Use encryption

Modern telecommunications

Internet and mobile phones changed our lives like no others. They changed the way how we communicate, do business and interact with each other. These two inventions together have also become the perfect wholesale surveillance and spying tool. Digital information can easily be tracked, altered, modified, faked, analyzed and not so easy completely wiped out. Applications we use day after day write cache, leave tracks and backdoor records of our activities.

By the moment of now, the world encounters ~4.7B+ active mobile phones. Each phone pings different networks via GSM, CDMA, LTE, Wi-Fi and other rotocols every 5 minutes leaking lots of information about where the phone owner is, who is nearby, moving directions, whom the phone owner is calling to, chatting with or emailing. This is the way how telecommunication technologies work.

Mobile companies are watching us

In 2012 Malte Spitz presented the talk how his mobile company is watching him. Since summer 2006 the EU Commission tabled Data Retention Directive. This directive says that each phone company in Europe, each Internet service company all over Europe, has to store a wide range of information about the users.

They write your diary

All mobile and Internet carriers in the EU write digital diaries of their users based on the activity signals of mobile phones which they serve. They must store this data for at least 6 months and up to 2 years, but basically, they can keep it forever. Analyzing this data maps society behavior patterns, e.g. it creates a blueprint of social communications. It is possible to detect communication hubs, define who is more important and switch off communication leaders. It questions the very basic terms of freedom and privacy.

Leaks

Edward Snowden’s leaks pointed that the US intelligence agencies were using Google, Yahoo, Microsoft, Facebook, Apple, Twitter and lots of other popular global services. Sources at The New York Times confirm that the companies concede to surveillance program. Snowden’s materials revealed that the US intelligence agencies hack their domestic and foreign companies to wiretap their users.

How about the EU? What about MI6, MOSSAD, FSB, Bundesnachrichtendienst, MSS and intelligence agencies of other countries? How about their capabilities? Do they collect any data about their citizens, how about spying on foreigners?

Governments spy on governments, governments spy on companies, companies spy on companies, intelligence spy on bad guys, bad buys spy on governments and companies and they all spy on innocent users who do not even guess of these global behind the scene surveillance parties.

Spies of all kinds and flavors

In addition to governmental agencies, there are also many private companies specializing on extremely sophisticated surveillance techniques. They collect and analyze data about their target from different sources: mobile phones, social media, personal computers, communication contacts of their contacts, their mobiles, their social media contacts, web cameras, mobile cameras and so on. The scale of the shadow spying is crazy. Information leaks during the US presidential election campaign of 2016 unveiled hacking potential of parties interested in influencing of not controlling some serious political processes. Rumors persist that those were non-US agencies, but Russians.

Privacy is not negotiable.

It cannot be any good goal or holly purpose for watching all mobile users without their knowledge that they are being watched. It is not that you have nothing to hide, it is nobody’s business what you are doing in your private communicate channels (calls, chats or emails). Governments will not have enough resources to protect privacy of their citizens from malicious spying by other governments or foreign intelligence. Governments (of all countries), probably, will be the first to watch their own citizens. If you don’t take care of your digital security and privacy protection nobody will do it for you.

Encryption

Encryption is a good way to protect your data. In fact, in some countries using encryption is illegal and is considered to be a crime. When choosing encryption make sure you go with strong algorithms which are unfeasible and incredibly difficult to break. The US National Institute of Standardization and Technologies (NIST) developed recommendations for cryptographic algorithms, standards and sizes of encryption keys. The Wired publication describes how applying approved NIST standards NSA weakens encryption algorithms on purpose by leaving backdoors in math.

Email encryption

When it comes to email protection, many PGP encryption programs are doing well encrypting emails, but are not so good with handling cache of user activity. Extracting information from cache will tell whom you are contacting to, when and how often. Even if information of emails is hidden the cache may tell a lot about the user. Not only encryption algorithms are important, but also it also important how encryption applications work. It is important where points of encryption and decryption are. Is information processed on user’s side or on the server? Are encryption and decryption keys long enough to stand the brutal force attack? Are encryption and decryption keys protected from unauthorized use?

Strong encryption

Strong encryption should be performed end-to-end, should be unfeasible to break, should not have any backdoors, should not have any chance for men-in-the-middle to join or wiretap conversation, should not leave any side tracks and should not write any logs or cache. If NIST recommends using 1024-bit key for RSA encryption algorithm, using longer keys (at least 2048-bit) ensures stronger level of encryption. Breaking 2048-bit RSA key is 232 times harder, than breaking 1024-bit RSA key.