The Motherboard Guide to Avoiding State Surveillance
A straightforward guide to privacy, messaging, and keeping yourself safe from passive and active surveillance.
Image: Koji Yamamoto
This is excerpted from the Motherboard Guide to Not Getting Hacked, our comprehensive guide to digital security. We recommend you read that entire guide if you are generally looking to improve your privacy and security—if you do not take basic steps such as using unique passwords for every account and enabling two-factor authentication on your accounts, this guide will do little to help you. This guide, and that one, will be regularly updated. This post was last updated November 14. -Jason Koebler
Given the extraordinary capabilities of state surveillance in the US—as well as the capabilities of governments around the world—you might be feeling a little paranoid! It’s not just the NSA—the FBI and even local cops have more tools at their disposal to snoop on people than ever before. And there is a terrifying breadth of passive and unexpected surveillance to worry about: Your social media accounts can be subpoenaed, your emails or calls can be scooped up in bulk collection efforts, and your cell phone metadata can be captured by Stingrays and IMSI catchers meant to target someone else.
Remember, anti-surveillance is not the cure, it’s just one thing you can do to protect yourself and others. You probably aren’t the most at-risk person, but that doesn’t mean you shouldn’t practice better security. Surveillance is a complicated thing: You can practice the best security in the world, but if you’re sending messages to someone who doesn’t, you can still be spied on through their device or through their communications with other people (if they discuss the information you told them, for instance).
That’s why it’s important that we normalize good security practices: If you don’t have that much to be afraid of, it’s all the more important for you to pick up some of these tools, because doing that will normalize the actions of your friends who are, say, undocumented immigrants, or engaged in activism. Trump’s CIA Director thinks that using encryption “may itself be a red flag.” If you have “nothing to hide,” your use of encryption can actually help people at risk by obfuscating that red flag. By following this guide, you are making someone else safer. Think of it as herd immunity. The more people practice good security, the safer everyone else is.
The security tips provided earlier in this guide still apply: If you can protect yourself from getting hacked, you will have a better shot at preventing yourself from being surveilled (when it comes to surveilling iPhones, for instance governments often have few options besides hacking the devices). But tech tools don’t solve all problems. Governments have a weapon in their hands that criminal hackers do not: the power of the law. Many of the tips in this section of the guide will help you not only against legal requests and government hacking, but also against anyone else who may be trying to spy on you.
You don’t have to turn yourself into a security expert. Just start thinking about your risks, and don’t be intimidated by the technology. Security is an ongoing process of learning. Both the threats and the tools developed to address them are constantly changing, which is one of the reasons why privacy and security advice can often seem fickle and contradictory. But the tips below are a good starting point.
Threat Modeling (privacy and surveillance edition)
Keep in mind that different tools address different problems. Without threat modelling, it’s easy to feel overwhelmed by how many tools are out there. Threat modeling for surveillance is similar to threat modelling for hacking, but there are of course some nuances that vary in every situation.
It’s easy for some people to say “use Signal, use Tor,” and be done with it, but that doesn’t work for everyone. For example, a friend used to message people about her abusive ex-partner using the built-in Words With Friends messenger, because she knew that he read her text messages and Gchats. Words With Friends does not have a particularly secure messaging system, but in this case it was a better option than Signal or Hangouts because he didn’t think to read her messages on the game.
When it comes to state actors, it might be helpful to think of surveillance in two different forms: surveillance of metadata (who you are, who you’re talking to, when you’re talking) and surveillance of content (what you are saying). As with all things, when you dig a little deeper, it’s not as simple as that. But if you’re thinking about this for the first time, it’s a good start.
Surveillance law is complicated, but long story short, both the law and current technological infrastructure make it easier to grab metadata than content. Metadata isn’t necessarily less important or revealing than content. Say Planned Parenthood called you. Then you call your partner. Then you call your insurance. Then you call the abortion clinic. That information is going to be on your phone bill, and your telephone provider can easily give it up to the government. Your cell provider might not be recording those calls—the content is still private. But at that point, the content doesn’t matter—it would be easy for someone with the metadata alone to have a reasonable idea of what your calls were about.
Start thinking about what is open and exposed, and what you can protect. Sometimes, you have to accept that there’s very little you can do about a particular channel of communication. If circumstances are dire, you’re going to just have to work around it.
