The standard infosec advice of “encrypt it all and use strong passwords” is good advice, but it wouldn't save us from governments intent on mass data collection. In this piece in The Guardian, Paul Farrell notes that metadata collection is a threat to journalism. His point is quite simple: Australia already allows metadata …
Isn't this one of the major reasons that TOR became as popular as it did ? Although not perfect it certainely appears to be one branch further up the tree of obfuscation.
The question remains though, what level of access do the various government agencies really have within the TOR, how many entry/exit points are "pwned" by them ?
At the end of the day though the rules are simple; do not use anything public when you want to keep something private. ( much easier said than done though).
Retain *this*, sucker
Envelopes. Wonderful invention.
There is no realistic limit to the amount of data that can be sent, tampering is usually obvious (and a serious crime in its own right), metadata is included entirely at the sender's discretion.
If you want to leak, use paper. Wonderful absorbancy.
Re: Retain *this*, sucker
Erm... no. I gave a presentation on Electronic Security as part of a University course back in *1998*, and in order to provide adequate comparison I also investigated (and talked about) the *physical* options available to Law -Enforcement Organisations around the world. Egads. The simplest one was a liquid which could be sprayed on an envelope or packet which would render the wrapping transparent for up to 15 minutes and then evaporate without a trace. Guaranteed. Only sold to reputable LEOs, of course </sarcasm>.
I listed a few more "physical" attacks on mail, enough to make people realise that anybody *could* listen or read anyone's correspondence if they wanted to.
I can only assume they've come up with better products since 1998.
Re: Retain *this*, sucker
Letter containing passphrase or use journo public key. Mail letter with USB stick encrypted with the aforementioned.
Duh. Come on...
...Doesn't everybody know how it works? Surely?
Want to keep the nefarious from the legit? Then have two phones with different numbers/owners, two PCs and operate them from different locations/networks etc. No contacts/names, addresses, IP addresses, subject matter, etc., etc. on phone A/PC-A should ever appear on phone B/PC-B and vice versa. If phone B/PC-B is used for nefarious activity then keep it near a steamroller or forklift, and when times get hot 'accidentally' run over it and scatter the pieces to the wind.
Better still, don't use the phone at all (or don't get into nefarious activities).
Read a few crime novels, even Agatha Christie would be useful training. Just about every crime thriller/TV drama around is based on linking seemingly unconnected 'metadata' with other 'metadata'--it's the links that ultimately get the villain--so ensure you don't have any.
Detective work has always involved the use of 'metadata' links since the long-gone days of the remarkable Jack Whicher.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know