Edward Snowden's operational security advice for normal humans


There's no one else on Earth who's more familiar with the surveillance capabilities of governments, spy agencies and criminals who is also willing to discuss those capabilities. Edward Snowden's wide-ranging conversation with the Freedom of the Press Foundation's Micah Lee on operational security for normal people is a must-read for anyone who wants to be safe from identity thieves, stalkers, corrupt governments, police forces, and spy agencies. Read the rest

HOWTO use Tor Messenger, the new, super-secure/private chat app


It's still in beta, but Tor Messenger from the Tor Project has security and privacy baked in by design, and it's the easiest method yet devised to use OTR (Off the Record), the gold standard in secure communications. Read the rest

Sixth grader sells artisanal Diceware passwords


11 year old Mira Modi, daughter of privacy journalist Julia Angwin, has a startup through which she hand-generates secure Diceware passwords for $2, which she mails in sealed letters through the USPS, "which cannot be opened by the government without a search warrant." Read the rest

Laura Poitras's Citizenfour OPSEC

One of the most startling motifs of Citizenfour, Laura Poitras's Academy Award-winning documentary about Edward Snowden, is the use and abuse of cryptographic tools, which are at the center of the NSA's surveillance plans and Snowden's audacious act of whistleblowing. Read the rest

Make yourself doxx-resistant by opting out of data-brokers

It's an incredibly arduous, tedious, and deliberately unfriendly process, but you can, in fact, opt out of the data-brokers that are most commonly used to doxx people, uncovering their home addresses, work details, and so on (but beware, you have to do this on a more-or-less monthly basis to stay out of their databases). Read the rest

Free encryption training workshops in NYC

Tommy writes, "I'm working with Verso Books (which just published Gabriella Coleman's Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous to provide free encryption workshops to groups in NYC." Read the rest

Opsec, Snowden style

Micah Lee, the former EFF staffer whom Edward Snowden reached out to in order to establish secure connections to Glenn Greenwald and Laura Poitras, shares the methodology he and Snowden employed to stay secure and secret in the face of overwhelming risk and scrutiny. Read the rest

Darkmatter: a secure Paranoid Android version that hides from attackers

Stock Android phones with the Darkmatter OS use encrypted storage, OS-level app controls, and secure messaging by default, but if the phone thinks it's under attack, it dismounts all the encrypted stuff and reboots as a stock Android phone with no obvious hints that its owner has anything hidden on it. Read the rest

Journalist believes his phone was hacked by spooks at HOPE X, will upload image for forensics

Douglas writes, "My rooted CyanogenMod phone got hacked at HOPE X. I'm planning to get it write-blocked and imaged to crowdsource forensics." Read the rest

Anti-forensic mobile OS gets your phone to lie for you

In Android Anti-forensics: Modifying CyanogenMod Karl-Johan Karlsson and William Bradley Glisson present a version of the Cyanogenmod alternate operating system for Android devices, modified so that it generates plausible false data to foil forensic analysis by law enforcement. The idea is to create a mobile phone that "lies" for you so that adversaries who coerce you into letting them take a copy of its data can't find out where you've been, who you've been talking to, or what you've been talking about.

I'm interested in this project but wonder about how to make it practical for daily use. Presently, it maintains a hidden set of true data, and a trick set of false data intended to be fetched by forensic tools. Presumably, this only works until the forensic tools are modified to spot the real data. But you can conceptually imagine a phone that maintains a normal address book and SMS history, etc -- all the things that are useful to have in daily use -- but that, on a certain signal (say, when an alternate unlock code is entered, or after a certain number of failed unlock attempts) scrubs all that and replaces it with plausible deniability data.

Obviously, this kind of thing doesn't work against state-level actors who can subpoena (or coerce) your location data and call history from your carrier, but those people don't need to seize your phone in the first place. Read the rest