Introduction (What is a mesh network and how does it work?)
A mesh network application will allow you to continue to communicate – over bluetooth – even after all WiFi and cellular service has been interrupted.
So, for instance if your local city decides to turn off phone service on a given city block, you and your group of people will still be able to communicate with each other – in a small area. (About 100 meters, for example, if you had five people who were all about 20 meters away from each other.)
As long as there are a lot of people with bluetooth and Bridgefy installed within a given area, a “mesh network” will be enabled that has the potential to go even farther distances (than 100 meters).
Reminder that Bridgefy basically turns a phone into a digital walkie talkie. So, you may need to hold it up and vertically to get the best range.
Using mesh networks uses up your phone’s battery very quickly – so be sure to bring extra batteries.
Bandwidth issues (Why you should keep it to text and LOW RES images (and not use too much voice or god forbid, video)
Bluetooth’s bandwidth isn’t the greatest. So, although you CAN send anything – anything but text will be very slow to move around and can slow down the network. It will work, but it’ll glitch out a lot.
If you wish to create an “anonymous, unverified account” – remember when you are installing to NOT SYNC THE APP WITH YOUR CONTACTS when it asks.
Note that you and your friends can quickly “see” each other on the network, using the “Broadcast” group chat feature, BUT GROUP CHATS ARE NOT ENCRYPTED. (Perhaps you don’t care if the group messages are encrypted, since everyone is using anonymous names. Or, it could be really important that your group’s communications are not publicly seen.)
Using with your phone identified (forever, after the first time) and your contacts synced
If you sync contacts, it will grab your phone’s IMEI identifier. If you try to change your account name and save it (in “settings” under “About” and then “Profile”), it will give you the new name, but keep the old name in parentheses when you are identified to others as a user on their phones. Like this: “new name (old name).”
If you decide to let your phone be identified and let the app sync up with your contacts, you will have to be connected to the internet for it to configure properly.
Encrypted messages between individuals vs. Clear text “group” messages using “Broadcast” feature
Messages between two accounts are encrypted. The “Broadcast” feature is useful because it allows you to message everyone on the network at once, but in CLEAR TEXT.
Bridgefy uses RSA encryption for messages sent between individual accounts. Encrypted group chat is not yet available. (Only the unencrypted “group chat – with a default of “all users in range” that is available using the “Broadcast” feature.)
BEFORE YOU INSTALL
Before you start installing the Bridgefy app on your phone, you need to decide if you wish to use Brigefy anonymously OR if you want to sync it to your contacts and have your phone uniquely identified.
DO NOT sync with your contacts if you EVER want to have an anonymous, unverified account. If you sync even ONE TIME. Bridgefy grab’s your phone’s IMEI identifier – and won’t ever forget it. (Even if you uninstall it, reboot your phone, and reinstall it.)
Again: Once you sync your contacts and your phone’s IMEI number has been identified you can’t create an anonymous account. You can create a new name, but when you look at your app – and when others see you on the network, the old name (in parenthesis) will keep showing up next to the new name.
Like this: New name (old name)
NOTE: You do not need to install the SDK to send and receive text messages over the mesh network. The SDK requires an account and is not needed to simply communicate and send text messages over the network.
2. Give yourself an account name (make note of it perhaps – so you can tell others what it is).
3. If you are making an anonymous account, the program will say you have created an “unverified” account.
4. If you decide to sync with your contacts, make sure you are connected to the internet, say “yes,” and then give it a couple minutes.
5. After it syncs with them (which takes a minute) – all of your contacts that have Bridgefy installed will pop up under “contacts.” (Just like they way Signal brings up your contacts, if they also have the app installed.
Click on the “Contacts” icon along the bottom of the screen, and it will display:
1) any of your contacts that have the app installed
2) ALL USERS on the network that are “nearby” and can be messaged individually.
Note: Messages between individual users are encrypted, while group chats via the “Broadcast” feature are in CLEAR TEXT.
6. If no one is showing up under “nearby” in “contacts,” the other way of seeing folks on the network – and a good way to kinda “wake up” your system if you’re not seeing anyone on it – is to click on “Broadcast” (in the row of icons along the bottom of the screen).
7. After you click on it, an empty looking “Broadcast” window comes up with a text box at the very bottom where you can text to EVERYONE on the mesh network (IN CLEAR TEXT).
