
How to encrypt your entire life in less than an hour - misnamed
https://medium.freecodecamp.com/tor-signal-and-beyond-a-law-abiding-citizens-guide-to-privacy-1a593f2104c3#.ng2gfv9yj
======
njharman
The article is very slightly more nuanced but the conceptss the title purports
is __DANGEROUSLY INCOMPETENT __for any security expert / discussion / context.

1) idea that security is something you check off and be done with is
dangerously wrong. Security must be continuous, must be updated, reviewed,
etc.

2) idea that you can "encrypt" [secure] your entire life is ludacris and leads
to many dangerous security misconceptions. You don't even have control of your
entire life, let alone ability to secure it. Most the data on you is owned by
others and not even available to you to secure. __The world is not private or
secure __. Everyone needs to know and think about this when they are tweeting,
sexting, talking shit about future president and then being surprised when SS
comes to investigate.

3) idea that security is either on/off, a binary, that you can be secure or
not. Is False and leads to extremely poor security choices, over/under
securing. Nothing is secure. __There is not such thing as SECURE __. Things
lie on a gradient of security from easy to break to impractically difficult.
Things on the impractical to break technically end are still broken due to
social engineering, externalities (power consumption of cpu), poor practices
surrounding item, etc. Security is making the effort required to get an item
greater than the value of getting the item.

~~~
vaishaksuresh
> your entire life is ludacris

I'm sure you means ludicrous and not
[https://en.wikipedia.org/wiki/Ludacris](https://en.wikipedia.org/wiki/Ludacris)

------
schoen
[Copied from my comment on a duplicate post -- there seems to be random
tracking junk at the end of the URL that prevents these from being detected as
duplicates!]

I appreciate how practical these tips are and I hope people will follow them.

I have two quarrels with this:

> Andy Grove was a Hungarian refugee who escaped communism [... and]
> encourages us to be paranoid.

I'm pretty sure that Grove was referring to business strategy, not
communications security.

> Congratulations — you can now use the internet with peace of mind that it’s
> virtually impossible for you to be tracked.

Something I've seen over and over again is that Tor users tend to have a poor
understanding of what Tor protects and doesn't protect. The original Tor paper
said that Tor (or any technology of its kind) can't protect you against
someone who can see both sides of the connection -- including just their
_timing_. Sometimes, some adversaries can see both sides of a person's
connection. As The Grugq and others have documented, Tor users like Eldo Kim
and Jeremy Hammond were caught by law enforcement because someone was
monitoring the home and university networks from which they connected to Tor
and saw that they used Tor at exactly the same time or times as the suspects
did. (In Hammond's case, recurrently, confirming law enforcement's hypothesis
about his identity; in Kim's case, only once, but apparently he was the only
person at the university who used Tor at that specific time.)

As law enforcement has _actually identified Tor users_ in these cases, I think
people need to understand that Tor is not magic and it protects certain things
and not other things. In fact, I helped to make a chart about this a few years
ago:

[https://www.eff.org/pages/tor-and-https](https://www.eff.org/pages/tor-and-
https)

This chart was meant to show why using HTTPS is important when you use Tor,
but it also points to other possible attacks (including an end-to-end timing
correlation attack, represented in the chart by NSA observing the connection
at two different places on the network) because many people in the picture
know _something_ about what the user is doing.

I've been a fan of Tor for many years, but I think we have to do a lot better
at communicating about its limitations.

~~~
b2600
Re: Tor. It's very effective but users must read the documentation not just
plug and play.

~~~
llamataboot
What do you think most users get wrong when they do it "plug and play". What
steps does reading the documentation have you do that makes it safer?

~~~
nommm-nommm
IIRC the docs say not to change the default window size to prevent tracking
based on window size.

~~~
adrusi
The tor browser bundle pops up a warning if you try to resize it.

------
Asooka
Signal is atrocious for security. You literally log in with your phone number.
Anything you send is directly and irrevocably tied with your physical
identity. What good is to me that the messages are encrypted? When the police
come knocking, either I'll decrypt them, they'll beat me until I decrypt them,
or I'll die in prison for not decrypting them. I do want my messages
encrypted, but more than that I really want them not tied to ME.

~~~
tonyarkles
It's an interesting problem! There's a lot of pieces that are equally strong
"personal identifiers" to a phone number, including your carrier tying your IP
address to your IMSI. Add to that, if both parties of the communication are
under surveillance, there's going to be strong time correlations.

You're describing a very different use case than what I use Signal for
(discussing things that could be harmful for clients if it got out, not things
where I'd want repudiation).

