Is there really a reason to not encrypt your communication?

6 years ago I wrote this blog post about protecting your privacy by utilizing encryption technologies. Today this post is current more than ever.

The things that Edward Snowden brought to light, disclosed what many of us were already suspecting for years- though most of us weren't aware in what extend the intelligence is able to monitor and track anyone of us. Let's face it- the privacy our data basically at an undefined state. No one really knows what the government is doing in addition to the things that have been disclosed so far. I personally think that wiretapping, law-enforced order to provide  SSL private keys, tracking of TOR users, backdoors in CSPRNGs, etc. is just the beginning- and people who know me, can confirm that I am not one of these paranoid conspiracy guys.

Now coming back to the question in the subject line... is there really a reason to not encrypt your communication? I'd say: No! Current technologies to do so exists and their usability is easier then ever. Tools like GPGTools (for Mac OS X) integrate seamlessly into the OS. Encrypting/Signing/Decrypting data is as easy as doing a right-click and entering your passphrase. All major mail clients support GPG- even Outlook does via gpg4o or gpg4win. IM communication can be encrypted also very easy by utilizing OTR. Most XMPP clients do support it. You still active on IRC? Well, use the SSL ports of your IRC server (and make sure to validate the certificate chain). You are surfing on public WiFi networks... so make sure to enable SSL encrypted communication with your mail provider (e. g. via POP3S or IMAPS).

Even mobile messaging can be secured- e. g. via Threema. Yes I know, a centralized (closed-source) communication system can't really be trusted. But given the fact, that Threema uses end-to-end encryption (so the encryption happens on the mobil device and not the server), it is at least a very good start (in my opinion)- especially if you compare it to WhatsApp and Facebook Messenger.

So, again I am starting this appeal... start using encryption technologies to make sure that the privacy of your communication is secure. Accept the slight loss of convenience and use these tools. It's not that hard. As I said... there is no reason to not encrypt your data. Build a web of trust. Sign your data so that other people are able to verify the integrity. One could now forward the argument that the NSA is already able to decrypt encrypted traffic- yes, that might be right. But why shouldn't we make it as difficult as possible to get ahold of our data? As Bruce Schneier says in his blog post about how to remain secure on the internet: "Trust the math!"

Now spread the word, change your configurations and make sure to keep your communication encrypted!

, , , , , ,

2 Responses to Is there really a reason to not encrypt your communication?

  1. lucb1e October 9, 2013 at 22:43 #

    Wait wait, you’re advertising a closed-source platform for mobile communications? Then justify it by saying it provides end-to-end encryption? You know that open-source is a requirement for security and that Skype also provided end to end encryption, right? 😛

    • Winni October 9, 2013 at 22:59 #

      I am not really “advertising” closed-source software. At least not intentionally 😉 But due to the fact, that there is no real alternative (https://heml.is/ still isn’t ready and most likely won’t be open-source completely), I wanted to at least mention it, as a possibly better solution than WhatsApp and Co. And of course I know that OS is the requirement for real security and trust. No comment about Skype, though 😉

Leave a Reply