1. What Is Encryption?
According to Microsoft, Encryption is the organized scrambling of data. Organized scrambling is carried out by an encryption key, that is shared with the origin and the recipient of the data. This way, the data becomes cipher for any and all third parties that may come across it.
Information is power, and Encryption has been around ever since the inception of the struggle for power. Modern day encryption is used to protect personal details and data that can be exploited in any way. This includes information like your credit cards, email addresses, pin codes, passwords, emails, shopping history, etc.
While the subject of encryption is vast and spreads out across different technology types, a digestible way to understand it is to take a look at the most commonly used encryption methods.
Most software comes built-in with encryption to ensure that data cannot be lost or stolen at any point in time during transfer from the origin to the recipient. Different levels (protocols) of encryption have been developed over time. These standards became popular at the consumer level when Microsoft invented the PPTP protocol (more on this below). Even though it is now frequently criticized for alleged weaknesses, the PPTP protocol laid the foundation and provided the world the inspiration for more advanced encryption protocols such as L2TP, SSTP and OpenVPN.
For instance, you use the HTTPS protocol daily. The HTTPS is a combination of the HTTP and TLS protocols that comes hard-wired into most internet browsers and is designed to ensure that no information alteration takes place during data transmission. It doesn’t provide protection against advanced threats. Protection from advanced threats requires the use of advanced encryption protocols.
2. How Does Encryption Work?
Using an encryption protocol is a technique to secure your data by altering it for safe transit. It is not like using a proxy or browsing in incognito mode. Here is a brief and practical description of some of the most common encryption protocols.
Ciphers play a major role in helping ensure data privacy. A frequently cited and easy to understand example of ciphers is the use of the Caesar Shift Cipher that Julius Cease would use to send his letters. He would simply replace each alphabet with the next one. This was made more complex by constantly changing the number of alphabets that would be juxtaposed each time.
As long as the origin and the recipient knew this number (called the key), the message was secure and indecipherable for anybody who may intercept it. As long as the key was safe, the secrecy of the message remained intact.
You will notice that most services offer AES encryption. AES is a widely used symmetry-key cipher that was initially used by government organizations because of the ease and speed it provided. I guess you could call it an advanced version of the good old Caesar Shift Cipher. Which creates the challenge of keeping the key secure in hyper-connected cyberspace.
RSA is a heavy duty asymmetric algorithm. As an asymmetric encryption algorithm that uses a public key and a private key so that decryption requires two-step verification. The ‘certificates’ you often see your browser exchanging while you surf are the public keys.
3. PPTP
Introduced by Microsoft with Windows 95, PPTP now comes with most operating systems and is one of the weakest encryption protocols today. Only recommended for use in bypassing basic geo-restrictions as the light-weight PPTP does not have an impact on speed.
4. OpenVPN
OpenVPN is built over the OpenSSL encryption library. The open-source encryption protocol is known to provide adequate data security when used with AES encryption. Even though it is not built in to most software, we recommend it and encourage you to download the easily available third-party OpenVPN software.
5. L2TP/IPSec
L2TP is a VPN protocol that is usually implemented with IPSec encryption. It is more secure than PPTP but problematic when used with firewalls. Using L2TP/IPSec can take a bit of toll on speed as it is a two-step process.
6. SSTP
Introduced by Microsoft with the Windows Vista Service Pack 1, it was built over the SSL encryption library like OpenVPN and is best used with AES encryption. It is safer and faster than L2TP/IPSec, and is widely regarded as Microsoft’s version of OpenVPN.
7. Are There Any Weaknesses In Encryption?
The problem with using standardized encryption such as the more common AES and RSA, and the less common SHA-1 and SHA-2, is that almost all of them have been the target of NSA’s cracking attacks in the last few years. To start with, the US government’s NIST (National Institute of Standards and Technology) take an extraordinary interest in developing and certifying encryption protocols, which explains why Edward Snowdens allegations about government tampering and back-door injecting might have weightage.
Why are we still using these encryption protocols? IT manufacturers and contractors use these encryption protocols because failing to use them would be deviation from NIST’s standards that must be complied with in order to operate in the US.
Most people don’t mind the government snooping and the spyware infiltration. They feel that they have nothing to hide and are ok with relinquishing their right to privacy. Others feel that their privacy should not be taken for granted and that they have the right to decide whether or not they wish to be monitored.
Users have begun to use open source options such as Tor and OpenVPN (more discussed below) in order to stay off the government and corporate grids when using the internet.
8. What Is Perfect Forward Secrecy?
Perfect Forward Secrecy is a technique used to ensure that encryption keys remain safe and that the leakage of a single encryption key does not jeopardize other keys in the same session via a domino effect.
Had the government allowed IT manufacturers to implement perfect forward security at the consumer level, the Heartbleed bug would have never earned a place in the history books.
9. How Does Perfect Forward Secrecy Work?
A secret key is used to create a secret key, that is then used to create a session (cipher) key, that is used to encrypt data. Data integrity is directly reliant upon the confidentiality of the session key. Which means that any data that is stolen and saved in its encrypted form (which is a hobby loved by the NSA and hackers alike), will become readable if the session key is recovered and used to crack the secret key in the future.
Perfect Forward Secrecy is a method of creating and using short-term secret keys. This makes the session key useless for anybody who might acquire it in order to decrypt stolen/stored data.
10. What Is The Heartbleed Bug?
Countless cases have been recorded in which globally recognized internet security methods have crumbled and left users vulnerable. The Heartbleed bug is this century’s biggest security fumble to date.
