Connect with us

Communication

How You Can Still Avoid and Thwart the NSA

Published

on

The presentation given by Jacob Applebaum and Laura Poitras at the 31st Chaos Communication Congress has touched off a wave of articles about the places where the NSA either can or can’t surveil you. Concurrent with this talk Der Spiegel released over forty documents from the Snowden leak that support the technical points Applebaum addressed. These documents have touched off a running discussion in Hacked’s chat channel, and we’d like to share some of our observations.

Also read: 31st Chaos Communication Congress Offers Confirmations, Shocks

// -- Discuss and ask questions in our community on Workplace.

Things You Should Not Use

avoid nsaThere are a variety of things you should not use anymore and Skype belongs at the top of the list. Your voice communications and text chats are accessible to the NSA, and they have been for a couple of years. The alternative that horrifies NSA analysts the most is Phil Zimmerman’s ZRTP encrypted voice protocol. Implementing this is painless, since you can just switch to Jitsi, an open source competitor to Skype.

Virtual Private Networks sometimes offer PPTP, the point to point tunneling protocol, as an option. This was popular with Windows users, as no additional client software was needed, but the protocol is and has been painfully weak for many years. IPSec can be safe, but there are many configuration options and a significant learning curve, even for the technically minded. OpenVPN connections, which depend on the OpenSSL encryption package, seem to be the right balance of protection and ease of use.

Zero Customer Knowledge VPNs as pioneered by Cryptostorm are an excellent OpenVPN option. They provide an introductory low-speed service Cryptofree.me. If you want to experiment with both PPTP and OpenVPN, Romanian provider VPNBook offers free connections. Unlike Cryptostorm, there is no obvious revenue model supporting VPNBook, so be mindful that they likely make their way by selling information about what you do with their network.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The NSA has massive compute resources at their command including farms of cryptographic ASICs similar to Bitcoin mining operations, only they are dedicated to picking apart encrypted traffic streams. They are actively hunting and recording public key cryptography sessions so they can crack them in bulk. If you use software with configurable key lengths you make sure the longest one possible, which is often 4096 bits, and be sure you use a long, strong passphrase to protect your keys.

Things that Work Well Against the NSA

Technology counted as ‘catastrophic’ by the NSA includes the Tor anonymizing network, particularly when accessed using TAILS, The Amnesiac Incognito Live System, a hardened Linux distribution that will run well on netbooks and older computers. This is a live distro, which means you can put it on a thumb drive attached to your keychain for those times when you are forced to use a public computer. Not mentioned in the talks, but similar to TAILS, the Whonix distro provides an even more hardened environment, but it requires a machine large enough to run two VirtualBox machines at once.

Chats protected by Off The Record (OTR) are undecipherable for the NSA. Did you already install Jitsi for its ZRTP voice capabilities? If so, you’re in luck, because that program also provides OTR encryption for text chat, too. Jitsi offers support for Jabber, Yahoo, and even Facebook. If you use a network that isn’t supported by Jitsi your next choice for a client is Pidgin if you’re on Linux/Windows or Adium if you use OSX.

Email encrypted with Pretty Good Privacy (PGP) or it’s free software implementation, GNU Privacy Guard, are a terrible problem for the NSA. This is one of those places where a 4096 bit key is needed, and some programs still default to only 2048. If you are not yet encrypting email things have gotten a lot easier, which we described in Making Encrypted Mail Usable.

Whisper Systems offers SMS text message encryption software and a year ago this was added to the CyanogenMod OS, a free and open alternative to Google’s Android, creating a potential ten million new users as people upgrade their systems. They also have a voice application, Red Phone, which gets high marks.

How You Can Help

Many of the documents released offer hints about what you can do to make the NSA’s admittedly fragile access to your communications completely impossible. There are going to be many guides published in the coming months as people take steps to ensure their privacy. Reading them and fostering the good practices you find is important, but here are two simple actions you can take immediately.

If you have a computer that is on 24×7, both TAILS and Whonix are distributed by torrent. If you can spare the disk space, download them both and leave your torrent client running.

If you have good bandwidth at home, configure that computer that is on 24×7 to be a Tor relay. If your home computer runs Linux, this involves installing a single package, opening a port in your firewall and uncommenting a few lines in the config file. The only hazard is that the default configuration sets your system to be not just a relay, but also an exit. Find the line that says ExitPolicy and disable it until you understand the risks. You can learn more about this by reading the tor-relays mailing list.

Providing storage and distribution for good tools coupled with adding capacity to the Tor network for those who want to use them doesn’t just benefit them, you’re getting a constant smoke screen of traffic which will help conceal your activities.

Images from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

6 Comments

6 Comments

  1. PacketWraith

    January 2, 2015 at 1:59 pm

    Great Article! I am in computer security, and whenever we talk about getting the majority of people using encryption for mail, voice and txt people just shut down and say “Oh they can decrypt that in seconds it doesn’t matter.” Its nice to see someone else trying to help.
    We used Jitsi for a while and it is a good app, but didn’t want to have to setup our own server. We switched over to RokaCom. It uses ZRTP for voice and video, and GPG for messaging. We have tested it all over the world too.

    Morale of the story, don’t give up. Take your right to privacy back.

    • droopyar

      February 16, 2015 at 7:05 pm

      I disagree with you. ALL central servers have a backdoor. So , create your own my friend, else your communication is NOT secure

      • ken Code

        April 20, 2015 at 7:24 pm

        yep, and using DPOS and/or a mix of Open Transactions (OT) to secure the Dapp may just be the way to go these days. Decentralize everything.

  2. droopyar

    February 16, 2015 at 7:04 pm

    OTR is crackable i could do it. So please STOP posting nonsense on the forum.

  3. Illutian Kade

    March 7, 2015 at 6:05 pm

    lol…you guys honestly think Snowden had complete access to all the ‘secret ingredients’ of the NSA?

    There is nothing outside of their reach. Not even your thoughts.
    ….go watch TV and when a food commercial airs. See how long it takes before you start thinking about food and get hungry.

  4. ken Code

    April 20, 2015 at 7:20 pm

    Jitsi – Why is COMCAST invested in Jitsi now? No no no, the REAL reason is…….

You must be logged in to post a comment Login

Leave a Reply

Communication

San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI

Published

on

The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Communication

Toward Unbreakable Quantum Encryption for Everyone

Published

on

Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Communication

The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks

Published

on

One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending