Friday, April 14, 2017

Encryption for the Masses

Let us talk a bit about encryption. 

Most of us never really use encryption, unless we use it passively, when we do our banking over the net using an encrypted app, or we visit a secure website using the https protocol. 

It has taken time, but encryption is finally becoming accessible to the rest of us. My own crypto education leapt forward primarily due to a service called KeyBase, found at https://keybase.io

I noticed that some smart dudes that I met had KeyBase addresses on their Twitter profiles. Being curious, I clicked. 

And now, so should you. Just open up a new window with my KeyBase profile on it from https://keybase.io/ma91c1an and refer to it as you follow along with me.

What KeyBase is, is a service that:

*Generates, archives and serves PGP keys.

*A service that offers encrypted chat (which everyone can use on occasion).

*KeyBase is a service that makes it dead simple to encrypt and sign text.

*You can also decrypt text.

*And digitally sign your own messages.

*You can confirm the digital signature of your correspondents. 

KeyBase also offers encrypted file sharing, and using the KeyBase app on a computer instead of the web interface on a tablet or smartphone teaches you how to use a command line interface, an interface that is wickedly fast. 

I was always jealous of my pal Ted Pukas, he was a Unix genius, an über-geek of the first order, and he could fly using a command line interface. When I limp through commands using the KeyBase app, I flash back to the fact that even Ted Pukas was once a neophyte like I am now.  

But most of all, what KeyBase offers is ID verification. You can use the KeyBase service to confirm that you are talking to the real me, and not to an imposter. 

I have one friend in particular, let us call him Jeff, a great man of some notoriety, who is plagued by fakes abusing his name and his likeness to engage in fraud, who should look hard at KeyBase. KeyBase can save him from much drama. 

When someone receives a message that Jeff is stranded in a foreign capital and was just robbed and can somebody please send him some money, it takes just a moment to confirm whether the request came from the real Jeff or from some dude in Nigeria.

What Jeff could do is, he could post a statement that any communication that does not link back to a verified account on his KeyBase profile is null and void. 

This would invalidate the fake accounts created in his name daily. He could send a short statement to the legions of the lovelorn wondering what happened after they sent him money: "If the communication did not come from an account listed on this page, it is fake." 

Jeff, please let me know if you need assistance. I am pleased to help.

KeyBase at first is not that intuitive, but this is actually a virtue, for as you figure it out and you set up its various verification mechanisms, KeyBase is actually teaching you, and raising your digital IQ. 

I have stepped through each of KeyBase's verifications, with the exception of proving a Hacker News identity, and setting a Zcash address. Setting a Hacker News identity and a Zcash address is a proverbial bridge too far for me. As for the rest, I now understand things that used to mystify me. And so can you. 

I generated new PGP keys. You may have noticed that my PGP fingerprint is now on my Facebook page and on my website. A link to my KeyBase profile is posted everywhere else. My PGP fingerprint is now in the .sig of every email that I send. 

It looks like this:

PGP Fingerprint:
1B92 CCE6 D7FD 8AC4 7E0B
661D AC2E 605D AA73 5DF0

For what, you wonder? Indeed. It is so that anyone communicating with me can readily drop into an encrypted communications medium. All that you need to do is click on the icons in the upper right of the KeyBase interface. You can encrypt, decrypt, sign, and verify with a simple click. 

You have nothing to hide, you say? I bet that John Podesta is now using encryption. 

What happened to Podesta, clicking on a phishing link, can happen to any of us. Yes, Podesta was epically stupid, he created a new password on a fake Gmail page, he actually used "password" as his password. We are collectively shaking our heads. But honestly, his own errors aside, what happened to John Podesta could happen to any of us. 

After John Podesta's Gmail account was owned, his emails were published on WikiLeaks, PizzaGate was spawned, and the presidency went to Donald Trump. The Podesta leaks were a critical blow to Hillary's campaign. 

If Podesta used encryption back in the day, Crooked Hillary would now be our president.

So. If you do not wish to see your own emails enshrined in perpetuity on the net, please bear with me, indulge me, and hear me out. Creating a KeyBase account, generating PGP keys, and actually using them is now child's play. Anyone can do it. 

But there is more. You can also authoritatively identify yourself on the net, courtesy of KeyBase. 

Confirming your identity on services like Twitter, Facebook, Github and Reddit using KeyBase is dead simple. Anyone can do it. As you can see when you look at my own KeyBase profile page, I have proven that my username on those services is in fact held by me. Malefactors can attempt to masquerade as me, but their claim can be debunked using my KeyBase profile, an unimpeachable authority.

It is a bit more complicated to confirm your ownership of a website, or more specifically, your ownership of a web address, a website URL. It did take me a couple of days to figure this out, and I got a crash course in DNS, the Domain Name System, in the course of the exercise, which is the protocol that serves up the content that you reading right now. 

If you are a content creator with a website, KeyBase offers a beautiful way to confirm that that domain belongs to you. 

Finally, I set up a Bitcoin wallet. This was as simple as registering an account with Coinbase, a service that I already knew about from watching YouTube videos by David Seaman (https://www.fulcrumnews.com). You can do this, as well, and link a Bitcoin wallet to your checking account. If you like, you can send me some Bitcoin

Here: 1GSiJSmaW8T9R3bMHoqTLSqBqpxmZUZHkH

Making a Bitcoin wallet means that you can receive funds or send funds using the Bitcoin protocol. You can then engage in transactions with anonymity. There are many potential applications for this, for both good and ill. I consider Bitcoin to be just another currency. But this currency has several advantages over dollars, for example, or over Euros. 

Entire videos and websites explain the benefits of Bitcoin, so I will just assume that you are curious about Bitcoin and you can follow the path that I took, registering a Coinbase account.

I just made my first investment in Bitcoin a few days ago. I am now a netizen indeed. :)

And so can you be.

I encourage you to read the FAQs on KeyBase and Coinbase, and by all means, register your own PGP keys! 

Encryption for the masses. Because what is said between consenting adults should remain private between them unless they choose to share it. 

Using KeyBase and PGP can nullify the apathy that NSA and FVEY utterly rely upon to snoop on us all. 

As I always say: if you want to know what I said, get a real warrant from a real judge.