A handy trio of tools for protecting your privacy
Maybe you can't stop the NSA, but you can still take meaningful steps to protect your privacy.
We've all read the reports about Internet companies and government agencies that are tracking people. Like many Linux users, you might be interested in making your system as "NSA-proof" as possible. The tools and techniques for cyberprivacy are far too numerous to cover in a single article, but most of the challenge boils down to three basic objectives:
- Secure data at rest
- Secure data in transit
- Clean up
Securing data at rest means encrypting the data as it sits in storage somewhere – which might be on your own drive or in a Dropbox or Carbonite folder in the cloud. Securing data in transit means encrypting and anonymizing information so no one can read your messages or trace your Internet activity. Cleaning up means you don't leave information around for others to find.
This article tours a trio of tools for keeping intruders, spies, and traffic analyzers off your trail. The software described helps you raise the bar to make it more difficult for anyone to snoop your data and your browsing habits. Some of these tools have appeared in previous articles, but it is still useful to see the information all in one place. I have no illusion that these tools are impregnable, fool-proof solutions. They simply make it more difficult for any entity to snoop, track, and analyze your activities.
Encrypting at Rest: TrueCrypt
Several open source tools offer the ability to encrypt data at rest. Some of these tools operate at the file and directory level, and others operate on a whole block device. One example of a block encryption tool is TrueCrypt . See the article on block encryption elsewhere in this issue for more on TrueCrypt and the differences between disk-level versus file-level encryption. I'll just give you a quick tour of the GUI so you can see how easy it is to get started with encrypting your data.
TrueCrypt sports a nice graphic interface for those who don't want to go the command-line route. If you want to use TrueCrypt, you'll have to download it from the site; most Linux distributions don't support it from any of their installation tools. Installing TrueCrypt is quite simple, however: Download the tarball, unzip it, and follow the wizard shown in Figure 1.
To run TrueCrypt after you install it, open a terminal and issue the following command:
The TrueCrypt application shown in Figure 2 will run.
From the TrueCrypt main window, you can:
- Create a volume: A "container" that acts as an encrypted directory and holds any file or subdirectory you wish. Any file or subdirectory dropped into this volume is automatically encrypted and decrypted, as long as you know the password to the volume.
- Specify the encryption algorithm you wish to use: In addition to AES, you can specify Serpent, Twofish, and Cascades. I almost always use AES with the highest key size possible. In the United States, that's 256 bits. In general, a larger key size means it will be harder to break the encryption. See the TrueCrypt website for more on the available encryption algorithms. 
- Hide and unhide volumes: TrueCrypt lets you hide an encrypted volume inside another encrypted volume. If someone manages to decrypt the outer volume (or if you are forced to reveal the password) the hidden volume will look like random data inside the outer volume. See the TrueCrypt website for more on hidden volumes .
Creating a Simple Volume
TrueCrypt uses convenient wizards to get you going. To create a simple volume (that basically acts as a giant TrueCrypt file and allows you to place new files inside it), simply click on the Create Volume button. The wizard will begin to create the volume. At the initial screen, select the Create an encrypted file container radio button, then click Next. Creating an encrypted file container means you won't be encrypting an entire partition or USB drive. You'll simply be creating a file inside a standard Linux partition or a directory or file on a USB drive.
At the next screen, you can specify whether you want to create a standard or hidden volume. Clicking Next takes you to the Volume Location window, which is where you tell TrueCrypt where the TrueCrypt volume should be stored. You can specify any location, including a directory off your home directory or a directory on a USB drive.
Creating an initial volume is quite straightforward. Remember that if you have existing files in a directory, TrueCrypt won't encrypt them. If you specify an existing file, that file will be overwritten, which means you'll lose any data in that file.
Encrypt an Entire Drive
To encrypt an entire drive, simply start the TrueCrypt wizard, then select Create a volume within a partition/drive and click Next. The remaining steps are similar to creating a simple volume, but instead of selecting a file or a directory for the file, you are asked to specify a volume, which can include any hard disk partition or USB drive.
Understand that any information on the volume you choose will be destroyed. Don't specify partitions that contain valuable information or system files. If you want to use TrueCrypt to encrypt an entire partition, proceed carefully; do yourself a favor and back up any important data.
Your data at rest is considerably more secure with encryption. TrueCrypt is an easy and convenient encryption tool that even comes with a simple GUI for encrypting volumes and disks. See the article on block encryption elsewhere in this issue for more on TrueCrypt at the command line and other encryption techniques.
Buy this article as PDF
Upcoming switch to HTML5-only ads is further evidence the Flash is entering its final days.
US government invests $19 billion on enhancing security and replacing ancient computer systems.
But you can still be a non-voting “individual supporter” if you pay the money
Several current systems could fall victim to the attack
Latest Linux engine comes with better graphics and support for Intel's new power-saving chips.
Hackers send a message of beauty and liberation to server logs
Citrix gets excited about new Pi-Powered XenDesktop client system
Linux on Azure cert heralds a new era for Redmond.
Proposals for presentations at the CeBIT Open Source Forum will be accepted through 24 January 2016.
Adobe looks for a new start; renames its embattled Flash tool.