8. While on the “Broadcast” screen, you can find other users on the network by clicking on the upper right corner, where there is a contact-y looking icon with a red number showing you how many other people are on the network. Touch that – and it will give you a list of the people’s handles that are within range, so you can message people individually..
9. Although it’s very easy to text the whole group from the BROADCAST page, remember that it’s in CLEAR TEXT – AND EVEN USERS YOU HAVE BLOCKED CAN SOMETIMES SEE ALL BROADCAST MESSAGES (according to our testing). (Speak up if we’re wrong about this :)
9. So, whether you access your contacts via “contacts” along the bottom (after allowing it to sync to your contacts) – or access a list of “nearby” people you can message by clicking on the contact-ish icon in the upper right of the “Broadcast” window, once you can see a name, you can select it and:
-start a conversation
-delete a conversation
-block that user from getting any texts from you
Okay we think that about covers it. But we are open to adding more details or changing anything we might have gotten wrong. Please email us at email@example.com.
SB 1421 isn’t perfect…But even with its limitations, the bill provides more law enforcement personnel transparency than has been possible in California for decades.
When then-governor Jerry Brown signed Senate Bill 1421 in October of 2018, police misconduct records were expected to start flowing on January 1.
That isn’t what’s happened, although small quantities of records have started to come out from certain cities, including Burlingame, Oakland and Berkeley.
To recap, SB 1421, one in a long line of bills that for more than a decade have tried to crack open California’s restrictive police officer’s bill of rights, turned records of investigations and discipline after incidents of lethal force or sustained incidents of sexual assault, evidence planting or lying, into public records that could be gotten with a public records request.
SB 1421 isn’t perfect. It freezes records when there are internal investigations going on and when lawsuits are in progress, which can cause lengthy delays before there is public transparency. And in cases where sexual assault, perjury and evidence-planting allegations aren’t sustained internally or in a court, records will still be sealed. But even with its limitations, the bill provides more law enforcement personnel transparency than has been possible in California for decades.
Even this modest of a change was met with outrage and rebellion by many of the state’s police unions, which have relied on the obscurity of misconduct proceedings to protect member cops from accountability for the crimes they commit.
Police unions ran into court all over California, asking for stays and injunctions in San Bernardino County, Ventura County, Los Angeles, Orange County and in Contra Costa County. Because you can’t unrelease a record after it has already been released, the courts have had to issue temporary stays while considering the issue, but at the now four courts where the cases have been fully argued, Contra Costa, LA, and now Orange County and San Diego, the police unions have lost big.
Arguing that cops involved in lethal incidents or caught lying and/or planting evidence relied on their investigative hearings hidden from view has drawn skepticism from judges, who have continued to insist that the public’s right to know outweighs the police right to hide and that illegal and criminal behavior from the police is not protected behavior that the State should help to conceal.
All the lower court rulings have been appealed, so there will be a few more months of legal jousting, but in the end, the records are going to flow. At least the ones that are left, since a few enterprising police unions have been convincing their City Councils to revise document retention protocols in order to pitch them. The first and second district of the Court of Appeals have upheld the lower court decisions releasing misconduct records and the California Supreme Court has resisted every request to intervene so so far it is public records 6, police unions 0. Those results are expected to be the same in any further legal suits.
For more background on SB-1421, here are a few references:
These templates enable you to compel the Police and Sheriff Departments for a given City and County to hand over all documentation on all known surveillance equipment. (Including documentation and information regarding all software used and any data it collects and stores.)
The Aaron Swartz Day Police Surveillance Project is all about developing a larger strategy for determining what types of surveillance equipment a city’s police and sheriff departments have already purchased and whether or not a surveillance policy is in place to monitor that equipment – regulating how that equipment is used against their citizens.
This project started during Aaron Swartz Day 2017’s Sunday hackathon. Before that event was even over, it was clear that it had been really successful and we were all very pumped and had decided to just keep going until next year.
The results of doing so are just starting to pour in, and I’m going to be doing my best to give you the full story – both here on the Aaron Swartz Day website, and over on Mondo 2000, over these next few months, leading straight into this year’s event.
