Last week I attended Next Generation Threats in Stockholm where a hot topic was the matter of privacy. There are a number of encryption tools out there, but which are really the ones we should use? This easy question has unfortunately no easy answer. In my last post I showed how one can use PGP to encrypt email messages, but it is not very easy to use with webmail providers. PGP works, but one cant say it is very user friendly, and that is very important.
Most users do not care how technology works, they simply want to use it. If it is secure, great, but it is not something that most users are to concerned with. Even if you are concerned with security, the more user friendly it is, the better. The problem is, when somebody claims their software is secure, how can you trust them? As a speaker at this conference pointed out, the more buzzwords you put in, the more likely are you to attract users to use your software. NSA-proof was such a buzzword, a word I would never use myself, but it seems very popular among software vendors these days.
Personally, I prefer to use open source tools instead of closed source. Why? It is not because I am proficient enough to check the source code and validate their claim about being secure or not, but I trust in the community to help me with just that. We are all good a different things and by using open source, those companies gives us a chance, as a community, to validate their efforts of helping us to stay secure when communicating. One obvious example is Open Whisper Systems, which currently have two apps for allowing me as a user to communicate privately. The reason I use their software instead of a number of closed source products is just the fact that their source code is available for everyone. I am not an expert on cryptology, nor am I a great programmer, but the whole Internet community has a number of people who are good at these things. I put my trust in their ability, rather putting my trust into a closed source project that can claim whatever they want without having to actually prove it. Another great project is Tor with their browser bundle as an example, which also is open source. Tor is mainly about anonymity and not about encryption, but the idea of allowing secure communication is basically the same. Secure communication can mean a lot of things, but for me, both these projects are at the core of private, anonymous and secure communication.
Users who do not care about their online privacy and do not care about their data, perhaps you should think again. The idea behind “I have got nothing to hide” may not protect you in the future. If governments and other parties are able to obtain your data and eavesdrop on your communications, that power can be abused. It has happened before, and it will happen again. Remember that your online history and communications can be stored for safe keeping unless you protect it, and maybe not now, but somewhere in the future, that data could come back to haunt you. So, I will leave you with a simple advice, the same advice one of the speakers offered.
If your device offers encryption, use it, simple as that. Many of the devices you use have encryption available, some even have encryption on by default. Encryption is available for most of you, so start using it.