Private Communication


#1

Well, I have to give @Bob credit for me starting this thread. His post on Protonmail.ch was nice to see. Nice to see that other people take privacy seriously. So I wanted to start a thread where we can discuss the different apps and programs we all use for private communication. Emails, phone calls and text messaging.

I am predominantly an iOS user (iPhone 6), but do enjoy Android as well (Nexus 5, Pure Android the way it was meant to be). Currently I use Telegram as my messenger. Used to use SureSpot, but it seems that they haven’t developed it much lately. I am also exploring encrypted calling apps, with the likes of Signal and Simlar. For email, I use Protonmail.ch (very simple to use) but I also have my PGP and S/MIME keys. If Protonmail had a mobile app, that would be lovely.

For Android, RedPhone and TextSecure are my staples. Created by OpenWhisperSystems. Signal is the iOS versions of these, but Signal does not include an encrypted messenger. (hopefully in the future as I like OpenWhisperSystems)

Being that this is a largely Technical bunch, I would love to hear how everyone else manages their private communications. Always looking to learn new tricks.


#2

I got PGP integrated into my email program that is all the privacy I really need. It can sign and/or encrypt emails.


#3

If you follow Snowden nothing on a phone is secure looks like. He recommends using PGP with email only with a 4096 bit RSA key minimum. I do not trust any email provider with my private key. It is easy enough to use your laptop for email with a standalone PGP utility. Of course you need to encrypt your laptop to protect your PGP key.


#4

Yep, nothing is truly secure, but we can do our best to make it a big PIA to get to our information. I use PGP on my computer(OS X allows it native in the mail.app) and phone (IPGmail). I keep my encryption key on a thumb drive in another location, so it can’t be found on my computer.

There is an encrypted messaging app based off of Telegram, called SendChat, which allows you to message as well as transfer BTC’s to other SendChat users. Waiting for the iOS version to come out Soon™.
http://sendchat.org


#5

I rely on meditation techniques (Tantric Lotus Sutra) taught by Tibetan Buddhist masters to send energy transmissions direct to the target.

Last time I used tech crypto was CryptoCat to talk to Sabu & his FBI handlers during the Occupy fizzle (they were pretending to be “Occupy Marines”). Worked great, they knew exactly who I was and they were always entertaining. However, after a couple dozen quotes from Gandhi they stopped believing they could get an indictment.

If you have something to say that you don’t want anyone else to hear, say it across a table at a busy burger stand. I recommend In 'n Out burger, their tile walls reflect sound really well, it’s the loudest burger stand ever. Plus the burgers rock.

Aum…

PS follow “thegrugq” on Twitter for lots of cool OpSec tips


#6

I also have PGP in Thunderbird but rarely use it. I also use some encrypted chats but in general don’t have much to hide. What I do encrypt like hell is the backups of my wallet.dat files and private keys. before pushing them to a specific cloud :slight_smile:


#7

What do you use to encrypt them? I’m thinking about small encrypted mounted volume that is regularly backed up to something like dropbox


#9

I love my account been using it since the early days. Simple and useful.


#10

I speak burger code


#11

Off Topic: New Avatar…nice! Almost didn’t know who you were.


#12

Not sure if I want to discuss this here. I’ll PM you.


1 :hamburger:, 2 :hamburger:, many :hamburger: :hamburger: :hamburger: :hamburger: :stuck_out_tongue:


Yepp, getting into the poker grind again so I’m showcasing “the nuts!” :wink:


#13

Do people still trust TrueCrypt? I know the development ceased, but last I heard, the code review hadn’t turned up anything concerning.


#14

TrueCrypt was killed by microsoft when they ended XP support and all the following windows version did not support the TrueCrypt model anymore. Anyway I’m on linux so no TrueCrypt for me.


#15

Eh? I’ve used (and am using) TrueCrypt on XP, Vista, and Win7. People have compiled it for linux, and apparently there’s a way to use the LUKS system to mount it natively, but I’ve not had much success with this method.


#16

Then people are modifying the source to get it to run. The last article I saw was that certain hooks where removed and also because win7 had native encryption. I can’t remember the details but that was one of the reasons they stopped developing. The latest development was removing the encryption feature you could on decrypt.


#17

Do you have a reference article? I’m using the last distributed version on Win7 and it’s working like a champ. If there’s a critical reason to cease using it, I’d like to educate myself.

Really though, I want an actively-maintaned cross-platform solution that mounts a resource natively that will be as transparent and efficient as truecrypt is/was.


#18

Article and google search


#19

Have to disagree here. Truecrypt 7.1.a is still fine and can be downloaded at GRC site Truecrypt is still safe to use.


#20

I use Thunderbird with Torbirdy as a client for my sigaint.org email account. I use Tor as a browser and for non email communication I use an undisclosed back alley on a cloudy night.


#21

I’m writing again because a very solid article article appeared today in Alternet: “When Strong Encryption Isn’t Enough to Protect Our Privacy” subtitle… Don’t put blind faith in technology.

http://www.alternet.org/news-amp-politics/when-strong-encryption-isnt-enough-protect-our-privacy

I have a unique perspective on privacy, with a background in bank IT security & disaster recovery dating back to the 1980’s. Perhaps some of you thought I was joking about pulling Sabu’s chain in that post a day ago. I wasn’t. Sabu’s OpSEC (Operational Security) was next to worthless & by the time Occupy kicked off he was obviously compromised.

A leading quote from the article posted above: “None of the claims of what comsec works is to be taken saltless: Tor, OTR, ZTRP are lures.” —Cryptome, Dec. 30, 2014”

I believe that if you use Tor you’re marked as a target: “When your threat profile entails a funded outfit like the NSA, cyber security is largely a placebo.” and “Tor makes you stick out as much as a transgender Mongolian in the desert.” This is why US citizen Jacob Applebaum (ioerror), a Tor dev, is now living in Berlin, but that’s another story. You cannot succeed in maintaining a purely private life anywhere on the planet, but Berlin is safer and more private than most places.

Yesterday I mentioned “Grugq” who is on twitter, he finds zero day exploits for a living. He has a lot to say about OpSEC and it’s all good advice. While online, people often forget all about the real world trail they leave: Facebook, Linked In, Twitter, etc, all that stuff stays out there and is easily connected to a specific person.

Here’s a good EFF guide to maintaining privacy. It was written about 3 years ago but is still appropriate in most ways:

If you want a fairly secure system to store your BTC wallets, here are the basics about Tails:

If you’re running on OS X, start by using Cocktail to clean everything frequently and Little Snitch to flag every connection to and from your system. Little Snitch is annoying at first, but well worth it.

If you’re running on Windows, any version: you lose.

Last thought: if you’re intent on maintaining a clean system, then start by installing on a brand new clean laptop.

Good luck keeping your Bitcoins safe!