Almost every day there is a new revelation from Edward Snowden and others about the extent to which governmental entities have been intercepting, storing, and analyzing Internet traffic.
A particularly disturbing revelation happened on September 5, 2013. Here is some of the information as reported by the BBC. Is it time for us all to get secure laptops?
US and UK intelligence have reportedly cracked the encryption codes protecting the emails, banking and medical records of hundreds of millions of people.
Disclosures by leaker Edward Snowden allege the US National Security Agency (NSA) and the UK’s GCHQ successfully decoded key online security protocols.
They suggest some internet companies provided the agencies backdoor access to their security systems.
The NSA is said to spend $250m (£160m) a year on the top-secret operation.
It is codenamed Bullrun, an American civil-war battle, according to the documents published by the Guardian in conjunction with the New York Times and ProPublica.
The British counterpart scheme run by GCHQ is called Edgehill, after the first major engagement of the English civil war, say the documents.
The reports say the UK and US intelligence agencies are focusing on the encryption used in 4G smartphones, email, online shopping and remote business communication networks.
The encryption techniques are used by internet services such as Google, Facebook and Yahoo.
Under Bullrun, it is said that the NSA has built powerful supercomputers to try to crack the technology that scrambles and encrypts personal information when internet users log on to access various services.
The NSA also collaborated with unnamed technology companies to build so-called back doors into their software – something that would give the government access to information before it is encrypted and sent over the internet, it is reported.
As well as supercomputers, methods used include “technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications”, the New York Times reports.
Q Wealth Analysis:
A particularly disturbing piece of information from the article above is this paragraph:
“The NSA also hacked into computers to capture messages prior to encryption, and used broad influence to introduce weaknesses into encryption standards followed by software developers the world over, the New York Times reports.”
So that leads us to the question posed by this post.
Are you ready to take control of your e-mail now?
You may be wondering, “Yes! I want to take control of my e-mail. But how can I do that?” We have a sister web site that is dedicated to security topics just like this. That web site is securelaptop.org. The way to take control of your e-mail now involves a series of steps. Here are the recommended steps:
- Read the article about the Cryptohippie Road Warrior VPN on securelaptop.org.
- Purchase the Road Warrior VPN package from securelaptop.org or request a free one-week trial.
- Use the customized version of Portable Thunderbird prepared by securelaptop.org to start encrypting your sensitive e-mails while enjoying the protection of a world-class VPN.
Why do you recommend the Cryptohippie Road Warrior VPN package?
That is an excellent question. The simple and direct answer is because Cryptohippie has not been cracked nor compromised by governmental entities. One of the Q Experts Panel members is Mr. Paul Rosenberg. He is a founder of Cryptohippie. Here is an excerpt from a posting he made on why the Cryptohippie Road Warrior VPN has not been affected.
FREEMANSPERSPECTIVE · Sep 7th, 2013
Why Cryptohippie Remains Safe
None of the leaks so far have changed anything in our threat assumptions. Almost all of this has been assumed among industry professionals, and we have done a few things from the beginning to keep such problems at bay. In specific:
- We run our own certificate authority (CA).
- We separate server keys from client keys.
- We force clients to verify that they are talking to a server-key and that it is signed exactly by our CA.
- We do not allow new keys to be generated.
- We generate all keys with a known good generator.
- We only rely on static asymmetric keys for authentication, not for negotiating the session keys for content encryption. For that we use DH to generate ephemeral session keys.
- We use good random source on the servers (combination of hardware and software source, with a FIPS check on randomness).
- Because we use DH and good random sources on the server, we can assure good session keys for each connection, even if the user’s computer cannot provide good quality randomness itself.
In other words, our network remains highly secure. [Ed. note: Italics ours.]
Our public facing website is less secure. We have to use official CA keys there. That, however, matters very little; we don’t have any non-public data attached to that site at all.
Our mail servers have that same certificate issue, but only on the public facing side, not internally. This doesn’t affect our security either: Mails sent out of the Cryptohippie (CH) network have never been safe from the NSA, only mails that stay inside our network – to and from other Cryptohippie users.
You can take control of your e-mail now and protect your Internet traffic from surveillance by purchasing the Cryptohippie Road Warrior VPN package now.
Use the resources at securelaptop.org to download a copy of their customized version of Portable Thunderbird and begin to take control of your e-mail NOW!