Privacy Concerns on the Internet
Who's Minding Your Businessby Chris and Chuck Cochems
NOTE: This article was written by TDL users and is reprinted here with their permission.
The Internet is a truly amazing thing. Thanks to it, we can send mail to people on the other side of the globe without paying postage. When we feel that even e-mail is not fast enough, we can converse in real time with talk and IRC. In fact, it is often easier to talk to someone with IRC than in real life, as the worst someone can do in IRC is to ban you from the channel, or (gasp!) ignore you. People cannot punch you in the face through the computer terminal. Also, nobody can listen in on your conversation, because you are not speaking. After all, as long as you shield your terminal screen from view, nobody but the folks on channel can hear you, right?
Well, unfortunately, it is not that simple. Just as someone can hide in the shadows and listen to your conversation in real life, people on the Internet can spy on you, and try to figure out what you are saying and doing. Those people usually don't give many clues that they are spying. People may also try to break into your account, get your files, and send e-mail in your name. They can attempt to destroy your data by sending you programs with viruses, or Trojan horses. They can give you seemingly innocuous scripts with "backdoors" in them to let them control your client. Or they can simply harass you on IRC in many ways. However, you are not without countermeasures. By taking proper precautions, you can protect your privacy, your data, and your account from prying eyes.
Note: If you are engaging in illegal activities, all bets are off. Law enforcement officials with a subpoena and/or the cooperation of your ISP can effortlessly monitor anything you do over the Internet. And becoming your own ISP is no protection against a court-ordered tap. If you are unsure of the legality of what you plan to do, wait until you are sure what you are doing is, in fact, legal.
Privacy and Harassment Avoidance while Chatting
As you may well know by now, not everybody on IRC is nice and well-behaved. Sooner or later, you will find a person who is just being a big jerk, and doesn't want to leave you alone. Or someone will try and take over your channel. Or someone will start flooding you off of IRC. The IRC FAQ is fairly helpful in this regard, and explains how to handle the usual brand of jerk. However, it does not cover everything, and what IS there bears repeating.
You can keep jerks from messing up your channel by managing it well. To do this, it is essential that you learn about channel modes. So, here are the modes that you need to know, and what they do.
+i: Invite only. This means that unless a channel operator /invites a person, he/she cannot join the channel at all.
+n: No external messages. You will see this one a lot. It is a very useful mode to set. If you do NOT set this mode, people can send a message to everybody on the channel at once without being in the channel. If you do not set this, someone will usually start flooding the channel from the outside. By setting this mode, you prevent that. We can think of NO good reason not to use this channel mode on every channel you are an op on, as if you don't people, WILL flood the channel.
+p: Private. This means that when someone does a channel listing, they can't see the channel's name. They can see the people on the channel who aren't invisible, but they won't know what the channel is.
+s: Secret. This means that the channel won't show up on a channel list at ALL. As far as they know, the channel doesn't exist. This is more secure than private.
+m: Moderated. This means only channel operators can talk. Unless a channel operator gives you a "vop" (+v) if you aren't an op, you can't talk. This can keep people on the channel from flooding it. If you op everyone involved in a conversation, don't op anybody else, and make the channel +m, nobody can flood the channel at all. This has a real advantage over +b in dealing with jerks, in that you can say anything you want about them, and they are totally unable to reply. They will leave on their own, tails between their legs.
+t: Topic Lock. Only channel operators can change the topic. This keeps people from constantly changing the topic and interrupting your conversation. This is almost as common as +n.
+o and +b are technically channel modes too, but almost every script or non-UNIX client has ways to use these simply and easily. +b is used to ban jerks from the channel, of course, and +o means op. Keep in mind that +b is very confrontational, and can lead to channel wars. Also keep in mind that IRC is anarchy, and any op on any channel is allowed to ban any person for any or no reason.
