How-to: Improve your online privacy – level 2 – encrypted email

1. Introduction

In my last “online privacy” article, I looked at how we can improve our privacy while browsing the web. So far, so good. But what about email? As it happens, email is problematic.

Growing from one of the oldest-established internet standards, email has changed very little from its inception. Email content is sent in plain text, just as it was on day one. Attachments are encoded to facilitate transmission, but any old email program can decode them.

Given the widespread use of email, we might wonder that there is no universally-agreed standard for transmitting messages securely. The big problem here is complexity. Email is used by people from all walks of life and all levels of computing ability. For universal acceptance, the barrier to entry must be kept very low (this is one reason why Dropbox is so successful – it’s easy). But security almost always increases complexity and decreases usability. We have options, but they all make email harder to use (even if that might be just slightly).

2. Simple but limited encryption: SecureGmail

SecureGmailI’ve recently come across a pretty simple option for encrypting email. Unfortunately simplicity comes with limitations. SecureGmail is an extension for the Chrome browser that enables encryption of email between Gmail users. So immediately you can see two limitations: firstly, the sender and recipient must both be using Gmail and secondly, they must both be using Chrome. You can’t use this to send a single email securely to all your contacts (unless they all happen to fit those criteria).

Also, SecureGmail does not encrypt attachments – just the text in the email. Still, you could zip the attachment, encrypting it with a password, and include that password in the secure part of the email.

A further limitation is that SecureGmail uses a single key to encrypt and decrypt the message. This differs from PGP encryption, where the sender uses a recipient’s “public key” to encrypt an email and the recipient uses a “private key” (known to no one else) to decrypt the message. PGP gives you a reasonably high degree of certainty that only the recipent can read the message, assuming the private key is kept safe (everything depends on this).

So there are some sacrifices to be made, in order to use SecureGmail. If you can live with that, it’s a great option – because it’s easy. Head over to SecureGmail and follow the instructions there.

3. Robust encryption: Enigmail

If you want to do this right, you have to use something like PGP encryption. I say “something like”, because although PGP is the standard more people have heard of, it is actually less common than the alternative GPG. Oh, and GPG is an implementation of the OpenPGP standard. Confusing, huh? PGP (“Pretty Good Privacy”) is proprietary and not free for commercial use. GPG (“Gnu Privacy Guard”) and OpenPGP were originally intended to provide a free, open source alternative to PGP. In fact GPG is more secure than PGP, since it uses a better encryption algorithm. Because it’s free and more secure than than PGP, I will focus here on GPG. Also, there are many different ways of skinning this cat, so I’ll just point you in a direction that’s free and one of the easiest ways of doing this. Note that the following instructions are for Windows.

3.1 Setting up your Enigmail environment

You’ll need:

Install Thunderbird. When installing Gpg4Win, you don’t need any of the optional extras, but you may install them if you wish. When you get to the “Define trustable root certificates” dialogue, you can select “Root certificate defined or skip configuration” and click “Next”.

If you’re using Firefox as your browser, make sure you right-click and save Enigmail, otherwise Firefox will try to install the extension. All other browsers will normally just download the file.

Run Thunderbird and click the menu (triple horizontal lines icon, top right), then Add-ons. Then click the cog icon (near the search box, top right) and “Install add-on from file”. Locate and install the Enigmail add-on you downloaded previously. You will need to restart Thunderbird to complete the installation. Then, if you’ve not already set up your email account in Thunderbird, do so now.

Add-ons Manager - Mozilla Thunderbird

Go to Thunderbird’s menu –> OpenPGP

Enigmail

–> Key Management

Enigmail_02

In the OpenPGP Key Management window, click Generate –> New Key Pair.

Enigmail_03

Choose and enter a secure passphrase. This should be hard for anyone else to guess. I tend to pick a line from a song. Yes, it takes a while to type, but it’s highly unlikely that anyone will ever crack it through brute force. Bear in mind though that if you forget the phrase, you’re stuck.

Back in the Key Management window, if you check the box “Display All Keys by Default”, you’ll see your new key along with its 8 character identifier.

Enigmail_04

Next click the key, then Keyserver –> Upload Public Keys. This permanently publishes the “public” part of your key (which people use to encrypt messages to you). Accept the default keyserver when prompted.

Enigmail_06

3.2 Key exchange with Enigmail

In order to send and receive emails securely, both you and your correspondent must have a public/private key pair. Whoever you’re writing to, they’ll need to have gone through the steps above (or something similar). Once you’re ready, you need to pass to each other your public keys.

Sometimes this public/private thing confuses people. But it’s pretty easy to remember what to do with each key. Your public key – well that’s public. Give it away as much as you like. There’s no shame in it. 😉 Your private key? Guard it with your life. Hopefully you will have chosen a secure passphrase, which will make it difficult for anyone else to use your private key, but you don’t want to weaken your two-factor authentication at any time (something you have – the private key, and something you know – the passphrase) by letting go of the “something you have” part.

