Surveillance
Self-Defense

Online security veteran?

  • Online security veteran?

    Advanced guides to enhance your surveillance self-defense skill set.

    Congratulations! You've already taken steps to improve the safety of your online communications. Now you want to take it to the next level, and with this playlist, you can. You'll learn how to understand threats, verify the identity of the person you're communicating with, and add some new tools to your repertoire.

  • Assessing Your Risks

    Trying to protect all your data from everyone all the time is impractical and exhausting. But, do not fear! Security is a process, and through thoughtful planning, you can assess what’s right for you. Security isn’t about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.

    In computer security, a threat is a potential event that could undermine your efforts to defend your data. You can counter the threats you face by determining what you need to protect and from whom you need to protect it. This process is called “threat modeling.”

    This guide will teach you how to threat model, or how to assess your risks for your digital information and how to determine what solutions are best for you.

    What might threat modeling look like? Let’s say you want to keep your house and possessions safe, here are a few questions you might ask:

    What do I have inside my home that is worth protecting?

    • Assets could include: jewelry, electronics, financial documents, passports, or photos

    Who do I want to protect it from?

    • Adversaries could include: burglars, roommates, or guests

    How likely is it that I will need to protect it?

    • Does my neighborhood have a history of burglaries? How trustworthy are my roommates/guests? What are the capabilities of my adversaries? What are the risks I should consider?

    How bad are the consequences if I fail?

    • Do I have anything in my house that I cannot replace? Do I have the time or money to replace these things? Do I have insurance that covers goods stolen from my home?

    How much trouble am I willing to go through to prevent these consequences?

    • Am I willing to buy a safe for sensitive documents? Can I afford to buy a high-quality lock? Do I have time to open a security box at my local bank and keep my valuables there?

    Once you have asked yourself these questions, you are in a position to assess what measures to take. If your possessions are valuable, but the risk of a break-in is low, then you may not want to invest too much money in a lock. But, if the risk is high, you’ll want to get the best lock on the market, and consider adding a security system.

    Building a threat model will help you to understand threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.

    What is threat modeling and where do I start?

    Threat modeling helps you identify threats to the things you value and determine from whom you need to protect them. When building a threat model, answer these five questions:

    1. What do I want to protect?
    2. Who do I want to protect it from?
    3. How bad are the consequences if I fail?
    4. How likely is it that I will need to protect it?
    5. How much trouble am I willing to go through to try to prevent potential consequences?

    Let’s take a closer look at each of these questions.

    What do I want to protect?

    An “asset” is something you value and want to protect. In the context of digital security, an asset is usually some kind of information. For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices may also be assets.

    Make a list of your assets: data that you keep, where it’s kept, who has access to it, and what stops others from accessing it.

    Who do I want to protect it from?

    To answer this question, it’s important to identify who might want to target you or your information. A person or entity that poses a threat to your assets is an “adversary.” Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.

    Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.

    Depending on who your adversaries are, under some circumstances this list might be something you want to destroy after you’re done threat modeling.

    How bad are the consequences if I fail?

    There are many ways that an adversary can threaten your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.

    The motives of adversaries differ widely, as do their attacks. A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.

    Threat modeling involves understanding how bad the consequences could be if an adversary successfully attacks one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records and thus has the capability to use that data against you. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.

    Write down what your adversary might want to do with your private data.

    How likely is it that I will need to protect it?

    Risk is the likelihood that a particular threat against a particular asset will actually occur. It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.

    It is important to distinguish between threats and risks. While a threat is a bad thing that can happen, risk is the likelihood that the threat will occur. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).

    Conducting a risk analysis is both a personal and a subjective process; not everyone has the same priorities or views threats in the same way. Many people find certain threats unacceptable no matter what the risk, because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem.

    Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.

    How much trouble am I willing to go through to try to prevent potential consequences?

    Answering this question requires conducting the risk analysis. Not everyone has the same priorities or views threats in the same way.

    For example, an attorney representing a client in a national security case would probably be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.

    Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.

    Threat modeling as a regular practice

    Keep in mind your threat model can change as your situation changes. Thus, conducting frequent threat modeling assessments is good practice.

    Create your own threat model based on your own unique situation. Then mark your calendar for a date in the future. This will prompt you to review your threat model and check back in to assess whether it’s still relevant to your situation.

