No 37, June-July 2008
DIGITAL SECURITY FOR ACTIVISTS
Keep your private communication private
Wojtek Bogusz, digital security consultant, Front Line & Dimitri Vitaliev, co-author, Security Edition of NGO in a Box
Email and instant messaging are convenient, fast and used by many of us. However, most are not truly private, making them unsuitable for sensitive discussions - unless you take steps to make them more secure. Using various eavesdropping techniques, people can access your messages as they travel around the Internet. There are a number of ways to enhance the security of your Internet communications, such as using a more secure email account or adding user-friendly encryption to your email and instant messaging programs.
By following the guidelines of this chapter you can significantly improve your Internet communication security. But remember that no communication is 100% secure. Some people go so far as to avoid sending anything over the Internet that they would not happily make public. While this is a perfectly valid strategy, it is a bit extreme. The suggestions below can help you adopt a more practical approach to communication privacy.
This is the fifth article in a CSW Monthly Bulletin series [1] highlighting practical ways you can increase your digital security and privacy. The first four articles have discussed protecting your computer and your private information from malware, viruses, intruders and physical damage; and guarding against information loss from your computer, disk or mobile phone and effectively removing information from the computer in the way that nobody be able to recover it. The articles are based on the updated second version of the Security Edition of NGO in a Box [2], currently under development.
5.1. Email security
There are a number of practices that can help increase the privacy of your email communications. The first is to make sure that only the person to whom you send a given email message is able to read it. This is referred to as email privacy. It is also important for the receiver to verify that your email really originates from you and not from someone else pretending to be you. Authenticating email messages is described below in section 5.4.4. Unfortunately, normal email programmes provide neither privacy nor authentication, which makes it very easy for someone to interfere with your email messages or impersonate you and your associates.
5.1.1. Ensuring email privacy
The Internet is an open system of communication. That is, data normally travels in a readable format. If someone intercepts your data along the way, s/he can easily read the content.
Because the Internet is just one large worldwide network, it relies on many intermediary computers to direct traffic. Your Internet Service Provider (ISP) is the first recipient of an email message as it begins its journey to the receiver. Similarly, the receiver's ISP is the last stop for your message before it is delivered. At any of these points or anywhere in between your email message can be intercepted, read or tampered with. Yahoo, Hotmail and the majority of other email providers offer their services through insecure web sites.
It has long been possible to secure a connection on the Internet between your computer and a website that you visit. This method is often used when making Internet purchases, bookings flights and so on. The technology that makes it possible is called Secure Sockets Layer (SSL) encryption. You can tell whether or not you are using SSL by looking closely at your web browser's address bar.
All web addresses normally begin with the letters 'http'. When you have opened a secure website, its address will begin with 'https.' The extra 's' on the end signifies that your computer has opened a secure tunnel to the website.
This means that any eavesdroppers who might be monitoring your Internet connection can no longer overhear your communication with that particular website. In addition to securing financial transactions and credit card purchases, this type of encrypted connection is perfect for protecting your webmail.
Important! Webmail sites do not offer secure connections as standard practice. You should always make sure that your connection is secure before logging in, reading your email, or sending a message.
Important! Your first step toward digital security and privacy should be to make sure that your computer is free of viruses and other malware. After all, it won't do you any good to have secure email if everything you type is recorded by keylogger spyware. Also creating and maintaining good passwords will help you protect your own accounts for the email and instant messaging tools described below. Refer to previous articles [1] to learn more.
5.1.2. Switching to a more secure email account
Few webmail providers offer SSL access to your account. Yahoo and Hotmail for instance provide a secure connection when you are logging in (so that nobody can steal your password) but your messages themselves are sent through an insecure 'http' connection, which means that others might be able to read them. In addition, Yahoo, Hotmail and some other free webmail providers insert the IP address of the computer you are using into all your messages.
Gmail accounts, on the other hand, can be used entirely through a secure connection, but only if you login to your account from https://mail.google.com (with the 'https'), rather than http://gmail.com or http://mail.google.com. Having said that, we do not recommend that you rely entirely on Google for the security of your sensitive email messages. Google has, in the past, conceded some policies and practices to the whims of governments that restrict digital freedom. Google also scans the content of its users' messages to a greater extent than other webmail services. See Further Reading for more information on this.
