The documents leaked by NSA whistleblower Edward Snowden illustrated the startling reach of the world’s largest intelligence agencies. We learned that the agencies collaborated with technology companies to make it easier to spy on the public.
It’s no longer safe to assume anything about the security of your data – except that you’re not the only one who has access to it. Whether or not you’re on their radar, your activity may be indiscriminately sucked up by intelligence services, who have made it their right to know what you know.
One consequence is that average users are increasingly turning to open-source privacy tools. Much more transparent and often independently audited, they can’t be subverted as easily as a proprietary tool, making them the best means of retaining privacy in your online activities.
Encryption
We know the NSA and GCHQ have collaborated with technology companies to install backdoors into security products, so it’s reasonably safe to assume proprietary encryption solutions are compromised.
That means no more BitLocker, even though it’s highly convenient as it comes with some versions of Windows. Instead, we recommend you use the open-source TrueCrypt to encrypt your data.
It’s a powerful tool, offering volume-, partition- and drive encryption, plus the ability to set up hidden volumes or an entire OS. If you’re compelled to reveal your main encryption password for whatever reason, a hidden volume will remain safely encrypted and undetectable inside the visible volume. Think of it as a saferoom within a saferoom.
Download TrueCrypt from truecrypt.org and install it on your PC. To set up an encrypted area in which to store your most important files, first launch TrueCrypt, then click Create Volume and choose ‘Create an encrypted file container’.
You’ll be offered the option of making a hidden volume, but these must be created inside an existing volume, so choose Standard.
Click Select File and choose a location and a file name for your TrueCrypt container (don’t use an existing file name or it will be overwritten by the container). Choose your encryption and hash algorithm – novices can safely stick to the defaults – then choose the size of your container and a strong password. When prompted, randomly move your mouse around the TrueCrypt window for at least 30 seconds – the longer you move, the stronger the encryption.
To access your container, open TrueCrypt, choose any spare drive letter, select your container file from the Volume drop-down menu, then click Mount. Enter your password and the volume will appear in Windows Explorer. Drag a file on to this and it will be automatically encrypted and added to the container; open an encrypted file and it will temporarily be decrypted in your PC’s RAM. When you’re done with your container, just click Dismount and it will disappear.
There’s lots more you can do from there. You could create a hidden volume inside your standard volume, and you can encrypt a partition or OS using similar steps to creating a container. It’s all well documented both in the software and on the TrueCrypt website.
Web browsing
Tor is a free and open virtual network that bounces communications around the world to prevent sites from learning your physical location. It forms the basis of a range of security applications, the most common of which is the increasingly popular Tor browser. It’s based on a modified Firefox release, and if you follow some simple precautions it will grant you a level of anonymity online.
To set it up, go to torproject.org and download the Tor Browser Bundle. Run the downloaded file, choose an extraction location, then open the folder and click ‘Start Tor Browser’. The Vidalia Control Panel will automatically handle the randomised network setup and, when Tor is ready, the browser will open; close it to disconnect from the network.
It won’t be browsing as usual, as the Tor browser is necessarily stripped of many of Firefox’s modern trimmings. Plug-ins, such as Flash and QuickTime, are by default blocked as they can reveal your non-Tor IP address, as can opening any downloaded document that’s handled by an external application such as Word. The makers strongly advise against using BitTorrent over Tor, too.
Don’t go switching to Chrome, though: Tor is not protecting your PC’s internet traffic, only the traffic that goes via the Tor Browser, so it’s no good just having Tor running in the background.
Because of these restrictions, not to mention the reduced speed of browsing as data flies around the world en route to your PC, it’s not practical to use Tor for everything online. It’s fine to keep using your current browser for everyday online activities – if you want things a bit more private, search with DuckDuckGo.com rather than Google – but try to at least get into the habit of switching to Tor when it’s time to do your banking, shopping or any other sensitive tasks.
