Through the recently revealed PRISM program, the US National Security Agency (NSA) can purportedly access emails, chats, video, documents, and connection logs from nine leading Internet companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. If you’re online, you probably use one of these companies’ services, and don’t want to be spied on.
Access is currently working with a coalition of US and international human rights organizations to demand that the US Congress investigate and halt the NSA’s pervasive surveillance program PRISM, which threatens the privacy rights of millions of internet users. Until this rights-abusing surveillance system is dismantled, there are some basic ways that you can protect the content of your internet communications from surveillance. We’d like to emphasize these programs only protect the content of your communications, and not the metadata, such as the sender’s and recipient’s handles, an email’s subject line, or when the communications were sent.
One of the best reasons to implement the following tips is the fact that these technologies will improve through widespread use. The more we use them the larger our potential network of encrypted communication will become and the more people will work to make them user-friendly.
1. Email
One of the more troubling revelations of last week was the fact that the NSA allegedly accesses the content of private emails, as long as there is a 51% chance that the target is not a US citizen. If you are a US citizen and don’t like those odds, or don’t live in the US at all, it makes sense to encrypt your email to keep the content private.
The most popular way to do this is Pretty Good Privacy (PGP), most accessible through its open source version, Gnu Privacy Guard (GPG). While using this still leaves metadata (such as the email subject line and the sender’s and recipient’s email addresses) unencrypted, it encrypts the content of your email to ensure that only the intended recipient can read the message. The recipient must also have GPG for this to work.
For help installing this, you can follow Security in a Box’s walkthrough, which covers Windows, Mac OSX, and Gnu/Linux operating systems. In addition, they have instructions on how to install and use GPG on Android.
2. Chat
Facebook, Microsoft Live Messenger, and Google Chat are also compromised. Thankfully, protecting the content of these messages is fairly simple and can be achieved by using Off-The-Record messaging (OTR).
Not to be confused with the similarly-named Google Chat feature, OTR allows you to have encrypted chat in Facebook, Google Chat, and any other chat service based on the XMPP protocol.
Like PGP, OTR only works if both users have it, which is why it’s so important for more people to start utilizing these technologies. For help with this, you can go to Security in a Box’s walkthrough, which covers Windows, Mac OSX, and Gnu/Linux operating systems. In addition, the web-based browser plugin Cryptocat uses OTR to allow one to have encrypted chat with another person using the service, and Gibberbot and ChatSecure provide OTR functionality for Android and iOS respectively.
3. Video Chat
The fact that Skype, Yahoo, and Google appear on PRISM’s list of compliant companies is an important reminder that video chats are neither private nor secure. While it is unclear whether or not the content is routinely recorded, we do know that with a wiretap order it can be collected.
Any video chat software that uses the encrypted video chat protocol Zimmerman Real-time Transport Protocol (ZRTP) would be an improvement. One program which provides encrypted video chat is Jitsi, which is available for Mac, Windows, and Linux. You can use it in conjunction with a SIP account from the Ostel project, which provides secure voice-over-IP (VoIP) functionality to both computers and cellphones. This means you can have encrypted phone calls anywhere you have an internet connection.
4. Social Media
As has been mentioned, Facebook – for some, the largest repository of social and personal information – is one of the many companies involved in PRISM.
The social networking site Diaspora is a popular alternative. Because it is a federated social network, you get to decide where your data is stored – this means you can keep your data on a personal server, or choose another place to store it where you feel it is secure. This means that there is no centralized location for the government to locate your information. Not everyone has access to a personal server, but Diaspora helps by providing a list of open “pods” users can choose from.
5. Search
Google, Yahoo, and Microsoft store all the data that’s generated when you use their search engines, and they probably share this info with the NSA.
Our favorite alternative search engine is DuckDuckGo. Unlike Google, Yahoo, and Bing, DuckDuckGo does not collect personal information on users; they don’t keep a history of your searches, use cookies, or store your IP address. This means even if the NSA were able to access DuckDuckGo’s servers, they would find little personal data.
In addition, anonymity tools such as the Tor Browser Bundle are recommended to protect your browsing and online interactions from metadata analysis. Even if you sign into an account known to be yours using the service and remove your anonymity, the Tor Browser Bundle can still hide from where you are accessing the service.