Skip to main content
  1. Home
  2. Web

Want to encrypt your way past the NSA? Good luck with that

Andrew Couts
By

NSA-pixelatedI’m smart, right? I’m technology-savvy. Hell, you might even call me an expert on some of this crap. But none of those descriptors seemed to matter when I dipped my toes into the murky pool of encryption – the one and only technology that promises to keep out the NSA – or at least slow it down – besides, apparently, typewriters.

While many of you may claim to have nothing to hide, I actually did – well, I thought I did anyway. I am currently working on a story that involves passing along some potentially sensitive information with some pathologically privacy-minded individuals. Through the course of my reporting, one of my contacts requested that we communicate via encrypted email, using an encryption standard known as PGP, or Pretty Good Privacy. Great, I said. Let me just figure that out real quick and I’ll get right back to you.

Recommended Videos

Wrong! Turns out, using PGP is more complicated than building a national park on the Moon.

Cryptography is necessarily complex – if it weren’t, it wouldn’t be secure.

The original PGP encryption software is now owned by Symantec, which has the audacity to charge money for its product. Lucky for me, a number of open-source options are available. Do a few Google searches, and you’ll find yourself at the home of Gnu Privacy Guard (GPG), which has released versions of OpenPGP software for both Microsoft Windows and Apple OS X machines.

As a Mac user, I opted for GPGTools. The download is straightforward.  The creators were even kind enough to provide a handy tutorial for how to get started – one of the few PGP tutorials not written exclusively for computer geniuses with Asperger’s.

PGP basically works like this: A piece of software (in my case, GPGTools) generates two PGP encryption keys. One of these keys you keep private. The other, your “public key,” you share with whomever you want to send secret messages.

This sharing of keys is where things start to get overly complicated. Most people who use PGP upload their public key to a key exchange, which makes your key searchable (as long as the person doing the searching knows what you’ve named yourself on the the key exchange). Or you can share you public key some other secure way – snail mail, maybe? Carrier pigeon? Long-range ballistic missile? Maybe you could just meet up in the basement of some parking garage, Deep-Throat style. The possibilities here are virtually endless – and they all kind of suck.

To send your friend an encrypted email, you use his public key to encrypt the message. He then decrypts the message with his private key. For him to send you an encrypted message, he uses your public key to encrypt, and you decrypt with your private key. Are you still with me?

Or you can share you public key some other secure way – snail mail, maybe? Carrier pigeon? Long-range ballistic missile?

Well, it doesn’t matter because that’s about as far as I got. GPGTools seems to act as a kind of plugin for Apple’s Mail app. Which, from what I could decipher, enables a couple of buttons in Mail to now do, um, something that they didn’t before. But I still have yet to figure out how to successfully encrypt or decrypt an email using the software. 

Now, there are some more user-friendly options out there. The Mailvelope plugin, for example, is actually a bit easier to use than GPGTools, but still comes with all the other complications inherent with PGP. Another option, SecureGmail, is a simple-as-pie browser plugin for Chrome or iOS. But it uses something called symmetric encryption (as opposed to PGP, which is a form of asymmetric encryption), and relies on you to come up with a quality password to protect your emails – something we all know ain’t gonna cut it – and then to share that password with your contacts in a way that makes the whole exercise futile.

None of my bickering is meant to dog on the clearly brilliant minds working to build these encryption tools. Cryptography is necessarily complex – if it weren’t, it wouldn’t be secure. But using it needn’t give you an aneurism. Fortunately for the rest of us, there are people currently working very hard to solve the usability problem, including the teams behind the plugins listed above, The Pirate Bay guys behind the new Heml.is app, and many others.

Until these developers get it right, most people just won’t go through the trouble of figuring this stuff out – especially since encrypting your communications can reportedly make you more of a target for the NSA. That’s not to say doing so is an impossible riddle or not worth the effort – strong encryption really is the best option we have. But the barrier to entry here is some “Game of Thrones”-level nonsense.

At the end of the day, my contact and I just decided to talk on the phone – what he had to tell me was far less sensitive than he first made it out to be. So, theoretically, anyone could have listened. I can only hope that I have this PGP thing figured out by the time I actually have something to hide.

Editors' Recommendations

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
How to create a Subreddit on desktop and mobile
Laptop Working from Home

Few social media sites are as popular as Reddit. Regardless of what you're interested in, there's probably a thriving community for you to interact with on the platform. Known as subreddits, these communities are home to topics like gaming, world news, science, movies, and more. If you can't find a subreddit with your particular interest, Reddit makes it easy to create your own Reddit community.

Running a successful Reddit community isn't easy – but the process of starting one only takes a few minutes. Keep in mind that you'll want to keep a close eye on your subreddit to prevent it from being shut down or turning into a wasteland with no users, but running a subreddit can be a lot of fun when done properly. If you prefer, you can also create a private community that only your friends can join, giving you a place to hang out beyond Twitter and TikTok.

Read more
How to download music from YouTube on desktop and mobile
A woman sitting on a couch, wearing airpods and holding and looking at a smartphone.

Downloading music from YouTube is a fairly common practice, and the demand for making the process easier has inspired the creation of countless websites and software.

But not every service can be considered safe. In fact, some of these services may infect your computer with malware or produce poor-quality audio files. When downloading music from YouTube, you’ll need to first make sure that the websites or apps you use for doing so won’t hurt your device. For this guide our team has found two methods to make the process safer and easier.

Read more
How to clear your browser cache in Chrome, Edge, or Firefox
The Firefox iPhone app.

A stocked computer cache may be convenient for logging into and out of go-to sites in seconds flat, but a major buildup of these tracking codes could significantly impact your PC’s performance. If you’ve noticed that your PC has been running rather slow of late, or you’re using a new browser and don’t know how to clear its cache, we’ve got you covered with the following guide.

Read more