So, there are many ways to keep people from messing up your channel. You should always make it +n to keep people from flooding it without joining it. If people are changing the topic too much, make the channel +t. If somebody is being nasty to the people on the channel, just ban and kick that person off the channel. Kicking by itself is nearly worthless, as most people just automatically rejoin. However, if you make the channel +i just before you do the kick, the auto-rejoin will fail, and then you can take the invite-only back off. Another good way to keep people from messing up the channel is to make it +m, and only op people who you want to be able to talk. If someone on channel is annoying only to you, the user command /ignore nick all will filter everything from that person from your screen, effectively removing them from your universe.
If people are using clonebots and causing major havoc, you should go and find an IRCop and ask for help. On Undernet, you can usually find them on #wasteland. Be sure to tell the op the whois information on one of the clones, and what channel the clonebots are screwing up. This works fairly well, and you can always keep them from flooding the channel by moderating it (making it +m) until you get them kicked off.
However, not all the jerks are trying to mess up your channel. Some of them are trying to stalk *you* around IRC and make you miserable. They can flood you, or they can send you obscene messages. And often, they can change nicks to dodge ignores, or get a friend to bug you. So the simple "just ignore him" advice in the FAQ isn't enough. To protect yourself, you need to learn about User Modes. These are different from Channel Modes. There is really only one you need to know.
+i: Invisible. This prevents your nick from showing up in /who and /whois commands unless it is specified exactly. Example: If you were BigCheese, and you typed /mode BigCheese +i (or the equivalent command with your script or client), if somebody typed "/who Big*," your nick would not show up in the list unless you were on the same channel he was. However, if someone typed "/whois BigCheese," he/she would see that you are on IRC, and what your login and server are. So being invisible makes it harder for jerks to find you. It prevents people from using your login information to find out your nick. Also, notify will report that you are on IRC if you use the nick the notify is watching for, even if you are invisible.
If somebody is bugging you constantly, the FAQ says to make yourself invisible, change your nick, and then join a new, secret, invite-only channel. This works a lot of the time. However, there is something called /note spy. Most servers on EFnet have it disabled, but there are still servers from which it can be used. Note spy not only finds invisible people, but if the person changes nicks, it tells you what nick they changed to! What can you do about that? There IS something you can do. You need to change your nick a second time. The note spy tells the other person the first nick, but because the note spy works by nick in the same manner as notify, it doesn't automatically switch over and spy on the new nick. It just tells the obnoxious person what it is. So if you switch nicks again, the other person won't be informed of it. Now you do have to change nicks quickly, or the other person might be able to put a note spy on the other nick. And if he is REALLY determined, he will put one on the nick anyway to catch you next time you are on IRC. So you may want to vary your nicks a lot.
If this seems like a lot of work to stop somebody, that's because it is. If someone is really being that mean and nasty, your best course of action may be to make a log of his actions, and send it to root at his system. You can find out his system by doing a /whois<jerk>. If you see something like
jerk is email@example.com (i am mean)
he is probably on slip or PPP. In that case, chop off the first bit, and send mail to, in this case, firstname.lastname@example.org Basically, if you get an error when trying to send to root@(that person's address), try leaving the part from the character after the @ to the first . out, and sending again. If you get an IP address in the /whois info (something like 18.104.22.168), log it anyway, and talk to your sysadmin about it. You can probably get the guy banned from his IRC server, and then he will have to find a new server. If he does, and starts bugging you again, just report him again. His ISP may even disable his account if you can show them logs.
