Archive for category personal privacy
Since my first trip to Europe 5 years ago, I’ve been trying to get a chip-and-pin credit/debit card. As far as I have been able to find out, other than a single credit union in DC, there is no way to get a chip-and-pin card in the US. American Express and others have chip-and-signature, but that’s not the same, even if they try to tell you that it is. For example, you can’t use chip-and-signature at unattended gas stations, vending machines or many other places in Europe.
It looks like, finally, the American card industry is willing to truly join the EMV card world, and issue chip-and-pin by 2015. It only took 10s of millions of credit cards numbers being stolen within a single month or so, to get them to move.
Almost all of our credit and debit cards were re-issued to us in January, by several credit unions and other financial institutions. That had to be expensive for all of them, and there is talk of the banks suing Target over their breach.
While this won’t end credit card fraud completely, it will definitely make it more difficult.
Just one more thing to think about as I work on my personal privacy…
I got my start in computer security from the personal privacy side of the equation. Revelations over the past year have made me realize that I have become complacent, and it is time to upgrade some aspects of my personal digital privacy.
My first “paper” on security was an essay that warned that “someday, the government and large corporations will be able to search and manipulate hundred of millions of bytes of information, giving them improper leverage over individuals, who won’t have the same access to computing power or storage”. I got a B. My high school English teacher said the writing was very good, but she couldn’t accept the premise 😦 That was in the late 1970’s.
I’ve had, but rarely used PGP/GPG keys for email since the early 1990’s. I have friends who probably encrypt about 10-25% of their email, and sign almost 100%. Others encrypt and sign more, or less. Some are more consistent about this, some less. I felt that this wasn’t necessary for me, as I was a small enough needle in a large enough haystack, that “computational privacy” probably wasn’t needed in my particular case.
I’ve run my own email servers on my own hardware, off and on, for years. I’ve done the same for personal web servers, photo galleries, and other personal storage. Over the past few years, I’ve made much more use of hosted services, like Gmail, and WordPress.com (for this blog) instead of building, maintaining and securing them myself on my own hardware under my own physical control. I’m going to have to re-think some of those decisions, I guess.
The Snowden revelations, coupled with high-profile cases of seizures of data and equipment from hosting providers, and the inability of those service providers to stand against the abuse of certain government powers has led me to believe that it’s time to step things up a bit.
I want to upgrade my personal privacy stance over the next few months. I’m going to have to re-learn lots of the details of encryption, look at products that didn’t exist a few years ago, look into newer encryption algorithms and key search technologies. I expect I’ll need to make changes in the way I use email and the web and in general communicate. There are a lot of good resources out there; I’ll share what I find.