Signal is an encrypted messaging service for smartphones and desktop computers. It is, for many—but not all—people, a good option for avoiding surveillance. Because the government has the capability to intercept electronic messages while they’re being transmitted, you want to use end-to-end encryption for as many of your communications as possible.
Using Signal is easy. You can find it and install it from your phone’s app store. (In the iOS App Store and the Google Play Store, it’s called “Signal Private Messenger,” and it’s made by Open Whisper Systems.)
If you have the other person’s phone number in your contacts list, you can see them in Signal, and message them or call them. As long as the other person also has Signal, the messages automatically encrypt—all the work is invisible.
It even has a desktop app, so you can use it the way that iOS/Mac OS people use iMessage on both their phones and computers. Go to the Signal.org website and download the app for your preferred operating system. Just follow the instructions—trust us, they’re easy.
Signal also lets you set a timer for messages to automatically expire, thus deleting them from all devices. You can set the timer for all kinds of lengths, including very short ones. This is a great feature for journalists who are concerned about protecting their sources or their conversations with editors.
These are great features, and they’re part of the reason why we recommend Signal over many other end-to-end messaging apps. iMessage and WhatsApp also use end-to-end encryption, but they both have drawbacks.
We do not recommend WhatsApp, because WhatsApp is owned by Facebook, and has been sharing user information with its parent company. While this is only metadata, it is ultimately a rollback of a privacy promise made when WhatsApp was acquired by Facebook. We think this says something negative about the overall trustworthiness of the company in coming days.
It is a very good thing that Apple encrypts iMessages end-to-end. But iMessage also backs up messages to iCloud by default, which is why you can message from all your Apple devices. This is a great and fun feature, but if you’re concerned about government surveillance, remember that Apple complies with lawful government demands for data in your iCloud: “iMessage and SMS messages are backed up on iCloud for your convenience,” Apple’s privacy page states. You can turn this feature off, but in theory Apple could be forced to access the iMessages you’ve sent people who still have the feature enabled.
Signal keeps very little information. We know this, because Open Whisper Systems was subpoenaed by the government last year, and was forced to hand over information. But the information it had—by design—was pretty minimal. Signal retains phone number, account creation date, and the time of the user’s last connection to Signal servers. Yes, that’s still something, but as you can see, it’s not very much.
There are worse products to use than iMessage and WhatsApp. For example, you absolutely should avoid using Telegram for sensitive communications. And Google can read your GChats unless you take additional steps to encrypt them end-to-end. There are several other products on the market that are decent alternatives (for example, Wire), but like WhatsApp and iMessage, they’re created and maintained by for-profit companies, and we don’t know how they’re planning to monetize in the future. Signal is an open source, nonprofit project. That has its own drawbacks (for example, Signal is not as slick as iMessage, nor does it have the luxury of having a large security team behind it), so maybe donate money when you download it?
One thing that’s worth mentioning about Signal is that it requires you to associate the device with a phone number. This means that you need to trust the people you’re messaging to have your phone number (or need to jump through hoops to use Signal with a dummy phone number); there are many reasons why you might want to message people without giving them your phone number, which is one of the potential drawbacks of Signal. If this is a concern for you, consider another option.
Another thing to remember is that just because a communication is end-to-end encrypted doesn’t mean it’s invisible to the government. It just means the contents are encrypted between endpoints. You can see the message, your recipient can see the message. If it’s intercepted in transit, it’s completely garbled, and the content of your message is protected from spying eyes.
But if an “endpoint” is compromised—in other words, if your own phone is hacked or physically seized by the government, or your texting partner is screencapping your conversation—it’s game over.
Encryption doesn’t make it impossible for the government to snoop, it just makes it way more challenging. The point is that introducing friction into the equation does provide privacy.
Be conscious of what you post on social media
If you post publicly on social media, know that local police (and likely federal agencies as well) keep tabs on activists online. For example, Facebook, Instagram, and Twitter have all fed data to social media monitoring products that police departments used to track Black Lives Matter activists.
Even if you keep your privacy settings on lockdown, social media companies are subject to subpoenas, court orders, and data requests for your information. And often times, they’ll fork over the information without ever notifying the user that it’s happening. For the purposes of social media, assume that everything you post is public. This doesn’t mean you should stop using social media, it just means you have to be mindful of how you use it.
If you’re an activist, consider using a pseudonym for your activism. If you post online at all, take others’ safety and privacy into consideration as well.
