Security and Whistleblowing with Signal and Moxie Marlinspike

Signal

New Orleans   Not long ago in the Edinburgh office of ACORN, I got a crash course in some simple things about basic email and text protection from spying and other weirdness thanks to one of our leader/organizers, Jon Black, who has done a deep dive on some of this stuff, so now that everyone is looking over our shoulders, maybe it’s time to share some tips.

I had fooled Black and masked my basic techno-peasantness because I knew about the legendary Moxie Marlinspike who is seen by many as the world’s expert on encryption. Of course I only really knew about Marlinspike because I had read a number of articles by him, thought the name was fantastic, and liked the fact that he was not your standard issue Silicon Valley greed grubber. Jon has actually read all of the terms and conditions so he was able to explain to me exactly why Moxie’s Signal was better than WhatsApp, which Marlinspike also developed and is now owned by Facebook. There was an important difference involving setting specific controls on WhatsApp for the user to be notified if someone was creeping up on their account, which are automatic for Signal. At least I think that’s what he told me.

But, anyway, Signal is actually owned and run by Marlinspike, so that should just be enough. Importantly, when WikiLeaks dropped the dime on the CIA at first I shouted out for Jon that they had managed to break through the encryption at Signal, but that was wrong. I heard the Moxie-man on the radio and he made it very clear, and it’s been confirmed elsewhere since, that they cracked the smartphones, not the apps. Of course one thing is still important to remember. To really encrypt your phone calls, video calls, and texts on Signal, the other party also needs to be on Signal. It’s an easy switch, and I’d recommend it as a “why not be safe rather than sorry” move.

Another recommendation for moving in this direction were some tips I saw recently in the magazine, “Wired,” for being a leaker or whistleblower and hoping to protect your anonymity. When it came to doing so with a phone they made the following suggestions, which many would have known form any close viewing of the great HBO series, “The Wire:”

“Buy a burner – a cheap, prepaid Android phone – with cash from a nonchain store in an area you’ve never been to before. Don’t carry your regular phone and the burner at the same time, and never turn on the burner at home or work. Create a Gmail and Google Play account from the burner, then install the encrypted calling and texting app Signal. When you’re done, destroy the burner and ditch its corpse far from home.”

They never say the words GPS, cell tower triangulation, or Stringer Bell, but almost all of these cautions underscore the fact that when you’re rolling with your phone – especially if it’s switched on – anyone and everyone can track you anywhere and anytime. Regardless, I would call those instructions a huge product endorsement for Signal as top of the line, best in class now especially for the price. Heck, it’s free, so you get more security for nothing. What’s to lose?

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Is This Really the End of Email?

password-creator-for-androidNew Orleans   In the wake of massive and disruptive hacking of emails in the corporate and political world, there was a piece in the paper the other day essentially announcing the end of email. The author was making a case that it was time to return to direct and telephonic communication on any matters pretty much more important than a grocery list. We might wonder about all of that even if it is abundantly clear that soon email systems should come with a caution or a cigarette pack warning that pops up before you hit the “send” button. In fact, is there already an app for that? If so, we should all get it!

We think of email as ubiquitous now with a gazillion messages sent daily, but is it? There’s every indication that texting, Facebook messaging, Snapchat, and even Instagram are more common communications tools for many of the under-30’s in the developed world than email. No small part of that may be the ability to utilize a more informal language and briefer protocols than even common in emails. On the other side of the divide, there are the old dogs, and there are some of them still barking in union halls, corporate corridors, and even political offices who have their assistants print out their emails and often handle their replies.

Some of these dogs know how to bury their bones or at least keep others from uncovering them. Senator Lindsey Graham from South Carolina was quoted during the first of the Democratic National Committee released by WikiLeaks that he had never used email yet, and had no plans to ever use email in the future. I’ve often told the story of Mayor Marc Morial of New Orleans, now the longtime head of the National Urban League, based in New York City, telling me he looked forward to leaving office so he could see what a Blackberry was like and use email. Politics is almost the ultimate transactional business, so at the best some were huge fans of the Animals and were always humming, “Please Don’t Let Me Be Misunderstood,” and at the worst, well, as Hillary Clinton’s email program has demonstrated, let’s just not go there. On the other hand we had John Podesta a former White House Chief of Staff and ultimate political professional using a Gmail address, when he must have known even if never hacked, Google never destroys emails leaving a permanent record just out there waiting.

Can we keep email and use encryption? I’d like to think so, but then there’s the federal lawsuit trying to break Moxie Marlinspike’s best-in-class system. Can messaging encryption like WhatsApp be better? Maybe, but then I read a long article in The New Yorker about the coup in Turkey and how the Gulenists were in deep trouble once the Turkish intelligence got into their homemade app called ByLock that had 200,000 users forcing them to “go underground” with something else called Eagle. We’ve all read about the FBI having to pay big bucks to “unlock” an IPhone. You have to wonder whether or not there’s anything that cannot be hacked?

Should we worry about this at all? Most of us not only have nothing to hide, but pretty low key, boring correspondence and lives for that matter in the eyes of the outside world, even if vital to ourselves, our work, and families. Nonetheless, we’re somebody, too! Do we just sigh and accept the tradeoff between privacy and convenience? Do we exchange paranoia for openness?

Where is this all going? My companera and I watched an episode of a widely touted, and supposedly “most relevant” show on television the other night on Netflix. The episode featured an implant behind the ear and a small thumb drive size device everyone carried around constantly that filmed and recorded every part of everyone’s lives, allowing someone to search back in old experiences from their past, unless they had deleted it. Is that where we’re going? If so, I guess we should enjoy email while we have it, and start calling these days, the good old days!

Facebooktwittergoogle_plusredditpinterestlinkedinmail