How to Remain Secure Against the NSA

Now that we have enough details about how the >NSA eavesdrops on the Internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.

For the past two weeks, I have been working with the Guardian on NSA stories, and have read hundreds of top-secret NSA documents provided by whistleblower Edward Snowden. I wasn't part of today's story -- it was in process well before I showed up -- but everything I read confirms what the Guardian is reporting.

At this point, I feel I can provide some advice for keeping secure against such an adversary.

The primary way the NSA eavesdrops on Internet communications is in the network. That's where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.

Leveraging its secret agreements with telecommunications companies—all the US and UK ones, and many other "partners" around the world -- the NSA gets access to the communications trunks that move Internet traffic. In cases where it doesn't have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.

That's an enormous amount of data, and the NSA has equivalently enormous capabilities to quickly sift through it all, looking for interesting traffic. "Interesting" can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis.

The NSA collects much more metadata about Internet traffic: who is talking to whom, when, how much, and by what mode of communication. Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence.

The Systems Intelligence Directorate is in charge of data collection, and the resources it devotes to this is staggering. I read status report after status report about these programs, discussing capabilities, operational details, planned upgrades, and so on. Each individual problem -- recovering electronic signals from fiber, keeping up with the terabyte streams as they go by, filtering out the interesting stuff -- has its own group dedicated to solving it. Its reach is global.

The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability.

The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO -- Tailored Access Operations -- group. TAO has a menu of exploits it can serve up against your computer -- whether you're running Windows, Mac OS, Linux, iOS, or something else -- and a variety of tricks to get them on to your computer. Your anti-virus software won't detect them, and you'd have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period.

The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs. First, there's a lot of bad cryptography out there. If it finds an Internet connection protected by MS-CHAP, for example, that's easy to break and recover the key. It exploits poorly chosen user passwords, using the same dictionary attacks hackers use in the unclassified world.

As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories about their experiences, and I plan to write about them soon. Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.

TAO also hacks into computers to recover long-term keys. So if you're running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. This kind of thing is only done against high-value targets.

How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."

I believe this is true, despite today's revelations and tantalizing hints of "groundbreaking cryptanalytic capabilities" made by James Clapper, the director of national intelligence in another top-secret document. Those capabilities involve deliberately weakening the cryptography.

Snowden's follow-on sentence is equally important: "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."

Endpoint means the software you're using, the computer you're using it on, and the local network you're using it in. If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn't matter at all. If you want to remain secure against the NSA, you need to do your best to ensure that the encryption can operate unimpeded.

With all this in mind, I have five pieces of advice:

  1. Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.

  2. Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections -- and it may have explicit exploits against these protocols -- you're much better protected than if you communicate in the clear.

  3. Assume that while your computer can be compromised, it would take work and risk on the part of the NSA -- so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the Internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my Internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.

  4. Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

  5. Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about. There's an undocumented encryption feature in my Password Safe program from the command line; I've been using that as well.

I understand that most of this is impossible for the typical Internet user. Even I don't use all these tools for most everything I am working on. And I'm still primarily on Windows, unfortunately. Linux would be safer.

The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical. They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA.

This essay previously appeared in the Guardian.

EDITED TO ADD: Reddit thread.

Someone somewhere commented that the NSA's "groundbreaking cryptanalytic capabilities" could include a practical attack on RC4. I don't know one way or the other, but that's a good speculation.

Posted on September 15, 2013 at 8:11 AM • 83 Comments

Comments

AdlaiSeptember 15, 2013 9:04 AM

Thank you for sharing your tips. I hope you don't spend the rest of your life detained at airport security checkpoints... but even if you do, you've sacrificed your time for the public good.

zgattSeptember 15, 2013 9:28 AM

So, Bruce, I'm waiting for your thoughts about twofish not being selected for AES, given recent revelations. I know you don't want to seem smug about it, but still, it's worth a comment.

Nelson ChenSeptember 15, 2013 9:43 AM

As for your air gap with a USB memory stick, wouldn't a big vulnerability be autorun or some version of such that can operate in secret? If one is really, really concerned, it might be better to use a serial cable if those are still made, or use hard copy printouts that could then be OCR'ed into the computer with a scanner. Of course, with encrypted text, the OCR will have to have stellar reliability for such to work.

WinterSeptember 15, 2013 9:44 AM

The main problem is that the "population" still thinks it will not affect them because "they have nothing to hide".

Maybe it should be made much more clear that any data collected about a person will only be used as evidence against that person. It will never, ever, be used to help that person clear himself.

People in the USA are always advised not totalk to the police without a lawyer present. Because everything you tell the police can only be used as evidence against you, never as evidence to help you.

https://www.youtube.com/watch?v=6wXkI4t7nuc
(This movie clip should be mandatory viewing for every high school kid)

Now the NSA collects evidence against everyone without the ability to call for a lawyer.

fredSeptember 15, 2013 10:00 AM

Bruce's recommendations were a good idea regardless of the NSA anyway.

Basically, it boils down to being noise, not signal.

Carl 'SAI' MitchellSeptember 15, 2013 10:45 AM

For an air-gap a serial cable (with the RX lines disconnected on the "clean" system's side works, but is slow and hard to get. An ethernet cable with the same modification and UDP works much better. It's a classic way to do logging: if your logserver is setup on the "clean" side of such a gap it's much harder for an attacker to modify the logs.

HenrikSeptember 15, 2013 11:06 AM

Bruce, it's being pointed out elsewhere that TOR makes no claim to protect effectively against an adversary who can observe large parts of the network.
Since the metadata collection is such an important part I'd be happy to see more suggestions about how to protect against traffic analysis, fingerprinting, and so on.

