Welcome to Solomon!

Enter the Access Code below

Access code is invalid

Solomon Logo

For assistance, problems or questions, please email us.

solomon@reliant.org

Versions Compared

Old Version 10

changes.mady.by.user John Abassian

Saved on

compared with

New Version 11

changes.mady.by.user Sarah Swann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a simplified guide to encryption, security, and digital privacy. the The programs and tools recommended here are tested and trusted by the usReliant, but they are not the only suitable option. The goal of this write-up is to guide you towards the best level of privacy without adding unnecessary complications, to strike a balance between a solution that's "good enough" and easy to use. 

...

  • Never submit sensitive data to a website that's not secured!

    On most modern browsers, a secured website will have a green lock and the address will show "https:", modern browsers also give you a clear warning that requires multiple clicks to bypass and use an insecure site. But if you're using an older browser or one that doesn't have these safeguarding features, always look for a closed lock icon and "https" in the url. 

    Secure websiteInsecure website


     

     

     



     

     


  • Always make sure to type out "https://" to ensure complete end to end encryption

    Info
    titleImportant!

    This is critically important if you're on a public/untrusted network (e.g. public WiFi). This also applies at the Internet Service Provider level, if you have reason to believe your ISP or its government are intercepting your data, always make sure to type out "https://" 

    Unfortunately, the internet was designed without any privacy and security features in mind, and these features were only added on later. But because these added measures required a time and monetary investment from website operators, adoption has been a very slow process. As a result, the internet effectively operates in two discrete modes, the new secure protocol (https) and the old insecure protocol (http), with http being the default. 

    Because the two modes are discrete, most websites support both protocols to allow users to simply type "example.com" instead of "https://example.com". "example.com" translates to the default protocol ("http://example.com") and then the website may redirect you to the https protocol. 
    An attacker can take advantage of this redirect with a technique known as "Man In The Middle", in which the attacker intercepts your insecure requests and sends them to the website through the secure protocol, it then receives the response from the website and sends them back to you after reading its content.

    Info
    titleTechno-babel

    For a better understanding, here's an illustration of your communication with example.com when properly secured using https:
    Notice how your communication with the website is encrypted end-to-end, and no outside party can view what you send and receive. 



    When browsing to example.com without typing "https", assuming the site implements a redirect, the initial communication with the website is insecure, the website then instructs your browser to communicate over the secure protocol insuring all future communication is secured and private.

    An attacker (e.g. a malicious WiFi hotspot, ISP, etc) can take advantage of this by not sending the initial request to the website over the insecure protocol, instead sending your data to the website over the secure protocol after reading the content.
    Notice that example.com is communicating securely with the malicious network, it's acting as a Man In The Middle.


...

Info
titleTechno-babel

Simplified illustration of symmetric cryptography in practice:
Taken from https://wordtothewise.com/2014/09/cryptography-alice-bob/

This is a story about Alice and Bob.

Alice wants to send a private message to Bob, and the only easy way they have to communicate is via postal mail.

closedletter

Unfortunately, Alice is pretty sure that the postman is reading the mail she sends.

openletter

That makes Alice sad, so she decides to find a way to send messages to Bob without anyone else being able to read them. 


Alice decides to put the message inside a lockbox, then mail the box to Bob. She buys a lockbox and two identical keys to open it. But then she realizes she can’t send the key to open the box to Bob via mail, as the mailman might open that package and take a copy of the key.

Instead, Alice arranges to meet Bob at a nearby bar to give him one of the keys. It’s inconvenient, but she only has to do it once.

lockstore

After Alice gets home she uses her key to lock her message into the lockbox.

shared1

Then she sends the lockbox to Bob. The mailman could look at the outside, or even throw the box away so Bob doesn’t get the message – but there’s no way he can read the message, as he has no way of opening the lockbox.

shared2

Bob can use his identical key to unlock the lockbox and read the message.

shared3

This works well, and now that Alice and Bob have identical keys Bob can use the same method to securely reply.

Meeting at a bar to exchange keys is inconvenient, though. It gets even more inconvenient when Alice and Bob are on opposite sides of an ocean.

 


Encryption for secure data sharing

...

Services like protonmail.com rely on public-key encryption to insure your emails are encrypted end-to-end, but to make it easy to use, they hold on to your private key and store it securely in their own servers. The private key is itself encrypted on their servers and is only decrypted when you successfully login to your account, it is then decrypted and sent to your browser where it is stored in memory to decrypt the emails. In theory, ProtonMail cannot access your private key, but since we don't know how they encrypt it, we cannot know for sure that it's securely encrypted. Therefore, we rely on them to not access it or allow anyone else to access it. For most communications, ProtonMail is considered highly secure. 
It's important to note that emails sent through proton mail are only end-to-end encrypted when sent to a proton mail recipient. This is our unlisted ProtonMail account if you wish to reach us through it: quietwizard@protonmail.com 

 


For the ultimate security and privacy, we must manually encrypt our data. 

...

The Gpg4Win suite has also installed extensions to allow you to easily encrypt/decrypt emails within Outlook, if you happen to have that installed. 

 


Info
titleTechno-babel

Simplified Example of asymmetric cryptography in practice:
Taken from https://wordtothewise.com/2014/09/cryptography-alice-bob/ 

This is a story about Alice and Bob.

Alice wants to send a private message to Bob, and the only easy way they have to communicate is via postal mail.

closedletter

Unfortunately, Alice is pretty sure that the postman is reading the mail she sends.

openletter

That makes Alice sad, so she decides to find a way to send messages to Bob without anyone else being able to read them.

 


This time, Alice and Bob don’t ever need to meet. First Bob buys a padlock and matching key.

public1

Then Bob mails the (unlocked) padlock to Alice, keeping the key safe.

public2

Alice buys a simple lockbox that closes with a padlock, and puts her message in it.

public3

Then she locks it with Bob’s padlock, and mails it to Bob.

public4

She knows that the mailman can’t read the message, as he has no way of opening the padlock. When Bob receives the lockbox he can open it with his key, and read the message.

public5

This only works to send messages in one direction, but Alice could buy a blue padlock and key and mail the padlock to Bob so that he can reply.

Or, instead of sending a message in the padlock-secured lockbox, Alice could send Bob one of a pair of identical keys.

publichared

Then Alice and Bob can send messages back and forth in their symmetric-key lockbox, as they did in the first example.

shared2

...


Encryption for secure communication

...

 

 

 

  •