016


I know more than a few people who do full disk encryption, but don't encrypt their backups.

But I will now.
posted by bongo_x at 1:52 PM on November 12, 2016 [1 favorite]


Tails is a good way to play around on Tor; it's reasonably easy to set up, and because it boots from a USB key it's independent of your main OS/browser/user data and you won't be spraying around your normal usage fingerprint stuff if you click on the wrong thing. Just don't go logging on to anything with ID you use anywhere else.

VPNs are fine in theory, nut don't forget they see all your data. If you're happy with effectively plugging your PC into a data centre in another country run by people you can't sue, go right ahead. Otherwise, try and limit the stuff they see of your identity.
posted by Devonian at 2:13 PM on November 12, 2016 [1 favorite]


Just encrypted my backup USB key this afternoon.

Conversations (linked from privacytools.io) has been a little pain to set up (have to make a Jabber account at your choice of server), but after that has been excellent and OMEMO-encrypted text and small photo/video substitute.
posted by anthill at 2:58 PM on November 12, 2016


Tip #7 is to use Tor, but then one sees comments like this:

"Also unless you want to do an incredible amount of work learning and configuring stay away from TOR, it's quite literally dangerous to use - not my opinion but the security researchers at a recent meetup. (if you want to touch TOR the tor browser is fairly safe for purely looking around)"

...so I don't know what to believe about whether it's compromised by/insufficiently obscuring to state-level surveillance.


I've been using Tor for most of my web browsing and some other stuff for years and it's been surprisingly easy (as in, I expected browsing to be much slower and cumbersome than it actually is*) so, for my use case at least, I have literally no idea what that comment is alluding to. To be frank, without any further details it reads like FUD.
Not that I'm a cryptographer or someone knowledgeable enough to assess whether the software is actually doing what it claims to do, but Tor being broken in any significant way would be news to me.

* Having said that, fuck off Cloudflare.
posted by Bangaioh at 3:04 PM on November 12, 2016 [1 favorite]


Do Not Lose Your Encryption Key. People do anyway. It's not pretty.
posted by theora55 at 3:09 PM on November 12, 2016 [1 favorite]


Tip #7 is to use Tor, but then one sees comments like this:
"Also unless you want to do an incredible amount of work learning and configuring stay away from TOR, it's quite literally dangerous to use - not my opinion but the security researchers at a recent meetup. (if you want to touch TOR the tor browser is fairly safe for purely looking around)"


I hope sammyo will clarify this comment? It's really not clear to me what he means - sounds like maybe he's suggesting not to try to set up your own applications/services using Tor unless you know what you're doing? I think there's evidence that the the fundamental protection provided by Tor is not absolute at this point versus a targeted attack by an adversary with enough resources but then I'm not sure "learning and configuring" will get you around that.
posted by atoxyl at 4:26 PM on November 12, 2016 [1 favorite]


Regarding the safety of Tor, here's an article on Pando in 2014 titled If you still trust Tor to keep you safe, you're out of your damn mind, which points to two issues with the system: 1) sign up a ton of new relays to becoming a large fraction of the network, but that failed because in 2014, ~8,000 relays was less than 1% of the Tor network by capacity; and option 2) attacking directory authorities, the servers that help Tor clients to find Tor relays in the anonymous network service. I'm not sure if this particular attack at the end of 2014 was successful.

There have been succesful attacks: cornhusker, commonly known as Torsploit, which exploits Flash to send a user's real Internet Protocol (IP) address to a server outside the Tor network, and issues with exit nodes, where encrypted data is unencrypted.

Tor Project has an extensive FAQ that answers more questions, and they remind you that there could be malicious code in PDF or DOC files you get on Tor, so open any downloaded material in a protected space (downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails, as mentioned above).
posted by filthy light thief at 6:10 PM on November 12, 2016 [3 favorites]


A Harvard student who sent a bomb threat to get out of exams was caught because he used Tor. This is not a super implausible event. Most people don't use Tor. Therefore using Tor is suspicious, and will actually bring you to the attention of authorities. A friend of mine (who is actually quite patriotic) was put on a list of "extremists" for using Tor (for a class project). This came up in a subsequent job interview when he had trouble with security clearance.

That doesn't mean you should never use it, just that it's worth thinking about. I can think of two compelling reasons to use it. 1), you have a specific need for anonymity that is great enough to risk being "suspicious" (in which case you may be able to employ countermeasures, such as a VPN to mask your entry onto Tor), and 2) you want to normalize Tor usage and thereby provide cover for those who must use Tor.