Specifics PleaseSeptember 15, 2013 11:15 AM

This general advice, though sound, is neither applied nor specific enough to be useful to anyone but the cognoscenti. Which platforms (x86_64, iphone, android)? Which software (OpenVPN, iMessage, FileVault2, etc.)? Which configurations (easy-rsa generated 4096-bit RSA certs)? Is there independent confirmation? E.g. diskutil cs list on OS X says

Logical Volume Family FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
----------------------------------------------------------
Encryption Status: Locked
Encryption Type: AES-XTS
Conversion Status: Complete
Conversion Direction: -none-
Has Encrypted Extents: Yes
Fully Secure: Yes
Passphrase Required: Yes

AES-XTS should be okay, but how can this be checked independently? Is Linux+Truecrypt the only real answer? Without specifics about the platform/software/configuration, it will be very difficult for most to implement any of this advice.

akfSeptember 15, 2013 11:18 AM

In point 4 you mention Open Source software. I like that, although I prefer the term Free Software.
However in point 5 you mention public-domain. Note that Open Source usually is not public-domain, although many treat it like that, but it isn't. As far as I can tell none of the software you mention is public-domain. So please could you clearify what you mean by that?

namelessSeptember 15, 2013 12:03 PM

@Bruce:
on one hand


Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.

but on another hand

The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO -- Tailored Access Operations -- group. TAO has a menu of exploits it can serve up against your computer -- whether you're running Windows, Mac OS, Linux, iOS, or something else -- and a variety of tricks to get them on to your computer. Your anti-virus software won't detect them, and you'd have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period.

What I gather from this is that "attacking" individual computers is "more costly" for them mainly only because of the individual attention needed for focusing on the target. Since it seems to be relatively easy for them to get into (any?) individual computer nearly invisibly, it does not seem like there are much risks to them from that.

Still I want to bring out that this concept of "attacking" a computer (which may be defined as "just getting the computer to open the network port NSA wants") may be easier with the newer version of Windows and its non-removable Group Police service. Something like that can (who knows) allow NSA to control what ports are open and what functionality is available - or not available - on multiple computers simultaneously. This would reduce the (time) cost of hacking endpoints.

anonymousSeptember 15, 2013 12:34 PM

Only way to use Windows is with Windows VM on VirtualBox with local host network only to shared files; Linux FreeBSD or Mac host to provide some separation; air gap is even better.

CuriousSeptember 15, 2013 12:50 PM

Being a someone who has next to no knowledge about internet security, I would like to point out that, as some kind of problem: that if one simply assumes that applied encryption is to work for you in some manner, then it seems to me to be important to acknowledge that wrongly assuming there is a working solution will have the implication of it being catastrophically bad if that which is believed to be a working solution are somehow turned off or otherwise non-functional.

So, I think it would be really crucial to have ways to try making sure that security features actually work as expected, before using them. Perhaps at some time that is not just before doing something of importance to you, in the case that expressing caution would warrant other peoples suspicion.

Whether or not it makes good sense to try test implemented security features, I wouldn't know. :|

DawkinsSeptember 15, 2013 1:43 PM

About the Intel chips being compromised as stated e.g. here Intel chips could let US spies inside: expert


The claims come after The ­Australian Financial Review revealed that computers made by Chinese firm Lenovo are banned from the “secret” and “top secret” ­networks of the intelligence and defence services of Australia, the US, Britain, Canada and New Zealand because of concerns they are vulnerable to being hacked.

Internationally renowned security research engineer Jonathan Brossard, who unveiled what Forbes described as an “undetectable and incurable” permanent back door at last year’s prestigious Black Hat conference, told the Financial Review that he had independently concluded that CPU back doors are “attractive attack vectors”.

Lenovo products are probably banned from the US secret and top-secret networks because of the backdoors installed by US government - these products are vulnerable to hacking by other countries governments due to those backdoors, and can thus not be used everywhere.

The funny thing is that the US government does this and then kicks out rumours that the products could be backdoored by the Chinese.

Question: would it be possible to include an OS-independent backdoor on a chip? (if yes, would this make the security of one OS over another a moot point?)

confused1September 15, 2013 1:53 PM

"5. ......Prefer symmetric cryptography over public-key cryptography....."

....."Since I started working with Snowden's documents, I have been using GPG, Silent Circle,......"

Symmetric just for documents?

wannabeguruSeptember 15, 2013 2:01 PM

Would it also make sense to increase the overall use of TLS web traffic, and apply pressure to ensure it is of a high standard? For example, more widespread use of the EFF's HTTPS Everywhere (or similar built into browsers), increased demands for TLS v1.2 support, greater implementation of certificate pinning, and public exposure of sites with non-existent or poor TLS support.

Mr Schneier's site could do better as an example (see detailed analysis). Though this may be the provider's (Modwest) fault, pressure is needed to force hosting services to improve their abilities. Of course, if they have been compromised then this does not matter.

Additionally, one could recommend the usual list: using Qubes (on appropriate hardware) with FDE and removable USB boot partition, plus regular updates, strong passwords, minimal trust, etc, etc.

Clive RobinsonSeptember 15, 2013 2:48 PM

One thing I would recomend people do is to find out how to enter your own Key Material into programes and not use the inbuilt random number generators.

Generating your own keys with dice might be a lengthy process but it's as close to reliably random as most people can get outside of a computer program.

Definatly learn the command line options of programs and importantly how to get them into an interactive mode before entering any sensitive data such as encryption keys. The reason for this is the actual command line is stored as plaintext in the computers memory in an easily identifiable place that can on some operating systems be easily pulled up by other users who have admin or other similar rights.

Also watch out for "cut/copy/paste" this likewise uses plain text in an easily locatable memory location.

Further learn how to turn the various types of "history" logging off for the same reason.

Likewise learn how to turn swapping/paging OFF then reboot your computer do your confidential work without starting other applications when done POWER DOWN reboot and turn swapping/paging back on.

Better yet learn how to use a CD only copy of your OS which does not use HDs. These have several advantages especialy if you remember to pull external connectivity first.

Not being funny but most basic "productivity features" are the equivalent of "spys" doing perfect shoulder surfing learn to live without them or not use them.

For those with more technical knowledge,

If you can learn an interactive interpreter which does not write to storage unless you tell it to this will enable you to write simple programs/scripts to do things which will make your life simpler (remember you can do an RSA encryption/decryption/signing using a simple perl script likewise with some multiprecision calculators like *nix bc)

If you run MS win/dos learn how to turn windows off and use old copies of Borland Turbo basic etc you can with some small knowledge write multi-precision maths using basic arrays and likewise write crypto code such as more secure versions of RC4 or other encryption algorithms.

