我们每天使用数十种在线服务和应用程序来发送和接收电子邮件和短信、进行视频通话、在线阅读新闻和观看视频(news and watch videos)等等。跟踪和保护我们每天生产和消费的大量数据非常困难。(insane amount)
如果你在想,“我没有什么可隐瞒的”,那你就错了。您在网络中释放但未能保护的每一条数据都可能被用来对付您。在不法分子手中,这些数据点可以被收集和关联以创建一个数字配置文件,然后可以用来对您进行欺诈、伪造和网络钓鱼攻击。
您的数字资料还可能被用来以令人讨厌和令人毛骨悚然的方式侵犯您的隐私,例如根据您最私密的偏好和信息向您展示个性化的广告。
但是,现在开始保护您的数字信息免受不受欢迎的眼睛的侵害永远不会太早。在这方面,您最好的朋友是加密,即使用数学对数据进行加扰的科学。加密(Encryption)确保只有有意的人才能读取您的数据。访问您的数据的未经授权的各方只会看到一堆无法破译的字节。
以下是加密存储在设备和云中的所有数据的方法。
加密您的设备上数据
首先,简单的部分。您应该首先加密您实际持有的数据。这包括您存储在笔记本电脑、台式电脑、智能手机、平板电脑和可移动驱动器上的内容。如果您丢失了设备,就有可能将敏感信息落入坏人之手。
加密设备上数据的最安全方法是全盘加密 ( FDE )。FDE对设备上的所有内容进行加密,并且只有在用户提供密码或 PIN 码(password or PIN code)后才能使用这些数据。
大多数操作系统都支持FDE。在Windows中,您可以使用BitLocker在您的 PC 上打开全盘加密。在 macOS 中,全盘加密称为FileVault。您可以阅读我们关于使用BitLocker 和 FileVault(BitLocker and FileVault)的分步指南。
Windows BitLocker还支持加密外部驱动器,例如存储卡和USB拇指驱动器。在 macOS 上,您可以使用磁盘工具(Disk Utility)创建加密的 USB 驱动器(create an encrypted USB drive)。
或者,您可以尝试硬件加密设备。硬件(Hardware)加密驱动器要求用户在将设备插入计算机之前在设备上输入PIN 码。(PIN code)加密驱动器比非加密驱动器更昂贵,但它们也更安全。
您还应该加密您的移动设备。设备上的加密将确保未经授权的人无法访问您手机的数据,即使他们可以物理访问它。iOS 和 Android 都支持全盘加密。默认情况下,所有运行 iOS 8.0 及更高版本的Apple设备(Apple)均已加密(are encrypted by default)。我们建议您保持这种状态。
由于操作系统默认(OS default)设置和界面可能因制造商和操作系统版本而异, (manufacturer and OS version)Android 环境(Android landscape)有点分散。确保(Make)检查您的是否已加密(yours is encrypted)。
在云中加密您的数据
我们依靠Google Drive、DropBox 和 Microsoft OneDrive等(DropBox and Microsoft OneDrive)云存储(cloud storage)服务来存储我们的文件并与朋友和同事分享。但是,虽然这些服务可以很好地保护您的数据免受未经授权的访问,但它们仍然可以访问您存储在其云服务中的文件的内容。如果您的帐户被劫持,他们也无法保护您。
如果您对Google 或 Microsoft(Google or Microsoft)访问您的敏感文件感到(t feel)不舒服,您可以使用Boxcryptor。Boxcryptor与最流行的存储服务集成,并添加了一层加密来保护您的文件,然后再将它们上传到云端。这样,您可以确保只有您和您与之共享文件的人会知道他们的内容。
或者,您可以使用端到端加密 ( E2EE )存储服务(storage service),例如Tresorit。在将文件存储在云中之前,E2EE 存储(E2EE storage)服务会使用您专有的密钥对文件进行加密,甚至存储文件的服务也无法访问其内容。
加密您的互联网流量
与加密文件同样重要的是互联网流量(internet traffic)的加密。您的互联网服务提供商(service provider)( ISP ) 或可能潜伏在您使用的公共Wi-Fi 网络(Wi-Fi network)上的恶意行为者将能够窃听您浏览的站点以及您使用的服务和应用程序。他们可以使用该信息将其出售给广告商,或者在黑客的情况下使用它来对付您。
为了保护您的互联网流量(internet traffic)免受多管闲事和恶意方的侵害,您可以注册虚拟专用网络 (VPN)。当您使用VPN时,您的所有互联网流量(internet traffic)都经过加密,并在到达目的地之前通过VPN 服务器传输。(VPN server)
如果恶意行为者(或您的ISP)决定监控您的流量,他们将看到的只是您和您的VPN 服务器(VPN server)之间交换的加密数据流。他们将无法弄清楚您正在使用哪些网站和应用程序。
需要考虑的一件事是,您的VPN 提供商(VPN provider)仍将全面了解您的互联网流量(internet traffic)。如果你想要绝对的隐私,你可以使用The Onion Router (Tor)。Tor既是暗网网络(darknet network)的名称,又是同名浏览器(namesake browser),它加密您的互联网流量并(internet traffic and bounces)通过几台运行专门软件的独立计算机将其反弹。
Tor 网络(Tor network)中的任何计算机都不完全了解您的互联网流量(internet traffic)的来源和目的地,这为您提供了完全的隐私。然而,Tor带来了相当大的速度损失(speed penalty),并且许多网站会阻止来自Tor 网络(Tor network)的流量。
加密您的电子邮件
我想我不需要告诉你保护你的电子邮件的重要性。问问(Just ask) 约翰波德斯塔,他泄露的电子邮件可能让他的老板失去了担任总统的机会。加密您的电子邮件可以保护您的敏感通信免受未经许可访问它们的人的侵害。这可能是闯入您帐户的黑客,也可能是您的电子邮件提供商(email provider)本身。
要加密您的电子邮件,您可以使用Pretty Good Privacy (PGP)。PGP是一种开放协议,它使用公私钥加密使用户能够交换加密的电子邮件。使用PGP,每个用户都有一个所有人都知道的公共信息,这使得其他用户能够向他们发送加密的电子邮件。
只有用户知道并存储在用户设备上的私钥可以解密用公钥加密的消息。如果无意的一方截获了 PGP 加密的电子邮件,他们将无法阅读其内容。即使他们通过窃取您的凭据闯入您的电子邮件帐户(email account),他们也无法阅读您加密电子邮件的内容。