We just added two new templates (Zip file of all templates in .PDF, Zip file of all templates in .DOC) to our tutorial – one for Police Departments (City) and one for Sheriff Departments (County) – that include the use of facial recognition software, since it came out recently that Amazon has been literally giving away its facial recognition software to law enforcement, in the hopes of getting a number of early implementations. Not a bad marketing strategy, and we’re not saying the software shouldn’t be used; just that there should be a surveillance policy framework in place that regulates how it can be used against citizens.
Special thanks to Muckrock, without which this project would not be possible.
Lisa Rein has written a pair of articles in Mondo 2000 with Tracy Rosenberg from OaklandPrivacy.org.
Tracy explains the importance of the Aaron Swartz Day Police Surveillance Project, and its mission of filing public records requests en masse, in order to retroactively determine what kinds of surveillance equipment and software a city’s Police and Sheriff Departments already have.
We will have a complete tutorial with templates and step-by-step instructions, so you to start doing this yourself, next week.
For now, please read these articles to get a better idea of why this project is so important, for all of us, right now.
Can I get a Hallelujah! :-) Looks like we got through to someone re: bringing back RSS!As we explained back in November:
We now realize that centralized news is “bad” for all sorts of reasons. Many of us have let Google News and Facebook become our primary news filters, which was stupid and naive and lazy of us, but I think I can safely say we are now paying the price.
But what’s done is done. Time to fix it now. Let’s revive RSS and dig up all the old news readers. The news outlets still use it, and they will use it more, if we demand it of them.
The Wired article has pointed out the newest tools (below)! Just like we asked! Thanks to Brian Barrett :-)
From the Wired article:
“There are multiple approaches to connecting to news. Social felt pretty interesting at first, but when you mix social and algorithmic, you can easily get into these noise bubbles, or areas where you don’t necessarily feel 100 percent in control of the algorithm,” says Edwin Khodabakchian, cofounder and CEO of popular RSS reader Feedly. “A tool like Feedly gives you a more transparent and controllable way to connect to the information you need.”…
…Feedly has plenty to offer casual users. It has a clean user interface, and the free version of its service lets you follow 100 sources, categorized into up to three feeds—think News, Sports, Humor, or wherever your interests lie. …Paid accounts—of which Feedly has about 100,000—get you more feeds and integrations, faster updates, and better tools for teams.
For more of a throwback feel, you might try The Old Reader, which strips down the RSS reader experience while still emphasizing a social component…
Power users, meanwhile, might tryInoreader, which offers for free many of the features—unlimited feeds and tags, and some key integrations—Feedly reserves for paid accounts…
(Dave) Winer has re-entered the fray, this week introducing feedbase, a database of feeds that makes it easy to see what others subscribe to, ideally prompting discovery and an even more open approach. “I thought it might be a good time to try to add an important feature to RSS that was always part of the vision, dynamic subscription lists,” Winer says.
Barrett Brown and Steve Phillips are speaking both Saturday and Sunday at the Aaron Swartz Day San Francisco Hackathon AND at the Evening Event. TICKETS HERE
The Pursuance Project is more than software. The project proposes a much needed new way of organizing and sharing information. A new way of drilling down to get to the truth as a team of people. It can be a team of people in the same building, or scattered all around the world. All that matters is that a group of people who really care about a topic are joining together to do something about it.
Perhaps Pursuance could be one of the missing pieces we need to organize ourselves towards a better democracy.
It’s not just about the software, it’s about thinking about new ways to organize and create positive change. Of course, this is not a concept that Aaron invented, but it is one that he lived.
I spoke to Barrett and Steve to find out how they met and how they pulled all this off in less than a year.
LR: What does Pursuance actually do?
BB: The pursuance system is a framework for process democracy. That is, it allows individuals with no prior relationship to self-organize into robust, agile entities governed via a “proceduralism of agreement.” These entities, called pursuances, in turn engage and collaborate among themselves to whatever extent they choose.
SP: Fundamentally, the Pursuance System software enables you to create a pursuance (which is a sort of organization), invite people to that pursuance (with the level of permissions and privileges that you choose), assign those people tasks (manually, or automatically based on their skill set!), brainstorm and discuss what should be done, rapidly record exciting ideas or strategies in an actionable format (namely as tasks), share files and documents, be notified when relevant events occur (e.g., when you are assigned a task or mentioned), and effectively get help from others.
LR: But is it simply end to end encrypted project management software? It seems like there is something larger going on here?
