Help protest the NSA by send me a private e-mail. Every private email I get costs the NSA money to store and index (and possibly attempt to decrypt). Sending a private email may be harder than you think. The most critical parts of sending a private email are found in steps 9 and 10 (though I highly recommend step 1). The other steps in this diary are designed to make it harder and more costly for the NSA to track you on-line. While the NSA has a large budget, it is not limitless. If enough people take steps to make it harder and more expensive to track them, eventually the government will have to decide between dragnet surveillance and dealing with real threats.
More info on securing your information can be found at https://prism-break.org/
Note: A copy of the 4th Amendment has been encoded in the above logo with steghide. The passphrase is 1776. For more on steganography see https://en.wikipedia.org/...
Step 1: Scan your computer
There is no point trying to hide from the NSA if third party malware is recording your every move. Not only are you giving information to a cybercriminal, but the NSA is likely also intercepting the feed. To sweep your computer for malware download and run these two programs:
a. Malware Bytes, http://download.cnet.com/...
Malware Bytes is a well-respected anti-virus program. Running the free version is fairly standard for removing malware from your computer.
Spybot Search and Destory: http://www.safer-networking.org/...
You will be appalled at how many different ways you are being tracked online. This program can squash a bunch of them.
Step 2: Secure You Brower
Microsoft gives the NSA advance notice of security holes so that the NSA can exploit them. Citation. Apple, probably, does the same. Convincing you to install Linux is outside the scope of this protest. At the same time, it would be best not to use a browser based on proprietary software from a company known to collaborate with the NSA.
Download Firefox: https://www.mozilla.org/...
Now turn cookies off. Go to Firefox
>Options
>Options=>Privacy. Click on Tell Sites that I Do Not Want to Be Tracked. In the history box turn on Always Use Private Browsing Mode. Uncheck the accept cookies box. Next go to exceptions and set up a list of sites that your regularly log into. Note: For greater privacy I recommend having nothing to do with Facebook. Finally set location bar suggestions to nothing.
Now go to Show Cookies and delete any cookies that may currently be in your browser.
Step 3: Secure Your Search Engines
Every time you run a google search, google stores the search term you used as well as your IP address. If you are logged into a google account it stores the search terms against your account info. Citation. The NSA can access this data through the PRISM program. To get around this set up your browser to use search engines that do not log your activities.
In Firefox click on the search engine box and select manage search engines. Click on get more search engines. Add the following search engines
Ixquick HTTPS Privacy Search Engine
DuckDuckGo (HTTPS/SSL)
Startpage HTTPS Privacy Search Engine
The last runs google searches through a proxy, meaning that you can still use google without giving up your private information.
Now go back to manage search engines and remove google, yahoo and bing. This will keep you for accidentally selecting an insecure search engine (if you really need to use these sites you can always type in the URL). Also change your homepage from google!
Step 4: Install Secure Addons for your browser
The NSA is, most likely, buying information about you from internet marketers. In order to insure privacy we need to limit the amount of data marketers can get. To do so you will need to download the following addons for firefox.
Adblock Edge:
https://addons.mozilla.org/... When an advertiser displays a graphic to you, the advertiser logs your IP address. Block the ads and you end the logging. (Note you may want to turn ads on for the DailyKos to help support the site).
Disconnect: https://disconnect.me/ You know those little post on facebook, twitter, ect buttons? Yep they’re tracking you. Disconnect turns them, and a number of web metric gathering tools, off. Disconnect also lets you, temporarily, turn “post to” back on if there is something you’d like to share. Ghostery, a popular addon using proprietary (though published) code, also does the same thing.
HTTPS Everywhere: https://www.eff.org/... Well, not really everywhere. HTTPS is one of several encrypted protocols used on the web. Many sites don’t use HTTPS unless you ask for it. HTTPS Everywhere asks. If you are browsing a site that is configured for HTTPS all somebody (like the NSA) spying on you is going to see is a stream of encrypted data. The NSA can, probably, decrypt HTTPS. Decryption costs money (in the form of electricity and server time). By using HTTPS everywhere you are increasing the NSAs monitoring costs. . Not all sites are setup for HTTPS. The DailyKos, to give one example, does not use it.
BetterPrivacy: http://betterprivacy.en.softonic.com/ This blocks a class of cookies called locally shared objects (a.k.a. supercookies). This is a form of cookie, bordering on malware, that creates a special file on your computer to track you. Simply telling your browser not to accept cookies will not do anything for LSOs.
NoScript: http://noscript.net/ JavaScript can be exploited both to reveal your identity and execute malicious code on your computer. Turning Java off can leave you unable to fully access many websites (including DailyKos and HuffPo). This plugin disables Java then lets you allow it on a site by site basis.
Step 5: Secure Your Passwords
Let me guess, you have maybe three or four passwords that you use for all of your on-line activity. The NSA has requested copies of all users passwords from major internet providers. Citation.If the NSA knows your passwords they can login as you (with the bonus that logging in as you on otner services confirms the identity of the account). They may also be able to correlate your passwords as a way to fingerprint your digital activities (a user with the same password on site a and site b might be the same user). To stop this you will need a random password for the email you are about to send me (and optimally for each website that use a password). You will also want the software to remember the password for you. To download an open source program that will do this go to:
http://keepass.info/...
Keypass creates a database and encrypted database. You can download keepass for your system and put a copy of your password database on it. There is software to run a keepass database on iOS or Android. KeePass can be downloaded either to your computer or, for the windows version, set to run from a USB stick. (If you are using version 2.x you made need to go to file=>export and export a 1.x file for use on Android/Linux/MacOS).
Go to File=>New. Navigate to your KeePass folder and create a database with whatever name you want. For a master password: use a password that you can remember.
Click on Key file. A key file is a randomly generated encryption key. It lives on disk (normally a USB stick) and harder to guess than a password. A password is security based on what you know, a key file is security based on what you have. By putting a key file on a USB thumb drive you are creating a physical key that is needed to access your passwords. By also setting a password you are insuring that somebody needs both a thing, and knowledge to reach your passwords.
Select eMail and go to the add entry tab. Go to the generate random password key on the side. Set to create a 20 character password. Make sure Uppercase, lowercase, numbers and special characters are checked, and nothing else. Click collect additional entropy. A panel will come up to generate random characters through mouse movements. Swing your mouse around for about a minute until you have 256 bits. Now hit OK, go back to add entry and hit OK.
Once you are back to the main database page hit CTRL-S!!! KeePass does not default to automatically saving entries. Don’t be like me and lose your DKos password because you forgot to save.
Remember to backup your KeePass database and key file!!! I would suggest one backup in your desk at home, and another in a safe deposit box. If you lose your key file you will not be able to access the database again.
Step 6: Secure your metadata
There really isn’t a good way to do this. Without a warrant the government can force your ISP to tell them what IP addresses you connected with, when, and how much data was transferred. Citation. The NSA knows that you opened a VPN or Tor connection, when data was transferred and how much data was transferred. If the exit node you use is being watched, it becomes relatively simple to look for the exit node to go out onto the net and do something with a similar amount of data as you sent to it.
If neither Tor nor VPN is going to work why use them? Even though the NSA can figure out who you are and what you are doing, it will cost them at least a minimum amount of time and effort to do so. This protest aims at increasing the monetary cost of NSA monitoring. Using TOR or VPN increases the amount of encryption on the network. The more encryption on the network, the more expensive dragnet surveillance becomes.
Tor: Tor is a free volunteer network. Tor takes your data, encrypts it, bounces it around a number of Tor nodes before sending it out onto the internet from an exit nodes. Exit nodes are volunteers. An exit node sees data without the encryption the Tor network puts on it. The exit nodes could be run by the NSA, or it could be run by somebody trying to skim the credit card numbers. If the page you are looking at isn’t encrypted with HTTPS (or some other means of encryption) the exit node can easily watch everything you are doing. Banks and the like tend to block requests for Tor exit nodes as a matter of course.
VPN: An anonymous VPN is basically a second ISP that you connect to through an encrypted connection. This ISP promises not to log any of your data. Unless you use bitcoin or other form of anonymous payment, your credit card records tells the NSA which VPN provider you are using, The NSA only has to look for a VPN connection in your area to that VPN provider to have a fairly good idea exactly who has connected. On the plus side you can fairly safely use a
VPN for all of your online needs. Many modern wireless routers can be configured to pass all connections through a VPN. Setting up a VPN and leaving it up is a way of easily generating encrypted traffic. With VPN everything you do on-line costs the NSA money!
If you would like to use Tor download the Tor Browser from: http://tor-browser.com/
If you would like to use VPN pick a VPN provider that uses OpenVPN, is not based in the US, UK, Canada, Australia, New Zealand, France or Germany and doesn’t log. The European Union requires mandatory data retention, though it is unclear how many VPN providers comply. Swedish law allows there version of the NSA to monitor all foreign traffic (including your VPN connection). Citation.
A list of VPN providers that do not log can be found at: https://torrentfreak.com/... AirVPN has a good reputation and does not consider EU data retention laws to apply to Italian VPNs. English is not the site operators’ native language.
Neither Tor nor VPN is required to complete this protest.
Step 7a: (Fail To) Obtain Pseudonymous E-Mail account with Tor
I have bad news. I haven’t been able to find a free e-mail provider that will let you sign up for an account while running Tor. The Irish government has recently shutdown Tor mail. The operator running it is facing extradition to the US on child porn charges. Citation. The operator's company was providing hosting services within the Tor network for sites apparently offering child pornography. Criminal charges are probably appropriate. Still, this puts every ISP on notice that the US Government will go after them if they offer anonymous email to Tor users. To get an email address you are going to need to turn off Tor. (Note, I haven't tried to sign up to Yandex with Tor, I only found the site when my first choice service was shut down).
Step 7b: Obtains Pseudonymous E-Mail with VPN
Unlike Tor, VPN is, probably, not blocked. Proceed to Step 8.
Step 8: Get an email address
PRISM allows the NSA to request that your email provider hands over copies of your mail. If you do not use a collaborating e-mail service the NSA can still intercept your e-mail off the wire. Citation. By using a non-collaborating you force the NSA to go search the haystack for your data, instead of simply having it handed over to them.
Go to https://lavabit.com/ and sign up for a free email address. Lavabit has refused to collaborate with the NSA and has shut down: https://lavabit.com/
Go to www.yandex.com. Yandex is a search engine based out of Russian. It offers free email service. Russian intelligence might be listening in, but it is unlikely Yandex is cooperating with the NSA. Yandex is not likely to turn over your documents to the NSA to turn over to the DEA or other law enforcement agencies. Citation. If you do not want to use Yandex, a list of popular email providers is available at https://en.wikipedia.org/.... Look for a provider that uses SSL (and HTTPS if you will be checking your email on the web) and offers either or both POP and IMAP access.
Yandex requires a cellphone number to set up. If you feel so inclined, you can give them a number from a prepaid phone that you purchased with cash. Allow scripts from www.yandex.com, allow cookies (session only) from yandex. Hit mail and sign up for a free email account.
Step 9: Download Email Client and Encryption Software
The NSA has gone out of its way to obtain access to encrypted e-mail. Citation. Most likely, the NSA can decrypt encrypted email. I have heard some estimates that, using quantum computing, they can decrypt a GPG encrypted email that used a 2kb key in one to ten days. That means that all a multi-million (billion?) dollar quantum computer is doing for one to ten days is try to decrypt your email.
To setup email encryption download these programs:
Mozilla Thunderbird: https://www.mozilla.org/...
