By default, OpenPuff asks you to protect your information with three different passwords, although it does let you dial that down to just a single password of your choosing. It even supports plausibly deniable encryption, and this is where things get really paranoid: Even if someone somehow realizes your seemingly innocent image or music file contains a hidden message, OpenPuff lets you hide a decoy along with the real message. Simply provide a different password, and the other person will extract the decoy out of the image, thinking they've won--but actually, your real secret will still be hidden in the file.
Steganography usually works well for hiding short text messages or other condensed information; obviously, you can't hide an entire video file within another video file using steganography--there's just no room for all those extra bytes. Still, if you need to hide a large amount of information, OpenPuff lets you chain multiple carrier files together into one extended message. To extract the information, the recipient (or yourself) needs to have all of the carrier files, and feed them into OpenPuff in exactly the right sequence, along with the correct password or passwords. Not for the faint of heart.
For chatting privately: Cryptocat
If secure traffic tunneling and steganography sound too cloak-and-dagger for you, consider a friendly, real-world security hole: Chat. Chatting online is easier than ever; chatting securely, not so much. The chat clients built into Facebook and Gmail emphasize ubiquity and ease of use far more than encryption. Free chat client Cryptocat claims that you can have both security and convenience, and it made quite a splash upon its arrival.
The least mature tool in this roundup, Cryptocat demonstrates an important lesson about security software: Newer rarely means better. Following a glowing profile piece that Wired published on Cryptocat and its developer, 21-year-old Nadim Kobeissi, security guru Bruce Schneier published a cautionary post in his blog letting readers know Cryptocat wasn't as safe as it seemed. At the time, the problem was that Cryptocat handled security host-side, rather than locally. This issue has since been addressed, and Cryptocat now runs as a browser extension and handles encryption locally. Still, this is an important example to keep in mind: Encryption software, even when it's open-source, can't be considered secure until it's been thoroughly audited and battle-tested (preferably for years).
While I wouldn't use Cryptocat for mission-critical secret communications, it does add a modicum of security and privacy over the features built into Google and Facebook, and it's just as easy to use. After installing a Chrome or Firefox extension, all you have to do is pick a nick (a handle) and a title for your chat room, and presto--you can chat with any other Cryptocat user who joins the room. The aesthetic is decidedly old-school 8-bit, but that only adds to Cryptocat's charm. It's a nice way to chat with friends, and can serve as a reminder that it's important to use other forms of security, too.
Sign up for CIO Asia eNewsletters.