I don’t plan to wear a tinfoil hat, become a crypto-anarchist, bury guns and ammunition in the desert, or buy gold. This isn’t going to be a knee-jerk reaction, just some slow steady Kaizen to improve my digital privacy.
With the recent revelations about privacy issues in the United States, and new recommendations about algorithms and key lengths, I’ve generated a new GPG key.
I’m also providing my prior public keys in case anyone still has old email encrypted or signed with those keys.
Here is my most recent key:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org mQINBFLspJ8BEAC7NMUlCttCzSOGI9V0+13uhXmd7rMHksBwZIJJ3kFgJpymJMq5 fnshgIn3i59OIjYeDlmpPMjaTpiL3dQ8WgeQm/J2r0aJeaR3D8gnOqDr6W2VkCNE 6u+y10EiY0kF1WQTnAM2U3SkW+fPw1DBR5+KwMx0jrDoJNvbD6dYzd2TCQo4sN8Y nGr69NZ2xI9OPHvlluPWfBOHuoB5SEUpI5c/8HHRFgXS06iAyEpystu3ebZDUZaA EuyEovxygqanwwdsOYpP/aZWbz/UnoyRMvVrHnHphgKlsVvNue41Z9IGGqyd6okM YBkyS9Sh7cfm9gfQpjuS1hpU03i8D7bsml8SonCgJ4FG3thw2aTfjFm0ZJq+gQNk 4qMb0U7EHkIOJgyWwS+/1tJA3teUuoBHqbFRcc2W2qUv1Ezyz0Z99Rp0NwmO0AZq muxk/ZT5R3d7ihy9qKhLcfWJoyXzE0meHPhjIGldx1o5xtXmCMX5/IgE9j1u7LVo NsI27KQoj/ORxsolZZFJjfvvARujm9Vdhon2MxvrfR1Bt+1PTQuX+tD0eGIztdaZ ZhZeALU00DaDLkVYQlTBLGl6QB3Nh2YDDaEIo8sfXbSeGdSrIK6d9tgoh/UE7QaO YlxwAXCMys7uqijXSgsYbah9qVHL0Sd1tS4HmzJj8/6nzmXwZoIxUuDCAQARAQAB tDBUb20gRS4gUGVycmluZSAoSmFuMjAxNCkgPHRvbS5wZXJyaW5lQGdtYWlsLmNv bT6JAjoEEwEKACQCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlLsrhECGQEA CgkQcMP7B3sV+GVeAQ/5AWXXwyVbR9/n8AO2pAVJeHXz6o3PlI7NsOya7smWrbnT b/GF8pepG6MJYnJScWTu0x9VGwZEgRjb7r56AkIngstWwa7Xc5TqmkAYM8VilvZp 2idPiw+95Id8YU/GzeyM9kFk4rkNlmj47ePKqZk4wiB0zr6q60UYh4xOHKL9ESMp pa4vKIKaYRyDjekYlerGTNmgBadW0G5ScxAdHP6XYyYYNKEPdTS9+T3GrdQLIDuR KrTKoeoJ6PdcCy5LKJOrrYWAvom5MrE16e/NMs8RwubQimRwGEvnCoqLtseW4hpT RlMH8ey1nY0cGiadVi7cMYBw6R4MdmqwGKC/vu8C1OipWqs7l/Rh7J4G32p6qZ67 6JtFhtpdEYcqTq/G+MvLZTK5qZeXctS/C5Y+kUCqT/nRnuC34crtW3jqvLWSkkRx gVgXGempUFieGuiDZfImJJMEGL29jETscCzOVPxDnKA6t+Chah7Q2J9rU1+Nbk6e S3PHiNSGrvoeGgP9/dtfgOb5/8Env6m+dH0BRSnXJXtuZtfyIWswbdTqW0EZkkuF Y+pzuFnmUpNQKc7GXYo+ZkSWaUb9QeMhWKQmCa5wZ/lPwHk913S387MtXchby425 Xjn+xiuSnTuMVNr11LVmUlZXHk8tQrmProTEWTxgHxLQpfFVXA6X30wlzFDUadmI RgQQEQoABgUCUuynGQAKCRA+7nd+FwgS4KauAJ0XmwH3449fm6wm2OYFJC6ZbMiV bwCdFbZ1MBP1Yx2n7G7aijtHLToutua5Ag0EUuyknwEQANMog3yAdVIou/QVIElO pF/S9H6G1yv2YZTe34W9VnEKj0ImNVOJjkWXqNapC673YSy9l1T8np6l+wNGs2WW LZp90d6CUJC8DjFkRpWVCfjJaWfrLatVt+HlK6k4kZFy/uH1trYg+gHwBsgEX8SM Hnqr0GhG6M+lrGYpCcJi7/4y5geV+j2FK5L8RD1hjcev9NC3++ESNiyf3cyL4RY0 69tGJk26T5nmuRRcHGDiKEk91JFpF9mVhnb9zuywuw5lzv5+n9ye0q7hIJWUqJRQ boVy/HoQMTcJha05Ce0QNdoZoBBmsoMeYu492Hzqgf6FoOMcy9glxvkTgjWpSxMB 6B7y6OH+dFXoqsBSaE6dqf7lWFxjl57LOaUM0ccLLi0eBDdkYmsICVHIm9J+6qaX 0z3eRRa9Fopb0KkaM2etuTeFdNSKlzg/iXvyXi3YWqz7+cgpHR4YmwyhF5ZMby+q on72Wd+YfNCUD3W27E4i4y8cLRs03U6Amf5iEErM1EW7Bghq0oOQYnkc+NyRDpQi qp+4Y/74kTAE49BLvRiNsLIuF6TWTqzc7WGFi5flUwifKiNKwJwuOMwBUSiPse2x 5G2nB4sOvMwzCpDqMpaYEPjkwfd6onVIN+L26BXilXP1YgpOnbxilv53ZzJoGcAJ ZIxihdWIQDwpQnoIdlll2tmdABEBAAGJAh8EGAEKAAkFAlLspJ8CGwwACgkQcMP7 B3sV+GVwYhAAp+06MYAfjazrHdiOCXTJFW9YTO30B6sb/Dkp8k+EJCaMt+DFZLaG A9gXM4AtC04tv83NTWHoS4qtrnzWeb/FYILHjFZK/cMxl20ou02640aX91rHFYSe ADT35bL93CwJao13IxkXUm9QvyU/v0N8pJSeJjm4JjBC8P9X0lsL+ntGwwyCj4Px KqZMzZKAf6pPM1/lI6AkixtxPAnZx7HCHRxCquuhsoZUJ0tn4Z+pETgLj6SDsi7b aj8rK5d27H37hcrWqn4rN/xlsrTUL0eUVN8p8osTR0Dm53jduYo076rEKYMn5lyj XUBE2CLcqCcbNLesB/QXn3oDBhr46dMXFqRLyv+SIX+Gis6uSyhVgyTocJnktwnL Aic0tFqc09bICBCTKSBaHADPyhbboQQzT0IlBcEb2Shhy2r2Hl6mwbG4bbS94dol ynEzAhc9j2/A5NLnv7Vzpte93hL4dwOQ1V4twyuQH9206RJKqEt+3nbXmMOrkCpO YXyGkE0H88Nr5KkYgo81ByveW9U39ABSfaxdYdCDO37J0Q9D9Ua9G7ZgFPFfhsAl fZ8CNfGS/Re5BqVDYZ+b60s4fBQUpY0vXoN8/nsnqXhmaz+NgbAbWuTXuDu6+tMj ZJZVI7IOPvnfytZXBBqEu1j8EsdQMRR8vreglclfcqynE78evHv1X24= =SE+1 -----END PGP PUBLIC KEY BLOCK-----
