Category Archives: Encryption and Privacy

Why I would not put Kodi on an Amazon Fire TV Stick.

Amazon Fire TV Sticks and more recently, Amazon Fire TV Media Players (which can currently be purchased for $18/month) have been sold for years, and can be modified to permit the installation and use of the Kodi application.  As many tech savvy guys and gals know, Kodi (formerly XMBC) can be used to add pirated content to be downloaded or streamed using the Kodi app.

The problem with using Kodi on an Amazon Fire TV is twofold.

  1. You are using a tracked device that you likely registered to your account.

  2. Kodi when installed on the Amazon Fire Stick uses the wireless connection provided to it, exposing the user to copyright infringement lawsuits.


This is a no-brainer.  To activate the Fire Stick, you need to register it with your username and password.  Amazon knows this device belongs to you, and in a number of cases, it even comes pre-programmed to your Amazon account, so why would you use it to view copyrighted software without a license?

All that would need to happen to sue an Amazon Fire Stick user is for a copyright holder to file a copyright infringement lawsuit against a John Doe, and then have the court authorize expedited discovery to allow the copyright holder to send a subpoena to asking it to disclose the identity of the owner of the Amazon Fire Stick.  Amazon would happily comply just to stop you from using their device to pirate or stream copyrighted content without a license.

Of course, there are ways to factory reset the device or deregister it from your account, but that is outside the scope of this article.


When you set up your Amazon Fire TV Stick, you enter your wireless username and password.  That way, your Amazon Fire Stick can connect to the internet automatically as soon as you plug it in.

The problem is that any apps you use (here, Kodi), ALSO USES THAT SAME WIRELESS CONNECTION.  This connection has your real IP address exposed and shared with the internet.

It doesn’t take a genius to realize that they can file a copyright infringement lawsuit against the website providing the content, and force it to hand over the web site logs or analytics for a particular page hosting the copyrighted movie you connected to with your exposed IP address when you used your Kodi-enabled Amazon Fire Sitck to view or download that copyrighted movie.  And once they have your exposed IP address, they now have TWO WAYS to sue you in a copyright infringement lawsuit:

  1. Subpoena the ISP who owns that exposed IP address and have them expose the identity of the account holder (the typical way a “John Doe” lawsuit is filed), or
  2. Subpoena to have them expose the account information of the customer who purchased that particular Amazon Fire Stick.


Technology in its current state does not make it easy or convenient for a copyright holder to go through the hassle of suing Icefilms, Putlocker, or any of the MANY providers of copyright-infringing content.  Many of these providers are out of the U.S., and as such, it is difficult (not impossible) to get them to comply with a US-based court order signed by a US federal judge.

Also, it is difficult to determine whether these sites even keep analytics or website logs to determine which IP addresses visit any of the pages on their websites.  As soon as users start getting sued, no doubt these companies will shut off all website logging and analytics, thwarting any copyright holder’s attempts to identify the IP address of the Kodi / Amazon Fire Stick user.

Lastly, it is an uphill battle for a copyright holder to fight a website provider to turn over the website logs exposing who is visiting their websites.  This is why you do not see ANY copyright infringement lawsuits suing John Doe Defendants for the unlawful STREAMING of copyrighted content from software sources such as XBMC or KODI.

For this reason, at the time I am writing this article, I cannot see how a user would realistically be sued for using Kodi on an Amazon Fire Stick.  However, as technology advances and tracking methods improve to the point where a copyright holder will be able to identify the IP address accessing a website containing copyrighted materials, the threat of being sued for streaming content will increase.

Click here for more details on the topic of “Can I be caught and sued for copyright infringement for streaming movies.”

A QUICK NOTE ABOUT POPCORN TIME: Popcorn Time is a piece of software that uses BITTORRENT to acquire the movie title in order to serve it for free to their end user.  Bittorrent lawsuits account for most, if not all of the copyright infringement lawsuits, and thus Popcorn Time (even though it streams movies) is not included under the category of “hard to catch users for infringement.”


Even though I just told you that you will likely NOT be sued for using your Kodi-enabled Amazon Fire TV Stick to view pirated content, I still caution strongly against using it without some additional steps.

Why would you use a device that is registered to your name?  Do you think that is your friend and would protect you if they realized you were using their device to pirate movies and music?

