Green activist guide on communication encryption

Crypto parties are happening everywhere, even in the European Parliament. In the year 1 after the Snowden-Leaks people are more and more concerned about their privacy. Still the majority acts in the contrary. This is wonderfully described in this Guardian article.

Nevertheless there are people who are politicly active who don’t have the luxury of choice. Having a not-secure communication can mean to danger themselves and the people around them. As a matter of fact, activists in more secure countries like in the west tend to forget that there are places, where a simple email can create harm. So it is not just an issue in less secure regions, but everywhere. Not using encryption is like having unprotected sex. That’s why you can find here a short overview on how to communicate more secure.

The term “more secure” is adequate, because there is no absolute security. If you use encrypted e-mail who do you know that the email app you use is secure? If you use an open source email client who got audited, how do you know that your operating system on your computer is secure? And even if you use a specific operating system like Tails, how do you know that there is no backdoor in your hardware?

You see, there is no absolute security. So as the first step you should think about the risk scenarios. To whom do you like to communicate? What are possible threats and what can you do about it? Choosing the right tools requires to know your needs first.

Tor

A good start is the Tor Project. They are developing a software which allows the best anonymised communication available at the moment. The current versions are quite easy to use. For the start the Webbrowser Tor Browser is very recommended. There is also a live operating system Tails which is preconfigured to use Tor out of the box. It is especially recommended to journalists in crisis regions.

Messanger

Recently ProPublica – a project supporting journalism and journalists, published an overview on the best secure Messaging Tools. There is not much to add. There you can easily find out about the current applications you use and what alternatives are there. Only two short suggestions:

  • Cryptocat: it is for having encrypted chat with your friends, right in your browser and mobile phone. Everything is encrypted before it leaves your computer. Cryptocat is open source, free software, developed by encryption professionals to make privacy accessible to everyone.
  • Silent Circle: it is a commercial service allowing secure calls and messaging. There plans allow also to make calls to outside the network.

Email

Email encryption is only difficult in that sense, that the installation differs very much based on the email client you are using. The standard for such kind of encryption is PGP (Pretty Good Privacy) or in that case GPG (GNU Privacy Guard, which is the open source adaption of PGP. They are using the same technology and if somebody encrypts email with one of it, it doesn’t matter which you are using to open it.

One of the principles of modern encryption is the method of having two keys – one public and one private. The public one can be shared to everybody and is used to encrypt messages for you, which you can only encrypt using your private key. The same process is done if you start a secure session in your browser or in your messanger. In difference, you see it more clearly while handling email encryption. As the most important rule, never ever share your private key with somebody!

A multi plattform solution for encrypted email is via Mozilla Thunderbird and Enigmail, which is very similar on Linux, Mac and Windows systems. A step by step guide can be found here.

If you are using other email clients, have a look on the following pages: