{"id":22124,"date":"2013-09-15T10:44:41","date_gmt":"2013-09-15T15:44:41","guid":{"rendered":"http:\/\/quotulatiousness.ca\/blog\/?p=22124"},"modified":"2013-09-15T10:44:41","modified_gmt":"2013-09-15T15:44:41","slug":"bruce-schneier-on-what-you-can-do-to-stay-out-of-the-nsas-view","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2013\/09\/15\/bruce-schneier-on-what-you-can-do-to-stay-out-of-the-nsas-view\/","title":{"rendered":"Bruce Schneier on what you can do to stay out of the NSA&#8217;s view"},"content":{"rendered":"<p>Other than going completely off the grid, you don&#8217;t have the ability to stay completely hidden, but there are some things you can do to <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2013\/09\/how_to_remain_s.html\" target=\"_blank\">decrease your visibility to the NSA<\/a>:<\/p>\n<blockquote><p>With all this in mind, I have five pieces of advice:<\/p>\n<ol>\n<li><strong>Hide in the network<\/strong>. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it&#8217;s work for them. The less obvious you are, the safer you are.<\/li>\n<li><strong>Encrypt your communications<\/strong>. Use TLS. Use IPsec. Again, while it&#8217;s true that the NSA <a href=\"http:\/\/www.informationweek.com\/security\/government\/want-nsa-attention-use-encrypted-communi\/240157089\" target=\"_blank\">targets encrypted connections<\/a> &mdash; and it may have explicit exploits against these protocols &mdash; you&#8217;re much better protected than if you communicate in the clear.<\/li>\n<li><strong>Assume that while your computer can be compromised, it would take work and risk on the part of the NSA &mdash; so it probably isn&#8217;t<\/strong>. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has <em>never<\/em> been connected to the Internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my Internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it&#8217;s pretty good.<\/li>\n<li><strong>Be suspicious of commercial encryption software, especially from large vendors<\/strong>. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It&#8217;s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either <a href=\"http:\/\/arstechnica.com\/tech-policy\/2013\/08\/how-might-the-feds-have-snooped-on-lavabit\/\" target=\"_blank\">legal<\/a> or more clandestine means.<\/li>\n<li><strong>Try to use public-domain encryption that has to be compatible with other implementations<\/strong>. For example, it&#8217;s harder for the NSA to backdoor TLS than BitLocker, because any vendor&#8217;s TLS has to be compatible with every other vendor&#8217;s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it&#8217;s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.<\/li>\n<\/ol>\n<p>Since I started working with Snowden&#8217;s documents, I have been using <a href=\"http:\/\/www.gnupg.org\/\" target=\"_blank\">GPG<\/a>, <a href=\"https:\/\/silentcircle.com\/\" target=\"_blank\">Silent Circle<\/a>, <a href=\"https:\/\/tails.boum.org\/\" target=\"_blank\">Tails<\/a>, <a href=\"http:\/\/www.cypherpunks.ca\/otr\/\" target=\"_blank\">OTR<\/a>, <a href=\"http:\/\/www.truecrypt.org\/\" target=\"_blank\">TrueCrypt<\/a>, <a href=\"http:\/\/bleachbit.sourceforge.net\/\" target=\"_blank\">BleachBit<\/a>, and a few other things I&#8217;m not going to write about. There&#8217;s an undocumented encryption feature in my <a href=\"https:\/\/www.schneier.com\/passsafe.html\" target=\"_blank\">Password Safe<\/a> program from the command line; I&#8217;ve been using that as well.<\/p>\n<p>I understand that most of this is impossible for the typical Internet user. Even I don&#8217;t use all these tools for most everything I am working on. And I&#8217;m still primarily on Windows, unfortunately. Linux would be safer.<\/p>\n<p>The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical. They&#8217;re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.<\/p>\n<p>Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That&#8217;s how you can remain secure even in the face of the NSA.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Other than going completely off the grid, you don&#8217;t have the ability to stay completely hidden, but there are some things you can do to decrease your visibility to the NSA: With all this in mind, I have five pieces of advice: Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10,15],"tags":[157,58,913,154,334,911],"class_list":["post-22124","post","type-post","status-publish","format-standard","hentry","category-liberty","category-technology","tag-encryption","tag-internet","tag-nsa","tag-privacy","tag-security","tag-surveillance"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-5KQ","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/22124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=22124"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/22124\/revisions"}],"predecessor-version":[{"id":22125,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/22124\/revisions\/22125"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=22124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=22124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=22124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}