    Last reviewed: 
    9-7-2017
  • Choosing Your Tools

    With so many companies and websites offering tools geared towards helping individuals improve their own digital security, how do you choose the tools that are right for you?

    We don’t have a foolproof list of tools that can defend you (though you can see some common choices in our Tool Guides). But if you have a good idea of what you are trying to protect, and who you are trying to protect it from, this guide can help you choose the appropriate tools using some basic guidelines.

    Remember, security isn't about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats. Check out our Assessing your Risks guide for more information.

    Security is a Process, not a Purchase

    The first thing to remember before changing the software you use or buying new tools is that no tool or piece of software will give you absolute protection from surveillance in all circumstances. Therefore, it’s important to think about your digital security practices holistically. For example, if you use secure tools on your phone, but don’t put a password on your computer, the tools on your phone might not help you much. If someone wants to find out information about you, they will choose the easiest way to obtain that information, not the hardest.

    Secondly, it’s impossible to protect against every kind of trick or attacker, so you should concentrate on which people might want your data, what they might want from it, and how they might get it. If your biggest threat is physical surveillance from a private investigator with no access to internet surveillance tools, you don't need to buy some expensive encrypted phone system that claims to be "NSA-proof." Alternatively, if you face a government that regularly jails dissidents because they use encryption tools, it may make sense to use simpler tactics—like arranging a set of harmless-sounding, pre-arranged codes to convey messages—rather than risk leaving evidence that you use encryption software on your laptop. Coming up with a set of possible attacks you plan to protect against is called threat modeling.

    Given all that, here are some questions you can ask about a tool before downloading, purchasing, or using it.

    How Transparent is it?

    There's a strong belief among security researchers that openness and transparency leads to more secure tools.

    Much of the software the digital security community uses and recommends is open-source. This means the code that defines how it works is publicly available for others to examine, modify, and share. By being transparent about how their program works, the creators of these tools invite others to look for security flaws and help improve the program.

    Open-source software provides the opportunity for better security, but does not guarantee it. The open source advantage relies, in part, on a community of technologists actually checking the code, which, for small projects (and even for popular, complex ones), may be hard to achieve.

    When considering a tool, see if its source code is available and whether it has an independent security audit to confirm the quality of its security. At the very least, software or hardware should have a detailed technical explanation of how it functions for other experts to inspect.

    How Clear are its Creators About its Advantages and Disadvantages?

    No software or hardware is entirely secure. Seek out tools with creators or sellers who are honest about the limitations of their product.

    Blanket statements that say that the code is “military-grade” or “NSA-proof” are red flags. These statements indicate that the creators are overconfident or unwilling to consider the possible failings in their product.

    Because attackers are always trying to discover new ways to break the security of tools, software and hardware needs to be updated to fix vulnerabilities. It can be a serious problem if the creators are unwilling to do this, either because they fear bad publicity or because they have not built the infrastructure to do so. Look for creators who are willing to make these updates, and who are honest and clear about why they are doing so.

    A good indicator of how toolmakers will behave in the future is their past activity. If the tool's website lists previous issues and links to regular updates and information—like specifically how long it has been since the software was last updated—you can be more confident that they will continue to provide this service in the future.

    What Happens if the Creators are Compromised?

    When security toolmakers build software and hardware, they (just like you) must have a clear threat model. The best creators explicitly describe what kind of adversaries they can protect you from in their documentation.

    But there's one attacker that many manufacturers do not want to think about: themselves! What if they are compromised or decide to attack their own users? For instance, a court or government may compel a company to hand over personal data or create a “backdoor” that will remove all the protections their tool offers. So consider the jurisdiction(s) where the creators are based. If you’re worried about protecting yourself from the government of Iran, for example, a US-based company will be able to resist Iranian court orders, even if it must comply with US orders.

    Even if a creator is able to resist government pressure, an attacker may attempt to break into the toolmakers' own systems in order to attack its customers.

    The most resilient tools are those that consider this as a possible attack and are designed to defend against this. Look for language that asserts that a creator cannot access private data, rather than promises that a creator will not. Look for institutions with a reputation for fighting court orders for personal data.

    Has it Been Recalled or Criticized Online?

    Companies selling products and enthusiasts advertising their latest software can be misled, be misleading, or even outright lie. A product that was originally secure might have terrible flaws in the future. Make sure you stay well-informed on the latest news about the tools that you use.

