How to Keep the NSA Out of Your Computer

[Klaatu]

How to Keep the NSA Out of Your Computer
Sick of government spying, corporate monitoring, and overpriced ISPs? There's a cure for that.
—By Clive Thompson
| September/October 2013 Issue, Mother Jones

Editor's note: Clive Thompson will be answering readers' questions about this article in a Reddit AMA on Wednesday, August 26, from 1 p.m.-3 p.m. Eastern Standard Time (10 a.m.-noon Pacific).

JOSEPH BONICIOLI mostly uses the same internet you and I do. He pays a service provider a monthly fee to get him online. But to talk to his friends and neighbors in Athens, Greece, he's also got something much weirder and more interesting: a private, parallel internet.

He and his fellow Athenians built it. They did so by linking up a set of rooftop wifi antennas to create a "mesh," a sort of bucket brigade that can pass along data and signals. It's actually faster than the Net we pay for: Data travels through the mesh at no less than 14 megabits a second, and up to 150 Mbs a second, about 30 times faster than the commercial pipeline I get at home. Bonicioli and the others can send messages, video chat, and trade huge files without ever appearing on the regular internet. And it's a pretty big group of people: Their Athens Wireless Metropolitan Network has more than 1,000 members, from Athens proper to nearby islands. Anyone can join for free by installing some equipment. "It's like a whole other web," Bonicioli told me recently. "It's our network, but it's also a playground."

Indeed, the mesh has become a major social hub. There are blogs, discussion forums, a Craigslist knockoff; they've held movie nights where one member streams a flick and hundreds tune in to watch. There's so much local culture that they even programmed their own mini-Google to help meshers find stuff. "It changes attitudes," Bonicioli says. "People start sharing a lot. They start getting to know someone next door—they find the same interests; they find someone to go out and talk with." People have fallen in love after meeting on the mesh.

The Athenians aren't alone. Scores of communities worldwide have been building these roll-your-own networks—often because a mesh can also be used as a cheap way to access the regular internet. But along the way people are discovering an intriguing upside: Their new digital spaces are autonomous and relatively safe from outside meddling. In an era when governments and corporations are increasingly tracking our online movements, the user-controlled networks are emerging as an almost subversive concept. "When you run your own network," Bonicioli explains, "nobody can shut it down."


THE INTERNET may seem amorphous, but it's at heart pretty physical. Its backbone is a huge array of fiber-optic, telephone, and TV cables that carry data from country to country. To gain access, you need someone to connect your house to that backbone. This is what's known as the "last mile" problem, and it's usually solved by large internet service providers such as AT&T and Comcast. They buy access to the backbone and charge you for delivering the signal via telephone wires or cable lines. Most developed nations have plenty of ISPs, but in poor countries and rural areas, the last-mile problem still looms large. If providers don't think there's enough profit in household service, they either don't offer any or do it only at exorbitant rates.

Meshes evolved to tackle this problem. Consider the Spanish network Guifi, which took root in the early aughts as people got sick of waiting for their sclerotic telcos to wire the countryside. "In some places you can wait for 50 years and die and you're still waiting," jokes Guifi member Ramon Roca. The bandwidth-starved Spaniards attached long-range antennas to their wifi cards and pointed them at public hot spots like libraries. Some contributed new backbone connections by shelling out, individually or in groups, for expensive DSL links, while others dipped into the network for free. (Guifi is a complex stew of charity, free-riding, and cost-sharing.) To join the bucket brigade, all you had to do was add some hardware that allowed your computer's wifi hub to pass along the signal to anyone in your vicinity. Gradually, one hub at a time, Guifi grew into the world's largest mesh, with more than 21,000 members.
"When people see the price they get from the mesh, they're like, 'Ten bucks a month? Oh, shit, I'll pay that!'"

