Posted on

This is what the Decentralized Web 3.0 will look like

The Decentralized Web 3.0 will bring you the following benefits:

  • The end of ISPs and governments spying on your online activities.
  • The end of big tech collecting all your private data.
  • The end of email providers being able to see your personal email.
  • Encryption of EVERYTHING.
  • The end of social media censoring you.
  • The end of demonetization.
  • The end of spam.
  • The beginning of making money by receiving marketing email (if you choose to).
  • The end of censored banking.
  • The end of domain name confiscation.
  • The end of web hosters shutting you down.
  • The end of registrars shutting you out.
  • The end of app stores removing your apps.
  • The beginning you YOU being in FULL CONTROL of your personal data.

Here’s how, but first a short history…

Internet 1.0

introduced the world to the idea of everyone being a publisher.  Unfortunately, there was no security designed into the architecture and it was mostly static and difficult to have interaction.

Internet 2.0

was a more structured way of creating websites, with more user friendly user interfaces and lots of interactive content, in addition to improved security models.

But something went wrong.

Something went HORRIBLY wrong!  As individuals started becoming effective communicators across geographical and political boundaries, they started being silenced for multiple reasons… sometimes by anti-competitive companies with deep pockets, but usually political reasons by tyrannical regimes in back-assword countries, then in first world countries, by corporations (Twitter, Facebook, Google, Amazon, Instagram, etc…) and so-called “educational” institutions, and in some cases, even first world governments, themselves.

Anti free speech campaigns began successfully shutting out an entire class of voices via social media outrage mobs demanding voices they didn’t like be silenced and for some reason, the big social media companies complied and shut them down by shadow banning, removing them from search, suspending their accounts, or deleting their accounts altogether, frequently with no warning and no explanation.

Then they went after their income.

YouTube began demonetizing video creators.  PayPal began killing users’ PayPal accounts.  It even spread out to the real world.  Credit card companies began shutting down people’s accounts and even BANKS started deleting their OWN CUSTOMERS!  All for political ideological reasons!

They rewound the freedom clock back to the early 90s, and in some cases, back 100 years or more.

Enter Decentralization…

Decentralized services were already being created before “the purge” started, but decentralization started to accelerate because of this.  The FIRST popular decentralized service to hit the scene was #BitCoin, which is a fully decentralized, global currency.  What makes it so powerful is that there’s no central point of failure, and more importantly… no central point of attack.  It’s a BRILLIANT system that prevents double-spending, prevents counterfeiting, and gives control of assets back to the people.  Governments CANNOT control it!  It first rolled out in 2008 and has grown exponentially since then.  It’s been so successful, than many millionaires have been made because of it and thousands of other cryptocurrencies have been created.

The technology behind it can be used for so much more than JUST money.  In fact, all the strangle-points (or censor-points) of the current (or “legacy”) internet can be censorship resistant using the same or similar decentralized technology that BitCoin uses:

  1. DNS
  2. File Storage
  3. EMail

DNS

is the Domain Name System that allows you to type in human readable names into your browser like https://BitCoin.org or other sites you’re familiar with.  The reason this works is because your browser takes the name you enter into your browser’s address bar and looks it up in a publicly distributed database to find the actual IP address of the computer you’re really wanting to connect to.  Even though the database is decentralized, there’s a centralized authority that authorizes the names AND they are beholden to governments, so when a government demands control of your domain name, then you lose your domain name and all your visitors and paying customers, and there’s nothing you can do about it.  Domain name registrars can also take your domain names away, and this has been happening due to political reasons.

There are now several decentralized DNS replacements.  One of which is https://NameCoin.org  This is an open source project designed to have NO central authority.  It’s controlled by a blockchain (the technology that drives BitCoin).  In fact, it’s copied directly from Bitcoin, using BitCoin’s source code.  When you register a domain name on THIS system, you do it with a cryptocurrency called NameCoin.  Once registered, you own the domain name like you own your cryptocurrency.  It CANNOT be taken from you.  For now, there’s a problem in that current (legacy) browsers are unaware of this technology and so those names can’t be used with regular browsers unless you install plugins for them.