Instead, you can create a new webmail account, with RiseUp [3], at https://mail.riseup.net. RiseUp offers free webmail to activists around the world and takes great care in securing the information stored on their servers. They have long been a trusted resources for activists in need of secure email solutions. Unlike Gmail, they have very strict policies regarding their users' privacy and no commercial interests that might some day conflict with those policies.
Important! Every message has a sender and one or more recipients. Even if you have secure access to your email account, consider what precautions your contacts may or may not take when reading your messages. Remember that email can also be intercepted at the receiver's end. To ensure private communication, you and your email contacts should all be using email services that provide secure connections. And in order to be certain that email is not intercepted between your email server and a contact's email server it is safest if you all use accounts from the same provider (such as RiseUp).
There are a few important things you should consider when choosing email provider. First, do they offer a secure (https) connection to your account? Second, do you trust the administrators to keep your email secure and not to read through it? And, finally, is it acceptable to be identified with an account like RiseUp that exists specifically for activists or do you need a more typical gmail.com address?
Important: Be extra careful if your browser or email program complains about server certificates. It could mean that someone is tampering with the secure communication between your computer and the server in order to intercept your messages [4].
See the section "For Advanced Readers" below to learn more about how to secure your email communication.
5.2. Instant messaging security
Instant messaging, also called 'chat,' is not normally secure, and is just as vulnerable to surveillance as email. Luckily, there are programmes that can help secure the privacy of your chat sessions. Just like with email, though, a secure communications channel requires that both you and your instant messaging contacts use the same software and take the same security precautions.
There is a chat program called Pidgin [5] that supports many existing instant messaging protocols, which means that you can easily begin using it without having to change your account name or recreate your list of contacts. In order to have private, encrypted conversations through Pidgin, you will need to install and activate the Off-the-Record (OTR) plug-in [6]. Fortunately, this is a fairly simple process.
5.3. Voice over IP (VoIP) security
VoIP calls to other VoIP users are generally free of charge, and some programs allow you to make inexpensive calls to normal phones as well, including international numbers. Some of today's more popular VoIP programs are: Skype, Gizmo, Google Talk, Yahoo! Voice, and MSN Messenger.
Normally, voice communication over the Internet is no more secure than unprotected email and instant messaging. Only Skype and Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a regular mobile or land line telephone. In addition, because neither application is open-source, independent experts have been unable to test them fully and ensure that they are secure.
5.4. For Advanced Readers
5.4.1 More on email security
In addition to RiseUp, there is another secure email system that offers advanced privacy for your messages. It is called VaultletSoft [7] and it works by installing an email program on your computer (or on a USB drive) that knows how to encrypt individual email messages before sending them off from your computer. This encryption prevents anyone other than the intended recipient of a message from reading it. Neither the administrator of the email service nor your Internet service provider can read the messages you send using VaultletSoft. In addition all communication is transmitted over a secure connection, giving you an extra layer of protection.
VaultletSoft offers other features as well. It is quicker to load than some other secure email services, like Hushmail, since you keep the entire programme on your computer or USB memory stick. Other features include automatically expiring messages, which delete themselves after the receiver has read them, secure file storage on your computer or USB memory stick, and the ability to send encrypted messages to a person who does not have a VaultletSoft account.
5.4.2 Using public key encryption in email
It is possible to achieve a greater level of email privacy, even without changing to a new secure email account. In order to do this, you will need to learn about public key encryption. This technique allows you to encode individual messages, making them unreadable to anyone but the intended recipients. The ingenious aspect of public key encryption is that you don't have to exchange any secret information with your contacts about how you are going to encode messages in the future.
But how is this possible? Clever mathematics! You encode messages to a given email contact using her special 'public key,' which she can distribute freely. Then, she uses her secret 'private key,' which she has to guard carefully, in order to read those messages. In turn, your contact uses your 'public key' to encrypt messages that she writes to you. And you use your secret 'private key' to decrypt and read them. So, in the end, all you have to do is to exchange your public keys, but you can share them openly, without having to worry about the fact that anybody who wants your public key can get it.
This technique is similar to the encryption feature of VaultletSoft, mentioned above, but you can use it with any email service, even one that lacks a secure communication channel, because individual messages are encrypted before they leave your computer.