In some ways, a community mesh resembles a food co-op. Its members crunch the numbers and realize that they can solve the last-mile problem themselves at a fraction of the price. In Kansas City, Isaac Wilder, cofounder of the Free Network Foundation, is using this model to wire up neighborhoods where the average household income is barely $10,000 a year. His group partners with community organizations that pay for backbone access. Wilder then sets up a mesh that anyone can join for a modest sum. "The margins on most internet providers are so ridiculously inflated," he says. "When people see the price they get from the mesh, they're like, 'Ten bucks a month? Oh, shit, I'll pay that!'"

In other cases, meshes are run like tiny local businesses. Stephen Song, the founder of Village Telco, markets "mesh potatoes," inexpensive wifi devices that automatically mesh with each other, allowing them to transmit data and make local calls. In towns across Africa, where internet access is overpriced or nonexistent, mom-and-pop shops buy backbone access and then sell mesh potatoes to customers, offering them cheap monthly phone and internet rates. Song hopes this entrepreneurial model will lead to stable networks that don't have to rely on donations or tech-savvy community volunteers. He set up a mesh himself in Cape Town, South Africa. "The primary users of that tech were grandmothers," Song says. "Grandmothers are really dependent on their families, and visiting is hard—it's a really hilly area. So if you have an appealing low-cost alternative, they go for it."


WHILE MESH networks were created to solve an economic problem, it turns out they also have a starkly political element: They give people—particularly political activists—a safer and more reliable way to communicate.

As activism has become increasingly reliant on social networking, repressive regimes have responded by cutting off internet access. When Hosni Mubarak, for instance, discovered that protesters were using Facebook to help foment dissent, he ordered the state-controlled ISPs to shut down Egypt's internet for days. In China, the Communist Party uses its "Great Firewall" to prevent citizens from reading pro-democracy sites. In the United States, authorities have shut down mobile service to prevent activists from communicating, as happened a couple of years ago during a protest at San Francisco subway stations. And such reactions aren't only prompted by dissent. Some of the big phone and cable companies have begun to block digital activities they disapprove of, like sharing huge files on BitTorrent. In 2009, the recording industry even persuaded France to pass a law—since declared unconstitutional—that canceled the internet service of any household caught downloading copyrighted files more than three times.
"What if you could communicate with anyone, anywhere, without going over an inch of corporate or government cable?"

The last-mile problem, it turns out, isn't just technical or economic: It's political and even cultural. To repurpose the famous A.J. Liebling statement, internet freedom is guaranteed only to those who own a connection. "And right now, you and me don't own the internet—we just rent the capacity to access it from the companies that do own it," Wilder says.

So now digital-freedom activists and nonprofits are making mesh tools specifically to carve out spaces free from government snooping. During the Occupy Wall Street actions in New York City, Wilder set up a local mesh for the protesters. In Washington, DC, the New America Foundation's Open Technology Institute is developing Commotion—"internet in a suitcase" software that lets anyone quickly deploy a mesh. "We're making infrastructure for anyone who wants to control their own network," says Sascha Meinrath, who runs OTI. In a country with a repressive government, dissidents could use Commotion to set up a private, encrypted mesh. If a despot decided to shut off internet access, the activists could pay for a satellite connection and then share it across the mesh, getting a large group of people back online quickly.

Meinrath and his group have tested Commotion in American communities, including Detroit and Brooklyn's Red Hook neighborhood, where locals used it to get back online after Hurricane Sandy. Now OTI is working on a mesh that will provide secure local communications for communities in Tunisia.

