ProPublica: A Buyer's Guide to Safer Communication
This is part two of a two-part series. Here’s part one: Worried about the Mass Surveillance? How to Practice Safer Communication.
"Encryption works." — Edward Snowden
What makes choosing good security tools hard is that despite the news, we don’t know what government agencies like the NSA are really doing on their wiretaps and with their court orders. People in the security community call the NSA the "ultimate adversary," and point to a huge array of ways they could be analyzing and attacking every part of the net and telephony system. They could be able to decrypt everything, and even without breaking encryption, they could be able to look at enough of the internet to determine who is talking to whom just by looking at the timing of conversation. But on the other hand, they might not be able to do any of that, and are trying to project the image of data omniscience to discourage people from even trying to protect their privacy. Parts of the NSA could be pretending to be able to do things it can’t while other parts are doing things more invasive than anyone knows, hidden from oversight. In the end, our questions still exceed our answers, and even the parts we think we know keep changing. The NSA's data collection is a story that will only make sense in hindsight, and we don't know how far from now that perspective is.
While Americans get to have a conversation with their government about whether this is right or wrong, the 95% of the planet the NSA is allowed to surveil without further scrutiny doesn’t get to weigh in at all, nor do the people living in countries whose governments practice widespread Internet surveillance and censorship. That’s billions of people for whom choosing tools for protecting their privacy on the net is simply a question about the technology, not about the law.
The good news is that as we understand more about how surveillance works, it helps the people who create and use secure tools to make better and more informed choices — even if that choice is simply not minding having their data collected.
There are a lot of ways to talk to people securely on the internet, some are purpose-built to enhance your privacy and security. This is by no means an exhaustive list, but it's a place to start.
We'll keep filling out this list over the next few days, so if there's a piece of software you want us to have a look at, mention them in the comments or e-mail them to us at firstname.lastname@example.org.
What does it let you do? Cryptocat is a web-based encrypted text chat for two or more people.
Cryptocat heads up this list of tools because it stands out for good interface and good policies. It's the easiest tool on this list to use, and Cryptocat's creator is transparent about how the software handles your data: It goes through a server run by Cryptocat’s creator, Nadim Kobeissi. Kobeissi wrote a blog post with a table explaining who can see your metadata and messages when you use the service.
To get it, go to crypto.cat, and download the browser plugin. Mac users can also find it as a standalone program in Apple’s App Store. After that, you pick a name for the chatroom and for yourself. Share the chatroom name with whoever you want to talk to, and start chatting. It is hands-down the easiest way to get started with end-to-end encryption, where only you and the person you're talking to can see the message. For more on what end-to-end means, see part one.
What does it replace? Cryptocat replaces unencrypted instant messaging and chatrooms, and has some Facebook- and Google-style group coordination features. It's sometimes the only option when you don’t have the ability to install software on the computer you’re using.
Cryptocat, like all the tools on this list, go through a third party server. This means the communication is more like making a phone call, (which goes through the phone company) than talking on walkie talkies (which go directly to the other party). All of Cryptocat is Open Source, so if you are up for more of a challenge, you can run a server inside your own network, and your Cryptocat chats, in addition to being end-to-end encrypted, never traverse the open Internet.
- An Undocumented Childhood and Bad Hair Days at the Annual School Picture
- Maryam Mirzakhani: "It's like solving a puzzle or connecting the dots in a detective case"
- "Black Boxes" in Passenger Vehicles: Recording Data in the Few Seconds Before An Accident
- Forever Valentine: Surviving the Slings and Arrows of Early Wedlock
- License Plate Readers Spark Privacy, Public Safety Debate
- Teens Online, Mobile Apps and Privacy Concerns: New Pew Internet Reports
- Transportation Security: TSA Could Strengthen Oversight of Allegations of Employee Misconduct
- Internet Pharmacies: Federal Agencies and States Face Challenges Combating Rogue Sites, Particularly Those Abroad
- First Stroke: Gender, Health Ambiguity and Depression
- Isn’t There Any Mystery Left to Being Apart? The Obsession to Keeping in Touch With Those Out of Sight
No feedback yet