Showing posts with label Edward Snowden. Show all posts
Showing posts with label Edward Snowden. Show all posts

Monday 14 March 2016

Wednesday 8 July 2015

Cybersecurity: Security Experts Oppose Government Access to Encrypted Communication

SAN FRANCISCO — An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.

Tuesday 23 June 2015

United Kingdom Spy Oversight Court (IPT) Rules That GCHQ Acted Unlawfully Once Again

The U.K.’s Investigatory Powers Tribunal (IPT), the judicial oversight body which handles complaints relating to domestic intelligence agencies, has ruled that GCHQ acted unlawfully in the handling of intercepted communications data in another case brought by civil liberties groups, including Liberty, Privacy International and Amnesty International.

The IPT judged that GCHQ acted unlawfully and breached its own internal policies on interception, examination and retention of emails from two human rights organizations — the Egypt­ian Ini­tia­tive for Per­sonal Rights (EIPR) and the Legal Resources Centre (LRC) in South Africa — thereby breaching their human rights.

The court ruled only that “error” and “technical” failures led to the spy agency to break its internal interception policies.
In the case of the EIPR, the tribunal writes:
… the time limit for retention permitted under the internal policies of GCHQ, the
intercepting agency, was overlooked in regard to the product of that interception,
such that it was retained for materially longer than permitted under those policies.
We are satisfied however that the product was not accessed after the expiry of the
relevant retention time limit, and the breach can thus be characterised as technical

In its ruling pertaining to the LRC it writes that “the procedure laid down by GCHQ’s internal policies for selection of the communications for examination was in error not followed in this case”.

These internal policies are not detailed — with the IPT reiterating its “general duty” to avoid disclosing information that might be “contrary to the public interest or prejudicial to national security … or the continued discharge of the functions of any of the intelligence services”. Which of course has the convenient by-product of making it impossible to judge their judgement.

As regards the legality of intercepting emails from human rights groups, the IPT deems the communications in question were “lawfully and proportionately intercepted and accessed” — citing section 8(4) of RIPA.

However the recent independent review of U.K. surveillance legislation, conducted by David Anderson, condemned the Regulation of Investigatory Powers Act as an incomprehensible patchwork — calling for new oversight legislation to be drafted “from scratch”. The U.K. government has also said it intends to “modernise” surveillance legislation in a forthcoming Investigatory Powers Bill.

“A comprehensive and comprehensible new law should be drafted from scratch, replacing the multitude of current powers and providing for clear limits and safeguards on any intrusive power that it may be necessary for public authorities to use,” wrote Anderson in his review.

The shape of RIPA’s replacement remains to be seen. In the meanwhile the extent of law breaches by U.K. domestic intelligence agencies operating under a problematic patchwork of legislation and, prior to Snowden’s whistleblowing, without parliamentary scrutiny in a climate of near perfect secrecy, is still being determined.

Commenting on the latest IPT ruling in a statement, James Welch, Legal Director for Liberty, said: “Last year it was revealed that GCHQ were eavesdropping on sacrosanct lawyer-client conversations. Now we learn they’ve been spying on human rights groups. What kind of signal are British authorities sending to despotic regimes and those who risk their lives to challenge them all over the world? Who is being casual with human life now?”
It’s the second time the IPT has ruled against GCHQ in a matter of months. Back in February the court judged that data-sharing activities between the NSA and GCHQ had breached European Human Rights law, again after a challenge by civil rights groups.

Despite that ruling the IPT deemed data-sharing activities to have been put on a legal footing since December 2014 — owing to their disclosure (post-Snowden), and the subsequent yielding of details about data-sharing policies and how legal compliance is achieved (not that those details have been made public, of course).

The IPT has previously also ruled that mass surveillance is compatible with human rights principles — although civil rights groups are challenging that position at the European level, in the Court of Human Rights in Strasbourg.

The U.K. government has generally taken a far more hawkish stance on surveillance than European institutions, post-Snowden. Earlier this year Europe’s top rights body, the Parliamentary Assembly of the Council of Europe, adopted a resolution against mass surveillance, characterizing it as a threat to democracy and human rights. And last year the European Court of Justice struck down blanket data retention powers as disproportionate.

The U.K. government responded to the ECJ ruling by fast tracking emergency surveillance legislation. A new Conservative majority government is also now pushing to legislate to expand data capture investigatory powers, even as the NSA’s domestic surveillance capabilities are being curtailed over the pond in the U.S.

