Encrypt all the things!

Posted on
Page
of 100
/ 100
Last Next
  • http://encrypteverything.ca/index.php/Ma­in_Page

    I really believe in this, that to preserve privacy you need to not give up privacy. Which means not allowing your things to be read, accessed and scanned.

    Encrypt all the things.

    Things I already encrypt:

    • all my hard drives
    • the backups from this website (then split into chunks and sent to different storage providers)
    • all personal files (truecrypt within encrypted file system, so even access to the decrypted file system doesn't get you anywhere).
    • my internet traffic (VPN to Sweden and out to the web)

    Things I don't yet encrypt:

    • email, because no-one else does... so it's hard
    • individual documents, because no-one else does... so it's hard

    With today's news that the government are going to spy on everything, I strongly feel... you should all encrypt all the things!

  • I encrypt all the shit I say to my girlfriend.

  • It really isn't tin foil any more, it's becoming common sense, mainstream.

    If everything you're doing is being recorded and examined by our own government (it is), then answer this: Will they use if for you, or against you?

    They will never use it for you, except by the proxy and fear-ridden argument of "to protect you from terrists". But they will use it against you. History unfortunately teaches us that really well.

  • Well done, Velocio. I completely agree. Although you've got to remember, "If you've got nothing to hide, then you've got nothing to worry about" but "that's 11 Downing Street, and what goes on in there is private".

  • Any info on how to VPN internenet abroad?

    I use tor network / vidalia from time to time but it's very slow.

  • https://www.relakks.com/?lang=eng

    That's who I use.

    I don't use it on my phone, because of phone latency issues.

    But I do use it for all home communications (except for SSH which is already encrypted).

  • I should say... using a VPN to another country is enough, and Relakks is one of the more expensive providers (they actually ensure your anonymity too). You can find much cheaper VPN providers by googling for "sweden VPN provider", or pick another country like France or Denmark.

    The idea of a VPN is to encrypt all communication from and to your computer, so that it surfaces from a tunnel in Sweden (or another country of your choice), and then your country cannot be monitoring you.

  • I was just about to ask about RELAKKS... And boom.

  • I suppose you could use a point to point laser link to France, otherwise you are screwed if the gov'mint really want to snoop on you, as long as you are using infrastructure in the UK.

  • Does a service like Relakks slow down browsing, and does Sweden have notably robust privacy laws?

  • Relakks are great because as a pre-paid service they don't keep a user database... and if they don't have such a thing, no-one could ever gain access to it.

    All that they could ever hand over to anyone is subscriber details, but you could use any details to register (non-identifying), as their payment provider is disconnected from them so that it's not possible to link them together.

    Finally, under Swedish law it's not even possible to force handover of details unless a court believes they are certain of getting a 2 year conviction for your activities. Which for most people is extremely unlikely.

    And yes it slows things down slightly... it adds encryption (perhaps 20 milliseconds at each end), and it sends traffic via Sweden (perhaps another 100 milliseconds at worse).

    If you have good broadband you won't notice at all. A slow site is still noticeable, fast sites remain fast.

  • This site has lots of good information too:
    https://ssd.eff.org/tech/encryption

    In fact it's probably easier to consume than my initial link, though more explanation rather than howto.

  • good info cheers

  • Right, restarting the thing and encrypting myself.

  • I've set up FileVault and an account with RELAKKS but it won't connect...
    I fail at Interweb.

  • You went through their guides?

    If it doesn't work, google for your particular OS, "setting up a VPN client on Windows" or something.

    I mostly use Linux, whatever I use probably won't work for you.

  • What prompted this thread? Was there a law change I missed?

    I download all my porn and terrorism stuff from work so should be fine, right*?

    *that was a joke you fucking nazi governments

  • Should everyone be encrypting all the things or just the people that do important stuff, like run forums?

  • What prompted this thread? Was there a law change I missed?

    I download all my porn and terrorism stuff from work so should be fine, right*?

