6 simple tools to protect your online privacy and help you fight back against mass surveillance
By Tanya O'Carroll, Adviser to Amnesty International's Technology and Human Rights Team
As intelligence agencies hoover up more and more of our online communications, we’ve compiled a list of some simple apps and tools to help protect your privacy and make your calls, emails, texts and chats more secure.
Faced with the enormous power of agencies such as the NSA and GCHQ, it can feel like there is little we can do to fight back. However, there are some great ways you can take control of your private communications online.
The six tools below, which have been designed with security in mind, are alternatives to the regular apps and software you use. They can give you more confidence that your digital communications will stay private.
Note: No tool or means of communication is 100% secure, and there are many ways that governments are intercepting and collecting our communications. If you're an activist or journalist, you should use these tools as part of a comprehensive security plan, rather than on their own. Additionally, this list is by no means comprehensive – we recommend checking out Security-in-a-Box (from Tactical Technology Collective and Front Line Defenders) and Surveillance Self-Defense (from the Electronic Frontier Foundation) too.
1. TextSecure – for text messages
TextSecure is an easy-to-use, free app for Android (iPhones have a compatible app called Signal). It looks a lot like WhatsApp and encrypts your texts, pictures, video and audio files. The app is open-source and provides end-to-end encryption. That means only you and the person you are sending to will be able to read the messages. (See below for an explanation of technical terms.)
2. Redphone – for voice calls
Redphone is another free, open-source app for Android (for iPhones it’s the same Signal app, which combines voice calls and messaging) which encrypts your voice calls end-to-end. All calls are over the internet, so you only pay for wifi or data rather than using your phone’s credit.
3. meet.jit.si – for video calls and instant messaging
meet.jit.si is a free and open-source service to secure your voice calls, video calls, video conferences, instant messages and file transfers. It runs directly in your browser with no need to download anything and allows you to invite multiple people to join a video call. It’s a bit like Google hangouts, but your calls and chats are encrypted end-to-end. There is also a desktop version called Jitsi which you can download for Windows, Linux, Mac OS X and Android.
4. miniLock – for file sharing
This free and open-source plug-in for your web browser lets you encrypt files – including video, email attachments and photos – and share them with friends really easily. You can upload and send your file to selected contacts by using their unique miniLock id, meaning your file can only be downloaded by the person you share it with.
5. Mailvelope – for more secure email
This is a free add-on for your web browser which provides end-to-end encryption for your emails. It can be configured to work with almost any web-based email provider, including Gmail, Yahoo and Outlook. It’s open source and uses OpenPGP encryption.
6. SpiderOak – for cloud sharing and storage
This service helps you back-up your files, sync between multiple devices and share files privately with people you trust. It fully encrypts your data end-to-end which means that, unlike other cloud sharing and storage services such as Dropbox, even the company itself cannot see your documents on its servers. SpiderOak charges $12 each month for a personal account. It’s not yet open-source.
Quick guide to technical terms
Encryption: This is a way of coding something that disguises the original form. Today’s modern encryption, when well implemented, can be virtually unbreakable. When encrypting and decrypting content, a complex password – known as a key – is used for authentication. Very often this key is held by the company that provides services such as email or website hosting. That means that the company has full access to your data. Governments can compel the company to hand over this information or can try to hack into a company’s server to get direct access.
End-to-end encryption: With end-to-end encryption, the key is only known to you and never leaves your device. This means your communications stay between you and your correspondents only. To the company transmitting your communication – or anybody else who tries to intercept it – your messages will look like a long string of random numbers and letters. They can know who you communicated with but will not be able to access the contents.
Open-source: Very often the code that makes up computer software is proprietary, meaning that whoever developed it has sole access to it. Open-source code is available for anyone to see and analyse. While it might seem counter-intuitive, this is widely considered to be the best way to make software secure. It helps ensure it doesn’t do anything nasty, like providing a ‘back door’ for intelligence agencies, and that any security weaknesses can be discovered and patched up.