Reasons To Root Your Android Device

image

I frequently see posts where people are asking for the benefits of rooting an Android phone or tablet.  So, instead of rethinking and rewriting the list every time, I’m just going to link them to this pre-existing list.

The List

    1. Get rid of bloatware.
    2. Increase security & privacy.
    3. Integrate Google Voice into the OS (depends on which firmware “ROM” you get).
    4. XPosed with tons of modules for enhanced capabilities.
    5. FolderMount to move ANY app to SD (better than app2SD)… ALWAYS works!
    6. Become a wifi hotspot without paying your carrier DOUBLE for the same internet.
    7. Share internet via cable without paying your carrier DOUBLE for the same internet.
    8. Granular (per permission, per app) security for all apps.
    9. Increased storage space due to removed bloatware.
    10. Backing up all apps.
    11. Keeping multiple versions of backed up apps (Titanium Backup) so you can roll back to an older version when an update totally hoses needed functionality or adds in app advertisements.
    12. Block phone calls and texts from specific numbers (at the OS level).
    13. NANDROID backups (entire, bit-for-bit copy of your entire setup).

All the items above, explained

    1. Get rid of bloatware.
      1. Bloatware is software pre-installed by the manufacturer and carrier that you are not allowed to uninstall.  It’s usually crap that you’ll never use and uses up your valuable storage space that you could be using for your own stuff.
    2. Increase security & privacy.
      1. Contrary to popular opinion, rooting your phone does not automatically reduce your security.  In fact, you can add powerful security control that you will never have with an unrooted deviced.
    3. Integrate Google Voice into the OS (depends on which firmware “ROM” you get).
      1. I don’t keep up with every feature of every alternative firmware (also, mistakenly called “ROMs”), but I do know that Cyanogenmod has Google Voice support integrated into the OS (they call it “Voice+”).  If you have an expensive texting plan, you can cancel it and use your free Google Voice # for texting.  The unrooted downside is you can only use Google Hangouts or the old Google Voice app to send or receive texts.  If you want to use another texting app, like Chomp, Textra, or any of the others, you’re S.O.L.  But with Cyanogenmod, you can connect Voice+ (a feature in the OS settings) to your Google Voice account and suddenly all texting apps can send and receive texts with Google Voice.
    4. XPosed with tons of modules for enhanced capabilities.
      1. XPosed is an app for rooted Android devices and it has many “modules” that you can download for great features like giving you the ability to disable any permission you want from any app.  So if a game wants your contacts, you can block it.  That’s just one of hundreds of things you can do with XPosed.
    5. FolderMount to move ANY app to SD (better than app2SD)… ALWAYS works!
      1. FolderMount is not a feature, a concept, or an OS Setting.  It’s simply an app available in the PlayStore that let’s you move an apps program folder and/or data folder to your larger SD storage (internal or external) and it tricks the app into thinking it’s still in the original location, so the app continues to work.  All other apps that move apps to SD cards fail with some apps because they don’t trick the apps into thinking they’re still in their original location.
      2. Moving your apps to SD frees up your internal storage for more apps so you don’t have to pick and choose which apps to uninstall when you want to install a new one because you’re just out of space.
    6. Become a wifi hotspot without paying your carrier DOUBLE for the same internet.
      1. Many phones have this feature disabled by the carriers because they don’t want you having this ability.  Other carriers provide their own version of this on your phone, but when you use it, it notifies the carrier that you’re doing it and the carrier charges you extra money.  It’s really none of their damned business.  You’re already paying for the internet access and the bandwidth.  With a rooted phone, you can turn your phone into a wifi hotspot and it won’t freaking send a pointless message back to the carrier to say, HEY!  This user is using what he’s already paid for!  Let’s double-charge him!
    7. Share internet via cable without paying your carrier DOUBLE for the same internet.
      1. Similar to making your phone a wifi hotspot, you can plug a cable between your phone and a laptop or PC and let it connect to the internet through your phone.
    8. Granular (per permission, per app) security for all apps.
      1. Every app you install has a FIXED set of permissions.  When you install the app, you’re presented with the list.  You can either accept ALL those permission or NONE of them (by not installing the app).  With a rooted phone, you can install an app, then go and turn OFF individual permissions you don’t want the app to have.  (This increases your security and privacy by light years!)
    9. Increased storage space due to removed bloatware.
      1. This one is self-explanatory.
    10. Backing up all apps.
      1. You can back up your installed apps and their data, then restore them later.  This is ridiculously useful.
    11. Keeping multiple versions of backed up apps.
      1. (Titanium Backup) so you can roll back to an older version when an update totally hoses needed functionality or adds in app advertisements.  So, so, so, sooooooooo useful!
    12. Block phone calls and texts from specific numbers (at the OS level).
      1. Got one too many calls from “Rachel, from ‘Card Services’?”  Add the incoming phone number to your block list.  This is NOT an app.  It’s a feature of the OS (depending on whether you install a firmware that has it).  The phone never rings or wakes up… it’s just totally blocked and ignored.
    13. NANDROID backups (entire, bit-for-bit copy of your entire setup).
      1. You can make an exact copy of your phone, as-is.  Then restore it later, EXACTLY is it is at the moment you make your backup.  This is good for many things, including making a backup before you start experimenting with changes.  Screw it up?  Just restore from your backup.