Now you know how to make sure you aren't bothered on IRC. However, as we noted earlier, people can eavesdrop on your conversations. When you send a /msg to someone, it goes from your machine, to your provider. Your provider can log this plain text with ease. It then gets sent to the IRC server you are connected to. The person who maintains the IRC daemon on the server could set IT up to log the text sent to it. It then works its way across the net to the IRC server the recipient is on. ANY server in the path from yours to his could pick up the message and log it. Finally, it gets to the other person's provider. Root on THAT machine could log the text. So there are MANY places the message could be intercepted, read, and sent on its way. Now, if what you said was "hello," you have nothing to worry about, of course. But if you said something like "I think I'm pregnant," you may not want other people knowing this. However, you CAN take the IRC servers out of the loop. You can either use talk (a non-IRC chat protocol where you work with a split screen and can both talk at once) instead, or start a /DCC Chat with the person. You do this by typing /dcc chat <nick>, and wait for the other person to do the same. DCC means Direct Client to Client, so what you send through the DCC chat connection doesn't go to the other servers. It just interrogates the server to find out if the nick is there, and if it is, finds out where on the Internet the other person is, and starts sending the conversation directly to the client. If you do this, only your provider, and the other person's provider can get the text easily. And they probably don't care. You probably don't have to worry too much about IRC servers, but it is well known that many people somehow get logs of people netsexing and post them to newsgroups, so it is not impossible that someone else could intercept it.
There is one other way someone could get your IRC messages. This would be with packet sniffing. This is a very technical process, and is very time consuming. Basically, its not something you need to worry about much. The people who could do this simply don't CARE what you have to say on IRC. They would too be busy hacking government computers to log you netsexing ... :)
Whether you have a PPP account or a shell, when logging into your account, you use a password. The point of having a password is to keep other people out of your account. If you choose your password well, it will do just that. However, what makes a good password is not always obvious. We will attempt to clear this up in this column.
There are many things NOT to do when selecting a password. One thing you should not do is pick ANY word in any dictionary for your password. There exist programs like CRACK that can try every word in a dictionary file and guess your password within a reasonable amount of time on modern computers. Sure, it seems like there's a lot of words in the dictionary, but it is actually a very small subset of all of the legal strings of alphanumeric characters that make up a password. Words NOT in the dictionary aren't much more secure either. If you think something is a word, more than likely some crack dictionary writer thinks it's a word too.
One solution many people come up with to this problem is to use two words, separated by a character such as a slash. However, this only works at all if the two words are totally unrelated. It is too easy to unwittingly select two words that have some sort of association with each other so you can remember the password. If you can see an association between the words, so can the crackers. A rule of thumb is that if you think you are being really clever with your password choice, the crackers will already have thought of your idea, and will guess your password very rapidly. One example is entering "password" as your password (it says "enter password" so I'm entering "password" ... heheh no one will guess that ...). EVERY cracker guesses that one first. Another example of trying to be "clever" is making substitutions of numbers for letters, yielding something like "41w4y5" (always). The crackers have thought of that too, so that password must be considered a word that is in the dictionary. People also may think using wEiRd CaPiTaLiZaTiOn is a good way to make their passwords more secure. It isn't.
So, if you can't use words, and you can't be clever, what can you do? You can choose a random combination of letters and numbers of more than eight characters. Many systems require at least six letters, and that there be both letters and numbers in the password. Now, we know what you are going to say ... you are saying "How can I remember a password like that?" Well, it IS harder to memorize a bizarre string of characters than a real word, but it really is much more secure. Let's do some simple math and see how many nine character passwords there are ...
26 letters * 2 (upper and lowercase) = 52 letters + 10 digits (0,1,2,3,4,5,6,7,8,9) = 62 alphanumeric characters that the first character of the password can have. Since there are nine characters, we must raise this number to the 9th power to yield the number of nine-character passwords. Now 62^9 is more than one quadrillion passwords to choose from. That's a LOT of passwords, and that is MUCH greater than the number of words in the dictionary. And that doesn't even include use of punctuation characters, which would more than double that figure. So random passwords are much more secure.
Now, there is a compromise that can be made. If you find yourself unable to remember such a random string of characters, you can try writing a sentence, and using the first letter of each word as a character in the password. An example would be "Time to pick the password for my 4th provider." To make this into a password, you would take the first character of each word and type "Ttptpfm4p", thinking "Time to pick the password for my 4th provider". Putting a "4th" or other such number into the sentence ensures that your password has a number to pass the check for a numeric character. Now, if you didn't know the sentence, you would probably go "huh?" when you saw the shortened form that is used in the password. But, by memorizing the sentence, you memorize the password.