On further reflection, I guess 3) it's cool to learn new things, and 4) "hey, fuck you for trying to track me" could be reasons too. Just be aware that the NSA has the world's largest collection of mathematicians, hackers, and malware authors; and they like circumventing shit even if only as proof-of-concept, and you'll look like a valid target. In my mind, the adversary I'm hoping to defeat is criminals and ISPs (but I repeat myself), which you can do with a VPN.
posted by Humanzee at 7:05 PM on November 12, 2016 [4 favorites]


Another reason to use Tor is as insurance against a time when you actually need that anonymity. Being flagged as an habitual Torist now, when you're not doing anything that might upset anyone, means it won't be obvious some time in the future when, say, stamp collecting is outlawed but you have a burning need to discuss the variations in the 1934 run of the French two centime blue.
posted by Devonian at 8:21 PM on November 12, 2016 [7 favorites]


they remind you that there could be malicious code in PDF or DOC files you get on Tor, so open any downloaded material in a protected space (downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails, as mentioned above).
Whonix sets up a pair of virtualboxes with one as a gateway running tor, and the other for applications using that gateway for network access. It effectively mitigates vulnerabilities like torsploit, unless they're combined with some method for breaking out of the VM.

Qubes, founded by Joanna Rutkowska, takes this an extra step, providing an interface for running many apps in separate VMs and easily and securely transferring files and clipboard data between them.
posted by Coventry at 9:46 PM on November 12, 2016 [4 favorites]


With all that's happened in the last few years, I consider it very likely that Tor has been cracked by the NSA and their equivalents.
posted by LoveHam at 9:46 PM on November 12, 2016


Yes, tor should be used in conjunction with a reliable VPN.
posted by Coventry at 9:53 PM on November 12, 2016


I suspect it's in reference to a number of articles over the last few years about malicious relays, exit points, and directory services on Tor Ars Technica has been covering some of this. There was also an article I can't find lately arguing that since the Tor group declared itself to be a political activism tool rather than just a general privacy tool, that the use of Tor is a risk under regimes that criminalize political activism.

On linux, a tool worth considering in this category is firejail.

firejail --private runs firefox (or any other software) in a highly restricted temporary sandbox with no configuration. This adds another layer of protection beyond private tabs/windows that still might run addons and have access to user data.
posted by CBrachyrhynchos at 10:04 PM on November 12, 2016 [1 favorite]


With all that's happened in the last few years, I consider it very likely that Tor has been cracked by the NSA and their equivalents.

I wonder that about every security or encryption program I see. I just downloaded Tails wondering how it was going to install a backdoor on my laptop.
posted by bongo_x at 11:09 PM on November 12, 2016 [1 favorite]


filthy light thief, all of those are well-known and unavoidable due to the way Tor is supposed to work. AFAIK, Tor is not broken in the same way that, say, WEP or MD5 are broken.

A blanket recommendation against using Tor would be the same as telling someone not to encrypt their hard drive because a remote attacker who exploits their computer while it is powered on can still access everything -- that's not what full disk encryption is intended to protect against.
I think this is still the best explanation of what Tor (and also HTTPS as a bonus) can and can not protect against if used correctly.

As repeatedly pointed out, none of these tools are a silver bullet; if one starts using a few or even all of them without a very basic understanding of their threat model and what each of tools can and can not do things may go wrong. People can fall into a false sense with security with any of them.
posted by Bangaioh at 2:51 AM on November 13, 2016 [1 favorite]


With Tor there's also the issue of running an exit node, which I suppose most users don't do. When you run an exit node, all the truly nasty stuff that other people use Tor for comes spewing out your public IP.
posted by ryanrs at 3:39 AM on November 13, 2016


Infosec for Journalists guide from previously (hard mode).

Completely agree with Bangaioh above. About using a VPN for example, if you run Skype it de-anonymises your session. So despite VPN, when I open facebook and google hangouts it's probably also game over, right? And some apps may still bypass VPN unless the client comes with a "network lock" of some sort. Then there's DNS leaking but it's easy to test (search for "DNS leak test").

Yesterday I tried the "Hands Off" app on a recent Mac. Of course it phone home to a dozen or more different apple servers. But I didn't know Safari's "Safe Browsing" feature was based on exchanging data with Google, and I'd also forgotten that the virus scanner helpfully runs my entire browsing activity past it's servers.

In conclusion, computer security is a land of contrasts.
posted by yoHighness at 4:17 AM on November 13, 2016 [1 favorite]


With Tor there's also the issue of running an exit node, which I suppose most users don't do. When you run an exit node, all the truly nasty stuff that other people use Tor for comes spewing out your public IP.

