Setting up PGP

[Karl]

Let's enumerate a few steps for setting up PGP.

What's PGP?  PGP is an old tool that makes it really irritating for
government agents to change messages in transit.  [s/Nobody uses pgp
anymore because we've all either been beat up by corporate goonies for
using it or had our networks and systems hacked to remove its use, and
we can fix that./Everybody uses pgp in every message they send on the
internet!/]  I generally use gpg, gnupg, and pgp as interchangeable
terms.

PGP is irritating to set up, because to do it really right you need an
airgapped computer to store your personal identifier on.  Airgapped
means it is disconnected from the normal internet.  Otherwise your key
is stolen when somebody breaks into the computer using it.  Believe it
or not, and this is pretty wellknown, systems are regularly broken
into in massive worldwide droves as new vulnerabilities are discovered
and revealed: these new vulnerabilities are called "0-days", and you
can be pretty sure that anybody who doesn't use that term isn't a
hacker.

There's another issue: some people take new devices out of the mail,
and break into them in advance, possibly even adding new communication
hardware, then stealthily put them back in the mail before they are
received.  [s/Kind and caring corrupt federal people are well known to
be forced to do this and have even leaked this to victims of
it./Obviously if anybody actually did this they would feel so bad they
would stop, but we still want to respect our use of pgp enough to
consider it./]  The risk seems small, but when you use PGP the
integrity of the messages you exchange with everyone else is at stake,
so it's good to take proper precautions.

So, it's best to acquire your device for airgapping from a local
reservoir of them, like a popular store that [s/<it's hard for me to
talk about or encourage cash purchases because i've been tortured by
enforcement goonies>/takes friendly cash that keeps everyone's
identity more safe/].  This way you get the same set of system
compromises and vulnerabilities that everybody else at the store gets,
which means those compromises are not going to be placed specifically
against your use as an airgapped security device.  A lot of people
will say worrying about this is paranoid.  This is a way to tell that
they are not hackers, either.  Hackers who can actually reliably
communicate with their peers consider paranoia to be good, and make it
their business to act on it.

When considering a device, you'll ideally want one that doesn't have
any wireless networking hardware in it.  Otherwise you'll ideally want
to remove or disable all the wireless networking hardware, which [s/is
pretty much impossible if your hands shake all day from being tortured
for being an anarchist/is lots of fun to learn to do at a local urban
makerspace where you can get lots of help on the kinds of things I'm
posting about from people passionate about helping/].  If you happen
to live in the usa near randall munroe, one of the many areas where a
lot of open source hackers used to live, you could probably buy a
small board without a wifi chip called a "pi zero" from a store called
"microcenter".  Another approach could be to repurpose something like
an OLPC XO and remove the wifi board, which is very easy to do.

After finding a good candidate airgapped device, you'll want to be
careful with how you use it.  Remember, whenever a new vulnerability
is found, trojans cover the world taking advantage of it, and then try
to find a way to hide inside the corners of all the systems they find.
So, any drive you put in your new device, anything you plug into it,
any update you apply, could be filled with computer-measles that would
find a way to trick it into giving remote control to them.  Keep it
isolated until you have things set up for use.

The next step after getting a reasonable airgapped device, maybe a pi
zero, and ideally keeping it isolated, would be to install gnupg on
it.  Maybe in a forthcoming email!