Here is my key from 2006:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org mQGiBEQSETMRBACWXd8/2l0AJqquyaYooKFs+qvrDv6Sa/UJrlFHxiKCTMp3l5Np Ok7YTcuMY7fzMTv1Hidwcr2qkUHGPtxVbtG/Y3cwrZxzIflO9+5X4j28O8uIxe/8 unC5LsFAl5qDBbjDjQTAXSHdmFhQaKbinV1Yelue6AWFnWXWHyFMM7UqEwCgsrVV p3TuW8t9/8sCHqt0bE+4OxED/inPmmHYx8PqxuCR7C8Z/NrAYS9lttlq9eY8AapL T0gpF0V16YJbWpHglAEKRkDVN5/8J9QT8tbc85JpnZ9iG09nKk+ajGiF0n281RkO 0alDnOk8CF3q+BWv3xKrn4p2q0gSryHp8wRwZIMHWvzqgOSOm0Cjm1aAlb3Rfjvv hHGrA/0Vpu8cQ4zRP5ZXX3p8kdYYXWjX0j4F5TOr/8Ekgq1/OTGNEaLhj2PD28Ao hpWL3ulffXCVkWF6Pe5N5ik2aYu0deL+ofgHu7cAo5n9gSjpCfGeFK8AZRnX+dvy 8lx+ig70DYrV0v0Peyr00pYnHs8Uaf6/0pkiG4UHyC2LU28PX7QbVG9tIFBlcnJp bmUgPHRlcEBsb3BzYS5vcmc+iF4EExECAB4CGwMCHgECF4AFAkQSHDwGCwkIBwMC AxUCAwMWAgEACgkQPu53fhcIEuDbpQCfd/tPxdDqHpXDsV0l0XTsJx61dZoAn0JV pLJCj72K7OtY6U1XCWzg/PnniJwEEAECAAYFAkQTvXMACgkQpFCQLAnT5k3NnQP+ OhyAkSRgRHeFaYuc+TB/dRJ/lMtVLsbt4qfdEoAUKIauokgGvta6J8HRCZOh7/ko 7R9XDBSpEihw6qYwDD88OlobZJlDvu1QgfVgreft6URbzUUSMq+2blr9A6vrKayn tyc6Xnrfyb4nn6tEVBjKNBzYr+H6hQH9xC/7uK9To5CIRgQTEQIABgUCRBXQdQAK CRDdom9SQKd+Jt5oAJ9/OcWut3OQKywQcZkBfz4yr1n/5gCfbFFbyzXNkGRSXeve om+fIoklGZiIRgQQEQIABgUCRBWI8QAKCRBjG6gPu3lAiU6UAKCpzbs5GFlahheX HLjlwiRYTZTa/gCguT2R1cQHm7ngSnxm431BEsxXDy2ISgQQEQIACgUCRBYYIAMF AXgACgkQUfAt06xxHoKUCgCdH7YYl2OrHMAsQ2t6xNrP3iPlKVoAoKP/mM2HPMQq Sd4symHcxU6WqyJWiF8EExECAB8FAkQSEpECGwMHCwkIBwMCAQMVAgMDFgIBAh4B AheAAAoJED7ud34XCBLgLqcAoLKtXuz5TO40FHGUfkXl/52wCQ/CAJ4inFwDnXzP 3xu2FbTmuvEmsu9dxLQaVG9tIFBlcnJpbmUgPHRlcEBhcnBhLm5ldD6IWwQTEQIA GwIeAQIXgAUCRBIcQAYLCQgHAwIDFQIDAxYCAQAKCRA+7nd+FwgS4AvDAKCKxydL s1IEBh8PF7lT7rC1YlNfLQCfcxrve/6swAKw50OaMFndWbx/aXGInAQTAQIABgUC RBIRXQAKCRAU0saVnGgBUbsHA/9H59r4Xtsmbaa9RC5UE3jGg8yEd4lGAg9xLKjP 3g/Jpm+Y/D57TXTzGCffbyPjMrnMJzOo1aBxc2cO28+tCV3Dn8Peqh1wJFmD/OGt YDZnvTH7pGulxg7n6zaFPfzV7vqykbd6d3cLN/kU2LVzOmVR9BQ+1EyyZyCVKf58 H/rmHYicBBABAgAGBQJEE71yAAoJEKRQkCwJ0+ZNw+UD/i5Hj8ZVQ8wzkCmBMgId rv/oH1pDZSamOuz733lgY0oJ1sol2hKDB7F+tOrv3+BeZ8CoyR5XmD15L+o35lXd jpgxPfWbwPzBV+b/QLkMRZSUyIqUhl6rJLp0AbouGrQ+vQ1nIkfFNe/S3Ag4L3yb hg9kgcigfnBAtn/kxZbXhHuyiEYEEBECAAYFAkQTvkwACgkQ5r/NLxCBo3zmPwCe MfbDozk77VZeydwdBqjz4X+2A54AnR+uGeLSfgEqXvu2BnwebmZ3gAS3iEYEExEC AAYFAkQV0HIACgkQ3aJvUkCnfiZWagCfXuDf07S42+EEVKxQZwZQRqH9OxIAnRc2 /8S5EXIThxUPK4OwyhjyilADiEYEEBECAAYFAkQViPEACgkQYxuoD7t5QIkAYgCf X5UliXq7EE6xAE1Rgwmwh2OaPC8AniKyYN5T2mUYQ0xx1EuRBXX8yR4xiEoEEBEC AAoFAkQWGCADBQF4AAoJEFHwLdOscR6ClfsAoLKgwdwnoDEWLjnFElPno/5N5f3l AJ47joWAdiYt9YCzIeMw7FKnoQuYrIhcBBMRAgAcBQJEEhEzBwsJCAcDAgEDFQID AxYCAQIeAQIXgAAKCRA+7nd+FwgS4EPyAJ4+FptOUmrydpLnD9WJdSrP1jXwRwCf fGV8PkBZ0b13yEtEkYbCqWiZmO+0H1RvbSBQZXJyaW5lIDx0cGVycmluZUBzY2Vh LmNvbT6IXgQTEQIAHgIbAwIeAQIXgAUCRBIcQAYLCQgHAwIDFQIDAxYCAQAKCRA+ 7nd+FwgS4FoJAKCoyxkwEduJgLXjiRvsZmd/5/d32QCdEQhbXVaSt1x9A7vCkQ6a 2BhG8CaIYQQTEQIAIQIbAwIeAQIXgAYLCQgHAwIDFQIDAxYCAQUCRBW5YAIZAQAK CRA+7nd+FwgS4AEnAKCNpNXpffvHs9LVzDT8RgKCoIdrxgCgnPSOvzp6QWzfF8vh vCh2J0hqOoeInAQQAQIABgUCRBO9cgAKCRCkUJAsCdPmTTuRBADIr5QfAQlujHyy KEgalv4XkrfW8J9v5BTE34xFJ7MXhNGah1Bs7rvhSFWeAOw711/W22IpoTdbYqAd 8++LqQKjdoITF8M5lw3Q24zAgd3sEPxSMn18V+X+RPcY9GPvrAlfck+I0g8sdyGV PSL8Vho/DqS2o33PWYm0Pl+C5xG8BYhGBBMRAgAGBQJEFdB1AAoJEN2ib1JAp34m GcYAn1XhdRqkyO+UOqeMsELX+bwdHIj8AKCMF6r0HBY4XUCA5MaaYtVBnf4tfYhG