Messaging
Public key cryptography is no longer only for IT experts, as more and more people are using tools such as OpenPGP to keep their communications private.
In very simple terms, with PGP you generate two unique keys. Your public key is what you give to others, and they can use it to encrypt any messages meant for your attention. Your private key is what you keep secret and safe, as it works in conjunction with your public key to unlock those messages when they arrive. The public key alone can never decrypt a message, which means you’re safe to hand it out even to people you’ve never met.
The most popular implementation of OpenPGP is the free GnuPG (gnupg.org). Unless you’re skilled with the command line, scroll down to the Binaries section on the Downloads page to find the special setup files for each OS. Note that both sender and recipient need the software installed.
For Windows that’s Gpg4win, a suite that contains GnuPG plus a few other useful tools and extensions, as well as a PDF of the excellent ‘Gpg4win Compendium’. The ‘For Novices’ chapter is a great place to start learning about PGP.
Gpg4win includes everything you need: there are plug-ins for Outlook 2003 and 2007, and a standalone email client called Claws Mail that works with the keys you generate in Kleopatra.
To generate your own pair of keys, run Kleopatra (it’s installed with Gpg4win), then click File, New Certificate. Choose the first option that pops up, enter your name and email address, then click Create Key. Your chosen passphrase is important, as it determines the strength of your encryption; try to use a phrase at least four- or five-words long, but be sure you’ll remember it. Back up your newly created key pair, then Export the certificate to your PC. Opening that file will give you your public key in text form.
That’s the very basic setup, but there’s an awful lot more to it. The Gpg4win Compendium document has walkthroughs for everything, so the best thing you can do is work through the examples until you’re confident enough to start using OpenPGP with your friends, relatives and colleagues.
One area of messaging that Gpg4win doesn’t cover is instant messaging. Skype uses industry-standard encryption to keep private your conversations. However, if you don’t want to put your trust in a mainstream app, you might like to try Off-the-record (otr.cypherpunks.ca). This encryption toolkit works with the Pidgin IM client (pidgin.im).
Disk cleaning
The final tool in your privacy arsenal is a vital one: a good disk cleaner. BleachBit is a simple piece of software that can shred files to prevent recovery, and overwrite free disk space to hide traces of old files. It also automatically hunts down and deletes unnecessary files on your hard disk, from caches and cookies to the temporary folders of thousands of applications.
Head to bleachbit.sourceforge.net to download and install the software. The interface will show you any supported applications installed on your PC on the left, along with information on what will be deleted for each on the right. Just tick what you want to clean, leave anything you’re unsure of, and click Preview to see how much room you’ll free up. Then tap Clean.
The extra privacy tools are all in the File menu. Shred Files and Shred Folders will delete and overwrite your selected data. Wipe Free Space will go through a drive or partition and overwrite files previously deleted by any software, so they can’t be easily recovered. After doing this, BleachBit will also attempt to wipe metadata about those files by filling Windows’ Master File Table.
Tails
If you want a bit of everything we’ve covered in one package, try Tails. It’s a live Debian-based OS that you can run on any PC from a DVD or USB drive. As it uses only the host system’s RAM, it leaves no trace when you switch off and disconnect. You can rock up at an internet café or use the PC in your hotel lobby without worrying about viruses and spyware on the host OS, and you can also use Tails to circumvent regional locks and censorship. Bear in mind, though, that you must boot it from a disc or external drive.
Download the Tails ISO image from tails.boum.org and follow the instructions to verify the image. To install it on a USB drive, first go to pendrivelinux.com to download and run the Universal USB Installer. Choose Tails from its drop-down list and click Browse to select your downloaded ISO image, then select the drive letter of your USB stick. Finally, click Create to build a bootable Tails OS drive.
Tails includes a range of tools, all of which are preconfigured to connect to the internet through the Tor network – it blocks any attempts by applications to directly access the internet.
Conversion Conversion Emoticon Emoticon