Anyway, you don’t really need to know or understand how this works. Just make sure you and your correspondent have both published your keys to a key server. Next, tell each other your key ids (remember the 8 character code generated with the key?) and/or email addresses. Import a public key like this:

Go to Thunderbird’s menu –> OpenPGP

Enigmail

–> Key Management

Enigmail_02

In the OpenPGP Key Management window, click Keyserver –> Search for Keys.

Enigmail_08

You can search by email address or by key id. If you’re searching by id, it must always start with “0x” (that just indicates that the key is in hexadecimal).

Enigmail_09

You should see your correspondent’s key in the next dialogue. Click “OK” to import it. This places your correspondent’s public key in a data store that is colloquially referred to as your “keyring”.

3.3 Sending encrypted email with Enigmail

You can only send encrypted email to someone whose public key is on your keyring. See the previous step for details. We use the public key to encrypt the contents of the email, meaning that only someone with access to the corresponding private key can decrypt and read the email. This gives you a high degree of certainty that no one other than your correspondent can see your message.

Compose your message in plain text. You can send in HTML, but it’s much harder to encrypt correctly.

Remember that while the contents of the email will be encrypted, the subject will not be. Before sending it, you need to tell Thunderbird to encrypt the email. There are three easy ways of doing this.

  1. Click OpenPGP –> Encrypt Message.
  2. Press Ctrl-Shift-E.
  3. Click the key icon, bottom right.

Enigmail_11

Enigmail will search for the public key that corresponds to your recipient’s address. If you don’t have the correct public key on your keyring (or you’ve typed the address incorrectly or whatever), you will be warned that there was no match.

Enigmail_12

If you’ve forgotten to compose in plain text, you will be warned about the problems of using HTML.

Enigmail_13

I would recommend configuring Thunderbird to use plain text by default, at least for your fellow users of encrypted email. In Account Settings under Composition & Addressing, just uncheck “Compose messages in HTML format”.

When your correspondent receives the encrypted message, it can only be read by using the correspondent’s private key. Until the message has been decrypted, it will look something like this:

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

hQEMA/dOFDapHX5yAQf/YbYJz+vm2AnzWDn08sOP66gVVoCBh/qnbcAcdSYkCTA2
WjuWfV3ZSFVwV+lYyr/VqgcHl607a7KIJEQh251RSQEJmNg56gC/JYNtj9frhaIT
Ay46xhyz2Ebj8EjcvSX+wcUh8Qd/YPMqZDFB/wBNnA48JxkwuxXBU0AFLYw2Osc2
gvUttSZfN/Dn3Mq0fMxqr2s+YZA9qZebfzzjfVIfDWvbtqTFo1HhWKkuCqgPbYQ2
SuinDVtzlQRSTbbygvWVltd7miKsb19hZS9KQRda5XpaaWC3FHrLBeeUf9FvhIIq
kzF53oXv/Tp/fcbnujp5A4cyy8Bkw8RFi6xbQ9Baw4UBCwOnkycIVlt3QQEH+JKi
HB4VqC6i/N8sL7stR063yE0RYcIn18th+zDbZtTt2QlaSyzoCHwDqYo4R8o8VXAo
oe68jO2N9c/FyX7iSzYpKVKW26UL2SaWk0yd40Gae1XoEfHozZ8lmz7c4cO/ionU
81MYqcMdqdIg948OE6if2yb3Cl65p70jOQ/Ep6h9tw33Iu+ukj8r7MCPYRNPxIGh
EvrwktK0Ej1qbDP296i+C6QgJxsV9qDeGbPIs5q54Bni60qnMeSV1ttxit7bOgMF
xCQR3XbwXU1qeLvfWa1sdhqBq0zbEXxWeBT/9Gq3EJ8ca8JXeaTAV4Ry26oHL5Cf
ZrH+kIMrYo6g0Agg2dJ2AYjfvS2bDRoOsvlNoUQj8X+VIlyR9XqiLTnyEeanzL0f
79dH5Rfk0yPURl1pqOT6Dv5ioHyQjtJuF1qt+pO6NSbVwuE9xeoU4KhdmnMAkeIX
y7adNBCKr6zhpElhdkt1kfWDeW0mqyshYU/aetFDbW0l3XzIcQ==
=w5DD
-----END PGP MESSAGE-----

Following decryption, the content of the message will be visible as usual. A padlock icon indicates that this message was encrypted before transmission.

Enigmail_14

3.4 Enigmail – conclusion

So this is all you need, to send and receive email securely. Not even the mighty PRISM can unlock the treasures in your encrypted email. And this solution isn’t merely limited to users of Thunderbird. The Gpg4Win project referred to above has a plugin for Outlook, which covers the vast majority of corporate users.