Important: Bear in mind that, by using encryption, you may attract attention to yourself. The type of encryption used when accessing secure websites (SSL), including webmail accounts, is fairly common and shouldn't be viewed with too much suspicion. Using public key encryption when sending emails or posting on public forums, however, is a different story. In some cases, you may have to choose between the privacy of your message and the need to remain somewhat inconspicuous.
5.4.3 Encrypting within email
Public key encryption is a relatively tricky concept to grasp at first, but quite straightforward once you understand the basics, and the tools are not difficult to use. The Mozilla Thunderbird [8] email programme can be used with an extension called Enigmail [9] to encrypt and decrypt email messages. It is relatively easy to install and use, though it does require a bit more work than VaultletSoft.
It is also possible to encrypt text in a webmail client, using the Gnu Privacy Assistant (GPA) [10] and FireGPG plug-in [11] for Mozilla Firefox.
5.4.4 Authenticating email messages
The authenticity of your email message is an important aspect of secure communications. It is possible for anyone with Internet access and the right tools to pretend that he is you by sending messages from a fake email address that is the same as yours [12]. The danger here is more apparent when considered from the perspective of the recipient. Imagine, for example, the threat posed by an email that appears to be from a trusted contact but is actually from someone whose goal is to disrupt your operations or learn sensitive information about your organisation.
Because it is not possible to see or hear one's contacts through email, most people rely on the sender's address to verify her identity. However there is a more secure method that you can use to prove your identity when sending a message or to ensure that the sender of a given email is really whom she claims to be. The method uses 'digital signatures' and relies on the public key encryption tools discussed earlier.
A digital signature is like a widely-recognized wax seal one that can not be forged over the flap of an envelope containing your letter. It proves that you are the real sender of this message and that it has not been tampered with.
7.5 Responding to suspected email surveillance
If you suspect that someone is already eavesdropping on your email, you may want to create a new account and keep the old one as a decoy. In this situation, you should observe some additional precautions, as well:
-
Both you and your recent email contacts should create new accounts and connect to them only from locations, such as Internet cafes, that you have never used before. We recommend this strategy in order to prevent connections from your usual computer, which may be monitored, from giving away the location of your new account. As an alternative if you must login to your new account from your normal location you can use one of the tools that help to bypass internet censorship, to hide these connections (read our next article).
-
Exchange information about these new email addresses only through secure channels, such as a face-to-face meetings, secure instant messages or encrypted Voice over IP (VoIP) conversations.
-
Keep the traffic on your old account mostly unchanged. It should appear to the eavesdropper as if you are still using that account for all of your sensitive communication. Presumably, you will want to avoid revealing critical information, but you should try not to make it obvious that you are doing so. As you can imagine, this may be somewhat challenging.
-
Make it difficult to link your actual identity to your new account. Do not send email between the new account and your old accounts (or the accounts of any contacts whom you think may also be monitored).
-
Be aware of what you write when using your new account. It is best to avoid using real names and addresses or phrases like 'human rights' and 'torture.' Develop an informal code system with your email contacts and change it periodically.
-
Remember, email security is not just about having strong technical defences. It is about paying attention to how you and your email contacts communicate and remaining disciplined about your non-technical security habits.
5.6 Further Reading
[1] See other articles published in Digital Security and Privacy for Activists series:
1. Introduction", CIVICUS Bulletin No 32, January 2008: www.civicus.org/csw/SECURITY_INTRO1.htm (Russian language version: www.civicus.org/new/media/No32-Digital-Article-Russian.doc)
2. Roots of (in)security: Protecting your computer, CIVICUS Bulletin No 33, February 2008: www.civicus.org/csw/DIGITAL_SECURITY-No33.htm (Russian language version: www.civicus.org/csw/DIGITAL_SECURITY-No33-Russian.htm)
3. Away from prying eyes: Protecting your information from unauthorised access, CIVICUS Bulletin No 34, March 2008: www.civicus.org/csw/DIGITAL_SECURITY-No34.htm (Russian language version: www.civicus.org/csw/DIGITAL_SECURITY-No34_Russian.htm)
4. Guarding Against Information Lossh, CIVICUS Bulletin No 35, April 2008: www.civicus.org/csw/DIGITAL_SECURITY-No35.htm (Russian language version: www.civicus.org/csw/DIGITAL_SECURITY-No35_Russian.htm)
5. Deleted, but not gone..., CIVICUS Bulletin No 36, May 2008 (Russian language version: www.civicus.org/csw/DIGITAL_SECURITY_No36_Russian.htm
[2] "Security Edition of NGO in a Box" (see: security.ngoinabox.org) is a project of Front Line (www.frontlinedefenders.org) and Tactical Tech (www.tacticaltech.org) It is a toolkit of peer-reviewed free and open-source software, materials and guides to provide digital security and privacy. Its aim is to simplify this complicated area and reduce the overwhelming choices often faced by people when trying to find solutions to their problems. Recommended software is reviewed, explained and accompanied by installation and user guides in multiple languages. Each tool is accompanied with clear explanations and tips written for the non-technical user. The whole toolkit is available online on the Front Line website. The toolkit is also available on a CD. The toolkit is currently available in French, Spanish, Arabic, Russian and English.
