Security and Whistleblowing with Signal and Moxie Marlinspike

Signal

New Orleans   Not long ago in the Edinburgh office of ACORN, I got a crash course in some simple things about basic email and text protection from spying and other weirdness thanks to one of our leader/organizers, Jon Black, who has done a deep dive on some of this stuff, so now that everyone is looking over our shoulders, maybe it’s time to share some tips.

I had fooled Black and masked my basic techno-peasantness because I knew about the legendary Moxie Marlinspike who is seen by many as the world’s expert on encryption. Of course I only really knew about Marlinspike because I had read a number of articles by him, thought the name was fantastic, and liked the fact that he was not your standard issue Silicon Valley greed grubber. Jon has actually read all of the terms and conditions so he was able to explain to me exactly why Moxie’s Signal was better than WhatsApp, which Marlinspike also developed and is now owned by Facebook. There was an important difference involving setting specific controls on WhatsApp for the user to be notified if someone was creeping up on their account, which are automatic for Signal. At least I think that’s what he told me.

But, anyway, Signal is actually owned and run by Marlinspike, so that should just be enough. Importantly, when WikiLeaks dropped the dime on the CIA at first I shouted out for Jon that they had managed to break through the encryption at Signal, but that was wrong. I heard the Moxie-man on the radio and he made it very clear, and it’s been confirmed elsewhere since, that they cracked the smartphones, not the apps. Of course one thing is still important to remember. To really encrypt your phone calls, video calls, and texts on Signal, the other party also needs to be on Signal. It’s an easy switch, and I’d recommend it as a “why not be safe rather than sorry” move.

Another recommendation for moving in this direction were some tips I saw recently in the magazine, “Wired,” for being a leaker or whistleblower and hoping to protect your anonymity. When it came to doing so with a phone they made the following suggestions, which many would have known form any close viewing of the great HBO series, “The Wire:”

“Buy a burner – a cheap, prepaid Android phone – with cash from a nonchain store in an area you’ve never been to before. Don’t carry your regular phone and the burner at the same time, and never turn on the burner at home or work. Create a Gmail and Google Play account from the burner, then install the encrypted calling and texting app Signal. When you’re done, destroy the burner and ditch its corpse far from home.”

They never say the words GPS, cell tower triangulation, or Stringer Bell, but almost all of these cautions underscore the fact that when you’re rolling with your phone – especially if it’s switched on – anyone and everyone can track you anywhere and anytime. Regardless, I would call those instructions a huge product endorsement for Signal as top of the line, best in class now especially for the price. Heck, it’s free, so you get more security for nothing. What’s to lose?

Facebooktwittergoogle_plusredditpinterestlinkedinmail

A Funny Thing Happened on the Way to….America?

Signal-encryption of WhatsApp

Signal-encryption of WhatsApp

Denver    The modern world is a conundrum in an exploding time capsule. Every time we make the mistake of thinking that what we’re reading in the news is strange, exotic or frightening, we are still surprised when we trip over it, and it slaps us up the side of our faces.

I thought this as I read my email yesterday and got a delayed message from one of ACORN’s ace organizers in France. The first message was usual business, following up on this and that, but I scratched my head as he referred to an earlier message he had sent, as if I had received it already. And, later I did, and that was weird, and the message was disturbing. Despite his having a pre-approved visa to visit the United States, including spending a week in New Orleans later in August for extensive planning with me at our offices, he had been denied access to the airplane and told that his visa had been inexplicably revoked yesterday. He was hit by a bolt of lightning out of nowhere.

This has happened to me twice earlier this year as I was denied a visa renewal – with no explanation – to India. I’m the least paranoid person in the world. I assume “they” know everything and just keep on rolling, putting it in the category of something like a hurricane – past my ability to control or predict. Today though, I found myself reading closely a story in Wired about a crack encoder and rebel with many causes with the nom de guerre of Moxie Marlinspike who had developed a super encryption program called Signal which is embraced by all the right people and feared by all the wrong people. I’ve never been an encryption guy, partly because as a techno-peasant, who is still not sure Windows 10 is even a good thing and pretty certain I don’t have 4 to 6 hours to do the changeover, I always worry that if I encrypt my emails, I won’t be able to get in them, but all of this is getting worrisome to me. I also don’t like coincidences.

