Privacy

Email

I’m a proponent of online privacy. One way to promote privacy is to use encryption whenever possible for communicating, whether it be email, IM, or voice/video chats.

When you receive an email from my BU account you’ll notice that it has an attachment. The message is digitally signed by my PGP private key and is an indication to you that I really did send the message and that its contents have not been altered. The message isn’t encrypted, just signed. If you’d like to exchange encrypted email with me, we can do that, too.

To either verify my signed messages or send and receive encrypted email you’ll need to install some software on your computer. My current recommendations are:

  • Mac OS/X: Thunderbird + Enigmail or GPGTools (www.gpgtools.org)
  • Windows: GPG4Win (www.gpg4win.de)

They are both pretty easy to set up. Note that during setup you will be asked to create your own public/private key pair; you should choose a key length of 4096 bits due to concerns that shorter keys are susceptible to certain kinds of attack.

You can retrieve my key from any key server, such as pgp.mit.edu, or from your PGP tool (most come with a key management app). You might find multiple keys for me; I am currently signing and encrypting only with the 4096 bit key pair. My public key fingerprint is C894 B69B 6576 C394 1452 2E9E 7C38 F315 BCC1 ADDF.

I’m also happy to sign your keys, in return for you signing mine. If you have any questions about using encryption tools, just ask. My philosophy is that it makes good sense to establish a pattern of encryption so that when you really do need to communicate securely it doesn’t raise flags.

Text Messaging

If you’d like to text (or call) me, use Signal. It’s available for both iOS and Android and is currently the most secure commercial IM/voice app available. There are one or two extra steps involved in securing the connection, but I’m available to practice with. There are other ‘secure’ apps available, but frankly if I really needed to be sure my conversation was not being monitored, I’d use Signal. In fact, there isn’t any reason not to use Signal every day for every contact.

If you need help setting it up, just let me know.