A few weeks ago I made a post about the Tor browser and the importance of taking steps to protect yourself online to insure your privacy is not violated by government spooks or cybercriminals. Tor is a great way of concealing your internet activities from prying eyes. Another great tool that I use is HTTPS everywhere. These are both minimally invasive ways of adding extra layers of security to your internet browsers and online life.

Today, I’ve spent the better half of an hour installing and setting up email encryption on my Macbook. It’s a bit more complex and requires some tech savviness to set up but the step by step instructions were easy enough to follow. For Mac I’m using GPGTools, an open source version of PGP encryption for Mac systems. Windows can us GPG4win and I’m sure there’s a version out there for Linux users. GPGTools is cool because it incorporates encryption tools directly into the Mail app on Mac devices.

The picture above is of my public encryption key. If you ever want to email me encrypted messages you’ll need this key to do so. I’ve made a separate page for this key so you can easily copy and paste this into the Keychain software you’ll use to send me the message: http://antigovernmentextremist.tumblr.com/public+key

Encryption works by a combination of a public and private key. I make my public key available to the public, like it’s name suggests, so that individuals can send me encrypted messages. I’ll then use my own secret private key to decrypt the message. This insures that only the author and recipient of the message will be able to view the contents.

Encryption isn’t just something for paranoid antigovernment extremists. If you ever need to send files pertaining to banking activities, medical history, anything pertaining to your identity like your SSN and more should be encrypted. It also has the added of bonus of being nearly impossible for NSA and other government snoops to read your messages.

“Plans by Apple and Google to do more to protect customers’ privacy have made the FBI “very concerned”.

Speaking to reporters, FBI boss James Comey said the plans to enable encryption by default could thwart law enforcement investigations.

Lives could depend on police forces continuing to get access to the data on devices used by criminals and terrorists, he said.

The FBI was talking to both Apple and Google about its fears, said Mr Comey.”

Dear Mr. Comey:

Bull.

I’m sorry, pal, but you and all of your federal buddies lost my trust a long, long time ago. Bull bull bull bull bull. 

4chan Spawns an Open Source, Encrypted Skype Alternative, But Can You Trust It?

Klint Finley

My latest for Wired:

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.

When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.

Full Story: Wired: Hackers Build a Skype That’s Not Controlled by Microsoft

Signaling Post-Snowden Era, New iPhone Locks Out N.S.A.

WASHINGTON — Devoted customers of Apple products these days worry about whether the new iPhone 6 will bend in their jean pockets. The National Security Agency and the nation’s law enforcement agencies have a different concern: that the smartphone is the first of a post-Snowden generation of equipment that will disrupt their investigative abilities.

The phone encrypts emails, photos and contacts based on a complex mathematical algorithm that uses a code created by, and unique to, the phone’s user — and that Apple says it will not possess.

The result, the company is essentially saying, is that if Apple is sent a court order demanding that the contents of an iPhone 6 be provided to intelligence agencies or law enforcement, it will turn over gibberish, along with a note saying that to decode the phone’s emails, contacts and photos, investigators will have to break the code or get the code from the phone’s owner.

image

Breaking the code, according to an Apple technical guide, could take “more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes.)

Already the new phone has led to an eruption from the director of the F.B.I., James B. Comey. At a news conference on Thursday devoted largely to combating terror threats from the Islamic State, Mr. Comey said, “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.”

He cited kidnapping cases, in which exploiting the contents of a seized phone could lead to finding a victim, and predicted there would be moments when parents would come to him “with tears in their eyes, look at me and say, ‘What do you mean you can’t’ ” decode the contents of a phone.

“The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense.”

Apple declined to comment. But officials inside the intelligence agencies, while letting the F.B.I. make the public protests, say they fear the company’s move is the first of several new technologies that are clearly designed to defeat not only the N.S.A., but also any court orders to turn over information to intelligence agencies. They liken Apple’s move to the early days of Swiss banking, when secret accounts were set up precisely to allow national laws to be evaded.

More at New York Times  »>

Also:

The FBI and NSA Hate Apple’s Plan To Keep Your iPhone Data Secret

See Which Parts of the Country Have the Most iPhone Users

Meet Briar, an Open Source "WhatsApp" for Activists

Klint Finley

image

My latest for Wired:

Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.

SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.

When you use messaging services like these, you’re depending on outside companies to properly encrypt your messages, store them safely, and protect them when the authorities come calling. And they may not be up to the task. The only way to ensure your messages are reasonably safe is to encrypt them yourself, using keys that no one has access to–including your messaging service provider. That way, even if hackers bust into your service provider or the authorities hit it with subpoenas, your messages are protected.

Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.

This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.

Full Story: Wired: Take Back Your Privacy With This Open Source WhatsApp

Briar is still in alpha and not ready for use for high-risk scenarios. If you’re looking for something immediately, OffTheRecord and TextSecure are worth considering, but of course nothing is perfectly secure.

A friend of mine just found this a few days ago and we are loving it.

It’s an encrypted instant messenger, and it’s free, and it’s open source, and it works really really well and looks good! You can’t take screenshots in it, plus when you send pictures they’re “locked” (the other person can’t save/download them) by default, but you can unlock them if you want the person you’re talking to to be able to save them. Also when you delete a message you sent to someone it disappears from their phone as well.

Basically it’s extremely secure, user-friendly, and open source. You own and control everything you send. I love it I love it. I’d include a screenshot but it won’t let me take one. :P

Download it! It’s awesome. It’s available for iOS and Android, and I think they’re working on a desktop version too.

(While we’re at it, I quite like TextSecure for encrypted SMS; it’s my default SMS app.)

The cellphone encryption technology used most widely across the world can be easily defeated by the National Security Agency, an internal document shows, giving the agency the means to decode most of the billions of calls and texts that travel over public airwaves every day. While the military and law enforcement agencies long have been able to hack into individual cellphones, the NSA’s capability appears to be far more sweeping because of the agency’s global signals collection operation. The agency’s ability to crack encryption used by the majority of cellphones in the world offers it wide-ranging powers to listen in on private conversations.
Why Google's New Open Source Crypto Tool Might Not Be Such a Good Thing

Klint Finley

From my story for Wired about Google’s new encryption plugin for Chrome “End-to-End“:

Google won’t be able to scan encrypted email messages in order to target advertising. Security expert Eleanor Saitta believes this may lead to Google to discourage most users from actively using encryption. She worries that the End-to-End may simply be a publicity stunt designed to keep Google’s engineers happy while scoring points with privacy advocates.

She also points out Google has history of abandoning projects that don’t make the company money, such as iGoogle and Google Reader. If activists come to rely on Google’s encryption tools, but those tools are discontinued, they will be left without crucial protections. “People live and die by the long-term success and failure of communication platforms — I mean that in a very literal sense,” she says. “You cannot put people in a position where they are depending on a software platform for life safety issues and then simply terminate it.”

Her other worry is that the existence of Google’s own plugin may discourage people from building other alternatives, or make it harder for open source encryption projects to raise funds. For example, Mailpile raised over $100,000 last year to build a new open source email client that works with any email provider, including Gmail, and has PGP encryption baked in from the beginning. But it will need more funding eventually, and Saitta worries that potential backers may not be as motivated to contribute.

Full Story: Wired: Google Renews Battle With the NSA by Open Sourcing Email Encryption Tool

Text
Photo
Quote
Link
Chat
Audio
Video