The latest IPT judgement confirms GCHQ intercepted the communications of human rights groups — something that U.S. intelligence agencies have also done, according to NSA whistleblower Edward Snowden, who provided details last year in his testimony to the Council of Europe during their enquiry into mass surveillance.

Also last year Snowden spoke out against the ‘anything goes’ privacy intrusions of GCHQ — characterizing U.K. intelligence agencies as having “really no limits on their capabilities”. And when a domestic spy agency is found to have broken its own laws by its own oversight court in multiple instances it seems pretty clear that better limits are needed.

Culled from:
Tech Crunch

Wednesday 27 May 2015

FBI Push To Weaken Cell Phone Security, Skirt Encryption Alarms Privacy Advocates

The FBI’s push to ensure a backdoor into cellphones so that federal agents can skirt around tricky encryption technology in order to track terrorists is evoking backlash from privacy groups and technology companies.

Friday 8 May 2015

U.S Court Declares Phone Data Collection By The NSA 'Illegal'

The NSA has come under increased scrutiny since the Snowden revelations. A US appeals court has ruled that bulk collection of phone records by the National Security Agency is illegal.

Monday 23 February 2015

Thursday 19 February 2015

The Great SIM Heist: How Spy Agencies Stole Encryption Keys Protecting Privacy of Cellphones

SIM Cards
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

Friday 5 December 2014

Operation Auroragold: How The NSA Hacks Cellphone Networks Worldwide

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

Wednesday 5 November 2014

Thursday 31 July 2014

"Snowden Effect: New Report Shows Edward Snowden's Revelations Are Seriously Damaging U.S Tech Firms

The nonprofit New America Foundation released a new report this week that summarizes the impact of Edward Snowden’s NSA revelation on U.S. tech firms.

Within weeks of the first NSA revelation last year, companies like Dropbox and Amazon Web Services reported immediate drops in their sales, the report said. Citing a previous report, it
said the NSA’s PRISM program could cost cloud-computing companies from $22 billion to $180 billion over the next there years.

“This erosion in trust threatens to do the most immediate damage to the cloud computing industry, which would lose billions of dollars in the next three to five years as a result,” it said.

In particular, U.S. tech firms are being severely hit in overseas markets, the report said.
Companies such as Cisco, Qualcomm, IBM, Microsoft, and HP have all reported declines in sales in China following the NSA revelations. In fact, according to The Wall Street Journal, Cisco said it’s expecting roughly a 10% loss in
quarterly revenue because of the "Snowden effect." A web-hosting company called Servint reportedly lost more than half of its overseas clients following the revelation.

American firms are also losing the trust of foreign governments because of this. The German government said it would end its contract with Verizon last month, while Brazil picked Swedish firm Saab over Boeing for a deal to replace its fighter jets, according to the report. It said more and more foreign competitors are benefiting from the perceived
image of being “NSA-proof” or “safer” than U.S. firms.

As a result, countries like Germany, Brazil, and India are close to enacting a new law that would require companies to use local data centers. For example, German Chancellor Angela Merkel,
after refusing to visit the U.S. for months after the NSA disclosures, has called for data localization laws. Brazil and India are proposing IT companies to either set up or keep their data centers within local boundaries, while Greece,
Brunei, and Vietnam are following suit with similar measures, the report said.
All of this could slow the growth of the U.S. tech industry by as much as 4% and seriously undermine America’s credibility around the world, the report concluded.

Business Insider

Saturday 19 July 2014

Snowden Alleges 'Caliph' Al Baghdadi Was Trained, Propped by MOSSAD and Western Intelligence Agencies

The former employee at the National Agency for American security, Edward Snowden, revealed that the British and American intelligence and the Mossad worked together to create the ex-EIIL or Islamic State Iraq and the Levant, according to Iranian news agency Farsnews.

Snowden said the intelligence services of three countries, namely the United States, Britain and the Zionist entity have worked together to create a terrorist organization that is able to attract ALL extremists of the world to one place, using a strategy called “the hornet’s nest.”

The documents of the American National Security Agency refers to “the recent implementation of an old known as the” hornet’s nest “to protect the Zionist entity PLANbritannique, and creating a religion including Islamic slogans reject any religion or faith.”

