Keep It Tidy, part 1
You don’t want to be the next person hacked on social media or sending out bogus boner medicine SPAM to all your friends. If you’re organizing, thinking about a protest album, or working on art critical of your government then encryption matters to you, as do privacy and safety.
It’s never a bad idea to think about security. This is the first in a (hopefully) short series of posts looking at how you can secure your presence online, feel safer on social networks, and regain a sense of privacy in a world that doesn’t feel so private anymore.
The first thing to understand is that no security is perfect, and they all involve some tradeoffs — longer passwords that are hard to remember, waiting for a login code, etc. You’ll need to figure out what’s practical — actively thinking about your privacy and the rights of others is a great first step. Don’t be intimidated by the technology. Building safety and privacy into how we communicate is an ongoing effort worth focusing on.
So let’s start with a few key concepts:
Keys. You’re going to hear a lot about “keys” as you learn more about online privacy and security. Keys are actually blocks of letters and numbers that you use to encode or decode a message. Most of the time keys come in pairs: a public key you give out that allows other people to encode messages for you, and a private key that you use to decode the message when it gets to you. (Never give out your private key. Ever.) So after you exchange public keys, all messages are secure, end to end. Specific implementations vary, but you get the basic idea.
Two factor authentication. Also known as 2FA or 2Fac Secure . 2FA is important because passwords are basically shit. Also you probably picked a shitty password. It’s okay. Lots of people do. It’s a good idea to move to more secure passwords, but the second factor in two factor security is a device like your phone. When you try to log in to a service with 2FA enabled you’ll first enter your password, then be prompted by the service to enter a code sent to you. So if your password gets hacked not only will the hacker fail at getting in, you’ll know they tried when you see the code sent. Please enable 2FA on services like Twitter, Google/GMail, Facebook, your bank, and anywhere that supports it.
Password managers. Use a password manager like 1Password or LastPass. These allow you to use stronger passwords without the headache of having to memorize 50 different strong passwords. They encrypt and store those passwords so you can move from device to device, and even help you rotate passwords (a good habit to keep.)
Read terms and privacy policies. Always look for data retention policies inside terms-of-service agreements and privacy policies. There’s nothing wrong with using Facebook, for example, but don’t assume that the private parts are actually private. Compare and contrast Facebook’s data use policy to Slack’s privacy FAQs or security practices.
Do your research. Pay attention to business models, board members, and funding of the companies whose services you use. Your first resource here is journalism, but there are also services like Crunchbase which collect data about tech companies. It’s the easiest way to see Facebook’s full board or to find out what company boards Condoleezza Rice sits on. (Hi, Dropbox!)
Use Signal. Signal is an open source text message and secure call app from Open Whisper Systems. All of the key exchange and encryption happens automatically. You just install Signal for Android or iOS and all messages (and Signal voice calls) are encrypted for other Signal users. It works for regular unencrypted SMS and has an easy-to-understand lock/unlock symbol right on the send button — so you always know when you’re sending a secure encrypted text.
There are a number of ways to make Twitter more manageable. This isn’t security or encryption issue, but maintaining a social presence means managing harassment. There’s nothing quite like a stream of assholes screaming at you to make you feel unsafe.
The first rule is simple: block and report. If someone is harrassing you block them. If you think they’re dangerous or harassing others, report their behavior. Twitter has a @safety team with an unenviable task — pointing them at bad apples helps.
There are a couple ways to get preemptive about blocking. Block Together is a tool that lets you limit who can talk to you. It lets you block likely bot/fake accounts (less than 15 followers, brand new, or both.) You can also import and export blocklists — meaning you can share blocklists with friends and groups. Strength in numbers!
Another great option is Twitter Block Chain. Twitter Block Chain is a Chrome extension or Firefox add-on you install in your browser that lets you go to a Twitter user’s following or follower page and block everyone it finds. This might sound a little drastic, but it can greatly reduce the follow-on abuse from spiteful retweets.
The easiest way to feel secure about your email is to use a service called Protonmail. Protonmail is a free email service that stores all email in encrypted format so not even they can read your mail. If you want to read more about their security mechanisms check out their site. Any message you send to another user on Protonmail will automatically be encrypted, and you can secure messages to anyone on any service using a one-time password/passphrase. You can also write self-destructing messages or upgrade to a paid tier to use your own domain.
Protonmail is just one answer. It’s easy to set up but switching email addresses is never fun, so you might want to opt for PGP instead. PGP is a trusted and reliable way to sign and encrypt messages with keys. Unfortunately, setup is trickier. There are, however, services like Mailvelope that make using PGP fairly easy and compatible with GMail and other webmail services — next time I’ll focus on a step-by-step look at securing your email with PGP, so if you want to learn how just stay tuned. next time I’ll spend more time on setup and use of PGP and other email tricks.
By Jesse von Doom, distributed under a Creative Commons CC-BY license.
If that’s how you’re listening to music—you’re only ripping yourself off.
I am consensually working these long-ass, impossible hours to be paid in less money, but more freedom.
This independent creative life has myriad simultaneous jobs, no days off, no assurance of security and requires extreme self-discipline.