The EFF has released a guide on how the average user can avoid nation state level surveillance. It is designed to provide tips that are easily accomplished by an intermediate user who wishes to safeguard their privacy and therefore many of the criticisms that I could make about it should be tempered against the need for the EFF to make the document as simple as possible for the average person to implement. That said I feel I should comment on two things that disturb me the most.
The first is their recommendation to use your operating system’s full disk encryption. Most casual readers will be using Windows and thus it’s built in BitLocker feature that is widely believed to hold a secondary copy of the key on the filesystem encrypted using a master key held by the NSA, in effect a sort of key escrow. BitLocker is certainly effective for securing your disks against casual eavesdroppers who may, for example, steal your laptop from your vehicle whilst it is left unattended. However given the very title of the article suggests their adversary is the NSA then I strongly suspect that BitLocker drive encryption will pose no difficulty to the agency.
Some will distrust Microsoft’s BitLocker and opt to use TrueCrypt instead, believing that a third party application is somehow safer. The first and obvious rebuttal to this line of thought is that if you distrust Microsoft (and you should) then you shouldn’t be utilizing any of their products, especially their operating system. This notwithstanding TrueCrypt has some specific issues which I have discussed in some length previously on this blog, namely that the developers do not disclose their identity, the code has not been subject to adequate audit and even if it were the Windows version that most run is distributed as a precompiled executable. Other whole disk encryption solutions do exist but all that are targeted at Windows systems have some issues – for example FreeOTFE was an excellent candidate yet is unmaintained and DiskCryptor has had little scrutiny. Proprietary solutions are closed source and thus unable to be reviewed.
In a previous life I performed data recovery for clients who required these services. Although I occasionally did forensic recovery most of my clients were paying business customers who had either suffered from a malicious or careless employee destroying data, physical disk corruption or failure or corruption caused by bad software. Many of these clients had a disaster recovery policy that involved either on or off-site backups (or a mixture of both) but invariably the data they required was modified or added between backups or the backup process was silently failing and they simply assumed that it was operating correctly until the time came to actually restore the required data. Some of these clients utilized full disk encryption which severely complicated the data recovery process especially where proprietary encryption software was used that could not tolerate decrypting from an image where, despite our best efforts blocks could not be recovered and were thus zeroed in our reconstruction. The worst part of this was that had the data been unencrypted the loss of a few bytes from, say a DOC file would likely not render the file completely useless. Some encryption tools would refuse (either through inappropriate error handling or choice in algorithm or block size) to even decrypt the undamaged portion of the file. You could argue that full disk encryption is potentially useless for those without a good reason to use it and could complicate data recovery should you require it. You could alternatively argue that even though these solutions may be imperfect they add some security and should be used. Unfortunately Windows (and applications) makes file level encryption for the purpose of keeping secrets from those who may gain physical access to the HDD on which encryption occurred is less useful as it leaves metadata and temporarily files all over the place. Periodic clearing of known cache and temporary file locations along with “scrubbing” of unused space with pseudorandom data will of course help. A reliable filesystem with encryption and granular ACLs as a standard feature and not as a bolt on abstraction layer would be a much better alternative which other more enlightened operating systems already have available in one way or another.
The second major issue surrounds the use of tor. It is the author’s opinion that the anonymity provided by tor is routinely broken by intelligence agencies using a range of techniques which I will elaborate on in a future article. Run a tor hidden service that hosts illegal content and you will undoubtedly be decloaked sooner or later. The time this takes will vary based on whom your tor client chooses as guards but eventually your luck will run out. Those who use tor just to browse are somewhat safer but face some risk through traffic correlation and similar means of network analysis that become possible when you have the ability to monitor such large portions of the Internet in near real time (or even analyze later provided accurate to the millisecond timestamps are taken). Many users who routinely browse and enter data into unencrypted websites not only risk their account credentials being stolen by rogue exit node operators but also provide them with an easy way in which to identify you uniquely. Aside from this issue there are browser fingerprinting techniques which may usefully link your regular browsing sessions with those conducted through tor (although the people behind tor advise everyone to utilize the tor browser bundle so that all users look alike this standardization was used against viewers of Freedom Hosting websites who utilized an exploit crafted for the ESR of Firefox on which the TBB at that time was based). That said those that use tor and use it carefully will doubtless have additional protection from surveillance providing they heed the advice given and never submit credentials outside of an encrypted session. It just isn’t a magic bullet and, like everything in this world is surmountable if someone puts enough effort into it.
Mike the Crypto Goat 
Reblogged this on oogenhand.