The Crypto Paper
Why Privacy & Security Matters?
The primary reason for curtains/blinds/drapes covering our windows in our house is to stop people from being able to see in. The reason we don’t want them to see in is because we consider much of what we do inside our homes to be private. Whether that be having dinner at the table, watching a movie with your kids, or even engaging in intimate or sexual acts with your partner. None of these things are illegal by any means but even knowing this, we still keep the curtains and blinds on our windows. We clearly have this strong desire for privacy when it comes to our personal life and the public. The same is true for our personal affects in not so personal places – like using an ATM (with your debit card) or paying with Interact at a grocery store (not such a personal place). It would be foolish to not cover your pin while it was being entered or to make sure the person beside you in line wasn’t recording you while you entered it in. You are keeping your PIN private, which is directly increasing your personal security. Even if we aren’t consciously being safe about these things, our subconscious has our back most of the time. Think of this: If there were 5-6 rough looking individuals joking around by the ATM in the entrance of a bank, do you think many of the women looking to get cash out would be feel comfortable going in to do the transaction? Or do you think they might wait until the group left? In so many ways we have this consideration and desire for security and privacy but then we move into a digital environment, really beginning to harness the capabilities of the Internet, and many of us just throw it all away.
Let Me Explain Further..
You deleted that message you sent to your husband with your social security number in it so you must be safe, right? Not quite. The digital world is so vast and is comprised of numerous “levels”, for lack of a better word. You as an Internet user would be one level, a system administrator doing work on your bank’s server would be another level, your bank itself would be another level, the people setting rules and regulations for that bank another, and high level government organizations are usually the final level at the top. So even something so simple as logging into your bank account has the potential to hit tons of these “levels”. This is both good and bad. On one hand, it means our information is being looked after by a varying amount of people, companies, and organizations – no better way to determine the faults in our security. But on the other hand, HOLY SHIT! OUR INFORMATION (that we probably want to be private) IS BEING LOOKED AFTER BY WHO KNOWS HOW MANY DIFFERENT PEOPLE, COMPANIES, AND ORGANIZATIONS. You wouldn’t likely walk outside to go to work and tell your neighbor “Yup, had some really great sex last night with my fiancé!” But… you might text that to a best friend over SMS where there is a potential for one of these people or organizations to have a little peek at it? And that's where it doesn't really make sense.
The NSA (National Security Agency) has been running a program called Dishfire that collects up to 200 million text messages per day from users globally. This means that the text message you sent your buddy about the wonderful sex, could have been read by a member of either the NSA or the similar GCHQ in Britain (whom they have granted almost unrestricted access to Dishfire data). Think about that for a second. Someone you don’t even know, from a country you may have never even have visited, knows about your sex life, all because you texted it to a friend. This is just the beginning too!
Encryption. EVERYTHING ENCRYPTION.
I am a pretty big believer in encryption online because encryption can be seen as the primary tool that keeps our information/data secure. It prevents outside people from taking a looksee at things we would probably like to remain confidential. Wikipedia defines encryption as “the process of encoding messages or information in such a way that only authorized parties can read it.” With this tool available to us in so many different forms online, we are foolish to not make sure a huge portion of everything we do on the Internet is encrypted. We should be encrypting our computers. Encrypting our connections to websites. Encrypting our communications. Encrypting the places we store confidential information. Even encrypting our search results on Google. I believe that this is how we are going to be the most secure in this digital world – by making all this data unreadable to anyone that we do not specifically grant the ability to read. Sort of like the lock on your front door. Without a key, people don’t get in unless they use force. And the stronger that we build our house, the more secure our door is, and the bigger fence we put up on the outside, the harder it is to use force to gain entry.
The Issues With FOSS
FOSS is great because it allows us to look at the code in its entirety and verify that what we are seeing is doing what we are being made to believe it is doing. But in order for this to be a true statement, we need to understand everything about the published code. I for one do not understand how to code anything apart from a simple website in HTML so I have to rely on the word of others. This word is only as good as the people checking it though. So say we are planning on using ServiceX (just as an example) to communicate securely with someone else but ServiceX is pushing out updates on a pretty timely (monthly) basis. Unless we know how to read, understand, and validate the code ourselves, we need to have another trusted person who is able to do this. Furthermore, that person needs to be doing this when every update is pushed. Then we raise the question on whether one skilled person looking at the code is enough? If this person misses something that has the potential to compromise us, we would be using ServiceX up until the point and time where someone else does notice this fault. Even though that timeframe might only be a matter of days, those are days where everything we do in association with this service is compromised, which by association, compromises us and our entire model of security, privacy, AND anonymity we have worked so hard to build up.
WHY ENCRYPTION MATTERS
imagine handing your private photos to a friend and saying “don't show these to anyone else." if your friend is trustworthy, they won't show the photos to others. but they can still look at them. worse, if thieves break into their home, they can see your photos too. this is how storage works on all unencrypted cloud-based services, like dropbox, evernote or google photos. companies can see your files, and if they get hacked —which many companies do— hackers can see your files too.
now imagine putting your photos in a box, locking it with a key only you have and giving this box to your friends saying “don't give this box to anyone else". your friends won't be able to look at the photos, can’t show them to others, and if thieves break into their house, they can't open the box or see the photos either. because only you have the keys. this is how encrypted storage works.