And, why would you use a device that could expose your IP address to the world?  Your connection to the internet would create a trackable line between your internet account and the server hosting the pirated content.  Do you really think that your ISP isn’t snooping on you to see whether you are using their bandwidth for legal or illegal purposes?  If somehow copyright holders figure out how to get the list of IP addresses who downloaded or streamed a particular movie, do you really want to risk being sued for $150,000 for copyright infringement?

Common sense.  Even if you will likely not be tracked or caught, DO NOT use devices which connect to the internet without using an encrypted connection.  Your Kodi-enabled Amazon Fire TV Stick is one such device.


Obviously this article is meant to alert users as to the dangers of using a Kodi-enabled Amazon Fire TV devices.  It is not to teach you how to break the law and enable Kodi on your device. (I cannot believe Amazon is actually selling this ebook).

For common sense purposes, if you are going to do anything that exposes your IP address to the public, use a VPN.  A VPN is a Virtual Private Network which allows an individual to obscure his real IP address by connecting to the content desired by way of one or more servers.  I will not go into how they work here, but for reputable VPN companies who do not keep logs on your activities, TorrentFreak writes a report every so often, and that report is a good resource.

VPNs that keep your identity and your IP address private are PAID VPNs.  Free VPNs have been known to turn over their user’s account information (as have various paid VPNs as well, which is why I suggested TorrentFreak’s list).

If you were willing to learn how to program your router to route your internet connection through your VPN (most VPN providers teach their customers how to do this), then using your Kodi-enabled Amazon Fire TV device would be safe, and a user who uses this method would not need to worry or fear about being sued for connecting to the internet using the Fire Stick.

Of course, keep in mind that it is still a dumb idea to register that same Amazon Fire TV Stick with your real account information.  There might come a time where technology advances to the point where Amazon start ‘not liking’ their users using their Fire Stick for piracy purposes.  Thus, if you were to deregister the Fire Stick, or to purchase it without connecting it to your account (e.g., checking ‘buy it for someone else’) when you check out, that will stop from preprogramming the Fire Stick with your account information.  But still, you should still be cautious using an Amazon Fire Stick with Kodi (even with a VPN) because Amazon themselves might devise a way to track their own devices (if they have not done so already).


In summary, Amazon Fire TV Sticks and better yet, Amazon Fire TV Media Players are wonderful pieces of technology.  I own one, and current Amazon Fire TV Sticks even have Alexa built into them (a cool feature).  With an Amazon Prime Subscription (we replaced our Netflix subscription with this to get the free shipping and other benefits), you can view literally THOUSANDS of videos from the Fire TV Stick or Media Player.

The Fire TV Stick itself is HDMI enabled, which means that it can plug into any old monitor, and that monitor will become an Amazon movie studio.  We can even connect our Bluetooth speakers (think, Amazon Echo or ‘Alexa’) to the Amazon Fire TV Stick, and we have theater-quality movies and binge worthy TV shows, all available to be played in our living room.

If I were a pirate, I would probably NOT put Kodi on my Amazon Fire Stick, even if I set up my router to route all internet traffic through a paid VPN.  I personally simply don’t trust that they will not at some point become proactively ‘anti-piracy’, and I wouldn’t want to be the recipient of a subpoena letter indicating that I was sued for using my Fire TV Stick in an unlawful way.

Nevertheless, if you are a regular reader of the TorrentLawyer website, you would not either.  However, hopefully this article will somehow go out to people searching for “Kodi-enabled Fire TV Sticks,” and we will at least teach them that watching Kodi this way is a bad idea.

Final Note, and Off Topic:  I am not a Roku guy, simply because my Amazon Fire TV was given to me as a gift and I love the device. However, if I were to purchase a device anew, I WOULD probably choose the Roku Premiere+ Streaming Media Player simply because Roku is known to upgrade their devices every year, and Roku is simply a better company focused on making Roku Media Players (similar logic: I would go to a Chinese Food Store to buy Chinese Food). If I was just comparing an Amazon Fire TV Stick (considering that it has Alexa on it) and a plain Roku, since I have do have unlimited Amazon movies through Amazon Prime, and the Amazon Fire TV devices are supposedly faster, I’d stick with the Amazon.  If I did not have Amazon Prime, I’d go with the Roku.  Whichever device I had, however, I WOULD NOT PUT KODI ON IT.