File Storage

Another weak point for censorship on the legacy 2.0 web is web hosting.  The way it works is you rent space and CPU capacity on someone else’s servers to host your websites.  If the hoster doesn’t like your politics, you’re GONE!  This has been happening at an accelerating pace.

The solution is decentralized file storage.  One of the most popular at the moment is https://IPFS.io which is a fully decentralized file distribtution system.  IPFS stands for InterPlanetary File System.  The genius behind this is that you don’t request content via a URL with a domain name and a path and file name.  Instead, you request it from the decentralized IPFS network via the HASH of the file you want.  (A “hash” is a mathematically generated number based on the CONTENTS of a file.  IPFS hashes are unique for every file).  If you’re a web publisher, you publish your files to the IPFS network.  Users can request your files (like website HTML pages) via the unique HASH of your file.  The IPFS network goes into action, looking for any node that has that file, and if found ANYWHERE on the network, delivers it to the user.  As a file is requested more often, it starts to spread across the globe, becoming more and more decentralized and faster to load.

Decentralized DNS systems, like NameCoin can be configured to return an IPFS file.

EMail

Your EMail will radically change too.  From your usage point of view, it will still look and feel similar to what you’re using now, but it’ll have the following, drastically different and improved features:

  1. Censorship-resistant, meaning no one can shut down your e-mail account.
  2. Decentralized.  There will be no central server that you connect to.
  3. Encrypted.  By default, ALL of your email will be heavily encrypted, without any effort on your part.
  4. Spam-Free:  NO ONE will be able to send you email unless you authorize them to.  You’ll also be able to set prices that spammers must PAY YOU in order to send you spam, should you elect to even receive spam.  The global system will prevent any email going to you unless you’ve authorized it AND that it includes the proper amount of cryptocurrency you’ve specified.

Conclusion:

In conclusion, the dark forces trying to silence you or block you from seeing speech that THEY do not approve of are coming to an end.  No websites will be blocked by other people deciding what you can see.  Your sites will not be blocked.  Your web hosting cannot be blocked.  Your social media will not be blocked.  Your videos will not be blocked.  Your content will not be demonetized.  Your banking will not be stopped.  Your web browsing cannot be spied upon.  Your email cannot be read by third parties.  Spam will be a thing of the past.  Censorship will be much more difficult for the censors.  And everything will be encrypted all of the time.  AND you’ll even MAKE MONEY by receiving marketing email and ONLY if you choose to do so.

All of your data will be 100% in YOUR control.

Your data will be stored, fully encrypted on your end, across multiple, replicated hosts (or locally only on your hardware), readable ONLY by YOU!

Decentralized Resources in the making (or already made):

The list keeps growing and is far far bigger than this list.  Check out all the decentralized apps on https://Blockstack.org as plenty of examples.

Posted on

Stick it to the NSA: Encrypt Your desktop E-Mail

image

This is one of many articles in a series I’m writing to cover end-to-end encryption for everything you do in your digital life.  I’ll cover encrypting your webmail and mobile e-mail in other articles.

For a primer on encryption, please read my article “Understanding Encryption” as it teaches VERY IMPORTANT concepts that you need to know before moving forward here.

Did you know that ALL E-Mail goes across the open internet in plain, raw, NON encrypted text?  Well, all except e-mail that you explicitly encrypt, which this article will show you how.

Encrypting your E-Mail requires the following steps that we’ll cover individually to simplify the process:

  • Install the proper plugin for your E-Mail app.
  • Create your public/private key pair.
    • Store your private key in a VERY secure place.
    • Publish your public key for others to use.
    • Import your keys into your E-Mail plug in.
    • Import your friends public keys into your E-Mail plugin.

Since I obviously don’t have the resources to provide thorough instructions for every e-mail app out there and for every plugin available, I’ll cover 1 popular e-mail app and 1 popular plugin.  The e-mail app we’ll be using for this tutorial is Mozilla’s Thunderbird, available on Windows, Mac, & Linux.  You can download it here.  It’s free and open source.

Since you’re reading this article, I’m going to assume you’re already using an e-mail program on your PC, or you wouldn’t be here, so I’ll skip the tutorial on how to install and configure an e-mail app.  You should already have that up and going before continuing here.

