What makes choosing good security tools hard is that despite the news,
we don’t know what government agencies like the NSA are really doing
on their wiretaps and with their court orders. People in the security
community call the NSA the “ultimate adversary,” and point to a huge
array of ways they could be analyzing and attacking every part of the
net and telephony system. They could be able to decrypt everything, and
even without breaking encryption, they could be able to look at enough
of the internet to determine who is talking to whom just by looking at
the timing of conversation. But on the other hand, they might not be
able to do any of that, and are trying to project the image of data
omniscience to discourage people from even trying to protect their
privacy. Parts of the NSA could be pretending to be able to do things it
can’t while other parts are doing things more invasive than anyone
knows, hidden from oversight. In the end, our questions still exceed our
answers, and even the parts we think we know keep changing. The NSA's
data collection is a story that will only make sense in hindsight, and
we don't know how far from now that perspective is.
While Americans get to have a conversation with their government
about whether this is right or wrong, the 95% of the planet the NSA is
allowed to surveil without further scrutiny doesn’t get to weigh in at
all, nor do the people living in countries whose governments practice
widespread Internet surveillance and censorship. That’s billions of
people for whom choosing tools for protecting their privacy on the net
is simply a question about the technology, not about the law.
The good news is that as we understand more about how surveillance
works, it helps the people who create and use secure tools to make
better and more informed choices -- even if that choice is simply not
minding having their data collected.
There are a lot of ways to talk to people securely on the internet,
some are purpose-built to enhance your privacy and security. This is by
no means an exhaustive list, but it’s a place to start.
We’ll keep filling out this list over the next few days, so if
there’s a piece of software you want us to have a look at, mention them
in the comments or e-mail them to us at
opensource@propublica.org.
Cryptocat
What does it let you do? Cryptocat is a web-based encrypted text chat for two or more people.
Cryptocat heads up this list of tools because it stands out for good
interface and good policies. It's the easiest tool on this list to use,
and Cryptocat's creator is transparent about how the software handles
your data: It goes through a server run by Cryptocat’s creator, Nadim
Kobeissi.
Kobeissi wrote a blog post with a table explaining who can see your metadata and messages when you use the service.
To get it, go to
crypto.cat, and
download the browser plugin. Mac users can also find it as a standalone
program in Apple’s App Store. After that, you pick a name for the
chatroom and for yourself. Share the chatroom name with whoever you want
to talk to, and start chatting. It is hands-down the easiest way to get
started with end-to-end encryption, where only you and the person
you're talking to can see the message. For more on what end-to-end
means, see
part one.
What does it replace? Cryptocat replaces unencrypted
instant messaging and chatrooms, and has some Facebook- and
Google-style group coordination features. It’s sometimes the only option
when you don’t have the ability to install software on the computer
you’re using.
Cryptocat, like all the tools on this list, go through a third party
server. This means the communication is more like making a phone call,
(which goes through the phone company) than talking on walkie talkies
(which go directly to the other party). All of Cryptocat is Open Source,
so if you are up for more of a challenge, you can run a server inside
your own network, and your Cryptocat chats, in addition to being
end-to-end encrypted, never traverse the open Internet.
This chart covers the kind of information we should all have access
to about the software we use. It would be fantastic to see more projects
and companies follow Cryptocat’s lead, and tell their users who can see
their data.
Jabber with OTR
What does it let you do? Jabber, also called
XMPP
(thanks for another great name, computer scientists!), isn’t a specific
program or service. It’s a protocol, which is a term for an established
procedure for doing something on the net. In particular, Jabber is a
protocol for text-based chat, also called Instant Messaging, between two
people.
OTR (“Off the Record”) is a plug-in that encrypts text chat content
so that only you and the person you’re corresponding with can read it.
“Only the actual content of your messages is encrypted with OTR, but
usually the XMPP channel is secured with SSL as well,” says Chris
Ballinger, creator of Chatsecure, a Jabber client for iOS devices.
Ballinger listed some of the metadata that is visible if your service
doesn’t use SSL, which is separate from OTR message encryption. (Again,
see
part one for details.) Ballinger's list included:
- When you started or stopped typing
- Your availability
- Your status messages
- When you send or received a message
- The sender and recipient of each message (full Jabber ID)
- Your buddy list
- A constant stream of your buddies status updates.
What does it replace? It can replace SMS on phones,
or IM and Facebook Chat online. Unlike proprietary services like
Facebook Chat and Google Hangouts, Jabber lets you talk to anyone who
also speaks Jabber, even if they’re not using the same service you are.
The Jabber protocol isn’t itself secure or private, though most
Jabber services will use SSL to encrypt your traffic. With OTR, which is
built into some clients and is a separate add-on for others, you can
encrypt your messages so that even the Jabber server can’t read them;
only the person you’re talking to can. OTR is one of the easiest forms
of encryption. All you need is an OTR-capable chat program.
OTR-encrypted IM is reportedly the way Edward Snowden initially
corresponded with Guardian journalist Glenn Greenwald.
Jabber Clients
Chatsecure for iOS Devices
By default,
Chatsecure tries to
use SSL to talk to your Jabber server, but it can switch off SSL. The
advanced options allow you to "Force TLS," which is another name for
SSL.
Gibberbot for Android devices
The creator of
Gibberbot, the
Guardian Project,
specifically makes software for people who need security. Using the
software can be difficult, but it doesn’t let you make too many
mistakes. Gibberbot won’t connect to a server without using SSL.
Gibberbot can also be used with Tor, which we’ll come to in a bit.
You download Pidgin for Windows and Linux from
pidgin.im and Adium for Mac OS X from
adium.im.