According to the document, “The only solution for the protection of the” Jewish State “is to create an enemy near its borders, BUT the draw against Islamic states who oppose his presence.”
Leaks revealed that “Abu Bakr al-Baghdadi took an intensive military training for a whole year in the hands of Mossad, besides COURSES in theology and mastering the art of speech.


Source:

SomdailyNews

Thursday 17 July 2014

US Spying: Germany 'May revert Typewriters' to Counter Hi-Tech Espionage

German politicians are considering a return to using manual typewriters for sensitive documents in the wake of the US surveillance scandal.

The head of the Bundestag's parliamentary inquiry into NSA activity in Germany said in an interview with the Morgenmagazin TV programme that he and his colleagues were seriously thinking of ditching email completely.
Asked "Are you considering typewriters" by the interviewer on Monday night, the Christian Democrat politician Patrick Sensburg said: "As a matter of fact, we have – and not electronic models either". "Really?" the surprised interviewer checked. "Yes, no joke," Sensburg responded.

"Unlike other inquiry committees, we are investigating an ongoing situation. Intelligence activities are still going on, they are happening," said Sensburg.
Last week, Merkel's government asked the CIA's station officer in Germany to leave the country after an employee of the German intelligence agency BND confessed to passing confidential documents to the US secret service. The ongoing investigation prompted speculation that the CIA may have actively targeted the Bundestag's NSA
inquiry committee.

Last year, the Russian government reportedly took similar measures after the extent of US electronic surveillance was revealed by the whistleblower Edward Snowden.
The federal guard service, a powerful body tasked with protecting Russia's highest-ranking officials, put in an order for 20 Triumph Adler typewriters, which create unique "handwriting", that allows the source of any documents created on them to be traced.

But judging by the reaction to Sensburg's comments, manual typewriters are unlikely to be widely adopted in German political circles.
"Before I start using typewriters and burning notes after reading, I'd rather abolish the secret services," tweeted Martina Renner, an opposition member of the parliamentary committee investigating the activities of US and other intelligence agencies in Germany. Sahra Wagenknecht, Die Linke party's deputy chair, described the suggestion as grotesque.

Christian Flisek, the SPD's representative on the committee, told Spiegel Online: "This call for mechanical typewriters is making our work sound ridiculous. We live in the 21st century, where many people communicate predominantly by digital means. Effective counter-espionage works digitally too. The idea that we can protect people from
surveillance by dragging them back to the typewriter is absurd."

Yet while Sensburg may regret his comments, there is little question that revelations about digital surveillance have triggered a fundamental rethink
about how the German government conducts its communications.
"Above all, people are trying to stay away from technology whenever they can," wrote Die Welt .
"Those concerned talk less on the phone, prefer to meet in person. More coffees are being drunk and lunches eaten together. Even the walk in the park is increasingly enjoying a revival."

Last November, in the immediate aftermath of the revelations of NSA monitoring of Merkel's mobile phone, the German government instructed its MPs to only use encrypted mobile phones for sensitive calls. The use of iPhones for intra-governmental
communications is reportedly banned. Since then, some have even questioned whether the state-of-the-art "Secusmart" encryption mobile currently used by the chancellor is safe from bugging attempts.

The Bundestag's NSA inquiry committee has found its own way of protecting itself from surveillance: before every meeting, members leave their mobiles in a metal box in an adjacent room, in which any remaining snippets of conversation are drowned out by the music of Edvard Grieg played at full blast.

Courtesy:
The Guardian

Friday 11 July 2014

Apple's iPhone Branded a 'National Security Concern'

Apple's iPhone has been labelled a "national security concern" by Chinese state broadcasters as relations between the country and US over cybersecurity worsen.

The influential state-sponsored China Central Television broadcast declared the iPhone a "national security concern" as part of its national noon broadcast on Friday, according to the Wall Street Journal. CCT criticized the "frequent locations" function present on Apple's iOS 7 operating system, declaring that researchers believe data points recorded by the service could give those with access to this data knowledge of Chinese concerns and even "state secrets."

Found in Settings , the "frequent locations" function is an opt-in feature which allows users to grant their
devices permission to record places they often go, in order to provide useful location-based information.
The relationship between China and the US in relation to cybersecurity has never been close, but became far more strained following the leak of
confidential documents by former US National Security Agency (NSA) contractor Edward Snowden earlier this year.
Out of all the leaks which showed the widespread surveillance activities of the intelligence agency, the NSA's secret tapping of networks belonging to Chinese telecom and internet giant Huawei were of interest to the country, as were disclosures which suggest the NSA hacked major telcos in China to mine text messages - as well as sustained attacks on Tsinghua University networks.

