GPG and Tor (Everyone Now!)
Sunday, August 6, 2006 at 9:31AM I am strongly of the opinion that everyone should begin using PGP encryption and signing for email, and Tor for web browsing. For those that don't know, PGP is strong cryptography that can be used for, among other things, sending encrypted email or signing emails (so that the recipient is guaranteed that the email is from who it is claimed to be from). PGP has been released under a GNU license, and thus the really great free version is known as GNU Privacy Guard. They have made the whole installation procedure pretty simple--not drop dead simple, but easy enough. If anyone has any problems don't hesitate to ask me for some help. By the way, my PGP signature can be downloaded at http://www.iqdupont.com/isaac.q.dupont.gpgkey and is thusly ASCII armored:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (Darwin)
mQGiBEOD4SwRBACcnsF44NNNXeD3RxvpLPPH1GoE6GGfJ0poPHF1Y85PLbYdZJmF
TVzzSV4FvacCnNHur6fxxmjkL6LqAK48rlp9NLoLH+OGLu2NQ8YWb9IO5hpgAM5E
ksXyqfkww23cF4cdF2ZuexNZMKLauByQ4d0lrrnE5N8tfVZq/jFgjv5oLwCglWo2
IifexGJcjlDgTb5zsqHlSL0D/3ivcheVrR+18jyAjmKzqFJktBpDqt+3EwGo+Ilz
6IO8AJVMiIQ1weucwmdDWERnobVNAcXuwsCVMgNFZXV+QYSPajn2Vc63iX8lpvni
fUtGYCgZnWy6cUcjQFzFMoH2r6EH05zva0aKBTSuLZwYwnkfPJA437gPDznfC2nk
qrpWA/9ZMIEVgvrP0s0fempGI+Sv8PLBVNIfDvWQZ7mgQQtV13vuUFzMZhBmX67H
pobXraUAR5o9tuCkOBGPh7PNhUxJLEIYcYQcMbxFEMgHUrLknP6SNcEYmmmj0Qt0
9g1tpKfxM1XGFLyt8XTdpLaII5BvOjNFsOHUlb2yW4WsitVdC7QtSXNhYWMgUXVp
bm4gRHVQb250IDxpc2FhYy5xLmR1cG9udEBnbWFpbC5jb20+iFsEExECABsFAkOD
4SwGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQBMMPOBTaoxbuWgCeMMvePCZ7Tud4
j+86Y+luTo+e16IAnjs7AEPE1vVlRU+D5iuFtECIbLtXuQENBEOD4VMQBACXUFbM
pu3RkV8WGLUGDBm4nn2sDQZxHXZSl4pIZKDLSVsFLEgEL7gWtQCFmiv2X513J5ZN
ce4tL4NK+6BtMxzpAoZDZ0SO/3sfkN8zxkihByj/43Buv4vqdA5Rs4YFBf+P7Abd
2XHHHKfbe8oLGOBwi+E6yfnlTnsd5/YdZuAlPwAEDQP9HRiiccRMvUUIcgTP/KlB
AUhYokjQhsQVUL0U8VBLEa3v/65xg0oNyhu8jZpz9xoSJhC4oM4W6IZHdb6avibc
TAzFquXDDrE8N82gC5t08AUib3sWFieYJIZ4usA77O+IXV5+XV3yZK/VDvbLbAS7
651QwUKPlFwHNp/pCKI38CeIRgQYEQIABgUCQ4PhUwAKCRAEww84FNqjFkgcAJ9V
/jLKmnn81IuAK/PkhYUXyqxbQACgicuWkZ/Xeq5+T7sNKwicfvg8p9Y=
=FWxI
-----END PGP PUBLIC KEY BLOCK-----
Tor (The Onion Router), on the other hand, is a strong anonymizing system for internet transmission (typically web browsing, but it can be used for IM and any other internet protocol). Currently Tor is a bit sluggish for day to day browsing, but as more people sign up as servers (I am going to setup a server once I am in Toronto) the speed will increase. Currently Tor is a breeze to set up for use with Firefox. Aside from situations where anonymitity is required (such as for journalists, freedom fighters, and people living under repressive governments), Tor is useful for reducing Knowledge Discovery in Databases (KDD), by the likes of Google, your ISP, and many others. The really chilling application of KDD is that your identity is now to be found in databases, since every meandering thought is pumped into Google, there is a near-perfect correlation of the contents of your brain and the contents of Google's database entry on you.
Like all things on the internet, Metcalfe's Law applies: the value of the application is exponentially related to the number of users--so get that GPG and Tor going!
Reader Comments (4)
Maybe in the interests of lazy gmail people like me, you could ammend that to
"I am strongly of the opinion that everyone should begin using PGP encryption and signing for email... or save anything sensitive for a walk in the park."
And, this:
"there is a near-perfect correlation of the contents of your brain and the contents of Google’s database entry on you"
...that is extremely disturbing, not only because of the privacy issues, but because of what I used google for last week.
Right, I don't really think people should adopt PGP for security reasons (although it certainly would be useful for those that require it), rather I think it should be used by everyone for mundane things--that way the CSE won't bother logging all of my encrypted email, because everyone will encrypt. Well, it is a dream anyways. Given how easy encryption is these days, it really is surprising that it isn't built in standard to all email clients. Encryption makes KDD impossible too. If Google wanted to, they could figure out probably 1/4 of the meals I eat, how I spend 1/8 of my time, 3/4 of the websites I visit, and 1/1 of my desires and thoughts. At least they can't tell when I check my email (my girlfriend Google's the URL of her webmail instead of typing it in); oh wait, I use gmail. Damn.
http://www.somethingawful.com/index.php?a=4016
this is a highlights of the leaked AOL search logs. simply amazing.
PGP signing and encrypting... but what if you do not want to be accountable? I'm not sure if by just encrypting [and not signing] one could prove someone wrote a message, but that's the way I'd prefer it. (I don't think you can because you don't need to use your own key just to encrypt a message to someone else.)
I find it silly how still almost nobody uses PGP. If any of you remember, I signed my e-mails for years and encrypted them when the receipient had a key, but then I realized I don't want to be accountable anymore.