get in touch: firstname.lastname@example.org
talk to me: tel:+49-179-3966141 (DE)
chat with me: SvenG (on these IRC nets: freenode, IRCnet, OFTC, and HackInt)
tweet to me: @guckes
Encrypt your Data!
"why encrypt?" -> "why not?!"
"it's hard!" -> "it's not."
"but i got nothing to hide."
then you got nothing to lose. :)
"i am not an interesting person.. my data is worthless."
maybe you are not yet interesting now. but some day you might.
and by then all the information about you will be useful -
to someone else. why give it to them without effort?
if your system encrypted all the data before sending it away and
all automatically without any effort to you.. would you mind?
when companies (banks) tell you that you *must* use encryption
to secure your data (eg for online banking) then why don't you
use it for everything else (chat, emails, files..) as well?
however, when your government tells you to use *less*
secure cryptography (to encrypt your personal data)
doesn't that make you feel like a second class citizen?
why would a good citizen use something less secure -
while the "bad ones" use whatever they want? remember:
"If privacy is outlawed, only outlaws will have privacy."
"but THEY can crack anything, anyway."
no, they can't. finding your secret key
in a short amount of time is highly unlikely.
besides, cracking the crypto algorithms isn't the goal
as the algorithms are mostly open to everyone, anyway.
it is about finding the keys only. and
the keys are taken a set of huge numbers.
guessing one of 14million numbers, ie
"winning the lottery" is a much simpler task.
"installing programs, configurations, and all those commands -
that's a lot of work. i dont want all that. life should be easy."
well, once you know you definitely need it, it might be too late.
because until then, you have been communicating in the open and
have allowed everyone to copy and read all messages very easily.
"which system is the most secure?"
the system that you know. so - *know* your system!
learn something about it. read. discuss. test it.
"i'd rather use a system where i don't have
to worry about cleaning up all those data.."
well - try TAILS then. when you shut it down,
then it will forget about everything. that's
why it is "The Amnesic Incognito Live System".
"but won't the use of encryption alert the authorities
even more than sending every message in plain text?"
when everyone is using encryption then
this *is* normal - and noone stands out.
"so.. i should encrypt. but why encrypt everything
rather than only the important messages?"
when every of your encrypted messages contains
the really important information then it tells
your adversaries just that: it *is* important.
it is worthy of attacking and decrypting.
when you encrypt everything then the attackers
might be losing their money, resources, and time
by decrypting something quite unimportant.
"but.. how do you use that system then?"
well - join a cryptoparty - and just ask. :-)
to encrypt messages your software needs the
public key of the recipient. here is mine:
gpg: 8000R/0185391B [2014-03-11] statsdownload
some questions as food for thought:
are copies of data you gave away still your data?
are data *about* you really *your* data?
can you access all copies of your data?
if you can - are you allowed to modify those copies?
how can you prove that some data has actually been created by you?
put a watermark into your data.
add a license to your data.
add a digital signature to your data.
protect privacy! open public data!
protect private data. use public data.
"we need transparent governments.. not transparent citizens."
"governments which have nothing to hide
do not need to be afraid of wikileaks." ;)
"People should not be afraid of their governments.
Governments should be afraid of their people."