    It's a lot of work for one person to keep up with the latest news about a tool. If you have colleagues who use a particular product or service, work with them to stay informed.

    Which Phone Should I Buy? Which Computer?

    Security trainers are often asked: “Should I buy Android or an iPhone?” or “Should I use a PC or a Mac?” or “What operating system should I use?” There are no simple answers to these questions. The relative safety of software and devices is constantly shifting as new flaws are discovered and old bugs are fixed. Companies may compete with each other to provide you with better security, or they may all be under pressure from governments to weaken that security.

    Some general advice is almost always true, however. When you buy a device or an operating system, keep it up-to-date with software updates. Updates will often fix security problems in older code that attacks can exploit. Note that some older phones and operating systems may no longer be supported, even for security updates. In particular, Microsoft has made it clear that versions of Windows Vista, XP, and below will not receive fixes for even severe security problems. This means that if you use these, you cannot expect them to be secure from attackers. The same is true for OS X before 10.11 or El Capitan.

    Now that you’ve considered the threats you face, and know what to look for in a digital security tool, you can more confidently choose tools that are most appropriate for your unique situation.

    Products Mentioned in Surveillance Self-Defense

    We try to ensure that the software and hardware mentioned in SSD complies with the criteria listed above. We have made a good faith effort to only list products that:

    • have a solid grounding in what we currently know about digital security,
    • are generally transparent about their operation (and their failings),
    • have defenses against the possibility that the creators themselves will be compromised, and
    • are currently maintained, with a large and technically-knowledgeable user base.

    We believe that they have, at the time of writing, a wide audience who is examining them for flaws, and would raise concerns to the public quickly. Please understand that we do not have the resources to examine or make independent assurances about their security. We do not endorse these products and cannot guarantee complete security.

    Last reviewed: 
    10-29-2018
  • Key Verification

    When encryption is used properly, your communications or information should only be readable by you and the person or people you’re communicating with. End-to-end encryption protects your data from surveillance by third parties, but if you’re unsure about the identity of the person you’re talking to, its usefulness is limited. That’s where key verification comes in. By verifying public keys, you and the person with whom you’re communicating add another layer of protection to your conversation by confirming each other’s identities, allowing you to be that much more certain that you’re talking to the right person.

    Key verification is a common feature of protocols that use end-to-end encryption, such as PGP and OTR. On Signal, they're called "safety numbers." To verify keys without the risk of interference, it's advisable to use a secondary method of communicating other than the one you’re going to be encrypting; this is called out-of-band verification. For example, if you are verifying your OTR fingerprints, you might email your fingerprints to one another. In that example, email would be the secondary communications channel.

    Verifying Keys Out-of-band

    There are several ways to do this. If it can be arranged safely and is convenient, it is ideal to verify keys face-to-face. This is often done at key-signing parties or amongst colleagues.

    If you cannot meet face-to-face, you can contact your correspondent through a means of communication other than the one for which you’re trying to verify keys. For example, if you’re trying to verify PGP keys with someone, you could use the telephone or an OTR chat to do so.

    Regardless of the program that you use, you will always be able to locate both your key and the key of your communication partner.

    Although the method of locating your key varies by program, the method of verifying keys remains approximately the same. You can either read your key’s fingerprint aloud (if you are face-to-face or using the telephone) or you can copy and paste it into a communications program, but whichever you choose, it is imperative that you check every single letter and numeral.

    Tip: Try verifying keys with one of your friends. To learn how to verify keys in a specific program, visit that program’s how-to guide.

    Last reviewed: 
    1-13-2017
  • A Deep Dive on End-to-End Encryption: How Do Public Key Encryption Systems Work?

    If used correctly, end-to-end encryption can help protect the contents of your messages, text, and even files from being understood by anyone except their intended recipients. It can also be used to prove that a message came from a particular person and has not been altered.

    In the past few years, end-to-end encryption tools have become more usable. Secure messaging tools like Signal (iOS or Android)—for phone calls, video calls, chats and file sharing— are good examples of apps that use end-to-end encryption to encrypt messages between the sender and intended recipient. These tools make messages unreadable to eavesdroppers on the network, as well as to the service providers themselves.

    With that said, some implementations of end-to-end encryption can be difficult to understand and use. Before you begin using end-to-end encryption tools, we strongly recommend taking the time to understand the basics of public key cryptography.