BB: A variety of existing tools for crowd-sourced research and secure communication will be implemented into the system. The ecosystem will be seeded with about 200 individuals and groups with a track record of advancing individual rights, state accountability, and robust journalism and information dissemination; each of these initial users will have the right to bring others into the system, and so on. This is not a content neutral medium; although any political ideology or combination of views is permitted in theory, everyone who joins does so under the condition that they oppose the drug war, police state, and national security state (although participants are free to interpret these issues broadly, and need not agree entirely on definitions or solutions).
This is a server-based ecosystem of collaboration and self-governance in which all participants will have equal opportunity to create and join pursuances: structured entities best thought of as evolvable organizational charts, with a wide range of customization available, as well as the ability for individual pursuances to link up in various ways; indeed, the ultimate goal of this process, which will provide a superior means by which to organize collaborative activism, is to eventually give rise to a sort of technocratic super-organism capable of confronting criminalized institutions and ultimately rolling them back.
SP: Aside from the specific software features, we are quite excited about having an ecosystem of like-minded individuals with shared goals and interests. The world needs an energetic network of activists effectively collaborating to achieve such things as prison reform, an end to the drug war, an end to mass, suspicionless surveillance, and various other issues. We need many researchers to assist journalists in finding the facts and getting stories right. And we need a great number of people to assist non-profits and political action groups in achieving their political ends. Pursuance amplifies these efforts.
LR: Other articles referenced its potential as a tool for democracy, could you elaborate? :-)
BB: As opposed to institutional democracy, whereby some artificial structure is generally implemented from above, Pursuance allows everyone the equal opportunity to define the exact terms of their associations with others, either by creating a Pursuance or by joining one that provides what they consider to be sufficient agency. Pursuances themselves may or may not involve voting; they can certainly be structured so that some, most, or all decisions, major or minor, requires majority votes by all participants, but others are driven more by free association, depending upon the ability of individuals to quickly and easily form new Pursuances with particular requirements so as to create a polity that’s sufficiently in agreement that participants are comfortable giving most responsibilities to a few people.
Importantly, the ease of creating, applying to join, and leaving pursuances will encourage experimentation and evolution, such that differing models of participation can be used and improved upon. One pursuance may be doing the exact same sort of work as another, but simply with a more regimented system whereby everyone is taking orders from above, with one person initially delegating power to others along a structure whereby no voting is done at all; another may involve each participant having the exact same degree of control, with decisions subject to majority votes or even requiring unanimous ones. By allowing every participant to employ free association, and by providing a structure that makes it easy to try different approaches to governance, we’re providing a highly customizable framework for collaboration that’s universal enough to be used for everything from running a bike drive to governing a political party.
LR: How did you two connect? Did Steve write to you when you were in prison?
BB: Steve saw the Wired article on my release, which went into the broad aspects of the project, and tracked me down to D Magazine, where he called me. We spoke and then he flew down to Dallas for a meeting. Over that three or four hours, we came up with many of the major additions to the basic idea that will ultimately be used; he happened to be perfect for this, both as programmer and project manager as well as a broad thinker with a great deal of knowledge relevant to this undertaking.
SP: Backstory: in 2015 I gave a DEF CON talk regarding my project CrypTag, which makes encrypted data partially searchable and stores it in any folder or file-syncing service. I started a non-profit around CrypTag with the slogan, “Secure mobile and desktop apps for activists, journalists, and you,” and with the 10-year goal of providing “data privacy for every Internet user”. I launched a graphical, user-friendly encrypted wiki/note-taking app — CrypTag Notes — solicited and got some great user feedback, and had some people using it.
But there were a couple problems.
First, I hadn’t found a significant number of people who thought they needed their privacy protected. Secondly, I didn’t have a means through which I could reach such people, and I wasn’t networked with that many activists other than a few I’d met at Occupy. Thirdly, since I have extremely broad interests and, thanks to the Internet, am aware of many problems in the world that I would like to see solved (if not help solve), I was concerned that even in the best-case scenario, if I could help fundamentally solve the problem of human privacy, that this wouldn’t be nearly enough in light of all that we face — global warming and environmental destruction, superhuman AI, Neoliberalism, racial unjustice, political bribery, technological employment and the apparent need for a basic income, and more.
