Privacy guide: everything you need to know about encryption

By on
Privacy guide: everything you need to know about encryption

We've rounded up the best tools and methods for encrypting all your data across all your devices.

Encryption is a hot topic in the news, what with various governments threatening to ban it in the interests of national security and ransomware such as WannaCry using encryption to cause widespread chaos. But there are plenty of non-criminal reasons to encrypt your data, and protecting your files, messages and browsing habits from prying eyes needn’t mean you’ve got something to hide.

After all, it’s nobody else’s business what you say and do on your PC, phone and on the web.

In this special feature, we reveal the best free ways to encrypt everything in your digital life, and explain why you might want to do so. We look at how to secure your communications; encrypt files and folders; prevent anyone from spying on your browsing; and protect all your devices.

First, let’s look at some of the commonly asked questions about encryption.

What is encryption?

Encryption is the process of encoding messages and information so they can only be accessed by authorised parties, usually via a key that’s generated using an algorithm. The encrypted data can only be decrypted by another party in possession of the key.

Are there different types of encryption?

The two main types of encryption are symmetric and asymmetric. Symmetric uses the same key for both encryption and decryption; asymmetric uses a combination of a private and a public key. The private key is kept secret by the owner while the public key is shared for anyone to use to encrypt messages – PGP (Pretty Good Privacy) is one of the most widely used public-key encryption methods. Data encrypted with the public key can only be decrypted with a corresponding private key.

What is end-to-end encryption?

End-to-end encryption – as used by messaging services such as WhatsApp and iMessage, as well as online banks and security companies – is asymmetric. It is commonly used to prevent third parties from intercepting and reading sensitive and private data because it virtually eliminates the risk of messages and documents falling into the wrong hands. Anyone who intercepts the encrypted data without the private key will only see gobbledegook or nothing at all.

What are the arguments against encryption?

Following the Westminster terrorist attack on 22 March, it emerged that perpetrator had used WhatsApp seconds before carrying out his crimes. UK Home Secretary Amber Rudd was frustrated that the intelligence services were unable to access his encrypted messages to search for clues, and she called for tech companies to include ‘backdoors’ in encryption, saying: “There should be no places for terrorists to hide”.

The Australian Government followed suit, with Attorney-General George Brandis revealing a plan to “lift the legal obligations on device makers and social media companies to co-operate with authorities in decrypting communications”.

Brandis said that the plan would not include backdooring, although he did not elaborate on how the government expects technology companies to break encryption.

There has been criticism of both the UK and Australian governments about the effectiveness of such new laws. And, in particular, even if encryption backdoors are feasible, many security experts argue that secret government backdoors don’t stay secret for long.

Why don’t more companies use encryption?

That’s a question for those companies to answer. The technology is certainly there. Even Google, which is increasingly forcing websites to use encrypted HTTPS connections or else slip down its search results, only encrypts your Gmail messages on its own servers and not during transit.

Similarly, most Android devices aren’t encrypted by default, whereas all passcode-protected iPhones and iPads are. Indeed, Apple caused controversy last year when it refused to let the FBI gain access to a password-protected iPhone belonging to a gunman.

How do I ensure that my data is encrypted?

Well, that’s the purpose of this guide. Many encryption tools are free and very straightforward to use, and we’ve rounded up what we believe are the very best available. It’s surprising how much content – both on the web and on your PC – remains unencrypted, when it so easily could be, so we hope the advice in this feature helps to put your mind at rest about keeping your data secure and private.

Can I encrypt anything?

Just about, although some websites limit the use of third-party encryption tools. We think you’ll be pleasantly surprised at all the different types of data that can be encrypted nowadays.

Ready to start encrypting? Read on for:

Next: How to encrypt your files and folders.

Having established what encryption can do, let’s get started encrypting. First, how to keep your files and folders safe.

How to encrypt plain text

Plain text is fine for jotting down notes, but it’s not appropriate for sensitive information such as a list of passwords, or your bank or credit-card details. However, many people use it for just such purposes: indeed, Chrome even includes a feature to export a list of your passwords in plain-text format.

Fortunately, there are numerous programs you can use to secure these confidential details to stop anyone reading them. One of our favourites is Cobbler, a tiny tool that encrypts your notes and is very easy to use – just run the software, enter a master password and type in the text you want to protect.