    The type of encryption we’re talking about in this guide, which end-to-end encryption tools rely on, is called public key cryptography, or public key encryption. To read about other types of encryption, check out our What is Encryption? guide.

    Understanding the underlying principles of public key cryptography will help you to use these tools successfully. There are things that public key cryptography can and can’t do, and it’s important to understand when and how you might want to use it.

    What Does Encryption Do?

    Here’s how encryption works when sending a secret message:

    1. A clearly readable message (“hello mum”) is encrypted into a scrambled message that is incomprehensible to anyone looking at it (“OhsieW5ge+osh1aehah6”).
    2. The encrypted message is sent over the Internet, where others see the scrambled message, “OhsieW5ge+osh1aehah6”
    3. When it arrives at its destination, the intended recipient, and only the intended recipient, has some way of decrypting it back into the original message (“hello mum”).

    Symmetric Encryption: A Story of Passing Secret Notes with a Single Key

    Julia wants to send a note to her friend César that says “Meet me in the garden,” but she doesn’t want her classmates to see it.

    Julia’s note passes through a bunch of intermediary classmates before reaching César. Although neutral, the intermediaries are nosy and can easily sneak a peek at the message before passing it on. They are also making copies of this message before passing it on and noting the time at which Julia is sending this message to César.

    Julia decides to encrypt her message with a key of 3, shifting the letters down the alphabet by three. So A would be D, B would be E, etc. If Julia and César use a simple key of 3 to encrypt, and a key of 3 to decrypt, then their gibberish encrypted message is easy to crack. Someone could “brute force” the key by trying all the possible combinations. In other words, they can persistently guess until they get the answer to decrypt the message.

    The method of shifting the alphabet by three characters is a historic example of encryption used by Julius Caesar: the Caesar cipher. When there is one key to encrypt and decrypt, like in this example where it’s a simple number of 3, it is called symmetric cryptography.

    The Caesar cipher is a weak form of symmetric cryptography. Thankfully, encryption has come a long way since the Caesar cipher. Using amazing math and the help of computers, a key can be generated that is much, much larger, and is much, much harder to guess. Symmetric cryptography has come a long way and has many practical purposes.

    However, symmetric cryptography doesn’t address the following issue: what if someone could just eavesdrop and wait for Julia and César to share the key, and steal the key to decrypt their messages? What if they waited for Julia and César to say the secret for decrypting their messages by 3? What if Julia and César were in different parts of the world, and didn’t plan on meeting in person?

    How can César and Julia get around this problem?

    Let’s say that Julia and César have learned about public key cryptography. An eavesdropper would be unlikely to catch Julia or César sharing the decryption key—because they don’t need to share the decryption key. In public key cryptography, encryption and decryption keys are different.

    Public Key Encryption: A Tale of Two Keys

    Let’s look at the problem more closely: How does the sender send the symmetric decryption key to the recipient without someone spying on that conversation too? In particular, what if the sender and recipient are physically far away from each other, but want to be able to converse without prying eyes?

    Public-key cryptography (also known asymmetric cryptography) has a neat solution for this. It allows each person in a conversation to create two keys—a public key and a private key. The two keys are connected and are actually very large numbers with certain mathematical properties. If you encode a message using a person’s public key, they can decode it using their matching private key.

    Julia and César are now using their two computers to send encrypted messages using public key cryptography, instead of passing notes. Their classmates passing the notes are now replaced with computers. There are intermediaries between Julia and César: Julia and César’s respective Wi-Fi points, Internet Service Providers, and their email servers. In reality, it may be hundreds of computers in between Julia and César that facilitate this conversation. These intermediaries are making and storing copies of Julia and César’s messages each time they are passed through.

    They don’t mind that the intermediaries can see them communicating, but they want the contents of their messages to remain private.

    First, Julia needs César’s public key. César sends his public key (file) over an insecure channel, like unencrypted email. He doesn’t mind if the intermediaries get access to it because the public key is something that he can share freely. Note that the key metaphor breaks down around here; it’s not quite right to think of the public key as a literal key. César sends the public key over multiple channels, so that the intermediaries can't send one of their own public keys on to Julia instead.

    Julia receives César’s public key file. Now Julia can encrypt a message to him! She writes her message: “Meet me in the garden.”

    She sends the encrypted message. It is encrypted only to César.

    Both Julia and César can understand the message, but it looks like gibberish to anyone else that tries to read it. The intermediaries are able to see metadata, like the subject line, dates, sender, and recipient.

