NSA

goTenna – Is this the beginning of NSA proof personal comms networks?

 

goTenna is a new class of internet-less comms device that doesn’t need the internet or the mobile phone network to communicate.

Launched in a pre-sales mode with two devices for $149 while they undergo FCC certification, it has managed to gain a massive media coverage in a few days.

goTenna3

goTenna3

gotenna 4

gotenna 4

goTenna

goTenna

There is an App which allows you to connect your mobile to your goTenna and talk to another or many goTenna users and features RSAS 1024 bit encryption and an option for your messages to self destruct (this is not your fathers Maxwell Smart self destructing device).

When you sign up you get the option to use your phone number or a randomly generated private user ID and here is where it gets interesting.

Maybe I have been watching too many US police shows but with a range of approximately 50 miles goTenna is a point to point encrypted comms solution which, if you ask me, looks like a great way to dodge NSA or police snooping by completely bypassing the existing networks (and their NSA collection points) and using encrypted RF to communicate directly.

Gotenna-Map.png

Although their pitch is aimed at Festival and concert goers where the existing network is overwhelmed and at Campers, hikers, skiers, boarders and bikers who spend a lot of time in remote wilderness (with the possibility of injury), if I was a sceptic I would say that this device is crying out to be used by the drug dealers, inside traders and terrorists of the world.

Its attractiveness lies in the fact that its not easy to intercept a point to point connection that bypasses existing comms infrastructure, especially if the system has been built to avoid being tracked.

If you are going to tap someones phone, you need to gain access to the infrastructure that carries the signal, this is conveniently available via the carriers, just take a firehose feed off at the exchange or switch, but if you use a solution that bypasses the carriers and carry out point to point transmission then the snooper has to firstly identify where you physically are (they have to be in range) and secondly be able to detect which transmission in a public spectrum is yours and thirdly decrypt it. This is not trivial.

Not to say that this is impossible for NSA spooks but it makes it tough to pin down when potentially you are on the move, you have no connection to the existing network, all the things that make you trackable in a normal situation.

Given there is a broadcast to all within range option, potentially this could also be used to trigger alerts to non identified listeners, so the receiving end point doesn’t even have to join the conversation, just receives a message (albeit unencrypted).

This feature is very good for the sporting types, especially if they fall down in the wilderness and need help.

I like the idea of a device that allows US citizens to exercise their constitutional rights without fear of being spied on by their own Government however you have to think that merely buying one would put you on a watch list and that most of their potential customers probably  don’t own a snowboard and have never been past their city limits.

 

 

 

Stay Secure – 5 ways to increase your online security

Photo by ElectronicFrontierFoundation

In the digital age privacy and security are always a major concern, especially since Eric Snowden revealed the National Security Agency’s global surveillance programs. Additionally, in a competitive environment or industry security and privacy are essential. The good news is both privacy and security can be reasonably maintained whilst enjoying the Internet.

Here are a few tips:

  • Use complex and different passwords. If you use the same password for your all your work and personal accounts then your work can access your personal accounts. If your password is ‘password’ or your first name then it can easily be guessed. If you use complex and different passwords do not put them all in a document or note titled, “Passwords,” or use the word “password” in that document. A simple search for the word “password” can be used to find that document and all your passwords – a nondescript or misleading title is ideal.

 

  • Use a virtual private network (VPN) A virtual private network allows your computer, laptop or mobile devices to communicate privately when using the very public Internet. There are a lot of ways to do this, both free and paid. For $70 per year, you can use WiTopia to access a very large number of gateways around the world. Typically you want the closest gateway to you to maximize speed. If you live, however, in an area with restricted Internet access such as Australia or China, then you can just select a gateway in a country without restricted access to “unrestrict” access.

 

  • Use encrypted cloud storage Dropbox recently added Condoleezza Rice to their board and she is a major proponent of NSA’s global surveillance programs. Dropbox claims to respect privacy, but the newest addition to the DropBox board of directors definitely does not. Try SpiderOak for more secure cloud-based storage. 2GB is free, premium subscriptions are the same price as DropBox, UI is fairly user-friendly and offers the same enjoyable features as DropBox along with ‘zero-knowledge” layered data encryption for those who only use the desktop client.  SpiderOak even drafted a comforting statement for those generally concerned with cloud-based storage: “Most importantly, however, the outer level keys are never stored in plaintext on the SpiderOak server. They are encrypted with 256 bit AES, using a key created by the key derivation/strengthening algorithm PBKDF2 (using sha256), with 16384 round and 32 bytes of random data (“salt”). This approach prevents brute force and pre-computation or database attacks against the key. This means that a user who knows her password, can generate the outer level encryption key using PBKDF2 and the salt, then decipher the outer level keys, and be on the way to decrypting her data. Without knowledge of the password, however, the data is quite unreadable.”

 

  • For personal email, find a provider that values your privacy You would not want your neighbours reading your personal mail so why do you let Google and the NSA? MyKolab offers a secure email with servers in a country that respects privacy a bit more than others for about $10 USD per month.

 

Enhanced by Zemanta