One Step Back

 

With governments around the world trying to move encryption solely back into their domain it's time to change the process around retaining our privacy.

As previously mentioned, using what you have is a good start and in most cases will suffice for now. But what about in the future? What if the tools we use are compromised or even banned? What then? What if all we have is email as a communication medium?
The answer to this problem is relatively simple.
You can encrypt your private communications before you press send. There are an abundance of tools out there that will let you do just that. In fact the list is long and the majority of these tools are constantly being updated against threats.

One of the most prevalent ways to achieve communication privacy is to use public key cryptography. This, at it's most basic, is a way of encrypting text with your own personal key. That text can then only be decrypted by someone with your public key. When encrypting a message to someone you use their public key alongside your private key so that only the intended recipient can read what you have written. It's a beautifully simple concept but amazingly secure. Of course I have only outlined this process basically, there is more you can do with your keys such as verify that you are who you say you are and verify other people also.

The biggest problem has been the implementation of this method of encryption. In the past it was a real pain to get it up and running but more recently it's become a lot simpler. It's worth remembering that it only needs to be set up once. From then on integration with software such as email is straightforward. You can also export your keys to some online services.

On Linux I use GNUPG which is an open source and free implementation of the PGP standard. I'm not sure what there is for Mac and Windows but there is software and apps that let you create keys. There are also apps for Android.

It's definitely worth your time doing a bit of research into how to add GPG / PGP to your communications on your platform but it isn't the only way of encrypting messages before sending them. You can choose what is right for you from the plethora of tools available.

The Bleedin' Obvious

 

The first rule of cryptography for personal use is use what you have.

Cryptography can be a deep and complex subject and the very thought of implementing something that complicated into everyday life can seem so daunting that people just don't bother to look at the obvious.
On your phone, tablet or PC there will be something in place already that will get you up and running. Whether that's WhatsApp, Facebook Messenger or whatever, you probably have something that offers end-to-end encryption.

While there are arguments for and against using big tech companies apps for something as sensitive as privacy there are ways of strengthening the use of these technologies.
I'll get into that on my next post.

Typewriters Rule

 

On Tuesday of this week the UK government announced that the Online Safety Bill had passed its parliamentary debate and was now set to become law. Regardless of what you think of the reasons behind implementing the OSB or how you think it will affect you the simple fact is that sooner or later the legislation will affect you.

I'm not going to go into the arguments for or against the bill.
I've long thought that there are plenty of ways to circumnavigate such potentially intrusive snooping on the lawful communications of ordinary people. Most of what I know how to do isn't convenient, it's time consuming and for those reasons hasn't been widely adopted by the general public. Having said that it's good to know that your privacy is still able to be controlled by yourself if you put the effort in.

In future blog posts I'm going to share what I know to enable you to take control of what you share and with whom.

If you'd like to read the Online Safety Bill it's here.
The UK governments press release is here.
Meredith Whittaker makes understanding the arguments around the OSB simple to digest. Find here Mastodon account here.

No Sew Saturday

There will be no sewing done today.

My trusty Singer 514 has a problem whereby it runs without the foot pedal being depressed. After a bit of investigating and searching online it would seem that this problem is not uncommon. Apparently the capacitor in the foot pedal dies and then needs to be replaced in order to rectify the situation. I've ordered said capacitor and now I'll have to wait until next weekend to perform the required surgery.

At least I know that the machine is running because while it was chugging along on its own I managed at least to wind a bobbin. No weird electrical smells coming from the machine. Only the pedal.
I have achieved one thing with this machine today. It's clean. There's no amount of fluff that you can pull from a sewing machine. Once I got started I kept finding more. After about an hour I was satisfied that the tweezers, paint brush and cotton buds had retrieved every bit of cruft that I was likely to find this time around.

If the fix works I'll be very happy to have only spent £4. If not then I have eliminated one possible cause of the fault, the next potential solution I suspect will cost a lot more.

 

Keep It Simple

More often than not I'm thinking about privacy and especially cryptographic functions that enable it.

At the beginning of the year I was in a truck waiting to be unloaded and started thinking about creating secure passwords from simple inputs. The best way for me was to use the terminal on Linux and Termux on my phone.
If you don't use Android or Ubuntu there are still ways to run a BASH script on Mac and Windows.
I've been using the script for a while and it's good for medium security applications. I have just published the script with an explanation of how to personalise it for yourself should you want to use it.

You'll find it on Github.