According to the research done by the good people at CNet, Heartbleed happened because of a security vulnerability in the OpenSSL software that allowed hackers to access users’ access credentials for around 500,000 websites.
Under the cover of the heartbleed bug, hackers were able to siphon out data without setting off any alarms. By stealing 64 kbs of data at a time, hackers were able to stay under the radar while collecting data that included login credentials and cookies. Hackers were also able to steal certificates (encryption keys) used for email, instant messages, etc.
11. Is The Heartbleed Bug Still A Security Threat?
Only a set of specific versions of the OpenSSL software came under fire from the Heartbleed bug and websites that ran the unfortunate version were quick to patch up the weakness. Users were also instructed to change their log-in credentials in case hackers had managed to grab hold of any information before the bug was patched.
The Heartbleed bug had been around for around two years until it was discovered. It was unclear if hackers had been able to find and exploit the bug during that time. It was, and is, also impossible to ascertain if any information had been stolen during that time. Only reactionary measures could be taken by patching the weakness and changing the passwords.
The Heartbleed Bug serves as a solemn reminder of the fact that there are weaknesses in the codes that we trust today, and we may not always be the first ones to find them. However, experts say that the Heartbleed Bug would have never been a threat if we were using End-to-End encryption.
12. What Is End-To-End Encryption?
This is the perfect form of encryption since it ensures that data is encrypted at all times during transit. Companies like Microsoft promise to encrypt your data, but only do so on their servers, and have the right to decrypt your data for any third-party at will. This is what happened when Microsoft and the NSA collaborated to work on the Prism program.
13. How Does End-To-End Encryption Work?
End-to-End encryption starts on your end – may it be your laptop, desktop, mobile, or console. Your data, once encrypted, is then transmitted in the encrypted form and is not decrypted until it reaches its destination.
Any third party (corporate, governmental, etc.) with or without authority, will not be able to collect and read your data, with or without a warrant. That is why corporate IT giants are never given permission by the government to give consumers access to end-to-end encryption. That is also why users looking for genuine end-to-end encryption have to use external software designed for the specific purpose of providing uninfluenced end-to-end encryption.
14. Is My DNS Activity Saved?
Contacting the DNS and communicating with it to be forwarded to the website’s server address can take up precious seconds, which is why internet browsers are designed to save DNS histories. Your DNS history is cached but not exactly placed in a secure vault. As a result, anybody who gets his/her hands on it can track your internet activity using the DNS history like breadcrumbs.
15. How To Clear Cached DNS Entries?
Fortunately, flushing your DNS cache hardly takes a minute.
1) Open the command prompt
2) Type in “‘ipconfig /displaydns” and hit enter to view your cached DNS entries
3) Type in “ipconfig /flushdns” and hit enter. You’re done!
16. What Are Flash Cookies And How Do They Work?
You can delete your history all you want, but Flash cookies will still remain and bypass your browser’s cookies privacy settings. A Flash Cookie is essentially a ‘Local Shared Object’ that websites use to keep track of users’ browsing activities.
Websites claim that they use Flash cookies in order to identify returning traffic, but fail to explain why users who wish to delete their browser’s cookie cache are not given control over the management of Flash cookies.
The unmonitored installation and unpreventable execution of flash cookies is possible because big shot internet browsers like Chrome, Firefox and Mozilla are heavily reliant on cookies to monetize their services.
17. How Do I Delete Flash Cookies?
There are user-friendly applications that can help you gain control over flash cookies. Users who don’t want to install additional software to get rid of flash cookies can access Adobe’s Flash Player Help portal to delete the flash cookies manually by following these simple steps.
- Go to the Flash Player Website Storage Settings
- Click on the button marked ‘Delete all sites’
- Uncheck the box for “Allow third-party content to store data on your computer”
You can also disable the automatic storage of Flash cookies in two steps.
- Go to the Flash Player Global Storage Settings panel
- Move the slider all the way to the left and check the box for ‘Never ask again’
18. What Are Zombie Cookies?
True to the name, the Zombie Cookie is like a Zombie, and comes back to life after it has been killed (deleted). Unlike a Flash Cookie, you do get to delete a Zombie Cookie, but that doesn’t mean it’ll be gone for good.
Zombie Cookies survive deletion by remaining alive outside the standard cookie storage area. There are about a dozen client side storage locations where Zombie cookies can hide. Websites use Zombie cookies to track users’ websites visits, as well as to block banned users. The unauthorized functionality of these cookies is often categorized as a security breach and frowned upon by privacy advocates.
19. What Is A DNS?
Each website is hosted on a server, and each server has a unique IP address that is the actual name of the website. A URL is like a nifty packaging that helps users access websites by memorizing website names instead of IP addresses. Every time you enter a URL and hit ‘GO’, the Domain Name System (DNS) functions like a telephone directory and redirects your website request to the respective IP address.
Domain Name Systems are often used by ISPs and governments to control internet access in specific regions. This is accomplished by editing the DNS library so that it reroutes all requests for a specific website to an alternative defined page.
20. How Can I Control My DNS?
However, DNS are publicly accessible and users can switch DNS through a little bit of manual tweaking that is allowed by almost all modern internet enabled devices.
Internet enabled devices cannot function without using a DNS, which is why it is made to be configurable. You can replace your device’s DNS of choice by simply copy pasting the details of your preferred DNS in the settings.
21. OpenSSL
OpenSSL was built over SSL (Secure Socket Layer), which was developed by Netscape, and is now implemented in its much more evolved version: TLS (Transport Layer Security). Websites that use SSL have URLs starting with HTTPS. OpenSSL was built to provide an open-source version that allowed mass implementation.