BBARAgAGBQJEFYjxAAoJEGMbqA+7eUCJ65wAoN0MOKv7alZUhlqVH6zT4sU3gKVl AKDDsua/iPrwuFr53jraEyb/b3vgwYhKBBARAgAKBQJEFhggAwUBeAAKCRBR8C3T rHEeglsEAJ0WPqMu9ziqGd/LicnVy8XpsNQeIACgqqsywmB+H++yGwhgWDVcxGJX Ll+IXwQTEQIAHwUCRBISKwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQPu53 fhcIEuDFAwCdHoek533QesV5TLAoUUyXbkNkYdYAn2yZ1xevYyMq1oVu8Sa182vR 47pptCFUb20gUGVycmluZSA8dGVwQGV2aWxtaW5pb25zLmNvbT6IXgQTEQIAHgIb AwIeAQIXgAUCRBIcQAYLCQgHAwIDFQIDAxYCAQAKCRA+7nd+FwgS4AriAJ41kQev MJ9PQB/4GZOtPiM/ta+kpQCgqJLEztBwOFfjva4HufR0SCptyaCInAQQAQIABgUC RBO9cgAKCRCkUJAsCdPmTUUaBACKy5cp7lWmdSaJkevqjMXvlBrCECj1RqLfzVfT aJQtL7smCb4QKonU77LyO9Ppe3pRCeyEEtwPJYcfWBlpKuCdBzE+teecOp3pSXjp U2ZR3HPcNOOJvB2JOaOuNZMNS6V+Z2D/oSKGnYgzEd/hlvdUO1y3yDNV7imOqrMC zhFbAYhGBBMRAgAGBQJEFdB1AAoJEN2ib1JAp34mukoAnid/4xgCA2foC3PPSv6B MajVLNJaAJ9+k5x/XJNVO7SVkvp/xMbplsXTD4hGBBARAgAGBQJEFYjuAAoJEGMb qA+7eUCJEcEAoNeSzqICrvXcB+Zs0A9Dq3yOxaoeAKCD0CKiddS1cWHLkfCL5oPl DqEga4hKBBARAgAKBQJEFhggAwUBeAAKCRBR8C3TrHEegjhWAKCttLLaF8R4K6Yu 8vmE15qNZ3H8xQCdEjcOQ5mSO9qBu/af63fQUkwi7QmIXwQTEQIAHwUCRBISRgIb AwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQPu53fhcIEuBA+wCcC2+Q69vPGck6 nomHIcXi6cQCe1AAn02Xx2+xRtFSz7Fs/kiHgzOlz23ktBtUb20gUGVycmluZSA8 dGVwQHNkcml3Lm9yZz6IXgQTEQIAHgIbAwIeAQIXgAUCRBIcQAYLCQgHAwIDFQID AxYCAQAKCRA+7nd+FwgS4C3PAJ0WO/CkgSlStNsbw/ZPFbQzWtGX1wCeO4V4sk9M O5jxBwv/u4sBQcgjEUOInAQQAQIABgUCRBO9cwAKCRCkUJAsCdPmTVNdA/0ejMoi B55LDFCaExPOHhLFezVvhCAqAz+Ks87Fhuvv3hHiKTvN0n38zRYrLN+r3Zh48Ih1 OoW8bJqUSsr8y07Alv4GZndCvidE8xWaCUgbk0zBo78ArJ3pcRIuF8hk/uLqmXs/ ATrYBuHsIFd3iOS9tWbf7wCmRWuadyRrNEhKOYhGBBMRAgAGBQJEFdB1AAoJEN2i b1JAp34mn+IAn2P7M48r5ZMKgyAK2Cjn1jcJZljfAJ4nCXUN3Ab5YQkXVCsvFVGV 0JbF24hGBBARAgAGBQJEFYjxAAoJEGMbqA+7eUCJvnAAoIMpPk3fhxxRTuNBvaWf LUfkUwP8AKCTzG+wOo+eZ61aRZTf//Run8Fq6IhKBBARAgAKBQJEFhggAwUBeAAK CRBR8C3TrHEegnMRAJ0TPsy9KWCrr2lUj+79krHXgw2N/gCfdcE+mfhZyN4L+q3J RuVbjAU2/iKIXwQTEQIAHwUCRBISZwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AA CgkQPu53fhcIEuAsngCgnnvQ/moMpUzXmepqIblB0CwdikYAn3lKx86ZT9ZuACre PsfgZWtyS7dgtB1Ub20gUGVycmluZSA8dGVwQHRodWt0dW4ub3JnPoheBBMRAgAe AhsDAh4BAheABQJEEhxABgsJCAcDAgMVAgMDFgIBAAoJED7ud34XCBLgczoAn0+H bdwszcpUeC99gXMKT6WTe5lrAKCsTlkEzB6+VzdHXwZjYc73bsK4aYicBBABAgAG BQJEE71zAAoJEKRQkCwJ0+ZNyyQD/0BrmB8a6Bgib+dJncgzVxgChTJfZFM5W/tV b/3KYcGgElCxKvgXhYsQJz9IM4npQWi/g9+ESrmRIDdoj/sPQZ2Y+wtbOxXu1T2c jkUacfMYb5uW1TbTjfDTnABvsYoKu9txQgNqH+tx4K6lBaA4Ja06seuLBz12GB/V To0gQd0GiEYEExECAAYFAkQV0HUACgkQ3aJvUkCnfiY8+QCfZ3gr3nXzZMklFNen zMaPbSsdTL4An0tseCWvpdOSz2r2m1rzZ3d4c9bViEYEEBECAAYFAkQViPEACgkQ YxuoD7t5QIk7PACgvVYeR/JODli1ZeEV8n7GOhUceFQAn1jMUaf9FOWNtYHzFwmK J4xmHZVPiEoEEBECAAoFAkQWGCADBQF4AAoJEFHwLdOscR6CPEEAn341yon4r1+L wjMiqSXWtELne0dGAKCnRNLM6JYs6IDPOdzG/qAPFcSjxIhfBBMRAgAfBQJEEhJ1 AhsDBwsJCAcDAgEDFQIDAxYCAQIeAQIXgAAKCRA+7nd+FwgS4Oh/AJ0fsMR8foMb 41/+/YkFikOKV9F6GQCgkNEfvxuyUdiFHeVuQxGGRc2kgoO0LXRvbS5wZXJyaW5l QGdtYWlsLmNvbSA8dG9tLnBlcnJpbmVAZ21haWwuY29tPohgBBMRAgAgBQJL/rdf AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQPu53fhcIEuD3QgCeLgk4dIl5 QjSJ4U5afh4aIUtl9lEAnR1xHBxOjBJkJOyUIUQWfJLaVDlguQENBEQSETQQBACV m8Qta1Sv0Nr2EDUxcUx1/Tuzh1EygSYKFUIiIXDctfe63bIeO/YSu2BKJ1u/IdGa bT/5wGNdzmxmHqm61ZyCCISM2zmYCCDfVBCam23Xk7QXLnluud5BwLAvnsjdk0y8 N8dvZz/AKBalG/uijEL2O3GWglpcDt+L5qFbin135wADBQP/UsBHpz0ByNgMPV++ LPUUWro2+Rvj0E7wf5g8teAcrIrIsxQ40jnQfHfW0w/mMKS5cfqyMjIkCqM9yUmQ MVxa7F3OT+7dXa2MoM71J11Mnub8SmzLaNGrnKbwDBYD1Thw/DnwDQcgK+ehNqt+ YB72QVV2fvbduI5rfylqKV0Yj1uIRgQYEQIABgUCRBIRNAAKCRA+7nd+FwgS4ON6 AJ9Cs/Ct+tNugkzqd8DTSU2ETJaAtQCfTOBeR9XFAB902TW361129iPswbE= =IVpW -----END PGP PUBLIC KEY BLOCK-----