Now you know how to generate a secure password. One way NOT to generate a secure password that meets length and alphanumeric requirements is to run your fingers along the keyboard and do something like this ...
(Hey, it's twelve characters, looks random, and I can remember it easily! It's GOTTA be secure ...) Again, that's trying to be clever, and the crackers have thought of it.
If your communications software has an auto-password generate function, use it to generate a random password instead. If you are a dial-in user, you can set up your com program to enter your random password for you so you don't have to remember it. This makes your account secure as long as nobody else uses your computer. :)
Now that you have a secure password, for crying out loud, DON'T TELL IT TO ANYBODY! The whole point of a password is that nobody else knows what it is. Telling other people defeats the purpose. Also, don't write it down by the computer unless you never let anybody else near your computer. That's kind of like leaving a hidden key outside your house. If you forget the key, you can get in, but someone else might find the key.
Recently, we were the victim of an interesting attempt at a password hack. Somebody got our e-mail address through IRC, and faked an e-mail from root at our site telling us to change our password to TARDIS. We thought about it, and realized that root never NEEDS to know your password to get at your files, so the request had to be a fake. If we had done what the guy on IRC requested, he would have hacked our account, unshadowed the password file, and caused a lot of trouble. The lesson to be learned here is NEVER believe ANY e-mail telling you to change your password to a specific value. Root at your site doesn't EVER need to know what your password is anyway, and there is no reason to obey anyone else. If your system password file has been compromised, you may receive e-mail from your admin telling you to change your password. By all means do so if this happens, but change it to a new, secure password ... not one anybody else knows.
UNIX Security Holes
You now know how to pick a good password, and what to do to keep it a secret. However, there are ways for people to gain access to your account without your password. One way is to break into the root account, but you cannot defend yourself against that, so don't worry about it. It may happen, it may not, and if it does, it's not your fault. However, there are two files that you need to watch out for in your own directory if you are a shell user. These are .rhosts and hosts.equiv. Some discussion on what these files are for and what they do is in order.
One method of going from one machine to another is with rlogin. This logs you into the other machine. Usually, unless your ISP has set things up so that you can move about from machine to machine within the ISP without requiring one, you will need to re-enter your password. However, if there is a .rhosts file, or a hosts.equiv file, when someone tries to do a rlogin to your account, it checks their userid to see if it matches yours. If it does, it then checks their host against these files. If this host is in these files, then it lets the other person in without a password. This is fine and dandy if the other person is really you. Often people do this to make things more convenient for themselves so they can rlogin from home to work and vice versa without a password. However, this means that if ANY site in those files is compromised, the cracker can get into your account without a password. Using these files makes your account less secure. If you (or your provider) care about security, you should delete them.
Also, some versions of UNIX ship with comment lines in those files. The problem there is that instead of functioning as comments, these lines instead allow anyone who hacks themselves a domain of "#" (which isn't hard) to get into your account. Basically, don't use these files at all, or only put other hosts at the same ISP into them (IE, netcom2.netcom.com, netcom3.netcom.com, netcom4.netcom.com, etc.), and don't put comments in the files.
IRC Security Holes
Also, there is the danger of people gaining access to your account in some fashion through IRC. You don't have to worry as much if you are a SLIP/PPP user, but this info is useful to everybody. As mentioned earlier, people can send you a seemingly ordinary script that has a back door in it, to let them control your client. The rule of thumb for IRC scripts is to not load one unless you understand every line of it. If you want to run something like Phoenix or Lice, get it from a well-known archive, not some "nice person" on IRC. The person offering it may have put a backdoor into it, or may himself be using a backdoored version of the script. Even if the person is trustworthy, he might not have noticed the backdoor. If you DO get a script not known to be safe, look at it very carefully. If you understand IRC scripting, you should look at EVERY ON statement, as that's how backdoors are placed in IRCII. In mIRC, you should look in the remotes section, and look over the settings there. An example of a backdoor would be:
/ON PRVMSG *^AJUPE *
or something like that. What this means is that if
somebody sends you a CTCP JUPE, everything following the word JUPE is
executed by your client. The other guy could do a /CTCP
Another thing people may try to do if you are on a shell account is to tell you that they need you to compile a program for them. This is utter baloney, as programs compiled on one UNIX box cannot run on another one. What the person is trying to do is to trick you into compiling and running a C program to unshadow your password file and e-mail it back to them. This is not a smart thing to do, as it lets the other guy run CRACK on your system's password file, and maybe break into some accounts. If somebody tells you that they need you to compile a program for them, simply tell them that it wouldn't run on their system anyway. If they say "oh, sorry", then they probably are just ignorant, and you can't help them anyway. But if they go on to say that they want you to run it, DON'T! Get it if you want, but don't compile it, and DON'T even think about running it. Instead, get the person's e-mail address, and inform root at their site about the other person's hack attempt, being sure to e-mail a copy of the C program the person sent to you.
