Contacting me securely

My contact form

The contact form is an easy and reasonably secure way to contact me. The message is encrypted in transit to the web server, but is then sent unencrypted locally from the web server to the mail server. That means that an attacker would need to listen on a local connection, or compromise the web server or mail server.

Note: To ensure you are communicating securely with the web server, go to https://lauritzt.dk/contact and make sure that your browser is displaying a padlock near the address.

Note: When you use the contact form, your IP address is recorded and stored in accordance with my privacy policy. If you need anonymity, you can use an anonymizing proxy service, such as Tor.

OpenPGP

OpenPGP is a public-key encryption system that can be used to send messages securely through another communication channel. It can be a little daunting, particularly if you choose a command-line interface rather than a graphical interface.

To decrypt the message, an attacker would need to get access to my private key (which is encrypted with a strong passphrase, and is only stored on encrypted and trusted computers), get access to your private key (if you gave it access to the message), or guess one of the private keys (something that probably won't be feasible until after 2030).

The client I recommend is GnuPG (optionally with Kleopatra as a graphical front-end). If you're using Windows, have a look at the Gpg4win project*. You can also use Keybase as a OpenPGP client, which is simpler to use, though it may be less secure.**

You can get my keys here and learn more about public-key cryptography here.

*Windows might not be secure, see the section about OS security.
**I'm referring to Keybase's web encryption interface. Keybase's servers could theoretically be serving malicious code to specific clients.

OS and hardware security

You should keep in mind that your applications, your OS, and your hardware may be monitoring your activity..

Windows

The privacy policy of Windows lets microsoft collect and in some cases share contents of emails and files, as well as data about what you type. In the past, Microsoft has told American authorities about security vulnerabilities in Windows before fixing them. In addition, Windows is proprietary – that means that it is illegal to reverse-engineer Windows and review what it actually does. Learn more about the problems with Windows.

I recommend against using Windows to contact me if you need security. Instead, you can use TAILS.

TAILS

TAILS is a live operating system. That means that it doesn't change the configuration of your computer and doesn't save any data on it. It runs from a USB-drive and lets you bypass the potential security problems of your regular OS or the applications installed on it. When you're done with TAILS, you simply remove the USB-drive and restart your computer, and you're back to using your regular OS. Learn more about TAILS.

Offline keys

If you need additional security, you can use my offline keys. The private part of the offline keys are stored on an encrypted and specially secured computer that is never connected to the internet.

Encryption for offline keys is just like encryption for regular keys – just select the offline key instead. You should yourself use a computer that is never connected to the internet (or a computer with TAILS).

I have offline keys for OpenPGP (download) and X.509 (download).

It might take me longer to read and respond to messages encrypted for my offline keys.