Here is my original key from 1996:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org mQCNAi2Ax94AAAEEALlglEMTuVebDOrthGmj9wCaHFw/W0m+WVYTjvQk9ct7xJcP E3dp0Xdq3E/CNJCY8P/zrPcbSvgzaR5WY1xTSihmMFMJFbqJ0FAB4c3lWpoRRXWx GpsQysXF/jQT5pUXE/wsClXFM83CkqSQNRBE6RBMR0Y65GQNMxTSxpWcaAFRAAUR tBpUb20gUGVycmluZSA8dGVwQHNkc2MuZWR1PokAlQMFEC9nSh2Nn20OMr4bUQEB TRgD/00eOvoF3fQFwgfL5jz5N2QGik+AaUPgt+KnujAINcAum0VIoyv+ZtjuccbI efLqmmlpIxnFxK9m+rqdgrtXw2LL/5fgCwUCYom2WB/d6OmsPMZLOKhsYJ1xNBdF qYpAH1WD2w3nY5U3VpinLxlvNzKKrbNeGdtPbiHwCoLvz6sbiQCVAwUQLy5kvpME DvqCGoWtAQHtjQP/RmIGjDf84Bpv0mkDFbbvbhnYdgutFEOkOne6vMKJ+3sJTdsi EEZdeDytidqvdHpkMtVkiOj/kBWndWmLzbCbxlXisjjzj8jTYxrfoN0IxYYCeVKe KwTUpRewmhL2/57wJXviMXso3dNLcwP+RSHSchfLPQwpqprHCvf9iauzHuOJAJUC BRAvHok6bCg0Y9cHbF0BAXFZA/9GXCfMpiEw65CZWgbuJPSkRw0e5FoB3cj5v+Gc yBwKMmpx/aDzoWA9k/Zlc6/o8XdMgWrAmMIzjTIFcpG6lJJ0dqS6qDYp++bxFqDR KM7DhpougZ2u0Nxl54F0EfFK2imfOgVMM1hOx2pHu3esbiNv22bM2H7en+mS8CUA pBT0oYkAlQMFEDPzbb0rYghCgt6juQEB6O4EAJLtH6aiHHPNX8MVLrCj+9cBcmhl 2CK2vjC4BC7Eu98tMRm1hi2QoEZPxPotSl9lrAc6VfCrx1DAuFzy/QvEuH1AZqJt fEvksXBJV5ufyXhLc73sl9Agt6PkQFNb2Jbizlo7cHwdldIms0KPrqNQIKufTuuQ XWqXZxDTg+hjf9lRiD8DBRAz4l1iUfAt06xxHoIRAi9yAJ4zgrrsdt0daw9uElG7 1G4zZa/zkQCdFtejMjzRgFcpZ69Wv1/TKiBSCdeJAJUDBRAyHkabgEp1EPeh9ysB AQggBACUBzGS2ylMymYTZZnEZ7y9zKsS0dOrEZ41NsMVc3hqZ6Q46+rw2vUX/UcR gMu10A3M2cuIuKd6n1uFTQom9+OLp5qUJ66ecqg10Pwo26I+lLEyRxYE8/4aei/v iysiW4OhSrmVpxVLRVqxCSnGaN/TO85D/B/TIoMtAWAYfZiTwokAVQIFEDB5HQFn 1gtYHuhxIQEBTokB/1TYp82r7k2UwL3WCCIBtBqFCAjGN2QocNWcZEb3DFz0r1Kz 9KMuNKPy61KvA0wUSuINRsrkZ+oFRN6sKkWPUqKJAJUDBRAwcEIm0WPXZsfOfw0B AWMbBACpHoslfC0cLhr5H5Sg6Um1/BQ6gGNwrZZH7xZfj6ihGu4h7pJkKxY6lN18 2To55fz6VyBuPdOwURgPHmX2cWSblIfxNjw+foEX6Nr6cLWj0cr6RJFKgn+RqKzx yxROeUp7dP+HDrsNDxSw4Xfm1zRUELqvAWhMpuwEGuo/XrErAokAlQMFEDBrLwyk UJAsCdPmTQEBrDwD/RERUTE+Lk4RTHRhHTTjulIWeFY2AoXGEtrqxMirmBgjT4aC DygrKBrd3qNdbrZIfHMIuPK02VmOF/r1va0PyfuYGFbi68s2oUr6E5nNmMvmjFoF +GR802v4uZ8CGo1U6Gchi1yLv3ctLsjfgkQY+ESoXqdZueLrdLmgbB+wNeGoiQCV AwUQMGstM7CxcYNNuhCRAQHAUgP9EKPx4VLZhkR/cEVZD9Tsb5KbPpGwe0MMUJE6 AsBpSEB9f9u4cG52+SGrjlA3YTfEvzIWQ8KMoY9tcGccwut21wS0kYJzSpepqVrO rPKxYoG5mSO4wJV0Ky8dKCjpQ7UhkXkVdAC/9VvzKBZcjAYSYtERrQf279Ro2+AW eW1br5aJAJUDBRAwbIbe1eCuZnXGy0kBAdufA/91ahpgcRo/WI0lPMjO0OSNy+Gl g9x4dpVf5mIvQq4ENN8yrhzOgt1gooL5GSxgg2baMyUdGqEwYKXB0fWjQjU1Y7E+ A4VtgyCCRRlWXVZP3pBYAZ8XppIWjN8nhE3WW4kZsrcMoLiipGKNAFcy9c2IwgVS b3xv3i9/jgUcoSw/KokBFQMFEDBsJ5t3fs8hRzwYFQEBP3MH/RLXS8Xv4JuNr8U3 ZLiLq4tvdqBIX7bCw8BII9BHacN4tYlS9M6fuUvxRZ5VjdkQJhS6q9DI+viQiJI1 aBrkJRprIZSRf87DczQAQi7s75sDO59jFLMjrOmfGmoCAbYNXHRFV5EIQk8U8ePK PZ/TSqriiHr7Em067g2LoV1f3Ue6TgDZryMDD2lwdYfWVb+gGNiVQ9DQr6Ntdt7L Y0ysmGxsdZB53LleUNu4zd2u5Y5rswHzWlVr/WzuaiMwv+n+cjBG403BkZ78PIep xZqIV/G50wHCv8LyOfheUc9Bw5rnRa3ceBoG7DFjIewuJHBX0Rr6+NTx0HgNJRXY dNgg9cyJAJUDBRAway9w7O/VJ/p5N+UBASStA/45WcDO2+1wFiNvlFTP4NqqLHD2 yE/nxlzZ4sr4mZwvqh5Ss84fqez/m1tUuI/NT9NmRw90cWx+P9B9coBdu9Bt0daI UnXwbuUxzPEq/naealT6Hb6LwcL+JqdrDNGWIBxHg/jccN2dia2YJJH3+h2hI+Is hKxOqtCZG8zsn16etIkAlQMFEDBrBNKvZPwzK6PyvQEBD6oD/jO0hRyioJcfG39c dtKi8oeL5Gm2IoI7i7FCVCJqQltmDqjUOJI7Ioed6/Tzh+KJSdLlYvYmo5K0Wvgv Es1PSF9ihCd5fzvDdSljAsqXQ31fLDZd77/Y/h/PkRcEGG0ZHGfP3TNV4zoHdwn4 SCJruI5ExvvEh3FPq0NUdgO8i/beiQCVAwUQMGoe7uI11LPFgBXjAQGrNgP8D2nf ujoEa0dlX4w7Y0huxPWHpdIoOhMexmtqiWgfyPQLWw4Eq/mnAjdF4KuFlU1C/smd