    Because the message is encrypted to César’s public key, it is only intended for César and the sender (Julia) to read the message.

    César can read the message using his private key.

    To recap :

    • Public key cryptography allows someone to send their public key in an open, insecure channel.
    • Having a friend’s public key allows you to encrypt messages to them.
    • Your private key is used to decrypt messages encrypted to you.
    • Intermediaries—such as the email service providers, Internet service providers, and those on their networks—are able to see metadata this whole time: who is sending what to whom, when, what time it’s received, what the subject line is, that the message is encrypted, and so on.

    Another Problem: What About Impersonation?

    In the example with Julia and César, the intermediaries are able to see metadata this whole time.

    Let’s say that one of the intermediaries is a bad actor. By bad actor, we mean someone who intends to harm you by trying to steal or interfere with your information. For whatever reason, this bad actor wants to spy on Julia’s message to César.

    Let’s say that this bad actor is able to trick Julia into grabbing the wrong public key file for César. Julia doesn’t notice that this isn’t actually César’s public key. The bad actor receives Julia’s message, peeks at it, and passes it along to César.

    The bad actor could even decide to change the contents of the file before passing it along to César.

    Most of the time, the bad actor decides to leave the contents unmodified. So, the bad actor forwards along Julia’s message to César as though nothing has happened, César knows to meet Julia in the garden, and ~gasp~ to their surprise, the bad actor is there too.

    This is known as a man-in-the-middle attack. It’s also known as a machine-in-the-middle attack.

    Luckily, public key cryptography has a method for preventing man-in-the-middle attacks.

    Public key cryptography lets you double-check someone’s digital identity with their real-life identity through something called “fingerprint verification.” This is best done in real-life, if you are able to meet with your friend in person. You’d have your public key fingerprint available and your friend double-checks that every single character from your public key fingerprint matches what they have for your public key fingerprint. It’s a little tedious, but it’s really worth doing.

    Other end-to-end encrypted apps also have a way to check for fingerprints, though there are some variations on what the practice is called and how it is implemented. In some instances, you’ll read each character of the fingerprint extremely carefully and ensure it matches what you see on your screen, versus what your friend sees on their screen. In others, you might scan a QR code on another person’s phone in order to “verify” their device.” In the example below, Julia and César are able to meet in person to verify their phone fingerprints by scanning each other’s QR codes using their phone’s camera.

    If you don’t have the luxury of meeting in person, you can make your fingerprint available through another secure channel, like another end-to-end encrypted messaging app or chat system, or a HTTPS site.

    In the below example, César sends his public key fingerprint to Julia using a different end-to-end encrypted app with his smartphone.

    To review:

    • A man-in-the-middle attack is when someone intercepts your message to someone else. The attacker can alter the message and pass it along or choose to simply eavesdrop.
    • Public key cryptography lets you address man-in-the-middle attacks by providing ways to verify the recipient and sender’s identities. This is done through fingerprint verification.
    • In addition to being used to encrypt a message to your friend, your friend’s public key also comes with something called a “public key fingerprint.” You can use the fingerprint to verify your friend’s identity.
    • The private key is used to encrypt messages, as well as for digitally signing messages as you.

    Sign of the Times

    Public key cryptography makes it so you don’t need to smuggle the decryption key to the recipient of your secret message because that person already has the decryption key. The decryption key is their private key. Therefore, all you need to send a message is your recipient’s matching public, encrypting key. And you can obtain this easily because your recipient can share their public key with anyone, since public keys are only used to encrypt messages, not decrypt them.

    But there's more! We know that if you encrypt a message with a certain public key, it can only be decrypted by the matching private key. But the opposite is also true. If you encrypt a message with a certain private key, it can only be decrypted by its matching public key.

    Why would this be useful? At first glance, there doesn't seem to be any advantage to sending a secret message with your private key that everyone who has your public key can crack. But suppose you wrote a message that said “I promise to pay Aazul $100,” and then turned it into a secret message using your private key. Anyone could decrypt that message—but only one person could have written it: the person who has your private key. And if you’ve done a good job keeping your private key safe, that means you, and only you, could’ve written it. In effect, by encrypting the message with your private key, you’ve made sure that it could have only come from you. In other words, you’ve done the same thing with this digital message as we do when we sign a message in the real world.