Secure your passwords using the free Dalenryder Password Generator

Another program worth looking at is Dalenryder Password Generator. This is a security tool that creates and manages passwords and PINs, but also includes a powerful Encryption Tool that can secure text.

Lock Microsoft Office files

You can password-protect Word, Excel and PowerPoint files directly within Microsoft Office. The process varies depending on which version of the suite you’re running, but if you have a newer version of Office, simply click File, Info and select Protect Document. You can make your file read-only (final), forbid editing, restrict access, add a digital signature and password-protect it.

Office provides several ways to protect documents, including encryption.

As is the case with most encryption, when securing an Office file in this way, be careful not to lose or forget the password because there’s no way of recovering it. Anyone opening the locked file will be prompted to enter the correct password to gain access.

Create secure PDF files in Office

Microsoft Office lets you save documents directly to PDF format: just click File, Save As and select PDF in the ‘Save as type’ box. To encrypt the file at the same time, so that unauthorised people can’t view its contents, click the Options box underneath. Under PDF Options, tick the option to ‘Encrypt the document with a password’. You’ll then be asked to enter a password twice. This needs to be between six and 32 characters in length.

Encrypt PDF files using PDFill Tools

PDFill Tools offers a selection of useful functions for PDFs, including the ability to encrypt or decrypt your files.

PDFill protects your PDFs to stop them being copied, edited or printed.

It supports both Adobe Standard 40-bit and Adobe Advanced 128-bit encryption, and password-protects PDF files to prevent them from being printed, copied, changed, filled, extracted, signed or merged.

Hide and encrypt files and folders

You can keep personal files on your computer safe from prying eyes by using a tool like Wise Folder Hider. This free tool can hide files, folders and even connected USB drives so they aren’t visible in Windows Explorer unless you ‘unhide’ them by entering a password in the software.

Upgrading to the Pro edition for £19.32 lets you encrypt your files and folders, as well as simply hiding them, making it almost impossible for snoopers to access your private content.

Encrypt files stored in the cloud

Most people keep at least some of their important personal data in the cloud using online-storage services such as Dropbox, Google Drive and OneDrive. If you’re concerned about how safe your files are in these services, you can secure them using the excellent tool Boxcryptor. This is free for personal use and supports more than 20 popular cloud-storage providers. It’s available for Windows, MacOS, iOS, Android, BlackBerry and Chrome.

Protect the files that you store in cloud services by using Boxcryptor.

Like Boxcryptor, Viivo encrypts your files before they are synced to popular cloud-storage services including Dropbox, Google Drive and OneDrive. It’s available for Windows, MacOS, iOS and Android, and as well as encrypting your files, it can compress them to save space.

Share your private files securely

If you want to send a private file to someone over the internet, you should encrypt it beforehand. There are lots of ways to do this, but Secureshare is one of the easiest. This website encrypts the file on your PC using 128-bit AES encryption before uploading it to the web server and generating a self-destructing URL and password.

Secureshare lets you encrypt files without downloading any software.

Send both to your recipient (preferably using separate means, for extra security) and they’ll be able to download and unlock the file. You can select the number of times the file can be downloaded or how long it’s available for.

Encrypt compressed archives

Whether you want to encrypt a few files for emailing or archive a large amount of content for secure safekeeping, 7-Zip is an ideal tool for the job. Add some files to the free compression tool and enter a password to lock the archive.

The program can encrypt both 7z and ZIP files using powerful AES-256 or ZipCrypto (ZIP only) methods. The AES option lets you encrypt the file names as well to prevent people guessing their contents.

Next: encrypt private messages in WhatsApp, Facebook and Gmail.

Protecting files and folders is a good start, but what about your communications? Here’s how to encrypt private messages in WhatsApp, Facebook and Gmail, as well as your email backups.

Chat securely in WhatsApp

WhatsApp uses end-to-end encryption to keep your messages private. WhatsApp’s protection means that, provided you and the person you’re chatting with are using the latest version of the app, all communications are secure and not even WhatsApp itself can see them.

Encryption is turned on in the app by default – there’s no need to enable it manually. However, if you want to check that your messages are secure, tap the three-dot menu in the top-right corner, select ‘View contact’ and under Encryption, you should see a notice stating that all chat and calls are secure. To verify this, click the note and scan the displayed QR code on your contact’s phone, or vice versa.

