fb-pixelFor privacy lovers, the right type of software - The Boston Globe Skip to main content

For privacy lovers, the right type of software

Edward Snowden, high school dropout and National Security Agency turncoat, has now become a typewriter salesman. In the wake of Snowden's revelations about America's vast electronic spy network, Russia's Federal Security Service is switching to the old-school machines instead of desktop computers. Typewriters are slow and inefficient, but they can't be hacked.

We're all in the same boat. Snowden's NSA leaks suggest that many popular digital products have been infiltrated by government snoops, leaving users with a bitter choice — forfeit your privacy or your favorite technology. With each new leak the threat seems worse.

Just last month, I wrote that privacy lovers should consider using Skype, Microsoft Corp.'s Internet calling software for personal computers and smartphones. Calls between two Skype users are encrypted to prevent even the NSA from eavesdropping.

Advertisement



But last week, a new Snowden leak claimed that Microsoft lets the agency bypass Skype's encryption and intercept audio and video traffic. The same report claims that the NSA and FBI have free run of e-mail and text messages sent via Microsoft's Outlook.com service and that the agencies can access any digital files tucked away at Microsoft's SkyDrive cloud storage service.

Microsoft insists that it provides customer data only on specific individuals and only "in response to legal processes." On Tuesday, the company added, "we will not provide governments with direct or unfettered access to customer data or encryption keys," which ought to rule out warrantless wiretaps of Skype.

Snowden could be misleading us, but the NSA's activities are so secret there's no way to know. So I've continued my search for spy-proof Internet services, with mixed results.

Encrypting your phone calls is a challenge, because the available options require the people on either end of the call to use the same software. That was easy with Skype, which is used by millions.

Advertisement



But I couldn't test the most prominent alternative, a program called Jitsi that promises end-to-end call encryption. I found only one other person who uses it, and we couldn't get our computers to connect. If you and a best friend want to give it a try, download it at Jitsi.org.

I had much better luck with SpiderOak, an ultrasecure alternative to SkyDrive and other cloud storage services, like Dropbox.

Lots of people use those services to store photos, movies, and files with personal information. SpiderOak's chief attraction is its "zero-knowledge" security system. This means that the company knows absolutely nothing about the data it stores. Every bit of it is encrypted and the keys are controlled by the users. Lose your SpiderOak password, and you're out of luck; the company can't recover it. But this means SpiderOak can't reveal your secrets to anybody, even a government agent toting a subpoena.

Encrypting your e-mail is also a smart move, but what if your recipients don't use the same e-mail software as you? It's not a problem with a secure mailing service called Hushmail. It's free if you can get by with just 25 megabytes of mail storage; an annual $49.98 fee will get you 10 gigs.

All messages sent to other Hushmail users are, of course, encrypted. But friends with Gmail, Hotmail, or other insecure services can benefit, too. You can attach a test question, like "what's your favorite movie?" to your e-mail, which they'll receive as a webpage link. If they answer the question, the message is decrypted in a browser window.

Advertisement



Hushmail isn't flawless; the company will turn over user messages when presented with a court order. But as the company is based in Canada, the US government can't demand covert access to its servers.

Just running the typical Web search through a service like Google can leave footprints for the government to track. That is why free Internet search engines like DuckDuckGo and StartPage have seen big traffic spikes since Snowden began talking. Unlike Google, these services don't record your Internet search history, or your computer's Internet address, which could reveal your physical location. Their search results aren't as precisely tailored to your interests as Google's. But it also means they can't tell the cops anything about you.

StartPage, based in the Netherlands, is especially fanatical. Its proxy feature lets you visit websites without revealing your true Internet address. It's perfect for the occasional covert visit to CIA.gov.

Each of these services require more effort than the standard Internet tools; in exchange, they can help us preserve at least a little digital privacy. And unlike typewriters, they never need oiling.


Hiawatha Bray can be reached at bray@globe.com.