ProPublica: A Buyer's Guide to Safer Communication
This is part two of a two-part series. Here’s part one: Worried about the Mass Surveillance? How to Practice Safer Communication.
"Encryption works." — Edward Snowden
What makes choosing good security tools hard is that despite the news, we don’t know what government agencies like the NSA are really doing on their wiretaps and with their court orders. People in the security community call the NSA the "ultimate adversary," and point to a huge array of ways they could be analyzing and attacking every part of the net and telephony system. They could be able to decrypt everything, and even without breaking encryption, they could be able to look at enough of the internet to determine who is talking to whom just by looking at the timing of conversation. But on the other hand, they might not be able to do any of that, and are trying to project the image of data omniscience to discourage people from even trying to protect their privacy. Parts of the NSA could be pretending to be able to do things it can’t while other parts are doing things more invasive than anyone knows, hidden from oversight. In the end, our questions still exceed our answers, and even the parts we think we know keep changing. The NSA's data collection is a story that will only make sense in hindsight, and we don't know how far from now that perspective is.
While Americans get to have a conversation with their government about whether this is right or wrong, the 95% of the planet the NSA is allowed to surveil without further scrutiny doesn’t get to weigh in at all, nor do the people living in countries whose governments practice widespread Internet surveillance and censorship. That’s billions of people for whom choosing tools for protecting their privacy on the net is simply a question about the technology, not about the law.
The good news is that as we understand more about how surveillance works, it helps the people who create and use secure tools to make better and more informed choices — even if that choice is simply not minding having their data collected.
There are a lot of ways to talk to people securely on the internet, some are purpose-built to enhance your privacy and security. This is by no means an exhaustive list, but it's a place to start.
We'll keep filling out this list over the next few days, so if there's a piece of software you want us to have a look at, mention them in the comments or e-mail them to us at opensource@propublica.org.
Cryptocat
What does it let you do? Cryptocat is a web-based encrypted text chat for two or more people.
Cryptocat heads up this list of tools because it stands out for good interface and good policies. It's the easiest tool on this list to use, and Cryptocat's creator is transparent about how the software handles your data: It goes through a server run by Cryptocat’s creator, Nadim Kobeissi. Kobeissi wrote a blog post with a table explaining who can see your metadata and messages when you use the service.
To get it, go to crypto.cat, and download the browser plugin. Mac users can also find it as a standalone program in Apple’s App Store. After that, you pick a name for the chatroom and for yourself. Share the chatroom name with whoever you want to talk to, and start chatting. It is hands-down the easiest way to get started with end-to-end encryption, where only you and the person you're talking to can see the message. For more on what end-to-end means, see part one.
What does it replace? Cryptocat replaces unencrypted instant messaging and chatrooms, and has some Facebook- and Google-style group coordination features. It's sometimes the only option when you don’t have the ability to install software on the computer you’re using.
Cryptocat, like all the tools on this list, go through a third party server. This means the communication is more like making a phone call, (which goes through the phone company) than talking on walkie talkies (which go directly to the other party). All of Cryptocat is Open Source, so if you are up for more of a challenge, you can run a server inside your own network, and your Cryptocat chats, in addition to being end-to-end encrypted, never traverse the open Internet.
More Articles
- Government Accountability Office Findings - Antibiotic Resistance: Federal Agencies Have Taken Steps to Combat the Threat, But Additional Actions Needed
- Rose Madeline Mula Writes: I’ve Got A Secret – NOT!
- Jo Freeman Reviews: Mythologies of State and Monopoly Power by Michael E. Tigar
- PBS' Frontline Online: How Amazon Convinced Millions of People to Welcome “Listening Devices” Into Their Homes
- England's Information Commissioner's Office, Publishes Code to Protect Children’s Privacy Online: "We need our laws to protect children in the digital world too”
- Opening Statement of Marie L. Yovanovitch to the House of Representatives Permanent Select Committee on Intelligence, Committee on Foreign Affairs, & Committee on Oversight and Reform October 11, 2019
- If You Have Any Variety of Smart Beds, Sleep Apps Or Mattress Pads, They Know When You Sleep, Toss and Turn and May Be Able to Tell When You're Having Sex
- GAO: A Comprehensive Re-evaluation Needed to Better Promote Future Retirement Security
- Are Border Walls Necessary? What the Research Says About Them
- Document: SECDEF Mattis’ Resignation Letter