Encryption is crucial to everyone, whether it’s the average user or enterprise deployment. Everyone has information they’d rather hide. It may not be much; you may be the kind of person that doesn’t save embarrassing photos or cringy search histories. But what about private conversations between you and your friends?
You don’t have to be a criminal to enjoy encryption, simply stopping random people from reading texts you sent to your friend and texts they sent back is most likely something you’d be interested in. After all, you don’t send them texts publically – it’s a private conversation!
This is where encryption comes into play. It may not be much – it can easily be automatic encryption like what’s found in Signal or iMessage, but it’s important nonetheless. Unless you trust iMessage, in which case you don’t care about privacy and should really take my advice and use Signal so Jared can quit reading your fantasy texts.
I have seen encryption that can be broken in seconds – a good example of this is poorly encrypted AES128 where the key can be extracted. For good encryption, you should use more layers, more random passwords, and smarter encryption.
Let’s assume you have a laptop with private communications between you and a friend. You don’t need to be privacy paranoid to not want some random stranger reading these texts.
The first step is adding a password to your account. This way, someone can’t just click “Sign in” and log into your computer. But, if they have long-term access to your device, they can boot into a different OS or unplug your hard drive and read the texts through a file browser. This is fairly basic and if you aren’t doing this, Joe is going to love reading your search history.
The next layer is enabling user account encryption, like with NTFS’s “Encrypt contents to secure data” option in Windows or Linux’s EncryptFS. Now, if you have a weak password like your birthdate or your crush’s name because we all know you have one Jared, then you should reconsider what kinds of passwords you use. Try to avoid using words or w0rd$ in your password because that can be just as bad as setting your password to “password,”
The next layer is whole disk encryption, which can be done with LUKS on Linux and, I believe, MacOS as well. Feel free to set this to an actual phrase with numbers, letters, and special characters in it, as long as it is as long as possible. Doing this can prevent most attacks that don’t have a lot of time, like a random stranger in the library. Joe is watching.
Your final step should be encrypting sensitive files and folders themselves with whatever your system can use. Avoid using programs like 7Zip and instead, use things like OpenSSL or dedicated tools that are well-vetted in the encryption community. Use PGP encryption to communicate via email and use Signal to prevent someone from reading the message logs.
My next chunk of advice is to encrypt a flash drive with sensitive data and carry it on you at all times, maybe put it on your keychain. This makes it much more difficult for someone to decrypt your data because they won’t likely have physical access to it. The creepy stalker behind you Chrome tried to warn you about won’t be able to see your private messages.
While you’re at it, create a profile in your web browser and store it on that flash drive. Save your passwords in your browser with that profile and it will protect your browser sessions from attack.
If anyone has any tips they’d like to contribute, feel free to share them below in the comments, I’ll be replying to any advice and I may add it to this article if it’s really good advice.