In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers.
Ever since Edward Snowden revealed the inner secrets of the NSA, he has been urging Americans to use encryption to protect themselves from rampant spying.
"Encryption does work," Snowden said, via a remote connection at the SXSW tech conference. "It is a defense against the dark arts for the digital realm."
ProPublica has written about the NSA's attempts to break encryption, but we don't know for sure how successful the spy agency has been, and security experts still recommend using these techniques.
And besides, who doesn't want to defend against the dark arts? But getting started with encryption can be daunting. Here are a few techniques that most people can use.
Encrypt the data you store. This protects your data from being read by people with access to your computer.
- Encrypt your hard drive so that if you lose your computer or you get hacked, your information will be safe. Most recent Apple Macintosh computers contain a built-in encryption system called FileVault that is simple to use. Some versions of Microsoft's Windows 7 also contain a built-in encryption system called BitLocker. Another popular solution is the free, open-source program TrueCrypt, which can either encrypt individual files or entire partitions of your computer or an external hard drive.
- Encrypt your smartphone's hard drive. Yes -- your smartphone has a hard drive much like your computer does. In fact, your phone probably contains as much --or more -- sensitive information about you as your computer does. Apple doesn't let you encrypt your smart phone's hard drive or the files on it, though the operating system will encrypt passwords and some other files if you use a passcode on your device. Apple will also let you encrypt your phone's backup files on iTunes or iCloud. You can also use Find my iPhone to remotely "wipe," or delete the data on your iPhone or iPad if it is lost or stolen. Google's Android operating system lets you encrypt your phone hard drive.
- Encrypt the data you store in the cloud. I use the SpiderOak encrypted cloud service. If an encrypted cloud service were somehow forced to hand over their servers, your data would still be safe, because it's encrypted using a key stored only on your computer. However, this also means that if you lose your password, they can't help you. The encrypted data would be unrecoverable.
Encrypt the data you transmit. The Snowden revelations have revealed that U.S. and British spy agencies are grabbing as much unencrypted data as they can find as it passes over the Internet. Encrypting your data in transit can protect it against spy agencies, as well as commercial data gatherers.
- Install HTTPS Everywhere on your Web browser. This encrypts your Web browsing sessions, protecting you from hackers and spy agencies that scoop up unencrypted traffic across the Internet. Not every site works properly with HTTPS Everywhere, though an increasing number do.
- Use encrypted texting apps with friends who install the same apps on their phones. On the iPhone, Silent Circle and Wickr offer apps for encrypted texting. On Android, the TextSecure app encrypts texts in transit and when they are stored on your device.
- Use the Off-the-Record Messaging protocol to encrypt your instant messaging conversations. You can still use your favorite instant-messaging service, such as Gchat or AIM, though you'll need to use a software client that supports the Off-the-Record protocol. On Macs, free software called Adium can enable OTR chats, and on Windows, you can use Pidgin. Once you've set up OTR and gone through a simple verification step, you can IM as you usually do. Both parties have to use OTR for the encryption to work.
Use Gnu Privacy Guard to encrypt your email conversations. Like OTR, if you're using GPG you'll need the people you email with to use it as well in order to encrypt your conversations. I use free software called GPG Tools with Enigmail and Postbox. GPG Tools also works directly with Apple's built-in Mail program.
GPG has some shortcomings — it's difficult-to-impossible to use it with the mail program built into most smartphones, and you can't use it easily with webmail like Gmail. (Although there are some new web-based mail programs that use GPG called Mailvelope and StartMail that I haven't had a chance to try yet.)
The most difficult part of GPG is that, unlike the encrypted texting and instant messaging programs, you have to generate a secret key and keep it somewhere secure (usually on your computer or on a USB stick). This often means you can only send GPG mail when you have your key with you. Even so, it is incredibly satisfying once you send your first message and watch it transform into a block of numbers and letters when you click "encrypt."
Clarification (May 7, 2014): This post was clarified to specify that Apple's iOS encrypts some files automatically.