Encryption was once the province of the paranoid. But no more.
With the revelations from Edward Snowden of widespread spying by the government, many people are more interested in cloaking their online activities. Even if you’re not worried about the government reading your email or getting access to your browsing history, there are plenty of other reasons why you might want financial, legal or health information private and secure, whether from unscrupulous hackers or online marketers.
Here are some key technologies you can use to protect your online activities:
This is a set of linked pieces of software that helps to cloak users’ online identities. “Tor” stands for “the onion router,” a name that is emblematic of the layers of protections the software uses to anonymize users.
When users seek Web pages through a Tor-enabled browser, their requests are encrypted and then go through a random series of computers on the Internet. Each computer, which has been set up by volunteers, relays the requests until they reach their end destination. Thanks to the design of the system, none of the relays nor the end server knows both who requested the Web page or what Web page was being requested.
Tor has been used by everyone from whistle-blowers to cyber-thieves to disguise their identity. It helps prevent people from learning what sites you visit or where you live. It’s mostly used for accessing the Web, but the underlying relay network also can be used for instant messaging, email and other Internet applications.
Of the three encryption technologies discussed here, Tor is by far the easiest to set up and use. On a PC or an iPhone, you simply have to install one application. On an Android phone, you’ll need to install two.
Although it’s easy to configure, Tor does come with some frustrations that could limit how much you want to use it. The main drawback is that because requests go through multiple computers, some of them located half a world away, loading Web pages can be very slow, making your broadband connection feel like it’s the dial-up Internet.
Because the relay network is global and your Internet address appears to be the one from the last server that relays your request, the websites you access may think you are a resident of Germany or Japan or someplace other than where you live. So some websites, such as Google or eBay, may show you pages in a language other than English.
This is the open source version of PGP, aka Pretty Good Privacy, the famed encryption software designed by Phil Zimmerman that the federal government attempted to restrict and compromise. The software is used to encode communications, typically email, using a system of public and private “keys.”
Users publish their public keys on their websites and on servers that act as repositories. The public keys are used by OpenPGP software to encrypt messages that can only be opened with their corresponding private keys, which, as their name implies, are held only by their creators.
Encryption only works if both sides of a conversation use it. Even if you have OpenPGP installed, your outgoing messages won’t be encoded unless you know and use your correspondents’ public keys. Likewise, none of your incoming messages will be encoded unless those writing to you know and use your public keys.
Installing and configuring OpenPGP can be a complicated process that involves the installation, not only of software that supports the technology, but also potentially a plug-in for your mail client. You’ll also need to generate and publish your keys and protect them with a password.
Once you have everything configured, you can connect with key servers to find and download other users’ public keys. And whichever mail program you are using should indicate whether you are sending an encrypted message.
Note that the recommended way to use OpenPGP is with a mail client, like Outlook. That means that if you are used to checking your mail through a webmail interface, you’ll need to change your habits. It also means that if you use multiple computers, you’ll have to configure each one to use OpenPGP. That can be a time-consuming process, in part because to read messages encoded with the same key on all your computers, you’ll need to copy the key and import it on each one of them.
Right now, OpenPGP is not easy to use on smartphones. You’ll find programs on the iPhone, for example, that will store your private key and allow you to use it to open encoded messages, but they often require you to copy the message and paste it into a separate decoding app.
Also known as Off-The-Record, OTR is encryption for instant messages. It scrambles the content of messages so that they can only be read by the sender and the recipient and not by any messaging service provider or anyone who may intercept the messages.
OTR basically acts as a plug-in to a messaging client. The client allows you to connect to various messaging services – Google Talk, Facebook chat, Yahoo Messenger – and OTR allows you to put an encoded wrapper around any messages you send through those services.
Security experts advise using Pidgin as the messaging client on Windows computers and Adium on Macs. Adium has built-in support for OTR, while Pidgin users will have to install the OTR plug-in separately. Android and iPhone users can install ChatSecure, which includes support for OTR. All three messaging clients support multiple chat networks, so you can use them in place of dedicated apps for Facebook chat or AIM.
As with OpenPGP, OTR only works if both sides of a conversation are using it. But once it is installed, OTR will typically attempt to make a secure connection automatically.