crypto war: get prepared!

DebuggerGuys — Fri, 08 Oct 2021 05:00:02 GMT

Current Revision posted to Documents by DebuggerGuys on 10/8/2021 5:00:02 AM

In the information age, communication security is one of the things you can't go around without. It ensures the secure flow of money in electronic commerce, the free exchange of ideas and the flourishing of democracy, even in hostile regimes.

Government's attempt to break in citizens' information unleashed the first crypto war, with the hardware-based Clipper Chip which intended to protect private communications whereas it permitted the obtention of targeted information.

Luckily, the situation didn't grow into a big deal, but the big brother didn't hold its horses. Ever since, the intentions to leak thru our information have grown bigger and stronger, most recent examples of this are SOPA and PIPA, for those who have no bells ringing so far.

Fortunately, the tools to secure communications are widely available and people around the world have access to strong encryption, unbreakable by any government. Encryption can be found in source code, with open peer-reviewed algorithms that can be implemented in any programming language, embedded in software and layered on top of any communications channel.

The following are resourceful methods to grant security within our information.

1. Email Privacy

Naked email is like a postcard for anyone to read. Pretty Good Privacy (PGP), an open source software program created by Phil Zimmermann in 1991, is the global standard for point-to-point encrypted and authenticated email.Hushmail is an OpenPGP-compatible web-basedemail platform that does not have access to your user password for decryption. Both products, when used correctly, offer subpoena-proof email communication.

2. File Privacy

Your files might be stored in the encrypted cloud but that doesn’t mean that they’re 100% safe for your eyes only. Free and open-sourceTrueCrypt allows you to encrypt folders or entire drives locally prior to syncing with Dropbox.BoxCryptor also facilitates local file encryption prior to cloud uploading and it comes with added compatibility for Android and iOS.

There is an alternative to the dual-application process described above. Although most cloud-based storage services transfer over an encrypted session and store data in an encrypted form, the files are still accessible to the service provider which makes the data vulnerable to court-ordered subpoena. In order to rectify this, two differentzero-knowledge data storage companies provide secure online data backup and syncing – SpiderOak and Wuala. For obvious reasons, there is no password recovery and employees have zero access to your data.

3. Voice Privacy

Wiretapping will become more prevalent in the days and months ahead. From the creator of PGP, Zfone is a new secure VoIP phone software product utilizing a protocol called ZRTP which lets you make encrypted phone calls over the Internet. The project’s trademark is “whisper in someone’s ear from a thousand miles away.” You can listen to Zimmermann present Zfone at DEFCON 15.

Also utilizing ZRTP, open-source Jitsi provides secure video calls, conferencing, chat, and desktop sharing. Because of security issues and lawful interception, Tor Project’s Jacob Appelbaum recommends using Jitsi instead of Skype.

Designed specifically for mobile devices and utilizing ZRTP, open-sourceRedPhone from Whisper Systems is an application that enables encrypted voice communication between RedPhone users on Android.

4. Chat Privacy

Encrypting your chat or instant messaging sessions is just as important as encrypting your email. Cryptocat establishes a secure, encrypted chat session that is not subject to commercial or government surveillance. Similar to Cryptocat, the older and more durable Off-the-record Messaging (OTR) cryptographic protocol generates new key pairs for every chat implementing a form of perfect forward secrecy and deniable encryption. It is available via Pidgin plugin.

5. Traffic Privacy

The final step in the process is geo-privacy, which refers to the protection of ‘information privacy’ with regard to geographic information. Virtual Private Networks, or VPNs, have been used consistently for anonymous web browsing and IP address masking. Just make sure that your VPN provider does not log IP addresses and that they accept a form of payment that does not link you to the transaction.

Additionally, the Tor Project provides free software and an open network for privacy-oriented Internet usage. Intended to protect users’ personal freedom, privacy, and ability to conduct confidential business, Tor (The onion router) is a system that improves online anonymity by routing Internet traffic through a worldwide volunteer network of layering and encrypting servers which impedes network surveillance or traffic analysis.

The idea is that we all get familiar with this concepts so we can apply security methods on our own and be prepared in case is needed. I'll keep documenting on this, so be alert!

Tags: information, security, private, info, crypto, encryption