Tech post: Encryption is a Good Thing...
Some of my friends know that I'm a bit of a crypto-buff. I consider myself a regular-guy crypto buff. That means that I care strongly about my privacy, feel that my email and instant messages are my own, and cringe whenever I hear about unscrupulous companies or governments intercepting and reading the emails and messages of their private citizens. What I don't know is the technical aspects of computer-based crypto.
In short, I use encryption, just don't ask me how it works.
For those who wonder why I care, consider this. It is a felony to open another person's US Mail. That's right, a felony. Not a misdemeanor. Felony means you can serve jail time, it stays on your permanent record. But if you open someone else's email, nothing. Nada, Niente. If I'm enterprising, I can intercept your email, read it, and even alter it and send it on. You'd have to catch me altering it, AND prove that you suffered monetary damage from my altering. But at that stage, the legal costs would be too much. In short, email and instant messaging have NONE of the protections standard snail mail does. In this day and age, much information is passed electronically, and much of the information is sensitive. So why does the average American put up with this, knowing full well that Verizon and Comcast can read your email to Aunt Melba complaining of their service and act accordingly?
Because the average American doesn't care.
"Why encrypt it? Do you have something to hide?"
Well, if that's the way you feel, why don't you parade naked around the house with all your windows open? What, you have something to hide?
So, I like encryption and I'd like others to use it. Since others do not (yet), the least I can do is digitally sign my emails. This proves that the email actually came from me, and not, for example, Dr. Svavimbi from Nigera (you all know him, right?)
There are a variety of programs out there that allow you to encrypt, sign and decrypt content, messages, and emails. The most popular is PGP (Pretty Good Privacy) and it's open-source cousin, GPG (Gnu Privacy Guard)
Better pages exist that describe the full process, but here's the short end: PGP/GPG uses shared keys. Each person has their own key, that exists in two parts. A secret/private key and a public key. I give the public key to you, and you use that key to encrypt an email addressed to me. I receive that email, and use my private/secret key to decrypt it. Only messages encrypted with my public key can be decrypted with my secret key. But no messages encrypted with my public key can be decrypted with the same public key. The same process occurs with each message recipient I want to securely email. Therefore, I can freely give out my public key, and receive any encrypted emails I want.
PGP was the originator of the whole shebang, and they've since become a private company, selling PGP Desktop to the masses (both corporate and individual). It is a nice, integrated program with neat GUI visuals and easy to use documentation and features. It also costs money.
GPG is the open-source spinoff, fully compatible with PGP Desktop. Not as integrated, not as fancy, but containing all the pertinent functionality. It costs nothing.
I've decided that free is better at this point, so GPG is my choice. MacGPG more to my point, as I interface with the matrix through my Powerbook. It took installing a few packages, but really had little setup time, and I'm able to integrate it nicely with Mail or Entourage. I don't have the PGP Disk feature, that encrypts folders/disks, but it's not available for Tiger anyway, so I'll make do.
Overall impression? I like it. You should too.
Here's my Public Key. Send me an email and welcome back to privacy!
In short, I use encryption, just don't ask me how it works.
For those who wonder why I care, consider this. It is a felony to open another person's US Mail. That's right, a felony. Not a misdemeanor. Felony means you can serve jail time, it stays on your permanent record. But if you open someone else's email, nothing. Nada, Niente. If I'm enterprising, I can intercept your email, read it, and even alter it and send it on. You'd have to catch me altering it, AND prove that you suffered monetary damage from my altering. But at that stage, the legal costs would be too much. In short, email and instant messaging have NONE of the protections standard snail mail does. In this day and age, much information is passed electronically, and much of the information is sensitive. So why does the average American put up with this, knowing full well that Verizon and Comcast can read your email to Aunt Melba complaining of their service and act accordingly?
Because the average American doesn't care.
"Why encrypt it? Do you have something to hide?"
Well, if that's the way you feel, why don't you parade naked around the house with all your windows open? What, you have something to hide?
So, I like encryption and I'd like others to use it. Since others do not (yet), the least I can do is digitally sign my emails. This proves that the email actually came from me, and not, for example, Dr. Svavimbi from Nigera (you all know him, right?)
There are a variety of programs out there that allow you to encrypt, sign and decrypt content, messages, and emails. The most popular is PGP (Pretty Good Privacy) and it's open-source cousin, GPG (Gnu Privacy Guard)
Better pages exist that describe the full process, but here's the short end: PGP/GPG uses shared keys. Each person has their own key, that exists in two parts. A secret/private key and a public key. I give the public key to you, and you use that key to encrypt an email addressed to me. I receive that email, and use my private/secret key to decrypt it. Only messages encrypted with my public key can be decrypted with my secret key. But no messages encrypted with my public key can be decrypted with the same public key. The same process occurs with each message recipient I want to securely email. Therefore, I can freely give out my public key, and receive any encrypted emails I want.
PGP was the originator of the whole shebang, and they've since become a private company, selling PGP Desktop to the masses (both corporate and individual). It is a nice, integrated program with neat GUI visuals and easy to use documentation and features. It also costs money.
GPG is the open-source spinoff, fully compatible with PGP Desktop. Not as integrated, not as fancy, but containing all the pertinent functionality. It costs nothing.
I've decided that free is better at this point, so GPG is my choice. MacGPG more to my point, as I interface with the matrix through my Powerbook. It took installing a few packages, but really had little setup time, and I'm able to integrate it nicely with Mail or Entourage. I don't have the PGP Disk feature, that encrypts folders/disks, but it's not available for Tiger anyway, so I'll make do.
Overall impression? I like it. You should too.
Here's my Public Key. Send me an email and welcome back to privacy!
Technorati Tags: puppy