Posted on 07/18/2013 10:01:16 AM PDT by null and void
You have the right to be secure in your electronic communications. Here's a few tips on how to do it.
Thursday afternoon, a bombshell dropped: Two leading reports claimed that the U.S. government has been spying on emails, searches, Skype calls, and other electronic communications used by Americans for the last several years, via a program known as PRISM.
According to the reports, the Web's largest names--AOL, Apple, Facebook,A Google, Microsoft, Skype, PalTalk, Yahoo, and YouTube--participated, perhaps unwittingly. (Dropbox will reportedly be added as well.) The report claims that the National Security Agency had "direct access" to servers owned by those companies. Most, if not all, of those companies have denied participating in PRISM, although it's unclear whether they were unaware of the NSA's spying, or simply turned a blind eye.
According to The Guardian and The Washington Post, the data covered included: "email, video and voice chat, videos, photos, voice-over-IP chats, file transfers, social networking details, and more."
If nothing else, however, the PRISM disclosure is worrying and deeply shocking. If the report is accurate, the government may simply listen in on virtually any electronic communication you've made, in the interests of national security. Is this something that should be encouraged to fight domestic terrorism, or is this sort of government intrusion something that should be deeply distrusted? For the purposes of this story, we're going to err on the side of the latter; whether you take advantage of our advice is up to you.
Note that there is absolutely no guarantee that our tips will make your PC PRISM proof. One of the generally held beliefs in the security world is that, with enough resources on the part of the attacker, any secrets that are known about can eventually be unearthed. But let's say that you support an "Arab Spring" movement in a country whose interests parallel those of the U.S. government. It's this sort of political uncertainty that encrypting personal communications is designed to liberate.
So what can you do? Here are some tips.
Avoid using popular Web services
This is an easy one. If you're concerned about the government watching your moves online, simply avoid making Microsoft Bing and Google your search engines of choice; try DuckDuckGo instead. The site promises not to track or store your searches, which should provide some degree of confidence that you're not being tracked online. Both reports fromA theA Post and theA Guardian indicate that the PRISM program is expanding, although for now DuckDuckGo seems to be safe.
Naturally, this also means ditching a Gmail or Hotmail account, and deleting your accounts from those sites. Instead, it's time to think about laying low and skipping around services that you might have forgotten about: Mapquest for maps, for example. You may as well stop social networking altogether, unless it happens to be direct, person-to-person communications. And there's no sense in surfing using Chrome, Internet Explorer, or Safari, either. Sure, there's Firefox and Opera, but the PCWorld's review of the Tor browser shows it to be a slow but anonymous way of browsing the Internet.
Ditch your smartphone
If we assume that Apple, Google and Microsoft are being monitored, then the safest way to avoid being tracked is to ditch your smartphone. A number of services already ask for your location, in the name of providing better search results or services. And BlackBerry, of course, is no better; that company has already acceded to requests to allow foreign governments access to its data, so the paranoiacs should ditch them, too. Feature phones may be no better, but the amount of information that can be captured is much smaller.
Encryption, encryption, encryption
Eventually, however, you're going to have to start communicating with someone, probably electronically. If you'd like to think those conversations are private, it's time to start thinking about encryption.
To start out with, you'll want to encrypt your hard drive and existing files. Alex Castle's piece discusses using TrueCrypt and other tools to start securing your files. Note that some of the tools he recommends are from the providers that PRISM is reportedly monitoring; you'll have to decide if you want to go elsewhere for encryption protection.
From there, protect your email by encrypting it.A To secure your email effectively, you should encrypt three things, Eric Geier notes: the connection from your email provider; your actual email messages; and your stored, cached, or archived email messages. If you want toA take it even further, consider using a secure email service. Email will travel over the Internet, where it can be accessed by theoretically just about anyone. Companies like Silent Circle (founded by PGP creator Paul Zimmermann) profess to offer secure voice, email, voice communications via dedicated connections between subscribed devices.
Subscribe to a VPN
In the same vein, consider signing up a virtual private network, which creates an encrypted "tunnel" to another server, which then acts as an agent on your behalf. Eric Geier's piece on how to set up a VPN explains how to do this. Note that the performance of your PC may suffer somewhat, as the latency to funnel communications back and forth (some solutions use servers based in the EU, for example) may take some time. But security layered upon the encryption applied by other solutions may provide some additional reassurance that your communications are private.Watch those hotspots
Wandering from coffee shop to library to free cafe may provide another layer of security, as your client IP address will vary by location. Just make sure that when you're roaming from location to location, someone isn't trying to sniff your PC--or worse. Preston Gralla's story on protecting yourself at hotspots also contains advice tailor-made to protecting your privacy while on the go, including nailing down older apps that might allow an intruder inside your PC.