Can you think of any other benefits of rooting your Android device?  Share them with us in the comments below.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Encrypting Your Cloud Storage

image

This is the sixth entry in my “Encrypt All The Things!” series.

Let’s face it.  Cloud storage SUX!  Why?  Because all of the most popular cloud storage services do NOT provide end to end encryption.  Oh sure, you’re files travel over an https connection from your PC to their server, but your files are not encrypted with a public key from a private key that only YOU have access too.  Sure, the cloud storage providers may encrypt your files (with THEIR keys) AFTER they receive your upload and before they store them on their own drives.

BUT!

THEY have access to the contents of your files.  They can see the file names in clear text.  They have access to the entire contents.  THEY own the encryption keys on their end and you sent them your files without encrypting them first.  Therefore, you are NOT in control of your data.  If that cloud service gets hacked or if there’s a bad employee, or they get subpoena’d, other people can (and likely WILL) gain access to your personal data.  It’s simply NOT protected.

There’s only ONE option

When it comes to cloud storage, you have only one option for realistic security.  That is, your files MUST be encrypted ON YOUR END before they’re sent over the wire to the cloud storage provider and that encryption on your end MUST be done with your public key and your private key MUST be a key that ONLY YOU have access to.  It should exist ONLY on your own PC or phone.  PERIOD.  There are no if, ands, or buts about it.  This is called “zero knowledge” encryption.

Please see “Understand Encryption” on a discussion of public/private keys.  It’s kind of critical to your understanding of how to judge whether a cloud storage service is doing it right.

Zero Knowledge

Spideroak.com has this to say about zero knowledge encryption:

“Zero Knowledge means we know nothing about the encrypted data you store on our servers. This unique design means nothing leaves your computer until after it is encrypted and is never decrypted until it is unlocked with your password on your computer. It’s not just “end to end encryption;” it’s a Zero Knowledge System.”

Spideroak.com, by the way, is a cloud drive service provider.  Though, there are some critiques of the way they password protect your local key on your own PC, it is far more secure than Google Drive, Microsoft One Drive, Amazon cloud storage, DropBox, Box.Net, etc…

Another one with zero knowledge is Mega.co.nz.  This cloud storage provider was created by the infomous Kim DotCom who’s wanted by the United States government for hosting a similar service for copyright pirates.  So, some reasonable questions have arisen as to the true privacy of this site.  And recently Kim DotCom has come out and said he’s no longer affiliated with Mega and that you shouldn’t trust it, that it’s not safe (but can you trust HIM?)

Anyway, the point is, you need to either encrypt your own files BEFORE uploading them to a cloud service or use a cloud service that does it for you (ON YOUR END!).

Home Brew

Alternatively, you can do it yourself by manually encrypting your Individual Files then upload the encrypted files to any cloud storage provider you want.  It’s a bit of a hassle, but it will provide you actual protection.  You should note that if you upload your encrypted files, but keep the file names, a LOT can be known about what you’re storing.  Best to zip up the file first (storing the name in the zip file), giving the zip file an arcane name, like the date and time it was zipped, encrypt the zip file (not with the weak ass encrypting provided in the zip products, but with how I describe to encrypt Individual Files), THEN upload it.

Conclusion

    1. Save yourself some headaches and use only “zero knowledge” cloud services and thoroughly research what others have to say about their encryption.
    2. Hide your meta-data (file names, folder names, folder structures, etc…) if you’re going to home-brew it.

Do you have any experience with encrypted cloud storage?  Please share your experience in the comments.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Encrypt your web traffic

image

This is my fifth installment in my “Encrypt All The Things!” series.

Encrypt All The Things! [A Guide]

Today, we will encrypt all (or as much as possible) of your web traffic on Windows, Mac, Linux, & Android.

Your web traffic (what you request to view, what is sent to your browser to view, and what you post back in webforms when signing up for new accounts, uploading your photos, uploading your files… is all done in clear, unencrypted text unless the page you’re requesting or posting to begins with https://.   That “s” is the critical piece.  That means “secure”.  That means the web page was encrypted at the web server before being sent to your browser and anything you post (or fill in and submit) will be encrypted too.

But, Not So Fast!