PGP的优点之一是它可以集成到任何电子邮件服务中。有很多插件可以将PGP 支持(PGP support)添加到电子邮件客户端应用程序,例如Microsoft Outlook。如果您使用的是Gmail 或 Yahoo 网站(Gmail or Yahoo websites)等 Web 客户端,则可以使用Mailvelope,这是一种浏览器扩展程序(browser extension),可为大多数流行的电子邮件服务添加易于使用的PGP 支持。(PGP support)
或者,您可以注册端到端加密电子邮件服务(email service),例如ProtonMail。ProtonMail无需采取任何额外步骤即可加密您的电子邮件。与Gmail 和 Outlook.com(Gmail and Outlook.com)等服务不同,ProtonMail将无法阅读您的电子邮件内容。
加密您的消息
消息应用程序已成为我们生活中不可分割的一部分。您可以使用数十种消息服务与家人、朋友和同事进行交流。但它们提供不同级别的安全性。
最好使用端到端加密的消息传递服务。(messaging service)如今,大多数流行的消息传递服务(messaging service)都提供端到端加密。一些示例包括WhatsApp、Signal、Telegram、Viber 和 Wickr(Viber and Wickr)。
但是,默认启用E2EE的那些更安全。WhatsApp、Signal 和 Wickr 默认(Signal and Wickr)启用端到端加密。
此外,基于开源协议的消息传递服务更可靠,因为它们可以由独立的行业专家进行同行评审。Signal Protocol是支持WhatsApp 和 Signal(WhatsApp and Signal)的E2EE 技术(E2EE technology),是一种开源协议,已得到许多安全专家的认可。
How to Encrypt All Your Online and Offline Data
We use dozens of online services and applications every dаy to send and receive emails and text messages, make video calls, read news and watch videos online, аnd much more. And it’s extremely hard to keep track and secure the insane amount of data we produce and consume eνery day.
And in case you’re thinking, “I have nothing to hide,” you’re wrong. Every piece of data that you unleash in the web and fail to secure can be used against you. In the wrong hands, those data points can be gathered and correlated to create a digital profile, which can then be used to commit fraud, forgery and phishing attacks against you.
Your digital profile can also be used to invade your privacy in annoying and creepy ways such as showing you ads that are personalized based on your most intimate preferences and information.
However, it’s never too soon to start protecting your digital information from unwanted eyes. In this regard, your best friend is encryption, the science of scrambling data using mathematics. Encryption makes sure only intended people can read your data. Unauthorized parties who access your data will see nothing but a bunch of undecipherable bytes.
Here’s how you can encrypt all the data you store on your devices and in the cloud.
Encrypt Your On-Device Data
First, the easy part. You should start by encrypting the data you physically hold. This includes the content you store on your laptop, desktop PC, smartphone, tablet and removable drives. If you lose your devices, you risk placing sensitive information in the wrong hands.
The most secure way to encrypt your on-device data is full-disk encryption (FDE). FDE encrypts everything on a device and only makes the data available for use after the user provides a password or PIN code.
Most operating systems support FDE. In Windows, you can use BitLocker to turn on full-disk encryption on your PC. In macOS, the full-disk encryption is called FileVault. You can read our step-by-step guide on using BitLocker and FileVault.