Is it ‘coincidence’ early bittorrent cases were porn-based?

Once again, in trying to answer the question of “Who cares if I was ‘seen’ downloading?  Doesn’t everyone use bittorrent anyway? Why is this illegal?” in the ME2 Productions Lawsuit Q&A article posted last night (this is a difficult question to answer because the answer is ‘yes, everyone does it, but it is still illegal’) I ended up on a tangent which deserved it’s own article, which I posted below.

If you are looking for the juicy conspiratorial content, skip down to the last paragraph after the reference to ‘The boot of government crushes the skull of its citizen’ when it comes to encryption and anonymity, which caused me to come to a jarring conclusion that perhaps it was the plan of our ‘copyright masters’ that all of the adult film bittorent-based cases from 2010-2016 were planned to be a precursor to the growing number of movie cases we are seeing today.


In our modern society (mid-1990’s- ~2020), especially with the younger generation, even we Gen X’ers (born in the 1960’s and 1970’s) found ourselves with “Peer-To-Peer” technology which showed up in our dorm rooms and offices in the mid-1990’s.  File sharing sites such as eDonkey, Morpheus, LimeWire, Grokster, Napster were all names common to the early file sharers, and the ability to share music and pictures was a pretty cool concept (especially for those who remember 300 baud and then 9600 baud modems before DSL, Cablemodem, or even DISH Network was made available to residential ISP customers).  Later, as bittorrent become popular and Napster and Grokster got sued, software platforms that used bittorrent (e.g., uTorrent, Azureus/Vuze, etc.) became more popular.  Sites like The Pirate Bay, KickAssTorrents, and many others who have now shut their doors provided unlicensed copyrighted material to hundreds and thousands of students.


At the time, while downloading copyrighted movies at the time were just as illegal as it is now, nobody had the thought or the desire to monitor the bittorrent networks.  Today with the copyright holders and movie producers throwing out recycled garbage and politically motivated comedies, much of what is out there is junk and many people no longer spend the few dollars or the time to view the movies in the theater.  So they turned to Netflix, who delivered recent movies to their door each day via a little red envelope which gave so many people so much pleasure.  But then even Netflix got greedy, and they reduced their selection of available films, increased their prices and switched to their streaming platform.  Many people turned to Redbox, the kiosks in their local stores as a last resort replacement for Netflix.  But then when Redbox did not keep current as the movies came out and their selection dwindled, many people turned to piracy.


Piracy came about because the companies who formerly had us as committed customers (I know I used to go to the movies at least once/week) lost our trust and our dollar.  Then Netflix lost our dime to Amazon Prime (which for the moment in my opinion provides better content than even Netflix, and it provides the free shipping that we all love).  Sure, we are always a season or so behind the TV viewers, but being able to binge-watch shows from our living rooms at night to get the full theater experience is something that even movie theaters could not provide in a two-hour movie, and quite frankly, it is nice to do so in the privacy of our own homes without the annoying advertisements.

But just as there is Netflix, Amazon, and legal ways to pay for slightly dated content, some people want the most up to date movie, or the most up to date show.  Not willing to pay for a movie ticket or purchase the video outright, they look for other sources to view the film, the movie, or the TV show.  At the time I am writing this article (early 2017), TV networks have not realized that “Cable TV is dead” and that many have ‘cut the cords’ years ago because of their obscene prices.  Personally, I would still pay a few bucks to be able to access Cable TV content (e.g., to see the current seasons of shows as they come out), but I am unwilling to pay the high costs these TV companies (e.g., HBO GO, etc.) charge to access their content online.  For some reason, they still think they can charge us “Cable TV” prices when there are such cheaper alternatives available.  [Second thought, perhaps Hulu provides current TV shows, but they have done such a pitiful job in marketing even I *who lives and breathes in this industry* have no idea what service they are providing these days, and last I checked, I was unwilling to pay their $9.99/month or whatever subscription when Netflix and/or Amazon provided better content and value for less.]

When Hulu did have our attention (when it was free), viewers were willing to watch paid ads in return for the free content.  However, this was likely not profitable for them, and they turned to a per month subscription model.  I haven’t followed them since them because they lost me as a betrayed customer, and I am happy with my Amazon subscription.

