The Unz Review - Mobile
A Collection of Interesting, Important, and Controversial Perspectives Largely Excluded from the American Mainstream Media
 BlogviewThe Saker Archive
Keeping Communications Private in the Age of Big Brother (a Practical HOWTO)
🔊 Listen RSS
Email This Page to Someone

 Remember My Information



=>
shutterstock_641900323

Bookmark Toggle AllToCAdd to LibraryRemove from Library • BShow CommentNext New CommentNext New Reply
Search Text Case Sensitive  Exact Words  Include Comments
List of Bookmarks

I have decided to share with you something which I originally sent out to the key members of the Saker community: my recommendation on how to keep your private communications private in the age of “Big Brother” aka NSA, ECHELON, GCHQ, Unit 8200, etc. I have been interested in the topic of encryption for many years already, and I have had to use encryption techniques in the past to protect myself from snooping by indelicate employers. There have also been some discussions inside the Saker community of what did and did not work for us. I have now come to the conclusion that there are two services out there which I feel I can recommend to our entire community, one for emails and another for messaging/audio/video/file sharing. Why two different services rather than one?

The truth is that the confidentiality issues with email are unique and require a unique solution. Typically, emails are designed to remain kept on some kind of storage device whereas most telephone calls or video conferences are not recorded (at least not by the participants).

Let’s look at these two issues separately.

ABSTRACT: if you want to protect your communication from any kind of snooping, including government snooping, the most reliable and advanced solution currently available are:
For your emails: Prontonmail https://protonmail.com/ (free of charge)
For your messaging/telephone/video/filesharing needs: the Silent Phone app for Android and iOS https://www.silentcircle.com/products-and-solutions/software/ ($9.99/month)

——-
Protecting your emails with Protonmail:

Protonmail is a Swiss company whose history is well described in this Wikipedia article: https://en.wikipedia.org/wiki/ProtonMail . I won’t repeat it here. I will just say that with Protonmail your mailbox remains encrypted in such a manner that even the managers and technicians at Protonmail cannot access it. Here are a few videos which will give you more details:

Quick Introduction To ProtonMail and ProtonMail Plus:

ProtonMail – Is this The alternative email we’ve been looking for?:

Protonmail and Encryption – A Re-visit:

Protecting your messaging/telephone/video with Silent Circle’s Silent Phone:

Unlike Protonmail which deals ONLY with emails, Silent Circle’s software (called “Silent Phone”) which can be installed on any Android or iOS smartphone, protects your instant messaging, your telephone conversations (audio), your video conferences and even allows you to securely send your files up to 100MB in size. However, while the Silent Phone software is free of charge for download, you will have to pay $9.99 a month to get all of the following:

  • Unlimited Worldwide Secure Voice/Messaging between Silent Circle Members
  • Up to 100MB File Transfer
  • Full Burn Functionality
  • Video Calling
  • Conference calling for up to 6 callers
  • Direct access to Technical Support
  • Available on iOS, Android, and Silent OS

You can check all their fancy marketing materials here: https://www.silentcircle.com/
Here is the Wikipedia article about them: https://en.wikipedia.org/wiki/Silent_Circle_(software)
This is the link to their software solution: https://www.silentcircle.com/products-and-solutions/software/
And this is the link to their White Paper: https://www.silentcircle.com/enterprise-cybersecurity-white-paper/
Finally, here are some of their case studies: https://www.silentcircle.com/wp-content/uploads/2017/01/SilentCircle_Case-Studies.pdf

This is all very slick and could hide anything, right? Actually, no. What makes their offer so interesting is that it is based exclusively on open source code which is publicly available. Why is that important? For two reasons: first, they cannot hide some backdoors in the software. But second, even MUCH more important, is that the best encryption algorithms are NOT the secret ones that nobody can check, but the public ones which everybody can check. This is long to explain, but please trust me. The level of confidence which you can have in the technologies used in Silent Phone are about as good as it gets. Not perfect maybe, but very very close.

[If you are interested in the details, I can explain to you one on one why you ALWAYS want to make use only of open sourced encryption technologies (You can find out about the protocols and algorithms used by Silent Circle here: https://www.silentcircle.com/products-and-solutions/technology/zrtp/ )]

You might notice that both Protonmail and Silent Circle (the company which makes the Silent Phone app) are located in Switzerland. This is not a bad thing since Swiss laws about privacy are pretty good. However, this is not the reason why you can trust these products. In fact, in the past the Swiss have worked with the US CIA to sell the Iranians encryption devices with backdoors. The current Swiss government is as pro-USA as any other. No, the reason why I like these is that Switzerland has some of the best cryptologist on the planet (even if very few people know about this). In fact, the technology for Silent Phone is so secure that even the US government had to certify it for governmental use (in spite of it being open source, which tells me that they don’t have much better): http://www.zdnet.com/article/silent-circle-phone-app-cleared-for-us-government-use/

I hope that this reference to the US government does not freak you out. If it does – relax, Silent Circle was co-founded by Phil Zimmerman, the man who single handedly forced the US government to give up trying to keep a monopoly on military-grade encryption (read about him here: https://en.wikipedia.org/wiki/Phil_Zimmermann ).

Here is a keynote presentation by Zimmerman

and here is an interview with him:

In other words, his “I do not work for the NSA” credentials are the best on the planet.

By now you must be wondering if I am working for Silent Circle or whether I have bought shares in their company. Don’t worry, I did not. I am only writing to let you know that I think that this product is fairly secure and very reasonably priced. I know of no better one. Just think of it – worldwide unlimited calling (including VIDEO!) for 10 bucks is already a halfway decent deal. But with rock solid encryption it becomes very good.