Even voice calls can be meshed. Commotion includes Serval, software that lets you network Android phones and communicate directly via wifi without going through a wireless carrier—sort of like a high-tech walkie-talkie network. Created by Paul Gardner-Stephen, a research fellow at Australia's Flinders University, Serval also encrypts phone calls and texts, making it extremely hard for outsiders to eavesdrop. When OTI employees tested it this spring using external "range extenders," they were able to text one another from nearly a mile away on the National Mall. Hopping onto the DC Metro, they found they could trade messages while riding six cars apart. "We now know how to make a completely distributed phone system," Gardner-Stephen says. Despite the modest ranges now possible, there are plenty of potential uses. After an earthquake, he notes, Serval could help citizens and aid agencies make local calls instantly. In an Occupy-style scenario, police may try to shut down texting via Verizon and AT&T only to discover that activists have their own private Serval channel.
In an Occupy-style scenario, police may try to shut down texting via Verizon and AT&T only to discover that activists have their own private Serval channel.

Granted, Meinrath points out even encrypted systems like Commotion aren't a privacy panacea. Encryption can be broken, and if the mesh hooks up to the regular internet—via satellite, for instance—then you're sending signals back out to where the NSA and others have plenty of taps.

Even so, alternative networks are a pretty subversive idea, one that has attracted some strange bedfellows. The State Department recently ponied up almost $3 million to support Commotion, because officials think it could help freedom of speech abroad. But given the revelations about NSA spying (Commotion's developer, OTI, is considering joining a lawsuit to challenge the agency's surveillance program), the software is likely to gain traction among activists here at home. "It makes all the sense in the world," Meinrath says.


THE RISE OF community meshes suggests a possibility that is considerably more radical. What if you wanted a mesh that spanned the globe? A way to communicate with anyone, anywhere, without going over a single inch of corporate or government cable? Like what Joseph Bonicioli has in Athens writ large—a parallel, global internet run by the people, for the people. Could such a beast be built?
Down in Argentina, meshers have shot signals up to 10 miles to bring together remote villages; in Greece, Bonicioli says they've connected towns as far as 60 miles apart.

On a purely technical level, mesh advocates say it's super hard, but not impossible. First, you'd build as many local mesh networks as you can, and then you'd connect them together. Long-distance "hops" are tricky, but community meshes already use special wifi antennas—sometimes "cantennas" made out of Pringles-type containers—to join far-flung neighborhoods. Down in Argentina, meshers have shot signals up to 10 miles to bring together remote villages; in Greece, Bonicioli says they've connected towns as far as 60 miles apart. For bigger leaps, there are even more colorful ideas: Float a balloon 60,000 feet in the air, attach a wifi repeater, and you could bounce a signal between two cities separated by hundreds of miles. It sounds nuts, but Google actually pulled it off this past summer, when its Project Loon sent a flotilla of balloons over New Zealand to blanket the rural countryside with wireless connections. There are even DIY satellites: Home-brewed "cubesats" have already been put into orbit by university researchers for less than $100,000 each. That's hardly chump change, but it's well within, say, Kickstarter range.

For stable communications, though, the best bet would be to snag some better spectrum. The airwaves are a public resource, but they are regulated by national agencies like the Federal Communications Commission that dole out the strongest frequencies—the ones that can travel huge distances and pass easily through physical objects—to the military and major broadcasters. (Wifi uses one of the rare public-access frequencies.) If the FCC could be convinced to hand over some of those powerful frequencies to the public, meshes could span huge distances. "We need free networks, and we need free bandwidth," says Eben Moglen, a law professor at Columbia University and head of the Software Freedom Law Center. But given the power of the telco and defense lobbies, don't hold your breath.

The notion of a truly independent global internet may still be a gleam in the eye of the meshers, but their visionary zeal is contagious. It harkens back to the early days of the digital universe, when the network consisted mostly of university scientists and researchers communicating among themselves without corporations sitting in the middle or government (that we know of) monitoring their chats. The goal then, as now, was both connection and control: an internet of one's own.

source
http://www.motherjones.com/politics/...rivacy-nsa-isp

[Glitchcraft]

I believe all you have to do is encrypt your calls and texts to communicate safely. Mesh or not makes no difference. As far as I know they can't really crack 128 bit encryption. Am I wrong?

But having a back up internet would be cool though.

