You Are Responsible For Your Privacy
I keep on hearing this defeatist tone when I talk to people about privacy in the internet age. “Privacy is dead”. I am ashamed to be guilty of this attitude myself. Ashamed, because in reality, privacy is not dead, it’s just a responsibility we’ve been neglecting. Privacy is not a right, it is a responsibility, your responsibility.
If you are genuinely worried about the fact that the western world is under mass surveillance, take action. When we choose to do nothing, it is still a choice, as none of us can claim ignorance to the fact that each time we send an email, it gets added to our personal file, as well as the personal file of our recipient. Carrying on as if nothing is happening is voluntary surrender. If that is the choice you make, you have no right to the freedom you demand.
Here are the tools at your disposal:
The first technology I want to mention is anonymity networks. The biggest one is called Tor, another interesting one is I2P. You connect to the network with your computer, then use the internet through the network. The network routes your internet data, passing it from one computer to another. By the time the data reaches its destination, no one knows where it came from, but the server can still send a response back to you. Behold, an anonymized connection.
This network can also be used to host secret sites.
Using it is dead simple, just download the Tor Browser. Give it a try!
The green lock in your browser address bar means that your communication with the website is encrypted, visible only to you and the website. When the data is not encrypted, it is visible to anyone who cares to look. On the other hand, just because the data is encrypted, it doesn’t mean that it’s safe. The website can be selling it to other companies or giving it to the government. They have complete control over it.
You might imagine an encryption algorithm where you use the same password to encrypt and to decrypt a message. Well, these algorithms have their place, but for communication you need asymmetric keys, meaning one key to encrypt (public key) and another key to decrypt (private key). These keys are essentially two mathematically-related numbers that are generated by a computer.
Your public key is shared openly. Anyone can use it to encrypt a message that will only be readable by the owner of the private key — you. For people to have a two-way conversation they need to exchange their public keys. Having my public key, you can send me secrets, but I can’t reply until I have your public key.
While we’re at it, here is my active public key:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: Mailvelope v1.7.1 Comment: https://www.mailvelope.com xsFNBFjA46wBEADIOf9Xx+1woszizTCrvb6WTKTGiHhR5stOdZUQPYetUklq 0m1CicpGnQChjx+uhSELlvp/bbnZO/0QxzEGvxeew7Yzxsz334dI/Oo1oknU /CEX79yGnhMr3XvKp8tjjHkH63ZUlapPgHnjVyvGGRhS9GlVyfYGEDCb8esV 4KIQXjUR+RfJqcnNVkd/bi4nrJPPONJDnlI8flo6tLpD0aWAEzkVmlKhmV62 q1ApWT/ST9E/OpmNT2vdzgIB/wQUU/E1w+2QnyiqEbYCt0BnVVrNihrHbL7i /vl4vA8BuZWy54Mmgw6TTpXhNh4gRHtlXLNIUCV/acdmPrKjn3GwdYQGsxF+ IaDoqsbAFWhhoUzh+BlSTfTqEdvsWPaWjjxk2kPz3ygH0d79Vf6+RwfCK83N kW4tc86vxmeJzdhBH8dIPQO4eEDFqMHwRbK/BLYVKvV0441VY6JqwmA2uUUj /6U6MZzK6BH3GZTWuh5t7/sXVtONLOioNf5imMhJmnXNxYwBg96HW5pX9ta5 dt1XHCFbJmWhba3Lv7OaH7mnqDtP3vUXjZkkG2nDtTou5EgA7mXuCsqieXSL