At the very least if you are an MS win/dos user MS has included "notepad" for years this can be used as a basic plain text editor which only writes to disk when you tell it to and the disk can be removable media.

For those using *nix and FLASH media such as memory cards, usb thumb drives / memory sticks or even an external Solid State Disk. A couple of things you can do firstly learn how to use dd to read raw data blocks from the drive, secondly only ever right ASCII or ASCII Armord data/files to the drive you can then use dd to write and read files from the LBA addresses, plus it makes it much easier to spot files etc that you have not put there. Whilst not perfect most physical media malware is not fully ASCII or ASCII Armourd compliant thus you can use othe *nix command line tools to search the drive...

There are loads of other things you can do most of which you can work out for yoursel if you have the technical chops.

Ivan Z.September 15, 2013 2:55 PM

As for the air gap: how do you install security updates on a computer that has to be disconnected from the internet?

uboSeptember 15, 2013 2:56 PM

There are some 'interesting' sponsors of Open BSD. I woldn't rely 100% on it's 'NSA-proof' capability.

Just MeSeptember 15, 2013 4:20 PM

As a user of Truecrypt that has recently found a lot of talk on the www about the program being somewhat 'mysterious' shall we say and not 'open', it's interesting to read you're promoting it. I am still in two minds as to if I should trust it or not. People... please, look it up and see what others are saying about it's creators histories and the lack of transparency of the code. I'd be very interested in Mr Schneier' point of view.

AnonSeptember 15, 2013 5:05 PM

@Bruce

Why is an air gap considered a good solution when so much of normal malware is capable of spreading through usb drives?

Clive RobinsonSeptember 15, 2013 5:43 PM

@ Just Me,

    As a user of Truecrypt that has recently found a lot of talk on the www about the program being somewhat 'mysterious' shall we say and not'open', it's interesting to read you're promoting it.

I don't think Bruce is "promoting it" just saying he is using it. And I suspect the reason he's currently using it is to get access to the Snowden Documents.

Mr Greenwald was by his own admission compleatly usless at cryptography to start of with. However Ms Poitrus is a known long time user of both reasonable OpSec and Encryption because of the way she as a US citizen was treated by the TSA et al. I suspect that she was an existing TrueCrypt user thus gaining "compatability" would be a reasonably high priority.

What is not clear is what Ed Snowden thinks about TrueCrypt and if he knows anything about it from the documents he's obtained or was told as part of his job at BH or previously at Dell.

What we do know is TrueCrypt uses AES-XTS which is a brittle mode compared to others used for disk encryption which unfortunatly are covered by patents.

It's also possible to make serious mistakes with it like having two time spaced snap shots of the same disk. Which the TrueCrypt developers warn against.

Further there is some contention over MS OS versions of TC in that there are differences between it's output and the Linux version output, and that people who have built from source code supposadly cannot build the same functional executable. Not being a TC user I'm only getting at best third hand information that is lacking in detail so can not reach any other conclusion than considerably more detail is required.

As for the lack of visability of the developers it may mean nothing, everything or some point between these two extreams. It could simply mean the developers don't want to be publicly known for their own peace or safety. Or then again, that they are a front organisation set up by US or other govenmental entities. Again as I don't use TC it does not overly concern me.

However I do know that TC does not do certain things that I do so I tend to view it in a lesser light than I might otherwise do. It is worth noting that compared to "communications" security HD encryption is considerably more difficult to get right.

If you are concerned about TrueCrypt then don't use the windows pre-compiled executable build your own Linux version and run with that.

jhafSeptember 15, 2013 6:51 PM

In addition to Bruce's recommendations, I suggest using another technique, steganography, as a "weapon of mass distraction" (you'll see below the reason of this pun :).

If everyone starts using Emacs spook command (or something similar) when emailing, commenting or posting, we could increase the amount the data supposedly interesting for the NSA to analyze (but leading to nothing useful as those info chunks are false positives), thereby increasing the cost of spying us all.

Here are my 2 cents (in fact 3 cents!):

pink noise rs9512c MD4 cracking kilo class Bush Wired Defcon Fortezza Venezuela AIMSX passwd Clinton Panama Etacs SRI

Chobetsu underground clandestine Lon Horiuchi Reno counter terrorism Kh-11 $400 million in gold bullion Fortezza domestic disruption Majic Yukon SP4 president Afghanistan

explosion Echelon Ft. Bragg STARLAN [Hello to all my friends and fans in domestic surveillance] Medco ARPA PET Blowfish propaganda cybercash kibo crypto anarchy beanpole Marxist

Any risk of being sued by US government if I live in the US? :)

Nick PSeptember 15, 2013 7:59 PM

@ Anon

"Why is an air gap considered a good solution when so much of normal malware is capable of spreading through usb drives?"

It stops many problems that occur from always on Internet/network connections. A huge amount of problems. Less worries for you is always a good thing, right?

And you can always disable USB. And use a safer way of moving data although it might not be so convenient.

JacobSeptember 15, 2013 8:16 PM

Here is an idea:
Since the USG considers copyright violations almost on par with "terrorism", including extraditing perpetrators from foreign countries and handing out sever sentences to the guilty, I wonder if we write at the bottom of each email message a copyright notice allowing only the named recepient to read and store it.
It would be fun to watch the outcome, and the legal proceeds that might ensue after the next whistleblower comes along and provides proof of NSA reading and storing such messages. Honey trap messages can also be used for fun.

AnonSeptember 15, 2013 9:29 PM

@Nick P

If malware is capable of spreading through usb drives, then won't the secure computer eventually get any malware that is on the internet machine? Even back in 2010 estimates were that 25% of new malware was designed to spread through usb, and most that was probably designed by organized crime not militaries? In practice, isn't the "secure machine" really only as secure as the internet machine if you regularly transfer data through usb flash drives between the systems? And if you disable usb, then what can you use that's safer for bidirectional data transfer short of a printer and scanner with OCR?