There are several gotchas where that is NOT the case:

    1. You might be on an https site, but the site may have been coded poorly and the data you’re filling in might not be going back to an https page.  If so, then your data is being sent back in clear text over the open internet, and THAT’S more important than the page you’re viewing being encrypted (well, in many cases).  The page COULD be coded to post your data back to a non-secure page.
    2. Just because you’re on an https site, doesn’t mean that the site owners are trustworthy.  All it means is that the connection between the two of you is encrypted.  If you’re on a phishing website, it’s still the bad guys, even IF it’s encrypted.
    3. If you’re at work, it’s entirely possible that your employer has installed their OWN root certificates on YOUR work PC and your employer is acting as a man in the middle.  Even though you may be on an https website on a trusted website like https://google.com, your connection may be encrypted only between your PC and the equipment downstairs in the computer room in the very building you’re in.  Your employer can easily have access to ALL of your web traffic, record it, snoop it, and use it against you.  (We’ll spend some extra time on this one a little later in the article).
    4. If your PC already has malware on it, encrypted traffic is pretty much useless because they’ve already gotten behind all your protections and have access to everything you do BEFORE it gets encrypted and sent over the internet.  (Wipe your hard drive and start over.  Not kidding!)

So, What Do You Do?

    1. If the https site is coded poorly and is sending your data back, unencrypted, how do you know?  That’s a little complicated and unless you’re a web developer (and even IF you’re a web developer), it’s hard to tell sometimes.  In short, do this on a login page or a web page asking for your personal information:
      1. On your desktop browser, right-click the page and choose “View Source” or “View Page Source” or something similar to that.
      2. Look for something that starts with “<form “   Like this from EFF’s website, as an example:
        1. <form action=”https://supporters.eff.org/subscribe” method=”post” class=”newsletter-form” accept-charset=”UTF-8″>
      3. This is called a form and the “action” tells us WHERE our data goes when we submit it on that page.  Notice that it’s an “https” site?  That means it’s encrypted on our end before going back.  If it’s just “http” with no “s”, it’s being sent back in the clear, with ZERO encryption!
        1. What do you do?  Not much you can do about that.  But you CAN install the TOR browser.  It’ll encrypt EVERYTHING you do in the browser, and pass it through a peer to peer network, hopping through multiple other computers, before finally having the last computer actually send your data to the real website.  But, it’ll have to be unencrypted there before going across the internet to the site you wanted to post to.  You can’t force the website to receive your data encrypted.  You can only encrypt it on your end, pass it along a few PCs before it must be decrypted and sent in the clear.  That’ll at least block your ISP form seeing it or anyone snooping on your local network.  But it won’t stop a snoop on the OTHER end of the connection.
    2. How do you know if your employer is snooping on what you THOUGHT was an encrypted connection?
      1. In Chrome:  Go to any https site, like https://google.com, click on the green padlock, click “connection”, click “certificate information”, click the “Certification Path” tab.
        1. image
      2. It should not have your company’s name in there.  If it DOES, guess what?  You’re employer is decrypting and snooping on your traffic.  They’re playing as what’s called a “Man In The Middle”.  This only works because they have control of your PC and have installed their OWN root certificate telling your browser to trust THEIR security certificates as valid owners of Google.com.  NOT COOL!
        1. What do you do about THAT?  Stop using your work computer for anything that’s personal.  That’s the only way out.  I take my own laptop to work, plug in my Android phone to it and share my T-Mobile data connection with my laptop.  I do my web browsing from my laptop and the rest of my work from my work PC.
      3. If your PC has malware on it… You might not even know it.  But if you DO know it, for heaven’s sake!  STOP USING IT… like RIGHT NOW!  Reformat your drive, re-install your OS and your software.  That’s the only realistic way to get rid of it all, and stop downloading those stupid toolbars!  Seriously!  Also, don’t download software from sources you’re not 100% certain are widely accepted as trustworthy!

Maximize Your Encryption While Browsing

  • You can’t force websites that aren’t using encryption to start using it, so avoid websites that don’t offer https .
  • If you’re on a website that’s NOT https., then click in your browser’s address bar and TYPE that s right after the “p” in “https” and click “GO”. Many websites DO offer an encrypted version of their website, but you must manually enter it.
  • Better yet, install Https Everywhere.  It’s a browser plugin available for the most popular browsers.  It will do the above step for you by using the https version of any site you go to (if that site has one available).  This will NOT force all your web traffic to be encrypted, but it sure will avoid the non encrypted versions of sites you visit, if at all possible.  NOTE!  You can still get to unencrypted sites and your traffic won’t be encrypted on those sites.

