May 15, 2014 | Anonymous, Leaks, News, Video
- Snowden made video to teach reporter how to speak with him securely
- It explains how to use Public Key Encryption to scramble online messages
- Privacy campaigners call on ordinary people to learn how to use the method
Whistleblower: The tutorial Edward Snowden made for reporters on to avoid NSA email surveillance has been made public for the first time
Ordinary people must learn to scramble their emails, privacy campaigners said today, as an encryption how-to video made by Edward Snowden was made public for the first time.
The former NSA employee who blew the whistle on the agency’s all-pervasive online surveillance made the video to teach reporters how to communicate with him in secret.
The 12-minute clip, in which Mr Snowden has used software to distort his voiceover, explains how to use free software to scramble messages using a technique called Public Key Encryption (PKE).
The video’s description on Vimeo says: ‘By following these instructions, you’ll allow any potential source in the world to send you a powerfully encrypted message that ONLY YOU can read even if the two of you have never met or exchanged contact information.’
Mr Snowden made the video last year for Glenn Greenwald in an effort to get the then-Guardian reporter to communicate securely with him online so he could send over documents he wanted to leak.
Viewers may find the video difficult to follow. Mr Greenwald himself admitted he wasn’t able to finish it. It took him seven weeks and help from experts to finally gather the expertise to get back to Snowden.
The video’s publication comes as more and more internet users are adopting encryption techniques after the alarm caused by Mr Snowden’s revelations about communications surveillance.
He leaked documents which showed the NSA and its UK counterpart GCHQ were able to spy on virtually anybody’s communications and internet usage, monitor social network activity in real time, and track and record the locations of billions of mobile devices.
There was outrage when it emerged that, contrary to promises the NSA made to Congress, these technologies were being used to track U.S. citizens without warrants and to tap the communications of leaders of allied countries.
One answer to the risks to freedom that such surveillance pose is to scramble online communications so that government agencies can no longer eavesdrop at will.
However, the encryption technologies currently available can be difficult to use and privacy activists have called on internet companies to include them in their products at the source.
Meanwhile, the campaign to end blanket surveillance continues as experts warn encryption tools are unlikely to make their way into the mainstream while internet firms continue to make their profits on the back of users’ personal information.
Scroll down for video
How-to guide: The video begins with a basic outline of the theory behind Public Key Encryption. It is voiced over by Mr Snowden, who has disguised his voice to avoid detection by NSA or GCHQ spies
Detailed: The video then explains how to use a free program called GPG4Win to scramble messages using Public Key Encryption then send them over Tor, software that allows people to use the internet anonymously
In Mr Snowden’s video, he explains how traditional emails are sent as plain text – unencrypted by default – across the internet, allowing anyone able to intercept them to easily read their contents.
‘Any router you cross could be monitored by an intelligence agency or other adversary [such as] a random hacker. So could any end points on the way there, a mail server or a service provider such as Gmail.
‘If the journalist uses a web mail service personally or its provisioned by their company, the plain text could always be retrieved later on via a subpoena or some other mechanism, legal or illegal, instead of catching it during transit. So that’s doubly dangerous
‘The solution to that is to actually encrypt the message. Now one of the problems with encryption typically is that it requires a shared secret, a form of key or password that goes between the journalist and the source.
‘But if the source sends an encypted file across the internet to the journalist and says “Hey, here’s an encrypted file. The passwork is cheesecake,” the internet is going to know the password is cheesecake.
‘But public key encryption such as GPG allows the journalist to publish a key that anyone can have based on the design of the algorithm, and it doesn’t provide any advantage to the adversary.’
The video goes on to specifically explain how to use a free program called GPG4Win to scramble messages using Public Key Encryption then send them over Tor, a piece of software that allows people to use the internet anonymously.
It’s lessons, as well as help from experts, allowed Mr Greenwald to communicate securely with Mr Snowden to publish what has since been called the most significant leak in U.S. history. It has been made public to coincide with the release of Mr Greenwald’s book, No Place To Hide, in which he tells the story of the scoop.
Privacy campaigners told MailOnline today that all internet users should be now using encryption technology to preserve their privacy and maintain freedom of speech in the face of government spying.
Javier Ruiz, director of policy at the Open Rights Group, said: ‘Emails are like postcards and encryption is a tamper-proof envelope.