However, after the failures of the movie theaters, the cable and TV providers, the Netflix providers, and then the Hulu providers, there grew a large segment of the population who were never taught nor do they understand or care that movies and shows are not free, and that they cost money to produce.  These individuals grew up with the understanding that “ads will pay for the cost of our watching,” but as ad-supported content dwindled, they blamed the TV and Cable companies for not providing the content they desired at a cost they were willing to pay.  As a result, a large segment of our population has turned and will continue to readily turn to piracy when the other alternatives do not provide them access to the content (e.g., “current” TV shows) they would otherwise pay for.  Thus, without thinking, this segment pirates the film or the TV show using bittorrent or Popcorn Time thinking that nobody will see them.  The only difference is that they copyright holders have caught up with technology and they are able to track those who use bittorrent, and thus these individuals get sued.

So yes, copyright infringement is something that is ‘socially acceptable’ because so many people do it.  But it is still illegal, and as technology advances and as governments find more and more creative ways to serve their lobbyist masters in return for favors, free trips, and donations to their PACs / re-election funds], copyright holders continue to grow in their appetite to sue those who get caught downloading the copyrighted films.

And with hindsight, and after reading the

‘The boot of government crushes the skull of its citizen’ when it comes to encryption and anonymity,

*WASN’T IT CONVENIENT AND COINCIDENTAL* that the set of cases that were brought between 2010-2016 to blaze the trail in order to allow current movie companies to sue downloads WERE PORNOGRAPHY / ADULT FILM CASES?

That’s a very deep concept which requires some reflection and thought in order to grasp the enormity of it.  It makes you wonder whether it was planned that the MPAA / RIAA would sit back and let the porn cases blaze through the courts (because what person accused of downloading pornography would make noise defending himself in court when as a result of the legal battle — just by being named and served as a defendant, even if he won the case and was vindicated (namely, that he was found to have never downloaded the adult films in the first place), — his name and reputation forever would be tarnished by being associated with someone who was accused and sued of downloading and stealing copyrighted pornographic content without a license, only to have legitimate movie companies step in their place and file most of the copyright infringement cases we see now.

For years we have been seeing common thread between the cases filed in the federal district courts across the US.  Similar names and German companies, such as Guardaley, IPP, and other common entities kept creeping up behind the scenes (until recently, I thought the shadow entity was Voltage Pictures, Inc.).  But when those same entities popped up for the Dallas Buyers Club, LLC lawsuits (based on a legitimate movie), I did not make any connections, and I remained oblivious to the idea that perhaps the same entities behind the pornography lawsuits (e.g., Patrick Collins, K-Beeck, NuCorp, Malibu Media, LLC — essentially, the former set of “Keith Lipscomb” lawsuits) were also behind the movie-based lawsuits.

Conspiracy-level thinking at this point, yes.  It would be a huge scandal if one set of masters planned the pornography-based bittorrent ‘copyright troll’ lawsuits for the purpose of later giving credibility to real-movie lawsuits when they stepped in place of the porn lawsuits and made the same filings.  I am made angry just thinking about this, and quite frankly, I don’t want to connect the dots because I do not want to notice that perhaps the same entities behind the Dallas Buyers Club, LLC movies were the same entities behind the Patrick Collins… Malibu Media, LLC cases.  That would be just too horrible.

CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

Unintended consequences of winning the war against trolls.

[2017 UPDATE: Little did I know that I accurately predicted what would happen, but I got the entities wrong.  Since the April 2016 breakup of the Lipscomb/Guardaley relationship, new Guardaley kingpin Carl Crowell has created a new entity called RIGHTS ENFORCEMENT which has reverse-engineered CEG-TEK’s proprietary DMCA copyright infringement notice system.  Many of you have visited this link thinking that RIGHTS ENFORCEMENT was somehow related to CEG-TEK (at first, I thought so too), but really it is an ‘evil twin’ competitor.  In sum, apparently my concerns about CEG-TEK becoming corrupted where one bittorrent click would result in tens/hundreds of infringement notices may have actually have happened, but I got the entity wrong.  It wasn’t CEG-TEK, it was Crowell’s reverse-engineered ‘evil twin’ copy of CEG-TEK which we now see in RIGHTS ENFORCEMENT. Still, read on so that you’ll understand the issues.]

Every pirate knows that the only way to block the copyright trolls from identifying their true IP addresses (and thus sending out DMCA copyright infringement notices, as outfits such as CEG-TEK have been known to do) is through the use of a Virtual Private Network (VPN) [, and not just any VPN, but a paid VPN provider which does not track their subscribers’ activities*].

