WASHINGTON – The National Security Agency’s spying powers are vast, but there are ways to thwart the agency’s snooping:
Browse anonymously with Tor: NSA whistle-blower Edward Snowden has been photographed with a Tor sticker on his laptop. Tor lets you use the Internet without revealing your IP address or other identifying information. The distributed network works by bouncing your traffic among several randomly selected proxy computers before sending it on to its real destination. Websites will think you are coming from whichever node your traffic happened to bounce off of last, which might be on the other side of the world.
Tor is easy to use. You can download the Tor Browser Bundle, a version of the Firefox browser that automatically connects to the Tor network for anonymous Web browsing.
There is also an online identity-masking program called disconnect.me, which operates like Tor but claims to have an extra layer of protection that allows users to log into their personal accounts and still remain anonymous online.
Among Internet search engines, DuckDuckGo, which does not store IP addresses, says it has seen record growth recently.
Keep your chats private with OTR: If you use a conventional instant messaging service such as those offered by Google, AOL, Yahoo and Microsoft, logs of your chats may be accessible to the NSA through the PRISM program. But a chat extension called OTR — for “off the record” — offers “end-to-end” encryption. The server sees only the encrypted version of your conversations, thwarting eavesdropping.
To use OTR, both you and the person you are chatting with need to use instant messaging software that supports it. For example, a Mac OS X application called Adium works with Google, AOL, Microsoft and Yahoo’s chat networks, among others. Windows and Linux users can use Pidgin.
OTR works as an extension to conventional instant messaging networks, seamlessly adding privacy to the IM networks you may already use. You can configure Adium or Pidgin so that if a person you are chatting with is also running an OTR-capable client, it will automatically encrypt the conversation.
Make secure calls with Silent Circle: The conventional telephone network is vulnerable to government wiretapping. And many Internet-based telephony applications, including Skype, are thought to be vulnerable to interception as well.
But one, called Silent Circle, is believed to be impervious to wiretapping, even by the NSA. Like OTR, it offers end-to-end encryption, meaning that the company running the service never has access to your unencrypted calls and thus can’t turn them over to the feds. The client software is open-source, and Chris Soghoian, chief technologist of the American Civil Liberties Union, says it has been independently audited to ensure that it doesn’t contain any “back doors.”
There is also Wickr, a startup that makes an app to allow people to secure and “shred” data sent on mobile devices.
Make secure calls with Redphone: Redphone is another application that makes phone calls with end-to-end encryption. Interestingly, it was developed with financial support from U.S. taxpayers, courtesy of the Open Technology Fund.
The government hopes to support dissidents living under repressive regimes overseas. But the only way to build a communications application that people will trust is to make it impervious to snooping by any government, including in the U.S. So like Silent Circle, the Redphone client software is open-source and has been independently audited.
Remove your cellphone battery to thwart tracking: The NSA phone records program initially revealed by British newspaper The Guardian not only collects information about what phone numbers you call but data about the location of the nearest cellphone tower. That gives the NSA the ability to determine your location every time you make a phone call — and maybe in between calls, too.
Unfortunately, there is no technical fix for this kind of surveillance. “The laws of physics will not let you hide your location from the phone company,” Soghoian said, since the phone company needs to know where you are in order to reach you when you receive a call.
Encrypt your emails: Emails sent across the Web are like postcards. In some cases, they are readable by anyone standing between you and its recipient. That can include your web-mail company, your Internet service provider and whoever is tapped into the fiber-optic cable passing your message around the globe — not to mention a parallel set of observers on the recipient’s side of the world.
To beat the snoops, experts recommend encryption, which scrambles messages in transit and makes them unreadable to anyone trying to intercept them. Techniques vary, but a popular one is called PGP, short for “pretty good privacy.” PGP is effective enough that the U.S. government tried to block its export in the mid-1990s, arguing that it was so powerful it should be classed as a weapon.
However, encryption can be clunky. And to work, both parties have to be using it.
Sascha Meinrath, who heads a New America Foundation program helping users maintain secure and private communications in totalitarian countries, said the postal service cannot open mail without probable cause “and yet the government is saying that if that is an electronic communication they have a right to surveillance. The privacy of our correspondence is fundamental to our democracy.”
Cut up your credit cards: The Wall Street Journal says the NSA is monitoring American credit card records in addition to phone calls. So stick to cash, or, if you are more adventurous, use electronic currencies to move your money around.
Credit cards are a mainstay of the world payment system, so washing your hands of plastic money is among the most difficult moves you can make. In any case, some cybercurrency systems offer only limited protection from government snooping, and many carry significant risks.
The value of Bitcoin, one of the better-known forms of electronic cash, has oscillated wildly, while users of another popular online currency, Liberty Reserve, were left out of pocket after the company behind it was busted by international law enforcement.
Don’t keep your data in the U.S. or with American companies: U.S. businesses are subject to U.S. law, including the Patriot Act, whose interpretations are classified.
Although the exact parameters of the PRISM data-mining program revealed by The Guardian and The Washington Post remain up for debate, what we do know is that a variety of law enforcement officials — not just at the NSA — can secretly demand your electronic records without a warrant through an instrument known as a National Security Letter. Such silent requests are made by the thousands every year.
Steer clear of malicious software: If they can’t track it, record it or intercept it, an increasing number of spies aren’t shy about hacking their way in to steal your data outright. Snowden warned The Guardian that his agency had been on a worldwide binge of cyberattacks. “We hack everyone everywhere,” he said.
Former officials don’t appear to contradict him. Former NSA chief Michael Hayden described it as “commuting to where the information is stored and extracting the information from the adversaries’ network.” In a recent interview with Bloomberg Businessweek, Hayden boasted that “we are the best at doing it. Period.”
Malicious software used by hackers can be extremely hard to spot. But installing an antivirus program, avoiding attachments, frequently changing passwords, dodging suspicious websites, creating a firewall and always making sure your software is up to date is a good start.