While they’re easy to use and also interoperate well with services
like Facebook Chat and AIM as well as Jabber, these programs might not
be secure by default, so you should check your settings. In both of them
you have to hunt through menus to “edit” or “modify” your Jabber
account. On Pidgin, SSL is under the “Advanced” menu as "Require
encryption" inside the accounts screen and may already be enabled. On
Adium, it’s under “Options” as "Require SSL/TLS." You have to enable SSL
to be sure you're using it.
You’ll also want to make absolutely sure that logging is turned off,
as logs are stored on your computer unencrypted. Also, in some cases,
like Pidgin
your Jabber password is stored in a plain text file on your computer.
This is why if you're a target, (which this tutorial assumes you are
not) your computer is often your weakest point, not your communications.
A Note on Jabber Services
If you want to use the Jabber protocol you need to use a service that
supports it. There are a lot of Jabber services out there, some better
than others. Services like
Dukgo.com and
Jabber.ccc.de(in
German) have explicit policies about when they do and don’t cooperate
with governments. Jabber gains some of its privacy protections from
being decentralized (as opposed to, say, Google, AOL, Facebook, etc.)
but that puts more burden on you to research your provider.
XMPP.net
maintains a list of Jabber servers that are open to use, listing their
jurisdiction and what SSL certificate they use. It’s a good starting
point, but it’s up to you to look at a prospective service’s website or
ask them about their privacy policy.
Silent Circle
What does it let you do? Silent Circle
is a commercial service that lets you text chat and make calls over
your phone and video chat on Windows with end-to-end encryption and SSL.
Silent Circle has the benefit of being purpose-built for security,
and a lot of thought has gone into its design, making it easy to use.
It’s got some drawbacks: It’s centralized, it’s closed-source and it
costs money, which means the people running it need to know your real
identity for you to use it. At the cheapest level, Silent Circle can be
had right now for $10 a month with an annual subscription. You can only
use some features with other Silent Circle subscribers.
What does it replace? Silent Circle replaces regular
phone calls and text messages, and Skype for Windows. (Other operating
systems are under development at this time)
Using a service like Silent Circle exposes one very important piece
of data: That you are someone concerned enough about security to pay for
it. That bit of consumer behavior that sends a strong political
message, but it may also give the impression to attackers, state or
otherwise, that you feel you have something worth attacking -- more so
than the other services listed here.
Silent Circle also has an email offering, but like all encrypted email, it leaks metadata.
Tor
What does it let you do? Tor does one simple and important thing: It hides your IP address.
Tor is completely separate from encryption. It doesn’t encrypt your
metadata on the Internet via SSL. It doesn’t know whether or not you’re
encrypting your messages. But your IP address is one of the hardest to
mask and most personally identifying pieces of metadata there is on the
net. As a result, Tor is used for anonymous speech and censorship
evasion around the world.
How Tor works.
What does it replace? Services called VPNs, or
Virtual Private Networks, hide your IP and data from the wider internet
by passing it through a encrypted private network. Tor duplicates one
function of a VPN, but in a decentralized way. Rather than a single
encrypted private network, Tor piggybacks your internet connection
through a bunch of network connections run by volunteers. As far as the
experts know, nobody can reliably record all Tor traffic, nor know the
real origin of any internet connection.
Tor is the hardest tool to use on this list, but what it does is very
powerful. Be prepared to give this one a little time. There's plenty of
documentation to help you along.
Tor Clients
The Tor Browser Bundle for Windows, Mac OS X and Linux
The
Tor browser bundle
makes using Tor much easier. It comes with the Tor system, called
Vidalia, and a Tor browser (based on Firefox) set up to use it. You can
put Vidalia together with any other application on this list to hide
your IP, even from the service you’re using.
Orbot and Orweb for Android
Orbot is the Guardian Project’s cellphone-sized version of Vidalia.
Orweb
is a Tor browser for your phone. Orbot can route any Android
application with options for setting a “proxy server” through Tor,
hiding your IP. For instance, it works with the Twitter app. Despite the
first message you see, you don’t have to “root” your phone to use it;
ignore that message.
The Onion Browser for iOS
Onion Browser is a
Tor-powered web browser for iOS devices, written by Mike Tigas, who
currently works at ProPublica as its Knight-Mozilla OpenNews Fellow.
Onion Browser allows you to use the web over Tor without having to
jailbreak your iPhone or iPad. Like
Tor Browser Bundle and
Orweb,
your traffic is encrypted and anonymized. Unlike the others, Onion
Browser is a standalone app and cannot proxy traffic for other apps on
your device.
There are many tools we haven't discussed here. Some, like
Jitsi (Voice-Over-IP audio and video calls), because it's still too hard for the average user. Others, like
PGP
for email, because it doesn't address the issue of mass metadata
surveillance that is the focus of this article. And still others, like
Wickr
for iOS, because I just don’t have the room. But you can have fun with
it: These services and many other out there do a great job of encrypting
your messages and your metadata, and put you back in control of who
gets to watch you on your networks.
This can all seem overwhelming, but learning even one tool makes the
next one much easier to understand conceptually. These tools will get
easier for everyone with time and development. The internet has,
throughout its history, responded to threats by toughening up; threats
change and the Internet evolves with it. It’s an ecology as much as a
network, a wild place, sometimes a forest, sometimes a swamp. It’s early
days, but the internet is where we live more and more of our lives, and
as we get a sense of it, living there safely will become a normal part
of life.
“The news this week makes a lot of people feel helpless,” said Abel
Luck, one of the Guardian Project developers. “There’s a war on privacy
on, and every time you use a bit of cryptography, you’re winning.”
Computer designed by Anton Outkine from The Noun Project