RobertTSeptember 15, 2013 11:21 PM

Personally I've found there are two certain ways to reduce the interest that a state level security organizations have in you, they are
1) Dramatically reduce your electronic footprint
2) Stop being part of the security game, drop out completely and just go fishing. To start with it'll drive them crazy, covert surveillance of some rocky headland is a logistical nightmare. Eventually they'll pigeon-hole you as a "burnt-out-has-been".

Only after this cleansing process is it safe to get back in the water.

Clive RobinsonSeptember 16, 2013 12:10 AM

@ Anon,

    If malware is capable of spreading through usb drives, then won't the secure computer eventually get any malware that is on the internet machine?

Firstly that is true of any removable media not just USB.

Second, OK lets assume "malware" does get to your air-gapped mchine what is it going to do?

Thirdly, consider what other methods are available to get data across the air-gap as I guess you don't want to type a few GByte of random data by hand by reading from one screen Inet side and cross checking it with the screen on the iisolated side of the air-gap.

Originaly malware was considered "egoware" and used for braging points, practicle jokes and the like and was mainly consiered a signifigant pain to clear up.

Then for whatever reason the malware payloads got nasty, deleting data or encrypting it stealthily then encrypting the key with a master key that was then deleted and a "ransom message" appeared.

For over a couple of decades malware was one way it fanned out from an initial point of infection, data did not go back to the person who released it.

Even today that is the prefered malware way, because the return path is two difficult to hide behind when it's hard coded into the malware. As has been seen with malware that is used to set up bot nets the command and control server is very vulnerable and needs either stealth or significant hiding techniques to stay in business for very long.

Witness the recent debacle with the Feds getting into a hosting service and putting anti-TOR malware on it. Even though it only sent a small amount of traffic back it got fairly quickly "outed" and the malware disected publicaly and the Feds "phone home" server getting public attention that reveiled information that alowed similar servers to be identified.

With some malware the CC server is assumed to have a short life, the malware phones home and the originators use a masking proceadure not unlike TOR to down load the list of infected IP addresses. They then call back using their masking proceadure to control the infected machine.

The problem is getting the data back covertly or even overtly if the destination machine is on the other side of the air-gap it can not reach out across a network because it's not connected to one, nor for the same reason can the destination machine be called.

There are ways to cross the air-gap in both directions but shifting large quantities of data back is going to be noticed fairly quickly if the air-gapped machines users take sensible precautions.

Now please don't ask me what the reverse direction method is or the precautions you need to take, because for obvious reasons it makes an attackers job much much easier.

What I will say is that if you read my post further up it suggests a way that you can check fairly easily by hand removable media for contamination at a simple level. You can of course augment this in other ways with a little thought.

The main issue I have with USB is that the actual hardware can do the equivalent of an "auto-run/boot" and you cannot stop it. It's one of the reasons I still use "old school" magnetic media and have a reasonable supply of 1990s and earlier motherboards and floppy controler ISA cards.

However when you are talking small quantities of data like personal email you can use a serial line "Data Diode" which can still be done even with modern serial port less laptops etc by the use of USB-Serial dongles. The hard part is monitoring the serial line with a protocol analyser to check what is going over the 3-wire serial interface. I have the technical ability to do this myself using non PC components which makes an attackers job very hard even if they do a "black bag job".

If you want to make your own serial analyser you can find plenty of books on micro-controler programing with nice example code of how to talke to onboard serial interfaces or to write "bit banging" code. The development boards are often very cheap for instance you can pick up oones for MicroChip and Atmel chips for less than 50USD and the more modern ones even have USB interfaces back to a PC where you can do further analysis and display the results nicely etc.

Ravan AsterisSeptember 16, 2013 12:43 AM

I actually have been considering spinning up a Tor node, and then sending nothing but inane crap and heavily encrypted food recipes over it. Maybe a science fiction story or three. IOTW, junk and noise. Then buy stock in supercomputer companies so I can profit when the NSA spends lot of time and money cracking nothing.

wisharSeptember 16, 2013 1:14 AM

Ok as an ex-NSA tech consultant I can seriously say there is no hope. NSA tech goes far far beyond anything cited i this article :( Sadly, the stuff we saw was Area 51 and DARPA level. Some tech so advanced it involved quantum entanglement and nanogravity :( There is simpoly no way NSA can be avoided. In fact, their warroom is like a frickin battlecruiser. They are prepping for something greater than the human race :(

Concept TinkererSeptember 16, 2013 1:45 AM

My concern with this sort of advice is that if I follow it, as someone with very limited technical expertise, my internet traffic will suddenly get a lot more interesting. In turn, this could prompt the NSA to hold onto my older, unsecured traffic longer, assuming I could even get adequate security for the new traffic. Is there a way to defend against the NSA without making myself a target?

TimSeptember 16, 2013 2:01 AM

"Encrypt your communications. Use TLS"

TLS was mentioned in the post but never defined. What is TLS?

SeerakSeptember 16, 2013 3:05 AM

Sounds like the Battlestar Galactica strategy; the reason the Cylons couldn't hack it was because the computers were deliberately archaic and un-networked.

I see Ebay prices for older hardware starting to creep up. Things like 68k Amigas and Macs, PowerPC Macs, old hard drives in external enclosures using original FireWire or even SCSI. Stuff that predates 9/11 and is unlikely to be compromised, or even compromiseable nowadays. Write drivers on these old machines for modern hardware, construct the interface, malware couldn't touch the target, not even USB keys with hacked drivers in their firmware.

No Sugar AddedSeptember 16, 2013 3:41 AM

"Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."

Is there any reason (other than DUAL_EC_DRBG) to believe the NSA is doing this? Or that subverting ECC is even theoretically possible?

Is there a reasonable response, other than "I trust Bruce," to those who claim you're spreading FUD about ECC? Anything that makes this more than just a matter of opinion?

What about the assertion that the NIST curves are "verifiably random?"

Peter A.September 16, 2013 3:58 AM

@Kord Campbell:

... and the moment you buy a ton of cheap USB sticks, you've become a "person of interest" ;-P

AlbertoSeptember 16, 2013 5:14 AM

Bruce, in your book you say that bitlocker as no backdoor.
Remember?

