Posts tagged Identity

Monday Lazy Linking

How To Talk So The Government Can’t Listen. Part 1: how to encrypt your e-mail in Gmail with GPG (for use with Gmail or other web mail interfaces on Firefox in Windows)

Fellow counter-economists,

Let’s suppose that you want to send somebody an message that contains sensitive information which you want only the person getting the message to see — say an important password or an account number or a transaction that you’d rather keep on the down-low, for no particular reason worth mentioning.

The problem is that e-mail sent over the Internet is normally sent in plain text. Like anything else on the Internet, it passes through several different servers and routers on its way to its final destination. If one of these servers or routers is compromised by a snoop (your ISP, a malicious hacker, the Federalis, No Such Agency…) they can easily set up the computer to keep a copy of your e-mail for the snoop to read at his or her leisure. This is a how-to guide for one way to solve that problem: setting up and using encryption for your e-mail (specifically OpenPGP double-key encryption). In particular, I’ll show you how to set up encryption using GPG (the GNU Privacy Guard) for Gmail, in the Firefox web browser, on a computer running Windows XP or Vista.

The good news is that, while encryption used to be something of a nerd pastime and a hacker dark art, new tools have been developed which make encryption relatively easy to set up and painless to use even for casual computer users. Practically speaking, this is a very important development for anyone who occasionally needs a secure channel for sharing sensitive information. (For example, as a web developer I’ve already guided a few of my friends and business contacts through setting up GPG so that we can safely exchange user login credentials.) If you know where to go for thse tools, you no longer need technical expertise, or even a great deal of patience, to get up and running with an easy-to-use setup for double-key encryption of your personal e-mail. You just need a bit of guidance, and that’s what this is for.

I’ve chosen to walk you through the set-up for a very specific software environment because that helps keep things simple and concrete, and because this particular software environment is one that a lot of people — including a lot of my friends — happen to use. But if you don’t use exactly this software set-up, you can still get something from this how-to by changing out one or more of the steps.

A bit of background. PGP (Pretty Good Privacy) is a system for double-key encryption. Double-key encryption works by generating a paired set of encryption keys. A message that’s encrypted using one key can only be decrypted using the other, but someone who has the one key can’t use it to generate the other key. The practical upshot is that you can use one key as a public key, which you give out to everyone, and the other as a private key, which you guard as a secret.

Any message that is encrypted using your private key can be decrypted and read by anyone with access to your public key (meaning, effectively, everybody), but — since only you have access to your private key — it guarantees that only someone with access to your private key (meaning, hopefully, only you) could have written the message. So it acts as a secure form of electronic signature, verifying that it was really you who sent the message.

Any message that is encrypted using your public key could have been generated by anyone with access to your public key (anyone). But it can only be decrypted and read by someone with access to your private key (only you).

And, similarly, if you’re communicating with someone else who uses PGP, and whose public key you have access to, you can (1) encrypt the message using your own private key, and then (2) encrypt it again using their public key — guaranteeing that only your intended recipient can read the message (since only they have access to their own private key), and that only you could have written the message (since only you have access to your private key).

Nowadays, most people who use the technology behind PGP actually use a program called GNU Privacy Guard (GPG) which is an open-source implementation of the same technology. For Windows users, there is a version of GPG called Gpg4Win.

GPG itself is a set of command-line utilities that will generate keys, manage a keyring, and encrypt any text that you pipe in to the program. You could in principle do any encryption you needed to do just by learning how to use these command-line tools, then cutting and pasting to and from text files. But it’ll be far less awkward to manage your keyring through WinPT, a graphical tool that comes with the Windows GPG package. WinPT will allow you to create your own key pair, to upload your public key to a key server so that your friends can find it, and to download your friends’ public keys so that you can encrypt your e-mails to them. Then, if you use Firefox, you can install an add-on that will integrate GPG with the Gmail interface; at the moment, I’d recommend FireGPG.