OnvcJ3n6pIiUurPpw9CPFb8xVPaxCmQgUsxDx0877rTLDRCLfr53cZyR5R2N/5gk N8r6PiP64Mob5rg9dRD8DbvFKBv6L+FuTgsqzc6JAJUDBRAwafD8Ct9/qBjwLNkB AZbbA/4h/EqLS2xEbAk3Ifd6brn1ucFzBUGTfhpKJjds/zI62zECObUBy8KJpNUj HHNYR3IRMhT2ZHHap5aKiATw4ZBrILyvYY1lZA34DHKAo3/QztFHaU5gT9qJiFSY wqi5q9bjLJdXszaX7wnb6dVqAB3Sbh6bSNd+MFChuR8XHET5BIkAdQMFEDBp78L5 oc+fdQfBNQEBim8C/Al37Ao842+iSsTEJtBY10AUP6r1CmsT1XEaodNvRCijcSpG 5wQHK70JbLJBOGe7NGzAVuAV6qzIZ3/xniZqTOXPFH+DrO04KYq22Br4GAKrd1dq BCHoJFW3TY3avGOtJIkAlQMFEDBp7KLsTGln+UCrhQEBJ4cD/3xBaYiuzp7t85HO 2gsyv4LiYvY7PkaJhxoeQNv4MimRFX53l7DFvIYrvQs5XqNvELgVzp1OJdaQN09+ ECV3+I+i49dm7cg43nl8dNsBl8Xdk0wEGgx7Z0x2gh6v/JqxUV+GY3tImqxgtxIy v9A2wOv+OR/XNNRMIVwDHFl8U88piQCVAwUQMGi8R17lrK5my3PdAQGWoQQAlC5D 9UD4NMxga1qHevWNPXk8XcbiKB7r2z50aCnGjs33Z+HFjg90TlRRp3g7uK9AyWYF 7ISUFDQScQ3dbTo82/L+P9D1eRls+BMWElGyibyCEs8N5rs2v/+KsTWKqn947srZ fGm8O+GecJbua3Pf9VtBQybxw1hu42LkxqUKFlqJAHUDBRAwaY6jm5WgJWLQSkkB AV2VAv9mc+YEblGLRcrttCMz3PLxOhOIMxrIpcH+kwr7swvhahGBBxucLxJDrGNJ 2ac/1UglYIqa0ju1LdRwgg4JUBxh0tUNi8BMh2qNzFiJQV1bc3N3hYPWj2fa3TNX wHDXRfOJAJUDBRAwGWMhZXmEuMepZt0BAVi0BACNu/hS3l/Wydz9iOqSlrePEkwb YhpJwQB8NEPQxOO2XbZPvkaij1w2oOADcH7UsMw01CjADqZVBkPau+Gjs1mAoWQd E+dVcO8DYlx1H1bek/FCSrle6GuuBfDeNcedFMweHhVEO55EAqS1f5f5QEvrf2P9 QzZONS/j7M6op16mFokAlQMFEDAPRLR4JPhVIxVm3QEBApgD/0VX1UdASMbWTWjg SFnIo8z16F2dvEpG0f1rSWxB2JCMjbPPhN7mH7Ak/Vd+6D6fnQr2OlSxe6TQnUcf MPNrIL15CUMx8vAasumNFp8FC5/BQ4yhHgaXTmT8px6TeT/8F6PNPd0c0ciRPUaB v87RaGEwl8VfQTXjLY0V4U97UNe1iQCVAwUQMA8/cs2oBGsAN8d5AQEpXAP+M1hj QnK3Eh9GURePQ92wZbHgb/8o59R3nNZCdaCIDpUfJGXMApbRdzjibkexZZONO8W1 UcBWduUAV2gUTj61ghIu1o/5JVIfWW3OlqXJqGnp9xlwREgrhHEESMWgk5nKfnK9 bFpEq0qsyAC4+YxD1Xn/g64CzAS2W/F/6TDPT7+JAJUDBRAubhTjFNLGlZxoAVEB AXrNA/90ZZ57TgE7TtzFhTmHu++yBmP8KKEqKxM6ec614povixQJvFX+EXb1wUa1 FZUj9FUCVqWD2y/5uvk8HJ7MepvC4c8Irkc7QOLnQNuF1FAtswxhyWBhrYBQXVnb MWk8OuPKKHq2ESiPyOFuqzcMD4NuZ3EzL5jmwU9NJR3Ylh2NLYkAVAIFEC5s0h4V rDLOPlxS/QEBoUoB90dpuj4q2Fxu1AsGYEWcPymx3Q0PHrwMcQwPyPB90A0w6QKR ifHz6V9Hb3ubqqyx2Ovg2MUWoftgwUSnf1wkEokAlQIFEC2bXE5hqrGydnZ6rQEB nXwD/2mz0CBQM5Pk5fty050LcirZje1Ykx/WZ32nN9wXmOV+Hyq846yacHysyC9N VjFzPfslyw5W6uzou2gW3B9n6qqm0AiwABgIuTb8tOowZBSvUjmVhuxxPkNuHuqG Q1I0oUwDmWbnsoZSIuPNiYmxc0uPkC1VsYoH5D7XcEeXonIpiEYEEBECAAYFAjtE 3FIACgkQ5r/NLxCBo3xBhQCfb0/uo1VXAJ4m6q/1OcXdjiI6qoAAoPsnJ/wvG4+N TkuP1ISfyWLbEVdSiQCVAwUQO0TcffLlZUzmDiptAQEpSwQAjkqg3jYhTDLQ7ztw K8koz1CorcPue6Cci4twax+2Q6hbChAnTbDvqodPakCYwEfS2up6aXcKpGQa5IPe RnF5RYQthKBSUE9YWrSLm5ZPYBSTGZLf4Hhn6381I6L3tbvOc6M4Jo+VpI1vXnIn a8z1MUsfb6QfIuMyKyUhqYJrtZ2IRgQSEQIABgUCQcoR2AAKCRDdom9SQKd+Jtj6 AJ9W/+UaeYQBhDJvhN+mb24GvBAQngCcDe6Eura36S755DRSKZac+GqyQZ2IRgQQ EQIABgUCNRB0oAAKCRC3BYzpPWXloPUqAJ98UKbWyrkFhcBKIR03v/BzBbLKLQCg 5dpZb0Vr0jsAHb+fC11CRa7KTPqIRgQQEQIABgUCPtutfAAKCRCSAt0MlIMOrUkK AJ46u1nmmb6MX5ErbCCpB7PEuKqZqQCg0YIwUI38J8Q0qEk/tUACsQ1J+AaIRgQT EQIABgUCPrg+bAAKCRDYw7lS6Rq5uVJrAJ40TVuPDvpWJaC6unpV2VOKbnCncgCg r0oF1vMDaKAYhI9puegpZAF9AFyIRgQTEQIABgUCP0uttgAKCRARKrfhNu2SIgxB AJsGu3VMU55NM6j57FtR5w/GmFK9ngCffiUghFCEx1030DbVDfypDBhkCxKJAJUD BRA5gHXomGpB7xiMt8kBAcLUBACBoBKdzQboeUW7wGbHHOZ9vR0Di9MpT74/2lNK WN7G4R6+UAwiZNI3+AJVe56w3EgvOKhIRytgM0PbvS09CCC8gNUTHf1aXRf+0YJM 4zIyn607yPW6wKYgCIyXZXPu4BBm9QHd7VAj3zbZDtHB9JHeKVUWX7XHz0rq9GRm 3K5O7IkBFQMFED0AF/y27RCtRrQFywEBctQIAIuSeYoocMZcCS8WPbXywkY0IdSS rUyqGgRpd8Iyc4mrl2xCG67jXkIAdnkFTLgNVvZijR2UA2ciVyaY1KXJ0H1bKRxE 7DCwSXC9vqzLNdLBOFGFOWt7IBMcj1UecqJfHTPNl33pKszaPeN3gM2H80sti/0j pw+DMTp1zULJiDYRSMSyMgpbhAAop2l1cylzNizO43MqFcEXBdPCwuj1x/yd0BCB dfuEmvrLsYpPrUqjWlYOSmNqpjuwaTnxe9Y4Ftul068uVEmDWe0qMfvuKqQkq3y8 71tgutYJBJoxiw8tSE0mViDv2JJJAy9rAl4wcZJN+3NR4xWiNany3SThRX6JAJUD BRAvJ+6QjZ9tDjK+G1EBARiIA/4gCuZTfnbzLhQSmAe+tCWf3039F4wyj9mb2QPw XgItjeKrMxLpbmeHa3568auGlf+XjvD5MFLGw2EJj9MvgYms9GPUIt/qKfuIcmPC 3pG1SgAfVOXWnwHmljpa26m/yoESk1cWhOtBTxN8XWJgXiU+fQQGV2mBte/9D3xj JbuiGQ== =ow5q -----END PGP PUBLIC KEY BLOCK-----