Mr. Ferguson is a CIA Agent? and you?

I think you must speak about them!

Thanks

Crusty The ClownSeptember 16, 2013 9:45 AM

Apropos USB sticks, is there a way to make a USB stick read-only? And would this block the stick from being formatted?

This would not stop virus transmission but it would be useful for some other stuff I was thinking about.

Dirk PraetSeptember 16, 2013 10:30 AM

  • Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.

For those using Tor or interested in doing so, I'd like to quote from the docs a couple of additional tweaks to up the ante because - in general - many folks don't bother to read them. The recommended way of going about Tor is by downloading and running the self-contained Tor browser bundle (TBB), currently at stable version 2.3.25-12 and available from https://www.torproject.org/download/download-easy.html.en . TBB comes with an anonimity/privacy enhanced version of Firefox ESR (Extended Support Release). It is important to notice that this FF version generally is behind the latest features and technologies found in more recent releases like v23.

- By default, Tor does not prevent somebody watching your Internet traffic from learning that you're using Tor. You can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. In addition, obfsproxy is a tool that attempts to circumvent censorship by transforming the Tor traffic between the client and the bridge. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic. Experimental TB bundles that include obfsproxy are available from the project's pluggable transports page.

- More advanced users may wish to use unstable TBB beta/RC version 2.4.17 or roll their own from source code. As from 2.4, Tor uses ECDH instead of the previous 1024-bit RSA/DH keys which are believed to be within reach of the NSA.

- Those choosing to run the stand-alone Tor service are advised to use a dedicated or other browser than the one they are using for normal surfing (and without Flash, Java et al).

- The TAILS distribution torifies all browser traffic by default without requiring any particular setup or configuration. You can run it from USB, DVD or as a VM.

Remember that although Tor is probably the best-known anonimyzing service in the field, there is also Freenet, I2P and JohnDo

  • Encrypt your communications. Use TLS. Use IPsec.

Many Firefox users are unaware that their favourite browser is lagging behind other popular browsers in TLS support. With IE, Chrome, Opera and the like fully supporting TLS 1.1 and 1.2, Firefox as of current version 23 only supports TLS up to 1.1, a setting which is disabled by default and not easy to find. This leaves FF users in a somewhat particular situation: because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0, as a consequence of which best practice currently recommends prioritizing RC4 on the server. However, RC4 is now thought to be broken or compromised too. In TLS 1.1 and above, this is not an issue. It is therefor useful to enable TLS 1.1 in FF 23 and disable RC4. This may break some sites, but which is then indicative of their admins not doing their job properly.

- In the url bar, go to about:config , then search for security.tls.version.max and set it to 2, which will enable TLS 1.1 .
- Do another search for RC4 and set all booleans containing this value to false.

Note that the upcoming FF 24 is said to contain TLS 1.2 support and that TLS 1.1/1.2 in Opera is also disabled by default. They can be enabled in Settings, Preferences, Advanced, Security, Security Protocols. Don't ask about Safari or IE, which I consider backdoored by default and will never use for any sensitive stuff.

  • Be suspicious of commercial encryption software, especially from large vendors

Toss Bitlocker, especially if you're on a Windows 8 machine with TPM 2.0 support. It's said that they key is stored in the TPM module which is accessible by M/S. As for Truecrypt, I refer to previous threads on the matter.

Ernie OportoSeptember 16, 2013 10:52 AM

If they’re working with vendors, why would you trust GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit or PasswordSafe? How many of those are open source?

Nick PSeptember 16, 2013 11:59 AM

@ Anon

"If malware is capable of spreading through usb drives, then won't the secure computer eventually get any malware that is on the internet machine? Even back in 2010 estimates were that 25% of new malware was designed to spread through usb, and most that was probably designed by organized crime not militaries? In practice, isn't the "secure machine" really only as secure as the internet machine if you regularly transfer data through usb flash drives between the systems? And if you disable usb, then what can you use that's safer for bidirectional data transfer short of a printer and scanner with OCR? "

Funny you mentioned printers and OCR's: that very night I was re-working solutions using scantrons, high-capacity barcodes, etc. My old analyses remains sound: they're impractical for most applications for economic, usability and to a small degree subversion reasons. Moving on.

Clive addressed the first point about "what can it do when it gets there?" If the communication is totally one way, that's true. If it's back and forth, your issue with air gaps is valid. The main concept is that the untrusted node is compromised, it slips highly sophisticated malware to the other one, that system is subverted, it leaks its information back to the other system, and that system makes sure you don't see the leaked information. Sound complicated? Yeah, air gapped systems with careful communications protocol makes successful two system compromise that much harder.

Choosing Transfer Mechanism: Varying Robustness

1. If one-way, a data diode is the simplest mechanism. Pages online exist for making them out of ethernet cable. People are often concerned that, without a feedback channel, there's no achknowledgement or dropped packet defense for file transfers. The simple solution is sending stuff over UDP with multiple packets for each chunk of data and always doing it at a speed both systems sustain. The most manual solution is to make sure files are sent in chunks of predetermined size with hashes of chunks and the file as a whole. Send the file, other system shows resulting hash. If it matches, total success. If not, individual chunk hashes tell you which to resend. When other side has all pieces, it can build the whole file. And using archive files makes all this much quicker. ;)

2. Read-only media. CD-R's and floppies mainly. Write-protect is sometimes suggested however HD's and flash drives have hardware in them that might be subverted. Looking for anomalies on a disk's files is MUCH easier. ;)

3. *Simple* two way hardware and protocol. The most open source implementations and component vendors the better. It's also good if it's not DMA. So, you might use serial (safest/slowest), IDE in certain modes, infrared (clive's suggestion), or recently audio (under 100bits/s). Better if the protocol isn't very interactive. You kind of do a certain amount of processing on one side, then the other gets to talk. Let's avoid complicated discussion by just saying it helps you in a few ways.

