Encryption in mail and other services

Some of the addons and software that I’ve been using so far for encryption, and that I’ve registered a profile at keybase.io and using my key pair I got there.

So, I have been looking a bit into this the last few days, and I think it is pretty interesting to tinker with!

I started with me wanting to protect my privacy some more, and with that got my self a VPN connection. And after that I started reading on PGP, and encryption in general.

Now, I’ve got myself a profile on Keybase.io, with a corresponding public and private PGP key for that. On keybase I have also verified myself on the social networks I’m on, as well as my ownership of this website here. You can take a look at my profile, and perhaps make your own (?) here: https://keybase.io/lrshdl

I’m now using the key pair I’ve got on that site for encrypting and decrypting e.g online mail at gmail.com, encrypting files when I need to, and plain text.

I also wanted to mention the addons and software I use for this here, and perhaps that can help others, and maybe I can get some feedback on good alternatives for these, etc.

What I use for encryption / decryption at the moment

I found that there was multiple alternatives for addons Chrome / Firefox for gmail encryption and decryption. These are all open source and they store the private key and pass phrase locally in the browser/computer and encrypts the text before it comes in contact with the gmail system.


## A small note for those who who are new to encryption (newer than me, that is, because I’m pretty new, too): 

There are two types of keys you get when you get a key pair; the public key and the private key.

The public key is what you can give away to others so they can encrypt text or data they want to send to you, and then you are the only on who can decrypt it with your private key. The public key locks the text/data down, and the private key unlock it.

So if you want to send some encrypted text to a friend, you need to have his/hers public key to encrypt it, and they can then decrypt it with theirs private key.

I hope that makes some sense.

How it works


Mailvelope

This was the first Chrome extension I tried. In this extension you can add your private key for decrypting emails others send to you, and you can add other peoples public keys for encrypting emails you’re sending to them.

It usually found the corresponding public key according to the “to:” address I wrote in the mail composer in gmail, but there were some small hickups. Like the overlay button for encrypting the mail did go away after 4-5 seconds and I had to choose “reload elements” in the extension button in the top right corner to get it back, but other than that it worked pretty good.

It is simple and effective to add key pair, or generate a new pair of keys (private and public), and add other’s public keys to the list of keys in the extension settings.

Link to project: https://www.mailvelope.com/en

CryptUp for Gmail

Browser extension for Chrome and Firefox.

This is the one I’m currently using. It has a good inline design and function to-, and work seamlessly with the gmail browser app. It decrypts inline pretty well, adds a “secure compose” button for sending encrypted mail. It also search the key servers for public keys when you add recipients to the mail, if you haven’t manually added the public keys in the extension directly yourself.

I have tested it somewhat and I’m happy with how it works and the workflow in the gmail app. This is also a open source project (the only type of project I trust).

You have the option to generate a new pair of keys (private and public) and upload the public key to the key server. I just imported my keybase.io key pair and use that for primary keys.

Link to project: https://cryptup.org/

GPG Keychain

In addition to the Chrome addons mentioned above, I use the GPG Keychain software on my MacBook Air to manage keys and encryption locally on my computer.

With this I can import key pairs, public keys, and export my public key with ease, and if I copy a PGP Public Key text, it automatically detects it and ask if it should import it to the keychain.

It adds options under the “services” menu throughout MacOS to encrypt, sign, and decrypt both text and files with the key of choice. A lovely tool to have, in my opinion.

I do have the Windows equivalent on my main computer that is called Gpg4win, though the Mac version is easier to use because of how the system works.

Overall

I think it’s pretty great to have the possibility to encrypt and decrypt stuff at my leisure once things are set up.

I didn’t use too much time to get my Keybase.io account going. Then I could use my key pair based there as a verification, and for primary encryption / decryption since other people easily can get my public key on my profile there.

Once I had my addon for gmail up and running, writing encrypted email were a breeze, as well.

The only challenge now is to get more people using it for when it is needed. When encrypted mail works like unencrypted mail, it is no reason to not use it, right? 😀

I hope that people with more knowledge corrects me if needed, and everyone is of course welcome to leave a comment with other recommendations, experiences with services, etc.

