Many people today are living in surveillance states with weak citizen protection and persecution of citizens who blow the whistle on state wrongdoing, rapid erosion of privacy, criminalisation of failure to turn state informer, or even counselling resistance, and attacks on the free press, all without oversight by the public.
That’s Australia. Things are even worse in Yemen, India, China, Russia, Saudi Arabia, etc. I’ll go ahead here and say that I think that on balance strong encryption is a good idea to have in society as one bulwark against surveillance societies and also just plain safety. In practice, we all use consumer-grade encryption, even the army. There are some interesting options for solidarity in software designers, as Eleanor Saitta points out, or you might say, design challenges stringent enough that our quisling tech sector will be unlikley to rise to them.
🏗 link to particular risks for each state.
For any of these anti-journalist states, you need hardcore security.
What you might use to get around this
EFF’s Surveillance Self Defense course is a good starting point.
They talk you through the theory and practice of different types of security, modelling the risks you face and trying to minimise them for different scenarios.
Maciej Cegłowski observes, discussing the related problem of securing political campaigns:
Campaigns have small budgets and operate in an unusually hostile environment. Not only are there people whose job it is to attack campaigns, but those people enjoy their work, get a government pension when they retire, and live happy, fulfilled professional lives.
I presume (hope?) he’s talking about hostile foreign actors but who knows these days?
OK, there is a lot to do, but let’s start with the basic. First, minimise your exposure to corporate surveillance.
Next you probably want to lock down of your computer. Maybe lock down one a little bit and also get a second, hardcore locked-down computer for your secret stuff.
You need to fix this to avoid getting profiled in the first place. Constantly leaking info if you don’t kick it in the pants. See DNS servers.
There’s a lot of fiddling in ssh.
To secure it in particular, you need to beat 1024 bit DH keys sigh. NSA is reading your comms with keys shorter than 2048 bits.
researchers Alex Halderman and Nadia Heninger presented compelling research suggesting that the NSA has developed the capability to decrypt a large number of HTTPS, SSH, and VPN connections using an attack on common implementations of the Diffie-Hellman key exchange algorithm with 1024-bit primes. … In this post, we present some practical tips to protect yourself from the surveillance machine, whether you’re using a web browser, an SSH client, or VPN software.
USB is another security nightmare. See e.g. Badusb
(explanation for the busy),
One imagines that if the DIY world can so readily destroy you via USB then the
state actors are pretty good at it.
Countering such attacks? USB condoms such as
USG could probably help if you need to
use USB, which you do.
That is, if you don’t mind carrying a large, inconvenient device whose job is to
reduce the functionality and speed of your peripherals.
Few of us feel like we are likely enough to be targeted that this is worth
doing, although as the cost of these attacks drops to nothing,
that might change.
Hardened Desktop OS
See hardened OSes.
See hardened smartphones.