So here’s a step-by-step guide for getting up and running:

  1. Install GPG and WinPT from http://www.gpg4win.org/

  2. Launch WinPT from the Start Menu. A small icon of a key should appear in your system try. Meanwhile, you should now see a First Start dialog box:

    Choose Generate a GnuPG key pair and mash OK. You’ll be asked for a name and e-mail address; fill in the primary e-mail address that you’ll be using to send and receive encrypted e-mail. (If you have more than one e-mail address that you’ll want to use, don’t worry; we’ll come back to that later.)

You'll be asked to choose a passphrase for securing your private key. Choose one that's secure -- preferably both long and easy to remember without writing it down. You can include any characters that you can type, including spaces, numbers, punctuation, etc.
The passphrase is used as a cipher on your private key, to increase security, so that you can store it on your computer, or even on a shell account, without having to worry that someone who uses your computer for a few minutes, or has a shell account on the same machine, will be able to compromise your identity by copying the keyring file: only someone with *both* the keyring file and your passphrase will be able to use your private key. You'll need to be ready to enter this passphrase whenever you want to send a signed message, or to read an encrypted message sent to you.

After you've entered the passphrase a second time (to make sure there were no typos), WinPT will churn for a while as it generates a key pair for you.
Once WinPT announces that your key pair has been generated, it will suggest that you make a back-up of your keys on a CD-R, USB drive, or some other external storage, to guard against the day when your hard drive fails (as all hard drives eventually will).
You should probably take their advice: if you lose the local copy of your private key and don't have a back-up, there is no way whatsoever for you to recover it. If you're worried about saving a copy of your private key, remember that your private key is protected by your passphrase.
  1. Now that you’ve created your key pair, it should appear on your keyring: double click on the key icon in your system tray to look at the Key Manager with your newly-minted key pair in it.
If you have more than one e-mail address that you'd like to associate with the same public key, you can associate secondary e-mail addresses with your key pair by right-clicking on your key pair and selecting Add --> User ID.... Then follow the instructions in the dialog box.
Next, you'll want to make it easy for your friends to access your public key, so that they can verify your signature and so that they can encrypt messages for your eyes only. (Remember, you can pass out a *public* key to absolutely anyone; that only allows them to *encrypt* messages *to you*; it doesn't allow anyone to *decrypt* the messages you're receiving.) To do this, right-click on your key pair and select <q>Send to Keyserver,</q> then click on each keyserver in the submenu.
  1. Now you’ll want to import public keys for people who you might want to send encrypted e-mails to. To start grabbing public keys, click on the Keyserver menu entry. A dialog box should immediately pop up; enter your friend’s e-mail address and then mash Search. For testing purposes, you can grab my public key, for feedback@radgeek.com (minus quotes).
When a key (hopefully) pops up for the e-mail address you entered, highlight the key and pull it in to your keyring by hitting <q>Receive.</q>
If everything goes well, you should see the new public key imported into your keyring.
If you have any trouble getting your friends' public key from a key server, you can always just ask them to send you a copy by e-mail, copy the block of gibberish they send you onto the clipboard, and then Import the public key from within WinPT. Alternatively, if you can call up a copy of their public key in your web browser (through webmail or from your friend's web page), you can use FireGPG, the add-on I discuss below, to directly import the public key from your web browser.
  1. Now, start up Firefox and go to http://getfiregpg.org. Then install the FireGPG add-on.
Once you've clicked through the dialog boxes, and successfully installed FireGPG, restart Firefox.
  1. After you’ve restarted Firefox, go to Gmail and try composing a new message to me at feedback@radgeek.com. There should be some new buttons available for when you send the message.
Hit <q>Sign, encrypt and send.</q> You should be asked to select a public key from a list. You should select *two* public keys: one for the e-mail address you are sending the message to, and one for yourself. This will encrypt it so that only you and your intended recipient can read the message. (You want to select your own public key in addition to your recipient's so that you can read the saved copy at a later date if you want to; if you choose *only* your recipient's key, then not even you will be able to read the message.)
To select multiple addresses, hold down the <kbd>Ctrl</kbd> button as you click each one. Once you've selected the right public keys, mash <q>OK.</q>