GNU Privacy Guard: http://gpg4win.org/(PC) or https://gpgtools.org/ (Mac)
(Install both Thunderbird and GNU Privacy Guard)
Start Thunderbird. Go to create account. When prompted enter your
lavabit Yankex account information. Next click on the three bars in the upper right corner. Go to addons and search for enigmail.
Restart thunderbird. Now go to square again. This time you should see a new menu item that says Open PGP. Click on it and go to setup wizard. Click through until the wizard asks you to set up as passphrase. PGP encryption works by creating a public and private key. A public key is the answer to a horribly complex math problem, a private key is the initial value. A public key is used to encrypt messages, a private key to decrypt them. Instead of storing your private key in plain text on your computer, GPG encrypts it with a symmetrical key. A symmetrical key uses the same information to encrypt and decrypt. Symmetrical keys can be shorter than public/private keys as you are not giving out information about the key in public.
Do not use KeePass to generate your passphrase on Windows 8! Windows 8 does not allow you to paste data into later request for passphrase boxes. Unfortunately, this means you are stuck using relatively insecure passphrases like Victoria!021484 instead of KeePass passwords like
b-2$YQ_%!i~nZ,XLa.qX)AG*g^SaXF8/,m62'Fn. The first uses a name, a date, and “!” the most common special character. A desktop computer with the right software can, I have beent told, crack it in about seven minutes. Without using quantum computing, the password generated by KeePass is not crackable by brute force before the heat death of the universe on any system. Not being able to cut and paste into the passphrase box is one reason you might want to switch to Linux or other Open Source operating system.
Step 10: Send me an Encrypted Email
Copy the following into your clipboard:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQMuBFIFZfoRCACxZr8gAPCLjvAcHJ9kFf98eKBivXKwG9vY3FNokrLC6I5E49Fr
s74pWj2cc7j4/tEQ9qvVLw2h1Ha/Njk0XPxyMemxEyp0yyggECTwJHqV+q2wmQ64
tjh3l4/h+7hyTsZn2yfP8Kvttis3MwcXfC+HqJqIUMXkG/mD5UH9aVqhx62+3pyv
LSMRcUkTIJPqOsrwJeRM+lQHLQyWYVIiljPT9ZI/83JlO9S5RA35HshkqVr1Hb7m
j2EI1Ci/X5Nz0lY3FQqg25Q5re/3QPhEvQTFiicFLHAQ7o7sUwUVfwRoTbj1agga
s7+FAt+Aj3FDhnzGXtNxCVGiJWeCTeaqIYLXAQCCg2bqDjsOoYo4C7YyoNeuROXB
tDr+zL4MXjgZ87IEBQf+P+fmN+XCWDfvKNTWcjrGHU/iVtrDh4QDO1kQ20pbTpmp
0flz8DN7d/2dBqZ41YJbSI7DIyPQemwVZoPqfZ/zIx5Uvr+4abL/SM4uIX8CVjmv
YsRrJHc38XOW7zAorVO2J/3WrwfWiMxMxPSDtjxgFGhf3Iz8t9EW7tdTKceVG934
s4NQESlBmG/U8ycp2rh51Ioy5ImvIJtzsOV5DMrKHBsj3XceFINtz3xvLiD8jfNb
iVcanY+QNzqdPsZ1pXYq3F39PNNOQN8rXEmJYqS7lkrLviAFcxy1a9z2emYN8BII