[3] RiseUp email provider see: https://mail.riseup.net
The Riseup Collective is an autonomous body based in Seattle with collective members world wide. Our purpose is to aid in the creation of a free society, a world with freedom from want and freedom of expression, a world without oppression or hierarchy, where power is shared equally. We do this by providing communication and computer resources to allies engaged in struggles against capitalism and other forms of oppression.
[4] Vulnerabilities of the SSL protocol - There is a well known attack on the security of SSL encryption known as the Man in the Middle attack.
[5] Pidgin is an instant messaging, free and open
source program for Windows, Linux, BSD, and other Unixes. You can
simultaneously talk to your friends using AIM, ICQ, Jabber/XMPP, MSN
Messenger, Yahoo!, Bonjour, Gadu-Gadu, IRC, Novell GroupWise Messenger, QQ,
Lotus Sametime, SILC, SIMPLE, MySpaceIM, and Zephyr.
See:
www.pidgin.im
[6] Off-the-Record (OTR) Messaging plug-in to
Pidgin allows you to have private conversations over instant messaging by
providing: encryption (no one else can read your instant messages),
authentication (you are assured the correspondent is who you think it is),
deniability (third party cannot prove that it was you who communicated),
perfect forward secrecy (if you lose control of your private keys, no
previous conversation is compromised).
See:
www.cypherpunks.ca/otr
[7] VaultletSoft is very secure, spam and phishing
free email provider. It offers you control whether your messages are
printed, archived, forwarded, and even how long they live. It also supports
many languages that read right-to-left like Arabic. You can install it on
your computer or on your USB drive.
See:
www.vaultletsoft.com
[8] Mozilla Thunderbird is an email client programme replacement of Outlook: www.mozilla.com/thunderbird
[9] Enigmail is a security extension to Mozilla
Thunderbird. It integrates OpenPGP used to easily send and receive encrypted
and digitally signed emails. When starting it for the first time, you are
guided through the basic setup. See a
new users' guide
that explains how to use OpenPGP.
See:
enigmail.mozdev.org
[10] Gnu Privacy Assistant (GPA) is a graphical
user interface for the GnuPG (GNU Privacy Guard). You need to install GnuPG
before using GPA. Both GnuPG and GPA are part of a package GPG4Win which
lets you install them in very easy way.
See:
www.gpg4win.org
[11] FireGPG is a Mozilla Firefox browser (www.mozilla.com)
extension which brings an interface to encrypt, decrypt, sign or verify the
signature of text in any web page using GnuPG. FireGPG adds some features to
the Gmail1 interface, to let you use GPG's features directly in your webmail.
More webmails will probably be supported in the future. Before using FireGPG
you need to install GnuPG and generate encryption keypair see tools in
[9].
See:
getfiregpg.org
[12] Faking an email identity - Please refer to our article on Spoofing in the Digital Security and Privacy for Human Rights Defenders Manual.
5.7 About the authors:
Wojtek Bogusz is a digital security and information systems consultant and trainer working with Front Line Dublin based International Foundation for the Protection of Human Rights Defenders. He is also co-editor and manager of the Secure Edition of NGO in a Box project.
Dimitri Vitaliev is a consultant on issues of electronic security and privacy for human rights activists around the world. He is the author of the 'Digital Security and Privacy for Human Rights Defenders' manual, co-editor of the NGO in a Box - Security edition project and is often on the road, providing training and advice on security policies and strategy.
You can contact both of the authors through the group email of Security Edition of NGO in a Box project: security (AT) ngoinabox (DOT) org