Stop your ISP, Employer, Family, Neighbors, and Hackers from snooping on your web traffic

I mentioned the TOR browser above.  This is a modified version of the FireFox browser, specially made to route your web browsing traffic through its own sub-network… kind of an underground network of participating servers and PCs around the world.  Normally, when you go to say www.google.com, you’re making a direct connection from your PC to google.com.  With Tor, you’re going to a random server around the world on the Tor network, which then forwards you to another random server somewhere else around the world, to yet another one somewhere else around the world, which finally then sends your request to google.com, but from that 3rd machine.  In other words, as far as Google is concerned, a connection was made from that other machine to them, which might be in Russia, China, America, Germany, or anywhere else in the world.  You’ll frequently see ads in other languages because of this.

This protects you from your ISP, your employer (if you can get away with installing TOR on your work PC… but just assume that even if you can, that your employer can still see your traffic because they have complete control of your work PC), your nosy family members, nosy neighbors, nosy patrons at the coffee shop, or anyone else near by that may be snooping on your traffic.

The end result is it’s damned near impossible to tie YOU to whatever you’re doing on the destination website.  It also encrypts ALL your web traffic to and from any website… BUT ONLY ENCRYPTED UP TO THAT LAST PC!  If you’re visiting an unencrypted website, YOUR TRAFFIC WILL BE UNENCRYPTED from that last PC in the Tor network to the final website, and back again.  You MUST understand this.

This should be obvious, but my experience in IT is that nothing ever is, to everyone.  So!  I’ll state this clearly:  The TOR browser does NOT encrypt your web browsing if you’re using Chrome, or FireFox, or Opera, or Internet Explorer, or Edge.  It’s only going to work on web pages you visit WITH the Tor browser.

What About Android?

You have two good solutions on Android.  One’s good.  The others even better.  Both options are the Orbot app.  But the differences are if you’re Android device is rooted or not.  A rooted Android device gets significantly better security options.

First, go download the Orbot app here from the web, or here from the Play Store.

Orbot, if you’re device is rooted, can rout ALL your internet traffic through the Tor network.  You can also configure Tor to only send traffic from specific apps through the tor network.

When your traffic goes through the tor network, anyone locally snooping on your web traffic has no way of knowing what websites you’re communicating with.  Remember, if the site you’re communicating with is NOT an https site, there will be an unencrypted connection somewhere in the world to your final site.  Don’t trick yourself into thinking it’s fully encrypted all the way through.  It only is for sites that are https.  Tor will protect you from local snoopers.  It won’t protect you from snoopers hacking into the data to the final, unencrypted website.  Got it?  Good!

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Creating an encrypted, virtual disk

image

This is the fourth post in my “Encrypt All The Things!” series.

Encrypt All The Things! [A Guide]

The prior article was on encrypting a single file.

Encrypt Individual Files (Desktop)

In an effort to increase my privacy and my family’s safety, I’m going through and encrypting everything that’s possible and writing a series of articles on end-to-end encrypting for everything from phone calls to hard drives.

  • Click here to follow me on Google+.
  • Click here to follow me on Minds.com

    What you’ll need

      • Encryption software (described below, with links – It’s FREE)
      • A Windows, Mac, or Linux PC.

    Software

    TrueCrypt was one of the most popular disk encrypting programs for a long time, until about a year ago when the author unexpectedly pulled the plug and put some strange text on his website that the program was unsecure and people need to go find something else.  The whole tech industry was scratching their heads because it had just gone through a very public security audit and determined to be very secure.  What happened was the author(s) just got tired of supporting it and called it quits.  Fortunately, it was open source and other groups have taken over, forked the code, and have been improving on it.  VeraCrypt is a popular fork of it that I recommend.  You can download it here.  It’s available for Windows, Mac, & Linux.  And it’s fully open source and free and supported by its new authors.

    Download and install VeraCrypt.

    Virtual Disks

    We’ll be making a virtual disk that’s encrypted.  A virtual disk is simply a large file.  VeraCrypt can do its magic and make Windows/Mac/Linux think it’s a disk, so you can read and write files in it, just like on any other hard drive.  In Windows, the virtual disk will have its own drive letter (but only when you “mount” it… when you’re done with it, you “dismount” it and it stops looking like a disk to the OS).

    image

    • Click the “Create Volume” button to begin.

    image

    • Make sure “Create an encrypted file container” is selected, then click “Next”.
    • Select “Standard VeraCrypt volume” and click next.  I’ll let you discover the other features of this product outside the scope of this tutorial.
    • For “Volume Location”, click the “Select File…” button and choose a place on one of your accessible hard drives or network drives.  You’ll need to provide a file name.  I recommend giving it an ambiguous name like “Graphics-System.dll”.  This obscures the meaning of the file from intruders.
    • image
    • Then click “Save”.  Also, make sure “Never save history” is checked.  This prevents intruders from running this app on your machine and seeing where you created your last encrypted virtual disk.

