Taking on the Challenge – How to Encrypt Everything
In the information age, it stands to reason that the most precious thing is information itself. However, it’s not top secret government secrets that everyone is gunning for. It’s regular people like you who are high up on the hit list when it comes to data theft.
If you think about all the sensitive information you have on your computer, you probably wouldn’t want it getting into the hands of someone who wanted to exploit or hurt you. When you buy something off Amazon, it would be a disaster if someone could intercept your credit card details.
Thankfully we have powerful encryption technology that makes the web very secure. Enabling communication and commerce application to work with little chance of compromise. That doesn’t mean everything you do on the web is automatically protected. Far from it! You have to take responsibility. Ensure that your activities are kept private. This means using the right technology. To ignore the threats to our privacy that come from the web is to give up your fundamental right to privacy effectively. Here's how you can take it back by encrypting everything that matters in your daily digital life.
Text Message Encryption
Image courtesy of The Independent
It’s funny. Modern telephones are used more often to send text messages than actual voice calls these days. It’s convenient and cheap. SMS communication isn’t all that popular anymore, which is a good thing considering that SMS messages aren’t all that secure.
Instead, people have taken to various messaging applications that connect them to each other. While you can’t manually encrypt these apps, you can make sure that you only use messenger app that has the robust levels of encryption.
For example, WhatsApp now uses end-to-end encryption, which means not even the company itself can spy on the contents of your message.
Another highly-regarded encrypted text message app is Signal. Thanks to its Open Source nature there is no way for the signal to have an encryption back door. It’s been audited extensively. Documents provided by Wikileaks show that the CIA still has no way to crack it.
Are you an iOS user sending messages to other iPhone users using iMessage? Then you’re also protected by text message encryption, to the extent that you can trust Apple. The company has in the past clearly declined to help the US government defeat their device encryption. So, for now, it’s not a terrible choice.
Just keep in mind that the person you are speaking to might not always be who you think. Apps like Signal have built-in countermeasures to combat impersonation, but you might want to agree to some way of verifying the other person’s identity unique to just the two of you. Even if you know the person on the other end, be sure that they can be trusted with the things that they tell you. Encryption isn’t going to stop a blabbermouth.
VOIP & Video
Image Courtesy of Skype
Right now I imagine many of the world’s law enforcement and intelligence agencies are pretty frustrated. All thanks to the state of telephonics. In the good old days, it was simplicity itself to perform a wiretap on a telephone line and make wonderful recordings of calls for evidence.
Since the signal was a plain analog wave in a copper line, it didn’t take much effort to have all the info you wanted. These days people are using voice-over-ip and digital video conferencing.
Applications like Skype, Whatsapp, and Signal, provide encryption so that others can’t spy on your conversation. That’s great, but end-to-end encryption is even better of course. Since, once again, the companies themselves can’t spy on you then.
WhatsApp, Signal and Apple Facetime do have end-to-end encryption. However, Signal is the only one that guarantees not to collect any metadata. That is, data about the call such as the time it took place and how long you were speaking for. That might not seem like a big deal. However, these are bits of information that can be correlated with other facts to establish your identities.
Signal is only good for securely talking to one other person, but thankfully there’s an alternative known as Wire, which does allow for secured group calls.
Storage
In every computing device that you own, there is some sort of storage hardware. It can be a spinning mechanical hard drive, a solid state disk or something more exotic like a RAM disk. It doesn't even matter if your data is stored as markings on a stone tablet. If the data is at rest somewhere, it's in danger of being compromised.
What would happen if someone stole the hard drive out of your computer? What would they find? Would you be happy letting it all hang out? I’m guessing the answer would be no. Even if you have nothing to hide, this sort of violation is painful.
Which is why you should seriously consider encrypting your laptop or PC hard drive to prevent your information getting into the wrong hands.
You have two main choices to make in this case. Do you want to encrypt your entire drive or only the information that you would consider sensitive?
Full Disk Encryption
Full disk encryption is the most comprehensive security measure you can take. It means you don’t have to decide what matters and what doesn’t. It covers everything! That sounds like the best plan automatically, but the truth is that nothing comes for free. Encryption adds some overhead to your computer and also means that if you ever lose your encryption key or password, you will lose everything on the disk.
Tools like BitLocker and Veracrypt are commonly used to perform full disk encryption. Just keep in mind that BitLocker, although included with Windows 10, needs a hardware component known as a TPM.
Ad Hoc File Encryption
The alternative is to only encrypt specific files or folders on your computer. This means that the encryption overhead is only present when accessing those files. Additionally, if you lose the password, it’s only those specific file that you’ve lost access to.
There are various applications that can encrypt specific files and folders. However, we can turn back to a tool like VeraCrypt, which can also create an encrypted container. When you put something into that container, it has the full protection of that encryption system.
You can check out my full guide on file encryption for more detailed guidance and info.
Cloud Storage
Cloud-based storage has provided us with a whole new way of working and handling data. When was the last time you had to carry data on a disk or flash drive physically? Thanks to services like Google Drive and Dropbox you don’t have to worry about moving information between your devices. You can also share and collaborate efficiently with virtually anyone.
It’s a great technology, but all this convenience comes with a price. First of all, even with strong passwords and two-factor authentication, you could still get hacked. By putting your information on a third-party web service, you also paint a target on it.