In recent weeks, I have heard from various copyright trolls that bittorrent users are “winning the piracy war,” in that their activities have thwarted the copyright holders from learning who they are. Armed with what is becoming common knowledge of free software which can be configured to stream pirated content (e.g., Kodi, formerly XBMC), internet users who wish to “unplug” from the cable companies are able to do so in a way in which it becomes difficult if not next to impossible to be caught viewing streamed content**. Not only this, but many have even purchased Amazon Fire sticks which can be jailbroken to allow the Kodi software to be installed on it, and they are watching pirated videos from their HDTV without even needing a computer.***

But what is the effect of “winning the war” on those who are left behind and don’t realize that they need to use a VPN if they are going to bittorrent their favorite movie, software, or video game? This is the point of the article.

The unintended consequence of bittorrent users learning to use a VPN, or migrating away from bittorrent and towards free streaming services is that copyright holders [who for three years now have enjoyed easy settlement money] are realizing that there simply are not enough people to send DMCA / copyright infringement notices to in order to line their pockets with gold and dirty cash. As a result, it is my experience that they are becoming “less nice” and they are trying to make more money from fewer downloaders. Case-in-point: Girls Gone Wild DMCA notices used to ask for one $300 settlement for a whole page of 60+ videos, but now they are asking for tens of thousands of dollars for that same “click” of a bittorrent file.

I am also noticing that CEG-TEK is acting differently, perhaps in response to what has been described to me as a steep decline in numbers of “pirates” to whom they can send DMCA notices. In the past few weeks, it has been my experience that Copyright Enforcement Group (CEG-TEK) is now sending multiple notices out to the ISPs for the same download. In one case regarding their Girls Gone Wild client that I mentioned above, CEG-TEK sent literally over 1,000 notices to one ISP for the alleged download of one bittorrent file.

At first I thought this was a glitch in their computer system, but then it occurred to me that maybe CEG-TEK somehow benefits from keeping the numbers of DMCA notices sent to the ISPs artificially high. Is there any benefit to them to be doing this? I have been racking my brain on this topic and I still cannot come up with a reason.

Honestly, here is my concern. When an animal is backed against the wall, what does it do? It attacks. If indeed we are winning the bittorrent piracy war, I am concerned that CEG-TEK will begin taking on new clients who thrive on stacking their bittorrent files with hundreds of adult films. Those who are sophisticated will understand exactly who I am speaking about.  

They will then trap the unsuspecting bittorrent user who “clicks on a bittorrent file” in their spider web, and that user will receive hundreds of DMCA notices which will scare the b’jeebies out of him.  Then they will give in to the urging of their less-than-ethical client, and they will agree to start charging more than the $300 per title that they currently do (remember, at one point, CEG-TEK used to charge $200 per title, and then at what I understood to be the urging of their client, they raised the settlement amount to $300 per title).  So they are pliable, as we have seen in the past.

In the end, just as we saw hints of this with the recent Girls Gone Wild debacle, CEG-TEK will morph from a $300 per title copyright enforcement outfit (lamb) into a $3,500 per title shakedown outfit (wolf) where they base their settlement amounts on the client’s ability to pay rather than what they believe is a “fair” amount to compensate the copyright holders.

Last, but not least, I learned that CEG-TEK threatened an accused downloader with criminal prosecution this week. For those of you who know me, I have spent almost every day since 2010 working on copyright infringement cases. NEVER until last week have I seen a copyright holder threaten an accused internet user with criminal charges for a copyright infringement matter.

In sum, the times they are a changin’. If we are indeed winning the war, what will CEG-TEK turn into in order to survive?  And, what will their copyright holders (who for the most part have been docile and lazy these past few years) do when their easy income stream dries up?


*[UNRELATED PERSONAL NOTE: I am a fan of such VPN providers not because they make piracy more difficult to detect, but because I believe strongly in a person’s right to be anonymous. The amount of snooping that happens with internet trackers, cookies, and newer methods literally sickens me, and I do not believe that advertising companies and ISPs should have so much knowledge about their customers. For this reason, I have nothing wrong with sharing for privacy purposes that examples of VPNs that you can rely on can be easily found by searching “torrentfreak secure vpn” on Google, or just by going to TorrentFreak’s website where they review VPN providers which take your anonymity seriously. Just be sure to have some mechanism in place that if the VPN connection goes down, even for a second, that your real IP isn’t exposed to whatever site you happen to be visiting, or to whatever server you happen to be connected to. This is called a “DNS leak,” and there are easy ways to configure your system to lock down the connection if or when the VPN goes down, even for a second.]