‘It’s probably obvious that journalists, MPs, doctors, lawyers or anyone transmitting confidential information online should always encrypt their emails to keep that information secure.
http://youtu.be/jo0L2m6OjLA
‘But since the Snowden revelations, more and more ordinary citizens are adopting encryption software to help keep their emails private.
‘If encryption is to be used on a mass scale, it will require companies like Google, Apple and Microsoft to embed encryption in their tools.’
But TK Keanini, chief technology officer at internet security firm Lancope, said that it was unlikely that major internet companies would begin including encryption functions in their services as standard.
‘PGP and similar programs are just too complicated for the masses,’ he said. ‘Managing key pairs, understanding revocation and all that stuff is too complicated for most, and thus adoption over the past 20 years has been limited to the highly technical – the uber geeks.
‘Now, if a service like gmail.com had an option in there to perform digital signing and encryption in a way that most people could use it, that would have a huge impact; but it will never happen because Google and other ‘free’ services make their money on the fact that your data is in the clear and they can use it to market services to you.
‘People need to understand that when people offer free services, you and your information are the payment.’
‘While people can use technology to empower themselves, we must also challenge the policies of Government and intelligence agencies to end the unlawful mass surveillance of people around the world’
Mike Rispoli, a spokesman for Privacy International, echoed those sentiments, but added that there needs to be more pressure on government to stop them from snooping on the private lives of ordinary people.
‘It is critical that people use all technology at their disposal to keep their communications private and secure,’ he said.
‘We should all support the creation and widespread use of these tools. Ultimately, however, people should never have to do more or go to extra lengths to protect their rights.
‘This is why we need political, legal, as well as technological, solutions to ensure that our privacy rights are protected.
‘While people can use technology to empower themselves, we must also challenge the policies of Government and intelligence agencies to end the unlawful mass surveillance of people around the world.’
By DAMIEN GAYLE
via Dailymail.co.uk
Oct 13, 2012 | Anonymous, Survivalism
Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user’s real IP/location.
Whonix consists of two machines, which are connected through an isolated network. One machine acts as the client or Whonix-Workstation, the other as a proxy or Whonix-Gateway, which will route all of the Whonix-Workstation’s traffic through Tor. This setup can be implemented either through virtualization and/or Physical Isolation.
Whonix advantages:
- All applications, including those, which do not support proxy settings, will automatically be routed through Tor.
- Installation of any software package possible.
- Safe hosting of Hidden services possible.
- Protection against side channel attacks, no IP or DNS leaks possible^3^ To test for leaks, see LeakTests.
- Advantage over Live CD’s: Tor’s data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save it’s Entry Guards.
- Java / JavaScript / flash / Browser Plugins / misconfigured applications cannot leak your real external IP.
- Whonix does even protect against root exploits (Malware with root rights) on the Workstation.
- Uses only Free Software.
- Building Whonix from source is easy.
- Tor+Vidalia and Tor Browser are not running inside the same machine. That means that for example an exploit in the browser can’t affect the integrity of the Tor process.
- It is possible to use Whonix setup in conjunction with VPNs, ssh and other proxies. But see Tor plus VPN/proxies Warning. Everything possible, as first chain or last chain, or both.
- Loads of Optional Configurations (additional features / Add-Ons) available.
- Best possible Protocol-Leak-Protection and Fingerprinting-Protection.
Jan 15, 2012 | Activism, Anonymous
Richard Stallman Was Right All Along:
Late last year, president Obama signed a law that makes it possible to indefinitely detain terrorist suspects without any form of trial or due process. Peaceful protesters in Occupy movements all over the world have been labelled as terrorists by the authorities. Initiatives like SOPA promote diligent monitoring of communication channels. Thirty years ago, when Richard Stallman launched the GNU project, and during the three decades that followed, his sometimes extreme views and peculiar antics were ridiculed and disregarded as paranoia – but here we are, 2012, and his once paranoid what-ifs have become reality.
Up until relatively recently, it’s been easy to dismiss Richard Stallman as a paranoid fanatic, someone who lost touch with reality long ago. A sort of perpetual computer hippie, the perfect personification of the archetype of the unworldly basement-dwelling computer nerd. His beard, his hair, his outfits – in our visual world, it’s simply too easy to dismiss him.
