The Ask Leo! Podcast

Scams are bad enough. Throw AI into the mix, and things only get worse.

Macrium Reflect X is the successor to version 8. It includes a few new features and a controversial change to the licensing model.

[glossary_exclude]They assume perfection, and we all know how that goes.[/glossary_exclude] by Leo A. Notenboom (Image: DALL-E 3) A phrase we've heard more and more often in recent years is encryption backdoor. The concept is simple: government agencies want to be able to monitor otherwise encrypted communications. The concept is flawed. [glossary_exclude]Encryption backdoors[/glossary_exclude][glossary_exclude]Encryption backdoors allow governments or other entities to access private communications, undermining privacy. These backdoors create vulnerabilities; they rely on the trustworthiness of those entities to use backdoor keys responsibly and prevent leaks. Criminals can still bypass such measures using traditional, non-backdoored encryption. Encryption backdoors risk your privacy without effectively improving anyone's security.[/glossary_exclude] Securing communications with encryption The fundamental concept of encrypted communications is that only the sender and the recipient can read a message exchanged between them. The sender encrypts it before sending, and only the recipient has the ability to decrypt it.1 One example I run into regularly is sending someone a password -- you don't want someone "in the middle" to be able to see it. An end-to-end encrypted messaging service is one solution. Governments don't like this at all. At its most basic, encryption prevents law enforcement from monitoring potentially illegal activities. At its most extreme, it prevents oppressive governments from monitoring what their citizens might be up to. As a result, from time to time we hear of proposed legislation to force service providers to provide a back door that would allow authorized entities such as governments and perhaps others to access otherwise inaccessible communications. How a backdoor might work Traditional encryption works in one of two ways. One method uses a common secret, like a password, which is used to both encrypt and decrypt data. The other method uses a key-pair: one key can decrypt data encrypted by the other, and vice versa. Without the appropriate password or key, encrypted data cannot be decrypted.2 What both these approaches have in common is math -- lots and lots of advanced, complex math. A backdoor adds more math. In addition to the password or key, some kind of "master key" would also be needed to decrypt the data. That master key would be shared only with trusted entities (like governments) with (hopefully) legitimate reasons to decrypt the data. A real-world physical example Consider the TSA-approved padlock. TSA's "back door" on a combination lock. (Image: askleo.com) This padlock might have a key or combination. If you have the key or know the combination, you can unlock it. In the United States, the TSA (Transportation Security Administration) has mandated that approved padlocks also have an additional key slot -- a key slot for which their agents have a master key. This master key is a back door allowing them to bypass your padlock’s mechanism completely and open it. This allows them to examine the contents of your luggage. You can use a non-compliant padlock, but the TSA has the right to break the lock. There's a reasonable argument that this contributes to public safety. However, even though it's likely illegal to possess, the master key has long been available to anyone who cares to get it. Travelers have been forced to sacrifice personal privacy for public security. Physical versus digital The major difference between our physical example and encryption is the bolt cutter. Luggage locks are easily broken. Even the most secure locking mechanisms can typically be thwarted with enough skill or force. That's not quite the same as digital encryption. An appropriately strong encryption algorithm can be practically impossible to break. Again, governments don't like this. They would very much like a way to break the lock,

Perfect security is a myth. What's important is to pay attention to the trade-offs you make.

Not long ago, I came up with the words to describe part of what I do. It was kind of a secret... until now.

Adding the most common and secure form of two-factor authentication to your account.

Will a specific power supply or charger damage a device? I'll look at what's safe and what's not.

Losing access to your Facebook account means losing everything within it forever. Make sure the important stuff is saved elsewhere.

Initial panic about the Microsoft Recall feature is overblown. If you're worried about that, you're worried about the wrong thing.

Commercial software can be expensive. Can you just pirate software if you can't afford it? You can guess my answer, but even better: theft isn't necessary.

CHKDSK can't check an empty drive, and Windows considers RAW to mean empty.

If your format happened quickly, it's unlikely your data was actually erased. I'll show you the difference.

Having your email automatically or continually signed in to can be a security risk in some situations, but very convenient in others.

Passwords are dying. On some services, you can start playing with the process by creating a secure password... and then forgetting it.

Here are my latest recommendations for specific security software and techniques.

This is a system designed to help you recover your email account if something should go wrong... and things go wrong more often than you would like to think.

Numerous people and programs can track your internet activities. But are you really that interesting?

When Windows tells you it's out of memory, what does it mean and what can you do about it?

Many people are concerned that they are specifically targeted by hackers, advertisers, and others. Nope.

Testing your backups is an easy step to overlook but an important one to take. Make sure your backups will be there when you need them.