Who are you tagging into your posts? Are you adding location information? Who are you taking a picture of, and why? Be particularly careful with photos or posts about protests, rallies, or meetings. Facial recognition technology is fairly sophisticated now, so even if you leave people untagged, theoretically an algorithm could scan for and identify activists in a photograph of a rally. You can already see this at work in Facebook’s tag suggestions.
When you take a picture of someone at a protest, make sure that they consent, and that they know the implications of having a photo of themselves out there.
Beware of device cameras and microphones
Do you live around any cameras? If you use internet-connected security cameras inside your home, or have a webcam running, don’t leave these things unsecured. Make sure that you’ve changed any passwords from the default that they shipped with, and cover them when you’re not using them.
If you have a laptop or a smartphone, use a sticker to cover the front-facing camera. You don’t have to stop Facetiming and taking selfies, you just want to cover things up so no one’s looking at you when you don’t want them to. The Electronic Frontier Foundation sells removable laptop cover stickers (five for $5) that won’t leave a residue on your camera, so you can take it on and off whenever you need it. Consider buying several and giving them to friends who might be shorter on cash.
Finally, there is absolutely no way to make sure your microphone is not recording. If you’re concerned about being wiretapped, consider turning off your phone and putting it in the microwave ( temporarily, with the microwave off), or leaving your phone in the other room. Turning your phone off alone does not necessarily protect you! And consider leaving all your devices outside of the bedroom when you have sex with your partner.
In 2012, Khadija Ismayilova, an Azeri journalist, was blackmailed with a surreptitiously filmed sex tape. The blackmailer told Ismayilova to stop publishing articles critical of the government, or else have her tape released. (Ismayilova went public, and the tape was posted on the internet.) In 2015, the Azerbaijan government sentenced her to seven and a half years in prison on tax evasion charges. She is currently out on probation.
Governments at home and abroad have used sex to blackmail dissenters. Be aware of that, and protect your privacy.
Protect your devices with a lock screen
Put a password/passcode on your phone and your computer. Don’t rely on your thumbprint alone. The police are more likely to be able to legally compel you to use your fingerprint to open up your phone. You may have a stronger constitutional right not to speak your password.
Use OTR for chatting (if you have to)
It’s best to use Signal for desktop when chatting with people. But here’s another option that’s particularly useful for journalists.
Close your Gmail window and use OTR (Off The Record) instead to chat. Keep in mind that you can only use OTR if the other person is also using OTR. Mac users can install Adium, PC (and Linux) users will have to install Pidgin and the OTR plugin.
You can use your Gmail account as your chat ID. So what’s going on is that you’re engaging in Gchat, but with a layer of encryption on top. Open up a chat window and click the lock icon to begin encryption. And make sure you tweak your settings so that you’re not retaining chat logs during encrypted conversations.
Again, end-to-end only goes so far. If the other person is logging your conversations, it might not matter that you went this far. If you’re concerned, ask your friend to stop logging.
Install the Tor Browser
Tor—which takes its name from an acronym for “The Onion Router”—scrambles your internet traffic by routing it through several layers of computers. This way, when you access a website, it can’t tell where you’re connecting from. The easiest way to use Tor is just to install the Tor Browser. It’s just like Firefox or Chrome or Internet Explorer, just a lot slower because of the privacy it provides.
Using Tor for everything will give you a big privacy boost, but it’s a bit unwieldy. Don’t, for instance, try to stream Netflix over Tor.
Evaluate your needs and figure out how much Tor you need in your life. Always remember that your IP address (which can give away where you are, and therefore, who you might be) is laid bare if you aren’t using it.
There are four reasons why you might want to use Tor.
- You’re trying to keep your identity hidden.
- You use a lot of public WiFi.
- You’re trying to get around government censorship.
- You are protecting the other people who use Tor.
If you’re an activist who is trying to hide their identity, you need Tor to mask your IP address. This is a limited use case scenario. For example, it’s self-defeating for me to open up Tor, log into my public Twitter account, and tweet, “What up, everyone, I’m tweeting from the Vice Media offices in New York City.” I am giving away all the information that Tor is masking for me—because when it comes down to it, in that use case scenario, I was never planning on keeping it private.
If you connect to a lot of public Wi-Fi (think Starbucks, a hotel, or the airport), though, you should use Tor. It provides similar benefits as VPNs , but without many of the drawbacks of a VPN (see the next section for a discussion of that).