[Klaatu]

For good encryption, try PGP. Make sure it is open-source. But I have heard that the government has encoded 'back-door' keys into the newer versions ... anyone know about this? ... is this even possible with open-source code?
http://www.openpgp.org/resources/downloads.shtml

[PC LOAD LETTER]

For good encryption, try PGP. Make sure it is open-source. But I have heard that the government has encoded 'back-door' keys into the newer versions ... anyone know about this? ... is this even possible with open-source code?
http://www.openpgp.org/resources/downloads.shtml

That web site mentions Hushmail. Stay far away from Hushmail. They readily provide your encryption keys if requested. Never ever ever entrust a third party with control of your encryption keys. GnuPG is pretty much the de facto standard for open source encryption software. For public/asymmetric key cryptography (useful for email, private messages on forums, etc) use 4096-bit RSA and a damn good password. A little googling can direct you to guides on how to integrate encryption into email software, like Thunderbird or Claws-Mail (my fav), depending on what platform you're on (Windows, OSX, Linux, etc). Where did you hear that? It's possible for backdoors to go undetected in open source software, depending on how many people contribute and review code.

[Glitchcraft]

That web site mentions Hushmail. Stay far away from Hushmail. They readily provide your encryption keys if requested. Never ever ever entrust a third party with control of your encryption keys. GnuPG is pretty much the de facto standard for open source encryption software. For public/asymmetric key cryptography (useful for email, private messages on forums, etc) use 4096-bit RSA and a damn good password. A little googling can direct you to guides on how to integrate encryption into email software, like Thunderbird or Claws-Mail (my fav), depending on what platform you're on (Windows, OSX, Linux, etc). Where did you hear that? It's possible for backdoors to go undetected in open source software, depending on how many people contribute and review code.

My computer nerd friend says this is a good post

[piet11111]

Almost all forms of privacy protection are compromised because they are made to hand over anything the NSA can use to circumvent them.

[Zealot]

The truth is, nothing is safe from the bourgeoisie's personal gestapo. Also, many of them are raking in extra profits on the side from leaking this information to the Fourth Reich.

[Os Cangaceiros]

The NSA is everywhere. They see everything. They hear everything. They know everything. Resistance is futile.

You know how you touch yourself at night? Yeah, they know about that.

[Orange Juche]

The scariest thing about the NSA being in everything is we're literally buying into a 1984 superstructure. With more and more things hooked up to "the grid" as it were, there's more for the NSA to spy with. Google Glass wearers will inadvertently be walking spies for the state. There's really no keeping it out, and it's only going to get worse.

[Klaatu]

It is also a good idea to not post personal information on sites like Facebook, etc. Not only to conserve one's privacy, but so as not to enrich Mark Zuckerberg, who has made his fortune by selling that personal information to marketers and spammers.

[Ele'ill]

'how to keep the nsa out of your computer'

you can't because eventually you will fail to perform something securely or they'll gain access to something on their own through warrant or 'illegally' (lol) so honestly the best way is to bore them to death by not using your computer for interesting stuff like try to avoid thanking anarchy smash car fire cop face kick photos on facebook or making violent drunk posts about how much you hate society

also interestingly enough is how everyone gravitates to the NSA being the agency to have all the resources to do this stuff when the reality is that local law enforcement has the capability to do it

[Klaatu]

My thought is that this so-called "NSA" can be overwhelmed with "information" on literally millions of people who send emails to each other threatening to overthrow the govt, blow things up, etc (not really to do these things , but just to frustrate the spying basterds)

I would truly accept the idea of living under the threat of a possible "terror attack" rather than living under this guise of so-called "national security," which is the far bigger threat to our worker-freedoms. What the hell, terrorists can only do relatively small things to harm us... it is really the out-of-control fascist-like governments that can do far worse things to harm us (think of Nazi Germany, for example)

Government-owned-by-Capitalists is really not much different than is government-via-Nazis, is it? - I ask you!