** NOTE: There is a popular software called PopcornTime which I am sad to share has given our firm many clients who have been caught downloading mainstream movies (e.g., The Dallas Buyers Club cases, Voltage Pictures’ Fathers & Daughters Nevada, LLC cases, and most recently, Millennium Film’s London Has Fallen (“LHF”) movie cases, etc.). Most recently, I have been seeing new CEG-TEK notices for Millennium Film’s “Criminal” movie which the copyright holders have already started suing in “Criminal Productions, Inc. v. John Doe” copyright infringement lawsuits . The reason for so many getting caught is that PopcornTime appears to be a software which allows you to stream video content, but it uses bittorrent as its back-end to download the movies.

*** NOTE: The Amazon Fire sticks which have Kodi installed in my opinion can still get you caught for copyright infringement. The reason for this is that they connect directly to the internet exposing your real IP address. Most people don’t realize that they need to also configure their ROUTER to connect to the internet through their paid VPN provider.

CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.


Off the cuff, this is a post about PGP (a.k.a., “pretty good privacy”) and encryption.

When I was in college in the 1990’s, encryption was the easiest thing to set up. We’d download some freeware, set up a few encryption keys, upload the keys to the MIT servers, and send around “how are you, aren’t we cool because we’re using encryption” e-mails to friends and family. Little did we know those keys would be permanently there years later, and most of us lost our keys over the years, and forgot to set expiration dates on our keys (so my old college keys are still available somewhere on the net).

After a phone call today, I realized that after so many years, I have not used PGP, and I did not have a PGP key handy to encrypt an e-mail and its contents. “No problem,” I thought, I’ll just go online, grab the free software from Symantec, and I’ll set up a key and forward the documents. NO GO.

Symantec purchased the rights to the PGP software from Phil Zimmerman, and they TOOK AWAY the ability for individuals to set up PGP encryption on their machines (unless they purchase an elaborate suite of programs for $$$$). And, even if I wanted to purchase the software, they have made it next to impossible to acquire it using a few clicks, a credit card, and a website checkout.

Honestly, I have nothing wrong with companies selling premium features on top of their free software, but ENCRYPTION SOFTWARE SHOULD BE FREE!!! In order to have a free society where individuals can speak and express themselves freely without need to censor themselves in fear of a snooping government, encryption is needed! Because Symantec took away the ability for individuals to use PGP, in my opinion, this in my book is considered unethical and “mean” business practice. Shame on you, Symantec.

[ON A SIDE NOTE: I want to point out that in college Phil Zimmerman was my hero. Now on his “Where to get PGP” website, he states that he doesn’t care that PGP is no longer free, as long as Symantec kept the source code available to the public. Phil Zimmerman, for the reason that you have made it so that companies can make it difficult for users to access and use encryption, now almost twenty years later, you are no longer my hero.]

Since PGP has become monetized and corporatized for corporate profit and control, for those of you who want (and should) set up encryption, there is still a way. GnuPG (part of the OpenPGP Alliance) has made encryption available to Windows PC users using their GPG4win software. Essentially, the software appears to have originally been written for the Linux operating systems, but it has been ported for those of us that are still shackled to a Windows PC operating system.



The link to download the latest version of GPG4win is here:


– For those of you more techy, the keys they set up are 2,048 bit keys, which are the standard for today’s encryption. However, technology does advance quickly, and if you are anything like me, you’ll want to use the 4,096 bit keys (which is more encryption than you’ll ever need, but why skimp on privacy when such a key is available?)

So if you want this stronger key, when the software asks you if you want to create keys, say “no,” click “File, New Certificate,” and click on the advanced settings. There, you will be able to 1) choose the heightened security 4,096 keys, along with 2) the ability to SET AN EXPIRATION DATE FOR YOUR KEYS.