If the United States begins to censor parts of the web, as many other governments do, Tor might be able to help you get around that. Tor certainly helps people connecting to the internet from other countries that practice internet censorship.
Finally, the thing about Tor is that the more people use it, the less trackable everyone else is. When a lot of random, unaffiliated people from all over the world use it, it becomes stronger and stronger. If you take the time to use Tor every day, you are helping people who really do need it.
A couple caveats, here: Tor is not bulletproof. The government has been known to hack groups of users on Tor, just like it’s been known to hack VPN users en masse. Tor, by itself, does not make it more unlikely for you to get hacked. Tor is for privacy, not security. And Tor is designed to make it hard to log your traffic, not impossible, so there’s always a risk that you aren’t being hidden.
The computers that make up the Tor network—the ones that your traffic bounces through—are run by volunteers, institutions, and organizations all over the world, some of whom face legal risks for doing so. They are not supposed to log the traffic that goes through them, but because it’s a volunteer network, some might. The risk is mitigated by the fact that each node only sees a snapshot of the traffic running through it, and nobody has access to both the user’s IP and their unencrypted traffic. A bad actor would have to run a very large number of Tor nodes to start logging meaningful traffic—which would be difficult—and the Tor project monitors for behavior that suggests anybody might be doing that.
Ultimately, for the purposes of state surveillance, Tor is better than a VPN, and a VPN is better than nothing.
It’s not clear whether Tor will continue to exist into the future. Tor is run partly through grants from the government. (Like many cutting edge technologies, Tor was originally developed by the US military.) It’s possible Tor will lose most of its funding in the very near-term. Consider donating to the Tor Project.
Virtual Private Networks
When it comes to state surveillance, VPNs won’t help much. A VPN will obscure your IP address, but when it comes to state surveillance, VPNs can be subpoenaed for user information that may ultimately identify you. For example, many VPN companies keep logs on what IP addresses log on when and what sites are accessed—which can end up pinpointing you, especially if you used your credit card to pay for a VPN subscription.
Some VPN companies claim not to log user information. You need to evaluate how much you trust these companies, and make that decision for yourself. If what you’re concerned about is government surveillance, our recommendation is that you stick with Tor.
PGP (probably isn’t worth the trouble)
The only reliable way to encrypt your email is PGP—also known as Pretty Good Privacy. However, PGP is incredibly obnoxious to use. Even PGP’s creator Phil Zimmermann has stopped using it, since he can’t use it on his phone. The problem isn’t just that you have to figure out PGP, everyone you talk to also has to figure it out. Telling someone to download Signal is a lot easier than walking them through public/private key encryption. This is where your threat model comes in handy, to help figure out if PGP is actually worth it to you.
If you absolutely must use encrypted email, this guide to PGP might be helpful. It’s tricky, so you might want to go to a crypto party and have an activist or technologist help you set it up.
Don’t run your own email server
If 2016 did anything, it convinced everyone not to run their own private email server.
It’s true that Google and other companies have to comply with court orders for your information, including your emails. But on the other hand, Google knows how to run email servers way better than you do. Email servers are hard! Just ask Hillary Clinton.
If you are encrypting email, Google can only hand over the metadata (who’s sending to whom and subject headers). Since encrypting email is a huge pain, try to keep all your sensitive stuff away from email, and in end-to-end encrypted channels instead. Don’t abandon your third-party email account, just be aware that the government can get at what’s inside.
Encrypt your hard drive
Good news: this isn’t as hard as it used to be!
Full-disk encryption means that once your device is locked (when it’s off, or when it’s on but showing a lock screen), the contents of your hard drive can’t be accessed without your password/key.
A lot of smartphones come with full disk encryption built in. If you own an iPhone with a recently updated operating system (like, in the last three years, really), just slap a passcode on that sucker and you’re golden.
If you own an Android phone, it might already be encrypted by default (Google Pixel is). But chances are, it’s not. There isn’t an up-to-date guide on turning on encryption on all Android devices, so you’re going to have to poke around yourself, or ask a friend. And if you own a Windows phone, god help you, because I can’t.
As for computers, things are again, much easier than they used to be. Use your operating system’s full disk encryption option instead. For MacBooks running Lion or newer, just turn on FileVault.