There, I said it. The so-called “IPv6 transition strategies” are making it harder, more complicated and less secure to deploy IPv6 than just “doing the right thing”.
Carrier Grade NAT (CGN) and Teredo (among others) are the last gasps of an IPv4 world, and have no place in the modern Internet. While they may have short-term advantages to network operators, they will cause problems for their end users until they are finally phased out. Dual stack would be a better transition process, especially for customers.
CGN is, as much as anything else, a way for carriers with a large network or large installed base of end users to make the fewest (and hopefully least expensive) changes in their networks. They are betting that by introducing a small number of large-scale NAT devices on the border between their networks and the Internet that they can avoid making sweeping internal network changes, or upgrading CPE (Customer Premise Equipment).
At best, even when working correctly, CGN breaks end-user accountability, geo-location and the end user experience. On top if that, it will slow IPv6 adoption, and force “true IPv6” users to adopt a host operational work-arounds and complicate deployment of next generation mobile and Internet applications.
CGN is inherently selfish on the part of the network operators that deploy it. They are saying “I want to spend less money, so I’m going to force everyone else to make changes or suffer in order to continue to talk to my customers.”
Or, as Owen Delong put it in his excellent look at the tradeoffs in CGN:
Almost all of the advantages of the second approach [transition to CGN and avoid investing in IPv6 deployment] are immediate and accrue to the benefit of the provider, while almost all of the immediate drawbacks impact the subscriber.
The next part of my rant has to do with Teredo, a “last resort transition technology”.
Like CGN, Teredo promises to allow end-user equipment to connect to the public IPv6 Internet over IPv4. It does this by “invisibly” tunneling your IPv6 traffic over the public Internet, to a “Teredo gateway”. A Teredo gateway performs a 4to6 network translation and passes your traffic onto the desired IPv6 destination. Teredo is implemented transparently in some Microsoft operating systems and can by default provide an IPv4 tunnel to the outside world for your IPv6 traffic. It can, also provide an “invisible” tunnel from the outside world back into the heart of your network. And of course, all your network traffic could be intercepted at the Teredo gateway.
Teredo security has been a hot topic for years, with some concerns being raised shortly after Teredo’s standardization in 2006, and RFC6169 finally providing IETF consensus in 2011. Sadly, Teredo security must still be discussed, even though it is 0.01% of network traffic to dual-stacked resources. Fortunately, there’s a move in IETF to declare 6to4 technologies (including Teredo) as “historic”. Teredo will complicate network security until it is gone.
I for one, cannot wait for both CGN and Teredo to be consigned to the dustbin of history.
