Whether you think NSA whistleblower Edward Snowden is a hero or a traitor, you have to admit: The guy knows how to keep his information secure.
The fact that Snowden isn’t sitting in Guantanamo right now with ankle cuffs and a bag over his head demonstrates his ability to avoid detection.
Snowden spoke at the Hope X conference in New York this month via a Google+ Hangout from Russia, and called on developers to build privacy and security into everyday products. He also hinted that he planned to work on building such technology.
If you look into the details of what’s been happening with tracking, surveillance, spying, hacking and global cyber industrial espionage, you can see that Snowden is right. We all need a lot better protection from snoops of all stripes.
But how does the non-expert get started? One option is to listen to Snowden himself. Over the past year, Snowden has in one format or another, made specific product recommendations.
Here are the products Snowden has explicitly recommended since the trove of documents on the NSA has been publicly revealed. (The list is in alphabetical order.)
Ghostery Ghostery, made by a company called Evidon, is a browser extension for Chrome, Firefox, Safari and Internet Explorer. It exists for two purposes. The first is to block tracking code, which makes browsing the web both more private and also faster. The second purpose is, somewhat contradictory — Evidon collects data from you to help advertisers avoid being blocked.
It also enables website owners to gain insights into the tracking code deployed on their site by third-party advertising companies. Note that Snowden recommended Ghostery some time ago. But this month, the Electronic Frontier Foundation launched a competing product that I would imagine Snowden would recommend called Privacy Badger.
NoScript is a free extension for Mozilla-based web browsers, including Firefox. It blocks executable web content by default. This blocking includes JavaScript, Java, Flash and Silverlight. You can whitelist sites if you want to use such content on a site-by-site basis. Or, if you choose, you can make all sites active by default and choose to blacklist sites you think might be dangerous. A visual button tells you if active content has been blocked on the current site.
In the first chapter of his book “No Place to Hide,” journalist Glenn Greenwald wrote that Edward Snowden contacted him using the alias “Cincinnatus,” and said he would tell Greenwald some highly newsworthy facts, but only if he installed Pretty Good Privacy (PGP) first. (Greenwald didn’t know the magnitude of the scoop being offered to him and didn’t get around to installing PGP for months, thus delaying the leak.) PGP, of course, is a 23-year-old encryption program that can be used for email, as well as files and other things.
Tor is a free application that routes your Internet traffic through a global volunteer network of thousands of relays that play a shell game with your data so your location and Internet travels are concealed. Tor, which used to stand for “The Onion router” in a reference to layers of encryption, encrypts data in multiple layers that prevents snoops from being able to figure out any details about your web travels, such as where you are or what you’re looking at.
Tor was developed in part by US government funding as a way to enable citizens in repressive countries to communicate safely. And the NSA has a lot of respect for it. But in a recent controversy, two Carnegie Mellon researchers said they would give a talk at the Black Hat USA 2014 conference next month telling how to identify Tor users inexpensively (for only $3,000). The session was cut from the lineup because university lawyers didn’t approve it. The institute that the researchers work for is funded by the Pentagon, but the Department of Homeland Security said they did not request that the talk be cancelled.
Next page: more security apps
TrueCrypt is an on-the-fly encryption product, which had a great reputation among privacy experts until it was unexpectedly and weirdly discontinued on May 28. Seemingly out of nowhere, the anonymous developers posted that TrueCrypt was “harmful and no longer secure” and users were urged to embrace Microsoft Bitlocker instead. Snowden recommended TrueCrypt before the discontinuation, and it’s not clear that he still does.
SpiderOak is for backing up, sharing and syncing data. Snowden recommended the product as an alternative to Dropbox, which he reminded his interviewer was a target for NSA surveillance as leaked by the original Prism leak. He also pointed out that former secretary of state Condoleezza Rice is on the Dropbox board, and “probably the most anti-privacy official we can imagine.”
SpiderOak, on the other hand, uses encrypted cloud storage and client-side encryption key creation for backing up user folders in a way that prevents even SpiderOak from gaining access to the files.
Whisper Systems makes security and privacy software for smartphones. The company was acquired by Twitter three years ago, but some of their software was spun out as an open source project called Open WhisperSystems, which makes TextSecure, RedPhone, TextSecure-Server, BitHub, and TextSecure-iOS — all security and privacy software applications.
Hero or traitor, Snowden is right about the need to protect our data. And his own list of recommended products is as good a place to start as any.
So get downloading! Before it’s too late.
Photo courtesy of Shutterstock.