    image

    • Click “Next” and if you named it with a file extension of “.dll”, then you’ll get a warning.  It’s OK.  We’re doing this on purpose.
    • Now, choose your encryption method.  All of them are good.  Better is using 2 or more of them simultaneously.

    image

      • Remember, the tougher the encryption, the slower the encrypting and decrypting.  I recommend clicking the “Benchmark” button and choosing the one that gives you the fastest speeds, unless you have state secrets or secrets that can cause significant harm to you or others, then take one of the options that give you all three.  Notice that you might notice one of them is significantly faster than the others.  If so, then your CPU chip probably has encryption hardware built in.  VeraCrypt will use that if you choose it.  As you can see, AES is drastically faster than the others on my own machine.  That’s because my Intel CPU has AES encryption hardware.  I’m going to choose “AES”

    image

    • For the hash Alorithm,  Sha-512 is better than Sha-256.  Whirlpool and Sha-256 are similar, but Sha-256 was created by the NSA and Whirlpool wasn’t.  Use that information however you like!  I’m choosing Whirlpool.
    • Next, choose the size of your encrypted virtual disk.  This is up to you.  How much space do you need for your encrypted data?  Whatever that number is, it HAS to be less than the available space on whatever drive your storing the virtual disk file on.
    • Next, choose your password.  This is a pass phrase you’ll need to enter every time you mount the encrypted volume.  Obviously, use something strong, long, and easy to remember, but difficult for others to figure out.  I recommend typing in a full sentence, with punctuation.  CASE MATTERS!  Don’t use famous quotes.  Think of something that is unique to you like, “I hate it when people cut in front of me in line at the movies!@#$”  Be creative!

    image

    • After entering and re-entering your pass phrase, click next.  That takes you to the “Volume Format” window where you need to rapidly move your mouse back and forth, up and down, in circles, and everything else in that window to help your computer create a random number to seed the encryption.  The more randomness from you it gets, the better.  Computers are terrible and making random numbers by themselves.  So spend a full minute or two just moving your mouse every which way across that window.  Then click “Format”.

    image

    image

    Congratulations!  You have now created your first encrypted virtual disk.  But, in order to USE it, there’s just a little more to do (and this is what you’ll need to do every time you want to mount your encrypted, virtual disk).

    Mounting your virtual disk

    image

    Back to the main window of VeraCrypt, pick a drive letter from the list provided (Mac & Linux will be slightly different), then click “Select File” and find your encrypted virtual disk file (You DID pay attention to where your created it, right?)

    image

    And click the “Mount” button.   Then enter the pass phrase you created at the beginning.  Without this passphrase, it will be impossible to access the encrypted data on your virtual disk (even if there’s nothing in it yet, you can’t even mount it without the passphrase).

    image

    image

    If you used a system file extension like “.dll” on your encrypted volume, you’ll get another warning when you try to mount it.  Just click OK.  It’s OK, we meant to do this.  We’re trying to fool the bad guys, right?

    You’re Done!

    image

    Your encrypted volume is now mounted and ready to use, like any other disk.  “But, can I…”  YES!  It’s just a volume like any other volume.  You can read and write to it exactly like anything else.  You an stream video files to and from it just like any hard disk.

    Notice I have mine mounted with the “M” drive letter assigned to it.  You can exit VeraCrypt and your encrypted virtual volume will stay mounted.  When you’re done with this, start VeraCrypt back up, select the volume, and click “Dismount”.

    As long as it’s mounted, anyone that has physical access to your machine can access its contents, so be sure to dismount as SOON as you’re done with it.  Also, anyone with NETWORK ACCESS to your machine could have access to the contents of your encrypted volume.  It’s ONLY protected when it’s NOT MOUNTED!  When you’re using it, it’s accessible to other software on your computer!!!

    Notice my M: drive in my drives list?

    image

    That’s the encrypted volume I just created and mounted.  Yes, it’s a really small disk.  Don’t tell anyone, OK? Smile  I do have bigger ones!  No!  Really!  I do!  Wait!  Where are you going?

    Thank you for sharing this article.  See this image?

    image

    You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Encrypt Individual Files (Desktop)

image

This is the 3rd article in a series of articles about encrypting your entire digital life

Encrypt All The Things! [A Guide]

…from end to end.  Click here for the lead article.  This article is about encrypting individual files on your desktop computer.  I’ll be giving specific instructions for Windows, but Mac & Linux steps are similar.

Short (VERY short version)

    1. Install encryption software.
    2. Create your encryption keys.
    3. Encrypt a file.
    4. Decrypt a file.

The rest of this shows you the details of those steps.

Review or brush up

Before you go any further, it’s really important that you are familiar with the basics of modern day encryption.  Please review this article on understanding encryption:

Understanding Encryption

 

I will be using terminology that won’t make sense to you if you have not read the “Understand Encryption” article or are not already fairly familiar with encryption and how it’s implemented in modern technology.

