7 Tips To Avoid NSA Digital Dragnet

  /     /     /  
Publicated : 22/11/2024   Category : security


7 Tips To Avoid NSA Digital Dragnet


These apps will keep your cell phone calls under wraps -- if the NSA hasnt already found a way to break them.



(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Is it possible to avoid the National Security Agencys digital dragnet?
Thanks to NSA contractor Edward Snowden, leaked documents published last week revealed that the agency has
captured the metadata
-- numbers called, call duration, approximate geographical location -- for millions of U.S. phone subscribers. Under U.S. law, the agency is only allowed to spy on foreigners. But the system thats been revealed appears to capture data on everyone, then
rely on search algorithms
to prevent information being retrieved on anyone who seems to be a U.S. citizen.
But what if you object to the
blanket capture
of U.S. cell subscribers metadata information, or simply dont trust the NSA? Is it possible to avoid having information captured as part of the phone-tapping program, or via the
surveillance program known as Prism
that captures audio, email and video communications made by using such well-known services as Gmail, Facebook, Hotmail, Skype and Yahoo?
Earlier this week,
The Washington Post

detailed five strategies
for preventing communications from being intercepted, including browsing using Tor and using Silent Circle to make phone calls. To what extent will these approaches easily secure your communications, and what other possibilities are available?
[ Cell phone calls are just one way U.S. citizens are monitored. Read
Whats Next In Video Surveillance
. ]
In fact, many of the approaches trade increased information security for decreased usability. Then again, for some people, the tradeoff might be worth it. Heres whats available:
1. Tor, For Anonymous Browsing.
Using the Tor anonymous network helps prevent your traffic from being intercepted, thus foiling anyone whos attempting to identify which websites youre visiting, or people with whom youre communicating. In fact, Snowden, a former CIA employee and NSA contractor, was photographed with a Tor sticker.
Tor, which is free to use, uses an encrypted network to route your browsing. Using it for anonymous browsing is as easy as downloading the
Tor Browser Bundle
, which is a version of Firefox for Windows, Mac OS X and Linux. But that encrypted, anonymous network comes at a price:
slower browsing
.
Furthermore, Tor isnt foolproof. The 2011 attacks against Dutch certificate authority DigiNotar, for example, resulted in the
creation of fraudulent digital certificates
for Facebook, Google, Skype, as well as Tor, apparently for the purpose of spying on Iranian Internet users. Likewise, researchers occasionally
identify vulnerabilities
in the service that can be exploited to identify users.
2. An OTR App, For Encrypted Chat.
Snowden communicated with Glenn Greenwald, the
Guardian
journalist who published some of the documents he leaked, using an unnamed OTR -- for
off the record -- chat messaging
program or plug-in.
For many people who want anonymous communications, the ease of using OTR applications, which enable chat sessions to be encrypted between two people using compatible clients or plug-ins for their chat service, makes it a natural choice. Furthermore, numerous free clients exist, including
Cryptocat
,
Adium
for Mac OS X and
IM+
for Android and iPhone.
3. Silent Circle, For Encrypted Voice, Email And More.
Silent Circle is a relatively new and well-reviewed service for providing encrypted voice communications domestically. In the wake of the Prism scandal and massive demand, the company announced that its dropped the price of its annual subscription package for four services: encrypted mobile calls, encrypted text messaging, encrypted VoIP audio and video calls, and encrypted email. The company says its been independently audited to ensure there are no backdoors for eavesdropping on service users.
One caveat with the service, however, is that for communications to remain fully encrypted in transit, they must be made between two Silent Circle subscribers. Still, that might appeal to businesses or activists worried about their communications being intercepted, or the identity of people theyre speaking with tracked.
4. Redphone, For Secure Android Calls, Texts.
Android users, meanwhile, can get secure voice calls and texts via open source software from
WhisperSystems
. Redphone enables encrypted calling between two devices that use the software. TextSecure encrypts texts. Both applications have been audited to ensure they dont contain backdoors. As with Silent Circle, one caveat is that people on both sides of the conversation must be using the software.
5. PGP, For Data Encryption.
What else is possible? PGP -- or its open source equivalent GPG -- can be used to encrypt data and emails, but many people find it
difficult to use
. Notably, Snowden had to send a homemade video to Greenwald, showing him how to set it up.
6. Power Down Your Phone.
Mobile phone users can pull a Jason Bourne and remove the battery from their cell phone when theyre not using it, thus preventing the device from pinging cell towers and revealing their approximate location. But as soon as you put the battery back in, youll be trackable again, because the network has to reach your phone to provide voice and data services.
As Christopher Soghoian, principal technologist and senior policy analyst for the ACLUs Speech, Privacy and Technology Project, told the
Post
, The laws of physics will not let you hide your location from the phone company.
7. Expect Metadata To Be Captured.
For any unencrypted call made using your cellphone, the metadata can be -- and probably is being -- intercepted. From an intelligence standpoint, metadata is a goldmine: one
Nature
study suggests that by cross-referencing human mobility metadata,
only four location points
-- involving location and time -- are required to uniquely identify someone 95% of the time.
In other words, theres no way to use a mobile phone and avoid metadata capture.
The services detailed above, however, will at least encrypt your communications, avoiding capture via programs such as Prism. That said, they carry usability caveats, as well as integrity worries: what if the NSAs cryptographic capabilities already allow it to successfully defeat those services, or its found an exploitable vulnerability that accomplishes the same result?
Then again, if you think about these things too much, you might want to join the tinfoil hat crowd. At a certain point, anyone who opts for encrypted communications will have to trust in the available, audited tools.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
7 Tips To Avoid NSA Digital Dragnet