All is not sweetness and light however. Due to security limitations of browsers, there isn’t really a solution for webmail users. And there aren’t any bulletproof solutions for mobile users. To start with, Apple’s terms of use are incompatible with open source (GPL) software, so GnuPG is automatically excluded. There will probably never be a solution for a non-jailbroken iPhone or iPad.

With Android, you do have some options, using Android Privacy Guard and K-9 Mail. The end user experience is not perfect though and you’re still left with a fundamental problem: you have to put your private key on your mobile device. The private key is the one thing you really don’t want to risk losing, so is this a good idea anyway?

Personally, I would say if the email is so sensitive that you need to encrypt it, you probably should wait to read it, until you have access to your desktop/laptop and your secure email environment. But then that decreases usability of encrypted email, which is the main reason this has not yet gained significant traction.

As you can see, there do remain some technical and social obstacles to overcome before we see encrypted email in widespread use. But as long as you understand its limitations, and if you care about keeping your email private, the GPG/Enigmail proposition is really very compelling.

How-to: Improve your online privacy – level 1 – Tor

[easyreview title=”Complexity rating” icon=”geek” cat1title=”Level of experience required, to follow this how-to.” cat1detail=”Your granny could do it. :-)” cat1rating=”1″ overall=”false”]

Introduction to Tor

It seems that not a day goes by now without reading some news about this or that government’s ability to scrutinise your internet activity. Our very own Dummy blogged about PRISM not so long ago. He concluded that at some level, we probably already suspected our every online move was being tracked. It’s just that we’re now sure of it. The worst that’s happened is we’ve sacrificed the illusion of privacy for the illusion of security, right?

The thing that’s making me distinctly uncomfortable though is that my data seems to be available to foreign powers. I am not a citizen of the U.S., but with vast quantities of my email sat on Google or Microsoft’s servers, it seems that for U.S. intelligence agencies, it’s open season on Geek’s mailbox. Now I can probably wrap my head around that, but what about other governments – governments with poor track records when it comes to human rights and civil liberties? If the U.S. can see my data, why not them too? It’s worrying because I have absolutely no doubt that some of my views would be viewed as offensive and immoral by those states. No names no pack drill, but the feeling is mutual.

Tor logoSo is there anything we can do to reclaim some of our privacy? Turns out that there is. There are a few options in fact. Today I’m going to look at just one such option: boosting your online privacy through the anonymising network, Tor.

Say what now?

Tor used to stand for “The Onion Ring [network]”. Like an onion, Tor provides layers between you and the web sites you’re visiting. Within those layers, your activity is scrambled, redirected and encrypted.

To explain this in simple terms: your web browser sits within the Tor network. All communication within the network is secured. When you browse to a web site, your web traffic is sent to an exit point from the Tor network – any one of several thousand relays – which talks to the internet on your behalf.

Think of it like a middleman who never reveals who he’s working for, but hands messages to and fro. That’s oversimplified, because what actually happens is more like several middlemen between you and the final web site, none of whom know quite who the original “client” is, nor what the message is that the middleman is relaying on behalf of the client. It’s these layers of security and encryption that led to the onion metaphor.

Tor Quick Start

By far the easiest way to get going with Tor is to download the “Browser Bundle”. This includes a specially configured web browser that will send all traffic via the Tor network. Yes, that’s right: Tor cannot magically make all your internet activity private. You have to use tools that know how to make use of the network. The Tor Browser is a version of Firefox that has been configured to use the Tor network. I’m going to assume that you’re using Windows, for the purposes of this tutorial, but there are bundles available for Mac and Linux too.

Download and run the Tor Browser Bundle. Tor isn’t installed as such – you won’t find a link in your Start Menu after this. It extracts all its files wherever you direct and you run it from there. This means that you can put the files (less than 100MB) on a USB thumb drive and take it with you from computer to computer.

Within the “Tor Browser” folder, you’ll find a program called “Start Tor Browser”. When you run that, your system will be initialised to run Tor:

Tor loading

Once you’re connected, the Tor Browser will load:

Tor Browser 1

After that, you can browse the web almost as normal. Web browsing will inevitably be slower than you’re used to; privacy in this case comes with a price. Traversing all those layers of encryption and randomisation takes time, but while you’re waiting for your page to load during that brief delay enjoy the warm sense of anonymised well-being.

Tor Browser 2

Note: web sites will not always function as they do outside the Tor network. This is a by-product of anonymity and safety. See the FAQ to understand some of the issues you may encounter.

Caveats

You need to be aware that Tor is not a panacea. If you wish to prioritise privacy, you may need to change some of your browsing habits. From the Tor’s download page:

Want Tor to really work?