Let’s begin

    1. Download and install Gpg4win from http://www.gpg4win.org/
    2. Once installed, you’ll need to import your friends’ public keys (if you plan on sending them anything encrypted) and create your own (if you don’t already have any).
      1. Open Kleopatra (it’s installed with Gpg4win).  It’s a key management application.
      2. Click the “Lookup Certificates on server” button and enter your friends’ names and/or e-mail addresses to see if they have public keys.  If they’re not published, you can easily ask them directly.  Most likely, most of your friends do not yet.  I’d encourage you to get them started on this.
      3. Now, create or import YOUR key pair.  Close Kleopatra and open GPA.  Yes, it’s almost a clone of Kleopatra.  No, I don’t know why there are two of these tools.  But Gpa will let you create key pairs.
      4. Open the “Keys” menu and choose “New Key”.
      5. Enter your name (you can’t change this, so choose wisely), then “Next”, then your e-mail address.
      6. Yes, you want a backup copy.
      7. Enter your passphrase… DO NOT EVER FORGE IT!  DON’T BE STUPID – MAKE IT COMPLEX!  I recommend saving it in LastPass.com (get set up with LastPass.com if you’re not already.  It’s TOTALLY worth it (free)).
      8. Right-click your new key and choose “Export Certificate to Server” which will export your public key to a public key server for others to find so they can send you encrypted data.
    3. Now that your contacts’ keys are imported and you’ve created your own key, let’s encrypt a file.
      1. Open Windows Explorer (I said _Windows_ Explorer, NOT _Internet_ explorer!) and find some file that you’d like to encrypt.
      2. Right-click the file and choose “Sign & Encrypt” (You don’t have to do both signing AND encrypting.  You can do just one, if you like).
      3. In the dialog box, make sure “Encrypt” is selected.  If you’d like to compress it before you encrypt it, be sure to check “Archive files with”.  Because you can’t compress it AFTER you encrypt it!
      4. Click “Next” then pick your recipient (who you want to be able to decrypt the file).  If it’s just you, then choose your own key.

To decrypt the file, just right-click it and choose decrypt.  It will know which key was used and will prompt you for the passphrase.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Encrypt All The Things! [A Guide]

So, Microsoft Windows 10 sends your private data to Microsoft (E-Mail and private files in private folders (read the EULA if you don’t believe me), your employer is snooping on your web traffic at work, local hackers are packet sniffing your web traffic at the coffee shop, your neighbors are hacking your home wi-fi, cloud providers have access to your files, thiefs have access to everything on your laptop or phone when you lose them in public, and don’t even get me started on the NSA and all the things THEY have access to (hint:  It’s everything, including your phone calls), not to mention your ISPs and rogue, tin-pot tyrannical dictatorship governments around the world.

You want your data to stay out of their hands and eyes?  Then you’d better put on your foil hat, pull up a chair, and pay attention to this how-to on encrypting all your data and all your communications (including phone calls!) and some best practices thrown in for good measure.

From a high level, here are the things we’ll be encrypting.  I’ll break them up into separate articles, because it would be quite a lot to take in all at once.  I’ll be writing these articles over the next couple of weeks, so check back here to see this topic list change from black text to hot links to the published articles.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Stick it to the NSA: Encrypt Your desktop E-Mail

image

This is one of many articles in a series I’m writing to cover end-to-end encryption for everything you do in your digital life.  I’ll cover encrypting your webmail and mobile e-mail in other articles.

For a primer on encryption, please read my article “Understanding Encryption” as it teaches VERY IMPORTANT concepts that you need to know before moving forward here.

Did you know that ALL E-Mail goes across the open internet in plain, raw, NON encrypted text?  Well, all except e-mail that you explicitly encrypt, which this article will show you how.

Encrypting your E-Mail requires the following steps that we’ll cover individually to simplify the process:

  • Install the proper plugin for your E-Mail app.
  • Create your public/private key pair.
    • Store your private key in a VERY secure place.
    • Publish your public key for others to use.
    • Import your keys into your E-Mail plug in.
    • Import your friends public keys into your E-Mail plugin.

Since I obviously don’t have the resources to provide thorough instructions for every e-mail app out there and for every plugin available, I’ll cover 1 popular e-mail app and 1 popular plugin.  The e-mail app we’ll be using for this tutorial is Mozilla’s Thunderbird, available on Windows, Mac, & Linux.  You can download it here.  It’s free and open source.

Since you’re reading this article, I’m going to assume you’re already using an e-mail program on your PC, or you wouldn’t be here, so I’ll skip the tutorial on how to install and configure an e-mail app.  You should already have that up and going before continuing here.