First, you’ll need a plug in for your e-mail app that can handle encrypting and decrypting e-mail.  I recommend Enigmail for Thunderbird.  Click here to get it.  It’s also free and open source.

Once installed (I assume you don’t need a tutorial to install the plugin), open the new “OpenPGP” menu in Thunderbird and select “Key Management”.

image

It’ll look like this:

image

If you already have a public/private key pair, add them here.  You should have them in an .asc file.

If you do NOT already have a public/private key pair, inside the OpenPGP Key Management window, open the “Generate” menu and choose “New Key Pair”.

image

If you have more than one E-Mail address configured in Thunderbird, you’ll want to generate a new key pair for each e-mail address.  Choose your e-mail address from the drop down list at the top of this window.

Choose a passphrase and don’t forget it.  Also, for the love of all that is digital, DO NOT MAKE IT SIMPLE!!!!  If you’re going through the effort of generating public/private key pairs to make it difficult for eavesdroppers to see your communications, don’t drop the ball now and use a short or easy password.  I recommend using LastPass.com to generate long, complex passwords and to store them for you (fully encrypted, of course).

Choose an expiration date too.

Why choose an expiration date?

First, let’s explain what that is.  After that date, all software to all other users will inform them that this is invalid.

Why you want this:  If you forget your passphrase and your key becomes compromised, you’ll NEVER be able to revoke your key.  Put an expiration date on it so that it will eventually die on its own.

I recommend 1 to 2 years.  You can and should generate new keys when they expire and publish the new public key.

Once it’s all filled in the way you like it, click “Generate Key”.

Allow the software to generate a revocation certificate.

Now, backup and protect your private key.  Store it in a safe place.  I recommend storing it as a secure note in LastPass.com as well as inside of an encrypted virtual disk (I’ll explain this in a later article).

Publish your public key

Now, your public key is no good if no one has it.  Remember, in order for anyone to send you an encrypted message, they MUST encrypt it with your PUBLIC key.

Right-click your key(s) and choose “Upload public keys to key server”.  This makes your key available in search results on public key servers by anyone that knows your name or e-mail address.

If you ever accidentally expose your private key, you can revoke your key pair from this app by right-clicking your key and choosing to revoke it.  Be sure to upload the change to the key servers so others know your key is revoked and they stop sending you important information encrypted with your old, public key.

You’re now ready to begin using encrypted E-Mail.  BTW, click the “Display All Keys by Default” check box to see your key(s) listed there.

I recommend setting this up for all the members of your household on each of their PCs.  Set each member up with their own private/public key pair and show them how to properly manage them or point them to this article and let them do it.  Let THEM come up with the key phrases and ENSURE they don’t forget them!  Then, you can start E-Mailing your family members securely.

Get public keys of your contacts

You can’t send encrypted mail to anyone until you have their public key.  So, in the Key Manager app, open the key server menu and choose “Search for keys”.  You can type partial or whole e-mail address or user names.  It will search public key servers for any matches.  There are 3 or 4 key servers provided in the key manager.  If you don’t find your contact in one, try another.  Of course, call your contact and make sure they even HAVE a public key.  They can also e-mail it to you.  Note:  While testing the search while writing this article, none of the key servers found any address that I knew was there.  Note that you can copy the URL from the search window and paste it into your address bar in your web browser and really search directly on those key server sites to find your contact’s keys.

image

Once found, add them to your key list (called a “key chain”).  That makes them available to you when you send encrypted E-Mail.  Speaking of which, let’s send some encrypted E-Mail now.

Send your first encrypted E-Mail

Close your key manager.  Start a new e-mail message in Thunderbird.  Address it to someone for whom you have a public key.  Click the “OpenPGP” button.  The first time you send an e-mail message, encrypted, from your e-mail address, Enigmail will prompt you if you want to enable OpenPGP for this identity.  Be sure to check that box.  I recommend checking the “Encrypt messages by default” check box too.

image

Click OK, then the dialog box pops up that you’ll likely see before sending each messages:

image

Click “OK” and your message will be encrypted and sent.