    Signing also makes messages tamper-proof. If someone tried to change your message from “I promise to pay Aazul $100” to “I promise to pay Ming $100,” they would not be able to re-sign it using your private key. So, a signed message guarantees it originated from a certain source and was not messed with in transit.

    In Review: Using Public Key Cryptography

    Let’s review. Public key cryptography lets you encrypt and send messages safely to anyone whose public key you know.

    If others know your public key:

    • they can send you secret messages that only you can decode using your matching private key and,
    • you can sign your messages with your private key so that the recipients know the messages could only have come from you.

    And if you know someone else’s public key:

    • you can decode a message signed by them and know that it only came from them.

    It should be clear by now that public key cryptography becomes more useful when more people know your public key. The public key is shareable, in that it’s a file that you can treat like an address in a phone book: it’s public, people know to find you there, you can share it widely, and people know to encrypt messages to you there. You can share your public key with anyone who wants to communicate with you; it doesn’t matter who sees it.

    The public key comes paired with a file called a private key. You can think of the private key like an actual key that you have to protect and keep safe. Your private key is used to encrypt and decrypt messages.

    It should also be apparent that you need to keep your private key very safe. If the private key is accidentally deleted from your device, you won’t be able to decrypt your encrypted messages. If someone copies your private key (whether by physical access to your computer, malware on your device, or if you accidentally post or share your private key), then others can read your encrypted messages. They can pretend to be you and sign messages claiming that they were written by you.

    It’s not unheard of for governments to steal private keys off of particular people's computers (by taking the computers away, or by putting malware on them using physical access or phishing attacks). This undoes the protection private key cryptography offers. This is comparable to saying that you might have an unpickable lock on your door, but somebody might still be able to pickpocket you in the street for your key, copy the key and sneak it back into your pocket and hence be able to get into your house without even picking the lock.

    This goes back to threat modeling: determine what your risks are and address them appropriately. If you feel that someone would go through great trouble to try to get your private key, you may not want to use an in-browser solution to end-to-end encryption. You instead may opt to just have the private key stored on your own computer or phone, rather than someone else’s computer (like in the cloud or on a server).

    Review of Public Key Cryptography, and A Specific Example: PGP.

    So, we went over symmetric encryption and public key encryption as separate explanations. However, we should note that public key encryption uses symmetric encryption as well! Public key encryption actually just encrypts a symmetric key, which is then used to decrypt the actual message.

    PGP is an example of a protocol that uses both symmetric cryptography and public key cryptography (asymmetric). Functionally, using end-to-end encryption tools like PGP will make you very aware of public key cryptography practices.

    What Exactly Are Keys. And How Are Keys Tied Together?

    Public key cryptography is based on the premise that there are two keys: one key for encrypting, and one key for decrypting. How it basically works is you can send a key over an insecure channel, like the Internet. This key is called the public key. You can post this public key everywhere, in very public places, and not compromise the security of your encrypted messages.

    This shareable key is the public key: a file that you can treat like an address in a phone book: it’s public, people know to find you there, you can share it widely, and people know to encrypt to you there.

    The public key comes paired with a file called a private key. You can think of the private key like an actual key that you have to protect and keep safe. Your private key is used to encrypt and decrypt messages.

    We’re going to examine the key generation in a commonly-used public key cryptography algorithm called RSA (Rivest–Shamir–Adleman). RSA is often used to generate key pairs for PGP encrypted email.

    The public key and private key are generated together and tied together. Both rely on the same very large secret prime numbers. The private key is the representation of two very large secret prime numbers. Metaphorically, the public key is the product number: it is made up of the same two very large prime numbers used to make the private key. What’s amazing is that it’s very hard to figure out which two large prime numbers created the public key.

    This problem is known as prime factoring, and some implementations of public key cryptography take advantage of this difficulty for computers to solve what the component prime numbers are. Modern cryptography allows us to use randomly chosen, ridiculously gigantic prime numbers that are hard to guess for both humans and computers.

    And, the strength here is that people can share their public keys over insecure channels to let them encrypt to each other! In the process, they never reveal what their private key (secret prime numbers) are, because they never have to send their private key for decrypting messages in the first place.

    Remember: For public key cryptography to work, the sender and the recipient need each other’s public keys.

    Another way you can think of it: The public key and private key are generated together, like a yin-yang symbol. They are intertwined.

