Wednesday, June 19, 2013

Hiding your data transmissions from the NSA, Part 3

Part 1 - Sending data without NSA knowing you're sending it.

Part 2 - hiding your metadata.

Mostly we've been discussing web surfing.  Today is about other types of data communications.  Take email, for example.  Email is the "killer app" that made the Internet, a full decade before the web was ever conceived.  Email is hugely important to dinosaurs like me, so what can we do to protect it from prying NSA eyes?

One step is to encrypt it.  Pretty Good Privacy (PGP) was developed for exactly this back in the mid-1990s.  It caused a real stir at the time because the Fed.Gov classified encryption software as a military weapon ("munition") and so it was considered that posting the source on the web was a criminal act.  The First Amendment stink raised here cause the formation of privacy and freedom groups like the Electronic Frontier Foundation.

So PGP and email go together like chocolate and peanut butter.  Enigmail has a nice plugin to the Open Source Thunderbird email client.

You'll want to use something like Thunderbird, rather than a web mail because most of the web mail options are hosted in the United States.  We already know that Google gives up their information to the Fed.Gov, and this includes Gmail email data.  Hushmail is interesting, but is hosted in Canada which is presumably cooperating closely with the US Government.  Your data is likely not safe there.  If you use Thunderbird, you might want to keep that on a hidden bootable USB drive, because your email data is stored locally on your filesystem.  I describe how to do that here.

Mutemail claims to be hosted in a country with "strict privacy laws", but I haven't checked into it. Neomailbox is hosted in Switzerland which is no guarantee, but given the increasing discontent in Europe with the NSA snooping (and in Switzerland in particular due to US pressure to eliminate the Swiss banking secrecy) this seems one of the better bets.

If you use Thunderbird/Enigmail rather than web broswer/SSL, you'll want a Swiss email server.  I don't have any recommendations so far, but a web search will find a number of these.  You may have to pay for them, which is further metadata that the NSA will collect.

No matter what you do for offshore email, you will want to use Tor (for web) or the Thunderbird Torbirdie plugin so that your communications will be more difficult for NSA to track.


Old NFO said...

Good points all, or go back to old school... snail mail, which I'm using more and more of...

Borepatch said...

Old NFO, it seems that the Post Office is photographing the front and back of all first class mail.

Dave H said...

Figures. That must be why I can't mail a card to Canada without putting a return address on it.

Somebody needs to invent reappearing ink. You write the real address on a letter in invisible ink that becomes visible in about 24 hours, and write a bogus address in disappearing ink that vanishes in about the same time.

Jake (formerly Riposte3) said...

As an alternative to a bootable USB drive, you could also use Thunderbird Portable Edition with GPG and Enigmail installed. You may lose a little security compared to running a complete OS off a USB key, but you gain the convenience of not having to shut down and restart the computer you're using, which - aside from being time consuming and inconvenient - can be both obvious and suspicious if you're on a public computer. Just plugging in a USB key and sending some emails, on the other hand, is far from unusual.

Again, you lose some security because you no longer own the OS (keyloggers, etc. are always possible, especially on a publicly accessible computer), but nobody is going to be wondering why you're shutting the computer down, or why your screen looks weird (i.e., "not windows"), either. Plus you can get on, send your messages, and get out much more quickly.