First, you’ll need a plug in for your e-mail app that can handle encrypting and decrypting e-mail.  I recommend Enigmail for Thunderbird.  Click here to get it.  It’s also free and open source.

Once installed (I assume you don’t need a tutorial to install the plugin), open the new “OpenPGP” menu in Thunderbird and select “Key Management”.

image

It’ll look like this:

image

If you already have a public/private key pair, add them here.  You should have them in an .asc file.

If you do NOT already have a public/private key pair, inside the OpenPGP Key Management window, open the “Generate” menu and choose “New Key Pair”.

image

If you have more than one E-Mail address configured in Thunderbird, you’ll want to generate a new key pair for each e-mail address.  Choose your e-mail address from the drop down list at the top of this window.

Choose a passphrase and don’t forget it.  Also, for the love of all that is digital, DO NOT MAKE IT SIMPLE!!!!  If you’re going through the effort of generating public/private key pairs to make it difficult for eavesdroppers to see your communications, don’t drop the ball now and use a short or easy password.  I recommend using LastPass.com to generate long, complex passwords and to store them for you (fully encrypted, of course).

Choose an expiration date too.

Why choose an expiration date?

First, let’s explain what that is.  After that date, all software to all other users will inform them that this is invalid.

Why you want this:  If you forget your passphrase and your key becomes compromised, you’ll NEVER be able to revoke your key.  Put an expiration date on it so that it will eventually die on its own.

I recommend 1 to 2 years.  You can and should generate new keys when they expire and publish the new public key.

Once it’s all filled in the way you like it, click “Generate Key”.

Allow the software to generate a revocation certificate.

Now, backup and protect your private key.  Store it in a safe place.  I recommend storing it as a secure note in LastPass.com as well as inside of an encrypted virtual disk (I’ll explain this in a later article).

Publish your public key

Now, your public key is no good if no one has it.  Remember, in order for anyone to send you an encrypted message, they MUST encrypt it with your PUBLIC key.

Right-click your key(s) and choose “Upload public keys to key server”.  This makes your key available in search results on public key servers by anyone that knows your name or e-mail address.

If you ever accidentally expose your private key, you can revoke your key pair from this app by right-clicking your key and choosing to revoke it.  Be sure to upload the change to the key servers so others know your key is revoked and they stop sending you important information encrypted with your old, public key.

You’re now ready to begin using encrypted E-Mail.  BTW, click the “Display All Keys by Default” check box to see your key(s) listed there.

I recommend setting this up for all the members of your household on each of their PCs.  Set each member up with their own private/public key pair and show them how to properly manage them or point them to this article and let them do it.  Let THEM come up with the key phrases and ENSURE they don’t forget them!  Then, you can start E-Mailing your family members securely.

Get public keys of your contacts

You can’t send encrypted mail to anyone until you have their public key.  So, in the Key Manager app, open the key server menu and choose “Search for keys”.  You can type partial or whole e-mail address or user names.  It will search public key servers for any matches.  There are 3 or 4 key servers provided in the key manager.  If you don’t find your contact in one, try another.  Of course, call your contact and make sure they even HAVE a public key.  They can also e-mail it to you.  Note:  While testing the search while writing this article, none of the key servers found any address that I knew was there.  Note that you can copy the URL from the search window and paste it into your address bar in your web browser and really search directly on those key server sites to find your contact’s keys.

image

Once found, add them to your key list (called a “key chain”).  That makes them available to you when you send encrypted E-Mail.  Speaking of which, let’s send some encrypted E-Mail now.

Send your first encrypted E-Mail

Close your key manager.  Start a new e-mail message in Thunderbird.  Address it to someone for whom you have a public key.  Click the “OpenPGP” button.  The first time you send an e-mail message, encrypted, from your e-mail address, Enigmail will prompt you if you want to enable OpenPGP for this identity.  Be sure to check that box.  I recommend checking the “Encrypt messages by default” check box too.

image

Click OK, then the dialog box pops up that you’ll likely see before sending each messages:

image

Click “OK” and your message will be encrypted and sent.

Side Note:  “Signing” a message is important if you want to prove to the recipient that it’s from you.  This is explained in my “Understand Encryption” article, which you should be familiar with.

Note that Enigmail will encrypt the message with the public key associated with the RECIPIENT’S E-Mail address, not YOURS.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Understanding Encryption

Encryptoin

The topic of encrypting is wide and deep, so I’ll narrow this discussion to the basics of what you need to understand about E-Mail encryption and I’ll be as concise as possible.  This also begins a series of articles on encryption I’ll be writing over the next week or two explaining everything you need for end-to-end encryption for everything in your digital life from files on your mobile device to phone calls to everything on your PC.  All software in my series will be free and open source.

