Ask HN: How many HNers use encryption?

26 points by kunai ↗ HN
It's been several months since the NSA scandals leaked. Since then, how many of you have adopted encryption, or continued using encryption from previous times? Also, do you still use Gmail or have you switched to private, local hosting?

Be honest and vote once.

21 comments

[ 3.2 ms ] story [ 55.9 ms ] thread
i setup my own xmpp server so that we can do otr messaging but none of my friends will switch from whatsapp..
my encrypted xmpp is safe too, because I'm the only user of it.
Since the first Snowden revelations surfaces:

I've checked I've still got working (and strong) passphrases for all my PGP/GPG keys, refreshed my collection of friends and colleages public keys, and committed to sending at least one GPG encrypted email a week.

I've updated all my Tor browsers - including on my iPad - and I'm making a point of using it regulaly - especially if I need to visit a government website, hoping to leave obvious Tor-usage traces in their webserver logs for completely ordinary site use).

I've installed and configured EncFS on several machines, and started storing encrypted EncFS volumes on Dropbox/Gdrive/BTSync (including syncing and time0machine backing up those encrypted files on my media server, which doesn't have EncFS or the encryption keys installed), and I've also signed up to JottaCloud to give me a non-US hosted cloud-synced option.

I've acquired several SSL/TLS certs from StartSSL, and started installing them on various sites (including sites running on shared ip addresses using SNI - sorry IE6 users…)

From a recent comment in another thread - here's my under-way email project:

I'm in the middle of a project to replace my use of Gmail for something like $60 in hardware and under $20/month ongoing - with the bandwidth costs of my home internet connection ignored and replacement/upgrade of the RaspberryPi and it's USB drive storage ignored. Some details here: https://news.ycombinator.com/item?id=6319119

Is there an (unofficial) HN keyserver? Are there any HN web of trust key exchange events?
I doubt there is such a server, and I'm not sure what the utility would be, since they sync anyway :)

I don't know of any such events, but I imagine that it would be easy to organize one as part of some of the already existing HN meetups?

Care to add the ability to vote for VPN?
None - I use only disk based encryption - I hate the idea of someone that steals my 30 kilogram rig will have access to my information.
Want a really easy and unobtrusive way to use encryption?

OTR for IM. The plugin for pidgin makes it silly easy, just install and forget. Everyone you chat with that also has it installed will result in an encrypted conversation. Anyone else and it works normally. http://www.cypherpunks.ca/otr/

- GPG on GMail (Mailvelope Chrome extension) - only for important mails and obviously, only with people who have it on the other end

- Truecrypt (always had it)

- Boxcryptor on Google Drive for all important docs

- Paid VPN

- TOR (if you think this is for encrypted comms, you're wrong)

- Keepass for password storage (key file in boxcryptor)

So on and so forth

Do you think Boxcryptor is more useful/easier than putting a truecrypt volume inside your dropbox folder?
I can only speak for the old Boxcryptor version which is actually a slightly feature limited, proprietary implementation of encfs. TrueCrypt uses a container, encfs instead encrypts on a per file basis. So a small change is more easily to sync, at least when the sync service doesn't use binary diffs.
Exactly this. I evaluated both options for a while before settling on individual file encryption -- faster and cheaper sync.
rarely tor. rest on a daily basis but only for half my communication. full disc encryption on linux.
You asked about "use encryption" but looks like you refer to communications only, otherwise disk encryption is missing.

I self-host my mail and use GPG eventually, and all the disks of my devices containing private information are encrypted (in case of theft).

Only when I'm up to no good.
This has been a long standing issue for me. I just tend to use email/im less and less. Actually, I just communicate with people less and less, period.

Using encryption only draws even more attention to yourself.

"Using encryption only draws even more attention to yourself."

Exactly.

I use tarsnap[1] for my backups and I'm sure a lot of HNers also use it. It's not directly communication but the flow between my computer and the server is encrypted (and data on the server also are, of course).

[1] http://www.tarsnap.com/

I need to do more. I've made some steps towards doing most of my browsing over Tor (because it's no use if you /only/ use the proxy when you're doing embarrassing stuff!) and I plan to start encrypting my email using Ars's guide (http://arstechnica.com/security/2013/06/encrypted-e-mail-how...)

At the moment I'm afraid I still use Gmail. I'm a real newb at this.

The government slurping my data isn't changing any of my actions.

Since the revelations: No changes in actions. Some changes in thoughts.

Since before the revelations: No actions to encrypt anything. Some thoughts that I should. I bought a Yubikey.

I had some thinking that I should use disc encryption, and that I should start using VPNs and other encryption and privacy stuff more. After the revelations (most of which were not revealing anything to me) I am making more efforts to encrypt, but not because of any government snooping but because of all the other people who slurp and misuse my data.

I'm more worried about the traffic analysis than about the contents.