ORDER IT NOW

There is one important caveat which you have to keep in mind: Both Protonmail and Silent Phone are truly secure only if BOTH people communicating are using them (from Protonmail to Protonmail email addresses or from Silent Phone subscriber to Silent Phone subscriber). Likewise, the $9.99 suybscription costs with Silent Phone only covers all communications between Silent Phone subscribers. You *can* call a non-subscribed number, but it will not be secure and you will pay international calling rates.

Also, if you get Silent Phone, you will be given 2 options: a) to use a username only b) to pay 2 dollars a month for a dedicated phone number. Since using Silent Phone only really makes sense if used between two Silent Phone subscribers, I recommend you forgo the extra cost for a dedicated telephone number unless you really need it (depending on your usage of your telephone).

Here are a few short videos showing how Silent Phone works on Android (for iOS go to the Silent Circle YouTube channel):

Calling and Conference calling

Logging and Setting:

Messaging:

Conclusion:

We live in complicated and, frankly, dangerous times. Having personally worked in Electronic Warfare (EW), Communication Intelligence (COMINT) and military intelligence in general, I believe that the ability to keep communications secure is absolutely crucial for most people. Until recently, the kind of technology which could protect you from government (or corporate) snooping was simply too complex to be used by most people (keep in mind that bad encryption is much worse than no encryption since it gives you an illusion of security!). Even software like the famous PGP/GNUpg were not that easy to use and required a fairly solid understanding of the technologies used. Nowadays we are lucky that we can use VERY sophisticated services with do not require that kind of expertise from us. But then, you might ask, how do we know that we can trust them? There are two replies to this. We can trust them because

  1. all the technologies used by these services, including source code, protocols, algorithms, etc, are fully “open source” meaning that they are available for download and audit. Not by you or me, but by colleges, institutes, corporations and even governments worldwide. For encryption that is the highest standard of security: when everybody can see your code and check it for flaws.
  2. because all these services are regularly audited by entities we can trust, such as the Electronic Frontier Foundation (EFF) which, for example, reported this “scorecard” for Silent Phone:

Selection_077-1024x253

(Full disclosure: I am a card-carrying member of both the Electronic Frontier Foundation (EFF) and the Free Software Foundation (FSF))

If you are an active member of the Saker Community (author, researcher, translator, computer tech, editor, etc.) I STRONGLY recommend that you use both Protonmail and Silent Phone. If you are not a member of our community, I recommend that you at least use Prontonmail. If you make a lot of international calls to trusted relatives, friends or colleagues, I also STRONGLY recommend use sign up for the Silent Phone subscription as for $9.99 you get unlimited worldwide and high-quality audio (telephone) and even video everybit as good or better than Skype or Whatsapp. And it happens to as secure as the best government/military grade communications.

Finally, three final and minor points:

First, let’s imagine that some government agency (Swiss, American or other) comes to Prontonmail or Silent Circle and orders them to have them over all your communications (as has happened already so many times): neither Prontonmail nor Silent Circle will be able to comply, not because of bad will or some heroic resistance to pressure, but because they will NO ACCESS to your data: in the case of your mailbox, it will be completely encrypted and only you will have the capability to decrypt it, and in the case of Silent Phone the encryption used is one between end-user to end-user which is NOT shared with Silent Circle in anyway and as soon as you hang up it is also erased.

Second, the company Silent Circle also manufactures a real “physical” phone, called the “Blackphone 2“. It was a failure, don’t bother with it. I don’t want to discuss the reasons for that, but just ignore that option which simply does not work too well and has major problems.

Third, I want mention something crucial here: both Protonmail and Silent Phone offer the option to destroy your email, message, of file after a specific delay. In other words, you can configure these two services to destroy everything which you ever send through them. So by the time somebody tries to get that data it will already have vanished. So even though your Protonmail mailbox is heavily encrypted and even though Silent Phone exchanges encryption keys only between end-users (p2p), you have that additional level of security of having all your data self-destruct after a pre-sent time/date.

That’s it. Please don’t bombard me with questions about these technologies and products. If you do your own research and just follow all the links above you should get all the info you need. Right now I literally don’t have the time to do more about this than share the above with you. And just to make thing worse, I currently have a painful gout flare-up which makes it hard for me to sit and type. If you still have questions, ask them in the comments section and the more tech-wise will probably help you, but first please make sure that you do your own research. The geek community refers to this as RTFM or Read the “French” Manual :-) Also please do take the time to watch the videos above, they are very informative.

I hope that the above has been useful and that at least some of you will decide to at least try out these two outstanding service.

Good luck, kind regards,

The Saker

Follow-up: Security is a threat-driven exercise (ComSec in the age of Big Brother follow up)

Dear friends,

The following is a follow-up to my recent post about communication security (ComSec). I decided to write it after reading the comments to the original post which clearly showed to me that there was a dire need of even basic information about ComSec. I am going to try to keep it very, very basic so please bear with me.