The broadcast touched upon the Snowden leaks, and according to the WSJ called the US technology firms'
databases a "gold mine." In addition, the broadcast quoted Chinese officials who insisted that Apple would need to "take on any legal responsibilities" if data leaks caused by the firm's devices caused harm.
In addition, the recent arrest of five "military hackers" who allegedly stole US corporate data by US law
enforcement is not likely to have improved matters. Following the arrests, China's defence ministry
said:
"From 'WikiLeaks' to the 'Snowden' case, US hypocrisy and double standards regarding the issue of cyber security have long been abundantly clear."

Apple is the latest in a string of US companies to be facing backlash over tense relations between China and
the United States, following questions raised by Chinese media in June over the security of Microsoft's Windows
operating system and an earlier ban of the use of Windows 8 in government computers by the Chinese Central Government Procurement Centre.

Courtesy:
ZDNet.com

Thursday 10 July 2014

NSA and FBI Spied on 5 High-Profile Americans Muslims - Report

US spy agencies snooped on the emails of five high- profile Muslim Americans in an effort to identify security threats, documents leaked by fugitive ex-NSA contractor Edward Snowden show.
The targets include a lawyer, professor and a political operative, according to a report published in the Intercept.

The Intercept is an online news site overseen by Glenn Greenwald, who helped publish many of Mr Snowden's
leaks.
The FBI and NSA said they only spied on Americans when they had probable cause. "The National Security Agency and FBI have covertly monitored the emails of prominent Muslim Americans... under secretive procedures intended to target terrorists and foreign spies," according to The Intercept report.

Those allegedly spied on include:
• Faisal Gill, a Republican Party operative and former Department of Homeland Security employee
• Asim Ghafoor, a lawyer who represented clients in terrorism-related cases
• Hooshang Amirahmadi, an Iranian-American professor at Rutgers University
• Agha Saeed, a former political science professor at California State University
• Nihad Awad, the executive director of the Council on American-Islamic Relations.

According to the report - the result of a three-month investigation using classified documents obtained from
Mr Snowden - all five individuals have denied involvement in terrorist activities. 'Ethnic stereotypes'
The NSA and Department of Justice quickly responded to the report, saying emails of Americans are only accessed if there is probable cause.
"It is entirely false that US intelligence agencies conduct electronic surveillance of political, religious or activist figures solely because they disagree with public policies or criticise the government, or for exercising constitutional rights," the agencies wrote in a joint statement.
The White House has ordered a review of national security agencies in the wake of the allegations, however.
"Upon learning of this matter, the White House immediately requested that the Director of National Intelligence undertake an assessment of Intelligence Community policies, training standards or directives that promote diversity and tolerance," White House national security spokeswoman Caitlin Hayden said on Wednesday.
"The use of racial or ethnic stereotypes, slurs, or other similar language" is not acceptable, she added.

Edward Snowden, a former NSA contractor, leaked a trove of secure documents to international media
Several dozen civil liberties groups have also spoken out against the allegations made in The Intercept report, urging US President Barack Obama to provide a full public accounting of domestic surveillance.
It is not the first time US agencies have been accused of snooping on Americans. Previous documents leaked by Mr Snowden indicate the electronic files of thousands of citizens were scanned by the NSA.
Last year, Mr Snowden - a former NSA contractor now residing in Russia - fed a trove of secret NSA documents to news outlets including the Washington Post and the Guardian, where Mr Greenwald worked.

The US Congress has attempted to curb online snooping in the wake of the snooping revelations, with the House of Representatives passing legislation to that effect in mid-June.
The measure, added to a $570bn (£335bn) defence spending bill, would bar the NSA from collecting Americans' personal online information without a warrant.
Earlier this year the House also passed the USA Freedom Act that would limit the NSA's bulk data collection and storage of some American landline
telephone call records.

Courtesy:
BBC

Monday 7 July 2014

United States 'To work With Germany' To Resolve Spy Row

A White House spokesman said he could not comment directly but efforts were being made to solve the problem.

Earlier, German Chancellor Angela Merkel voiced her concerns about the alleged US spy in German intelligence, while on a visit to China.

"It would be a clear contradiction of what I consider to be trusting co-operation" with the US, she said.

She said that if the allegations about a double agent were true, it would constitute a serious breach of trust.

