Wednesday, November 21, 2007
Five Good Reasons to Use Encryption, and Five Good (or Bad) Reasons Not to.
Five to reasons to use Encryption:
1) You are dealing with important government, company, or personal data – especially on laptops, flash drives, or portable hard drives.
The news these days is riddled with stories of public servant or big company data theft, often due to laptop or hard drive loss. If big companies lose their data that often, little companies and individuals must do it all the time – they just don’t make the news. If you encrypt your data properly, data theft is virtually impossible. Note too that encryption doesn’t preclude data loss - you should back up your important data as well.
2) You are emailing important files or information.
You should always encrypt your email if it contains any important information, such as computer passwords, credit card numbers, banking or billing information, social security numbers, customer contact information, or anything else of value.
3) You are keeping your data on someone else’s computers.
Offsite backup is an important part of serious disaster prevention. You may be backing up your old college essays on a web server somewhere, or you may be storing a 200 gigabyte customer database in a datacenter… Whatever the case may be, if your data is on someone else’s computer, they can have access to it.
4) Your files and communications are personal and you don’t want others reading them.
System administrators and malicious teenagers can do anything with the mail that passes through their systems. From building spam filters to sharing laughs as they peruse your (and then blog about) your love letters to MissyCat42@aol.com, OPE* is widely read.
*OPE: Other People’s Email
5) You don’t want the other people using your computer to see your data.
These days people keep their private information on computers more then ever, but that doesn’t stop them from letting vistors or family members from using their computers. Just look at how much trouble that blog post got you into last week – and imagine if people saw the pictures…
Five good (and not so good) reasons NOT to use encryption
1) You don’t care about a particular piece of information.
If it doesn’t matter to you if anyone reads a particular communication, there’s no need to encrypt it. For example, the message “Hi Alice, This is bob! How are you today? ” has no sensitive information in it, so there is no reason to encrypt it.
2) You want your files to be searchable.
This is undoubtedly the most important reason not to use encryption. Once a file is encrypted, it becomes unsearchable from the outside world. Of course, once you decrypt it you can find information inside… One solution maybe to encrypt things that you need searchable, and put unencrypted labels on them – for example, it is important to encrypt your customer database, but it is also important to keep it searchable – so you would ideally encrypt it, and then unencrypted it on the fly for searches.
3) You haven’t found a useable encryption product.
This is quite understandable – Encryption is a complicated subject. Few products exist that make it simple and easy for everyday use. File encryption isn’t difficult, but finding the right software, and modifying your workflow and lifestyle to use it, is. Email encryption is even more difficult to implement because it requires both recipient and sender to use the same standards.
Luckily there are new programs on the market, like TrueCrypt for files, and WebmailSafety for email (disclosure: I work for GWEBS, the makers of Webmail Safety), that make it easy(er) to introduce even the most computer-phobic grandmother to encryption. I’m currently working on a tutorial for TrueCrypt. (Disclosure: I don’t work for TrueCrypt, but I like their product.)
4) You are communicating with people who aren’t savvy enough to use encryption, or with people you don’t know.
This is another reason people don’t encrypt their email. This is a hard to avoid situation, and undoubtedly we have all encountered it. Getting certain people to use email is difficult in itself, using encryption adds a layer of complexity… WebmailSafety makes it easy to send invitations and begin using encrypted email, even for the most right-click impaired… if it’s any consolation.
5) You’re an exhibitionist.
You get pleasure from the thought of others reading your private data. Your personal letters being sent in plaintext excites you, your private photos, or better yet, corporate documents being exposed to the world gives you special sense of heightened awareness, elevates your heart beat and impassions your daydreams.