TGGE02FqdNx8kVjOCo2LNYHOeXv6BUAJqU96oLQqkmI2w3/ZrJ4Kx3U3PW2N bc1eOCfLBMlcrsdGXRysCA7phlHuF2yhV/HjIQARAQABzR5ib3JvbmluZSA8 YWxleGVpQGJvcm9uaW5lLmNvbT7CwXUEEAEIACkFAljA47EGCwkIBwMCCRBp 0yKgBzEzfQQVCAIKAxYCAQIZAQIbAwIeAQAAaxgP/1pBapnW0hlr4RcdJKIh h1gZUJFKhaa48MznFzFm0QfPR5pR0m/3Y3q+1EapfM3C3DEGW/Jdj29K2H+e 9rTW2OyCzu2rt6PLy1B58GcsyCf7Q/qDVNf8ORGo12KKBz1UkzDvgoaHK+Y/ ZvyPS8IqShg6C643SNZq2dMahW3BB6HFNuwLtA+lHo0ZCzZBM6Ive5g6btWD zhXL15bwQ61bURV9zbNU9fk82eHGGyF4Q79OaQsSa/krXAInBTqf0nLuPDPT Pe9Dr1PkuQG6l8D6Uc6sHEveuUvdqNRm4eWNmO/DUhQ6M0vLMKVV8lLiknkK N+5vWjdvpe6UxJCGOqJDrIPRjmjigE0ZivPgBtMyCD+eKWCpTUqUKRu/VWdf RYgNHdJTdQAnCkOJWsRnRtQP3+HVKh0DPMyPLmXp1m5EETja3LxTK7aUUAod StAyH82XNKF9KzLwoIY3EaCK2lWZmNhGFCqycIojEtI2ZHAEdJ6a4amsZLJX PPgmpHOL/rk2ZDAkXV03gbvFR0qZ0jl23FqHGM4ve2TvEh65y6OojpmJOhhm 1vTGw2JPc9tcMjRXOBQD1p2GQY+1dy3pCRYdGagmX6qJWBn4DksXej7QHcV5 cTlGpRxxK1D3+JWn+aEBZW5ihgiYigoul4j5pT+8cidnZQ09Z0pJTa4tCLhK yVBvzsFNBFjA46wBEACtcVuw4aXp85Unm/v1UYKqs7/CTH5IUqQshC7/PSMY iob+6J8yAUZd2AIJC0j8oWXmhWCiAh/8hnuaCyKBM+1zoIrhPBwPTYv9FLtj cOjUGeZUCDN4SJdbYynnTcgluegmkZKm19eTC5dDDmLbkInYAOFGHMp8bA/U w9lgfd/qQcn4ni8zuTS5BpDOea0KLoVMz1qB7KwZuOnNlSVik21iKaNwgyj8 sJyqYM9mM45KDgJp+0KJPBUfpJufluzfm3A+BUxIKiO9jkcNOshmVTJK43EN 3SPrbVHHSrOZ62FA6R1HKTptMylKrWq5jKsld08i7tp/8znVUWqwHI7xrotL ppnk2PCe2T2LZFKf+dKQwfXk2hfpbZhUqhPjdnOUdIaWxbrVBfGI03j00Y2k FSwe4F77HOUTN45un86w3y4JCAAJ9Zeh7hmL0SUgY2878nPSI3IiQSqdAPNR ZkHz9hxoscgjtW8Sr6mUohwyfsj7ABahOQIaCGtJq9z2oNhn5ua03P/03IQN xqY0udqJkVy3z7KgK5lqfqRC98nnlHkFKhPJ1UufnTwotyzZ3WlcBxraadJA +x2m2B0rAioNbeGWCyIkndw3e4atNWzUgQma/64US4BF9Tmx3PxmCS1l10t6 ieHeOwtPoB9y4IZoyU/89GgBORol8C5hX0X2Bk83lQARAQABwsFfBBgBCAAT BQJYwOOzCRBp0yKgBzEzfQIbDAAAPuEP/3yuop7IVnZOPq/8xedahAXzaijV CU7lxX3fI3dbSX0IMqN1AS3ENZvR2Ica6ogo4W9SnrB8PndtthTXGqlKol0e BrAQEYlOauwgUqFnHJDruUrP43yrIsl2Onetyk+ONvURZkXKEbrJ9ESSy6QT 7Wo9Qa0ZpKzBN+yf8Bqb5uLMgEXzAJcaxz2i2uW2R2j1fB6ExsgOMQVvp5GX A1lvSAGcSjYFaZ5cXRZXgwRHFQvxhLF1mZ0ZJXifkOXhq1nSmegEbgabqdhF 4rBPydIPkubN1F/XQ0uXnWbtReaW7+Kn8OTeINNNnWr7MuTl4NgjXjE6QSqP B1MVPxguTF96+T/eB6H0ZnOh4Q+w4cHKmpwl7SmxVl5zNwh8Sd8VWeHMwNSY cZj+MYh1m5NYskg8nk4igP3ARpwSIeYCH6AUHXcGVbmxpH5T2pQiTM7lDpW7 HHiKr7PXMbkWVlvfT4NhyHF7POqa2IAN0b16dDftgv3a7sZTmiTRyMKxewhP +S/Aj/bmoJEbQ186w3BSdjdp3o/BZgtnp4VioUYOi/dORU0a/Rdr0Ywc61zv tmFhg/eDVw9r8sfbzqzc3rKZxtmL1fcQRj0uYHtGowtfGK/5p2HLDL0WtJ1z 119qW45QMPu10yMbcPIPyAp3sYQZ3u4Y/dlNiWlAKakxsx2MUmNn8iOY =gTmR -----END PGP PUBLIC KEY BLOCK-----
This is the standard format for PGP keys, including the BEGIN and END tags. This format is used by all kinds of software, from email clients to NSA backdoors. You can have a single private key (stored securely) and use it in many different applications.
If you want to just use cryptography with Gmail, there is a nice plugin that I am currently using called Mailvelope. For Thunderbird, there is Enigmail. Both of these plugins will generate keys and store them along with the public keys of your recipients. They will also add some kind of encrypt and decrypt button to you email interface.
All these tools will offer you a chance to select a passphrase, this is not related to public key cryptography, it is just there to make sure your private key isn’t stored unprotected on your hard drive. It is an extra layer of security.
Even if you don’t adopt these technologies today, it is good to know about them and to spread the word. We are not powerless.