"If the reports are correct, it would be a serious case," Ms Merkel said on Monday while at a news conference with Chinese Premier Li Keqiang.

It is the second day of her three-day visit, which is dominated by trade issues.

The latest twist in the ongoing spying row between the two countries happened last week when a German employee of the country's foreign intelligence service (BND) was arrested.

The man is suspected of having handed over more than 200 documents over a two-year period in exchange for 25,000 euros (£20,000; $34,000).

Questioned by reporters on Monday, White House spokesman Josh Earnest praised the "valuable" relationship the US had with Germany and said: "We are going to work with the Germans to resolve this situation appropriately,"

Analysis - Stephen Evans, BBC News, Berlin

Spying is particularly sensitive in Germany, whether it's listening in to Chancellor Merkel's phone or reading secret documents meant for a parliamentary committee. Mrs Merkel grew up in East Germany where the intrusions of the secret police - the Stasi - were pervasive and poisonous. And democracy has something of a sacred quality in Germany today because of the Nazi and then the Communist years.

"Outrage" runs across the political spectrum - it's not just a "chattering class" issue. Wolfgang Bosbach, for example, who is the Christian Democrat [centre-right] head of the Bundestag committee which oversees interior affairs, questioned whether the US and Germany could be considered as "partners" any more.

The first allegation of spying came just after President Obama's visit to Berlin where he was greeted as a long-lost friend. And this latest one concerns material for the very parliamentary committee set up to investigate the previous allegation. Spies spy, and no doubt spies spy on friends, but there are political consequences when they are caught at it, even if it's just in terms of a loss of goodwill.

German-US relations have been strained since it emerged that the US National Security Agency (NSA) had been monitoring Ms Merkel's mobile phone calls.

The scale of NSA surveillance was revealed by US whistleblower Edward Snowden, a former NSA contractor who remains a fugitive in Russia.

Courtesy

BBC

Friday 20 June 2014

United States House of Representatives Backs Limits on NSA Spying


WASHINGTON –  House libertarians and liberals banded together for a surprise win in their fight against the secretive National Security Agency, securing support for new curbs on government spying a year after leaker Edward Snowden's disclosures about the bulk collection of millions of Americans' phone records.
The Republican-led House voted 293-123 late Thursday to add the limits to a $570 billion defense spending bill. The provision, which faces an uncertain fate in the Senate, would bar warrantless collection of personal online information and prohibit access for the NSA and CIA into commercial tech products.

Wednesday 18 June 2014

How to Anonymize Everything You Do Online

Written By Andy Greenberg  (Wired)

One year after the first revelations of Edward Snowden, cryptography has shifted from an obscure branch of computer science to an almost mainstream notion: It’s possible, user privacy groups and a growing industry of crypto-focused companies tell us, to encrypt everything from emails to IMs to a gif of a motorcycle jumping over a plane.

But it’s also possible to go a step closer toward true privacy online. Mere encryption hides the content of messages, but not who’s communicating. Use cryptographic anonymity tools to hide your identity, on the other hand, and network eavesdroppers may not even know where to find your communications, let alone snoop on them. “Hide in the network,” security guru Bruce Schneier made his first tip for evading the NSA. “The less obvious you are, the safer you are.”

Though it’s hardly the sole means of achieving online anonymity, the software known as Tor has become the most vouchsafed and developer-friendly method for using the Internet incognito. The free and open source program triple-encrypts your traffic and bounces it through computers around the globe, making tracing it vastly more difficult. Most Tor users know the program as a way to anonymously browse the Web. But it’s much more. In fact, Tor’s software runs in the background of your operating system and creates a proxy connection that links with the Tor network. A growing number of apps and even operating systems provide the option to route data over that connection, allowing you to obscure your identity for practically any kind of online service.

Some users are even experimenting with using Tor in almost all their communications. “It’s like being a vegetarian or a vegan,” says Runa Sandvik, a privacy activist and former developer for Tor. “You don’t eat certain types of food, and for me I choose to use Tor only. I like the idea that when I log onto a website, it doesn’t know where I’m located, and it can’t track me.”

Here’s how you can use the growing array of anonymity tools to protect more of your life online.

