http://www.zdnet.com/ask-a-hacker-top-four-anti-surveillance-apps-7000016566/
Top four anti-surveillance apps
By Violet Blue for Zero Day | June 8, 2013 -- 02:00 GMT (19:00 PDT)
Did they or didn't they? That's the question at the end of this week's
ground-shaking news that two highly classified programs reveal the U.S.
government has been spying on its citizens behind closed doors for years, made
public in leaks as reported by Guardian U.K.
One NSA program brought to light this week harvests phone records via Verizon.
The second program is called Prism, in which the NSA data-mines user
information directly from nine Internet giants, including Apple, Facebook,
Google, Microsoft and Skype.
No one has contested the Verizon data/surveillance exchange deal. President
Obama today confirmed the existence of both NSA programs and acknowledges
Prism, tech companies Google and Facebook issued carefully-worded statements
with each company saying it had never head of Prism.
If the NSA is getting their intel without our knowledge or consent straight
from the tap, there's nothing we can do to protect ourselves. Except maybe yell
at them really loud. Just like in a classic scary movie, the calls are actually
coming from inside the house.
Add to this the element of outside information seekers: data dealers who work
to make a buck by scraping sites, exploiting security holes, or making direct
data sales with the very same companies alleged to be part of Prism. Now we can
extend the horror film analogy, where we find out (always too late!) that the
serial killer is also the babysitter.
Even against odds, I felt that at the very least we can make someone's job a
little bit harder.
Hence the title of this post. I asked not just one, but several hackers who
work professionally in high-level security environments what the best
anti-surveillance, pro-privacy phone apps are. What is on their phones? What
should be on mine?
After they finished laughing at my question (especially in light of the Prism
revelations), I got solid answers. You can tell me what I left out in the
comments, but I only wanted to post apps that were tested and in use by people
whose jobs (or more) depend on personal communication security.
Keep in mind that the sudden activation of encryption tools can draw attention
to you, when before there might have been none.
However, now might be a good time to take advantage of the fact that in the
middle of this news storm, suddenly lots of people are going to be trying out
anti-surveillance software.
Most recommended: Text Secure and Red Phone by Whisper Systems (Android only;
iOS in development).
Both apps are free and open source, "enabling anyone to verify its security by
auditing the code."
1. Text Secure (play.google.com)
TextSecure encrypts your text messages over the air and on your phone. It's
almost identical to the normal text messaging application, and is just as easy
to use.
TextSecure provides a secure and private replacement for the default text
messaging app. All messages are encrypted locally, so if your phone is lost or
stolen, your messages will be safe.
Messages to other TextSecure users are encrypted over the air, protecting your
communication in transit. TextSecure is the only Android private SMS/MMS
messenger replacement that uses open source peer-reviewed cryptographic
protocols to keep your messages safe.
Rather than simply pretending to hide your texts by putting them in another
place, TextSecure uses cryptography to ensure that they remain truly secure.
2. Red Phone (play.google.com)
RedPhone provides end-to-end encryption for your calls, securing your
conversations so that nobody can listen in.
RedPhone uses your normal phone number to make and receive calls, so you don't
need yet another identifier. Use the default system dialer and contacts apps to
make calls as you normally would.
RedPhone will give you the opportunity to upgrade to encrypted calls whenever
the person you're calling also has RedPhone installed.
RedPhone calls are encrypted end-to-end, but function just like you're used to.
Uses wifi or data, not your plan's voice minutes.
Second place must-haves: Tor apps Onion Browser (Apple iOS) and Orbot
(Android), or running your own VPN.
Both Onion Browser and Orbot make use of the Tor Project, but they each
function slightly differently (with privacy protection limitations falling on
the Apple side of the tree due to the closed nature of iOS).
3. Onion Browser (Apple iTunes)
Onion Browser is a minimal web browser that encrypts and tunnels web traffic
through the Tor onion router network and provides other tools to help browse
the internet while maintaining privacy.
Websites do not see your real IP address. Your connection is encrypted before
it leaves your device, providing protection against snooping by ISPs or people
who share a WiFi connection with you.
Tunnel bypasses restrictive firewalls: you can access the entire Internet from
behind ISPs or corporate connections, or when inside countries that practice
online censorship. Access websites on the "dark net" of anonymous .onion web
sites, only accessible in the Tor network.
User-Agent spoofing: hides the fact that you are using an iPhone/iPad from
websites you visit. Ability to block third party cookies or all cookies. Can
change IP address and clear cookies/history/cache in one button.
CHINA/IRAN NOTE: Due to online censorship techniques using deep-packet
inspection (DPI), this app does NOT currently function in China or Iran.
4. Orbot (play.google.com)
Orbot is a "proxy app that empowers other apps to use the internet more
securely. It uses Tor to encrypt Internet traffic and hide it by basically
bouncing through a series of computers around the world; it is the official
version of the Tor onion routing service for Android.
(...) instead of connecting you directly like VPNs and proxies. This process
takes a little longer, but the strongest privacy and identity protection
available is worth the wait.
Use with Orweb, the most anonymous way to access any website, even if it’s
normally blocked, monitored, or on the hidden web. Use Gibberbot with Orbot to
chat confidentially with anyone, anywhere for free.
Orbot can be configured to transparently proxy all of your Internet traffic
through Tor. You can also choose which specific apps you want to use through
Tor.
Any installed app can use Tor if it has a proxy feature, using the settings
found here. Check out our fun, interactive walkthrough.
The thing to know about Tor-based projects is that they will slow down your
response times, and for many — privacy or not — this is a dealbreaker.
To Tor or not to Tor, everyone agreed that running a VPN (Virtual Private
Network) of some kind is a smart thing to do. Read Why You Should Start Using a
VPN (and How to Choose the Best One for Your Needs).
Yes, there is so much more you can do.
A good place to start is The Electronic Frontier Foundation (EFF) Surveillance
Self-Defense Guide. If you're low on time to read it all, skip to What Can I Do
To Protect Myself?
The EFF now has a two-click form — Massive Spying Program Exposed — where
visitors can instantly send emails to their representatives calling for a full
Congressional investigation saying, "It's time for a full accounting of
America's secret spying programs—and an end to unconstitutional surveillance."
Update Saturday, June 8, 2:34am PST to include footnote:
These apps are good to protect you from many types of invasive attacks, but
they won't protect against skilled attackers (such as powerful, unethical
governments with unrestrained technical access). It's important to know that
mobile devices - in this instance mobile phones, specifically - are generally
weak platforms. If you're a person who's at-risk, don't bet your life on any
app - or any phone.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