4. Content checking + no direct connections. Some users don't want the untrusted system to know anything about the trusted system. And they want to automate most of these steps. And they might want a strong system to scan/validate the content before transfer. And maybe they want to update that a lot. Systems used for this are called Guards. The NSA, FBI, DOD, etc. use these to connect networks of highly trustworthy and untrustworthy system. They tell us to get EAL4-certified firewalls, then they use robust Guards. So, I recommend guards. ;)

This is an example of my claim that "NSA taught us how to beat them." The old days would lead to guards with minimal hardware base, dedicated hardware ports for each network, highly trustworthy TCB (B3 or A1), a different piece of software for each security level or device, and a highly assured transfer mechanism that enforced policy (checking, access, etc.). Examples of high assurance guard designs include Aesec's GEMSOS Virtual Guard Architecture, Boeing SNS Server, and BAE's SAGE on XTS-400/STOP OS. There are also guards built on hardened Linux (eg Raytheon), OpenBSD (GENUA/germany), and Micro-SINA VPN could be turned into one. The low assurance versions have benefits of availability, open code for TCB, and ability to run on foreign, low-subversion-risk hardware.

(Note: When building guards, make sure each component is isolated to the MAXIMUM amount, even for system calls. Make sure all communication is done using OVERT means and highly robust enforcement happens on EVERY communication attempt. The messaging/IO layer should be simple as heck. If there's any complexity, push it to the applications so at least the failures are isolated a bit into them. These principles existed in *every* solid guard design and I see no reason to change them.)

5. NSA Key Fill Devices. I've been toying with idea of copying them for a while. I think they use these for air gapping & high assurance against subversion. Basically, the key material starts in their EKMS and ends up in a specific device. The manual method of transfering it uses a "key fill device" that securely takes key from one system, then you can plug another into it, type some commands, and the key is transferred. You'll see where I'm going here if you replace "key" with "huge archive file" and "key fill device" with "fixed purpose, file storage & transfer device with no capability of doing anything else." There are SO many robust implementation possibilities for this design compared to general purpose systems, it negates the transfer risk, and it could be push button simple by design.

(Note: That same design could be tweaked for use in recovery based architectures and auditing. I'll leave those to readers' imagination.)

So, there are quite a few possibilities. Choose which one you feel most comfortable with.

RCSeptember 16, 2013 11:44 PM

@John Yardly

The most popular TrueCrypt "red flag" list is discussed (and basically debunked) here at Wilders Security:

Debunked through counter-ranting? How about debunking through actual proof? Of course this would be the same dilemma Saddam Hussein was presented...prove that something isn't there...

ScottSeptember 17, 2013 1:58 AM

I don't think we should necessarily avoid ECC all together, but instead we should use the ECC Brainpool curves which were created due to the suspicion behind the NIST/SEC curves.

http://tools.ietf.org/html/rfc5639

Does anyone know if there is any good reason why standards like SEC use 521 bit prime curves instead of 512 bit? It just seems suspicious, as it makes it less convenient and doesn't seem to have any advantages.

mcjtomSeptember 17, 2013 9:59 AM

"If malware is capable of spreading through usb drives, then won't the secure computer eventually get any malware that is on the internet machine?"

I'm not sure if this is practical, but perhaps having two air-gaped computers, one of decryption, one of encryption, and move the infomation one way only could be the answer?

Use fresh USB (or CDR) to move files from the internet computer to the decrypting air-gaped computer. Decrypt it, read it. Then use the second encrypting air-gaped computer to write and encrypt things, then move them back on fresh USB to the internet computer for sending.

The operator that reads on one machine, but writes on the other is a second air gap between the two. I would also physically remove all communication devices, especially wireless, from both of the air-gaped computers (WiFi, BlueTooth, Cellularmodem)

It may be inconvenient but not much more than having to use an air gap in the first place. Would it actually provide much stronger protection than a single air-gapped computer? - I don't know. It may.

JoseSeptember 17, 2013 10:57 AM

NSA is one terrorist agency, full of terrorist with white gloves, delincuents and nothing more. How people will accept on millions working togheter, cracking the privacy and life of billions of people? Time to gain internet, over the battle agaisnt the NSA terrorist. Killing in the name of god and stealing for the crown...? Please, be must stop these nerds, and take it back internet... for the safety of whole world

AlanSeptember 18, 2013 9:29 AM

Defending against USB malware: disable processing of "autorun.inf" in Windows with this 3-line registry hack:

http://blogs.computerworld.com/...

REGEDIT4 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] 
@="@SYS:DoesNotExist"
This hack tells Windows to treat AUTORUN.INF as if it were a configuration file from a pre-Windows 95 application ... it says "whenever you have to handle a file called AUTORUN.INF, don't use the values from the file. You'll find alternative values at HKEY_LOCAL_MACHINE\SOFTWARE\DoesNotExist." And since that key, er, does not exist, it's as if AUTORUN.INF is completely empty, and so nothing autoruns, and nothing is added to the Explorer double-click action. Result: worms cannot get in - unless you start double-clicking executables to see what they do ...

JoseSeptember 23, 2013 11:24 AM

Use the unconfortable OTP encryption and game over for NSA , rivers of words could be written, BACKDOORED or NOT BACKDOORED...? Use OTP and final point to the disscusion.

Nick PSeptember 23, 2013 11:37 AM

@ Jose

It depends on TRNG, a host, and transport mechanisms that aren't subverted. NSA has subverted each of these in the past. OTP would merely be the start of a new discussion about why it wasn't good enough by itself. QED.

JoseSeptember 23, 2013 11:10 PM

@ Nick P

Thanks for your advice, I think you are right.... but I dont see another option, is too much to understand in few months, I will apply OTP, at least from my part. Thanks

AaronSeptember 24, 2013 9:41 AM

Password management programs are a bad idea, regardless of who wrote them. They will be targeted and they highlight that you are hiding something. Instead, use random methods of hiding things inside of random things that only your brain knows about. Combinations of the most complex to the most simple forms of encryption and stego are one such example. Do not rely on any one "thing", "system", or "method".

ENTP'er.