But in the last week of March I was reading a Wired article, “Anonymous’
[Barrett] intends to build a piece of software called Pursuan[ce], designed to serve as a platform for coordinating activists, journalists, and troublemakers of all stripes. Pursuan[ce], as Brown describes it, would be an open-source, end-to-end-encrypted collaboration platform anyone could host on their own server. Users will be able to create a “pursuance,” an installation of the software focused on a group’s particular cause or target for investigation. The software would offer those groups the same real-time collaboration features as Slack or Hipchat, but also include a kind of org-chart function to define different users’ roles, the ability to host and search large collections of documents, and a Wiki feature that would allow collaborators to share and edit their findings from those documents.
Brown has yet to recruit a team of coders or volunteers to launch Pursuan[ce]. … But Brown has never had trouble finding followers …
I quickly realized that not only did Barrett have the public platform that I lacked, he also attracts and excites thousands of activists who *know* they need privacy protections because they are opposing the corrupt and powerful elements of the status quo.
It was also immediately clear that I had exactly what Barrett needed — experience building secure, user-friendly software; open source development; managing small teams of developers; and recruiting other technical people, as I was hosting weekly privacy hackathons at Noisebridge (which continue to this day), and I had recently moved to San Francisco.
I figured this was a once-in-a-lifetime opportunity to work with someone like a Barrett Brown, or a John Kiriakou, or an Edward Snowden, or a Glenn Greenwald, or a Laura Poitras, and that I must take massive action to turn into reality this amazing possibility to work with with Barrett Brown to amplify the efforts of activists and journalists in order to help them solve as many of the world’s problems as possible.
I could not believe how much overlap there was between what Barrett and I wanted to accomplish, and how much we could complement each other.
So I brainstormed with a friend about the best course of action, which led to my aggressively reaching out to people I knew may be connected to Barrett, attempting to contact him in several different ways all in parallel, and successfully getting through just two days later. He said he was interested to have me involved, so I then flew to Texas, met twice with Barrett, began designing the software, then flew back to California. Two days later, Barrett emailed the others involved and said, “this is Steve Phillips based in San Francisco, and he is in charge of building the Pursuance System” — the very software I had been merely reading about less than two weeks prior.
That was just six months ago, and it’s been a hell of a ride since. (And of course, John Kiriakou and others are on our board of directors.)
My extremely excitement toward what can be accomplished with Pursuance continues to this day.
LR: Steve mentioned that you both were inspired one of Aaron’s posts, entitled When Is Transparency Useful? – could you elaborate on that please? :)
SP: I was talking to a friend about Pursuance, and he pointed me to one of Aaron Swartz’s essays. Part of what blew me away was this line and the argument leading up to it:
Imagine it: an investigative strike team, taking on an issue, uncovering the truth, and pushing for reform. They’d use technology, of course, but also politics and the law.
I found that this complemented Barrett’s thinking very well regarding what can be accomplished with a diverse mix of complementary skill sets, rather than having silos of just journalists working by themselves, and my experience with seeing tech geeks building more tech for geeks rather than solving bigger problems.
I knew that Aaron had co-invented RSS at the age of 14, that he had the foresight to create software that has become SecureDrop, and that he convinced Larry Lessig that getting money out of politics is a fundamental, but this is yet another example of Aaron being ahead of his time.
BB: Transparency is something we generally want to apply to institutions, particularly governments that are funded by its population and have a legal monopoly on violence, and specifically on government entities that have a history of misusing secrecy. On the other hand, the question of transparency becomes vastly more complicated when we’re talking about private entities. Within Pursuance, a given pursuance can be entirely opaque to outsiders, which in some cases will be a necessary defense against states and powerful firms that have a history of retaliating against activists and even journalists. But most of them, I think, will be highly transparent, both as basic policy and as a means of better allowing other pursuances to find areas where they might want to collaborate.
A good part of the concept behind Pursuance is to encourage not just individuals to arrange themselves into efficient entities, but also to encourage pursuances to eventually develop similar connections, sharing information, resources, and talent. This also goes for those existing non-profits and NGOs and the like that we’ll be actively recruiting; with this system, they’ll be able to easily create a pursuance presence by which to organize their supporters as well as finding areas of efficient potential partnerships with both pursuances and other institutions who’ve come on to the system. Those areas are most easily discoverable when everyone concerned can quickly see what other groups are doing and how they’re doing it.
Saturday November 4th 3pm -4:30 pm Barrett Brown and Steve Phillips – Building a Better Opposition: Process Democracy and the Second Wave of Online Resistance w/ Q and A (First live demo of the Pursuance Project!)
