My keen interest in online security and privacy has recently blossomed into a full on obsession. Some may say it's because I'm eccentric and weird, but it's at least partly because of the crazy new laws going down in this country. There is an excellent chance that all of your e-mails and IM conversations are at the very least being analyzed and logged. I doubt anyone actually reads them, but you never know.

The common argument against online privacy measures is "if you have nothing to hide, why do you care?". True, I'm not some criminal mastermind, but it's not unreasonable for people to think that I am. Many people in real life think that I'm a drug dealer for some reason. The forums that I visit to read about privacy concerns are often hot beds for credit card scammers. I think credit card scamming is retarded and would never do it, but I'd hate to be accused of being guilty by association.

There are also a lot of people sniffing traffic. The average internet user doesn't realize that it's not particularly difficult to intercept traffic on the internet - especially if you're using a wireless or shared connection. Encrypted communication can be intercepted, but not decoded - making it useless.

E-mail

No one seems too concerned with encrypting e-mail. This is probably the result of everyone using web clients. I don't understand why everyone is so obsessed with gmail, yahoo mail, etc. but that's another post.

PGP stands for Pretty Good Privacy. If you want info on it, look it up elsewhere. Basically it's very easy cryptography to use, and very difficult to break. There are several ways to use it to encrypt your e-mail.

The easiest and best way is to use The Bat!. This e-mail client is leagues better than Outlook, Outlook Express, and Thunderbird. It's super configurable, very compact and nice looking, and isn't a memory hog. It has all the features you know and love, and even has plugins for many different anti spam and anti virus methods. Best of all, it has built in PGP. Going through the process takes 5 minutes at most, and you can now send encrypted messages to anyone using PGP.

Thunderbird has a great plugin called Enigmail. It's free, easy to install, and integrates into Thunderbird perfectly. This is what I used until I switched to The Bat!.

There are also some PGP plugins for Outlook and Outlook Express. I don't use these programs, so I have no idea which plugins are the best.

The cool thing about PGP e-mail is that you don't have to worry about the other person using the same e-mail program as you. That is... unless they use Freenigma.

Freenigma is the only option for gmail, which is good for you if you use gmail and all of your friends do too. It's super easy to set up, but it's not interoperable with other PGP services.

Instant Messaging

Instant messaging used to be hard to encrypt. Every client used a different protocol, and none of them worked together. Trillian has a decent built in one. It's very easy to use, but apparently also fairly easy to crack. Still - just having one layer of defense is a huge step up from nothing.

But now there is an awesome product that works with every popular client and protocol. I like using trillian, but I can still encrypt chats with friends using AIM or that stupid google chat thing.

Installing SimpLite is really easy. It's free, and it even changes the text color of your friends messages to reflect whether or not the conversation is encrypted. The program runs in your tray and is very non-intrusive.

Encrypting Files

Even if you're the only person who uses your computer and you trust everyone else, you should encrypt personal files. If your computer gets stolen, do you really want a potential hacker to have all the time in the world to search through your files?

Your first line of defense can be SecurStar DriveCrypt Plus. This program encrypts your whole hard drive in real time. That means that even if someone takes your hard drive out of the computer and puts it in their computer, they can't read a single thing off of it. If your computer is on, however, your files can still be read like normal.

You can also make container files that basically act as encrypted directories. They're useful for storing sensitive files so that people can't get at them even if they have full access to your computer while it's on. The best program to do that with is SecurStar DriveCrypt. There is a free alternative called TrueCrypt, but it has a major security flaw that lets anyone who knows what they're doing get into your files.

Anonymous Surfing

Want to buy a sex toy, but don't necessarily want people seeing it your history? Want to look up some embarassing medical condition you have but don't want it in your google search history? Or maybe you just want to leave a nice anonymous comment on someone's blog and don't want them to be able to figure out that it came from your city.

Enter Torpark. Torpark is a self contained copy of firefox with a built in anonymous proxy router. Have you ever seen those movies where someone is "bouncing their signal" all over the globe, and there are cool red lines showing where it's going? That's basically what this is. It routes your traffic through a number of anonymous proxy servers all over the world, making it impossible to find out who is visiting the site.

One little trick I like is to put your copy of Torpark inside a Drivecrypt file container. Torpark is a portable app, meaning it doesn't need to be installed - you just copy it and go. When you put it in the Drivecrypt container, you can safely browse knowing that no one will ever see your history or know where your traffic is coming from.

Just do it

There are many more complicated ways to secure your personal information, but they aren't better. The methods I've outlined represent the best technology with the easiest implementation. You could probably set up everything I mentioned here in about 45 minutes. Maybe all of it is pointless and you'll never need this level of security, but it's so transparent that you may as well have the safety net.