Obviously, block that malware
Let's face it: the first and most obvious thing you should do to secure your PC is to lock it down from malware. Our tests from January provide you the best antimalware solutions, empirically testedA to ensure that no Trojan or other worm sneaks inside your PC and provides its own spying eyes on your online activities. Your PC should be your castle, and antimalware is the first line of defense. Frankly, if you're concerned about the safety and well-being of your PC, you should have taken care of this long ago.
Tie it up together with a hard password knot
The last thing you'll want to do is make sure that all of your encrypted services are tied up neatly with a unique, easy-to-remember-but-impossible-to-crack passphrase. PCWorld has some tips to manage passwords, including what's coming down the pipe. But the best practice right now seems to be to find a good password manager like LastPass, and create your own unique password. Bruce Schneier's "Schneier scheme" recommends that you create a passphrase ("Man, those six flights of stairs to my New York apartment were killer.") and then abstract it, possibly with the first letters. ("M,tsfostmNYawk.") It's not perfect, but it's a lot better than random words and phrases that can be easily guessed.
Will these tips make your PC PRISM proof? No, not necessarily. But if you're concerned about the recent PRISM disclosures, they'll go a long way to help you sleep better at night--outside of smashing your PC to bits, distributing the pieces randomly among a dozen scrap heaps, and moving to the woods, that is.
never say or do anything you would not do infront of a crowd of people, because you might already be
For example, I would gladly stand in front of a crowd and say Obama is a douche nozzle
Don’t use it. Or make it “old style” with no communications with any other computer other than sneakernet.
Get PGP or its open source version GPG. Us it ti encrypt files you want kept private and messages you don’t want read. Unless the government has succeeded in forcing the developers to add a special backdoor, the larger key lengths are currently unbreakable.
Only two things will work:
1) Pull the ethernet cable out
2) Shut off the WiFi card
If you’re on the network, they will be able to get you if they really want. Even encryption isn’t foolproof, as it has to exist somewhere and at some time unencrypted in order to be created and viewed.
From reading the article, the short answer appears to be: join the Amish.
No such thing as "unbreakable", just those where the cost of the resources to break it far outweighs the value of the information.
How about instead we just mount a campaign against such government intrusion and get elected to Congress people who will make such intrusions highly illegal (as they should be now according to the Constitution - secure in their “papers”, etc.) and punishable by long prison sentences.... and enforce it!!
Well let me restate it for the nit pickers: can't be broken by the fastest computers now in existence in less than the projected life of the universe
I don’t doubt it. You are one krazy a** kracka.
It has come to this.
Land of the free. Home of the brave.
“It currently takes two separate passwords for my laptop to even boot up. Then it takes a third to log in. My data is on an encrypted partition, so even if they took the drives out, they couldn’t read it.”
Sorry, you’re wrong. And nice shirt you’re wearing.
NSA & Gang
LOL!
If they want you, they will get you.
I’m not suggesting going into hiding. I would keep my online inflammatory rhetoric to a minimum. No sense in inviting scrutiny.
Are you a member of & do you post to FR?
You’re in a watched category
Do you put political commentary on Facebook (including editorial cartoons)?
You’re in a watched category
Do you work in a large office with plenty of creepy, aggressive libs?
Say the right thing and one of them is going to sic the dogs on you
Do you have a CCW permit?
The feds are after & will get those lists. And you will be first priority if/when the time comes.
For most of us, the time to tighten up all of this stuff was 10 years ago.
Very bad times are coming, and a lot of good people (including us) are going to get put into a meat grinder. And many won’t come through it.
I quit hoping this whole Orwellian process could be arrested (pun intended). Now my hope is that I last long enough to see some of the smug hypocritical liberals I know get a big helping of the crap pie they have worked so hard for. If I do, I plan to savor it.
An atavistic alternative is to somehow go back to a regular 56k etc modem phone line, put a fax machine between the phone line and your computer and all attempts to query info from your pc will be printed out by the fax machine as incoming messages and never reach your pc.
Bookmark
Putting aside the horrible trail of Internet traffic, once used, a computer can never really be “cleaned” of private data. At least not by a person who is not an EE or IT expert. Search guidlines of the DOJ (which other government agencies follow) has the printer and keyboard and all internal system buffers and devises searched for data residue, etc. How would you solve that problem?
So, as long as a person is not under investigation or attempting to conceal criminal conduct or evidence, the only sure way to maintain one’s privacy is complete destruction of the box and all of the components.
Maybe that makes sense. Just like a document retention policy (which every smart company has) one should have an electronic data retention policy. Every year or two, the whole setup, printer, monitor, keyboard and all goes to the chopping block for a session with the log splitter followed by a burial at sea or equivalent.
bookmarked
bookmark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.