Sunday November 5th 2pm – 3 pm Pursuance Advanced Tech (w Q and A) – Steve Phillips and Barrett Brown
It was quite odd watching a room ponder the prospect of charging the press with criminal activity for what is considered standard journalistic First Amendment protected practice (ofpublishing classified information) as if it were some kind of allowable solution to what’s been going on with the current round of White House leaks.
This issue has already been decided on quite clearly by the Supreme Court in the Pentagon Papers case, United States v. New York Times, 328 F. Supp. 324, 329 (S.D.N.Y. 1971).
This has mostly to do with something Justice Gurfein referred to as a “cantankerous press.”
As Gurfein writes in his decision:
The First Amendment concept of a “free press” must be read in the light of the struggle of free men against prior restraint of publication. From the time of Blackstone it was a tenet of the founding fathers that precensorship was the primary evil to be dealt with in the First Amendment…
The security of the Nation is not at the ramparts alone. Security also lies in the value of our free institutions. A cantankerous press, an obstinate press, an ubiquitous press must be suffered by those in authority in order to preserve the even greater values of freedom of expression and the right of the people to know…it is not merely the opinion of the editorial writer or of the columnist which is protected by the First Amendment. It is the free flow of information so that the public will be informed about the Government and its actions.
These are troubled times. There is no greater safety valve for discontent and cynicism about the affairs of Government than freedom of expression in any form. This has been the genius of our institutions throughout our history. It is one of the marked traits of our national life that distinguish us from other nations under different forms of government.
Here’s Trevor Timm (Freedom of the Press Foundation) explaining this in a brief 1 1/2 minute video. This clip is from the upcoming film “From DeadDrop To SecureDrop.” (Transcription below):
The Supreme Court case that came out of the Pentagon Papers was one of the most important First Amendment cases of the twentieth century. It essentially is affirmed that newspapers in the United States have the constitutional right to publish information – even that the government considers “Top Secret” – that’s in the public interest, and that they cannot be censored, or what courts refer to as “the government can’t issue a ‘prior restraint.’
The opinion was written incredibly fast – from the start of the case where it went from the District court to the Supreme Court took only 13 days, which is incredibly fast. If you ever read the history of Supreme Court opinions, it usually takes years to get there. And so, all nine judges wrote separate opinions, but the core of the case still stands, which is that unless there are extreme extreme circumstances – which we have never seen in this country – that newspapers and journalists have the right to publish classified information. And because of this, we have learned so much more about what our government does behind closed doors.
Often, what they do, that is immoral and wasteful and illegal, we never would have known without this decision.
Micah Lee and Edward Snowden, in Moscow, Russia. Photo: Sue Gardner
A few weeks ago, Micah Lee, Technologist for The Intercept and Co-Founder and Board Member of the Freedom of the Press Foundation, went to Moscow to meet Edward Snowden (who is on the Freedom of the Press Foundation’s Board).
Snowden took the opportunity to explain some technical details about what he has come to refer to as “Opsec,” or “Operational Security,” a collection of a few simple best practices for security that folks can use to protect the privacy of their day to day communications.
Engaging in Opsec helps protect one’s privacy, not only against the threat of what is, to some, the merely abstract notion of “government surveillance,” but also against much scarier threats that are not so abstract. For instance, abusive relationship victims, stalking victims, or children who are at risk of being monitored by pedophiles. There are many scary scenarios, all made possible by the current lack of basic encryption on most people’s emails and text messages. In these cases, being a victim of online surveillance often translates into physical harassment or abuse in the “real world.”
Using Opsec to “reclaim your privacy” may seem confusing at first, especially to those who have not realized that their privacy is already compromised daily. But as Micah explains, “This doesn’t need to be an extraordinary lifestyle change. It doesn’t have to be something that is disruptive. It should be invisible, it should be atmospheric, it should be something that happens painlessly, effortlessly.”
In the article, Snowden outlines some Opsec basics, including:
Using “Signal” (“Text Secure” on Android), by Open Whisper Systems, to encrypt your text messages and phone calls. It’s very easy to install and use, instantly, on your Android or iPhone device.
Encrypting your laptop hard drive, so if your computer is stolen, the thief won’t also have access to all of your private data. (Micah has already written a guide for this.)
