Hannah Commodore was one of the speakers at Tuesday night’s Cryptoparty in Melbourne; talking specifically on encrypting emails with PGP Keys. We asked Hannah what PGP Keys were and also some general questions about securing your shit online.
Can you tell us a little bit about who you are and what you do?I’m pretty boring. I work as a systems administrator and network engineer. However I enjoy helping the disadvantaged. I’ve worked setting up community Mesh Networking in Australia and East Timor.
Why do you care so much about encrypting your emails and chatting securely?
We put letters in envelopes. With a lot of chat and with email, this is often sent in the clear over the internet (meaning unencrypted.) This means that anyone from you to the recipient could possibly see the content of your instant message, or email as it traverses the internet.
We expect privacy in other communications, why should we expect any different from communications on the internet?
It’s about choice. I can choose whether to give my information to Facebook etc. With data retention legislation, that choice is taken away from me. With encryption and better IT security, I can again make the choice myself whether to remain private or not.
What’s something simple people can do right now to protect their online privacy?
Companies tracking us across websites I believe is the biggest hidden threat. From the Facebook Like Button to Google Analytics, companies use these web bugs These features allow the companies to track our browsing histories across the web, regardless of whether we want it or not.
Browser plug-ins like Ghostery, Ad-Block Plus and NoScript will help block these tracking mechanisms.
Do you think some people don’t take their online privacy seriously?
I think people don’t understand the threat, and so don’t take it as seriously as they would otherwise. If people were made aware of the ways in which the Internet is being used to track and monitor everyone, they would take actions to protect their privacy
How would you explain PGP keys to someone as digitally illiterate as my fellow editor Richard?
I don’t think PGP is necessarily for the general population, actually. If you have an identified risk of having your email readable to government and 3rd party companies we rely upon, PGP can help protect your privacy. Most people don’t require level of email security, and can benefit more from other privacy enhancing tools.
Those who do require really private email do need to learn how to use PGP though.
In essence though it uses the same sort of security mechanism as the Lock Icon in browsers denoting that the connection to a website is encrypted. The web encryption only ensures trust in one direction: that you can trust the web page you’re browsing belongs to the company that you intended to visit. PGP does this too, but also ensures trust in the other direction, so both parties can be certain they are communicating with whom they intend.
Where’s somewhere you can point us (links are fine) to guide us in setting up our own PGP key?
What is your biggest concern about the Australian government’s new data retention laws?
There’s plenty of concern, but I believe the biggest threat is the retained information being hacked and exfiltrated. The vast amount of personal data would be a gold-mine to identity thieves and other bad actors
How did you find the response from Tuesday’s Cryptoparty?
I’ve participated in a number of Crypto Parties, and I thought Tuesday’s was a good one. There’s a lot of other information and tools aside from VPN/Tor/PGP to cover, and not everyone will benefit from the tools we spoke about. People need to understand all the risks of internet presence, and ways to increase privacy. I hope that ThoughtWorks continues to host these events, and other risks and tools can be discussed.
A friend of mine is under the perception the things we learnt about on Tuesday (PGP keys, VPNs etc) are illegal. They’re not, but why do you think people associate this level of privacy with illegality?
I don’t know why anyone believes silly things 🙂
Again, we have the chance to choose our own level of privacy in day-to-day interactions, why shouldn’t the same be applied to internet communications?
VPNs and Tor are in the news often regarding copyright-infringement or trading sites like the Silk Road. This of course leads people to connect these privacy enhancing tools with those nefarious actions.
That’s the medias fault though, just as not all asylum seekers are possible Tamil terrorists, not all privacy advocates are Game of Thrones pirates or hit-men on the dark-net.
Anything else you want to say?
Privacy is a right. We need to protect and increase it to remain viable as a society.
Also, vote Pirate if you care about internet freedoms!
Hannah Commodore is a member of the Pirate Party Australia but is not speaking with Catalyst in an official capacity.