By default, a system Tor installation (at least in Debian but I assume for Windows etc it would be the same) will not make your client a node of the Tor network, not even a normal relay or bridge, much less an exit node.
I think the browser bundle, which is the recommended way to use Tor for beginners, doesn't even let you to be any type of node at all, though I may be wrong.

One would need to both be completely unaware of what they're doing and deliberately jump through hoops to shoot themselves in the foot for that to be an issue.
posted by Bangaioh at 4:32 AM on November 13, 2016


Don't use a password manager. Choose a strong root password like 'flug3nh3imeR'. Then for each site or service prepend the name when settiing a password.

facebookflug3nh3imeR
twitterflug3nh3imer
posted by GallonOfAlan at 4:34 AM on November 13, 2016 [2 favorites]


Don't use a password manager. Choose a strong root password like 'flug3nh3imeR'.

But if one of these gets exposed, doesn't that mean anyone who cares to go after you personally now has a pretty good idea of what to try on every site?
posted by Lentrohamsanin at 4:52 AM on November 13, 2016 [10 favorites]


But if one of these gets exposed, doesn't that mean anyone who cares to go after you personally now has a pretty good idea of what to try on every site?

All it takes is for one site using plaintext password storage to get hacked, or alternately, a hack that pulls your plaintext password from memory, and your entire system is compromised.

If my twitter password is ever compromised, the attacker has no information about my facebook account other than one of my email addresses.
posted by CBrachyrhynchos at 5:47 AM on November 13, 2016 [1 favorite]


I've always wondered if password requirements like "must contain uppercase, lowercase and a number" make password cracking easier by greatly limiting the universe of valid passwords.
posted by double block and bleed at 6:08 AM on November 13, 2016


Let's take an 8 character password for example. If it is all lower case there are 208,827,064,576 combinations. By adding just the option for upper case it goes to 53,459,728,531,456 combinations. So even if we block passwords that are only lower case or only upper case to protect against human laziness we've increased the number of password possibilities by over 53 trillion. I think its worth it.
posted by Apoch at 7:27 AM on November 13, 2016 [2 favorites]


Here's a good video on passwords and password cracking, with practical demonstrations and thoughts on strong password choices.
posted by Devonian at 7:50 AM on November 13, 2016


sixswitch: "Pretty sure TunnelBear is run out of Canada..."

I wouldn't count on CSIS saying no to the NSA.
posted by Mitheral at 8:48 AM on November 13, 2016


SansPoint:
I'm pretty sure my cloud backup, Backblaze, is also encrypted, but that's kinda on them. :-/
If you set a “Private Encryption Key” everything should be encrypted on your end before it is ever sent to Backblaze, and Backblaze will not be able to decrypt any of it. This is something you have to configure in the application’s preferences yourself though.
posted by Martijn at 10:19 AM on November 13, 2016 [1 favorite]


2) you want to normalize Tor usage and thereby provide cover for those who must use Tor.

My understanding is that TOR was developed to camouflage the internet traffic of (US) intelligence agents... so it's a toss-up who you're providing cover to.
posted by anthill at 10:26 AM on November 13, 2016


Honest question -- a lot of people including this article are recommending switching to Signal. Is it meaningfully better than iMessage as far as E2E encryption?
posted by churl at 10:47 AM on November 13, 2016


With all that's happened in the last few years, I consider it very likely that Tor has been cracked by the NSA and their equivalents.

And you base that on... nothing. And you don't even bother to define what "cracked" might mean. Thanks a bunch for your valuable contribution.
posted by indubitable at 2:02 PM on November 13, 2016 [1 favorite]


And you base that on... nothing. And you don't even bother to define what "cracked" might mean. Thanks a bunch for your valuable contribution.

"Cracked" is probably not the word I'd use but there have been several successful attacks on Tor users/significant-scale busts of people using it for illegal activity, indicating that the anonymity it provides is less than absolute.

This is probably the most direct and alarming attack. Whether things like that are likely to remain possible I will leave to an expert to answer. There may also be timing attacks and such that are possible if you have enough monitoring capability? Again I don't know in detail what's currently considered plausible. The more time-tested approach is indirect - exploit a server so that it can infect Tor users with malware so that you can track them, or something along those lines. This has been done quite a few times and I think is the reason for the recommendation of a dedicated machine or virtual machine set up only to allow Tor traffic.