Lee: What do you think about Tor? Do you think that everyone should be familiar with it, or do you think that it’s only a use-it-if-you-need-it thing?
Snowden: I think Tor is the most important privacy-enhancing technology project being used today. I use Tor personally all the time. We know it works from at least one anecdotal casethat’s fairly familiar to most people at this point. That’s not to say that Tor is bulletproof. What Tor does is it provides a measure of security and allows you to disassociate your physical location…
But the basic idea, the concept of Tor that is so valuable, is that it’s run by volunteers. Anyone can create a new node on the network, whether it’s an entry node, a middle router, or an exit point, on the basis of their willingness to accept some risk. The voluntary nature of this network means that it is survivable, it’s resistant, it’s flexible.
Micah: [Tor Browser is a great way to selectively use Tor to look something up and not leave a trace that you did it. It can also help bypass censorship when you’re on a network where certain sites are blocked. If you want to get more involved, you can volunteer to run your own Tor node, as I do, and support the diversity of the Tor network.]…
Snowden: What we do need to protect are the facts of our activities, our beliefs, and our lives that could be used against us in manners that are contrary to our interests. So when we think about this for whistleblowers, for example, if you witnessed some kind of wrongdoing and you need to reveal this information, and you believe there are people that want to interfere with that, you need to think about how to compartmentalize that.
Tell no one who doesn’t need to know.
Micah: [Lindsay Mills, Snowden’s girlfriend of several years, didn’t know that he had been collecting documents to leak to journalists until she heard about it on the news, like everyone else.]
Snowden: When we talk about whistleblowers and what to do, you want to think about tools for protecting your identity, protecting the existence of the relationship from any type of conventional communication system. You want to use something like SecureDrop, over the Tor network, so there is no connection between the computer that you are using at the time — preferably with a non-persistent operating system like Tails, so you’ve left no forensic trace on the machine you’re using, which hopefully is a disposable machine that you can get rid of afterward, that can’t be found in a raid, that can’t be analyzed or anything like that — so that the only outcome of your operational activities are the stories reported by the journalists.
Micah: [SecureDrop is a whistleblower submission system. Here is a guide to using The Intercept’s SecureDrop server as safely as possible.]…
On Simple and Practical Threat Modeling:
Snowden: …You can drive yourself crazy thinking about bugs in the walls and cameras in the ceiling. Or you can think about what are the most realistic threats in your current situation? And on that basis take some activity to mitigate the most realistic threats.
In that case, for most people, that’s going to be very simple things. That’s going to be using a safe browser. That’s going to be disabling scripts and active content…And making sure that your regular day-to-day communications are being selectively shared through encrypted means…
On How Cell Phones Track Us By Default:
Micah: People use smartphones a lot. What do you think about using a smartphone for secure communications?
Snowden: Something that people forget about cellphones in general, of any type, is that you’re leaving a permanent record of all of your physical locations as you move around. … The problem with cellphones is they’re basically always talking about you, even when you’re not using them. That’s not to say that everyone should burn their cellphones … but you have to think about the context for your usage. Are you carrying a device that, by virtue of simply having it on your person, places you in a historic record in a place that you don’t want to be associated with, even if it’s something as simple as your place of worship?
Developed by Lee, Onion Share lets anybody securely share any size file…”It is like Dropbox, but encrypted and reliable. As soon as the person downloads the file, it can be erased from the server and it’s no longer accessible to anyone,” explains Micah Lee… (Freelancers can find this tool useful for communicating with whistleblowers.)…
If you are familiar with the TOR Project, currently the best way to navigate online without leaving trace, you will be glad to learn that it recently launched TOR Messenger. The cross-platform tool facilitates encrypted chats on a variety of networks like Facebook and Gchat…
Keybase is an open directory of public keys that you can verify through social media accounts… the Keybase directory can tell you who’s that key, according to his or her profiles on Twitter, Reddit, Github, Bitcoin and domain names…
Don’t confuse it with the Facebook or Linkedin Signal apps. This tool, developed by Open Whisper Systems, allows you to make encrypted voice calls, as well as send encrypted text messages, with your existing number and the contacts that also download the app.
OpenArchive is a mobile application that seeks to preserve audiovisual civic media in a secure way…The app, currently in beta for Android, uses mobile TOR technology to allow people on the ground to send sensitive images without fear of being tracked…