Next, you'll be asked to select a private key to use in signing the message. This should be your own key. Highlight the key and mash <q>OK</q> again.
Then enter your passphrase if FireGPG asks for it.
If all goes as it should, your message should be encrypted so that only I can read it, and sent on to me; when I receive it, I should be able to decrypt it using my own private key, and thus verify that you've got a working GPG installation.
  1. If I receive your e-mail and I’m able to import your public key from a keyserver, I can then send you an encrypted message so that you can verify things on your end. If you get a GPG-encrypted message, what you’ll generally see is a bunch of alphanumeric gibberish encased in a distinctive block.
FireGPG should recognize an encrypted message and automatically give you the option to <q>Decrypt this message.</q> Click through (and enter your passphrase if requested) to view the original message.
  1. FireGPG offers a number of nice features for direct integration with Gmail, but you can also use it to encrypt, decrypt, sign, or verify text in any other webmail service or any other online form. For example, to sign and encrypt text outside of Gmail, ust select the text, right-click, and choose FireGPG —> Sign and encrypt from the pop-up menu.

FireGPG will ask you for the public key to encrypt with and the private key to sign with, as usual; when you’re done, the selected text should be replaced with an encrypted block that only your selected recipient(s) can read.

Before I go, I’d like to note a few things.

First, as with any computer how-to, your mileage may vary. In particular, as of press time, Gmail has recently introduced a new interface, and FireGPG seems to be doing an imperfect job of coping with it; if you have trouble using FireGPG under the new interface, try flipping over to the old interface (or vice versa), or restarting Firefox. If nothing works, contact me with as much information as possible about what you’re trying to do and what’s going wrong, and I’ll see what I can do to ferret out the problem or point you in the right direction.

Second, let’s be clear about what GPG will do for you and what it will not. GPG provides point-to-point encryption; it ensures that even if a snoop can intercept your e-mail en route, she or he can’t tell what’s in it. It does not conceal the fact that you’re writing to the person you’re writing to. It also does not conceal the fact that you’re writing something you chose to encrypt. If you’re worried about people snooping on what you say, you should keep in mind that they may be able to get a lot of information just by being able to identify who is talking to whom. (If y’all find this how-to helpful, let me know, and we can discuss some techniques for addressing these other issues.)

Finally, remember, no defense against snoops in the middle will do you any good if the intended recipient of the message chooses to turn the information over to a snoop. Technology can secure the line between so that you can say what you want to somebody that you trust, without the danger of a third party overhearing. But no technology substitutes for knowing who you can trust and what you can say to whom.

If you have any questions, contact me or drop me a line in the comments. Let me know how it works for you. Consider this my contribution, to the extent that it works out for you, to revolutionary agorist praxis. Enjoy your privacy!

Update 2008-10-29: Since this is written for Google, I’ve made some minor revisions for the purpose of clarity and informativeness.

See also:

  • Configuring GPG (Mac OS X) explains how to get GPG up and running on Mac OS X, and explains integration with several OS X mail readers. If you use web mail, then you can use these instructions to get GPG running, and then follow my instructions to set up Firefox with FireGPG, which should be more or less the same on Windows or on a Mac.

  • Beginners Guide for GnuPG in Ubuntu explains how to getGPG up and running under Ubuntu Linux (or any other flavor of Linux that supports apt-get). Again, you can use these instructions to set up GPG and then follow my instructions to set up Firefox with FireGPG, which should be more or less the same on Windows or on Linux.

  • If you use a desktop e-mail reader rather than webmail, many popular programs have add-ons, plugins, or other ways to integrate GPG painlessly with the e-mail program. For example, I use Mozilla Thunderbird, and an excellent add-on called Enigmail. Similar tools exist for Microsoft Outlook and Outlook Express.

The Solution to Spam Pollution

A few things have recently come together for me. First, Andrew Leonard recently penned an interesting column on spam-blocking technology for Salon; then Jennifer Lee wrote another interesting article for The New York Times. Finally, I made use of a brief free trial of McAfee’s SpamKiller software. I’ve also just been doing a lot of thinking lately about what needs to be done to seriously address the rising tide of spam that is flooding most everyone’s inbox. Spam e-mail has been getting worse over the past several years, and it’s been getting worse at an accelerating pace. If we don’t want Internet communications to become simply worthless from being drowned by spam e-mail, then we have to rethink our basic model for e-mail so that spammers can no longer take advantage of the system’s architecture to overwhelm legitimate messages with their crap. Lee’s article shows a good grasp of the problem and why anti-spam legislation won’t do much to solve it. Leonard’s has a good grasp on the overall technological shift needed to address the problem, but he doesn’t push the envelope nearly enough in the kind of framework that needs to be accomplished.