Encryption and Decryption

When you send an encrypted message to someone else, you must have that person’s public key.  This is an encryption key that they publish on public key servers for anyone and everyone to have access to.  These public keys can only encrypt messages.  They cannot decrypt messages.  If you encrypt a message with a friend’s public key, there is NO WAY you can decrypt it, not even with the public key you just used to encrypt it.

Why?  Because the public key was created with a complex mathematical formula that actually created TWO keys that work together.    Anything encrypted with ONE key can ONLY be decrypted with its pair key.  When you use your friend’s public key to encrypt a message before sending it to them, ONLY your friend can decrypt that message and they must do it with their private key.

Conversely, when someone sends YOU an encrypted message, they MUST encrypt it with YOUR public key.  ALL encrypted messages YOU receive MUST have been encrypted with YOUR public key.

YOU create a public/private key pair with a key generator.  There are many apps that can generate key pairs.  OpenPGP is a popular standard for keys.  That simply means that software designed to encrypt or decrypt has been written for standardized encrypting algorithms.  OpenPGP is a very popular algorithm.

When your friend sends you an encrypted message, encrypted with YOUR public key, only YOU can decrypt that message and ONLY with your private key that was created along with your public key.

Your public key is meant to be shared.  That’s how people encrypt messages intended for you.  Your private key is exactly that:  Private.  You MUST protect is and never, EVER give anyone access to it.  This means do NOT store it on a cloud drive.  Do NOT EVER e-mail it to anyone, not even yourself, because as soon as you hit “send”, it’s now passing through the internet, unencrypted.  If you ever make the mistake of e-mailing your private key or storing it on a cloud drive, you should consider that key compromised.  You’ll have to revoke the key and create a new pair.  It’s now well known that the NSA intercepts all e-mail traffic.  If you EVER e-mail your private key, there’s a nearly 100% chance that the government now has your private key and has the ability to decrypt any and all content encrypted for you with your public key.

Digitally Signing content.

A neat side effect of having public/private key pairs is that you can reverse how you use them.  For example, instead of encrypting a message with people’s public keys, you could encrypt a message with your PRIVATE key.  Under normal circumstances, you’d NEVER do this because 100% of the population has access to your PUBLIC key and ANYTHING encrypted with your PRIVATE key can be decrypted with your PUBLIC key.

So, why would you do this?

Simple, if you want to PROVE that a document was actually created or sent by YOU.  Encrypting data with your PRIVATE key (instead of your public key) is called “Digitally signing” the content.  Even though, mathematically, it’s the same thing as encrypting, in practice, that encryption is useless for secrets because the decryption key (your public key) is well known.  But, just like data encrypted with your public key can only be decrypted with your private key, data encrypted with your private key can ONLY be decrypted with your public key.

So, if you ever want to prove you’re the sender of an e-mail message, you will digitally sign it before sending it (or encrypt it with your private key).  The receiver can get your public key from any number of public key rings and decrypt your message, proving that it had to have been encrypted (or “signed”) with ONLY your private key.

Let me reinforce that “encrypting” with your private key is NOT considered “encrypting” since anyone can decrypt it.  It’s considered “digitally signing”.

Got it?  Good!  Now, go encrypt all the things!

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Next, be sure to read the next article in this encryption series:

Windows 10 – Changing the Default Browser

If you upgrade to Windows 10 from a prior version, it changes your default browser setting to Microsoft’s new browser called “Edge”.  It’s really simple to change it back.

  1. Click the search icon in the lower left corner of your screen.
  2. Type default browser
  3. At the top of the search results, “choose a default web browser” will be highlighted.  Just click it.
  4. On the settings window that comes up, scroll to where you see “Web Browser”, then click the browser name shown in the drop down list under it.  It’ll show you a list of browsers on your machine.  Just choose your favorite and you’re done.

The Mozilla CEO wrote a nastly, open letter complaining that Microsoft changed the default selection (which they did), but he also claimed that it’s very difficult to change it back.  Clearly, he’s wrong about that part.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Windows 10 Virtual Desktops

Windows 10 has a nice new feature called “Virtual Desktops”.  I should say that it’s only new to Windows because Mac & Linux users have had this feature for a long time.  Now it’s a fully supported feature in Windows as well.

What is a virtual desktop?

It’s kind of like having 2 monitors, but only being able to see one of them at a time.

 

How to activate the feature:

First, click the “Task View” button next to your search button on the task bar on the lower left of your screen.

image

You’ll be shown all the current virtual desktops you have.  If this is your first time, you’ll only see your current desktop shrunk down to the middle of the screen.  Now, on the lower right corner, click “New desktop”.  It has a large “+” above it.

image

That created your new, virtual desktop.  Now you have 2 thumbnails in the lower, middle of your screen.  Each thumbnail represents one of your virtual desktops.  Just click the one you want to enlarge to full screen.

image

Click the “Task View” button again to switch back to any virtual desktop you have.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Share