First and foremost – security is a threat-driven exercise. You cannot protect against “anything”. You cannot protect against something diffuse like “they” or “the powers that be” or even “the US government”. You can only protect against a specific threat. Let’s take an example: as soon as we discuss the protection of our computers we think of the NSA. This is normal, since the NSA is the arch-villain of the IT world and the US government the number one “rogue state” on the planet. However, what is missed here is that the NSA has no interest in most of us. But the US IRS (revenue service) might. What you have to realize here is that the NSA has means which the IRS does not and that the NSA has absolutely no intention of sharing any information with the IRS. In fact, the US IRS also probably does not care about you. The folks most likely to spy on you are your bosses, your colleagues, your family and your friends (sorry! don’t get offended; it’s more or less the same list for those most likely to murder you too). In fact, some people close to you might even want to report you to the IRS in order to get you in trouble. Once you understand that, you can also conclude the following

  1. All security planning must begin with the question “what is the threat?”
  2. Giving up on ComSec because the NSA can probably beat you is plain stupid, unless you are somebody really important to the NSA

Second, both spying and ComSec are cost-driven. Yes, even the NSA has a limited (if huge) budget. And yes, even the NSA has to prioritize its efforts: shall they use their supercomputers, translators, analysts, senior officers, etc. to spy after, say, the girlfriend of a senior Chinese diplomat or spy after you? It is true that all our communications are intercepted and recorded. This is especially true of the ‘metadata’ (who contacted whom and when and how and how often), but it is also true of our more or less ‘secure’ communications, be they protected by a very weak encryption algorithm or a military-grade encryption system. Once that data is stored, the NSA has to parse it (mostly looking at the metadata) and take a decision as to how much resources it is willing to allocate to your specific case. No offense intended, but if you are a small pot grower with a history of political activism who emigrated to the USA form, say, Turkey 10 years ago and if you are emailing your friends in Antalya, the NSA would need to decrypt your email. That would take them less than 1 milisecond, but somebody needs to authorize it. Then they would have to get a machine translation from Turkish into English which will be hopefully good enough (I am quite sure that the few Turkish-language translators they have will not be allocated to you, sorry, you are just not that important). Then some analyst must read that text and decide to pass it on to his boss for follow-up. If the analyst finds your email boring, he will simply send it all into a virtual trash bin. Conclusions:

  1. For the bad guys to spy after you must be worth their time as expressed in dollars and cents, including opportunity costs (time spend *not* going after somebody more important)
  2. It is exceedingly unlikely that the NSA will put their best and brightest on your case so don’t assume they will.

Third, security flaws are like bugs. Okay, this is crucial. Please read-up on the so-called “Linus’ Law” which states: “given enough eyeballs, all bugs are shallow“. This “law” has been paraphrased in Wikipedia as such: “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone.” I would paraphrase it as such: the most effective manner to detect and eliminate bugs (such as security flaws) in software code or mathematical algorithms is to have them available for review by experts and to insure that a maximal amount of experts have a strong stake in very carefully reviewing them. Now before proceeding I need to debunk a huge myth: the US government has more means than anybody else on the planet. That is absolutely false. Think of it: to work for the NSA, you not only need to have a US passport, but a high-level security clearance. Right there, you have rejected almost all Chinese, Indian or Russian candidates (along with millions of US Americans!). You might reply that the NSA has more money. Wrong again! Take a look at this article which begins with the following absolutely true, if amazing, statement:

The total development cost represented in a typical Linux distribution was $1.2 billion. We’ve used his tools and method to update these findings. Using the same tools, we estimate that it would take approximately $10.8 billion to build the Fedora 9 distribution in today’s dollars, with today’s software development costs. Additionally, it would take $1.4 billion to develop the Linux kernel alone. This paper outlines our technique and highlights the latest costs of developing Linux. The Linux operating system is the most popular open source operating system in computing today, representing a $25 billion ecosystem in 2008.

Let me ask you this: did you ever think that the free software community, using a de-centralized development model, would be able to produce a product with the corporate world or a government would need to spend more than TEN BILLION dollars to develop? Let me give you another example: Debian, which is the “ultimate” GNU/Linux distribution has over 1000 developers and package maintainers worldwide (including Chinese, Indians, Russians and Americans without a security-clearance) which are selected by showing the Debian community that they are the best at what they are doing. Do you really believe that the US government could hire that amount of top-level coders and then manage them? I remind you that the NSA is an “agency”, meaning that it is a bureaucracy, run by people who have reached risen to their level of incompetence according to the “Peter Principle“. Such agencies are slow to adopt new technologies or methods, they are inherently corrupt (due to their secrecy), they are permeated with the “where I sit is where I stand” mindset which leads to a strong opposition to progress (since if you are used to doing X you will lose your job or will have to re-train if Y is introduced) and which is hopelessly politicized. Buck per buck, brain per brain, the free software community is vastly more effective than this gargantuan mega-agency.

ORDER IT NOW

And then there is academia. There are superb technical institutes worldwide, many in China and India, by the way, which are filled by the best and brightest mathematicians and cryptologists who are not only competing against each others, but also against all their colleagues worldwide. The “eyeballs” of these people are focused with great attention to any new encryption algorithm developed anywhere on the planet and the first thing they look after are flaws simply because being the guy (or group) who found a security flaw in a previously assumed flawless algorithm is a guaranteed claim to fame and professional success. Most of these folks are far more driven than the bureaucrats at Fort Meade! But for them to be able to do their job it is absolutely crucial that the code of the encryption application and the actual encryption algorithm be made public. All of it. If the source-code and encryption algorithm are kept secret, than very FEW “eyeballs” care review them for flaws. The conclusions from that are:

  1. The assumption that the NSA is miles ahead of everybody else is plain false.
  2. Placing your trust in peer-reviewed software and encryption algorithms is the safest possible option
  3. The worldwide hacker and academic communities have superior means (in money and brains equivalent) to any government agency

Using sophisticated ComSec technologies only draws unwanted attention to you. This one was very true and is still partially true. But the trend is in the right direction. What this argument says is that in a culture where most people use postcards to communicate using a letter in a sealed envelope makes you look suspicious. Okay, true, but only to the extend that few people are using envelopes. What has changed in the past, say, 20-30 years is that nowadays everybody is expecting some degree of security and protection. For example, many of you might remember that in the past, most Internet addresses began with HTTP whereas now they mostly begin with HTTPS: that “s” at the end stands for “secure”. Even very mainstream applications like Skype or Whatsapp use a very similar technology to the one justifying the “s” at the end of HTTPS. We now live in a world were the number of users of sealed envelopes is growing where the usage of postcards is in free fall. Still, it IS true that in some instances the use of a top-of-the-line encryption scheme will draw somebody’s attention to you.

