Posted on 09/06/2013 4:15:48 AM PDT by shego
Now that we have enough details about how the NSA eavesdrops on the internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves....
At this point, I feel I can provide some advice for keeping secure against such an adversary....
1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them....
2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections--and it may have explicit exploits against these protocols--you're much better protected than if you communicate in the clear.
3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA--so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet....
4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well....
5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered....
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit....
(Excerpt) Read more at theguardian.com ...
How ‘bout just have nothing to do with Facebook. I mean, just a few years ago wasn’t it possible to have a life without social media & tweets & whatnot?
Of course, FReepers are already on some gubmint s***list. We know that, don’t we?
So, what happens with the government decides that your normal life is no longer normal?
ping for reference
You don’t feel the collar because the leash isn’t being pulled at the moment, so everything is alright?
East Wind, Rain
I’m trying to figure out how the NSA can spy on hand-written ciphered/coded notes or coded ham radio comms.
When technology gets too complicated to get the upper hand, baffle it with ancient methods.
If you’re not coding your PC and software from the ground up (think BIOS, chipset, etc) anything you do is just an annoyance, and doesn’t protect your communications. If you’re communicating digitally, assume it is compromised, or could be with minimal effort.
Wind from the East, fish bite the least.
The Sheep are grazing in the grassy meadow.
Over
Aunt Mary has the flu.
The Sparrow took the bus. No direct flight.
Jerry got a new puppy. Billy’s birthday party is next week.
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about. There's an undocumented encryption feature in my Password Safe program from the command line); I've been using that as well.
I understand that most of this is impossible for the typical internet user. Even I don't use all these tools for most everything I am working on. And I'm still primarily on Windows, unfortunately. Linux would be safer.
The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.
Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA.
I think it's largely the government's fault that solid crypto isn't already deployed routinely in the majority of your internet activity.
true, but I was only thinking of protecting the content. You can go to onion routing if that helps, but it's still traceable.
Combine GPG with Anonymous Remailers, and you're much better off.
It takes money to become invisible. The more that you are willing to spend the smaller footprint you will leave for them to track.
Someone needs to come up with Anonymous Remailers with distributed nyms through alt.messages.anonymous scraping built in. This would be my project if I had time.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.