Windows, on the other hand, is a lot more complicated. First off, some users have encryption by default. Some more users can turn it on, but it’s kind of a pain. And if you’re using Microsoft’s Bitlocker, you’re going to have to fiddle with some additional settings to make it more secure. Apple doesn’t retain the capability of unlocking your devices. Famously, if the government goes to Apple, Apple can’t just decrypt your phone for the feds, not without coming up with a hack that will affect every iPhone in the world. But Microsoft isn’t doing quite the same thing—in some cases they use what’s known as “key escrow,” meaning they can decrypt your machine—so you have to take additional steps (outlined in this article) to get that same level of protection.
You may need to resort to using VeraCrypt. A lot of older guides will say to use TrueCrypt, regardless of operating system. This is now outdated advice. VeraCrypt used to be TrueCrypt, and the story of why it's not any more is a convoluted crypto soap opera with plot holes the size of Mars, and it is frankly outside the scope of this guide. Long story short, there’s nothing wrong with VeraCrypt as far as the experts can tell, but if you have the option, use the full disk encryption that your operating system already provided.
If you use Linux, your distro probably supports encryption out of the box. Follow the instructions while installing.
If you’re a journalist, know the risk of hanging onto your notes
Want to protect your sources? Your notes, your Slack chats, your Gchats, your Google Drive, your Dropbox, your recorded interviews, your transcripts, and your texts can all end up in court. Depending on what kind of court case it is, it might not matter that it’s encrypted.
Don’t wait until a lawsuit is imminent to delete all your stuff. That might be illegal, and you might be risking going to jail. Every situation is different: your notes might be necessary to get you out of trouble. So if you’re the type to hoard notes, know the risk, talk to a lawyer, and act responsibly.
Know that credit card companies never stand up to the government. If you pay for anything using your credit card, know that the government can get that information pretty easily. And remember that once your identity touches something, there’s a chain that the government can follow all the way back.
For example, if you get a prepaid Visa gift card using your personal credit card, and pay a VPN company with that, the government can just go backwards through the chain and find your personal credit card, and then you. If you pay a VPN company with Bitcoin, but you bought the Bitcoin through a Bitcoin exchange using your personal credit card, that’s traceable as well.
This applies to anything else you use money for, like buying domains or cheap, pay-as-you-go phones, known as burners. Practically speaking, there’s not a lot you can do about this. It’s one of the reasons why we recommend Tor instead of a VPN service.
It’s also one of the reasons why it’s so hard to get a burner phone that’s really a burner. (How are you going to pay for continuing phone service without linking your name to it?) There is no easy answer here. We’re not going to pretend to be able to give good advice in this instance. If you find yourself in a situation where your life depends on staying anonymous, you’re going to need a lot more help than any internet guide.
One more thing: For now, organizations like the ACLU and NAACP have a constitutional right to resist giving up the names of donors. But your credit card or PayPal might betray you anyways. This doesn’t mean you shouldn’t donate to organizations that resist oppression and fight for civil rights and civil liberties. Rather, it makes it all the more important that you do. The more ordinary people do so, the more that individual donors are protected from scrutiny and suspicion.
We don’t know what the future holds
Which brings us to our next point: we don’t know what the future holds. This guide was written with the current technical and legal capabilities of the United States government in mind. But that might all change in the future. Strong encryption might become illegal. The United States might begin to practice internet censorship the way that China and other countries do. The government might institute a National ID policy for getting online, making it near-impossible to post anonymously.
These things are harder to enforce and implement, so they’re not likely to happen quickly.
It’s also not infeasible that the government pressures app stores to take down Signal and other end-to-end encryption applications. This guide might be only be so good for so long. That’s all the more reason to become proactive against surveillance now, and to keep adapting to changing circumstances.
Meet in person
Many public places have cameras, some spots are wired with microphones. And there’s always the possibility that you are being individually targeted for surveillance. But ultimately, it’s a lot harder to surveil someone in person than to collect the electronic communications of many people at the same time.
Take a break from the wired world and meet people in person. If you stay out of earshot, you won’t be overheard, and your words will melt into the air, unsurveilled and unrecorded.
And besides, if you’re reading this guide, chances are that you really need a hug right now.
So meet up with your friends, verify your Signal keys, and give each other a big hug. Because you’re probably both scared, and you need each other more than you need any of this technology.
GO OUT THERE AND BE SAFE
That is all for now. Again, this is just meant to be a basic guide for average computer users. So if you're a human rights activist working in a dangerous country or a war zone, or an organization building IT infrastructure on the fly, this is certainly not enough, and you'll need more precautions.