In the past several weeks, EFF has received many requests for advice about privacy tools that provide technological shields against mass surveillance. We've been interested for many years in software tools that help people protect their own privacy; we've defended your right to develop and use cryptographic software, we've supported the development of the Tor software, and written privacy software of our own.

This article is part one of a two-part series. In this part, we'll take a brief look at some of the available tools to blunt the effects of mass surveillance. In the second part, we'll discuss the big picture, reasons Internet users have been slow to adopt cryptographic software, and some limitations of existing technology's ability to defend us against government snooping.

I. The things users want to keep private

There are many different kinds of electronic surveillance and many aspects of our communicative activities we may want to keep private. The online privacy landscape can be daunting in part because each different tool addresses different kinds of monitoring and privacy threats.

For example, most web browsers now include a "private browsing mode" which limits the web history kept on your own computer, preventing others who access your computer from learning about your browsing, but which has no effect on the data that's transmitted over the Internet, and doesn't try to stop, say, your Internet service provider from knowing where you went online.

Similarly, some privacy settings on services like Google and Facebook limit the display of some account history and information either to you or to your friends, but don't do anything at a technical level to stop Google or Facebook themselves from accessing or recording the communications and activities you send through their sites.

Even when we use cryptography to hide the content of our communications, there's a distinction to be drawn between transport encryption (protecting the communications as they travel between your computer and a service provider, like Gmail or your cell phone carrier) and end-to-end encryption (protecting them all the way between your device and the device of the person you're talking to, so that no intermediaries can read them at any stage). Accessing a webmail account over a secure HTTPS connection is an example of the former; it prevents your ISP, as well as people on your wifi network, from reading your mail as it travels between you and your mail provider. Using email encryption software like PGP is an example of the latter; it prevents even your webmail provider itself from reading the mail.

As we'll discuss in more detail in part two of this series, it's relatively easy to use transport encryption to prevent network operators from reading your communication. It's more work to use end-to-end encryption to keep communications private from an intermediary like an IM provider, cell phone carrier, or email service. And it's quite difficult to conceal the fact that communications happened between one user and another—it's much easier to hide what you said in an IM, phone call, or email than to conceal that you contacted a particular friend via IM, phone, or email at a particular moment.

Finally, you might want to hide your physical location when you're communicating. By default, Internet service providers along the way see, and most Internet sites you interact with store, your Internet protocol address (IP address), which can be used to figure out where you connected to the Internet from. This gives services a potential profile of your whereabouts over time, and even the potential to infer other information such as who else was with you and where you spent the night.

Here, we'll look at a few options to increase the use of cryptography to protect the contents of your on-line communications. As we'll discuss in Part 2, these technologies can't offer complete protection against every kind of surveillance, or against every possible eavesdropper; still, making encryption mainstream should help increase everyone's privacy baseline.

II. Privacy for Connections to Web Sites: HTTPS Everywhere

The technology we use to secure our communications with web sites against eavesdropping as our data travels over the Internet is HTTPS. Major web sites have been gradually migrating toward supporting or requiring HTTPS connections, which provide an important kind of protection against mass surveillance targeted against the Internet infrastructure itself.

Your web browser already supports HTTPS, but for some sites you might or might not use a secure connection. (For example, a secure connection for Google Search or for Wikipedia is available, but is optional.) To address this problem, EFF developed HTTPS Everywhere, a browser add-on that tries to make sure your connection to web sites is secure whenever the web site you're visiting supports it.

Even with HTTPS Everywhere, you can only have a secure connection with web sites that choose to offer HTTPS. Some still don't. If you use a site that still doesn't offer a secure HTTPS connection, please ask the site operators to start supporting HTTPS.

III. Privacy for Instant Messaging: OTR

You can use Off-the-Record Messaging (OTR) to encrypt your instant messaging conversations, preventing your IM provider from reading them. This only works with IM providers that allow the use of external IM software, and you'll need to install an OTR-capable IM application on your devices.

Wikipedia has a list of IM software that supports OTR. Currently the most widely-used chat applications with OTR support are Pidgin (on Linux and Windows) and Adium (on Mac OS X). There's also Gibberbot (for Android) and ChatSecure (for iOS). The number of applications with OTR support has increased dramatically and the landscape may change over time.

OTR can only protect your conversations when you're chatting with another user who has an OTR-capable client. It won't protect you, for example, if you're using Pidgin and the person you're chatting with is using the web-based chat on their IM account; in this case OTR mode will simply not be activated.

As we discuss below, Cryptocat also addresses encrypted chat, using a web browser rather than an external IM application.

IV. Privacy for Phone Calls: Encrypted VoIP

Instead of making an unencrypted and easily-tappable phone call, you can try to protect your communications by making an encrypted Internet (or "VoIP") call. The encryption technologies used with Internet calling, and the kind and level of protection provided, vary enormously.

