Alexei Boronine's blog, resume & projects.

You Are Responsible For Your Privacy

I keep on hearing this defeatist tone when I talk to people about privacy in the internet age. "Privacy is dead". I am ashamed to be guilty of this attitude myself. Ashamed, because in reality, privacy is not dead, it’s just a responsibility we’ve been neglecting. Privacy is not a right, it is a responsibility, your responsibility.

If you are genuinely worried about the fact that the western world is under mass surveillance, take action. When we choose to do nothing, it is still a choice, as none of us can claim ignorance to the fact that each time we send an email, it gets added to our personal file, as well as the personal file of our recipient. Carrying on as if nothing is happening is voluntary surrender. If that is the choice you make, you have no right to the freedom you demand.

Here are the tools at your disposal:

Anonymity Networks

The first technology I want to mention is anonymity networks. The biggest one is called Tor, another interesting one is I2P. You connect to the network with your computer, then use the internet through the network. The network routes your internet data, passing it from one computer to another. By the time the data reaches its destination, no one knows where it came from, but the server can still send a response back to you. Behold, an anonymized connection.

This network can also be used to host secret sites.

Using it is dead simple, just download the Tor Browser Bundle. Give it a try!

SSL

The green lock in your browser address bar means that your communication with the website is encrypted, visible only to you and the website. When the data is not encrypted, it is visible to anyone who cares to look. On the other hand, just because the data is encrypted, it doesn’t mean that it’s safe. The website can be selling it to other companies or giving it to the government. They have complete control over it.

Public-key Cryptography

You might imagine an encryption algorithm where you use the same password to encrypt and to decrypt a message. Well, these algorithms have their place, but for communication you need asymmetric keys, meaning one key to encrypt (public key) and another key to decrypt (private key). These keys are essentially two mathematically-related numbers that are generated by a computer.

Your public key is shared openly. Anyone can use it to encrypt a message that will only be readable by the owner of the private key — you. For people to have a two-way conversation they need to exchange their public keys. Having my public key, you can send me secrets, but I can’t reply until I have your public key.

While we’re at it, here is my active public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQENBFGznqUBCADkia6ZoTnndju4ZcTvNLBwXKyfw2shcfMWLRs9TTagZxwnl/XR
Fcy9PptwqtfVz1/aJZhgT17GWVyxgB7P3MvfFfzOIazJVvv4LfsS3UlIGGQq1o7c
ttCwHl1BeW0GepGy+7CiuiWPNFF0RGQMhwh+0dm8fDWX0Su477hg2wkLFaUI990l
O7SDSXLgDph6ZnFjP6s7FwjUq9pc4IC8716SGX1ZIlBueWLlM9lX1+fsVeTqtiSj
3RAIY27Tfxr5Bo3laT42+us5BpXgkbPU7XOqujH0nWPUWT9uYXhNMm8+WseDvutd
T/ibmoFBLMVDWQPjo+/7QVQvQCgkNvlKN6ahABEBAAG0K0FsZXhlaSBCb3Jvbmlu
ZSA8YWxleGVpLmJvcm9uaW5lQGdtYWlsLmNvbT6JAT4EEwECACgFAlGznqUCGyMF
CQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMIpf3jZ8/4dgQEH/iDR
ykR/OXjX/t4hBZ1Ty8z9y1G7eIMWK01R7kAgpcLDvCVANgH4WD7CgIuL43FwSR/v
s5X6yJvAmYh88lmJiAQf1+3Ri0mD7gzeDBeXDVY0RyHm8w8svLim2JdvcuVf+LZ5
aOuLvr4+yNV2piEtGGrR76tOuie35e5IDnk+Pn90eOtgonznVZZ29m27r6W3xoAl
sYIp5jRjlU9f2bV0jfR4Xn97SSc1UyQwXn4lGs8vYdgYXazH68eds/3MfbymmT+L
ypIS+YxRcIh8+xbVu2lsVVQb/iPoreMZNbSFcp9RkkDcAHKUnixkOACNQRnUi/82
YDNpiEOVwS57na1kdN25AQ0EUbOepQEIAJ7ycfnWMx0XaMRid+K9CXpCss9pRE97
tp9ZLURCfq52lFB62XizraPH09gwkPu254blby4tMpP3qqH/NqggEtgRoCy99jeX
qEvJAHiGCpxcznYUsxk9w/UyWPP7k08gzUsc/Ed+Bn2FI8Ke7NeIPKgulDwz+sw7
VOjVMr8jHnybQdl/mjQzuYToTs+1Eq6b6lNd+evDong4hD1wqeYzE5MU1WP8vVGU
C14v9LZqOthizMlYWyVE23IWSoDhqYV16+woPhhLiEo4fsx/HqE0HdZgT/8TTTDo
MqQW+IR9wdSjDB2ivyhR79TjnpDJc2FBGN5a3M0yozewxOQeJ//eBl0AEQEAAYkB
JQQYAQIADwUCUbOepQIbDAUJCWYBgAAKCRDCKX942fP+HT2EB/kBuNrxpSE17Bng
yvkLHGipG3sZIPlh3g//TLZCuK05bhvULJ5dRP8W8hfTq++4Hn3N4vx7scsgTy/7
7fN9Wv39Ep81iS4mtpJklhknOp5eXSzrhikEg96k3YQ/On/yHn/txSM8f3mcqHuh
lgvfkw0P6O0qytJMuVPcFHKnIHgzSbIIkT/Ml1AIPsskBue9YoNyVnSIquvq2Zq+
urvW7JzdrfryXqItnpJ6D22GFFo7b33TYRRnISyhzE2ADwB0xsiCujzIrr1fjaZ7
G5X1MOSTAE9h9Bc9M3n8oLpBHiPGigAptJUAP0udj2+RVdfKk3XRb6pdcUdOzXxL
/+eZ6jKM
=d82S
-----END PGP PUBLIC KEY BLOCK-----

This is the standard format for PGP keys, including the BEGIN and END tags. This format is used by all kinds of software, from email clients to NSA backdoors. You can have a single private key (stored securely) and use it in many different applications.

If you want to just use cryptography with Gmail, there is a nice plugin that I am currently using called Mailvelope. For Thunderbird, there is Enigmail. Both of these plugins will generate keys and store them along with the public keys of your recipients. They will also add some kind of encrypt and decrypt button to you email interface.

All these tools will offer you a chance to select a passphrase, this is not related to public key cryptography, it is just there to make sure your private key isn’t stored unprotected on your hard drive. It is an extra layer of security.

Even if you don’t adopt these technologies today, it is good to know about them and to spread the word. We are not powerless.