Web Browsing
The core application distributed for free by the non-profit Tor Project is the Tor Browser, a hardened, security-focused version of Firefox that pushes all of your Web traffic through Tor’s anonymizing network. Given the three encrypted jumps that traffic takes between computers around the world, it may be the closest thing to true anonymity on the Web. It’s also rather slow. But the Tor browser is getting faster, says Micah Lee, a privacy-focused technologist who has worked with the Electronic Frontier Foundation—one of the organizations that funds the Tor Project—and First Look Media. For the past month or so, he’s tried to use it as his main browser and only switch back to traditional browsers occasionally, mostly for flash sites and others that require plugins.

After about a week, he says, the switch was hardly noticeable. “It may not be entirely necessary, but I haven’t found it that inconvenient either,” Lee says. “And it does have real privacy benefits. Everyone gets tracked everywhere they go on the Web. You can opt of out of that.”

Email
The simplest way to anonymously send email is to use a webmail service in the Tor Browser. Of course, that requires signing up for a new webmail account without revealing any personal information, a difficult task given that Gmail, Outlook, and Yahoo! Mail all require a phone number.

Runa Sandvik suggests Guerrilla Mail, a temporary, disposable email service. Guerrilla Mail lets you set up a new, random email address with only a click. Using it in the Tor Browser ensures that no one, not even Guerrilla Mail, can connect your IP address with that ephemeral email address.

Encrypting messages with webmail can be tough, however. It often requires the user to copy and paste messages into text windows and then use PGP to scramble and unscramble them. To avoid that problem, Lee instead suggests a different email setup, using a privacy-focused email host like Riseup.net, the Mozilla email app Thunderbird, the encryption plugin Enigmail, and another plugin called TorBirdy that routes its messages through Tor.

Instant Messaging
Adium and Pidgin, the most popular Mac and Windows instant messaging clients that support the encryption protocol OTR, also support Tor. (See how to enable Tor in Adium here and in Pidgin here.) But the Tor Project  is working to create an IM program specifically designed to be more secure and anonymous. That Tor IM client, based on a program called Instant Bird, was slated for release in March but is behind schedule. Expect an early version in mid-July.

Large File Transfers
Google Drive and Dropbox don’t promise much in the way of privacy. So Lee created Onionshare, open-source software that lets anyone directly send big files via Tor. When you use it to share a file, the program creates what’s known as a Tor Hidden Service—a temporary, anonymous website—hosted on your computer. Give the recipient of the file the .onion address for that site, and they can securely and anonymously download it through their Tor Browser.

Mobile Devices
Anonymity tools for phones and tablets are far behind the desktop but catching up fast. The Guardian Project created an app called Orbot that runs Tor on Android. Web browsing, email and IM on the phone can all be set to use Orbot’s implementation of Tor as a proxy.

Apple users don’t yet have anything that compares. But a 99-cent app called Onion Browser in the iOS app store offers anonymous web access from iPhones and iPads. An audit by Tor developers in April revealed and helped fix some of the program’s vulnerabilities. But Sandvik suggests that prudent users should still wait for more testing. In fact, she argues that the most sensitive users should stick with better-tested desktop Tor implementations. “If I were in a situation where I needed anonymity, mobile is not a platform I’d rely on,” she says.

Everything Else
Even if you run Tor to anonymize every individual Internet application you use, your computer might still be leaking identifying info online. The NSA has even used unencrypted Windows error messages sent to Microsoft to finger users and track their identities. And an attacker can compromise a web page you visit and use it to deliver an exploit that breaks out of your browser and sends an unprotected message revealing your location.

So for the truly paranoid, Lee and Sandvik recommend using entire operating systems designed to send every scrap of information they communicate over Tor. The most popular Tor OS is Tails, or The Amnesiac Incognito Live System. Tails can boot from a USB stick or DVD so no trace of the session remains on the machine, and anonymizes all information. Snowden associates have said the NSA whistleblower is himself a fan of the software.

For the even more paranoid, there is a lesser-known Tor-enabled OS called Whonix. Whonix creates multiple “virtual machines” on the user’s computer—software versions of full computer operating systems that are designed to be indistinguishable from a full computer. Any attacker trying to compromise the user’s computer will be confined to that virtual machine.

That virtualization trick underlines an important point for would-be anonymous Internet users, Lee says: If your computer gets hacked, the game is over. Creating a virtual sandbox around your online communications is one way to keep the rest of your system protected.

“Tor is awesome and can make you anonymous. But if your endpoint gets compromised, your anonymity is compromised too,” he says. “If you really need to be anonymous, you also need to be really secure."