Secret Facebook conversations

Secret Conversations is a useful hidden feature in Facebook Messenger for Android and iOS that lets you send end-to-end encrypted messages to your friends. The option isn’t enabled by default and you have to start a new private conversation – rather than just continue an existing thread – to use it. Also, it doesn’t work in group chats.

Facebook's Secret Conversations feature lets you encrypt your chats.

To start a secret conversation, tap your profile photo and scroll down to Secret Conversations. Open this option and make sure the feature is turned on (enable it, if it isn’t). Next, tap the New Message button and select the Secret link in the top-right corner. Choose a friend from your contacts and start writing a message. The recipient has to agree to enter a Secret Conversation with you.

Text and call securely using Signal

A growing number of chat apps – including the aforementioned WhatsApp and Facebook – use end-to-end encryption to keep your conversations private, but Signal is more secure than most. This free app, which is used and recommended by NSA whistleblower Edward Snowden, doesn’t store information about its users and lets you chat securely to contacts in your existing phone and address book.

Available for both iOS and Android, the app lets you send hack-proof text, and picture and video messages to individuals or groups, and also make secure phone calls. Most recently, the developer added support for end-to-end encrypted video calls.

Secure your Gmail messages

Although Gmail offers encryption over an HTTPS connection when you’re reading and writing messages, it doesn’t encrypt them while they’re in transit. You can significantly increase your privacy by installing the CryptUp extension for Chrome and Firefox, which secures messages and attachments sent through Gmail in your browser using PGP (Pretty Good Privacy) end-to-end encryption.

It works by adding a Secure Compose button to Gmail so you can quickly send secure messages whenever you need to. If your recipient doesn’t have CryptUp installed, or any other email encryption for that matter, you can secure your messages or files with a password.

Add end-to-end encryption to Gmail messages by installing CryptUp.

CryptUp’s developer is planning to release Android and iOS apps, along with an Outlook add-in, later this year.

Encrypt your email backups

MailStore Home backs up all your emails, and works with any mail provider including Gmail and Outlook.com. Just select the service(s) to back up and it will get to work. You can password-protect the archives, and the software fully encrypts all databases to make it impossible for anyone other than yourself to view the messages.

Next: keep your browsing and social accounts private.

You can also protect your privacy when browsing and searching online, and using social media. Here’s how.

Encrypt your DNS requests

DNS (Domain Name System) is the service used to translate site names into IP addresses that web servers and internet routers can understand. When you type a website name into your browser, a DNS server will look up the IP address that’s linked to it. Unfortunately, attackers can eavesdrop on these requests to see which sites you’re visiting, or spoof DNS services and redirect you to a fake site.

Encrypt your DNS requests to stop hackers sending you to fake sites.

Simple DNSCrypt is a useful free tool that encrypts your DNS requests to make sure nothing is interfered with, and to stop hackers stealing your data.

Encrypt content inside Evernote

If you use Evernote to store information – such as content from the web, personal notes or account details – you can encrypt anything that’s for your eyes only. Just open the note, highlight the part you want to encrypt, right-click it and choose to Encrypt Selected Text. When prompted, enter a passphrase to lock the section.

Evernote offers a handy built-in option for encrypting saved content.

When you want to view that text in future, click it and select ‘Show encrypted text’, then enter the passphrase. You can’t encrypt an entire note or notebook.

Always access secure versions of sites

A growing number of websites now offer the secure HTTPS (Hyper Text Transfer Protocol Secure) version by default and will switch you to it automatically if you try to go to the non-secure HTTP version. This protocol encrypts your data to stop snoopers, including your ISP, from being able to tell which pages you visit on a site.

However, not every website automatically redirects you, which is where HTTPS Everywhere comes in. This essential add-on for Chrome, Firefox and Opera automatically sends your browser to the secure version of a site – if it exists. In other words, if you only type in the basic address, you’ll still end up on the secure site.

It’s updated regularly with new rules to cover additional sites, and lets you block all unencrypted requests by default. HTTPS Everywhere can also be installed in Firefox for Android.

Hide your searches with a duck and a bear

Searches performed in Incognito or Private Browsing mode aren’t secret because, although the details of what you’ve searched for aren’t recorded on your PC or mobile device, the search provider (Google or Bing, for example) still keeps a record of them.