    *that was a joke you fucking nazi governments

    In the UK, the government is going to pass all logs in real-time to the intelligence agencies:
    http://www.bbc.co.uk/news/uk-politics-17­576745

    But the website I linked to was started because in Canada, the ISPs are being forced to handover traffic data to US media companies (so that they can use it to sue for copyright infringement).

    Because of ACTA ( http://en.wikipedia.org/wiki/Anti-Counte­rfeiting_Trade_Agreement ) you should assume that the Canadian argument applies in the UK and everywhere else in the world too, or that it will do so very soon.

    Should everyone be encrypting all the things or just the people that do important stuff, like run forums?

    All people should encrypt all things, because people who run services generally don't, so you should take responsibility for encrypting what you can.

    The vast majority of companies I've worked for encrypted virtually nothing. You should do what you can, and you should assume that if a company can use the information against you (and more importantly, to their advantage) that they will do so.

  • And no, just because the BBC article is dated yesterday, it isn't an April's Fool joke. I wish it were.

  • Oh, and if anyone still thinks it was an April's Fool joke:
    http://www.guardian.co.uk/world/2012/apr­/01/government-email-social-network-surv­eillance
    http://www.independent.co.uk/news/uk/hom­e-news/police-and-mi5-get-power-to-watch­-you-on-the-web-7606788.html

    I can't do much to help others, but I will do some tests over the next week on encrypting everything on LFGSS. A lot of this will be invisible to you, but I'll experiment with making the whole site https:// only on a few days to see what it does to the front-end load balancer.

  • Surely if the govt pass a bill which lets them look at this stuff and you are doing something to prevent them from doing so then you're going to open to prosecution etc for withholding the information?

  • Surely if the govt pass a bill which lets them look at this stuff and you are doing something to prevent them from doing so then you're going to open to prosecution etc for withholding the information?

    No.

    Whilst RIPA allows them to request decryption keys with a warrant in the case of any major crime investigation, using SSL web-sites (such as accessing your bank, private email, etc) and encryption tools is not against any law.

    That they will enact a law stating that all internet service providers must notify GCHQ in real-time what you're doing, and that GCHQ can track and scan such things in real-time, does not inherently grant GCHQ right or access to the contents of your internet traffic.

    Unless... you send such information in plain text, thereby allowing them to read it and somewhat implicitly state that you consent to others reading it (by opting to use a plain text service).

    I hate metaphors, similes and over-simplifications, but think of it this way:
    Encryption = putting a letter in an envelope, having written the letter in a language only you and the recipient know
    Regular internet & email = sending a post card, writing in block caps in English

    One is readable by all, and if you're notifying someone that person A is sending to person B, then the post card may well be read by interested third parties (intelligence agencies, companies, etc).

    The other remains sealed, and is protected against being read for even if they opened it (and let's assume you noticed tampering because you'd wax sealed it), they couldn't read it. They'd still know person A sent to person B, but they'd have to get a separate warrant to ask you what you said.

    Further, imagine that in the post card example that they had such man power that they could read ALL of the post cards sent. You know... just in case.

    Then imagine that they had such an amount of paper and card indexes, that they could keep all of the post-cards forever and cross-reference them all.

    And just for good measure, imagine them retroactively creating searches in the future against things you did in the past that were legit at the time (there are great examples of the USA applying their drug rules retroactively to people of other countries where drugs are not illegal or were not illegal when people tried them).

    And with that understanding (which is as accurate as such simplifications could be), realise that the best thing you can do to reasonably protect yourself against future definitions of right and wrong, and how that will be applied to you, is to not use post cards and allow your communications to be recorded evermore and form part of the massively cross-referenced store of knowledge through which they trawl for anyone against the state and the interests of major parties (the copyright lobby in the USA).

    It's not illegal to encrypt your data, it's somewhat daft not to.

  • Isn't there something we can sign? A protest movement? A demonstration to take part in? In addition to encrypting everything?

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Encrypt all the things!

Posted by Avatar for Velocio @Velocio

Actions