Learning web coding in a good way

I have said that I want to learn more coding and get better at web development. Earlier (like 2004!) I did some PHP coding, including MySQL, HTML and CSS. Nothing serious, though, just learning it since I thought it was fun and challenging.

As the years went, I did tinker with it still, and learned some javascript and did use jQuery, as well, but just for personal stuff like making systems for organizing my books in a fancy way or making my own shopping list.

Now I’ve been idle on that front for perhaps 4-5++ years, and A LOT has happened in that time. In came things like nodeJS, typescript, angularJS, npm, etc, and I don’t know too much about it. (Yet.) I know how it works, but I’m quite outdated in form of coding it and organizing the code well.

So — this I want to do something about!

I have, not too long ago, purchased some courses over at Udemy.com about nodeJS + angular, VueJS, and general web design techniques and tips, and they all look promising with good instructors, good content and all that, so I look forward to working through them and complete them.

FreeCodeCamp

In addition to Udemy, I stumbled across a website, on recommendation from a friend, called FreeCodeCamp.com. I want to write a few words about this website here.

This site offer learning through simulation kind of an actual working environment a developer might have. After learning you the basics of the different programming languages, of course, that comes in chunks for all to master.

It is designed to let the user benefit from the community, both in the form of teaming up for doing certain projects, mostly fictional, but still work-like, and for getting help in specific problems a user might run into.

You’ll get certifications after completing a certain amount of tasks and challenges, and it exists multiple certifications for e.g front end dev, back end dev, etc. And when all those certifications are done and bagged, you get to work on real life projects for nonprofit organizations for experience.

They even offer help and resources for job search within development when you’re done.

And it is all free, since they are a nonprofit, open source organization. You can donate from $3++ a month to them if you wish.

I have a principle of donating to open source- and free organizations / services I’m a part of or using since I usually think they do a great job or provide a great service then, hence me being there in the first place.

I’ve just come about starting on the challenges for responsive web design with Bootstrap there now — something I’ve done some work with (again, personally, not profesionally) earlier, but it is nice to get “the correct approach” to it.

I can’t wait to get deeper into it and working more with it. So far it looks very good, and I can absolutely recommend this service for everyone who’s considering to start learning web development.

If you have your own personal experiences with this service, or perhaps know of similar services, you’re welcome to leave a comment below.

Going over to encrypted messaging

Recently I’ve become more aware of where my communication goes when I communicate online. This is not because I have any reason to be sceptical per se, but it’s more of a principal matter.

One reference here: — Yahoo secretly scanned customer emails for U.S. intelligence

In light of this, I have made the choice of not using US services for important communications, be it Facebook, Apple (iMessage, etc) or Google.

I do use these services, but it is for normal stuff — liking cat photos, sharing my own photos, see what friends and family are sharing, etc.

Even if a US service says it doesn’t share information on users and comms with authorities, I dont trust it, because of the general way the entire system works over there (read: the US), and it has lost the little trust I had in it.

And in general I prefer Open Source services. I’ll happily support good services to keep them going.

Sooo, I have made a decision to use services in countries with privacy laws I know are better, like here (Norway — for now), Sweden, Germany and Switzerland. The main mail service I use for important emails like sharing bank informations with friends and family and other important data is ProtonMail, with encryption enabled.

For messaging, I prefer to use Signal, and perhaps Telegram. I do use local SMS for general messages, and for general mails with non-important content — like cat photos — I use gmail, like I have done since the beta in the early 2000’s.

Perhaps I’ll get viewed as a paranoid ‘tinfoil hat’ person that all to often comes portrayed in movies like Woody Harrelson’s role in the movie ‘2012’ — “It’s the government, maaan!” — but I think it is OK to be somewhat aware of how the communication flows, how it is secured, and who might be looking at it without you knowing.

Oh, I forgot to mention, I also use NordVPN for most of my online surfing, be it reading news or logging into my bank. And I have activated two-factor authentication on all services that offers it, and I’m careful with the services that doesn’t.

I believe it is smart to be aware and to take measures to secure my communication, both for me and for those I communicate with. I wouldn’t like to have someone looking in my window to see what I’m doing, even if I’m just sitting in my couch or eating dinner. For me, the principle is the same with being on the internet.

If you read this and have tips about services and vpn providers you have good experience with, you’re welcome to comment below.