Connect with us

All Articles

SocketHop: Pretty Good Privacy

GPGTools's logo

Between Snowden, Greenwald, and the NSA, encryption is in the news. But what is it? And how can you, a mild-mannered student at an American university, use it? And why should you? You’ve got nothing to hide, after all. In this latest SocketHop, Conor Skelding (no tech genius himself) tries to lay that out.

Something to get out of the way first: this chillingly-titled NYTimes article, “N.S.A. Able to Foil Basic Safeguards of Privacy on Web.” A friend sent it to me and asked whether setting up PGP encryption is still worth it, given that title. And I asked a better informed friend.

It is still worth it, for two reasons. First, it’s worth it because it’s unknown what exactly the NSA can foil. According to cryptographers, it probably hasn’t cracked PGP (though it gets around it many other ways). The second reason is, even if PGP encryption doesn’t protect you from the full force of the NSA, it will  protect you from trespassers in your GMail account, advertisers, your email provider, hackers, and thieves who physically steal your phone.

Indeed, the NSA, according to that article, is “still stymied by some encryption.” As Snowden wrote, assuming endpoint security, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

Here is my layman’s understanding of PGP: you have two huge numbers. They fit together, but on account of really big prime numbers, current computers cannot derive one from the other. One is designated as your private key, the other your public key. Something encoded with one can only be decoded with the other. You make your public key public, either sharing it with friends or uploading it to a public keyserver. As for your private key: keep it secret, keep it safe.

So, say I want to send Glenn a message. I have Glenn’s public key. I encrypt a message with it. He, receiving it, decrypts it with his private key. Simple enough. But how does he know it came from me? I digitally “sign” the message by adding a little text encrypted with my private key. Glenn has my public key, so he can decrypt that, too, and know it came from me. And that’s it! Verified, secure communication between two (or more) parties, with everyone’s private key kept secret.

Encrypted messages can only be read on a machine with your private key (the fewer of those the better). Google or whatever your mail provider is cannot read it; all that’s on their servers is gibberish. Therefore—at the very least, even if the NSA has broken PGP, which cryptographers think exceedingly unlikely—your encrypted messages will be safe from to anyone using your smart phone or computer, or accessing your email via webmail.

So—finally—here is how to encrypt your email. I use GPGTools, for OS X. Windows users should use Gpg4win.

0. Download the GPG Suite from
1. Open your GPG Keychain, install. Click New.
3. Select Advanced.
4. Choose 4096 bit RSA and RSA. (This uses the biggest prime numbers, and is the hardest to crack.)
5. Choose no expiration. For extra security, you can make new keys later.
6. Generate your key.
7. Search for your friends on the public keyserver. If you don’t have any friends on there, you can send me a message. (Edit > Find > Search Key)
8. Open Mail; GPGTools automatically and seamlessly integrates with it.
9. Disable drafts composed in Mail from being stored on the server (This is essential; otherwise your unencrypted drafts would be stored on the mail provider’s servers and all this would be for nothing.)
10. Communicate more securely. All Google/Columbia will see is this*.

Governments, corporations, and criminals have long had access to encryption; now you can have a measure of security, too.

This may seem a little paranoid, but security means a degree of paranoia. Pragmatically, better security means finding a balance between total paranoia and absolute ignorance. This is up that alley: there are more secure tools, but they ask too much of the casual user—they necessitate a severe change of lifestyle. GPGTools is simple to install and use.

[N.B. Much of this information was pulled and condensed from The Freedom of the Press Foundation’s comprehensive whitepaper. Credit for a few bits are due one crypto-friend. For further reading, see “Why do you need PGP?”, a short essay written by Phil Zimmerman, the inventor.]

*Only email messages sent through Mail can be encrypted or signed with GPGTools. GChats and emails you send through webmail or from your phone cannot be.

GPGTools’s logo from

Write a comment

Your email address will not be published.



  • Anonymous says:

    @Anonymous But will this help me keep the government from knowing what porn i watch??????

    1. Anonymous says:

      @Anonymous Tor will

      1. curious about deepweb says:

        @curious about deepweb I’ve always wondered about this…do people at Columbia use Tor?

        1. Anonymous says:

          @Anonymous some do

  • Rolf says:

    @Rolf If you want to add secure messaging from phone to phone (like whatsapp, but then secure), install Threema on your iPhone/Android/Blackberry. It works beautifully, and it’s available here:

    Because the people who think they have nothing to hide did not pay attention in History Class.

    1. Anonymous says:

      @Anonymous Alternatively, Android users can use TextSecure, which is maintained by a famous cryptographer and is being integrated into CyanogenMod.

  • Anonymous says:

    @Anonymous I’m proud of you, Bwog.

    GPG4Win sucks hard, though. If you want a much easier (but corporate and thus potentially insecure) alternative, you can use Symantec Encryption Desktop, also known as the original PGP before Symantec acquired it from Zimmerman.

  • Have Your Say

    What should Bwog's new tagline be?

    View Results

    Loading ... Loading ...

    Recent Comments

    is it too late to bully them into letting me take a gap year? :( (read more)
    Academic Calendar Updates, Pre-Orientation Programs Canceled Or Modified
    June 29, 2020
    This is great news Columbia is opening up on schedule. (read more)
    Academic Calendar Updates, Pre-Orientation Programs Canceled Or Modified
    June 25, 2020
    EXPEL ALL RACISTS FROM COLUMBIA! Tod Howard Hawks, Columbia College, Class of 1966 (read more)
    Racist Messages In FIJI GroupMe Surface, Involved Members Asked To Disaffiliate
    June 25, 2020
    It is great Columbia will be opening on time in the fall. (read more)
    Academic Calendar Updates, Pre-Orientation Programs Canceled Or Modified
    June 25, 2020

    Comment Policy

    The purpose of Bwog’s comment section is to facilitate honest and open discussion between members of the Columbia community. We encourage commenters to take advantage of—without abusing—the opportunity to engage in anonymous critical dialogue with other community members. A comment may be moderated if it contains:
    • A slur—defined as a pejorative derogatory phrase—based on ethnicity, race, gender, sexual orientation, ability, or spiritual belief
    • Hate speech
    • Unauthorized use of a person’s identity
    • Personal information about an individual
    • Baseless personal attacks on specific individuals
    • Spam or self-promotion
    • Copyright infringement
    • Libel