It seems everyone has one. I can’t really add much to all the tens of thousands of words that have been written, so I’ll just point you to the beginning:
It’s not you, it’s me. You see, I care about my privacy and what I share with friends and the Internet at large. I also care about what I share with you and other companies.
I was hesitant to use your service, but I read your terms, and got the strong impression that you cared about my privacy and security.
So, I’ve deactivated all three of my Macs and my Droid, and deleted my Dropbox account. Fortunately, I didn’t use that password anywhere else, so I’m done.
Your service was convenient, so I’ll check our your competitors to see if they have a better security posture and more transparency. If so, I’ll likely end up paying for their service. Thanks for showing me how useful a sharing service like yours could be, but too bad I couldn’t stay with you.
I think that these days I’d add LastPass to the list for password management. When I started my conversion to LastPass, I had over 370 account/password pairs in my home-brew password database.
I feel like we’ve been here before. The Administration is planning to sponsor legislation to make it easier to (legally) “wiretap the Internet“. Based on what little has been written, it appears that Justice is arguing that CALEA (and more!) should apply to the Internet. If that’s the case, then every manufacturer of Internet routing and switching gear would be required to build in the capability for law enforcement to activate a “tap” remotely and with no way for the provider to be aware of it. Oh, and LE gets decryption assistance, too.
This will not end well. I don’t have lots of answers, but I’ve got a lot of questions. Feel free to answer them in the comments 🙂
1. Why bother with the legislation? The Bush Administration already illegally authorized wiretapping. Oh, you want the evidence admissible?
2. Which equipment will this apply to? Large core routers and switches, certainly. What about my home router? What about equipment manufactured in China, Russia, Taiwan? So, all networking gear has to have government approval before installation? What about a VM appliance, or a home-grown BSD-based firewall? Will it become illegal to create your own firewall, or use an open source based router/firewall?
3. How will the requirements to support decryption work? Will US citizens (and companies) be forced to use NERF’ed encryption? Will the end-to-end SSL/TLS model be deliberately broken to force enabling of a man-in-the-middle attack? How will this play against PCI requirements to use best practices. We’re already seeing massive data spills of credit card and personal data, and the common denominator is often poor or nonexistent encryption.
I don’t claim that there is no need for increased ability for law enforcement to collect and process digital evidence, including network traffic. That need is real, and in our collective best interests. But this legislation, as currently described, is impractical and over-reaching, prone to abuse and unenforceable, and completely changes the balance of power between individuals and the government.
- Report: FBI Talks To Google, Facebook About Wiretapping (searchengineland.com)
- Wider Web Wiretap Law Is Sought (nytimes.com)
I recently helped a friend of a friend create a new email process for himself. He’s a journalist and wanted a little more protection than is usual. He’s been noticed by governments, corporations and others, and has had some problems with his email being stolen in the past. He’s had a laptop stolen and some of his email appearing in print.
His situation is far from typical, but it was an interesting thought experiment to see how “secure” one could be, if paranoid enough and accepting of enough cost and inconvenience.
We looked at several threats against his email and personal and professional files, and came up with some easy changes that could cut his risk significantly.
One of his suspicions was that at some point his US-based ISP had been forced to turn over some of his email. For that reason, I recommended that he find an “off shore” email provider. I recommended going to a provider in the EU, as they have much better privacy laws, and a history of telling other nations to buzz off. Sadly, the UK isn’t a good option, as between the “special relationship” and the Official Secrets Act, even their own citizens aren’t well protected. Their ongoing debate about their national identity cards shows a certain bias for the government at the expense of their citizens, although this may be settled, at least for now. I think the Netherlands, Germany or Switzerland would be good email homes, as there seem to be numerous options for hosted email in those countries, and the few that I checked into all offer SSL-protected web mail.
Next, we talked about installing PrettyGoodPrivacy to protect his email in transit. PGP has been acquired (and re-acquired) since the days of Phil Karn, but they still have a solid reputation. If you are a geek, then you can get and install the open source gpg (Gnu Privacy Guard). Commercial PGP offers good email encryption, good file encryption and even hard drive Whole Disk Encryption (WDE).
Another part of his “threat model” is theft of his laptop to get his files. While encrypting hard drives are becoming more available, there may or may not be OS level support. Check out offerings from Seagate and Hitachi as well as some laptops from Dell and IBM which include encrypting hard drives.
If you don’t select a hardware drive encryption solution, you can use PGP or TrueCrypt. If you just want the data encrypted and you don’t care if someone might know that you have encrypted data, then PGP. If you are concerned about someone knowing that you have secrets, then TrueCrypt. Since TrueCrypt can make invisible (or at least hard to detect) partitions, that’s an additional level of assurance.
As an international traveler, your laptop is subject to search at any border, including the US ports of entry. France and China have also been mentioned as countries with some level of laptop threat at their borders. There are a few ways to get your data through the entries, although some may raise red flags.
First, you can just encrypt some files, or even the entire hard disk with PGP. This may raise questions, and in some jurisdictions (UK,
maybe US), the authorities may be able to compel you to divulge any passwords to unlock the files or drive. There have been two people jailed in the UK for refusing to divulge their passwords. US law is unclear, as the Circuits have ruled in different ways in different cases, if I recall correctly.
If you want to carry encrypted data without it being apparent, then you can use TrueCrypt to create an encrypted “volume” which will look
like a regular file. Just name the file something innocuous, like “refrigerator-ref-manual.pdf.zip”. Even if “they” try to un-zip the file, it will appear to be a damaged ZIP file. Oh darn, too bad.
Bruce Schneier offers a novel while complicated solution: encrypt with a key that you don’t know.
But best of all is to not actually carry any data at all… Store your data at your non-US ISP, and keep nothing on your laptop except a web browser. You can always get to your data as long as you have a net connection, but you don’t carry it where it can be seized or lost if your laptop is stolen. If you need your data when you aren’t connected, then just put the data at the ISP and clear it off your laptop before you travel, and then download it at your destination and then carry it around. This method has been recommended in the corporate security press for protecting corporate secrets.
One novel idea is to not carry a laptop at all. Carry an iPad and use it to read your email and access your data. Store nothing on the
iPad, and clear the browser cache frequently. No one will know how to search it at a border, as there are no currently no common tools to
image an iPad. Even when those tools arrive, there will be no data to find.
So, how’s your paranoia level?
- Protect Your Laptop, Phone During U.S. Border Searches (howto.wired.com)
- You: Five Best File Encryption Tools [Hive Five] (lifehacker.com)