Windows BitLocker also supports encrypting external drives such as memory cards and USB thumb drives. On macOS, you can use the Disk Utility to create an encrypted USB drive.
Alternatively, you can try hardware encrypted devices. Hardware encrypted drives require users to enter a PIN code on the device before plugging it to the computer. Encrypted drives are more expensive than their non-encrypted counterparts, but they are also more secure.
You should also encrypt your mobile devices. On-device encryption will make sure that an unauthorized person won’t be able to gain access to your phone’s data, even if they get physical access to it. Both iOS and Android support full-disk encryption. All Apple devices running iOS 8.0 and later are encrypted by default. We suggest you leave it that way.
The Android landscape is a bit fragmented since OS default settings and interfaces might differ based on manufacturer and OS version. Make sure to check yours is encrypted.
Encrypt Your Data in the Cloud
We rely on cloud storage services such as Google Drive, DropBox and Microsoft OneDrive to store our files and share them with friends and colleagues. But while those services do a good job to protect your data against unauthorized access, they still have access to the contents of the files you store in their cloud services. They also can’t protect you if your account gets hijacked.
If you don’t feel comfortable with Google or Microsoft having access to your sensitive files, you can use Boxcryptor. Boxcryptor integrates with most popular storage services and adds a layer of encryption to protect your files before uploading them to the cloud. This way, you can make sure that only you and the people you share your files with will be aware of their content.
Alternatively, you can use an end-to-end encrypted (E2EE) storage service such as Tresorit. Before storing your files in the cloud, E2EE storage services encrypt your files with keys that you exclusively hold, and not even the service that stores your files can access their content.
Encrypt Your Internet Traffic
Perhaps equally as important as encrypting your files is the encryption of your internet traffic. Your internet service provider (ISP)—or a malicious actor that might be lurking on the public Wi-Fi network you’re using—will be able to eavesdrop on the sites you browse to and the services and applications you use. They can use that information to sell it to advertisers or, in the case of hackers, use it against you.
To protect your internet traffic against nosy and malicious parties, you can sign up to a virtual private network (VPN). When you use a VPN, all your internet traffic is encrypted and channeled through a VPN server before reaching its destiny.
If a malicious actor (or your ISP) decides to monitor your traffic, all they’ll see is a stream of encrypted data exchanged between you and your VPN server. They won’t be able to figure out which websites and applications you’re using.
One thing to consider is that your VPN provider will still have full visibility on your internet traffic. If you want absolute privacy, you can use The Onion Router (Tor). Tor, which is both the name of a darknet network and a namesake browser, encrypts your internet traffic and bounces it through several independent computers running a specialized software.
None of the computers in the Tor network has full knowledge of the source and the destination of your internet traffic, which gives you full privacy. However, Tor comes with a considerable speed penalty, and many websites block traffic coming from the Tor network.
Encrypt Your Emails
I guess I don’t need to tell you the importance of protecting your emails. Just ask John Podesta, whose leaked emails might have cost his boss her chance at presidency. Encrypting your emails can protect your sensitive communications against people who gain unwanted access to them. This can be hackers who break into your account, or your email provider itself.
To encrypt your emails, you can use Pretty Good Privacy (PGP). PGP is an open protocol that uses public-private key encryption to enable users to exchange encrypted emails. With PGP, every user has a public, known to everyone, which enables other users to send them encrypted emails.
The private key, which is only known to the user and stored on the user’s device, can decrypt messages encrypted with the public key. If an unintended party intercepts a PGP-encrypted email, they won’t be able to read its contents. Even if they break into your email account by stealing your credentials, they won’t be able to read the contents of your encrypted emails.
One of the advantages of PGP is that it can be integrated into any email service. There plenty of plugins that add PGP support to email client applications such as Microsoft Outlook. If you’re using a web client like the Gmail or Yahoo websites, you can use Mailvelope, a browser extension that adds easy-to-use PGP support to most popular email services.
Alternatively, you can sign-up to an end-to-end encrypted email service such as ProtonMail. ProtonMail encrypts your emails without the need to take any additional steps. Unlike services such as Gmail and Outlook.com, ProtonMail won’t be able to read the content of your emails.
Encrypt Your Messages
Messaging apps have become an inseparable part of our lives. There are dozens of messaging services you can use to communicate with family, friends and colleagues. But they provide different levels of security.
Preferably, you should use a messaging service that is end-to-end encrypted. Nowadays, most popular messaging services provide end-to-end encryption. Some examples include WhatsApp, Signal, Telegram, Viber and Wickr.
However, those that enable E2EE by default are more secure. WhatsApp, Signal and Wickr enable end-to-end encryption by default.
Also, messaging services that are based on open-source protocols are more reliable because they can be peer-reviewed by independent industry experts. Signal Protocol, the E2EE technology that powers WhatsApp and Signal, is an open-source protocol that has been endorsed by many security experts.