NOTE: All of us have set up keys, and have lost them due to computer malfunction, hard drive crash, or just losing the secret key files. ***IF YOU DO NOT SET AN EXPIRATION DATE ON YOUR KEYS, THEY WILL BE ON THE MIT SERVER FOREVER!!!*** And, you will be unable to delete the keys later on. So please! Set an expiration date on your keys. I set mine for 12/31/2016 (at the end of next year), and next year, I’ll set up another set of keys.


For some reason, the Kleopatra Windows PC software does not have an option to set up a revocation certificate so that you’ll be able to revoke (or inactivate) keys on the MIT server that you no longer use.

For this reason, and this is easy to do, the website has described a way to set up a PGP key revocation certificate using a command terminal (“CMD”) code.

In short, open a terminal in Windows (using “Run, CMD”), and type the following:

gpg –output revoke.asc –gen-revoke [MY KEY-ID]

(NOTE: The MY KEY-ID is the “Key-ID” for the key you created using the Kleopatra software.)

Then save it somewhere where you cannot lose it. Print it out and save it offline if you need to.


This is the step that you should be most careful about. Once you upload the key, it’s on the server forever (viewable at So just double-check your steps before you take this step.


Once you’re all set up, you’re set for the life of your encryption keys (remember, I set mine to expire at the end of next year.)

Below are the steps to use PGP:


You can search for their key by either:

1) On the Kleopatra software, click “File, Look Up Certificates on Server,” and then you would type in either their name or e-mail address and select which key you want to use (best to use their most recent key if there are multiple keys).

2) Alternatively, you can accomplish the same result by entering their name or e-mail address on the MIT server ( For example, for mine, you would search for [email protected], and my key would show up.


On the Kleopatra software, you would click on the “Clipboard” button on the toolbar and select “Encrypt.” A new screen will open, and you’ll write your message.

Once you have written your message, click on the “Add Recipient” button and select the key of the person you are sending the e-mail to. Remember, you did this in STEP 1.


This is the easy part. Once you have the message you wrote encrypted to the key of the person to whom you wrote the message, a string of letters will appear in your window. Copy and paste it (all of it) into an e-mail.

REMEMBER, encryption protects the CONTENTS of an e-mail not the META DATA, meaning, it only protects the contents of what you wrote. It does not protect who you wrote it to, or what server you were logged into when you sent the encrypted text. This was part of the issue with the NSA claiming that they were “only” pulling meta data, and not the contents of the e-mail themselves.

NOTE: If you also encrypted a file to attach to the e-mail [I did not describe how to do this yet], attach the .gpg file that your software created as an attachment to the e-mail. The person to whom you encrypted the e-mail will be able to decrypt the attachment as well as the contents of your e-mail.


Since you encrypted your message with the intention that only the recipient sees it, when he receives your e-mail (and any encrypted attachments you also sent), he will be able to use his own software to decrypt what you have sent to him.

Why is this possible? Because you encrypted the contents of your message to his key, and thus only he can unencrypt and read your message. When he replies to you, he will write the text into his software, and he will encrypt the message (and any files he also wants to attach) using YOUR key that he pulled off of the server, and he’ll send it over to you.


Encrypting one file at a time using the Kleopatra software can be done by clicking “File, Sign / Encrypt Files.” From there, another window will open up, where you can select which file to encrypt. When the software asks for whom you would like to encrypt the file, just use the key of the person to whom you want to send the file. The software will make an encrypted copy of the file in the same folder, just with the .gpg file type. Use that file when sending the encrypted file in an e-mail as an attachment.

If you want to encrypt the file using your own key file (meaning, only you can unlock it), you may (for example, if you are sending yourself a private file to be accessed somewhere else). But if you only want the encrypted file to remain on your computer, remember to manually delete the original file, or you’ll have both the original and encrypted files in the same directory.


The topic of encrypting entire files, folders, or entire hard drives is outside the scope of this article. Doing so requires software such as Truecrypt, and it is a different process than encrypting and decrypting e-mails and messages using PGP as we have described here.


TERMINOLOGY: There are two PGP encryption keys that you create when you set up your “key pair” — a “public” key and a “private” key. The public key is the one that is uploaded to the server, and if you provide someone your encryption key for them to send you e-mails or files, it is ALWAYS the public key that you send to them. The “private” or “secret” key is the one that remains with you or on your computer, and it is used to decrypt messages and files that were encrypted to your public key. Never give out your private key to anyone.

CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.