His views have always been extreme. His only computer is a Lemote Yeelong netbook, because it’s the only computer which uses only Free software – no firmware blobs, no proprietary BIOS; it’s all Free. He also refuses to own a mobile phone, because they’re too easy to track; until there’s a mobile phone equivalent of the Yeelong, Stallman doesn’t want one. Generally, all software should be Free. Or, as the Free Software Foundation puts it:
As our society grows more dependent on computers, the software we run is of critical importance to securing the future of a free society. Free software is about having control over the technology we use in our homes, schools and businesses, where computers work for our individual and communal benefit, not for proprietary software companies or governments who might seek to restrict and monitor us.
I, too, disregarded Stallman as way too extreme. Free software to combat controlling and spying governments? Evil corporations out to take over the world? Software as a tool to monitor private communication channels? Right. Surely, Free and open source software is important, and I choose it whenever functional equivalence with proprietary solutions is reached, but that Stallman/FSF nonsense is way out there.
But here we are, at the start of 2012. Obama signed the NDAA for 2012, making it possible for American citizens to be detained indefinitely without any form of trial or due process, only because they are terrorist suspects. At the same time, we have SOPA, which, if passed, would enact a system in which websites can be taken off the web, again without any form of trial or due process, while also enabling the monitoring of internet traffic. Combine this with how the authorities labelled the Occupy movements – namely, as terrorists – and you can see where this is going.
In case all this reminds you of China and similarly totalitarian regimes, you’re not alone. Even the Motion Picture Association of America, the MPAA, proudly proclaims that what works for China, Syria, Iran, and others, should work for the US. China’s Great Firewall and similar filtering systems are glorified as workable solutions in what is supposed to be the free world.
The crux of the matter here is that unlike the days of yore, where repressive regimes needed elaborate networks of secret police and informants to monitor communication, all they need now is control over the software and hardware we use. Our desktops, laptops, tablets, smartphones, and all manner of devices play a role in virtually all of our communication. Think you’re in the clear when communicating face-to-face? Think again. How did you arrange the meet-up? Over the phone? The web? And what do you have in your pocket or bag, always connected to the network?
This is what Stallman has been warning us about all these years – and most of us, including myself, never really took him seriously. However, as the world changes, the importance of the ability to check what the code in your devices is doing – by someone else in case you lack the skills – becomes increasingly apparent. If we lose the ability to check what our own computers are doing, we’re boned.
That’s the very core of the Free Software Foundation’s and Stallman’s beliefs: that proprietary software takes control away from the user, which can lead to disastrous consequences, especially now that we rely on computers for virtually everything we do. The fact that Stallman foresaw this almost three decades ago is remarkable, and vindicates his activism. It justifies 30 years of Free Software Foundation.
And, in 2012, we’re probably going to need Free and open source software more than ever before. At the Chaos Computer Congress in Berlin late last year, Cory Doctorow held a presentation titled “The Coming War on General Purpose Computation“. In it, Doctorow warns that the general purpose computer, and more specifically, user control over general purpose computers, is perceived as a threat to the establishment. The copyright wars? Nothing but a prelude to the real war.
“As a member of the Walkman generation, I have made peace with the fact that I will require a hearing aid long before I die, and of course, it won’t be a hearing aid, it will be a computer I put in my body,” Doctorow explains, “So when I get into a car – a computer I put my body into – with my hearing aid – a computer I put inside my body – I want to know that these technologies are not designed to keep secrets from me, and to prevent me from terminating processes on them that work against my interests.”
And this is really the gist of it all. With computers taking care of things like hearing, driving, and more, we really can’t afford to be locked out of them. We need to be able to peek inside of them and see what they’re doing, to ensure we’re not being monitored, filtered, or whatever. Only a short while ago I would’ve declared this as pure paranoia – but with all that’s been going on recently, it’s no longer paranoia. It’s reality.
“Freedom in the future will require us to have the capacity to monitor our devices and set meaningful policy on them, to examine and terminate the processes that run on them, to maintain them as honest servants to our will, and not as traitors and spies working for criminals, thugs, and control freaks,” Doctorow warns, “And we haven’t lost yet, but we have to win the copyright wars to keep the Internet and the PC free and open. Because these are the materiel in the wars that are to come, we won’t be able to fight on without them.”
This is why you should support Android (not Google, but Android), even if you prefer the iPhone. This is why you should support Linux, even if you use Windows. This is why you should support Apache, even if you run IIS. There’s going to be a point where being Free/open is no longer a fun perk, but a necessity.
And that point is approaching fast.
SOURCE by Thom Holwerda on Mon 2nd Jan 2012 19:12 UTC
