We are awesome web developers
Bringing beautiful designs to life
Blobfolio
Encrypt. Everything. Now.

Encrypt. Everything. Now.

Encryption matters. A lot. So much so, this post won’t even be very funny or fun to read. (Sorry about that.) But it is important, and you should power through.

Most people are vaguely aware that encryption has something to do with protecting their privacy online, but it goes much deeper than that. For many people around the world, encryption is literally a matter of life and death. By choosing to encrypt your digital life and communications, even if you are a newborn babe with nothing to hide, you might be saving the life of a stranger.

Once more: By encrypting your data, you might save someone else’s life.

But that isn’t what this article is about. If saving people isn’t your thing, well, fine, I can’t really reach you.

This article also avoids going into too much technical detail in regards to the concepts and technical underpinnings of encryption technology. While fascinating, that also tends to scare off most people. And again, this article is for Most People.

Instead, this article is about pushing buttons. You know, the practical things anybody can do to protect themselves and others.

Before we jump into it, if you do want to take the pink pill and fall into the rabbit hole of encryption’s whys and hows, I recommend starting with Phil Zimmermann’s essay Why I Wrote PGP. The Electronic Frontier Foundation also has a nice collection of security-related articles and tutorials at Surveillance Self-Defense.

Also, just a few quick general warnings and disclaimers:

  • Encrypting an existing file system can take some time. Make sure you are connected to a reliable power supply and do not turn off your device until the process is complete, even if it seems frozen, even if you really need to get back on Facebook.
  • If you forget your password, the same mechanism protecting your data from others will end up protecting you from yourself. There’s no way around it, just be careful.
  • If your password is weak, so is your encryption. “batman” or “12345” don’t cut the mustard. If you can, you should use a passphrase instead, a sentence/fragment with some personal relevance to you, sprinkled with punctuation, case variation, etc. Take your favorite Humphrey Bogart quote and throw the name of your dog in there.
  • Encryption protects you when your device is powered off. When it is on, it is in fact unencrypted (or at least the device has the power to travel through the datastreams at will). Be sure to actually shut down your computers when leaving the home or office; don’t just put them into sleep mode. If you are ever asked to hand over your phone, hold down the power button so it can be turned off completely before complying.
  • Lastly, if you have an overly complicated rig (RAID, network drives, etc.) or are responsible for extraordinarily sensitive materials (state secrets, Harry Potter manuscripts, etc.), additional research and alternative methods may be required.

Laptops, Desktops, & Servers

Fun fact: the password you use to log into your computer does absolutely nothing to protect any of your files; it is only used to log you into the operating system. Unless your disk contents are encrypted, anybody with physical access to your machine — a thief, a roommate, (definitely) your cat — can easily grab all of your photos, documents, browser history, etc., right off the hard drive.

Fortunately for many users, encryption is just a button click away.

Windows

But maybe not for Windows users. Microsoft has never quite gotten past the “fuck you pay me” mentality that served them so well in the nineties. Depending on which of the dozen licenses your computer came with, the necessary toggle may not be there. But if it is, you’ll find a feature called Device Encryption under Settings » System » About. Click it, wait, profit.

Gotchas: Microsoft uses comparatively weak encryption, stores the decryption keys generated on its own servers, and requires an online account. Not ideal, but still better than nothing.

MacOS

MacOS and its predecessor OS X both come with a utility called FileVault. Simply find your way to System Preferences » Security & Privacy » FileVault. Click, wait, profit.

Gotchas: FileVault may not play well with existing Time Machine integrations.

Linux

Almost every Linux distribution offers full disk encryption during installation. Unlike Mac and Windows, your Linux operating system (except for the /boot partition) will live inside and independent of the encrypted (LUKS) container. This means you can set a very strong encryption password for yourself, while setting a more manageable sudo password for day-to-day use.

Gotchas: in some cases, the system installation wizard may not correctly guess all the drivers that need to be loaded ahead of the LUKS prompt as part of the boot process. To save some time, keep a LiveUSB handy in case you need to jump in and make some manual configuration changes.

Mobile Devices

While mobile device security as a whole is terrifyingly inadequate, encryption support, at least in modern devices, is quite good, and often enabled by default.