In this case maybe there’s an explanation, but in every case “maybe there’s an explanation,” but that doesn’t mean that the ways we want to rationalize events matches reality. On my India visa, I continue to hope that I just filled out the application incompetently, even though I applied twice with the same result, and my local Congressman’s office who promised assistance isn’t responding to my calls and emails anymore.

In France, in the wake of the recent massacre in Nice, the president had renewed a state of emergency through July 26th, which was the day my colleague was flying. Did he get caught somehow in that mess? He speculated that the fact that he had been in Lebanon and Syria a decade ago might have red flagged him in these crazy “end” times. Maybe work in Tunisia and Morocco were also a problem. Who knows?

And, that’s my point? Who knows how national security forces are working these days? The Obama Administration might not have gone all Trump on keeping people out of the USA, but when the French and Americans put their heads together and add an “excess of caution,” as they call it, with no explanation ever offered or available, maybe the Moxie’s and the rest of the gang are on the right track, and I’m the last citizen of Lulu-land.

Meanwhile, I read that Trump is asking Russia to get its hackers on the job to cough up more emails lost on Hillary’s server. If he were living on Pennsylvania Avenue, would any of us – I mean people like me – be able to travel at all?

What was the name of that encryption program, Moxie? Was it Signal? Is there a user friendly techno-peasant version for the rest of us?

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Apple Takes a Stand among the Silicon Valley Pygmies

50470_1_fbi-orders-apple-build-iphone-backdoor-cook-explainsNew Orleans   I’ve never been a big Apple fan. Sure we started with Apple IIe’s and then Macs back in the day, but as they upgraded, they priced us out both organizationally and personally. They scream 1% around the world. Then there was Steve Jobs who I found hard to love for his abusive handling of his co-workers, whatever else might be said about him. I just didn’t want to be part of a cult.

But to modify the old saw, the sun shines on an a different old dog every day, we might say, and Apple deserves praise for standing tall in the face of government intrusion, while so many of the Silicon Valley giants prove themselves to be pygmies when it matters. Even better, they didn’t pick an easy time to draw a line as they said, “no,” to a judge’s order to crack the contents of the San Bernardino terrorist and mass murderer in order to help the FBI on its appointed rounds. Predictably, the Republican yahoos running for president went wild on this issue, accusing Apple of everything possible including aiding and abetting ISIS, and equally predictably, the Democratic candidates buttoned their lips to see how the whole valley would react to Apple’s courage since that is a field they harvest in this season for huge campaign contributions.

Some of this issue is deep in the weeds past all of us techno-peasants to sort out, but Apple is saying that the FBI is asking them to create a “backdoor” in hacker-speak to break the encryption, while the government is saying, hey, dudes, do us a favor on just this one phone. Many find it incredible that the government couldn’t hack the phone, but they claim that they had to ask because they were up to the limit of ten tries before the phone would shut down, almost Mission Impossible style, and be past the point of return. Having recently been forced to refile a visa application to India because their website cancels everything after three unsuccessful efforts to pay them money, I am fully ready to believe almost anything is possible.

The back story turns out to be that this push-and-shove between the feds and techies has been going on at Apple for over a year with one request after another on beefs from drugs to whatever until finally my guess is the government figured they had a game changer where they could claim that national security trumps corporate interests. Tim Cook, the Apple CEO, stepped in and posted a letter to I-phone phreaks explaining that the company had refused the judge’s order and would fight the mess.

Experts believe that Apple may lose this battle, but will win the war. Cynics, and count me as one here too, believe that Apple will make megabucks whether it’s heads or tails. Now their global market will be protected because they are sending a message they are not America’s bitch, so cha-ching. And, if they lose, trust me all of the next gazillion upgrades will transfer encryption breaks to customer controlled password protections, so that there will be no back door possibilities without the customer’s permission, thereby absolving Apple in the future, and transferring the problem and permission to the phone holder to protect or yield on their own privacy. Oh, and forcing Apple fans to buy one of these new up-to-date super-encryption protected phones as well. Cha-Ching!

As for the rest of Silicon Valley,Twitter and Google kinda-sorta sided with Cook and Apple without mentioning their names, and Facebook and Amazon, big boys with command-and-control issues decided to hide out and hoped that no one notices they are big fat chickens, cluck, cluck, clucking too afraid to cross or draw any line on the road.

***

Please enjoy Lucinda Williams’ Dust. Thanks to KABF.

Facebooktwittergoogle_plusredditpinterestlinkedinmail