CategoriesInternetPrivacySecurity

New Security Measures from Gmail (VIDEO)

Have you noticed some of the changes lately in your Gmail inbox? You may have received an email from a friend or colleague and saw that it had an unlocked red padlock next to it like this:

gmail not encrypted did not encrypt this message

When you hover over the padlock, it says something like: “Some recipients use services that don’t support encryption” or “[(x) service provider] did not encrypt this message”. Gmail put this visual element in place to let users know that the sender’s email service does not support TLS encryption (video explaining TLS encryption following this article). Gmail users took notice of this change and in less than 2 months of implementation, “the amount of inbound mail sent over an encrypted connection increased by 25%” –Nicolas Lidzborski Gmail Security Blog

Another change you may have noticed is that the person you receive an email from has a question mark next to their name rather than the standard Google Plus avatar. A message is displayed that says: “Gmail couldn’t verify that this message was sent by [sender]…” This is a new way for Gmail to help you flag spam or determine if emails are spoofed.

gmail couldn't verify spammer

You will often see this warning when the message has been forwarded or has been sent by a third party site, as reflected by the email headers – or if the email service provider did not sign or verify the messages.

These new features are part of Google’s protections that are designed to help keep their users safe. Since 2012, Google has also warned its users if state-sponsored attackers may be targeting them. Even though this is a rare warning to receive, it is important for people like journalists and activists to know if they’re being targeted.

state sponsored attackers gmail

Now Google has made a new announcement. If they have reason to believe government-backed attackers may be trying to steal your password, they will give you a full page warning upon sign in like this:

new warning google government state sponsored attackers

Google maintains: “The security of our users and their data is paramount.” Do you believe these changes will in fact make Gmail’s users safer?


(Google now lets Gmail users know if senders are not using TLS encryption. Learn about TLS by watching the above video)

CategoriesHow To GuideInternetPrivacy

How to Install Tor Browser on Windows

One of the great things about the internet used to be the anonymity of it. You have the freedom to share information without compromising your privacy. However, with technology becoming ever better, it is becoming increasingly difficult to stay hidden on the web. If you are looking for privacy over the web, look no further than using Tor.

What Tor is

What is Tor and how does it work? To fully understand Tor, it needs be broken down into separate parts. That first part is called onion routing. Onion routing is a system designed to block any kind of efforts to track communications. It allows two ends to communicate to each other without letting either party know who exactly they are communicating with. It also ensures encryption.

The second part is the Tor network. The tor network is a large connection of servers that are operated by volunteers. These servers run onion routers that funnel internet traffic through virtual pathways. In simple terms, they scramble the traffic in a way that makes it almost impossible to track who is talking to whom.

The last part is a Tor browser. Most browsers are set up to store information on the user. If you allow your browser to store your password for any site, then it is tracking information on you. The normal browser stores cookie files and browsing history. Both of these are information stored on you so that it can either deliver a better service to you or deliver advertisements based on your general interests. Neither of these support efforts towards privacy.

Installing a Tor Browser on Windows

The first step to installing the Tor browser is to go to the website at www.torproject.org/download. Download the version for your operating system. Follow the installation directions in the same way for normal applications. Once the installation is complete, run the browser. From here, you’ll be able browse the internet anonymously with limitations.

There are limitations and considerations to using a Tor browser. First, the tor network only provides privacy and encryption while inside the network. This means that any communication passed once outside the network is vulnerable. Next, the tor browser does not protect all of your computer’s activity. If your computer is not going through Tor then it is not providing anonymity. Also, it does not protect against document downloaded through Tor while online. If you download a document while using Tor, do not open the document. If you must, start a virtual machine and open it within the machine while it isn’t connected to the internet. The last thing is not allowing plugins to run on the Tor browser. Plugin extend the functionality of a browser. However, they are extension that run on your computer that have the ability of opening holes in your security.

The Deep Web

While anonymity can provide a place to freely share ideas, it can also be a source of illegal activity. With that being said, the Tor browser allows you to surf websites that operate illegal and sometime immoral activities. Websites like “The Hidden Wiki” do not censor some material that others may find offensive. To sum it up, Tor browsing offers anonymity but at its price.

CategoriesInternetPrivacySecurity

How Do SSL Certificates Work?

How do you exchange private data over the internet? Part of the answer lies with SSL certificates. Secure Socket Layer (SSL) certificates work by creating a private line of communication in which allows private data to be delivered.

The main problem with communication and security over the internet is eavesdropping. Others may be able to access the data exchange between your computer and the website’s servers. This is also called a main-in-the-middle attack. SSL certificates are a way of ensuring that no one is able to intercept and decrypt this information.

To better understand how SSL certificates work, let’s imagine a boy is being picked up at the train station for the first time by someone who he’s never met. How can he know for sure to trust the person picking him up? The answer is simple. His parents write a letter signed by them stating they trust that individual. By trusting his parent’s authority, the boy can now trust the person picking him up.

This is quite similar to how SSL certificates work. Web sites can create certificates and have them signed by something called a CA or Certificate Authority. An example includes DigiCert. By having them signed, browsers can then identify website and servers by their certificate. They then know if they can trust them. This is the basic concept of how SSL Certificates help to identify and trust the websites we are communicating with.

What about actually communicating? What if two people want to talk in that same train station without worrying if someone else is listening? The answer lies with keys. To illustrate the concept of keys and how they help with encryption, imagine each of the two people have a box and a set of keys. The keys are labeled private and public. They exchange their public keys. Now, each person has a private key, the other’s public key, and a box.

The basic process works like this: One person writes a message and places it into the box. They then lock the box with the other’s public key. They then pass the box along. Once the box is at its destination, only the person holding the private key can open the box locked by its very own public key. If the other person wants to send a message back, they can send back a letter in the box locked with the other’s public key. The entire communication, also called a session, can go back and forth securely using this method.

This is much like how SSL certificates are used to create private and public keys. Web servers send the user a copy of its public key along with the certificate. The browser can then decide to trust the website based on this information. If it does, it can then send messages back and forth simply by encrypting and decrypting keys.

Identifying websites that have and use SSL are easy. Simply look for the lock at the top of the browser. Never exchange private data unless there is a lock up at the top of the browser. If there isn’t, there is not an acceptable level of encryption being used on that site. Anyone who sells anything online needs to have an SSL .All banks and e- commerce sites need to have an SSL to help ensure security.