Leonard’s article describes the development of SpamAssasin, an open source spam blocker being adopted and improved by many system administrators. Leonard points out that the collaborative effort between legions of dedicated spam-fighters can greatly improve the ability of the software to identify spam messages. As Leonard puts it, The only way to stem the flood of unwanted e-mail may be to harness a million eyeballs and an army of open-source hackers. There’s an intuitive reason why this should be the case. Obviously, by harnessing the efforts of thousands of administrators who ferociously hate spam, it will get a big boost in productive energy. But that’s not all.

The basic problem is this: under the present e-mail architecture, the spam market works. It works phenomenally well, and especially well for the seedier side of online industries, in particular pornography and sex-related products, which can’t advertise through conventional media (other than other porn outlets) and don’t have any financial interest in maintaining a reputation as a friendly corporate citizen. The reasons are inherent features of the e-mail architecture:

  • It costs nearly nothing to send spam: once you have an Internet connection set up (which you’ll need for your product’s website, anyway), it costs virtually nothing to send out scads and scads of spam e-mail. Labor costs can be reduced to nill by feeding addresses from a web crawler into an automated spamming program. This is a fundamental reversal from direct mail and telemarketing, where a fixed cost for contacting a person is borne by the advertiser.

  • Lots of people see it: If you send out a spam message to a huge group of people, then most of the people you send it to will see it. In part, this is because e-mail is a durable medium, like direct mail or fax, and unlike the telephone, so if you send a message while the user is away, they still get it. It’s also due to the relatively primitive state of message sorting and spam filtering—users have very little control over the order and priority with which messages appear in their inboxes, so to get to the mesages they want, they generally have to wade through, or at least scan over, any spam that they get.

  • It’s hard to track offenders. Many comparisons have been drawn between spam e-mail and the junk faxes whose rising costs spurred a federal law against them in 1991. The two are alike in that advertisers get a basically free contact, while victims are stuck with the primary costs (in paper, bandwidth, time, what have you) of the interactions. However, there is a crucial difference: junk faxes can easily be tracked to their perpetrator through phone company records. Offenders can be blocked and identified for legal action. Spam e-mails, on the other hand, are generally very difficult to track to their originators. Headers can easily be forged, server relays can be found to use, one-time-only addresses created with free services, work can be farmed out to mule computer users, who are paid a small amount to send out a huge volume of messages, and then take the fall if they get caught. The anonymity of e-mail and its reliance on the honor system for identifying senders makes spam very difficult to flag and filter.

When we look at all these factors, we begin to see that we need a comprehensive solution which will work to address these structural holes. We cannot rely on anti-spam legislation, since spammers will merely relocate to different states or different countries, and use the anonymity of the communication to further shield themselves. Spam is only going to get worse until we have mass deployment of an easy-to-learn, easy-to-use, agile framework which harnesses both human intelligence and high-quality, flexible technological solutions to make legitimate email easier to access and identifies and deals with spam.

Unfortunately, most anti-spam solutions fail, because they are focused narrow-mindedly on a single goal—the goal of accumulating as many heuristic rules as possible to identify and kill spam (this is reflected in the names—McAfee’s SpamKiller, SpamAssasin, and so on. The most common and most maddening manifestation of this is scorched-earth spam programs such as SpamKiller, which works entirely by accumulating thousands and thousands of rules to try to identify common patterns in the way that spam messages are written or addressed. These do indeed catch a lot of spam, but they also slam perfectly legitimate e-mail. For example, my decision to uninstall SpamKiller was finalized when I saw it was trashing legitimate e-mails because a filter (one of thousands, which took lots of scrolling to find) was killing messages because they contained the word rape. Now, look, folks, I’m pretty much physically nauseated by some of the spam ads I’ve received for rape-fetish pornography sites. But I’m an anti-rape activist, and I receive tons of perfectly legitimate e-mail with the word rape in it. SpamKiller’s approach to spam is like trying to kill a swarm of mosquitoes with a cluster bomb, and plenty of perfectly innocent messages were getting clobbered.

