Lessons

Lesson Info

The Magical Power of Encryption

This next one is gonna be really, really cool 'cause we're gonna talk about encryption, which, from a cyber security perspective is kind of like magic. Now, what is this new magical power that I'm about to share with you? Well, it previously used to be top secret, quite literally. If you go back in time, particularly to World War II, there was something called an enigma machine, and there've been lots of different types of steganography and encryption, and all of that stuff, but this is perhaps one of the most famous ones. Now, for those of you who don't know what encryption is, it uses big math and prime numbers to go ahead and scramble a ton of data. So on this old enigma machine, there were all of these rotors and dials down here, and so even though this might be the standard keyboard, you would push down A by turning these in thousands of different combinations, when you hit A, what would print out on the message might be Z one time, and then tomorrow you would turn the routers and...

it would be B next time, and the people on the other end had another one of these machines, which was keyed exactly the same way so that they could decrypt, or decipher, or read, now in plain text, your secret message. So that's the whole theory of encryption. Knowing that computers are all about ones and zeroes, right, to represent everything, modern encryption uses those ones and zeroes, and big math, to go ahead and change the data so that it can't be read by anybody who doesn't have the secret key. And because of that encryption is key to protecting all of your most sensitive data, right. There's lots of governments out there that want access to your location, there's lots of companies that want your location and your cell phone numbers. But should they get it, right? What would a world be like if you could read and see everything that people did on their cell phone? Watch this video. Watch this video. Imagine a world where you couldn't choose who got to see your private life. Like, your family squabbles. Your medical information. Or, your guilty pleasures. Imagine if you couldn't choose who knew your job struggles. Or, your financial details. You don't want to live in a world without privacy, so let's not. Choosing what's public and what's private allows you to be you. Join the movement for privacy. I wanna thank the Mozilla Foundation for allowing us to use that video, and for a lot of educational stuff that they're putting out there. To get a little bit more into how encryption works, and so you can understand it theoretically, again, all data today is ones and zeroes, whether it be a photograph, a video, a text document, a text message, a status update, to the computer world, it's all ones and zeroes. Now what encryption does is they take a very, very, very large prime number, and they multiply all the ones and zeroes in all of your documents and scramble it. Right, so that you can't read the data unless you've got the secret key, so it takes a piece of data like this, for example when you're buying something online, and it scrambles it into something like this, right. And encryption is key to protecting your photos, your tax information, your medical records, dating information, so use it. How can you use it? Where would you use it? Let's start with your computers. Both Windows and Macs come with a software that is free and included and allows you to do hard disk encryption. Why would you want hard disk encryption? Because it will take all of the data on your computer and scramble it, so strangers can't read it. That means if your laptop is lost or stolen, if your kids happen to walk into the house when you're not there and go on your machine, let's say you're crossing a border and customs wants to see what's on there, right. They won't be able to see your private data if it's encrypted. On the Mac, this feature is called FileVault. It's absolutely free, and I strongly recommend using it. In Windows, it is called BitLocker, okay, and if you go to both Apple and Windows and go to, either control panel, security settings, click on security, and then you'll see FileVault and BitLocker there, and I recommend using it. Now the key thing to keep in mind is we have a ton of data, and while these full drive encryption are great for the data that's on your hard drive, it doesn't do anything for all your data that's in the cloud, which today, there's a lot more data in the cloud than there is on our hard drives. In fact, anything you put in the cloud, anything you put on your phone, right, is completely transparent. Anything you post on social media is entirely transparent and available to others, which means that you've got more data that you need to protect, and to keep private, and if you post something online, anywhere, whether it be Quora, or Twitter, or your local chat board, or Facebook, it's all being gathered, shared, and sold. That is their business model, it is data surveillance. Now most of us also use our own versions of cloud storage. We use services like these to store our pictures in the cloud, or to share a document with a colleague at work, and they are super, super convenient, but you just need to keep in mind that there are some security challenges around some of these services, and here's just a few examples. How many of you remember a few years ago when a whole bunch of female celebrities had their private naked photos leaked online because a hacker had broken into their iCloud accounts? Do you guys remember that? So, just from a security perspective, there's two things that you can do to avoid this type of hack. Number one, don't take naked pictures of yourself. And number two, don't post them online unencrypted in the cloud, because all of this will leak. Do those two things, and you can avoid the headache here. Of course, it's not just iCloud, Dropbox, unfortunately, was famously hacked. They had something like, I forget, it was 68 million accounts, right. So 68 million accounts and credentials have fully leaked and are on the dark web. So if you've used Dropbox, going back the past