Tuesday, November 20, 2007
个人数据加密很重要---谈谈我个人的体会
目前我在一家it公司工作,从这里开始接触很多新鲜的东西,也开始意识到数据和个人隐私加密的重要性 。
● 私人邮件来往
电话、邮件、IM等已成为人们日常生活中通讯工具。平常工作中,邮件交流已经是必不可少的;日常生活中,也会发给远方的亲朋好友一些照片甚至银行账户信息。如果以明文的形式发送,邮件很可能在传输过程中被黑客或其他未授权方截获;而且,您知道吗? ISP服务商可以随时阅读我们的邮件内容的。
因此私人邮件来往如果能够加密就可以保证私人信息不被泄漏或被未授权人挪作他用。
● 电子账单加密
安全隐患:现在国内用户的消费观念正在逐步转化,开始从传统的“量入为出”、“赚多少,花多少”渐渐步入“信用卡时代”。麦肯锡早期所做调查表明,中国国内的信用卡业务迅猛增长,国内的信用卡发卡量由2003年的300万张到2005年的1200万,翻了两番。截止到2005年中,持卡人数已经达到700万,人均持卡1.7张。(数据源)
我从去年开始使用信用卡。信用卡本身是一个包含众多个人隐私的载体,比如家庭住址(工作单位)、电话号码、身份证号码等等。凡是信用卡用户,每月都会定期收到银行发来的纸质账单或者电子账单,没有任何保护措施我们不禁担心:
→信用卡账单是否被人拆开看过?
→信用卡账单延迟几天后会担心账单丢失?
→ 电子账单是否已经在传输过程中被人截获?
或许如果解决了电子账单的安全性问题,人们会越来越喜欢地子账单。而对银行来说,可以节省成本,又可以保证对客户隐私的承诺,何乐而不为呢?
● 在公司的聊天隐私
看一篇文章时,提到过:无论是邮件还有聊天记录,公司的网络管理员都可以查询到。看到这个,心里一颤,还是希望能够多多少少保留一些自己的空间。呵呵!!
● 重要资料,比如合同类,个人简历类,账簿,密码本等等
有些日常重要的资料保存在电脑上,任何人可以在电脑上查询到你的重要信息,或者储存重要数据的手提电脑不幸丢失,想想真不爽!!
如果电脑里的重要资料已经加密,即使有人获得您的电脑,没有文件口令,他也无法获得重要资料,也帮您将损失降低到最低。
所以,是否有必要为个人数据进行加密呢?
Sunday, November 18, 2007
Hushmail, and Security in Our Daily Lives
Yesterday’s news of hushmail passing information to the US Government is alarming to most people who consider privacy important. We use encryption to protect our privacy against industrial spies, nosy intruders, and hackers; but most importantly, we use encryption to protect ourselves against governments, which are becoming more and more nosey.
Recently I saw a YouTube video about how the
Here in
I’m happy to report that while our team is based in Beijing (where life is free and easy, but the persecution of thought crime is a problem) our company is in Singapore – a country known for its harshness – but also a neutral country, a country where we will never be forced to divulge data to foreign governments. Besides – all our products keep your encryption keys on your systems – not ours, so we don’t have the ability to turn your data over anyway.
Wednesday, November 14, 2007
Who I am, Why I'm Posting, About my Team, Etc, Etc.
Who I am!
Well, I'm a bit of a maverick, and a bit of a dabbler, I'll say that first. I am always up to something and its usually something other people say "Whoah!" about, or maybe its "Whoah! Why on earth would you want to do that!?!" But I don't care what they say. I have my reasons. I enjoy my life. I travel and I dabble. I'm a photographer, a writer. I was born in NYC and now live in Beijing, China. I first moved here, by myself, when I was 19. That was in 2001. Since then Ive been back and forth, traveling the world between semesters and completing my college education. Now thats done - its been done for two years already. Ive spent about 9 months of that time on road trips and plane trips, rock climbing and motorcycling, camping and what have you. And the rest of it ive been working - freelance writing, photography, teaching English, building my own website, teaching myself programming languages, etc etc. But now thats all over...
Before I get to the new stuff... You can see some of my photography at www.kuaibbs.com/fotoflo/moto/ (a 2500 km road trip across china on a 100cc motorcycle) and fotoflo.livejournal.com. www.kuaibbs.com/amphoto was under construction (before i got my new job) and theres plenty more around.
OK OK, the new stuff.
I got a job. I've become an office monkey and joined the rat race, and what can I say? I have a few complaints. I'm not naked right now. My feet aren't bare, or on my desk. I actually have a desk... But aside from that, I love it here. I'm working with incredibly smart people. Our developers are at the top of their game. Our company is relitivly big, but our group is small. We have a flash guy, a designer chick, a writer, a few C programmers, a JS guy, and a few other people. We all work together really well. The C guys do cryptography and play counterstrike after work. And then there is the boss - Mr. Fu - a very smart man, who, like me, seems to be working on a hundred and fifty different projects at once. I am the 'Marketing Supervisor' and, you guessed it, thats why I'm writing this blog.