[Sidebar: I have personally experienced that. In the late 1990s I used to use PGP encryption for email exchanges with my Godson. Sure enough, one day my boss calls me into his office, presents me with the printout of an encrypted email of mine and ask me what this was. My reply was “an encrypted message”. He then proceeded to ask me why I was encrypting my emails. I replied that I did that to “make sure that only my correspondent could read the contents”. He gave me a long hard look, then told me to leave. This incident probably greatly contributed to my eventual termination from that job. And this was in “democratic” Switzerland…]

My advice is simple: never use any form of encryption while at work or on the clock. If your email address is something like $fdJ&3asd@protonmail.com your employer won’t even know that you are using protonmail. Just keep a reasonably low profile. For public consumption, I also recommend using Google’s Gmail. Not only does it work very well, but using Gmail makes you look “legit” in the eyes of the idiots. So why not use it? Conclusions:

  1. Using advanced ComSec technologies is now safe in most countries.
  2. The more private users and the industry will become ComSec conscious (and they are) the safer it will be to use such technologies

The weakest link in a chain determines the strength of the chain. The US government has many ways to spy on you. You can use the most advanced encryption schemes, but if your computer is running Windows you are *begging* for a backdoor and, in fact, you probably already have many of them in your machine. But even if your operating system is really secure like, say OpenBSD or SEL-Debian, the NSA can spy on you through your CPU, or through the radiation of your computer screen, or even by installing a key-logger in your keyboard or a simple camera in your room. Most so-called “hacks” (a misnomer, it should be “cracks”) are traceable to a human action, not pure technology. So you should not just blindly trust some advanced encryption scheme, but look at the full “chain”. However, while it costs Uncle Sam exactly *zero* dollars to use a backdoor preinstalled with Windows, it would cost him a lot more to direct a crew of humans to install a camera in your room. So fearing that the NSA will use any and all of its tools to spy after you is also plain stupid. Chances are, they won’t. You are just not that important (sorry!). The conclusions here are:

  1. Your ComSec depends on it’s weakest link and in order to identify this link you need to
  2. Acquire enough knowledge to understand the full chain’s function and not rely on one even very cool gadget or app.

Trust is always relative but, when carefully granted, beats distrust. I hear a lot of sweeping and nonsensical statements like “I will never trust any technology or corporate” or “I will never trust any encryption scheme”. These sound reasonable, but they are anything but. In reality, we don’t have the option of “not trusting” any more. We all use cars, computers, RFID-chips, smartphones, GPSs, the Internet, credit cards, etc. Those who say that they don’t ever trust anybody are just lying to themselves. The real question is not “trust vs distrust” but how to best allocated our trust. To go with open source code and public encryption algorithms is far more rational than to refuse to use any ComSec at all (we all know that the post office, and many other people, can open our mail and read it – yet we still mostly use sealed envelops and not postcards!). If ComSec is important for you, you really ought to ditch your Windows or Mac/Apple machines. They – like anything Google, are basically a subsidiary of the NSA. If you use remote servers to provide you with “software as a service” try to use those who have a stake in being peer-reviewed and who only use open source technologies (Silent Circle’s Silent Phone is an example). There are public interest and “watchdog” type of organizations out there who will help you make the right choices, such as the Electronic Freedom Foundation. Conclusions:

  1. We live in a complex and high technology world. While you can reject it all and refuse to use advanced technologies, you thereby also make yourself the ideal passive sheep which the powers that be want you to be. What the powers that be are terrified of are the cyberpunks/cypherpunks, free software hackers, folks like Assange or Snowden and institutions like Wikileaks. They are so terrified of them that they *reassure* themselves by claiming that these are all “Russian agents” rather than to look at the terrifying reality that these are the natural and inevitable reaction to the worldwide violation of human and civil rights by the AngloZionist Empire. It is your choice as to whether educate yourself about these issues or not, but if you chose to remain ignorant while paranoid the powers that be will give you a standing ovation.
  2. Placing your trust in X, Y or Z does not have to be a ‘yes or no’ thing. Place as much trust in, say, open source software as you deem it to deserve, but remain prudent and cautious. Always think of the consequences of having your ComSec compromised: what would that really do to you, your family, your friends or your business. It is a dynamic and fast moving game out there, so keep yourself well informed and if you do not understand an issue, decide whom amongst those who do understand these issues you would trust. Delegating trust to trustworthy experts is a very reasonable and rational choice.

The real cost of security will always be convenience: the painful reality is that good security is always inconvenient. In theory, security does not need to harm convenience, but in reality it always, always does. For example, to become more or less proficient in ComSec you need to educate yourself, that takes time and energy. Using a key to enter a home takes more time than to open an unlocked door. A retinal scan takes even more time (and costs a lot more). You might always spend a great deal of time trying to convince your friends to adopt your practices, but they will reject your advice for many more or less valid reasons. The key here is “is it worth it?” and that is a personal decision of yours to take. Also, you will also need to factor in the costs of not using high-tech. You can email a friend or meet him face to face. But in the latter case, you need to ask yourself how much time and money will it take for you two to meet, how easy it will be for the bad guys to eavesdrop on your whispered conversation, how fast you could transmit any information by such means or whether physically carrying sensitive information to such a meeting is a good idea in the first place. Conclusions:

  1. Going low-tech might be far more costly and less safe than intelligently using high-teach solutions.
  2. “No-tech” at all is usually the worst choice of all, if only because it is delusional in the first place.