Now is as good a time as any to talk about viruses. First, as to UNIX viruses, there aren't any. End of subject. For those of you using UNIX shell accounts, you are virus safe unless you download something to your PC. Many of you have heard rumors of viruses attached to gifs. THERE ARE NO SUCH THING! Viruses are attached to executable files (files that end in .bat, .com or .exe) and nothing else. The file containing the virus can, of course, be zipped along with other files, or e mailed as an attachment. A virus is dormant until it is executed.
Most viruses are spread from computer to computer on floppy disk. Many viruses are set to go off at a certain time, and the person who gives it to you may not even know they have it. Viruses have even been spread on distribution disks of legally purchased software. They are also commonly attached to shareware programs by cybervandals. To make things even more difficult, new viruses crop up every day. Some cybervandals have even circulated a virus construction kit. Viruses range from annoying to something that will cause you to lose everything on your hard drive. There is at least one virus that is known to cause damage to your monitor as well.
The first step in virus protection is being prepared. Make an emergency diskette with system files, an image of your CMOS, FAT, config files, and a good virus check and virus clean program. Keep it handy. A good suggestion for virus protection software would be F-Prot, which is available free of charge for personal use. Update your detect and clean software regularly to keep up with the new viruses.
Run a virus detect program on your system. Never run a file from a diskette without performing a virus scan. While this may seem like a lot of work, it is far less of an inconvenience than losing everything on your hard drives. Only download software from well-known archives, and check it before you run it. Never execute a file received via DCC without a scan. Even then, the virus could be newer than your detection software. We practice safe computing, and have still had four different viruses, one of which did severe damage. Chris also inadvertently passed a virus on to his boss on distribution diskettes. The boss was not amused.
Despite all of your precautions, a virus may slip by your detection software. If that happens, you may not notice for a while as it lies dormant waiting for its activation key to kick in. However, often there will be signs that can tip you off to the presence of a new virus before it attacks. For example, if the mem command says there is less than 640k main memory total (not the amount free, the amount total), you almost certainly have a boot sector virus, which became resident in memory before DOS did. Sometimes a BIOS shadow will remove main memory, but if this is the case, we suggest you free the memory by turning the shadow feature off in CMOS. If a DOS command like MOVE or DELTREE suddenly stops working, we can guarantee that you have a resident infector virus. DOS commands ALWAYS work when they are clean. If they don't work, you can be sure they are infected. If the sound support in a previously working program suddenly stops working, no matter what you do, that is also a sure sign of a resident virus. To sum up, if something that has generally worked on your computer suddenly stops working, assume a virus.
Once you have disinfected memory by turning off your computer for 30 seconds and booting from your emergency write-protected floppy, then disinfected your hard drive with your detection and cleaning software, be sure to scan EVERY floppy disk that has been in your disk drive. The best way to rid yourself of a virus is not to catch it in the first place.