But as mentioned at the top of the article, encryption is only really as strong as the password protecting it. Computers are rather well-known for their ability to count, so a 4-digit PIN code provides virtually no protection at all. To be safe, you should set an honest to goodness password.

Android

Android is almost never really “Android”. Most phone vendors will make at least some modifications, and more than a few really corrupt the platform. With that in mind, you may have to do some Googling for specific information about your device. But in general, just go to Settings » Security » Lockscreen. Encryption is enabled by default on most modern Android devices, but it won’t do anything unless you set a password.

iOS

All that is needed for iOS encryption is a Touch ID and/or Passcode. Head to Settings » Touch ID & Passcode to make sure that’s set.

WiFi

You should never run or connect to a wireless network that does not have a password. Unfortunately no two routers work quite the same way, so you’ll need to ask Uncle Google about how to manage the settings for your particular router.

Communications

It is really easy to forget about all the bits and bytes you’re sending off into space, but the risk posed with any sort of network communication is probably greater than what exists statically on your mobile device or computer.

Texts, Calls, and Video Chat

Every text (and sext) you’ve ever sent has likely been intercepted and analyzed, certainly by a robot, maybe by a lonely ICE agent or patent attorney. In the US, ISPs are required by law to store copies of that data for periods ranging from months to years.

To protect your communications, install a program like Signal or Wickr and have your contacts do the same. You’ll still be able to communicate to people without those programs, but end-to-end encryption will only be possible when both parties are hip.

As a bonus, both programs have desktop releases as well, allowing you to send and receive text messages from more devices.

Email

While text messages might sit around on a server for years, email can linger for decades. You can thank increasingly cheap storage space for features like “Archive It!”.

Most email servers, even if encrypted, are accessible at least to the authorized employees of that company (and by extension, any government or authority that chooses to seize them). For greater security on the storage end, you should switch to a provider like Proton Mail. That won’t protect any messages you’ve sent out, but will keep your own inbox locked tight.

For messages you send, you can use PGP encryption (though that is definitely more technical than mere button pushing), or something like Shh!, which is more along the lines with other items in this article.

Network In/Out

The main thing to understand is that all network traffic is visible to all devices connected to that network. Every site you visit, every packet you send or receive, is out in the open for all to see. The key, once again, is encryption, which will at least turn those porn packets into unintelligible gibberish.

Web sites that care about you (like this one), use strong SSL encryption on all connections. That’s the s in https://. But much of the internet, including the sorts of servers that most of the apps on your phone are talking to, are not encrypted.

The solution to that problem is to funnel all of your network traffic through a secure Virtual Private Network (VPN). By placing a VPN between you and the rest of the world, your immediate connections will always be encrypted.

Unfortunately security is tricky and an astonishingly large number of VPN providers fall short. If you’re able, the best bet is to roll your own using something like Streisand (more than button pushing). Otherwise for the average user, a commercial service like ExpressVPN is a good choice.

Other

File Syncing

Being able to sync and share files from everywhere to anywhere is an attractive prospect, and even a practical one. The problem is similar to that of other items in this list: the data you store in The Cloud is, at the very least, accessible to the employees of those companies, along with any governments that might decide to seize the physical hardware. The Cloud also explodes from time to time, showering the world with secrets (if those secrets weren’t encrypted prior to storage).

Spider Oak is a security-minded alternative to services like Dropbox, Google Drive, and CloudApp. It isn’t as pretty and is missing some of the collaboration features of the others, but will keep your data safe and private.

Passwords

Do not ever use your browser’s built-in password or form manager. It does not store that data safely, may transmit it to outside servers without your knowledge, and can be stolen by malicious web sites, or even malicious code hiding in an advertisement on a normal web site.

Use a secure web-based service like LastPass or a locally-based application like KeePassXC instead.

Internet of Things

Don’t.

Just, no.

Seriously.

Anything marketed as Something Old + Internet is bad news. This includes thermostats, lightbulbs, cameras, refrigerators, outlet adapters, garage door openers, sprinklers, “smart” TVs, etc.

You might think, “How could a lightbulb betray me?” But remember, every device on a network can see what every other device on that network is doing. A compromised lightbulb can pilfer login credentials, browsing habits, and personal information, or even join up with an army of attack bots to hurt others.

That’s right, lightbulbs now have the same evil potential as their patentor, Thomas Edison.

{{ status.message }}