I think my use case is relatively well solved, but I'd be super curious to see
how algorithms could be changed to solve yours.

~~~
Asooka
Mine was solved decades ago when I was allowed to just make an account with an
e-mail and create any number of pseudonymous accounts. This allows me things
like to have a personal and work account, and not leak information between
different identities. And, most importantly, it lets me talk to someone
without having first to reveal my real-world identity. With Signal, I have to
already know that person and trust them with my phone number. It's not really
state surveillance, it's the fact that what used to be private information I
only shared with close friends now has to be public and told to every random
person online I want to chat with. Just.. just let me make an account tied to
an e-mail or to my google profile or anything but my phone number. The entire
thing creeps me out.

------
acconrad
I tried using Signal but the problem is no one else wants to. So yeah I'd love
e2e encryption but it requires both parties to use it, which is a problem.

~~~
colejohnson66
For iOS, iMessage is usually sufficient for most people, so I can see why they
don't bother with other stuff.

------
pnathan
If you're being specifically targeted by a sufficiently capable adversary,
this is, at best, a speed bump.

Categorize your levels of paranoia appropriately.

~~~
unethical_ban
I really wonder if intelligence services are paid to demoralize user groups
when I see posts like this.

If you do all these things, your resistance to even NSA-level incriminating
evidence goes WAY down, and your vulnerability to local LEO and hackers goes
to near-zero.

This is, at best, a brick wall, through which an adversary would have to
bulldoze.

~~~
pnathan
> I really wonder if intelligence services are paid to demoralize user groups
> when I see posts like this.

Bluntly, if you want to tangle with the pros playing like an amateur and not
calculating the risks, you're going to be demoralized in your jail cell or
worse.

Understand, in _depth_ , opsec before playing with the pros. Understand,
understand, understand. Don't just grab random blog posts and mindless
implement them. Understand specific details of what you're giving up and the
tradeoffs.

Activists have been doing amateur hour opsec for forty years and most of have
been cracked like a crab constantly. Pay attention to history, folks!

~~~
nickik
At its core its about economics. The NSA wants to do mass survailance, and if
masses of people adopt even small amounts of improved security it has an
effect. People dont have to understand Signal, just use it, just as https.

If everybody did all the things in this blogpost, we would be better of.

------
EuAndreh
> In a single sitting, you can make great strides toward securing your
> privacy.

There's no such thing as privacy when using proprietary software.

If the goal is to secure your privacy, there no need to argue beyond that.

~~~
madamelic
That was my thought when he suggested using Signal.

Sure it might be secure now but we have no clue if / when the app is
infiltrated or even worse, could be spoofed and have a bad app pushed to our
phones.

(Don't hang me. Just off the cuff idea, I have no clue if it is completely
possible to do such a thing but it seems within the realm of possibilities)

EDIT: On second thought, don't you have to sign apps with a private key? I
assume that raises the bar a bit, as long as the devs can keep those keys
private which seems reasonable enough for such an app.

~~~
unhammer
Actually, Signal is one of the few apps where you can verify that the binary
is produced by the source you have:
[https://whispersystems.org/blog/reproducible-
android/](https://whispersystems.org/blog/reproducible-android/)

------
darkhorn
Be careful with 2 factot authentication. A Telegram user was hacked by the
police in Russia. The government can receive your SMSes. Use non-SMS 2-factor.

~~~
fgandiya
What else can TFA fall back on. I know steam uses email and iOS tells you're
other devices, but is there another option.

~~~
matt_kantor
TOTP[1] is a common one. I use the FreeOTP[2] Android app but there are plenty
of other options.

[1]: [https://en.wikipedia.org/wiki/Time-based_One-
time_Password_A...](https://en.wikipedia.org/wiki/Time-based_One-
time_Password_Algorithm)

[2]: [https://freeotp.github.io/](https://freeotp.github.io/)

------
skdd8
I would also suggest using an actually encrypted email like:

[https://protonmail.com/](https://protonmail.com/)

------
WheelsAtLarge
Question: Given that gmail can be compromised, even 2 factor auth. Why aren't
there any extensions that would make it easier to use a public key while
keeping the gmail data encrypted? Yes, I understand that gmail is not eager to
encrypt the emails but users would be will to do it if there was a simple
extension in chrome or firefox. Using an extension would have saved many from
email hacks in the past year. Yes, it would still be available on the user's
machine but it would certainly add another level of security.

------
nickpsecurity
Better off reading JJ Luna's How to Be Invisible plus espionage non-fiction
about Cold War fieldcraft. Then just stop using electronics when you really
want privacy. Also, if you do crypto, make it look like HTTPS or something
normal to be lost in the crowds over WiFi proxies. Signal and Tor screams
"Look at me!"

Truth is, though, you wont be participating with most people online if you
have very strong INFOSEC and OPSEC. The baseline is just way too low with
insecurity and surveillance everywhere.

------
duckmuck
How is it possible for DuckDuckGo to offer google search results legally?
Aren't Bing and Google constantly sniping at each other for implementing each
other's results?