PolaczekSeptember 24, 2013 12:56 PM

Zamiast uzywac USB użyj kodów 2D. ew. uzyj LOGOS64 i skanowania tekstu i OCR (Base64 się nie nadaje)

Bill NortonSeptember 24, 2013 4:35 PM

I have been working on a rule #6 for you - If you can, employ Internet Peering to minimize the number of network hops between you and the end point you communicate with.

The argument goes like this:

Where the commodity Internet intermingles all traffic, Internet Peering segregates a subset of the offered traffic to directly exchange with a peer - it bypasses the Internet Transit service. As a result, for this subset of peered traffic, there are fewer places that one can tap, divert, mirror, or otherwise compromise your traffic, etc.

Secondly, the peered traffic, being segregated from the commodity Internet traffic, is less likely to suffer as a side effect from a denial of service attack that happens to impact the path along a transit service. The peered traffic, bypasses the transit network, goes directly to the peer so tends to be unaffected by DDOS attacks elsewhere in the commodity Internet.

Finally, from a practical perspective, peers exchange technical contact information so when things do break, or if the DDOS attack is aimed at you or your peer, then the peers can work more effectively together to address the issue. If this attack came from your transit provider, the transit provider may be able to help, but most likely has a bunch of other fires burning at the same time. Direct access to the engineers helps speed up the time to repair.

I have an upcoming US Telecom webinar called "Peering Improves Security" where I will step through the logic of the argument, but these are the broad strokes. This doesn't solve the security problems, but from a practical perspecitve, peering has proven to help.

A R DrenthSeptember 25, 2013 11:55 AM

Bruce,

Have to disagree about AVG, not from a functional but from a user point of view ... 1. download AVG Free 2. include Toolbar to get extra features 3. restart 4. AVG window 'Problem Detected - Fix?' and no further information 5. fix ... hang ... no exit 6. power down, wait, power up 6. repeat, as doubts grow 7. uninstall ... toolbar won't uninstall, though application does 8. repeated invitations to send error report to AVG, despite declining right at the start 9. also uninstall unasked-for components supplied by AVG (some Visual Studio software)

Why do programmers NEVER seem to concern themselves with the end-user experience? Is it because my PC is an'unstable' environment? Pretty much like everyone else's. You will go on being a closed community unless that changes, or until the technology becomes self-healing.

AnonyhedgehogOctober 3, 2013 4:43 PM

Since I'm not doing anything that the NSA would be concerned about, I'm not particularly concerned about avoiding them; If they have enough intellect to crack my computer, they have enough intellect to recognize I'm not a threat, and therefore not someone to bother about.

I am however, concerned about groups that might have affiliations with them, particularly, local law enforcement. While the NSA is smart enough to ignore me, my ex-wife is not, and has a penchant for malicious prosecution (in both the legal, and general sense).

My understanding of all of this is akin to home security - a determined enough burglar will break into your house; the objective thus is not to prevent, but to create sufficient deterrence that the cost/benefit leads the burglar to lose interest or choose an easier more fruitful target.

So, considering all the above, my question is, how far is the reach of a sophisticated, well funded police force, with access to other government agencies, and are the techniques described sufficiently adequate to fend them off? Is anyone able to comment on the extent or degree to which various governmental agencies cooperate on these matters?

George OrwellOctober 7, 2013 6:42 PM

@Anonyhedgehog

The agencies of the "5 Eyes Alliance" countries, those being US, Canada, UK, Australia, New Zealand (and basically Israel.. so 6 eyes) are all using what's called parallel construction to kick down intel ops to law enforcement for a variety of reasons. It could be maybe Agency A owes Agency B a favor, or as we've seen in the case of the FBI going after the head of the CIA they could possibly extort intel from national spy agency employees or other political blackmail and then claim in court an alternative method was used to discover the original information (parallel construction). DEA has already admitted to doing this.

You should be concerned about this because what if your ex-wife or girlfriend ends up dating somebody with access to this information. NSA employees have already been exposed to have spied for personal reasons and I have yet to see anybody be punished for it.

You should also be concerned if perhaps you design secure software, are a critical author, are a politician, or even a community activists or labor organizer because the regime in power would like to stay there, and why not use this new Orwellian level of spying they have available to them to ensure no dissent. They won't be kidnapping you in the middle of the night (yet) but they may use political blackmail to ensure you are discredited or perhaps jailed, as in the case of the Qwest CEO who resisted NSA requests to backdoor his telecom. He quickly found himself tossed in prison for nebulous other charges.

In other words, the lines have been so blurred between national spy agencies and law enforcement even the government themselves have no idea what the limits are anymore. Watchdog agencies have been gutted or outright dismantled in the 5 eyes alliance countries so nobody is watching the watchers. Now throw in an exploding business in private contractors developing exploits and surveillance for law enforcement so they can push a button and backdoor suspects phones/computers and you have all the ingredients for totalitarianism.

Don't forget there's a blackmarket for contracting shady hackers and spies as well. China's so-called Hidden Lynx uber hacking group are mercenaries for hire.

ITOctober 10, 2013 1:47 PM


How do you know the computer you bought as an air gap has 'never been connected to the internet'?

Magnus RavenOctober 10, 2013 3:27 PM

According to an article in Wash. Post, a reporter from that newspaper was speaking at a Cato Institute conference and said "The Washington Post has a practice of talking to the government before running stories that may impact national security."

Thus they had spoken to the governnment about the Snowden files, for example. And above article tells us that they refused to accommodate the government request to remove the names of cooperating telco's.

What that article does not tell is what did they agree to remove? For example...are there any post-2010 documents or slides from Snowden?

Additionally...since NSA creates profiles on at least the US citizens, GCHQ likely does the same on at least UK citizens. And some documents have provided some details about the cooperation between NSA and the German BND (Bundesnachrichtendienst).

So the story is probably that the German service uses NSA as a proxy to survey on their own people.

mcOctober 12, 2013 3:40 PM

The only way not to be tracked electronically is not to use electronic systems. Long term technology will only progress and thus opportunity for tracking and surveillance will increase. The solution will however be political not technological. Only when this issue is in the psyche of every man and a real political issue up there with the cost of gas and education will adaquate solutions be found that both protect individuals from their own government and allow their govergent to pretect them from other governments, private organisations, corporations, criminal enterprise and the like. In the mean time simply don't use cell phones, especially those with gps, you don't really need them to enhance your life, pay with cash wherever possible and communicate in person and by the written word as much as possible. Of course if people want to still spy on you they will but with a lot more human resource and time and thus consideration.