Conclusions:

I tried to debunk some of the many myths and urban legends about ComSec in general and an agency like the NSA in particular. I had the time to do that once, but since this topic is not a priority for this blog, I won’t be able to repeat this exercise in the future. I hope that this has been useful and interesting, if not I apologize.

Starting next week, we will return to our more traditional topics.

Hugs and cheers,

The Saker

(Republished from The Vineyard of the Saker by permission of author or representative)
 
Hide 32 CommentsLeave a Comment
Commenters to Ignore...to FollowEndorsed Only
    []
  1. Karl says:

    no one here should even need anonymity beyond RonUnz’s existing system of “nom de plumes”.

    if you are trying to hide a seditionary or etc act, then you are operating in their frame.

    The cultural marxists acted openly and under their real nams. And they had one of the most succesful “revolution” in all of history.

    Copy them.

    Read More
    • Replies: @Che Guava
    Noms des plumes is the correct grammar.

    However, I am to preferring the English-language words, pseudonym.handle, etc, , since this an English-language site.

    The rules are also permitting to post as anonymous or variations on it.

    If you check my history of replies for the last two days, for example, you wil see one from someone calling itself 'Anon 2', in the last 36 hours, it was so stupid that it did not cut me up. I would guess that it was from n00b 'sean', in response to my replies to his stupid post.
    Not being an Unz mod, and not to having time, but having had time as a mod or admin. on Encyclopaedia Dramatica (the original), would go for Sean and anon 2 to being the same person
    ReplyAgree/Disagree/Etc.
    AgreeDisagreeLOLTroll
    These buttons register your public Agreement, Disagreement, Troll, or LOL with the selected comment. They are ONLY available to recent, frequent commenters who have saved their Name+Email using the 'Remember My Information' checkbox, and may also ONLY be used once per hour.
    Ignore Commenter Follow Commenter
    Sharing Comment via Twitter
    /tsaker/keeping-communications-private-in-the-age-of-big-brother-a-practical-howto/#comment-1879455
    More... This Commenter This Thread Hide Thread Display All Comments
  2. I have read about a simpler method. Open a web mail account with yahoo or whoever and share the username/password. Then compose a message and save the draft. Your partner later opens the draft and adds a response, saves draft, and so on. No e-mail is ever sent, so there is nothing to intercept.

    This sounded crafty but I was unsure if it was secure and have no need anyway, but when the General Petraeus sex scandal made news, it was revealed that he communicated with is lover using this method. Since they are both career CIA officers, I guess it works.

    Read More
    • Replies: @LauraMR
    There is zero safety in that. The drafts are in a server somewhere and therefore available for scrutiny. In other words, "sending" an email is not the security breach. Sending an email simply means that there will be additionally copies in other servers elsewhere.
    , @The Alarmist
    Who do you think owns/has access to the servers on which the drafts reside? You don't think they have a cron-job that frequently looks through every draft-folder to look for anything new and interesting?
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  3. LauraMR says:
    @Carlton Meyer
    I have read about a simpler method. Open a web mail account with yahoo or whoever and share the username/password. Then compose a message and save the draft. Your partner later opens the draft and adds a response, saves draft, and so on. No e-mail is ever sent, so there is nothing to intercept.

    This sounded crafty but I was unsure if it was secure and have no need anyway, but when the General Petraeus sex scandal made news, it was revealed that he communicated with is lover using this method. Since they are both career CIA officers, I guess it works.

    There is zero safety in that. The drafts are in a server somewhere and therefore available for scrutiny. In other words, “sending” an email is not the security breach. Sending an email simply means that there will be additionally copies in other servers elsewhere.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  4. Medieval methods work best. Surround a large building with guards. In the middle of the large internal space place a circle of (inspected) chairs. Meet in a huddle.

    For the poor, nothing beats a walk in the countryside, even a park.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  5. Svigor says:

    CTRL-F for veracrypt, no hits, close window.

    Read More
    • Replies: @Cagey Beast
    Why not tell us about VeraCrypt rather than engage in drive-by snark? Burt Bacharach never wrote a song that said "what the world needs now is snark, nerd snark". That's probably for a good reason.

    By the way, don't bother telling me to "just Google" VeraCrypt; where do you think I got the idea for the jazzy camel case?
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  6. @Carlton Meyer
    I have read about a simpler method. Open a web mail account with yahoo or whoever and share the username/password. Then compose a message and save the draft. Your partner later opens the draft and adds a response, saves draft, and so on. No e-mail is ever sent, so there is nothing to intercept.

    This sounded crafty but I was unsure if it was secure and have no need anyway, but when the General Petraeus sex scandal made news, it was revealed that he communicated with is lover using this method. Since they are both career CIA officers, I guess it works.

    Who do you think owns/has access to the servers on which the drafts reside? You don’t think they have a cron-job that frequently looks through every draft-folder to look for anything new and interesting?

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  7. I descussed this deeply with a electric engineer, who was also kind of a hacker. (He helped me with connecting drivers that I needed)

    For safer communication (and voting) we seem to need a Dedicated trusted computer voting device, and it should be quite crude:

    http://aktivdemokrati.se/forum/viewtopic.php?f=14&t=692

    The reason is the existance of chips in hardware for spying, software spying, trojan horses, but also the commersial operating systems in themselves, as well as corrupted versions of GPL-software.

    We must ask ourselves can all GPL-programmers be trusted, and are their programming always checked?

    The idea that an encryption key SENT OVER THE INTERNET is “safe” because we “can trust you” I find very interesting indeed… Do you trust yourself on that one? In my world safety means exchanging long enough keys in real life, but also trusting the devices we use it with.

