Categories: all aviation Building a Biplane bicycle gadgets misc motorcycle theater
The world is at once new and different, and the same as it ever was, but that's not the point of this piece. We're entering a scary new chapter in our story, which is the point.
tl;dr: Load the Signal app (Android link, iPhone link) on your phone. Our SMS and phone communications can be much more secure. We all need this, not just people who "need encryption."
Very much like WhatsApp, Signal is a secure messaging app for your phone, that allows you to send SMS-like messages and make voice calls. Critically, it encrypts those messages from the moment you type them in, to the point where they arrive, and are decrypted by your recipient's Signal app. Same for voice calls. It's called end-to-end encryption, and what it practically means is that your communication is hidden from prying eyes.
There are longer articles out there on why this kind of encryption is good, which go into detail. A simple search on "end to end encryption" will yield them up.
A key facet of decoding communication between two or more parties is called traffic analysis. That's where you don't even look at the messages themselves (ie, no need to see what Bob wrote to Alice) you just look at the fact that Alice and Bob are communicating. You look at the times and dates on which they communicate, you look at the frequency with which they pass messages, you look (if possible) at the source and destination location when messages are sent.
This information, the information about the message, is popularly known as message metadata. Metadata is routinely used in courts of law as evidence. It can be used by hackers for a variety of purposes, as diverse as human creativity can allow for. It is certainly used by intelligence agencies and government security forces.
A very intentional point of Signal is that it doesn't record this metadata. Signal effectively blocks its ears and says "LA LA LA I CAN'T HEAR YOU," and records nothing about your communications. It just provides an anonymous conduit through which information passes. There's nothing to hack, nothing to subpoena.
The other apps (WhatsApp, Facebook Messenger, Google Allo, and others) that use Signal's encryption protocol certainly afford you well-encrypted communications. However, by saving your contact list, or recording the time and date of your messages, or other insecure handling of message metadata, compromise your security in non-obvious ways.
Finally, unlike the other apps, Signal is open-source (which means its code can be reviewed by security researchers; and it has, here (PDF)). It is not owned by a large corporation; it's actually supported by donations of time, effort and money.
Typically, the people who are thought to "need" encrypted communications are what you would probably classify as people you don't interact with every day: political organizers in oppressive regimes, dissidents, spies, terrorists, human rights activists, etc. If that mention of terrorists has you looking at me side-wise, let me remind you that the Charlie Hebdo attack in 2015 was coordinated entirely with burner phones (prepaid cellphones that are effectively untraceable) using plain ol' SMS and phone calls. It's very hard to track someone's phone number if it was activated yesterday, and discarded tomorrow. They had stacks and stacks of them piled up and ready to use.
Anyway, the point is that most of you reading this will not put yourselves in that same category, of people who need to hide their communications.
However, there are two powerful counter-arguments to that, which you can also find more detail about in other articles: first, your communications are definitely eavesdropped upon, right now, by your own government. They are almost certainly not targeting you, and even if they did, the shopping lists and cat pictures you send are unlikely to excite them. But your text messages and mine are being slurped up and analyzed by the NSA (if you're in the US; other agencies if you're elsewhere). This has long made me uncomfortable, but not quite uncomfortable enough to act, until now. More on that later.
The second counter-argument is that more traffic makes it harder to track the real targets of interest. We can probably all agree that people working for human rights in oppressive states are freakin' heroes, and desperately need to maintain a cover of secrecy so they aren't hauled in front of a crumbling brick wall and shot, or worse. But if it's only people in that kind of a situation using an encrypted communication channel, suddenly it becomes very easy to track down all the dissidents in your country. Just see who's chatting with the encrypted server. Doesn't matter what they're saying, you just know that if they're using it, they're against the regime. (If this all feels a bit too distant, remember that Black Lives Matter or people organizing protests against the new guy may be considered as just such a dissident organization in the US by some).
Now, if you and I sign up and start using it to send cat pictures and shopping lists to each other, and if thousands of our friends do the same thing, suddenly it's much, much harder to track down those same activists. If we all start using a system like this as our go-to app for messaging, the noise of our chatter makes it much easier for the high-risk users to pass their traffic along with more certainty and anonymity.
As I write this, we're two days past the election of the United States' first openly tyrannical president. He hasn't telegraphed any plans to start rounding up the intelligentsia and have them build roads in Siberia, but direct parallels to this situation have led to exactly that outcome in other places and other times. We are now living in considerably more dangerous times, whether we like it or not.
I don't foresee myself actually having to organize a resistance movement; I don't think the country is that far gone, nor do I think it will be in 4 years. However, you would probably find a lot of intelligent, empathetic people saying the exact same thing in the early 1930s in Germany. It could easily happen here. Wouldn't it be nice to already have a means of communication set up that allows us to speak without the dread certainty that everything we say is being funneled straight to the security forces?
At some point, the theoretical tyrannical forces would shut down Signal's systems, but by that time, it will be far too late to do anything about it in any case. How nice to have those secure communications up until then.
If you really want to get serious about this, there are some excellent articles out there on how to secure your online communications and activities. Avoid Facebook like the goddamn plague. Use DuckDuckGo for searches instead of Google. Use the Tor browser for as much of your browsing as you can. Do these things routinely, to increase the amount of traffic the bad guys have to sort through.
I've been an advocate of encryption in routine communications for decades now, but only recently has it become easy enough to ask all my friends to do it. Now that it is so simple, I encourage you to use it all the time, for all the reasons stated above.
Posted at 22:37 permanent link category: /misc
Categories: all aviation Building a Biplane bicycle gadgets misc motorcycle theater