Many popular Internet phone and video conferencing tools do provide some kind of encryption, but most often not encryption meant to protect against the service provider. For example, Google Hangouts are encrypted to protect against someone tapping your network connection, but Google itself could easily record them. Popular applications like Skype and Viber are also thought to provide a similar level of protection in practice: equivalent to transport encryption, not end-to-end encryption. That means they can be forced to help spy on you.

There are end-to-end encrypted VoIP applications available. Many are based on a technology called ZRTP. An example that we're particularly excited about is Moxie Marlinspike's RedPhone (currently available for Android devices). We've also seen a lot of interest in Silent Circle's proprietary applications.

As with IM, you can only get secure phone calls with people you call who are using compatible software.

V. Privacy for Email: PGP

PGP-compatible software lets you encrypt email, though most often only if you're using a standalone email application (not if you use web-based email). The main version of PGP technology targeted at individual users today is GnuPG, a free and open source implementation. For users who have not previously worked with encryption technologies, PGP can have a steep learning curve: it requires users to manually create, manage, and exchange keys.

VI. Anonymity and Location Privacy: Tor

The Tor software is the state of the art for providing Internet users with anonymity when they go online, and for concealing where they're accessing the Internet from, even when they log into sites or use their real name.

Most users use Tor by downloading the Tor Browser Bundle from the Tor Project's site. The Tor Browser is a special browser that sends all of your browsing activity through the Tor network, preventing an easy, direct association between where you're coming from and where you're going. (There are other solutions that also purport to hide your IP address, but most just route your connections through a single company's servers and require you to trust that company not to reveal information about your browsing. Tor bounces your communications through three servers, hopefully not all run by the same entity, to reduce the chance that someone will be in a position to see the whole picture.)

Last year, we prepared an interactive graphic about Tor and HTTPS to show how Tor and HTTPS work together to protect your privacy. The graphic shows which kinds of information each technology normally conceals—and from whom. (In this graphic, we used the word "location" to refer to information about your IP address because this knowing your location is often the most privacy-sensitive consequence of letting someone know your IP address.)

VII. Host-Proof Hosting

The rise of convenient online communications, storage, and social networking tools has had serious privacy consequences. When you use popular online or cloud services, you turn all of your data over to an intermediary, where it may have significantly reduced legal protections compared to information you keep on your own personal devices. You also need to trust the service provider to use your data properly and not disclose it to others. (Whether this makes your data "safer" is a complicated question. Most Internet companies have vastly more time and money to spend securing and backing up your data than you do, as well as making it conveniently available, so trusting them may be rational. At the same time, Internet intermediaries may be a tempting target for hacking attacks, and are regularly forced by legal process to hand over user information to government agencies.)

The last few years have seen increased interest in the idea of "host-proof hosting", where data is encrypted on your own computer before being uploaded to a cloud service. Then the service provider itself can't read the data you're storing there. These applications are called "host-proof" because they provide protection even against the service provider itself1.

Today this is particularly popular for online backup services, which might be the simplest case from an engineering point of view. A "host-proof" online backup provider can't read your files without knowing your encryption password. (You can also get this kind of protection by encrypting the files yourself before backing them up—perhaps with TrueCrypt or Boxcryptor.) Examples of host-proof backup tools include SpiderOak, Wuala, Tarsnap, and others.

Creating host-proof applications is challenging and involves trade-offs. For example, a host-proof service can't easily search through your data, because it can't read the data. And it can't help you recover your data if you forget or lose your password, though there are ways the service could help you create your own password-recovery options.

There have been attempts to create host-proof services beyond the realm of backups, including host-proof web-based chat like Cryptocat. We've heard from people who are doing exciting work in this area, targeting host-proof social networking and online collaboration, as well as host-proof online storage with 100% open source client software. We expect to see a lot of announcements in this area. If demand for these technologies continues to increase, we could see a new wave of more privacy-protective communications tools.

VIII. For more information

More details about how to start using these and other tools can be found in Micah Lee's whitepaper "Encryption Works: How to Protect Your Privacy (And Your Sources) in the Age of NSA Surveillance".

  • 1. There is still a challenge when the encryption software is automatically downloaded from the provider's web server: how does the user know that, on a particular occasion, the provider is giving them the real encryption software and not a fake version that leaks their information? This was a concern with the service Hushmail, which said that a court order might force it to give particular users modified, weakened versions of its web-based email encryption tool. In 2003, the Ninth Circuit said that companies can in principle be compelled to secretly modify their services to facilitate interception, but not when doing so is too disruptive. We need services to find practical ways of ensuring users are getting the unmodified version of the encryption software and to make the details clear and public.