Risk
6/12/2013
12:59 PM
50%
50%

7 Tips To Avoid NSA Digital Dragnet

These apps will keep your cell phone calls under wraps -- if the NSA hasn't already found a way to break them.

3. Silent Circle, For Encrypted Voice, Email And More.

Silent Circle is a relatively new and well-reviewed service for providing encrypted voice communications domestically. In the wake of the Prism scandal and "massive demand," the company announced that it's dropped the price of its annual subscription package for four services: encrypted mobile calls, encrypted text messaging, encrypted VoIP audio and video calls, and encrypted email. The company says it's been independently audited to ensure there are no backdoors for eavesdropping on service users.

One caveat with the service, however, is that for communications to remain fully encrypted in transit, they must be made between two Silent Circle subscribers. Still, that might appeal to businesses or activists worried about their communications being intercepted, or the identity of people they're speaking with tracked.

4. Redphone, For Secure Android Calls, Texts.

Android users, meanwhile, can get secure voice calls and texts via open source software from WhisperSystems. Redphone enables encrypted calling between two devices that use the software. TextSecure encrypts texts. Both applications have been audited to ensure they don't contain backdoors. As with Silent Circle, one caveat is that people on both sides of the conversation must be using the software.

5. PGP, For Data Encryption.

What else is possible? PGP -- or its open source equivalent GPG -- can be used to encrypt data and emails, but many people find it difficult to use. Notably, Snowden had to send a homemade video to Greenwald, showing him how to set it up.

6. Power Down Your Phone.

Mobile phone users can pull a Jason Bourne and remove the battery from their cell phone when they're not using it, thus preventing the device from pinging cell towers and revealing their approximate location. But as soon as you put the battery back in, you'll be trackable again, because the network has to reach your phone to provide voice and data services.

As Christopher Soghoian, principal technologist and senior policy analyst for the ACLU's Speech, Privacy and Technology Project, told the Post, "The laws of physics will not let you hide your location from the phone company."

7. Expect Metadata To Be Captured.

For any unencrypted call made using your cellphone, the metadata can be -- and probably is being -- intercepted. From an intelligence standpoint, metadata is a goldmine: one Nature study suggests that by cross-referencing "human mobility" metadata, only four location points -- involving location and time -- are required to uniquely identify someone 95% of the time.

In other words, there's no way to use a mobile phone and avoid metadata capture.

The services detailed above, however, will at least encrypt your communications, avoiding capture via programs such as Prism. That said, they carry usability caveats, as well as integrity worries: what if the NSA's cryptographic capabilities already allow it to successfully defeat those services, or it's found an exploitable vulnerability that accomplishes the same result?

Then again, if you think about these things too much, you might want to join the tinfoil hat crowd. At a certain point, anyone who opts for encrypted communications will have to trust in the available, audited tools.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
6/14/2013 | 8:48:02 AM
re: 7 Tips To Avoid NSA Digital Dragnet
More good advice (besides VPN): "Figure out what you are trying to protect (and from whom), separate it from everything else, and then select tools, techniques and procedures that will enable you to protect it."
http://grugq.github.io/blog/20...
Mathew
50%
50%
Mathew,
User Rank: Apprentice
6/14/2013 | 8:46:33 AM
re: 7 Tips To Avoid NSA Digital Dragnet
I don't know, but you'd imagine they'd have taken care of landlines ages ago.
HildyJ
50%
50%
HildyJ,
User Rank: Apprentice
6/13/2013 | 3:46:01 PM
re: 7 Tips To Avoid NSA Digital Dragnet
If you are truly concerned, buy a prepaid phone that can be refilled with cards available at a grocery store. Use cash. Then keep the battery out and don't use it from your home or office. Add this to the Information Week tips and you should be reasonably safe.

Broad surveillance like the NSA's is best at catching stupid people. The kind that would email an al-Qaeda website and ask how to join.
Terabyte Net
50%
50%
Terabyte Net,
User Rank: Apprentice
6/13/2013 | 12:35:39 PM
re: 7 Tips To Avoid NSA Digital Dragnet
Taking the battery out is nice but some of the most popular phones do not allow that any more, say iPhone, Razr, etc... Wonder if Apple and Motorola are working with the Feds on phone design? Just sayin'...
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.