    The public key is searchable and shareable. You can distribute it to whoever. You can post it on your social media, if you don’t mind that it reveals the existence of your email address. You can put it on your personal website. You can give it out.

    The private key needs to be kept safe and close. You just have one. You don’t want to lose it, or share it, or make copies of it that can float around, since it makes it harder to keep your private messages private. Without your keys, you can’t read encrypted messages sent to you, and can’t send them out, either. Keep them safe and secret.

    How PGP Works

    Let's see how public key cryptography might work, still using the example of PGP. Let’s say you want to send a secret message to Aarav:

    1. Aarav has a private key and, like a good public key encryption user, he has put its connected public key on his (HTTPS) web page.
    2. You download his public key.
    3. You encrypt your secret message using Aarav’s public key and send it to him.
    4. Only Aarav can decode your secret message because he’s the only one with the corresponding private key.

    Pretty Good Privacy is mostly concerned with the minutiae of creating and using public and private keys. You can create a public/private key pair with it, protect the private key with a password, and use it and your public key to sign and encrypt text.

    If there's one thing you need to take away from this overview, it's this: Keep your private key stored somewhere safe and protect it with a long password.

    Metadata: What Public Key Encryption Can't Do

    Public key encryption is all about making sure the contents of a message are secret, genuine, and untampered with. But that's not the only privacy concern you might have. As we've noted, information about your messages can be as revealing as their contents (See “metadata”).

    If you exchange encrypted messages with a known dissident in your country, you may be in danger for simply communicating with them, even if those messages aren’t decoded. In some countries you can face imprisonment simply for refusing to decode encrypted messages.

    Disguising that you are communicating with a particular person is more difficult. In the example of PGP, one way to do this is for both of you to use anonymous email accounts, and access them using Tor. If you do this, PGP will still be useful, both for keeping your email messages private from others, and proving to each other that the messages have not been tampered with.

    Now that you’ve learned about public key cryptography, try out using an end-to-end encryption tool like Signal for iOS or Android.

    Last reviewed: 
    11-29-2018
  • How to: Use OTR for macOS

    Adium is a free and open source instant messaging client for OS X that allows you to chat with individuals across multiple chat protocols, including Google Hangouts, Yahoo! Messenger, Windows Live Messenger, AIM, ICQ, and XMPP.

    OTR (Off-the-record) is a protocol that allows people to have confidential conversations using the messaging tools they’re already familiar with. This should not be confused with Google's “Off the record,” which merely disables chat logging, and does not have encryption or verification capabilities. For Mac users, OTR comes built-in with the Adium client.

    OTR employs end-to-end encryption. This means that you can use it to have conversations over services like Google Hangouts without those companies ever having access to the contents of the conversations.  However, the fact that you are having a conversation is visible to the provider.

    Why Should I Use Adium + OTR?

    When you have a chat conversation using Google Hangouts on the Google website, that chat is encrypted using HTTPS, which means the content of your chat is protected from hackers and other third parties while it’s in transit. It is not, however, protected from Google, which have the keys to your conversations and can hand them over to authorities or use them for marketing purposes.

    After you have installed Adium, you can sign in to it using multiple accounts at the same time. For example, you could use Google Hangouts and XMPP simultaneously. Adium also allows you to chat using these tools without OTR. Since OTR only works if both people are using it, this means that even if the other person does not have it installed, you can still chat with them using Adium.

    Adium also allows you to do out-of-band verification to make sure that you’re talking to the person you think you’re talking to and you are not being subject to a man-in-the-middle attack. For every conversation, there is an option that will show you the key fingerprints it has for you and the person with whom you are chatting. A "key fingerprint" is a string of characters like "342e 2309 bd20 0912 ff10 6c63 2192 1928,” that’s used to verify a longer public key. Exchange your fingerprints through another communications channel, such as Twitter DM or email, to make sure that no one is interfering with your conversation. If the keys don't match, you can't be sure you're talking to the right person. In practice, people often use multiple keys, or lose and have to recreate new keys, so don't be surprised if you have to re-check your keys with your friends occasionally.

    Limitations: When Should I Not Use Adium + OTR?

