Encryption for The Technologically Lazy, Pt. 1 - Your Android Phone

Let's start with some assumptions first:

  • You're one of those people who claims that they don't care about the government looking into their email. (See: "there's nothing I'm embarrassed about in there").
  • You think that encrypting your life is a huge inconvenience.
  • You think that encryption is for nerds, and you don't want your good hands to be sullied by "that stuff".
  • You don't "get" technology.

Chances are, if I know you, you fall into one (or more) of the four categories above. Today's the day that I attempt to prove the alternatives:

  • You should always be concerned about your privacy.
  • Encryption is easy, because other people have done the heavy lifting for you.
  • Encryption is available for free (or cheap) on virtually everything electronic.
  • You don't need to "get" technology to make it work.

The first point I'm not going to cover here. There's plenty of information on this. Tell you what, I'll even link you to a video. Take 25 minutes and watch Jason Appelbaum talk at the EU Parliament about the NSA and government surveillance. Go ahead: watch it. I'll be waiting here for when you finish.

That not concerning enough for you? How about this map of a guy's cell phone metadata, collected by his phone provider, plotted on an interactive map over the course of a month?

I'm even going to be really swell and link you to the apps you should use, because I know you're lazy and don't want to be inconvenienced, amirite?

Your Android Phone

Text Messaging

You shouldn't be using your standard SMS app, GoSMS, or even WhatsApp. The first two are completely plaintext, and WhatsApp has a publicized, unpatched backdoor in the application that allows your messages to be read.

Instead, check out TextSecure. It still uses standard SMS, but all communication between TextSecure users is encrypted.

Cost: Free
Inconvenience: One password

When it comes out, Hemlis will work both on Android and iPhone. Definitely something to keep an eye on.

Phone Conversations

RedPhone. Free encrypted VoIP calls between RedPhone users, regular calls for everybody else. Does everything else that your regular phone app would do.

Cost: Free
Inconvenience: None

Whole-Phone Encryption

Android has had full phone encryption on it for years. Use it.

Cost: Free
Inconvenience: Password (same as your lock code)

"But Brian, passwords on my phone take me longer to use apps on my phone! It's such an inconvenience."

To that I say, Angry Birds can wait another 0.5 seconds, you lazy tard.

Network Connectivity

Orbot takes every connection on your phone and routes it through the Tor network. What's the Tor network? Your data gets encrypted on your phone, bounces around the world a couple times, and exits somewhere else in the world. Nobody knows where the origin of the data was.

Cost: Free
Inconvenience: Slightly Slower Data (from my experience, about 85% the original speed)

Email

I left the most complicated one for last. As someone who is also lazy, I could understand if you skipped this one, and could take a whole writeup on its own.

If you feel like looking into it, you should try out Kaiten email client (free w/ ads, or a paid one without) combined with APG. The combo here will let you use GPG keys to encrypt and sign emails. Yes, those are acronyms. They're also not hard to figure out, either. Spend an hour. I'll even sign your key for you.

The Catch

There's a problem here (well, actually two problems), and that's adoption. Encrypting your communications usually relies on both parties adopting it, particularly with phone, SMS, and email. Tell your friends to use this too. It comes down to people using the software.

The second problem is trust. How can you trust the software to not do something with your data instead? Well, unless you want to dive head-first into the source code and take a couple cryptography courses, you really can't. But you can be reasonably sure based on endorsements. Both Jason Appelbaum (the guy in that video above that you totally watched) and Bruce Schneier (one of the most brilliant guys in cryptography/security) use a number of the apps above. It comes down to a web of trust.

Finally, The Ultimatum

A parting thought: if you think that anything above is too hard for you to do, or it's way too inconvenient, then I will seriously wonder how you ever managed to drag your lazy ass out of bed this morning. You can add all of that to your phone in about 20 mouse clicks. It's not that hard.