Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
— Edward Snowden, answering questions live on the Guardian's website
The stories of how NSA whistleblower Edward Snowden first contacted journalists Glenn Greenwald and Laura Poitras (both Freedom of the Press Foundation board members), and how he communicated with the Washington Post's Barton Gellman, have given the public a rare window into digital security and conversing online in the age of mass surveillance.
In response, we've just published our first whitepaper—using the public comments by both Snowden and the journalists involved as illustrations—to show how reporters, whistleblowers, and ordinary Internet users can still protect their privacy online.
You can read the whitepaper here [PDF version].
It's important to remember that while the NSA is the biggest, best funded spy agency in the world, other governments, including China and Russia, spend massive amounts of money of their own high-tech surveillance equipment and are known to specifically seek out journalists and sources for surveillance. In the US, bad digital security can cost whistleblowers their freedom, but in other countries it can cost both journalists and sources their lives. A recent example from Syria illustrates how careless digital security can have tragic results.
The whitepaper covers:
- A brief primer on cryptography, and why it can be trustworthy
- The security problems with software, and which software you can trust
- How Tor can be used to anonymize your location, and the problems Tor has when facing global adversaries
- How the Off-the-Record instant message encryption protocol works and how to use it
- How PGP email encryption works and best practices
- How the Tails live GNU/Linux distribution can be used to ensure high endpoint security