6B14T+EaDvkstO8ZwQFY7srWJWmfq8+DZIgElxfOEQf/feKRUhY8bk0131offozI
wREtAeLkee+6A8rjPJrcVEAHbv1kNwTcYCJXBuRLBhtunwlz+d+5lAyYQpF9AXTJ
HZEP9kh5BPdwQukXgsc+4uNYFfMR++Ml/hV7xyne+RO1+KARS+G0Xpl32J8IjG7t
9/wmTJpMAf6RMZJ1Iw9wBg4jpy4VGhRvjSYRFzKfQ31izqE2zveQm74Av5Hqrhn4
FQcqptsUfJVvE8OHktkgIFeKGuWMf9rrZcKxUdPaWRSv11DV0IDTfHfpNkIc/A2s
cDG2zWFfhYEIk6HpjNPXEwtzD12cnQD4fcclP0HRLFuhAXCn0NXBI11m/3QjUIor
B7QeU3RldmUgPEtvc1R1dG9yaWFsQHlhbmRleC5jb20+iHoEExEIACIFAlIFZfoC
GyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEM9fmvzWR3IZYuYA/Apb26E7
PnIgkvhMu069Y1KY5E1BousP/PAoVAXk8OtYAP9/AF3OU8QHAmgI4uNCiIw3qDz/
GPYoCcyvPhAlwMm9BbkCDQRSBWX6EAgA8Fc7LE2TmUUVtqHh3qecxBObNAT9WGgS
KhKVIeR7m65swM7RmYPocj2Oe20wpRt7QDllPSOV2tKDz3u3iOhnZSrZL01UXTfw
hPbuRz5ZZu865lejIr0bpl27WaSppuTPDFTtRPD8uRRhJQ3f3RlXDPmOcdKH/efJ
6ovrupvCGjFk8/cojlE3RF7UGvtbhuTtUqaNApsXerdRhT36LKkPelH9YK6vc0vk
GXtCqnk1uhgBKwj8ENuiVR9+ieTQdyx0h/ABc8zVYJJs6Uz7untdSRGL64pg00a
eMD3EHv/9k9ATkm3DPyk/fftyG/3OD8m63DvJIZ8iTiAn8/kWKbswADBQf8DiOW
11it7kYXPNztJomFv4QfcyHONxyzRTGbRXGHRpD5bCboi4Stz/cyvj1rAfmgCE5k
pVdU1V+uVGlqFm3wHseJy3Repcfmyyga+BlhG+SKMyJ4ubW9bmiinK08pdjHGMpj
ITg8OOditPGXCbqDaNlTOrZiKWGqlWI4m261rbsnYFG4wTXRVbmIyBj2mms0Cylp
oNWmbWiK6/Hi0hTnwg+K+sGBFMu8EdFPRQHZE1D0JJ8v252d4BwG9xTXcZ/F9PB1
JTl4+UB+jT4TYaen4mY90SMSPweD9CgpyZmUTFJbumK2e+d4XeiwnW9KN7LP7Pfu
MN6NrjmZV8m5V9euB4hhBBgRCAAJBQJSBWX6AhsMAAoJEM9fmvzWR3IZoi0A/06Q
hZnFFyRnkTAcwbJpO7IzFSSn20GvKJdS09exYrOaAP9TrCDFEZIMnzAv90P1z38+
gPbQhp0/knTd7TPXXTu2bw=
=WnBI
-----END PGP PUBLIC KEY BLOCK-----
Now go Menu
>OpenPGP=>Key Management
When the Key Management screen comes up go to Edit=>Import Key from Clipboard
Check Yes.
Open a New Mail in Thunderbird.
Put: KosTutorial@yandex.com in the to field.
Put: NSA Protest in the Subject field (Note neither to nor subject field will be encrypted.
Copy and paste the following text:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Now sign your name or dkos handle, or enter some random bit of text.
Go to OpenPGP and check Encrypt Message.
Hit Send.
Congradulations, you’ve just sent an encrypted email. The NSA is probably afraid of you. Consider posting your public key and e-mail address in the comments section so that other users can copy you on their protest mails, generating yet more encrypted traffic.
Remember though, if you really need to make sure the NSA can’t read something do what terrorists in third world countries do – send a handwritten note by courier. Just don't send it by US mail. The government is also logging your physical mail along with your internet traffic. Citation.
Copyright: Creative Commons-ShareAlike(CC BY-SA). Feel free to repost.