I am occasionally approached by our colleagues in liberty concerning what applications to use that are biased towards protecting our privacy and anonymity.
I've got some credibility in that department, which is why people approach me.
When I evaluate such privacy systems, I have four important, practical criteria I use as lenses to view the situation:
- Does the system use correctly implemented, well vetted strong cryptography of a sort that is likely to fend off an adversary for years, if not decades and centuries?
- Home brewed crypto is invariably flawed.
- Nothing is forever in crypto, eventually, everything falls to brute force. The telling question is how much computing power is available to your adversary, and how much of that is he likely to allocate towards cracking YOUR stuff?
- Does your content ever appear in the clear on the far end, or anywhere else other than in your own possession or your designated recipient?
- Are your keys created by you, and only ever available in the clear to you?
- Keys you didn't make, or which are held in the clear by others, and the content they encrypt is immediately considered to be compromised.
- Can your encrypted content be held defiantly, such that men show up with guns & writs to make off with servers and hard drives are nonetheless thwarted?
- Most privacy policies are little more than formalized gentlemen's agreements not to share your stuff except with partners, until the men with guns and writs show up. Then they roll over rather than have their data center trashed.
- Does the system contain some method of validating the identity of the people you've designated as recipients of your content? How do you know that you're talking to a friend or foe, and not an impersonator or man in the middle?
It's often subtle, sometimes complicated stuff, and few systems check all the boxes. There are, however, some "best of breed" solutions, some of which are for regular users, some of which is for people of geekly persuasion:
Communications: Signal
Mail: Protonmail
Disk Encryption: Veracrypt picked up where TrueCrypt left off, or whatever your OS natively supports (Bitlocker, FileVault2, Linux's built in FDE, etc)
General Cryptography: GPG
Anonymity: Tor, Torbrowser, TAILS
Geeky armored Operating Systems: Qubes
VM hosts, for disposable images: VirtualBox
Cloud Document Storage: Nextcloud
No comments:
Post a Comment