PRISM Shedding too much Light on Your Communications? Tips for More Digi-Sec!
If your Twitter client didn't explode with the news about PRISM, here are the highlights, courtesy of the Washington Post:
An internal presentation on the Silicon Valley operation, intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 articles last year. According to the briefing slides, obtained by The Washington Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.
The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.
Dropbox, the cloud storage and synchronization service, is described as “coming soon.”
Yikes. This probably overreaches the Terms of Service (which, let's be honest, you probably didn't read) to hand over your data to an intelligence agency without your previous knowledge or consent.
What's especially troubling is that these platforms are incredibly popular - you'd be hardpressed to find an average internet user who isn't communicating through one or more of these platforms.
But how can you communicate securely through these tools?
1. Anonymize your IP address through Tor or TAILS: Tor (as well as TAILS) route your internet connection through a series of different IP addresses, disguising your actual location. You can even go further by using Bridges or using an obfuscating proxy to disguise the fact that you are using Tor.
2. GnuPG: You can encrypt your emails to prevent your email service provider from reading their contents by using GnuPG, an open-source version of the encryption tool PGP. To learn more about using GnuPG for your email, check out Tactical Tech's chapter on email encryption.
3. Pidgin + OTR (or Adium): Just like your email, you can encrypt your chat messages on Facebook Chat, MSN messenger, GChat, and several other platforms through Pidgin and its "Off-the-Record" (OTR) plugin for Windows, or Adium for Mac. While the new "Hangouts" setup has changed some aspects of how GChat functions, you can still use Pidgin and Adium for one-on-one encrypted chats.
4. Truecrypt: if you use Cloud storage tools like Dropbox, you can use Truecrypt to store and sync your encrypted storage volumes, just like you would any other file.
If you'd like to learn more about which services for social media, email, chat and others have not been incorporated into PRISM, check out this handy guide by the Daily Dot and PRISM Break.