Keep fighting the technological fight guys but remember to lobby politicians by informing them of the issues and keep all your finds and family informed. Get them to inform their friends and family and so on. The nsa / mi6 / fsb are not the enemy, as is the case with everything public ignorance and apathy is.

E CamnerOctober 26, 2013 6:08 AM

For tyranny to prevail requires simply that enough good men do nothing. Edmund Burkle

Get Automation Bots November 8, 2013 3:39 PM

Whenever i to begin with commented I actually manifested itself a -Notify everyone while brand new suggestions will be added- checkbox and from now on any time a opinion is additional I receive 4 e-mails together with the the exact same remark. Perhaps there is almost any process you could possibly take away my family via which company? Thanks a lot!

d conneryNovember 11, 2013 4:46 PM

how apprapo the movie from 1998 {enemy of the state}
where they talk about the NSA being able to do all the things we do today and then some!!! Indeed, we are in the Big brother state.

anonymouseNovember 14, 2013 9:47 AM

Become Amish and you won't have to worry about the NSA!

"The only winning move is NOT TO PLAY!" Wargames 1980

MouseSNovember 21, 2013 8:02 PM

Thank you Bruce! I've been using other people's PC's to do research until lately, VPN, or hard access. Thanks for leaving all the tips. I'll start downloading shortly.
What I've found, which is the info they don't want anyone to know. THAT, their owners, the Reserve Bank's (or Central Banks) counterfeit money, they brutally force governments of nations to accept their 365 day 'loaned' paper, expecting it back and with interest. These false banks then set about 'inducing debt' into the afflicted nation. War, civil war, racism, unending public works constructions, terrorism, anything to make the govt use more debt-currency. Because the more they use, the faster the drain of 'actual wealth' out of the country to these false banks (the interest payments). They sell the debt log to China or others for a fast buck, basically, they sell off your country and your future to others.

Israel ends up with the extorted money as that's where the chain of money(gold, wealth, land, resources) goes. And this is why the NSA steals anything it can get its hands on, technology, insider info, mass data. Eventually it ends up in that horrid little middle east country. NSA is Israel's little pet to ensure that none know of how they extort politicians, bribe, murder and keep the wealth drain on America and other nations. The currency in your hand is NOT owned by you, nor your nation.. It's a ever-stealing, rental note.

The NSA doesn't work for America, nor the FED, nor many of the other 'security' organizations. They just ensure no one finds out about their war & debt-money-scam.

They also print unlimited amounts for their own purposes. The most criminal of all organizations is what JFK referred to, what Hitler ran out of his country, and all the other nations who get squashed because of them.

Thank you for allowing ordinary people like me and my friends to continue to find out about this stuff.

Mouse

MetalMusicFanNovember 24, 2013 5:25 AM

Good article, great comments.
I'll add - "Just because you're paranoid, doesn't mean they're not out to get you!!!"
:)
... however there does come a point where it is overkill, and one of the comments mentions you make it harder to break-in, and the basic thieves shy away. You'll never find or make a "perfect system" that is completely safe. :D Such a thing cannot exist, not only according to "Murphy's Law," but, just observing life also tells us this.

Simon CliffNovember 25, 2013 4:34 AM

I can testify that Bruce is getting warm with his observations. I also feel that he is being ultra conservative with regards the scale, invasiveness and the sheer ability of the software that the that the NSA have at their fingertips.

This site looks like a recipe site for meatloaf.

I'm not full of admiration for Bruce like everyone else on here. What are you? Who are you? A commentator or an activist? I don't trust you. And i'd advise anyone reading this to not trust him either. Or me.

He just doesn't sound like someone that's had the living wits scared out of them by these spooks and their ability to turn your life upside down.

Bruce, we know there's a problem but can you get on with solving it? Nothing you have so far written helps me on a practical level. Nothing at all. I don't trust the Prism 9, but I certainly don't trust ESET, Little Snitch, Bruce Schneier, or anyone. Apart from Noam Chomsky.

Folks, we are living in a far more engaged situation than this old bugger would ever have you believe.

Neil CameronDecember 1, 2013 5:35 PM

Thanx Bruce, excellent info and superlative paranoia,
perhaps we need a new cryptog-philosophy for our future,
I'll nominate you as one of the charter prophets for our new
collective of cognition.
As you are a consultant for BT, and deserving of endorsment
perhaps my kin can refer you to the Queen for a knighthood.

Mordecai SvensonDecember 4, 2013 6:35 AM

When reading these fascinating and informative pieces I wonder why I never see Qubes OS mentioned. Windows, Linux, etc are looked at ad infinitum but not once have I seen anything (other than on the Qubes OS website) how this unique and very secure OS holds up to these various attacks and infiltrations. I run Qubes and while it isn't completely there yet and can be complex and difficult to use I see its approach as very helpful to maintaining the most secure platform I can find.

non-SimonDecember 5, 2013 7:54 PM

@Simon Cliff, Simon, this is just one article by Mr. Schneier. I, as another "old bugger," recall similar taunts thrown against PGP creator Phil Zimmermann in years prior... a man to whom we owe immense gratitude. Your anger is misplaced. Schneier has written hundreds of articles, most containing leads to sources of more detailed information. I humbly urge you to embrace the few allies we have in this struggle. It's worth remembering that those whose "profession" is attacking our freedoms are, in fact, criminals.

NonaDecember 30, 2013 12:40 AM

Do you use EMET (Enhanced Mitigation Experience Toolkit) also known as the anti-exploit toolkit) on Windows?

neatDecember 31, 2013 1:30 AM

"Do you use EMET (Enhanced Mitigation Experience Toolkit) also known as the anti-exploit toolkit) on Windows?"

isn't that proprietary? do they offer source code?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..