    Until we have these devices we probably should have the attitude of that nobody can pull down your pants if you are doing the helicopter with your willy on Youtube!

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  8. Agent76 says:

    If folks truly knew the existent corporations and government will go to have their data profile’s!

    Jun 28, 2016 Fansmitter: Leaking Data from Speakerless Computers (clip #2)

    Fansmitter, introduced by security researcher Mordechai Guri, is a software (malware) that can acoustically exfiltrate data from air-gapped computers, even when audio hardware and speakers are not present.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  9. Agent76 says:

    May 11 2017 NYU ACCIDENTALLY EXPOSED MILITARY CODE-BREAKING COMPUTER PROJECT TO ENTIRE INTERNET

    The supercomputer described in the trove, “WindsorGreen,” was a system designed to excel at the sort of complex mathematics that underlies encryption, the technology that keeps data private, and almost certainly intended for use by the Defense Department’s signals intelligence wing, the National Security Agency.

    https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/

    Jun 7, 2013 William Binney – The Government is Profiling You

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  10. Che Guava says:
    @Karl
    no one here should even need anonymity beyond RonUnz's existing system of "nom de plumes".

    if you are trying to hide a seditionary or etc act, then you are operating in their frame.

    The cultural marxists acted openly and under their real nams. And they had one of the most succesful "revolution" in all of history.

    Copy them.

    Noms des plumes is the correct grammar.

    However, I am to preferring the English-language words, pseudonym.handle, etc, , since this an English-language site.

    The rules are also permitting to post as anonymous or variations on it.

    If you check my history of replies for the last two days, for example, you wil see one from someone calling itself ‘Anon 2′, in the last 36 hours, it was so stupid that it did not cut me up. I would guess that it was from n00b ‘sean’, in response to my replies to his stupid post.
    Not being an Unz mod, and not to having time, but having had time as a mod or admin. on Encyclopaedia Dramatica (the original), would go for Sean and anon 2 to being the same person

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  11. The strategy is to tame ”we$hterns” as possible while in contrast nurture ”minorities” in animosity and hater against whites. So slowly this hater and animosity are becoming more explicit according to which the number of whites decreases. The denouement would be tragic*

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  12. Anon says: • Disclaimer

    It’s been discussed that the CIA and Deep State promoted Abstract Art as ideological weapon during the Cold War.

    When will people discuss the fact that Homomania is now the #1 ideological weapon of Globo-Imperialism in the Gold War.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  13. And the content of your messages is almost irrelevant. GCHQ doesn’t monitor content of UK residents without explicit authority. It hardly needs to.

    It can monitor who you call, when, how often, how long are the calls, your locations, the receiver’s locations, your other contacts, their other contacts. With that much information, the content is almost irrelevant.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  14. Ivy says:

    Re: Peter Principle

    Your discussion of the open-source community level of quality made me wonder if there is a mirror image of the Peter Principle, say, the Paul Principle?

    Read More
    • Replies: @larry lurker
    Kerckhoffs' principle: "The enemy knows the system."

    From Bruce Schneier's Applied Cryptography:

    If I take a letter, lock it in a safe, hide the safe somewhere in New York, and then tell you to read the letter, that's not security. That's obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism - and you still can't open the safe and read the letter, that's security.
     
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  15. DaveE says:

    A great way to keep your cellphone radio-silent is to wrap it in a (2 is better still) metallized mylar potato chip or Doritos bag. (The more silvery looking, the better, in my experience.)

    The cell sites will NOT be able to ask your phone for its ID or give up its location, until you take it out of the bag, of course.

    It’s a great way to take a road trip without the NSA knowing EXACTLY where you are at every point along the way. And generally, you will be able to return your calls when you get home since there will be a record of the calls at your provider, which will come up (in your message box) when the phone is re-enabled.

    Be aware though, once the phone is taken out of the bag, it will register with the local cell sites (i.e. your cover will be blown.)

    Read More
    • Replies: @Willem Hendrik
    Uhh.. ? Leaving your telephone at home will do the same.
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  16. Debian with the ssl bug that quietly existed for years – most likely for spying? That OS? That “community” effort? Which is basically derived from (Redhat) which is the DOD? Pffrt. Most of this is nonsense.

    The NSA has made people their bitch, in the most obvious ways. In the spirit of security then and being a dutiful patriotic bitch – keep posting on social media given to you by the “truth tellers”. They are here to help you right? Tell you all the truthiness because they “were” in the military, and “were” spooks. Keep your iphones close and let your mind do the deep state’s thinking.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  17. @DaveE
    A great way to keep your cellphone radio-silent is to wrap it in a (2 is better still) metallized mylar potato chip or Doritos bag. (The more silvery looking, the better, in my experience.)

    The cell sites will NOT be able to ask your phone for its ID or give up its location, until you take it out of the bag, of course.

    It's a great way to take a road trip without the NSA knowing EXACTLY where you are at every point along the way. And generally, you will be able to return your calls when you get home since there will be a record of the calls at your provider, which will come up (in your message box) when the phone is re-enabled.

    Be aware though, once the phone is taken out of the bag, it will register with the local cell sites (i.e. your cover will be blown.)

    Uhh.. ? Leaving your telephone at home will do the same.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  18. Look at the bright side; If you lost the grocery list your wife gave you, call the NSA and ask them to send you a copy. If your boss denies promising you a raise. Call NSA.
    SAAS ( Spying as a service)

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  19. Cagey Beast says: • Website
    @Svigor
    CTRL-F for veracrypt, no hits, close window.

