What to do about PRISM surveillance. A practical advice.

[Financisto]

OPs and MODs:

I'd like to suggest a fixed topic about PRISM surveillance and inside that topic some info like that available at http://prism-break.org/

And freedom for all!

[tkbx]

If you go on Reddit, you've probably seen this about 20,000 times, but here goes:

Don't ask your government for your Privacy, take it back:

    Browser Privacy: HTTPS Everywhere, AdBlock Plus + EasyList, Ghostery, NoScript (FireFox), NotScript (Chrome)
    VPNs: BTGuard (Canada), ItsHidden (Africa), Ipredator (Sweden), Faceless.me (Cyprus / Netherlands)
    Internet Anonymization: Tor, Tor Browser Bundle, I2P
    Disk Encryption: TrueCrypt (Windows / OSX / Linux), File Vault (Mac).
    File/Email Encryption: GPGTools + GPGMail (Mac), Enigmail (Windows / OSX / Linux)
    IM Encryption: Pidgin + Pidgin OTR
    IM/Voice Encryption: Mumble, Jitsi
    Phone/SMS Encryption: WhisperSystems, Ostel, Spore, Silent Circle ($$$)
    Google Alternative: DuckDuckGo
    Digital P2P Currency: BitCoin
    Live Anonymous/Secure Linux: TAILS Linux

If you have any problems installing or using the above software, please contact the projects. They would love to get feedback and help you use their software.

Have no clue what Cryptography is or why you should care? Checkout the Crypto Party Handbook or the EFF's Surveillance Self-Defense Project.

Just want some simple tips? Checkout EFF's Top 12 Ways to Protect Your Online Privacy.

If you liked this comment, feel free to copy/paste it.

[mairusu]

I understand the disgust at these "official findings" but unless you provide the service for yourself it can never be secure like farming, internet, etc. So, unless you're going to start a gigantic intranet based medium to provide information than I say do what you can but always know somebody out there if they really wanted to could spy on us...it's the price we pay when we aren't the producers of our consumption.

[UPENtXF]

I don't know how secure it is, but Ostel.co seems to work as advertised, and I trust Zimmerman's ZRTP more than I trust any of the NSA creations.

I think if everyone starts using that kind of technology wherever they can, it will be prohibitive for the Washington District of Criminals to spy one everyone.

[AnonyMint]

If you go on Reddit, you've probably seen this about 20,000 times, but here goes:

Don't ask your government for your Privacy, take it back:

    Browser Privacy: HTTPS Everywhere, AdBlock Plus + EasyList, Ghostery, NoScript (FireFox), NotScript (Chrome)
    VPNs: BTGuard (Canada), ItsHidden (Africa), Ipredator (Sweden), Faceless.me (Cyprus / Netherlands)
    Internet Anonymization: Tor, Tor Browser Bundle, I2P
    Disk Encryption: TrueCrypt (Windows / OSX / Linux), File Vault (Mac).
    File/Email Encryption: GPGTools + GPGMail (Mac), Enigmail (Windows / OSX / Linux)
    IM Encryption: Pidgin + Pidgin OTR
    IM/Voice Encryption: Mumble, Jitsi
    Phone/SMS Encryption: WhisperSystems, Ostel, Spore, Silent Circle ($$$)
    Google Alternative: DuckDuckGo
    Digital P2P Currency: BitCoin
    Live Anonymous/Secure Linux: TAILS Linux

Good list. However, VPN + Tor or I2P Darknet are vulnerable to traffic analysis. Even with encrypted communications, these do not reliably obscure your identity from your IP address if the adversary is determined and has the resources to see all traffic.

Also we have no way of knowing which VPNs are backdoored.

Voice, chat, and email encryption obscure the content, but not the identities of whom is communicating. Thus you've just categorized yourself for the concentration camps coming.

Unfortunately you neophytes do not realize that details matter much.

Essentially what you all are doing by using these technologies and Bitcoin is labeling yourselves in the small minority that are anti-government. Not good for you.

[Snowfire]

Bitmessage (though it could use improvement) does not have open metadata the way simple encrypted email does.

Even with snail-mail, it is possible to obfuscate the sender (although not the receiver.) And there are ways to make content tampering (e.g. steaming envelopes) difficult to do without its being obvious.

However: if you choose to protect some communications but not others, that is itself a form of metadata that is subject to analysis. And if some persons but not others choose to protect communications, that is also metadata. Communication protection is hence most effective if adoption is widespread (built into most systems by default.) This alone would truly erase these issues.

[AnonyMint]

Bitmessage (though it could use improvement) does not have open metadata the way simple encrypted email does.

Bitmessage type of anonymity is in theory (if done correctly) not susceptible to timing analysis as Tor and I2P are. The latter use onion routing where it is known which encrypted packets are intended for which IP addresses. In Bitmessage, in theory no one knows which packets are intended for which destinations.

Unfortunately Bitmessage can't scale because everyone receives every (encrypted) message. Perhaps this can be addressed with subsets, but this might compromise the anonymity.