Side Note:  “Signing” a message is important if you want to prove to the recipient that it’s from you.  This is explained in my “Understand Encryption” article, which you should be familiar with.

Note that Enigmail will encrypt the message with the public key associated with the RECIPIENT’S E-Mail address, not YOURS.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Posted on

Stick it to the NSA: How to Encrypt your WebMail

If you access your email from your desktop web browser, then follow these instructions to get email encryption working.  This is an initial draft.  I’ll expand some of the steps very soon.

  1. Install the Google Chrome  or Firefox browser if you haven’t already and install the extension named “Mailvelope” from https://www.mailvelope.com
  2. Once installed, there’ll be a new lock icon on the top right of your browser.  Click it and a menu opens.  Choose “options”.
  3. If you haven’t, at some time in the past, already created a private and public key pair, you’ll need to do that now.  If you don’t know what I’m talking about, you haven’t and you’ll need to do it now.  Click “Generate Key”.
  4. Once generated, it’s critical that you back up your private key, encrypted, to a place that no one can get it and that will last longer than your current hard drive and PC.  If you lose it, you’ll NEVER be able to read ANYTHING you’ve encrypted with your keys!  Install LastPass.com, create a secret note, and put your private key in there for long term, encrypted, safe storage.  Mark the note as “must reprompt for password”.  NEVER, EVER give anyone your private key.  NEVER send it unencrypted over the internet.  NEVER email it in an unencrypted e-mail message!  NEVER send it unencrypted over a wireless network, especially an open or public one.
  5. No one can send you encrypted e-mail unless they have your PUBLIC key.  Publish your PUBLIC key to a key server.  DO NOT PUBLISH YOUR PRIVATE KEY!!!!!!!! EVER!!!

Now, when you use GMail or most any of the other popular, free e-mail services in a  desktop browser, you can send and receive encrypted e-mail.  NOTE!  Just because you have the ability to send and receive encrypted e-mail does NOT mean that all your e-mail will be encrypted.  You MUST understand the following:

  1. Nothing you did here encrypted any of your old email.
  2. New email that comes in will usually be in clear text (NOT encrypted).
  3. When you start a new email message, Mailvelope will recognize this and provide you an icon, overlayed in your new email window.  Click it to write your email, then click “encrypt” to encrypt the email.
  4. You CANNOT send encrypted email to people that aren’t already set up, like you are, to send and receive encrypted email.
  5. You can’t send encrypted e-mail to anyone from whom you’ve not acquired their public key.
  6. You acquire public keys by searching on a key server.  MIT’s key server is here:. https://pgp.mit.edu
  7. Use the Mailvelope menu to import the public key of each individual with whom you wish to send encrypted email to.  You’ll find that most people have NOT registered a public key, so  you cannot participate in encrypted email with them.
  8. Once you encrypt and send an email message, you won’t be able to read it from your sent box.  It’ll be there, but encrypted with THEIR public key.  Only THEIR private key can decrypt it.  So, send it to both them AND yourself, THEN you can read it.
  9. Encrypted email is unreadable even by Google’s servers, which means you CANNOT use the Google email search feature for words in encrypted mail.
  10. ONLY the BODY of the email is encrypted, not the subject line, not the TO address, not your FROM address, not any part of the headers.

Things to note about HOW the keys work:

  1. When you generate keys, you only do it once, unless you have multiple email addresses.  In which case, generate a key pair for each of your email addresses you wish to send and receive encrypted email for.
  2. Keys are  created in pairs:  One is public.  The other is private.
  3. Feel free to give away your public key to ANYONE, ANYWHERE, ANYTIME.  Shout it from the mountain tops.
  4. Protect your private key with your life.  Well, don’t die for it, but it’s critical you protect it!  If anyone EVER acquires it, they can read EVERYTHING you’ve ever encrypted with your public key!
  5. Your public and private keys are intimately, mathematically connected.  Anything encrypted with your public key can ONLY be decrypted with your private key and  vice versa.
  6. Nothing is safe if you encrypt it with your private key, because everyone has your public key and can easily decrypt it.  A side benefit is you can do this to prove YOU are the one that created the message.  This is called “digitally signing” your document.
  7. If you want to encrypt something that ONLY YOU can decrypt, encrypt it with your PUBLIC key.  Decrypt it with your PRIVATE key.
Posted on