    Why not tell us about VeraCrypt rather than engage in drive-by snark? Burt Bacharach never wrote a song that said “what the world needs now is snark, nerd snark”. That’s probably for a good reason.

    By the way, don’t bother telling me to “just Google” VeraCrypt; where do you think I got the idea for the jazzy camel case?

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  20. @Ivy
    Re: Peter Principle

    Your discussion of the open-source community level of quality made me wonder if there is a mirror image of the Peter Principle, say, the Paul Principle?

    Kerckhoffs’ principle: “The enemy knows the system.”

    From Bruce Schneier’s Applied Cryptography:

    If I take a letter, lock it in a safe, hide the safe somewhere in New York, and then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world’s best safecrackers can study the locking mechanism – and you still can’t open the safe and read the letter, that’s security.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  21. Eagle Eye says:

    For your emails: Protonmail https://protonmail.com/ (free of charge)

    Free of charge? Paid for by whom?

    As others have pointed out (if not in so many words), 95% of the spying efforts by the NSA and others are directed at traffic analysis, not analyzing the CONTENT of communications. Who contacted whom, when, for how long, etc. can tell you a lot about what is going on, and is very easy and cheap to do on a massive (humanity-wide) scale using existing computer technology.

    The Electronic Frontiers Foundation referred to in the Saker’s piece illustrates the point:

    • They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
    • They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
    • They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.
    • They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion.
    • They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood’s number later that day. But nobody knows what you spoke about.

    https://www.eff.org/deeplinks/2013/06/why-metadata-matters

    In a similar vein, it is said (almost certainly correctly) that Target can spot whether a shopper is pregnant long before she starts buying obvious baby-related stuff.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  22. There is a lot of good relevant info at prism-break.org. The somewhat dated (3yo) guide by Paul Rosenberg available here: https://secure.cryptohippie.com/pubs/CH-OnlinePrivacyGuide.pdf, has many good suggestions too. Ed Snowden has the Qubes OS installed on his computer, there is a similar system called Subgraph, but Qubes may be more mature as a software project.

    Read More
    • Replies: @Cagey Beast
    Qubes OS does look very interesting. I haven't installed it anywhere myself but it looks like it has potential, especially for a business that has to handle files and hardware devices coming in off the street, so to speak. Joanna Rutkowska and others have good presentations on Qubes OS over at YouTube.
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  23. I didn’t know about the phone apps. They look nice. Does anyone trust Android phones? I was sad that the Ubuntu phone failed. I’d like smart phones to be more like PCs where new operating systems can be installed on them. Is “SEL-Debian,” Security Enhanced Linux? The NSA developed that. OpenBSD supposed to be real nice and encrypted. How about systemd? The good thing about open source is that the code is open but does anyone read it?

    Also how can the CPU itself be used to spy on you?

    Read More
    • Replies: @Cagey Beast
    There is CopperheadOS: "A hardened open-source operating system based on Android". I know nothing about it, other than it exists.

    https://copperhead.co/android/
    , @MarkinLA
    Also how can the CPU itself be used to spy on you?

    I have read that the US security agencies were asking Intel to provide a hardware backdoor on their Pentium chips. You could have some special combination of input signals that are not ever normally used that trigger an event like an interrupt in the processor. The original 8086 was microcoded - that is the more complex instructions (like divide) were actually a subroutine of simpler instructions. A similar scheme could be utilized - part of the space normally used for the cache memory could be a subroutine that gets executed on those explicit input signals. There are a lot of ways control of the CPU can be redirected to some function the NSA has hidden in the computer or downloaded to the memory without your knowing.
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  24. Cagey Beast says: • Website
    @Drunken Sailor
    There is a lot of good relevant info at prism-break.org. The somewhat dated (3yo) guide by Paul Rosenberg available here: https://secure.cryptohippie.com/pubs/CH-OnlinePrivacyGuide.pdf, has many good suggestions too. Ed Snowden has the Qubes OS installed on his computer, there is a similar system called Subgraph, but Qubes may be more mature as a software project.

    Qubes OS does look very interesting. I haven’t installed it anywhere myself but it looks like it has potential, especially for a business that has to handle files and hardware devices coming in off the street, so to speak. Joanna Rutkowska and others have good presentations on Qubes OS over at YouTube.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  25. Cagey Beast says: • Website
    @Johnny F. Ive
    I didn't know about the phone apps. They look nice. Does anyone trust Android phones? I was sad that the Ubuntu phone failed. I'd like smart phones to be more like PCs where new operating systems can be installed on them. Is "SEL-Debian," Security Enhanced Linux? The NSA developed that. OpenBSD supposed to be real nice and encrypted. How about systemd? The good thing about open source is that the code is open but does anyone read it?

    Also how can the CPU itself be used to spy on you?

    There is CopperheadOS: “A hardened open-source operating system based on Android”. I know nothing about it, other than it exists.

    https://copperhead.co/android/

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  26. I visited a major branded mens tailors shop at the weekend without buying anything. Now Facebook is presenting their ads to me. Location tracking?

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  27. MarkinLA says:
    @Johnny F. Ive
    I didn't know about the phone apps. They look nice. Does anyone trust Android phones? I was sad that the Ubuntu phone failed. I'd like smart phones to be more like PCs where new operating systems can be installed on them. Is "SEL-Debian," Security Enhanced Linux? The NSA developed that. OpenBSD supposed to be real nice and encrypted. How about systemd? The good thing about open source is that the code is open but does anyone read it?

    Also how can the CPU itself be used to spy on you?

    Also how can the CPU itself be used to spy on you?

