Sunday, November 05, 2023

One Step Back


The GNUPG Logo

With governments around the world trying to move encryption solely back into their domain it's time to change the process around retaining our privacy.

As previously mentioned, using what you have is a good start and in most cases will suffice for now. But what about in the future? What if the tools we use are compromised or even banned? What then? What if all we have is email as a communication medium?
The answer to this problem is relatively simple.
You can encrypt your private communications before you press send. There are an abundance of tools out there that will let you do just that. In fact the list is long and the majority of these tools are constantly being updated against threats.

One of the most prevalent ways to achieve communication privacy is to use public key cryptography. This, at it's most basic, is a way of encrypting text with your own personal key. That text can then only be decrypted by someone with your public key. When encrypting a message to someone you use their public key alongside your private key so that only the intended recipient can read what you have written. It's a beautifully simple concept but amazingly secure. Of course I have only outlined this process basically, there is more you can do with your keys such as verify that you are who you say you are and verify other people also.

The biggest problem has been the implementation of this method of encryption. In the past it was a real pain to get it up and running but more recently it's become a lot simpler. It's worth remembering that it only needs to be set up once. From then on integration with software such as email is straightforward. You can also export your keys to some online services.

On Linux I use GNUPG which is an open source and free implementation of the PGP standard. I'm not sure what there is for Mac and Windows but there is software and apps that let you create keys. There are also apps for Android.

It's definitely worth your time doing a bit of research into how to add GPG / PGP to your communications on your platform but it isn't the only way of encrypting messages before sending them. You can choose what is right for you from the plethora of tools available.