SF Bay Area Indymedia indymedia
About Contact Subscribe Calendar Publish Print Donate

U.S. | Indymedia

Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance
by Micah Lee
Tuesday Jul 2nd, 2013 2:48 PM
In response to recent NSA leaks, we've just published our first whitepaper—using the public comments by both Snowden and the journalists involved as illustrations—to show how reporters, whistleblowers, and ordinary Internet users can still protect their privacy online.

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

— Edward Snowden, answering questions live on the Guardian's website

The stories of how NSA whistleblower Edward Snowden first contacted journalists Glenn Greenwald and Laura Poitras (both Freedom of the Press Foundation board members), and how he communicated with the Washington Post's Barton Gellman, have given the public a rare window into digital security and conversing online in the age of mass surveillance.

In response, we've just published our first whitepaper—using the public comments by both Snowden and the journalists involved as illustrations—to show how reporters, whistleblowers, and ordinary Internet users can still protect their privacy online.

You can read the whitepaper here [PDF version].

It's important to remember that while the NSA is the biggest, best funded spy agency in the world, other governments, including China and Russia, spend massive amounts of money of their own high-tech surveillance equipment and are known to specifically seek out journalists and sources for surveillance. In the US, bad digital security can cost whistleblowers their freedom, but in other countries it can cost both journalists and sources their lives. A recent example from Syria illustrates how careless digital security can have tragic results.

The whitepaper covers:

  • A brief primer on cryptography, and why it can be trustworthy
  • The security problems with software, and which software you can trust
  • How Tor can be used to anonymize your location, and the problems Tor has when facing global adversaries
  • How the Off-the-Record instant message encryption protocol works and how to use it
  • How PGP email encryption works and best practices
  • How the Tails live GNU/Linux distribution can be used to ensure high endpoint security

Comments  (Hide Comments)

by John Thielking
Wednesday Jul 3rd, 2013 9:49 AM
According to this article: http://www.wsws.org/en/articles/2013/06/25/infr-j25.html the NSA will soon have the computing power needed to crack most encryption. The only way to be sure to be able to surf the web anonymously is to leave your cell phone at home and then go to a cyber cafe, preferably one that is not near any security cameras that could be linked to the Internet allowing NSA spooks to identify you through facial recognition software or gait recognition software. Don't use your credit cards while at the cyber cafe and don't use your real name e-mail address while there either. Also be sure to make an effort to disguise any prose you write in e-mail or blog posts by making a conscious effort to write in a different style than normal, as the book Deep Web For Journalists claims that your normal writing style is unique among billions and can be easily identified. Also, tor does not offer end to end encryption so it is not really secure (unlike bank transactions at least before the latest NSA computing center comes online.) The NSA can simply monitor the unencrypted traffic going into and out of the relatively lightly used tor network and simply note down the exact time that unencrypted packets enter and leave the system to determine who is doing what.