The problem here is that most people who work on spam-blocking software and most of those who purchase it are basically in the frame of mind of trying to get rid of a source of long-term and maddening irritation. Programs tend to be reactively focused on axing spam by any means necessary, rather than proactively focused on improving the e-mail user’s experience. But if we keep our mind on what users need and want, rather than what gives us the temporary satisfaction of the kill, then we should begin to see a bit more clearly what needs to be done.

To reduce the effectiveness of spam, first spam management software needs to be widespread, usable, and respectful of user’s legitimate e-mail. With millions of users employing software that lets them take control of their own inboxes, users will be able to stay on top of their legitimate e-mail and sidestep the spam. Information for identifying spam should come from automated reports that millions of users submit: when a spam slips through, the recipient presses one button in the mail client and it is registered as a spam message so that no-one else receives it (SpamAssassin uses Vipul’s Razor, a system which does just this, but it needs to be integrated into easy to use clients, not just arcane Unix mail filters).

Second, we need to plug the anonymity hole through use of double-key authentication and encryption of e-mail. E-mail clients could prioritize messages which can be verified as coming from a valid address, and also messages which are encrypted for the recipient’s eyes only. Spammers who want their messages seen would have to separately acquire a public key for, and encrypt the message for every intended recipient. For millions of e-mail addresses, that’s an awful lot of extra processor time, network bandwidth, and human labor that the spammer has to pay for. Furthermore, the spammer’s PGP signature or signatures can be blacklisted as quickly as the spams start going out.

Finally, system administrators at big ISPs need to get responsible. One of the biggest conduits for spam open relays, poorly configured mail servers which allow anyone on the Internet to send e-mail through the server by forging headers to pose as a machine on the server’s network. System administrators need to get serious about ensuring that connections are only accepted from authenticated users or legitimate machines on the ISP’s own subnet. And when spam is being sent by a user, they need to be quick about axing that user’s account.

What you can do now:

You can do some things now, both short-term and long-term, to keep yourself from being overwhelmed and work towards an Internet not being drowned in spam.

  • Use shield accounts for online commerce. A lot of high-end spamhouses harvest addresses by buying them from merchants such as Amazon.com. For online interactions which won’t be anything other than perfunctory receipts, it’s good to maintain a shield account (say, diespammersdie@hotmail.com or somesuch) as the address through which you interact with online stores.

  • Download and use PGP. You can get PGP — a great security program which will let you securely sign messages (so that the recipient can verify your identity) and/or encrypt messages (so that only the recipient can read them). The Windows version of PGP automates the process of creating and using PGP keys, and has plugins for popular Windows e-mail clients which let you use simple pushbuttons for its functions. PGP will make your e-mail more secure, and also help build an Internet environment where spammers can no longer hide behind forged headers to conceal their identities.

  • Look for solid anti-spam software that suits you. If you can find spam management software which suits your needs, grab it! If you’re willing to geek around a lot, SpamAssasin looks very good. Better yet, Deersoft is in the process of developing SpamAssassin Pro, a commercial product for Windows based on the SpamAssassin engine and integrated with your mail client. Unfortunately, most spam management software I’ve tried (e.g., SpamKiller) is crap.

  • More tips: Jennifer Lee’s article is accompanied by some tips for avoiding spam, some of which I agree with, and others of which I don’t. Unfortunately, the present spam-heavy environment is encouraging a lot of people to take up measures which cut down spam at the expense of breaking human usability of the e-mail system. Lee suggests using complex e-mail addresses, which do thwart spammers who use dictionary searches on mail services, but which also makes it hard for your friends to remember your e-mail address. She also suggests removing your e-mail from any online directories in which it may be included, which will again thwart spammers but also keep people from being able to reach you. I totally disagree with this method of spam filtering. Again, it amounts to protecting your inbox at the cost of shredding real people’s ability to contact you. Nevertheless, some of her suggestions (such as disposable forwarding accounts for use on Usenet and bulletin boards) are solid.