    Technologists have a term to describe when a program or technology might be vulnerable to external attack: they say it has a large “attack surface.” Adium has a large attack surface. It is a complex program, which has not been written with security as a top priority. It almost certainly has bugs, some of which might be used by governments or even big companies to break into computers that are using it. Using Adium to encrypt your conversations is a great defense against the kind of untargeted dragnet surveillance that is used to spy on everyone's Internet conversations, but if you think you will be personally targeted by a well-resourced attacker (like a nation-state), you should consider stronger precautions, such as PGP-encrypted email.

    Installing Adium + OTR On Your Mac

    Step 1: Install the program

    First, go to https://adium.im/ in your browser. Choose “Download Adium 1.5.9.” The file will download as a .dmg, or disk image, and will probably be saved to your “downloads” folder.

    Double-click on the file; that will open up a window that looks like this:

    Move the Adium icon into the “Applications” folder to install the program. Once the program is installed, look for it in your Applications folder and double-click to open it.

    Step 2: Set up your account(s)

    First, you will need to decide what chat tools or protocols you want to use with Adium. The setup process is similar, but not identical, for each type of tool. You will need to know your account name for each tool or protocol, as well as your password for each account.

    To set up an account, go to the Adium menu at the top of your screen and click “Adium” and then “Preferences.” This will open a window with another menu at the top. Select “Accounts,” then click the “+” sign at the bottom of the window. You will see a menu that looks like this:

    Select the program that you wish to sign in to. From here, you will be prompted either to enter your username and password, or to use Adium’s authorization tool to sign in to your account. Follow Adium’s instructions carefully.

    How to Initiate an OTR Chat

    Once you have signed in to one or more of your accounts, you can start using OTR.

    Remember: In order to have a conversation using OTR, both people need to be using a chat program that supports OTR.

    Step 1: Initiate an OTR Chat

    First, identify someone who is using OTR, and initiate a conversation with them in Adium by double-clicking on their name. Once you have opened the chat window, you will see a small, open lock in the upper left-hand corner of the chat window. Click on the lock and select “Initiate Encrypted OTR Chat.”

    Step 2: Verify Your Connection

    Once you have initiated the chat and the other person has accepted the invitation, you will see the lock icon close; this is how you know that your chat is now encrypted (congratulations!) – But wait, there’s still another step!

    At this time, you have initiated an unverified, encrypted chat. This means that while your communications are encrypted, you have not yet determined and verified the identity of the person you are chatting with. Unless you are in the same room and can see each other’s screens, it is important that you verify each other’s identities. For more information, read the module on Key Verification.

    To verify another user’s identity using Adium, click again on the lock, and select “Verify.” You will be shown a window that displays both your key and the key of the other user. Some versions of Adium only support manual fingerprint verification. This means that, using some method, you and the person with whom you’re chatting will need to check to make sure that the keys that you are being shown by Adium match precisely.

    The easiest way to do this is to read them aloud to one another in person, but that’s not always possible. There are different ways to accomplish this with varying degrees of trustworthiness. For example, you can read your keys aloud to one another on the phone if you recognize each other’s voices or send them using another verified method of communication such as PGP. Some people publicize their key on their website, Twitter account, or business card.

    The most important thing is that you verify that every single letter and digit matches perfectly.

    Step 3: Disable Logging

    Now that you have initiated an encrypted chat and verified your chat partner’s identity, there’s one more thing you need to do. Unfortunately, Adium logs your OTR-encrypted chats by default, saving them to your hard drive. This means that, despite the fact that they’re encrypted, they are being saved in plain text on your hard drive.

    To disable logging, click “Adium” in the menu at the top of your screen, then “Preferences.” In the new window, select “General” and then disable “Log messages” and “Log OTR-secured chats.” Remember, though, that you do not have control over the person with whom you are chatting—she could be logging or taking screenshots of your conversation, even if you yourself have disabled logging.

    Your settings should now look like this:

    Also, when Adium displays notifications of new messages, the contents of those messages may be logged by the OS X Notification Center. This means that while Adium leaves no trace of your communications on your own computer or your correspondent's, either your or their computer's version of OS X may preserve a record. To prevent this, you may want to disable notifications.

    To do this, select "Events" in the Preferences window, and look for any entries that say "Display a notification." For each entry, expand it by clicking the gray triangle, and then click the newly-exposed line that say "Display a notification," then click the minus icon ("-") at the lower left to remove that line." If you are worried about records left on your computer, you should also turn on full-disk encryption, which will help protect this data from being obtained by a third party without your password.

    Last reviewed: 
    1-19-2017
Next:
JavaScript license information