“You cannot have free speech if you can be punished for what you say.”
Whether you are an activist, a whistle-blower, a warrior, or another information-seeking human being who believes in free expression, at some point you will feel the need to protect your privacy.
Governments and businesses ARE watching you. You should assume that a highly technologically capable authority can (from dee.su.liberte-motivation):
“-Intercept your internet traffic, including e-mail, instant messaging,VoIP, and Wi-Fi connections (the latter doesn’t involve ISPs)
-Intercept your phone and fax communication, including landlines, cell phones, satellite phones, and radio telephone extensions (the latter doesn’t involve Telcos)
-Associate your geographic location with a cell phone IMEI number or with a SIM card number
-Reliably associate your calls with your voice patterns (speaker recognition)
-Associate your geographic location with your digital financial transactions”
The United States has been tapping underwater communication cables since the 1970s. The ECHELON system has been in place for years to covertly monitor loose electromagnetic frequencies including radio, cell phones, satellite, wifi and even electromagnetic switches and boosters on fibre optic cables. Furthermore, if one was under active surveillance a van with TEMPEST equipment could read the output from your computer monitor or key presses from down the block.
I cannot stress enough: You ARE being watched! If you click the links in this post you will be on a government list at some level.
There is some good news, though. While continuous, passive monitoring is extreme, governments generally lack human resources to put a large amount of people under active surveillance. The internet is the only communication system where there has been a considerable public and transparent (peer reviewed) effort at privacy and security. Governments cannot break modern encryption. Cryptography is your friend and you should become familiar with its implementation.
Modern encryption relies on the fact that factoring large numbers is a computationally difficult task. Moore’s Law suggests that computational power doubles approximately every twelve months. This means that you should take into account how long you need something to remaining secure. Luckily, it still takes polynomial time to encrypt and exponential time to decrypt, so something encrypted with a given computational power can not be decrypted with the same resources. In other words, protocols might not become obsolete, but key lengths could. If appropriate key lengths are chosen (say 1024 bits (eight bits = one byte = one character, 128 characters in 1024 bits)), possible combinations for a strong cypher can easily outnumber all the atoms in the known universe (only about 10^80). Quantum computing may be a game changer. Essentially, some mathematics are applied to turn factoring into a search problem. A quantum computer can then look at all possibilities at the same time. Working quantum computers have been constructed that can successfully factor the number fifteen. There will certainly be some interesting developments in post-quantum cryptography. Computationally unbreakable and quantum-resistant encryption does exist, such as the One-time Pad , and the McEliece Cryptosystem. Cryptography can also be used to verify the integrity and completeness of data. A one-way cryptographic hash can be computed for a file and distributed. Because of the way it is calculated, even a small change in the input file produces a significantly different hash. For example, WikiLeaks released an encrypted insurance file with a SHA1 (Secure Hash Algorithm) checksum of cce54d3a8af370213d23fcbfe8cddc8619a0734c. Using one’s own SHA client it is easy to confirm that a downloaded file is an exact copy of this original by comparing the checksums. Usually a passphrase is hashed and the hash is entered into the encryption instead of the original text.
Government and Business have been married since the beginning. Beware of where your software comes from. There are known cases of business allowing government backdoors to encryption and allowing government trojans to proliferate:
“Lotus, a subsidiary of IBM, admits this. The company told Svenska Dagbladet:
“The difference between the American Notes version and the export version lies in degrees of encryption. We deliver 64 bit keys to all customers, but 24 bits of those in the version that we deliver outside of the United States are deposited with the American government”"
This is just another reason to use Linux and other open-source software. Linux is made by passionate people who love what they do and is a wonderful tool. Community produced goods are preferable to corporate models for security, sustainability, robustness, relevance, adaptability, etc, etc. Exploring linux is a very rewarding experience and linux can provide an excellent computing platform at any level of abstraction.
Liberte Linux is a live linux distribution optimized “…with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments.” It is easy to install on any usb drive, SD card or other bootable media. Once installed, it can be plugged into any computer and provides a pre-configured environment to securely and anonymously connect to the internet. Free space on the drive can still be used normally. All persistent data is encrypted. All connections are routed through Tor, a peer-to-peer anonymizing network. Randomized MAC addresses, anti-forensic memory wiping, Tor-based Cables Communication, and many other features make this a great one-stop privacy solution. You can browse, you can chat, you can play mahjongg, it’s all there. Read everything on the site and follow the instructions; you’ll be anonymous in no time.
Tor is a very useful tool for protecting your identity. Tor uses a network of volunteers to distribute traffic with layers of encryption (Onion Routing), making it difficult to trace data back to its origin. Installation on any operating system is easy and is a minimum for browsing securely. Tor can also be used to anonymously host websites, accessible with the .onion suffix. Any non-https (encrypted connection) and non-onion connection has its payload data revealed at the Tor exit node. See this graphic for clarification on what is available to an eavesdropper. Plugins, cookies and javascript should be avoided when possible to prevent tracking and browser fingerprinting (visit Panopticlick to test your browser’s uniqueness). Doc and Pdf files can connect to a remote server when they are opened and potentially bypass Tor if not configured properly.
For extra credit(s), look into Bitcoin. Bitcoin is an open-source, peer-to-peer, electronic monetary system that is based on cryptographic proof to insure irreversible transactions. The details are complex, but new Bitcoins (Btc) can be “mined” at great computational cost (from a diminishing supply and with increasing difficulty). These can then be traded on the network for goods and services, or for other currencies at an exchange. With no centralized issuing authority, bitcoin is a fascinating approach to true fiat currency. If used properly, Bitcoin can allow anonymous transactions. Right now there are more than forty-five million USD worth of Btc circulating at the current exchange rate of 1 Btc to ~5 USD.
With a little care and planning, you can stay effectively anonymous online. Many alternatives exist to all systems mentioned here. There is a ton of information out there. I hope this can provide a jumping point and inspire some folks to want to go find it. No, you probably don’t need to encrypt every letter to your Great Gamgams, but when the time comes, there are resources to help you.
Additional Info:
Cyphernomicon -A great (if dated) introduction. Originally a FAQ from the Cypherpunks mailing list.
Crypto-Anarchy and the Telecomix Crypto Munitions Bureau -Lots of good info and projects
Raspberry Pi -$25 open-source computer…the possibilities are endless
Interception Capabilities Report 2000 -Just what it sounds like. Dated 2000.
ECHELON -More on Echelon
The Hidden Wiki or a Wikipedia explanation -Here there be monsters. You must be using Tor. Do not go here unless you have taken significant steps to protect yourself. Be very careful and remember that life is beautiful.
Recent Comments