Encryption when sharing information


This post is indented as a sequel to the previous one, which I believe should apply to everyone. I repeat: If we all look after our digital privacy, as we look after our health, say, we shall be protecting the social scientists and journalists who are sticking their neck out to tell us what we need to know.

This post, however, will be for those who are actually at risk, i.e. the social scientists, journalists and non-violent political activists who provoke the political powers that be.

***

To send a file to somebody else, when you want to be sure that only the intended recipient can read it, you could of course simply password protect it, but passwords can easily be cracked. Besides you would have to send the password, and the message in which you send it could be intercepted.

An alternative is to use 7zip  – which is available to  all major operating systems. With 7zip you can encrypt the file. You would do this if you want to transfer a large file, or several files, via your cloud service. You would still have to convey the password though.

The most commonly used way to protect the privacy of email is with PGP (Pretty Good Privacy). The program PGP itself is not free, but there is a free alternative, based on the so-called OpenPGP standard.

Now if you use an email client that provides PGP support — and yours may very well do so, although you do not know it — you should study its documentation. If not, you should consider changing your email client. 

Wikipedia has an article comparing email clients. Search on the page for PGP and you will find a table that might be useful to you. If you normally only use Webmail, you might consider starting to use a dedicated email program (“email client”).

PGP’s alternative to the issue of passwords is a set of “keys”: One “private key” which only the sender possesses, and one “public key”, which can be published openly on the net yes, on the net! The sender AND the recipient must know each other’s public keys, and this is where your software comes in.

Your software should  be able to generate both keys and store them. It imports and stores also the public keys of people with whom you want to communicate, and keeps track of what messages are to be sent to or received by whom. Finally it should check incoming keys, and encrypt and decrypt as needed.

The hitch is obviously that the recipient must also be using PGP encryption. But PGP has grown pretty universal, cross-platform and is inherent in many application. However, as with all software, new versions tend to be incomprehensible to older ones. (Compatibility issues can often be solved by altering settings.)

Most of us are not yet used to using PGP for email, though, so though it can easily be handled by our email programs, it may take a while before we all catch on.

At any rate, do not be discouraged, because once you have your keys properly stored and have understood how to use them, encrypting your stuff (with the proper software) is not difficult at all!

,