Online armour: Duncan Campbell's tech chief on anonymity 101
Of Tor, TAILS and Jabber
Crypto toolbox, Part II In the first article in this two-parter on building your own crypto toolbox I covered older tools that have been around for a relatively long time now: Truecrypt and OpenPGP. Here, I will go in a different direction and look at ways of protecting instant messaging, general web-browsing, and how to trust the operating system where we run these tools.
Voice and video chat
The once vaunted Skype is no longer secure in any meaningful sense of the word.
If you need secure voice or video chat, the commercial Silent Phone service (from Phil Zimmermann's Silent Circle) is generally regarded as robust and trustworthy, as it builds on top of the security model of the old PGPfone. It is available for Windows, Android and iOS – but OS X seems to be notably absent at present.
From a practical standpoint the VOIP experience on Silent Phone is not as polished as you may be used to from Skype – for example, there's no-to-poor echo cancellation – so I strongly recommend using a proper headset rather than speakers and the crummy mic built in to your webcam or laptop. For the sake of completeness it must also be noted that this is a proprietary closed-source service; it's up to you to decide if that's a deal-breaker for you. Like it or not, this is what's used and trusted in certain circles.
OTR plugin, on top of Jabber/XMPP
For the instant-message generation, a plugin called OTR (Off The Record) offers end-to-end protection for communications on compatible IM services and applications.
The combination used by NSA whistleblower Edward Snowden and his supporters is to use the open XMPP IM protocol, often on the Pidgin client, with this OTR plugin to provide the security. Youíd then transmit over Tor for general anonymity, using the TAILS OS for local security, which I'll come to shortly.
OTR uses some of the same Public-Key crypto concepts as OpenPGP, but with a focus on protecting live chat sessions. Once you have established a secured OTR session, you can be sure that nobody is snooping on your conversation – but after the fact, what you said can't be held against you. The person you're chatting with would be completely able to forge the digital signatures, meaning third parties can't prove that you yourself said something.
This is in stark contrast to PGP, where a signature is a very strong proof of the authorship of a message.
The open XMPP IM protocol is often on the Pidgin client
As with OpenPGP, you are responsible for checking the key fingerprint of the person you're communicating with. Unlike PGP, however, there is no concept of signing someone else's key to be able to transfer trust – you will definitely need to check manually. As with PGP, a Skype video call is suitable - I recommend doing a full Fingerprint check rather than using any "question and answer" alternatives, as that's what makes me most comfortable in terms of robustness of security.
There are a wide range of public servers using Jabber that is based on XMPP. Because Jabber is federated, users on one server can communicate freely with users elsewhere – provided that both ends offer server-to-server TLS encryption. The general Jabber server-admin community has recently moved towards absolutely requiring server-to-server encryption, which has had the effect of cutting off Google Talk users from pretty much everyone else.
American tech-collective Riseup offer email accounts with matching Jabber service, have very nice tutorials for a variety of chat clients (including Adium for OS X users), and their server can also be reached as a Tor Hidden Service, although you will need to request an invite to sign up for their services.
The OTR plugin's website has links for some tutorials on its use. I found this one to be very thorough and covered everything for Windows. A little bit of digging elsewhere revealed a similar guide for Adium users in OS-X-land.
TOR, The Onion Router
While you can use GPG to secure the contents of your email, a state-level adversary with extensive taps on the big intercontinental submarine cables will still be able to see that you are emailing this other person. If someone from a government or military IP address range started sending encrypted mail to known investigative journalists (or other potential enemies of the state), there's a very strong risk there – even if the security forces can't read the contents of the messages.
Also visible for your ISP to see – and therefore also freely visible to the state via their ability to twist your ISP's arm in secret – is your web browsing, instant messaging, and anything else you're doing.
The most robust way to anonymise your internet use is to use Tor (The Onion Router), which does a very robust job of evading that sort of surveillance.
GCHQ owns Tor nodes
We know it works well because we've got the NSA's slides where they describe how much they hate it. They describe it as a "CNE [Computer Network Exploitation] headache", which is a superb seal of approval.
It is worth noting that Tor provides anonymity. That's it. It does not automatically provide security or privacy. If the "exit node" you are using (the point where your traffic exits the Tor process and emerges on to the normal internet) is unscrupulous, evil, or just hacked, (or, run by GCHQ) it has the ability to intercept the contents of your communications. It won't automatically know who you are (e.g. your real IP address), because that is hidden by Tor – but it can see what you're sending and receiving.