The assertion that it's particularly dangerous to use Tor might stem from cases like the student above - where somebody was identified because they were the only person on a short list accessing Tor. That doesn't seem as relevant in situations where there's not a short list though.
posted by atoxyl at 3:01 PM on November 13, 2016 [2 favorites]


The step that always, always stymies me is encrypted messaging: it's absolutely no good unless all of your contacts are using it, too. Even if they are, they have to be using the same one, in the same way, with the same protocols, and using it to the exclusion of all others. I have a tech-savvy friend who uses WhatsApp because it now has end-to-end encryption.

Yes, it is a Facebook product, but it's got end-to-end encryption. This may give you an idea of what we're dealing with.

But, on any given day, he may carry out a conversation with me via WhatsApp, Facebook Messenger, Twitter (including DM), email, FB comments, and SMS.

Now imagine that multiplied by every single personal and business contact you have.

Then add the well-documented risks of bad-faith actors within the developer community, consistent and escalating attempts to breach the systems by state and non-state entities, and the broader community suspicion of encrypted communication ("You only want encryption if you're doing something wrong!"), and I'm pretty resigned to ending up up against the wall when the alt-right comes...
posted by prismatic7 at 7:57 PM on November 13, 2016 [1 favorite]


The problem with this and all it's ilk is that it promotes the idea that "check all these boxes and you're secure!". Even if that was true upon checking all the boxes (the deficiencies in this list have been pointed out), security isn't a checklist, it's an on-going process. The threats change, the tools change, the rules change, and if you're not keeping up, you won't be secure for long.
posted by kjs3 at 10:31 AM on November 14, 2016 [4 favorites]


People shouldn't be too discouraged by that though. Even if you end up exposing yourself to the bad guys at some point if the general public all were to take these steps it would make the bad guys job harder and more difficult and time consuming in aggregate. If you double the time it takes for a bad guy to attack you personally that means that in aggregate he is able to attack only 50% of the people he could have if unhindered.

And encrypted communications can be effective against the little brothers even if of limited utility against big brother.
posted by Mitheral at 11:15 AM on November 14, 2016


Honest question -- a lot of people including this article are recommending switching to Signal. Is it meaningfully better than iMessage as far as E2E encryption?

Forgot I was gonna respond to this. It's open source and doesn't belong to Apple so yeah it's probably preferable? It's developed by the same people who partnered with WhatsApp to do their encryption. They claim not to retain any metadata about users except the date of first and last use. On the other hand as someone mentioned you maybe don't want to spread stuff out over tons of channels so whatever you're using you want your friends actually to use it.
posted by atoxyl at 11:50 AM on November 14, 2016


Signal does also send your contacts list to their server I believe - I'm not sure it even asks - so it can identify fellow users for you. So be aware of that. But I figure here we're comparing to other services which are likely to be careless with that sort of info.
posted by atoxyl at 11:21 PM on November 14, 2016


"Signal does also send your contacts list to their server I believe "

Wait, what? Citation needed.
posted by I-baLL at 8:10 AM on November 15, 2016


The Wikipedia article on Signal has more on that, with citations to primary sources. Briefly: it stores a hash of each user's phone number server-side and client apps periodically transmit hashes of contact list numbers to see if they match. This blog entry by Moxie Marlinspike may be of particular interest.
posted by indubitable at 9:59 AM on November 15, 2016 [1 favorite]


The article and the wiki entry also make it clear that "practical privacy preserving contact discovery remains an unsolved problem". IE: Signal would probably leak contact information to a determined attacker.
The average Android user has approximately 5000 contacts synced to their device.
Wow is this true? I realize at less than a hundred contacts in my phone I'm way at the bottom of the curve but 5000 as an average?
posted by Mitheral at 11:25 AM on November 15, 2016 [1 favorite]


Yeah to quote Wikipedia's summary of Moxie's post:

Moxie Marlinspike has written that it is easy to calculate a map of all possible hash inputs to hash outputs and reverse the mapping because of the limited preimage space (the set of all possible hash inputs) of phone numbers

One thing I'm not sure of is whether you can turn off auto-discoverability or whether there's a way to add contacts manually. It certainly seems like it would be desirable to have that choice.
posted by atoxyl at 1:54 PM on November 16, 2016


If it isn't obvious, Moxie is one of the creators of Signal, which is the successor to the RedPhone and TextSecure apps he talks about.
posted by atoxyl at 1:59 PM on November 16, 2016


« Older Meanwhile in the U.K...   |   Knit love in the dark Newer »


This thread has been archived and is closed to new comments