By Simon Phipps
The remarkable disclosure of international surveillance activities by U.S. intelligence services over the last week has stirred much discussion and controversy. Whatever the legality of the situation, no matter the outcome of actions against the people involved, this has been an important wake-up call for us all, especially as the move to cloud computing gathers pace.
Everyone has something to hide — and the desire to avoid prying eyes doesn’t make you a terrorist or a criminal. Perhaps you wish to protect trade secrets from competitors or personal preferences from politically motivated investigators. What actions can you take to reduce the risk that your personal and business activities will become visible to nosey bureaucrats?
As soon as news broke about the PRISM surveillance system, a website appeared, usefully collating details of software systems that reduce the risk of your communications being intercepted. Punningly named PRISM Break, the site includes a long list of open source software solutions that protect Internet privacy. It includes numerous projects at various stages of evolution. Some, like the Firefox browser, will be very familiar, but others are less known.
The solutions documented take several approaches. Most obvious, they apply encryption to communications we’re all used to conducting in the clear. For example, all the instant messaging systems offered by large providers are, inexplicably, unencrypted. The list proposes adding a plug-in called Off-the-Record (OTR) to your instant messaging. Of course, if you’re using “official” clients from big providers like AOL or Skype, the built-in client in OS X, or even Web-based messaging services like Google’s Hangouts, that’s impossible. None of those providers let you add your own encryption.
Fortunately, there are excellent open source alternatives, notably Pidgin and its OS X equivalent Adium. Both offer OTR as an option that’s well worth taking. OTR has stood the test of time and offers encryption that’s session-based (cracking the encryption on one conversation gives no access to others) and repudiable (cracking part of a conversation gives no proof the rest of the conversation is related). OTR operates directly on the message text itself, so it needs no adaptation to IM protocols. In addition to proprietary IM protocols, Pidgin supports XMPP, the open standard for messaging recently dropped by Google but still in use by millions of us worldwide. XMPP allows distributed messaging that does not require a centralized server.