Even worse, Dropbox, Google, and other similar providers can look into your files easily. By scanning the contents of your files, they can provide fast search functions and better help organize and optimize your storage. At the same time it means that, in principle, none of the files you upload are confidential. At least not when it comes to the host. For their part, all of these companies promise confidentiality. They say that indexing software will only analyze your files. However, there is no technical roadblock to them doing it anyway.
If you are not comfortable with cloud providers being able to look into your files, but still want the benefits of cloud storage, then encryption comes to the rescue again.
What we want is to achieve something called “zero-knowledge” encryption. Where the cloud service has no idea what it’s protecting.
One way is to use the same file and folder encryption tools I discussed under local storage encryption. The most elegant solution is to use a cloud service that’s zero-knowledge, to begin with. You can Google for the handful that is out there. Unfortunately, none of them offer the sorts of features the commercial giants do. You can use a service like BoxCryptor alongside services like DropBox to get the best of both worlds.
Your Phone or Tablet
Almost all of us have a smartphone, tablet or both these days. The latest generation of mobile devices is more powerful than the supercomputers of three decades ago. They are more powerful than some desktop computers from just fifteen years ago. It’s a true marvel of computer technology.
So useful have these devices become that for many people they are the main information tool in daily life. Photos, recordings, messages and every other type of personal information are nestled in these little mobile computers everyone carries around with them.
Which is why full-disk encryption for mobile devices is much more important than it is for non-mobile devices. Phones get stolen all the time. If they detain you for any reason, your phone is one of the first things they will confiscate. By encrypting your device, you make it virtually impossible for anything that might be stored on your phone to be used against you.
The good news is that most high-end Android phones are encrypted by default. As long as you set a strong password or passcode, your phone will be encrypted. If you have an Android phone that doesn’t have encryption enabled by default, then you will have to activate it manually.
Manual Android Encryption
There are some things you need to consider if this is the case:
- You will have to unroot your phone before encrypting it.
- Encryption can take an exceptionally long time, especially if you have a midrange or low-end phone.
- Overhead causes a performance hit. This is more pronounced on lower-end hardware
- Your battery must be more than 80% charged and has to be plugged in. This is because any sort of power failure during the process can permanently trash your data.
On Android phones where you have to encrypt manually, you’ll find the settings under Security>Encryption>Encrypt Phone or something very similar. Unfortunately, the diversity of Android interfaces means there is no universal instruction.
When it comes to modern iOS devices, you don’t have to worry about enabling encryption explicitly. You do however need to set a strong passcode for the encryption to mean anything. Incidents in the past have shown that government agencies have been unable to crack the iOS encryption. Apple has also completely refused to help them in their efforts.
One important thing to note is that biometric passcodes are a liability. If your phone, Android or iOS, can be unlocked with a fingerprint or face then it doesn’t matter if you withhold your passcode. They can simply place your finger on the phone. There have even been reports of police doing this with the fingerprints of the deceased!
Emails
Email is one of the most common and oldest forms of messaging on the internet. Email is not designed for security. You need to ensure your email communication is protected. The best way to do this is through encryption. Otherwise, you could risk confidential info leaking into the wrong hands.
If you are using modern web-based mail like Gmail, then you already enjoy the benefits of encryption. That is, as long as the person you are sending the message to is also using a secured service.
If you are still using a mail client like outlook, you can set up encryption manually. It's a rather involved process which included registering for public encryption keys, but it's not that hard if you know what to do.
Email encryption is a rather broad topic, so it's a good thing I already wrote a pretty comprehensive email encryption guide to take you through the finer details.
Websites
Image Courtesy of Escape Digital
When you visit a website, you are also sharing information with that website. If the transfer of information between you and that site is not encrypted. Anyone who wants to watch can intercept it all.
The good news? Most websites these days use encryption. They use the HTTPS encryption standard. If the site’s address starts with “https://” then it is presumably secured. Not that you have to look. The latest version of Google Chrome will give you a big warning about any sites that don’t have https encryption installed. Other browsers will either show a little-closed padlock to indicate that all is well or an open padlock to show that the connection is insecure.
Not that many sites are still just regular old HTTP anymore. However, if you do need to visit such sites, you should use something like the HTTPS Everywhere plugin to secure communications.
Your Internet Connection
Whenever you connect to the internet and begin to do things like visit sites or download files, you are exposing yourself to everyone else connected to that same network. At least in principle. Most importantly remember the truth about your privacy. Your service provider is watching you. Perhaps the government. Heck, just about every other computer system your data packets pass through.
Luckily there’s an easy and affordable fix. It ensures that absolutely everything that passes through your internet connection is secured. All you have to do is make use of a VPN or virtual private network.
The Encoded Life
Encrypting all your information channels requires a change in your attitude towards your personal data security has to happen. Although the technicalities of implementing encryption have become super-simple these days, it still represents a minor level of inconvenience. When you decide that you have to encrypt everything, then those small inconveniences can add up quickly.
The benefits are however undeniable. The world has turned into a dangerous place when it comes to people using your own information against you. One day everything is fine. The next, your identity or money has been stolen. Then it all starts to fall apart. The right to privacy only means something if you actively exercise it.