Logs and Snooping
For someone who wants to keep track of what you do on the net, your home dir in a shell account is a good place to start. Most people have a .newsrc file which shows the newsgroups that you are subscribed to, and which posts you have marked as read. Other files will tell them what Gopher sites you have bookmarked (.gopherrc), what FTP sites you have bookmarked, and who you have on your IRC notify and ignore. This data is, of course, always accessible to you, and to anyone with root access at your site. If you have set the UNIX permissions on the dir and files to allow it, many more people could read these files. Even making your home dir readable and permitting finger can tell someone your real name, whether or not you have unread mail, and the last time you logged on.
UNIX permissions (similar to DOS filespecs) are a little tricky to understand. If you were to request a long form directory listing in UNIX with a ls -la command, the settings of these permissions will be displayed at the far left of each entry. The permissions will look something like this:
The d in the first position indicates that this item is a directory, not a file. The next three positions relate to the things you can do in the directory. They are the owner permissions of read, write and execute. The next three positions are for the group owner of the listing. In most commercial shell accounts, the group is comprised of every shell user at your ISP. The final three apply to the rest of the world. On the example above, the Owner has read, write and execute, the group owner has read and execute, and the rest of the world has read and execute.
Each directory and each file has its own set of permissions, (we know this is pretty dry, but it is important), and the file owner can set them using the UNIX command chmod (Change Mode). To protect your .newsrc and other configuration files from prying eyes, make sure that the group and world permissions are turned off. A file set this way would like like this:
The command syntax to set your .newsrc file this way would be:
chmod 700 .newsrc
To learn all about the chmod command, go to your UNIX prompt, and type man chmod.
ISPs can log virtually anything that happens on their machine. Examples include xferlog (for FTP activity), failed login attempts, WWW access logs and many more. The number of things logged varies widely from ISP to ISP, as does the policy for access to these logs. Some providers believe in privacy, and don't log many things. They also restrict access to the logs they do keep. The other end of the spectrum would be some universities that keep a secret machine to log everything that occurs on all of their other machines. These universities are under no obligation to tell you about their secret logging machine, so unless you know for a fact that no detailed logs exist, treat everything you send from a university account as a postcard. On most systems, the xferlog is world-readable, which means that anyone can search the log for your address, and find out if you have been there and what you have been doing.
The only recourse you have with this logging is to find out what your ISPs policies are. For those who have a choice of providers, we recommend that privacy be one of the criteria you use in making your selection.
Many people realize that posting to a Usenet Newsgroup exposes them to flames, etc. and use an anonymous remailer service. Keep in mind that the anonymous remailer service might be owned by someone intent on snooping into your business. Also remember that including your e-mail address in a Usenet post or a maillist reply exposes you to e-mail harassment, and possibly inclusion on junkmail lists.
We have seen how our privacy can be invaded via our shell account, in logs and in learning our e-mail addresses. It is also possible to record your activities on your own hard drive, and to read them at a later time. This is done with something commonly known as "cookies." Most WWW browsers support the creation of a file called cookie.txt which can be written to and read by a site that you visit. The intended purpose is to keep your preference information for the next time you visit. We have two problems with this practice. First, it feels like an invasion for someone to write to the hard drive on our computer without even asking us. Second, it would be possible to inadvertently fall prey to a law enforcement sting operation simply by following the wrong link sometime. The information in your cookie.txt file would be the "smoking gun." At best, it would be a hassle to fight the attempted sting and win. The possibility that you may lose the fight is not to be ruled out, either. Netscape was concerned enough about this privacy issue that they have allowed users to disable the cookie feature in version 2.0. For those using other browsers, your only defense is to periodically erase your cookie.txt file until you get a version that allows you to disable cookies.
A somewhat similar feature has been developed by Microsoft and others to combat software piracy. When you use the on-line registration for Windows 95, it also sends an image of your hard drive directory to Microsoft. The US Department of Defense (DoD) was concerned enough about the security and privacy issues here to require Microsoft to make a special government build of Windows 95 that did not have the Registration Wizard before any staff member could install it. The people at the DoD considered it a national security risk to allow Microsoft to retrieve information about the contents of their hard drives. It is possible for Microsoft to read anything on your hard drive via this on-line registration, and may also be possible for them to do the same thing anytime you access the Microsoft Network.
