Do you guys encrypt your data? Or maybe some but not all? Broader, how concerned are you all about your privacy? Why?

I think Hubski will have some interesting ideas on this. Most of you seem rather tech savvy, but not as alarmist and paranoid as a lot of the reddit crowd. Besides, ya'll always have good thoughts.

Personally, I try some. I use TOR or a VPN a lot of the time. Signal is my SMS app (though I don't believe any friends use it, which negates most of it's utility). I have a PGP key I use occasionally. I know enough basics to feel okay using cryptocurrency. But I've held back from fully encrypting my phone, both because it's permanent, and because I'm not sure I'm ready to go that far. Plus, I've still got Facebook.

But anyways, rather hear what you all think than have you just read my bit on it.


squirvel:

As big as an advocate for encryption I am, full system encryption is only useful if the computer isn't connected to the net, or you want to prevent the average Joe from accessing your files. (Note that this is for personal computers, servers are a VERY different story.) If it is connected to the net, malicious code is far more likely to compromise your system than someone cracking your password.

Tor and VPNs are more privacy related than anything else, and for the most part any major VPN provider will log the connections for government agencies. Tor is a bit harder to crack, but assuming one can control a good portion of entrance and exit nodes, one could potentially de-anonoymize a certain percentage of connections.

PGP is a great example of secure messaging and is one of the many things that I should, but don't have a firm grasp on, or use at all. For me that's pretty surprising, especially with the alarming amount of surveillance in these days. One thing to note though is that PGP usually uses RSA encryption which is based on modulo functions with very large prime numbers as a result. One thing to note is that smaller sized RSA keys such as 256bits are (<--- Note the publishing year) completely insecure due to advances in factoring technologies. If you looked at the last link it also talks about the equation for the "number n, there exist prime numbers p and q such that n = p × q." Reversing the equation we get the P versus NP problem, which I'd recommend reading the consequences if p = np or not. As a side note google in 2012 began using 2048bit RSA keys, although I'm pretty sure they now use 4096bit, but I can't find any articles on that.

Outside of factoring, there are also other mathematical methods of encryption, such as elliptical curve. (Which I have far less knowledge of) However, encryption isn't everything. For example, you can crack any password for 5 dollars. Along with that, encryption can be made insecure due to malformation of keys, non-truely-random code, OS caching (ex: paging file, assuming you're not running full disk encryption), and potential spies.

In the end however, I believe that encryption is important to privacy, security, and our freedom. Keeping your data safe from outsiders can only be done by securing not only your hardware, but the far more vulnerable software. Encryption is needed in communication, transactions, and privacy as without, so many things would be in the eye of the public.

As an ending note, I think it is far more important to tie both encryption and anonymization together, as if either is broken, then the other becomes far easier to break and hence your privacy, freedom, and security become compromised.


posted by jleopold: 1156 days ago