Living Outside The Box Born-Again Techo-Geek Renaissance Man

24Aug/130

Hate The NSA? Do Something About It: Start Here.

Posted by Jeff Hendricks

If you haven't heard about Snowden and the NSA whistleblowing scandal, you either 1. live under a rock (with no internet) or 2. only use the internet to play Candy Crush (which is just as bad).

Basically, it was made publicly known that the U.S. Government records everything you do on the internet, including emails. Do you like the government having access to all of your emails and surfing history? Your passwords? Your private information? I hope not... and today, I'm going to show you what you can do about it.

Disclaimer: I'm not going to even address the faulted logic of saying "Why use encryption, I have nothing to hide!" Basically, the government can and will use anything you do or say against you if they want, for any reason they want, and their track record of mistakenly incriminating innocent people isn't particularly good! Encryption is basically the digital version of the Fifth Amendment. Protect yourself.

Back before my web hosting server got wiped a few years ago, I had written a few articles on how to use something called "GPG" to encrypt computer files, primarily emails. GPG (Gnu Privacy Guard) is a fantastic application that basically encrypts computer information using public and private keys.

How GPG works:

  • You download the GPG software. The easiest way to use GPG is to add it as a plug-in to your email client, like Thunderbird or Outlook. (I use Thunderbird with the Enigmail add-on, works fantastically!)
  • You pick an email to identify yourself... this is your digital "identity" that people will associate you with. Doesn't matter which email it is, but most likely your primary one.
  • You create a "Key Pair" which includes a Public Key and a Private Key. The public key is what other people use to send you messages, and the private key is what you use to decrypt, or read them. You publicly hand out your public key, and you keep your private key, well.. private.
  • You will also want to create a revocation certificate which lets you "revoke" the keys if they ever become compromised. Keep it safe!
  • Now if someone wants to send you a private encrypted message, they use your key to send it to you, and nobody but you can read it. Not even the NSA. You can encrypt messages or files with more than one key, so it does work for group messages. Just be aware! If more than one person can read it, you'd better trust them!

There are lots of other interesting things you can do, and of course, it doesn't encrypt the email's headers... who it was sent to, the subject, and any other header data. But if you want to simply communicate without being snooped on, GPG will do it.

You can get started by downloading GPG and trying it out. Feel free to send me an encrypted message to try it out!

My public key (jeff@jeffhendricks.net) can either be downloaded here, or you can search for and download it from a GPG Keyserver.