  1. Use the Tor Browser
    Tor does not protect all of your computer’s Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you’re browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.
  2. Don’t enable or install browser plugins
    The Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into the Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy. The lack of plugins means that Youtube videos are blocked by default, but Youtube does provide an experimental opt-in feature (enable it here) that works for some videos.
  3. Use HTTPS versions of websites
    Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, the Tor Browser Bundle includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website.
  4. Don’t open documents downloaded through Tor while online
    The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.
  5. Use bridges and/or find company
    Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you’re using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

Additional point: there’s some anecdotal evidence that using Tor can cause issues for PayPal and eBay.

Bonus: Use Tor with mobile devices

That’s all well and good for desktops and laptops, but what about my phone and my tablet? Good news: you can also use Tor on Android and iOS. For Android, you have the free Orbot, which you can couple with the browser Orweb (also free). You do not need to have rooted your phone to use these, though there are some advantages if you do.

For iOS folks, there’s Onion Browser, which is cheap, but not free.

At the moment, I’m not aware of any Tor packages for BlackBerry or Windows Phone.

Safe browsing

Please remember that no amount of encryption or obfuscation can guarantee your privacy or safety. Nor does it absolve you of moral accountability. Stay safe and keep your nose clean.

News: PRISM scandal – tech giants flatly deny allowing NSA direct access to servers

I read this story with interest. So a highly secretive branch of the American government has been snooping on our emails, messages and calls using a sophisticated bit of software and the big tech giants may be complicit?!? Surely that’s not really a surprise to anyone is it?

It seems there are various disapproving camps forming around this.

First: a band of technophobes, incredulous at the thought that a government organisation would be able to spy on them in this way. I mean come on get real. Yes, conspiracy theory nuts have raved on about this for decades. But we the public, know that phone bugging can be done legally under a warrant; why would we think this has any limit?

The second camp is on a corporate witch hunt. How could Google and Microsoft not have known about this? Or worse, how dare they allow the government to put its sticky paws on our private correspondence?

You’ve seen Will Smith on the silver screen battling shadowy branches of American government ably assisted by Gene Hackman, a master of tech surveillance. It transpires that this shadowy branch has gone rogue and is targeting innocent members of the public. Is there anything unbelievable about this? The fact that the technology exists to allow this surveillance or that a government organisation can go rogue? (Or worse, conduct the surveillance without legal approval but with state support.)

It may sound like science fiction but the technology exists. Once that’s accepted I have my own view on its existence and use. A government organisation going rogue? The conspiracy theorists will be screaming at me but it is pretty implausible in this age of information and accountability.

For a start, why think that what you are saying and doing online is so interesting to the NSA? Let’s take that thought a stage further: if you are saying something that interests the NSA, I’d suggest I want you to be secretly monitored by them.

I know this will be at odds with many of you technically savvy people in this brave new I.T. world but I personally feel that I am willing to sacrifice a little bit of privacy for the greater good. I mean how do you think the security services in the UK foil terrorist attacks and keep us safe in our beds? Information and the control of it is the secret war no one likes to tell us about.

But do you know what, when I stand back and look at this again from a more suspicious angle I find myself asking a number of left-field questions that make me doubt the whole story.

If this technology does exist and is being used, why would an organisation like the NSA (arguably the most secure organisation in the world) allow the Guardian to learn of its existence and so make it redundant. I mean, any self-respecting terrorist would read this and not use the internet again, right? Lets remember the information regarding its existence was anonymously leaked and the online message boards are already full of anti-American rhetoric raving about Prism and civil liberties.

Whether the technology exists or not, don’t expect the Googles of this world to admit they let the NSA trawl through their servers. I guess I may be in the minority in not caring if they did. But if they stood up and said, ‘Yeah we share your data with the NSA,’ I think the shareholders would be none too pleased.

We know Google already mines internet usage to target users with appropriate adverts. For example, if I insert an advert from Google’s AdSense below this paragraph you should see adverts popping up relevant to things you searched or shopped for recently. Shame on you if Tracy, a single and very friendly lady is offering to visit!! 😉

This is all feels a bit like PR spin to me. On one hand I think we all know our internet usage is being monitored in some way by someone. I’m ambivalent to that fact. It being drawn to the public’s attention in this way has the smack of an opposition group attempting to stir up ill will against ‘Big Brother’.

On the flip side, come on tech giants, don’t treat us like fools. You obviously mine our data for your own purposes and as it suits you. Its not a huge leap to assume you’d allow selected organisations to do the same for the “greater good”.

So a sensational headline but really, is any of it big news or really that shocking or are we all just kidding ourselves about our personal internet privacy?

(Hint: we’re kidding ourselves. But don’t worry – Geek is here to help improve our online privacy: read on.)