The best way to hide your searches is to use a virtual private networking (VPN) tool such as TunnelBear to disguise your browsing location. You need to log out of your Google or Microsoft account before running any searches or use DuckDuckGo instead, so your searches aren’t stored.

Use DuckDuckGo with TunnelBear to disguise all your searches.

One important note: you may have used encrypted.google.com in the past, but don’t make the mistake of thinking your searches there are any more secure. This is an outdated redirect that was in use before Google switched all searches to the secure HTTPS protocol. You’re just as safe using the regular Google search these days.

Restrict your social media posts

The whole point of a social network is that people see your posts, but you can limit this to only friends or even just yourself. When you make a new status update, click the down button next to Post and choose who sees it – Public, Friends, Friends Except, Specific Friends or Only Me.

Control who sees your posts and photos on Facebook.

Be aware that when you tag someone – in a photo, for example – all their friends will be able to see that post. To keep something between just you and the person you’ve tagged, share it via Facebook Messenger instead, and use that tool’s end-to-end encryption.

Next: encrypt your computer, external hard drive and mobile devices.

Finally, we show you how to use encryption to protect your data if your mobile devices, computers and external drives are lost or stolen.

Add a secure external drive

If you have a lot of personal files that you don’t want falling into the wrong hands, you can store them on a PIN-authenticated, tamper-proof USB drive. The diskAshur Pro range offers drives with up to 2TB capacity, and uses XTS-AES 256-bit hardware encryption. You lock and unlock the drives by typing a PIN on the keypad on the front. The drive automatically locks itself after a period of inactivity and can “self-destruct” if someone tries to break in. The drives are priced from $419 for the 500GB model.

The same company also sells secure USB flash drives with a built-in keypad that work in the same way. These cost from $89 for an 8GB drive.

Secure your hard drive with BitLocker

BitLocker can protect your files and folders from unauthorised access by locking your drives. The feature was first introduced in Windows Vista and has been included in all subsequent updates of Microsoft’s OS, although it’s only available in the Ultimate and Enterprise editions of Windows 7; the Pro and Enterprise editions of Windows 8+; and the Pro, Enterprise, and Education editions of Windows 10.

The Windows tool BitLocker provides a simple way to encrypt your files.

The tool scrambles the contents of your drive and then unscrambles it when you enter your password – so if your computer gets stolen, your data will still be safe. To use it, either right-click a drive letter in File Explorer and select ‘Turn BitLocker on’; or type BitLocker into the Search box, launch the Manage BitLocker control panel, and turn the feature on or off for any drive there.

Secure everything you do your PC

Tails – The Amnesiac Incognito Live System – is a privacy-focused live Linux operating system that you can boot into from a DVD, USB memory stick or SD card. Use it to encrypt your files, emails and instant-messaging chats, and browse the web anonymously. You can boot into it whenever you need privacy and it’s very easy to set up and use.

Encrypt your Android device

Not only can you encrypt your Android phone or tablet’s data, you can also secure the device’s SD card (if you have one). The process varies depending on the version of Android you’re running, but usually you just go to Settings and tap ‘Lock screen and security’. Scroll down to ‘Encrypt device’ or ‘Encrypt SD card’.

You need to plug your phone into a power source because the encryption process can take an hour or more to complete (the device should be at least 80% charged). Make sure you don’t interrupt the encryption process at any point because this can lead to a loss of data.

Encrypt your iPhone or iPad

Apple devices are automatically encrypted, provided you use a passcode. The trick to making sure your device remains secure is to pick a strong six-digit passcode (rather than the default four digits) or – best of all – an alphanumeric key of any length. To do this, go to Settings, Touch ID & Passcode and enter your existing PIN. Tap Change Passcode, enter your PIN again and then tap Passcode Options.

Lock your Samsung phone with Knox

If you have a Samsung device, such as a Galaxy S7 or S8, you can use Knox to remotely lock it or set it to automatically encrypt all of your data. This prevents access to both your internal and SD card storage. Entering your Knox password will decrypt the data. Knox uses a very strong 256-bit AES cipher algorithm to encrypt data on the device.

This feature is based on articles that originally appeared at alphr.com.

Multi page
Copyright © Alphr, Dennis Publishing
Tags:

Most Read Articles

You must be a registered member of Business IT to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?