Five ways to stop the NSA from spying on you
WHOLE STORY AT WASHINGTON POST
By Timothy B. Lee, Published: June 10, 2013 at 12:22 pmE-mail the writer
If recent reports are to be believed, the National Security Agency has broad powers to capture private information about Americans. They know who we’re calling, they have access to our Gmail messages and AOL Instant Messenger chats, and it’s a safe bet that they have other interception capabilities that haven’t been publicly disclosed. Indeed, most mainstream communications technologies are vulnerable to government eavesdropping.
But all is not lost! The NSA’s spying powers are vast, but there are still ways to thwart the agency’s snooping. Here are five of them.
1. Browse anonymously with Tor
NSA whistleblower Edward Snowden has been photographed with a Tor sticker on his laptop. Tor lets you use the Internet without revealing your IP address or other identifying information. The distributed network works by bouncing your traffic among several randomly selected proxy computers before sending it on to its real destination. Web sites will think you’re coming from whichever node your traffic happens to bounce off of last, which might be on the other side of the world.
Tor is easy to use. You can download the Tor Browser Bundle , a version of the Firefox browser that automatically connects to the Tor network for anonymous web browsing.
2. Keep your chats private with OTR
If you use a conventional instant messaging service like those offered by Google, AOL, Yahoo or Microsoft, logs of your chats may be accessible to the NSA through the PRISMprogram. But a chat extension called OTR (for “off the record”) offers “end-to-end” encryption. The server only sees the encrypted version of your conversations, thwarting eavesdropping.
To use OTR, both you and the person you’re chatting with need to use instant messaging software that supports it. I use a Mac OS X client called Adium, which works with Google, AOL, Microsoft and Yahoo’s chat networks, among others. Windows and Linux users can use Pidgin. OTR works as an extension to conventional instant messaging networks, seamlessly adding privacy to the IM networks you already use. You can configure Adium or Pidgin so that if a person you’re chatting with is also running an OTR-capable client, it will automatically encrypt the conversation.
The conventional telephone network is vulnerable to government wiretapping. And many Internet-based telephony applications, including Skype, are thought to be vulnerable to interception as well.
But an Internet telephony application called Silent Circle is believed to be impervious to wiretapping, even by the NSA. Like OTR, it offers “end-to-end” encryption, meaning that the company running the service never has access to your unencrypted calls and can’t turn them over to the feds. The client software is open source, and Chris Soghoian, the chief technologist of the American Civil Liberties Union, says it has been independently audited to ensure that it doesn’t contain any “back doors.”
4. Make secure calls with Redphone
Redphone is another application that makes phone calls with end-to-end encryption. Interestingly, it was developed with financial support from U.S. taxpayers courtesy of the Open Technology Fund.
The government hopes to support dissidents in repressive regimes overseas. But the only way to build a communications application that people will trust is to make it impervious to snooping by any government, including ours. So like Silent Circle, the Redphone client software is open source and has been independently audited to make sure there are no back doors.
5. Remove your cellphone battery to thwart tracking
The NSA phone records program revealed by the Guardian last week not only collects information about what phone numbers we call, it also collects data about the location of the nearest cellphone tower when we make calls. That gives the NSA the ability to determine your location every time you make a phone call — and maybe in between calls too.
Unfortunately, Soghoian says there’s no technical fix for this kind of surveillance. “The laws of physics will not let you hide your location from the phone company,” he says. The phone company needs to know where you are in order to reach you when you receive a phone call.
So if you don’t want the NSA to know where you’ve been, you only have one option: You need to turn off your cell phone. Or if you’re feeling extra paranoid, take out the battery or leave your phone at home.
You probably can’t hide metadata
Soghoian says that a similar point applies to your phone calling records. Encryption technology can prevent the government from intercepting the contents of voice communications. But it’s much harder to hide information about your calling patterns. And information about who you’ve called can be as revealing as the contents of the calls themselves.
“If you’re calling an abortion clinic or a phone sex hotline or a suicide counselor, what you say is basically the same as who you’re saying it to,” Soghoian argues.
Unfortunately, there’s no easy technological fix for this problem. Even obtaining a phone not specifically tied to your identity may not help, as it may be possible to identify you from your calling patterns.
This problem tripped up Paula Broadwell [and new CIA Director Petraeus–add JMC], who was outed last year as having an extra-marital relationship with Gen. David Petraeus. She had been sending e-mails from an anonymous Gmail account, and she had even been smart enough to avoid logging in from home.
But the FBI identified her anyway. Broadwell logged into the account from several different hotels. The FBI obtained lists of who had checked into those hotels on the relevant dates and looked for common names. Broadwell was the only one who had checked into all of the hotels.
So it’s fairly easy to protect the contents of your communications from government spying. But there’s no easy technological fix to prevent the government from finding out who you’re communicating with.
From the Guardian Guide to Metadata and its Use:
A Guardian guide to your metadata
A case study of the Petraeus scandal