One more word on the subject of deleting data you don't want to be seen. If the file has not been overwritten, undelete will, of course, recover it. If you enable deletion tracking in your version of DOS, that's a risk you take. Many programs such as Xtree can "wash" the deleted files, and make use of undelete impossible. However, if your opponent is the intelligence community, simply overwriting the file is NOT going to be able to stop them. They can often recover the last 15 values a sector on a disk held. Now, unless you were in possession of classified information, you have nothing to fear from the intelligence community. However, commercial data recovery firms can use similar techniques, so if you are worried about something such as industrial espionage, you might want to spend the time and take the required precautions to truly erase the files on your drives you don't want found again. We won't go into detail on this process, but suffice it to say that it takes a large amount of time, and in the case of floppies, it's best to destroy them instead.
As a curiosity, and for the sake of completeness, we would like to mention an eavesdropping technique that is known as using "TEMPEST" equipment. The principal involved here is that any electrical signal passing through a wire radiates an electrical signal that passes through the atmosphere. It is possible, with a sensitive enough receiver, placed close enough to your computer (up to hundreds of yards away) to receive this radiated signal, and by using a device called a spectrum analyzer, to reconstruct the data. In the case of a computer system, this data would be the picture on your monitor, every keystroke you type, and any data in the computers memory. This is heavy duty spy stuff, and isn't something your home computer is going to be subjected to.
As we have seen, anybody using a shell account is vulnerable to snooping on the part of their sysadmin. Even if you use SLIP or PPP, the modem traffic can be logged. Also, the machine the mail is stored on before you download it can be monitored just as easily as it could be on a shell account. If you are really concerned about your privacy, there IS something you can do to prevent snooping around in your e-mail. That would be to make use of a program called PGP.
PGP stands for Pretty Good Privacy. What it is, is a system for encrypting messages. This means that even if somebody intercepts the message, they won't be able to figure out what it says. It is based on something called public key cryptography. As opposed to private key cryptography, which uses the same key to encrypt and decrypt, public key cryptography uses two separate keys. One key is your public key, which you give to everybody, and the other is your secret key. To send a message to someone, you get the person's public key. You then run your PGP software and tell it to encrypt the message you wish to send with the recipient's public key. Then, when the person receives this message, the secret key is used to decrypt it. Nobody else ever needs to know your secret key, so there is no chance of it being intercepted without heavy duty intelligence work.
This is a good time to define what secure means. There are two tests that you can apply to determine if something is secure. One test is that if it costs more to decrypt the information than the information is worth, the information is secure. The other test is if the information would be useless to would-be snoopers by the time they manage to decrypt it, it's secure. Basically, if something takes too long to crack, or isn't worth the money spent to crack it, nobody will try. But if the information that is being protected is priceless, and not time critical, it is nearly impossible to make it secure. However, almost everything a home user would want to safeguard passes at least one of these tests if PGP is used to encrypt it.
How secure is PGP, exactly? Well, as opposed to simple substitution ciphers, which can be broken by means of frequency analysis (the letter that appears most often is probably E ...), there is no way to break PGP, short of trying all possible keys until you find the one that works. Now, PGP keys are pretty big, so there are a LOT of keys to try. When you choose your keys, you can decide how big to make them. The bigger the keys, the more secure your message is. Generally, unless you have a really slow computer, you will want to use a 1024 bit key. This means that it will take even the intelligence community YEARS to crack it. So PGP is indeed strong cryptography, capable of making most classes of communication secure. Besides encrypting text, PGP can also encrypt data files, such as spreadsheets or executables. We will not go into more detail on the inner workings of PGP, as there are much better sources for this information. Suffice it to say that PGP lives up to its name.
We have presented the worst case information regarding privacy and security in this article. Most of you will never have a problem with most of these things, but now, at least, you have some knowledge on your side. We wrote this article because we firmly believe in the individual's right to privacy. It is our hope that others will help us in safeguarding this right. We have listed some sources below to further explore the information we have presented.