How To Encrypt Your Internet Traffic

cyber.jpg

You’re reading this because you wanted to know how to encrypt your traffic for one reason or another. This guide is most useful for persons looking to hide their activity from an ISP in response to the recently passed legislation allowing your ISP to monitor, record, and sell your user data without permission. It also may be useful for people who are working actively to oppose persons in power, or people trying to protect their data from snooping cyber-criminals or governments.

The below measures vary in difficulty to implement and effectiveness. To my fellow experts: if you see an error or omission, please email me and I’ll edit this guide to correct that issue.

Technique: HTTPS Everywhere.


Effectiveness: ★★ Ease: ★★★★ Cost: Free

HTTPS is a browser extension available for Chrome, Firefox, Opera, and Android. It is produced by the Electronic Frontier Foundation, a widely respected non-profit for the purpose of protecting people’s digital privacy. When installed, it automatically redirects any of your unencrypted connections with websites to encrypted ones, if that website supports encryption (so http://www.youtube.com/ automatically becomes https://www.youtube.com/).

htImage.jpg

This encrypts your session with the website on that browser, but does not hide that you went to that website. Your ISP (or whoever is watching you) can easily see that you went to Youtube, but not what you’re doing there. It only works for websites that support HTTPS encryption, and only in the browsers you have the extension installed in. Also, HTTPS isn’t the best encryption out there (remember Hearthbleed?), but it’s better than nothing. The extension is available here: https://www.eff.org/https-everywhere.

Technique: Virtual Private Network (VPN).


Effectiveness: ★★★★ Ease: ★★ Cost: $3.33/mo*

VPN software runs either on your machines (computer and phones) or your router. The software takes ANY internet request emanating from your machine, encrypts it, and forwards it to servers owned by the VPN provider. The servers then decrypt the data, and send it on its way. Replies come back to the VPN servers, are encrypted, and then sent to you where your machine decrypts them. VPNs are very good at concealing your activity from your ISP. ISPs can easily see that you’re using a VPN, since all your data is gibberish, and is all going to the same IP address, but they can’t see what’s in it without some significantly more difficult analysis on their part. Some routers come with VPN available in the firmware (like my Netgear N7000).

tunnel.jpg

If you don’t trust your router company to properly protect you, or don’t feel up to messing with firmware, I recommend Private Internet Access (PIA*). This company provides software for your computers, apps for your devices, and a Chrome extension that link you to their VPN servers all over the world. Their privacy score is pretty high (this website analyzes the different privacy aspects of TONS of VPN providers https://thatoneprivacysite.net/vpn-... ), they’re easy to setup, you can exit in a bunch of countries (hello Canadian Olympics coverage!). It’s $3.33/mo if you buy a whole year, and you can pay with Starbucks gift cards if you’re REALLY paranoid about privacy. If you want an even more private VPN, and have some higher technical know-how, check out that comparison chart for non-US based companies who still can provide high speeds and have good policies. PIA is available here: https://www.privateinternetaccess.com/... You can also flash DD-WRT to your router and configure it to work with a great many trustworthy VPN providers, but if you understood that sentence, you don’t need my help setting it up.

Technique: Encrypted messaging.


Effectiveness: ★★★★★ Ease: ★★★★ Cost: Free**

Want to talk privately to someone using your phone? SMS is not hidden by your VPN. If you use data messaging (Facebook, Hangouts, etc) then going through a VPN may hide it from your carrier, but not from the messaging provider (Facebook, Google, etc). You need an encrypted messaging application. Traitorous leakers, controversial journalists, and narco-criminals all agree, Signal** is the way to go. It’s easy to install, easy to add your friends and invite them to install it, and provides excellent encryption from end-to-end. It does not, however, protect you from this:

 security.png

Signal is available in the App Store, or the Play Store. I intentionally did not cover e-mail encryption, smartphone encryption, or hard drive encryption in depth because they don’t (usually) pass through the ISP unencrypted to begin with. If there’s enough demand, I’ll add sections on that. For a quick rundown: E-mail encryption: if you use Gmail, it’s encrypted in transit already, but Google can read any of it any time they want. You can manually encrypt the contents of any email, but it’s a pain in the butt. Get an encrypted e-mail provider. Yes, it will cost money. Smartphone: iPhone: Enable “Simple Passcode” in settings. Done. Android: Settings > Personal > Security “Encrypt Phone”. Done. (Choose good keys!) Hard drives: Windows users can enable BitLocker and Mac users can enable FileVault, if you trust Microsoft and Apple to keep your keys secure. If not, VeraCrypt. Hope that helps!


 

Seth Martin is a blog and newsletter contributor to the Libertarian Party of Nevada. He is an expert on cybersecurity, cryptography, and computer engineering. His views and endorsements are his own and not necessarily those of the Libertarian Party of Nevada.