    I have read that the US security agencies were asking Intel to provide a hardware backdoor on their Pentium chips. You could have some special combination of input signals that are not ever normally used that trigger an event like an interrupt in the processor. The original 8086 was microcoded – that is the more complex instructions (like divide) were actually a subroutine of simpler instructions. A similar scheme could be utilized – part of the space normally used for the cache memory could be a subroutine that gets executed on those explicit input signals. There are a lot of ways control of the CPU can be redirected to some function the NSA has hidden in the computer or downloaded to the memory without your knowing.

    Read More
    • Replies: @Wes
    It would be interesting for Unz to put the hardware question to The Saker. If one listens to the Joanna Rutkowska presentation on Qubes (thanks, Cagey Beast), she deals with compartmentalizing beyond the chipset. Software, firmware, minor hardware - such as graphics cards, usb, wifi cards - and even servers. But all these things, for most laptops in particular, are now on the same chipset. Ones made by Intel.

    In other words, Intel is the NSA mothership. There's nothing open source about their manufacturing process (https://www.youtube.com/watch?v=rcwngbUrZNg, 18:35 in particular and 22:30 - laptop "zombification" through Intel ME) and the same with ARM chip manufacturing - TSMC and Samsung.

    (Caveat. I'm a technological novice. I don't even 'know enough to be dangerous'! Can someone point me to further reading/watching along these Intel/ARM chip questions?)

    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  28. Wes says:
    @MarkinLA
    Also how can the CPU itself be used to spy on you?

    I have read that the US security agencies were asking Intel to provide a hardware backdoor on their Pentium chips. You could have some special combination of input signals that are not ever normally used that trigger an event like an interrupt in the processor. The original 8086 was microcoded - that is the more complex instructions (like divide) were actually a subroutine of simpler instructions. A similar scheme could be utilized - part of the space normally used for the cache memory could be a subroutine that gets executed on those explicit input signals. There are a lot of ways control of the CPU can be redirected to some function the NSA has hidden in the computer or downloaded to the memory without your knowing.

    It would be interesting for Unz to put the hardware question to The Saker. If one listens to the Joanna Rutkowska presentation on Qubes (thanks, Cagey Beast), she deals with compartmentalizing beyond the chipset. Software, firmware, minor hardware – such as graphics cards, usb, wifi cards – and even servers. But all these things, for most laptops in particular, are now on the same chipset. Ones made by Intel.

    In other words, Intel is the NSA mothership. There’s nothing open source about their manufacturing process (https://www.youtube.com/watch?v=rcwngbUrZNg, 18:35 in particular and 22:30 – laptop “zombification” through Intel ME) and the same with ARM chip manufacturing – TSMC and Samsung.

    (Caveat. I’m a technological novice. I don’t even ‘know enough to be dangerous’! Can someone point me to further reading/watching along these Intel/ARM chip questions?)

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
  29. hyperbola says:

    Well, Switzerland has a decades-long history of successfully helping those wanting encryption.

    The Anti-Empire Report #118

    https://williamblum.org/aer/read/118

    …. For decades, beginning in the 1950s, the Swiss company Crypto AG sold the world’s most sophisticated and secure encryption technology. The firm staked its reputation and the security concerns of its clients on its neutrality in the Cold War or any other war. The purchasing nations, some 120 of them – including prime US intelligence targets such as Iran, Iraq, Libya and Yugoslavia – confident that their communications were protected, sent messages from their capitals to their embassies, military missions, trade offices, and espionage dens around the world, via telex, radio, and fax. And all the while, because of a secret agreement between the company and NSA, these governments might as well have been hand delivering the messages to Washington, uncoded. For their Crypto AG machines had been rigged before being sold to them, so that when they used them the random encryption key could be automatically and clandestinely transmitted along with the enciphered message. NSA analysts could read the messages as easily as they could the morning newspaper.

    In 1986, because of US public statements concerning the La Belle disco bombing in West Berlin, the Libyans began to suspect that something was rotten with Crypto AG’s machines and switched to another Swiss firm, Gretag Data Systems AG. But it appears that NSA had that base covered as well. In 1992, after a series of suspicious circumstances over the previous few years, Iran came to a conclusion similar to Libya’s, and arrested a Crypto AG employee who was in Iran on a business trip. He was eventually ransomed, but the incident became well known and the scam began to unravel in earnest….

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  30. Don’t fool yourself. The end-to-end encryption currently in use on the Internet is flawed in both design and sometimes implementation. Ways to subvert it are numerous – from the various publicly known methods ( various versions of SSL stripping etc etc )
    to known to you know who hardware backdoors to TEMPEST intercepts to the ridiculously easy ( and some more complex ) ways of security certificates forgery. One Time Pad is your best shot at any semblance of secure comms assuming the hardware is secure.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
  31. Ben Frank says:

    Communism joke from Romania:

    Bulă is walking on the street, a box of A4 paper in his hand. A friend stops him:
    - Hey, can you spare a few sheets, I need some for school?
    - Can’t. These are manifestos.
    - But… they’re blank sheets?
    - Nobody needs it spelled out.

    Read More
    ReplyAgree/Disagree/Etc. More... This Commenter Display All Comments
Current Commenter says:

Leave a Reply - Comments on articles more than two weeks old will be judged much more strictly on quality and tone


 Remember My InformationWhy?
 Email Replies to my Comment
Submitted comments become the property of The Unz Review and may be republished elsewhere at the sole discretion of the latter
Subscribe to This Comment Thread via RSS Subscribe to All The Saker Comments via RSS
PastClassics
The evidence is clear — but often ignored
The “war hero” candidate buried information about POWs left behind in Vietnam.
Are elite university admissions based on meritocracy and diversity as claimed?
A simple remedy for income stagnation
Confederate Flag Day, State Capitol, Raleigh, N.C. -- March 3, 2007