~~~
sp332
It just redirects to a Google page. It doesn't host the results.

~~~
intopieces
It redirects to encrypted.google.com. Here's a good overview of what that
means:

[http://security.stackexchange.com/questions/32367/what-is-
th...](http://security.stackexchange.com/questions/32367/what-is-the-
difference-between-https-google-com-and-https-encrypted-google-c)

------
torrances
I would also add another tip: create a separate email to use for financial
accounts.

Don't use this email for anything else.

~~~
nommm-nommm
Can you elaborate on why.

~~~
B1FF_PSUVM
So that your shop doesn't mess your bank.

(Shops are regularly hacked with leak of email addresses and possibly
compromising passwords.)

~~~
__jal
Another reason to keep them separate is that it reduces cognitive noise when
dealing with spam.

I use separate addresses for banks, brokerage, etc. Because the email address
associated with each isn't used elsewhere, I can almost always identify the
culprit when it starts getting spammed, so I can cease business with and
blacklist anyone who does it[1].

Because of that, any phishing attempts that go to the wrong address, even well
done, tricky ones, are so obvious a machine can trash them with certainty.

Yet another reason is that if someone is going to try to guess/steal your
password, if they don't know the email address used for that account, that's
something else that can slow them down/trip them up.

[1] That is how Wells Fargo lost my business, well before they made a
surprisingly strong go at proving Lenin right about capitalists.

------
simonebrunozzi
I am not 100% sold on one particular password manager. Any hints/suggestions?

~~~
AjithAntony
I like Keepass becuase it is not tied to any ongoing subscriptions or
providers. You can use the file sync tool of your choice to distribute your
file. The downside/feature is not having tight browser/app integration.

~~~
deadcast
Yeah KeePass is great! I currently use KeePass2 on my Trisquel 7 machine. I
use that app in conjunction with Deja Dup to back up my password database to
S3. There's even an app on the fdroid store called KeePassDroid but I've yet
to make it work. I think the version on the store hasn't been recently
updated.

------
hash-set
The article didn't cover email: Get off of the freebie services like Yahoo!
and Gmail and go someplace else because we already know that these companies
are in big-time cahoots with the government. Also, Google was working hard to
get Clinton crime cabal elected to the point of messing with search results.
WE WON'T FORGET.

FastMail is a decent paid service. Or ProtonMail, Hushmail who market on
privacy and security.

~~~
schoen
There is a trade-off about Gmail:

They pay a large expert security team to work hard on security all the time
(including both mitigating attacks on Google's own infrastructure, and
detecting sophisticated phishing attacks against Gmail users).

They pay a large expert legal team to work hard on legal issues all the time.

They're so popular that metadata analysis actually starts to get difficult a
lot of the time.

They attract a lot of attention from governments. Governments have put
resources into figuring out how to request data from Gmail. Gmail fights many
of these requests vigorously, and ends up complying with many of them.

------
nemo1618
Isn't 2FA considered dangerous now? We've seen how susceptible it can be to
social engineering.

On a related note, I noticed that my Windows Phone displays text message
notifications even when it's locked... So adding a PIN doesn't prevent an
attacker from doing 2FA if they have access to my phone.

~~~
mtgx
SMS 2FA isn't safe at least, and even NIST is deprecating it. The rest depends
on dumb implementations, like Paypal allowing 2FA bypass with a change of the
login link, or Google allowing 2FA bypass of all of its other methods by
forcing you to use a phone number as "backup", which is to 2FA what secret
questions were to passwords (their Achilles's heel).

~~~
et-al
Secret questions are horrible when they're predefined, and what's worse is
when the options are also predefined (e.g. United Airline's website).

However a secret question like "who did you have a crush on back in 5th grade"
is limited to maybe 10 people the world who know and I'm comfortable with that
(of course this changes with the over-publicising of our lives on social
media).

But I'm digressing and agree TOTOP 2FA is great for the masses. Just be sure
to have the backup codes stored in a safe space.

~~~
pbhjpbhj
>However a secret question like "who did you have a crush on back in 5th
grade" is limited to maybe 10 people the world //

Who quite possibly can be established from either your Facebook or your
friends' Facebook (eg you have your friends list set private but a friend who
posts on your wall doesn't).

Taking the "I had a crush on 'snail-fridge-running-spectrum'" line reduces the
number who know the answer to on average less than 1(!).