[Ele'ill]

I think we understand how they gain access but not how they prioritize or organize their focus.

[PC LOAD LETTER]

The NSA is everywhere. They see everything. They hear everything. They know everything. Resistance is futile.

You know how you touch yourself at night? Yeah, they know about that.

Well they at least know what porn sites catch your fancy. They can also derive when you tend to whack off by when you access those sites, if they were so inclined. Not terribly sure how much good a database of when people whack off and what to would be; unless they sold it to a porn marketing agency.


[edit]
Gasp, the NSA is a porn marketing agency

[Klaatu]

Well they at least know what porn sites catch your fancy. They can also derive when you tend to whack off by when you access those sites, if they were so inclined. Not terribly sure how much good a database of when people whack off and what to would be; unless they sold it to a porn marketing agency.
Gasp, the NSA is a porn marketing agency

These government spies actually caught a guy D/L child porn.

Now, I am against CP as much as anyone, but aren't these guys only supposed to be working on catching those threatening "national security?" How the hell are perverts a threat to national security? Can't we just use legal means to catch these wayward people? I told you this would happen--- the government will use any means necessary to gain power over the proletariat (what next? this is exactly how they get a foothold on their form of dictatorship -- what is next --- implanting "obedience chips" into our skulls???)

[Zealot]

the government will use any means necessary to gain power over the proletariat (what next? this is exactly how they get a foothold on their form of dictatorship -- what is next --- implanting "obedience chips" into our skulls???)

Well, you're close. Check out these news stories from just the past couple of days:

Researchers discover how to literally control a brain

This research was funded by DARPA and we can all guess what sort of uses the Fourth Reich will put this to.

US launches 23-story rocket with classified spy satellite

Again, not hard to guess what this might be used for.

[PC LOAD LETTER]

Well, you're close. Check out these news stories from just the past couple of days:

Researchers discover how to literally control a brain

This research was funded by DARPA and we can all guess what sort of uses the Fourth Reich will put this to.

US launches 23-story rocket with classified spy satellite

Again, not hard to guess what this might be used for.

From the second article: "With three main booster-rocket cores, the Delta 4-Heavy is capable of putting a satellite the size of school bus into an orbit around Earth's poles."


I thought of this

But, jokes aside, I always try to refrain from speculating about these things. Granted, in the computer security hobbyist community, we'd suspected something like PRISM was in place, but never had proof, and never thought it would be on the scale that it is at this point in time. Things like ECHELON and CARNIVORE were known about but not really talked about because we just didn't know much of anything. And, really, I see this as a good way of doing things. It stopped most of us from degrading into raving conspiracy theorists. Not saying that's what you're doing, though.

[Klaatu]

What do we think of Edward Snowden... Whistle-blower hero, or turncoat traitor?

[Sea]

I encrypt my entire laptop via LUKS, following the instructions here:

ftp://ftp.slackware.com/pub/slackwar...ADME_CRYPT.TXT

making use of LVM as well to tackle / and swap as well as /home. If you're using Slackware and plan on doing a new install any time soon, I recommend this highly.

And of course, MicroSD cards are always very handy and easy to make disappear, and can be had in sized up to 64GB (!) nowadays. They also appear to be sealed and semi-waterproof, but it's still a bad idea to go around bathing your data. I've never had any data integrity problems with genuine SanDisk cards but some off-brand and even name brand (PNY) ones have given me trouble. And it goes without saying that they can be encrypted just like anything else!

What do we think of Edward Snowden... Whistle-blower hero, or turncoat traitor?

Guess. And when you come up with an answer, post it in a more appropriate thread. The NSA is watching this one...

[blake 3:17]

It is also a good idea to not post personal information on sites like Facebook, etc. Not only to conserve one's privacy, but so as not to enrich Mark Zuckerberg, who has made his fortune by selling that personal information to marketers and spammers.

Is the real issue things like Facebook or the use of bank & credit cards?