How to Stop SPAM: Basic Tips

We all hate spam, especially those of us running our own E-Mail servers.  Here are some important tips for you, as a user, to stop that unwanted, unsolicited E-Mail:

image

Here’s a real life example of how I used this technique to just busted Box.net for releasing my e-mail address to spammers:

First, some basics:

  1. Don’t ever enter your E-Mail address on any web form, unless you do the following:
    1. Find and READ their privacy policy (and you understand it and have determined that they actually are promising to never send you unsolicited e-mail and promise to never give your address or sell your address to anyone for any reason).  Note that MOST privacy statements do NOT state that they’ll do this.  Many of the privacy statements explicitly state that they WILL give our your E-Mail address.  This is why you HAVE to read it!!!!
    2. Is there a good reason for you to enter your e-mail address on that web site?  What are you gaining by giving your e-mail address to this site?  Is it worth the risk of spam?
    3. Have you ever heard of this site?  Is it reputable?  Do you trust them?  Are you SURE???
    4. If you’re signing up for something you really need, like online access to your bank, your utilities providers, etc…, it’s probably OK.  You should minimize or eliminate handing out your e-mail address on any other sites.
  2. If you participate in social web sites like Google+, Facebook, or MySpace, MAKE SURE you’ve set all of your privacy settings so that all your information is NOT available for ANYONE, except your direct friends.  DO NOT make your information available to friends of friends, and CERTAINLY not available to the general public.
  3. If you ever post a message in an online forum:
    1. DO NOT put your real e-mail address on there.
    2. If the online forum requires a registration first and requires your real e-mail address, consider NOT signing up.
  4. Never post your e-mail address on anything that’s publicly available on the internet, like job postings, resume posting, personal web sites, local web sites like churches, scouts, schools, etc…  Just because those sites are intended for local consumption doesn’t mean that the whole world can’t see it, and trust me, they DO!  Spammers have automated programs that scan EVERY PAGE of EVERY WEB SITE harvesting e-mail addresses.
  5. Ask your friends and family to NOT forward your e-mail to anyone else (like jokes and viral e-mail).  When they forward it, your e-mail address goes out to them all.  Most of these viral messages get forwarded to hundreds, if not thousands of people before your address is finally removed (if ever).  ANY of these people that have a virus that scans for e-mail addresses in their incoming and outgoing e-mail WILL harvest YOUR e-mail address.  Probably about 1/2 of all computers “out there” are infected.
  6. NEVER enter your e-mail address on an eGreeting card site.  Just DON’T use these sites… EVER!
  7. Ask your friends and family to never enter your e-mail address on any of these sites.
  8. Ask your friends and family to NEVER enter your e-mail address on ANY WEB SITE FOR ANY REASON!!!!  They think they’re doing you a favor by letting that web site send you a link to a page, but all they’re doing is adding your address to their spam list.  If they want to refer you to a web page, ask them to e-mail you the link directly from their own e-mail or NOT AT ALL!
  9. Remind your friends and family, AT LEAST once every 6 months about 7 & 8.
  10. If you leave a comment on a news story or a product review, make sure your e-mail address isn’t published with it.
  11. Don’t display images in e-mail.  Most mail programs (including webmail web sites) give you the option of NOT displaying images in e-mail where the image isn’t actually included in the e-mail, but is instead loaded from a website from within the e-mail when you view it.  The main reason companies send you e-mail with web link references to images, instead of embedding the images, is because they use unique image names that identify YOU when your e-mail program downloads them from their server.  Once that happens, they know YOU have just manually opened and viewed the e-mail.  If it’s spam, you’ve just verified to the spammer that your inbox is an active inbox.  Now you’re going to get MORE SPAM!!!!

For even MORE effective tips, check out this article:

For expert tips on stopping spam, read this article:

If you find these tips helpful, please leave a comment and let me know.  Or, if you have tips of your own, let the rest of us know.