Metadata – what does it capture:
- IP address endpoints on http traffic, but not https.
- GSM MetaData – who you called/texted and when/where.
- Public wifi hotspots not required to collect metadata.
- https mail is secure from metadata protection except —>
Five eyes agreement (Share intelligence – US UK NZ CANADA and AUST)
Not secure if you email a non-https email account.
- Metadata DOES NOT INCLUDE your content on Facebook, however obviously public shared data is available to anyone, and private or friends only data is available through PRISM (see below).
Information held by Australian service providers, and sometimes international services can be subpoenaed. Example, copyright cases.
National Security Agency
NSA have several mechanisms for tracking/collecting data. The main methods are Internet Backbone interception and PRISM
- Internet Backbone:
AT&T, Verizon, Sprint have all provided NSA access to their networks. This means NSA can monitor and collect data going across those provider’s networks. NSA have also been caught out intercepting routers enroute from manufacturer to customer and inserting software backdoors. This means they can log any traffic that crosses that router once it is in operation.
- PRISM. PRISM is a surveillance system that provides backdoor access to several main service providers. It allows NSA agents to access data held on users of those services. Known members of PRISM include:
Yahoo (who fought it in FISA court but lost)
Microsoft (and outlook.com)
- FISA Court. – sometimes supports NSA, sometimes limits it. FISA is the Foreign Intelligence Surveillance Court. FISA is responsible for authorising or blocking NSA surveillance operations.
Like a canary used by miners, if the canary dies, there is a gas leak. Canaries will die from gas before humans, so a dead canary is advanced notice for humans of a gas leak. Likewise, a warrant canary is a statement regularly updated by a provider indicating they have not been subject to a government warrant. If the statement is out of date or missing, it means the company has been subject to warrant, and therefore your data held by the company may no longer be secure.
Warrant canaries are issued because warrant requests usually legally require the company not reveal that they are subject to a warrant.
Web browsing anonymity. IP address obfuscation. Slow, and can’t be used for torenting since torenting breaks the anonymity. Outbound nodes can be compromised.
https anywhere improves security by ensuring all traffic is encrypted.
VPN – Encrypts traffic between the user and the vpn proivder
VPN providers can be subpoenaed – look for vpn that doesn’t keep ip address logs.
Free vpn versus paid – pros and cons – Free VPN providers are less secure, unknown. Large providers are more secure, but more likely to be subject to warrant.
Wickr – goes through central provider but end to end encryption – they don’t know what you are sending.
Wick use Warrant Cannaries.
RISEUP – https secure email. Not encrypted at provider, but provider is trustworthy. They can still be subpoenaed. Riseup use a Warrant Canary.
TextSecure, now Redphone – recommended by Snowden – encrypted, but some metadata can leak.
Skype – encrypted, but can be captured if Skype has been subject to warrant (whereas wickr data is fully encrypted end point to end point). Also meta data is leaky. No warrant canary – owned by MS so part of PRISM
All above chat/call methods rely on third parties