few years, and you haven't changed your password and updated it, people have access to all of your data, okay. What would prevent this? Two factor authentication, right, then they wouldn't be able to get into your account. You can't protect yourself against companies doing a bad job guarding your data, but you can protect yourself, and prevent others from getting in by having two factor authentication turned on. So be very, very wary of these unencrypted cloud storage services, there is a better way, and I wanna talk about a company called SpiderOak. Why do I like this? Because this allows you to store all of your data encrypted in the cloud. When it leaves your machine, it is encrypted. It gives a unique key of encryption on your hard drive, or on your mobile phone, and it will allow you to encrypt all of your data and put it into the cloud and store it there. It works very much like Dropbox. It all syncs in the background. But they are a company that is highly, highly dedicated to privacy, and they take it very seriously. And what they do is have what's called a trust and zero knowledge policy. So, whereas some companies like Dropbox can have access to your files and understand exactly whether you've posted a porn picture or a naked photo of yourself, SpiderOak has zero knowledge. Nothing leaves your computer until it's encrypted, and they don't have the key to your data in their data centers, all of that is local on your machine. So I recommend this, you can get SpiderOak. There's a free version, there's a paid version, but if you go to that website, and use that code, futurecrimes15, you get a 15% discount. And again, all of this SpiderOak, and many of the other things we just spoke about, will be available, all of the encryption tools, the protection steps, are all in, will come as part of your personalized action digital protection plan if you purchase the course. Okay, another thing that you want to protect in this world are your mobile phones, right. We keep a ton of data on our phones, and guess what, they can be encrypted too. If you're on an iPhone, super easy. Just the mere fact of setting a password on your phone automatically encrypts it. So if you have either a password, regardless of its length, or have enabled a fingerprint on your iPhone, all the data on your phone has been encrypted. With Android, once again, it's a little bit tricky. Sometimes setting the password will go ahead and automatically encrypt your phone, and other times there's a separate step under security where you have to go to encrypt phone. And some versions of Android phones made by some handset manufacturers don't allow it at all. Particularly in certain countries where the government doesn't want you to have encryption. But if you set up encryption on your phone, particularly on the iPhone, your communications will be secure. You may remember a couple of years ago when there was that San Bernardino terrorist attack. A horrible, horrible terrorist attack. The terrorist in that case had encrypted his phone, and the FBI could not get in, and they asked Apple to let them in, and it turned into a big political discussion, and I'm not supporting terrorists being able to hide their communications, but at the same time, I think legal law-abiding citizens should have that right. So, turn on encryption, again if you turn it on biometric password on your phone, you will be encrypted. There's other tools out there that you can use like encrypted messaging, how many of you use WhatsApp? So, just about a year or two ago, WhatsApp turned on encryption worldwide, and you'll see this little note that say your message sent point-to-point are now secured with end-to-end encryption, which is great. For those of you who are on the iPhone, some of your messages are encrypted. If you send a message to another iPhone user, and you see it as blue, that is an encrypted message. If you send one from your iPhone to an Android phone or a computer or somebody else, and it shows up as green, that is not an encrypted message. So green, not encrypted, blue, encrypted. There are specialized apps you can use that come highly recommended. One is Signal, and one is Telegram. These are just like iMessage or WhatsApp, but they're fully encrypted, and these companies take their security and privacy pretty seriously. There's also a free email program that you can use called ProtonMail based in Switzerland. Another zero knowledge based company, and you can send encrypted emails, and they do a fairly good job of deploying end-to-end encryption for email. Another place you want to use encryption to scramble your communications is on your web browsers. We've all seen this, https, the S stands for secure, and it means that what you're doing now in your browser is secure. You also have come dependent on looking for that little green lock, those are good tools. In the old days, very few sites had https security built in. That has changed, now many more sites do. There's an organization called the Electronic Frontier Foundation, eff.org. They're a wonderful, wonderful nonprofit that tries to put out lots of great information about privacy and protection, and they really care about this stuff, and they create their own tools which are really cool. And one of them is a browser extension that EFF itself has created that you can install in Chrome, Firefox, and Opera. And what it does is, is called HTTPS Everywhere, and it enforces that every site you visit must be encrypted, so this will do it in the background for you for free. Unfortunately, given the proprietary code in Internet Explorer, Microsoft Edge, and Safari, there is not a version of https for those browsers. So, but you can download Chrome or Firefox on any machine and run this in the background. And if you do that, you will have a secure connection. It's a great way of locking down any of the data that leaves your computer. But it's not full proof, it only protects the data in your browser. There is other data that leaves your computer that we'll talk about in a minute, and you need a different way to protect it. Particularly, when you travel.