Showing posts with label NSA. Show all posts
Showing posts with label NSA. Show all posts

Wednesday, 8 July 2015

Cybersecurity: Security Experts Oppose Government Access to Encrypted Communication

SAN FRANCISCO — An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.

Wednesday, 4 March 2015

CIA Set To Bolster Its Cyberespionage Capabilities

The CIA, usually known for its human-based intelligence gathering work, has announced plans to expand its cyber-espionage operations. According to the head of CIA: "...the time has come to take a fresh look at how we are organized as an agency..."

Thursday, 19 February 2015

The Great SIM Heist: How Spy Agencies Stole Encryption Keys Protecting Privacy of Cellphones

SIM Cards
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

Friday, 5 December 2014

Operation Auroragold: How The NSA Hacks Cellphone Networks Worldwide

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

Wednesday, 3 December 2014

Anti-Terrorism Algorithms: How Your Name, Internet Activity Could Make You A Terror Suspect

Anti-terrorism algorithms - Photograph: David Gunn/Getty Images
Does the stuff you post on the internet make you look like a terrorist? Is the rhythm of your typing sending the wrong signals? The government wants sites such as Google and Facebook to scan their users more closely. But if everything we do online is monitored by machines, how well does the system work?

Should our future robot overlords decide to write a history of how they overcame their human masters, late 2014 will be a key date in the timeline. Last week, an official report from the parliamentary intelligence and security committee handed over responsibility for the UK’s fight against terrorism, or at least part of it, to Facebook’s algorithms – the automated scripts that (among other things) look at your posts and your networks to suggest content you will like, people you might know and things you might buy.

Assessing the intelligence failures that led to the murder of Fusilier Lee Rigby at the hands of two fanatics, the committee absolved MI5 of responsibility, in part because the agency was tracking more than 2,000 possible terrorists at the time – far more than mere humans could be expected to follow. Instead, they placed a share of the blame on Facebook – which busily tracks its one billion users on a regular basis – for not passing on warnings picked up by algorithms the company uses to remove obscene and extreme content from its site. David Cameron agreed, and promised new laws, so it’s possible that soon Google, Facebook and co won’t just be scanning your messages to sell you stuff – they will be checking you are not plotting the downfall of western civilisation too.

Between the NSA’s automatic systems, social media tracking and more, everything you do is being overseen by the machines – but what might make you look suspect? Here are just a few examples.

Say the wrong thing

We already know that saying something stupid on social media can bring unwanted attention from the law. In 2010, a trainee accountant called Paul Chambers tweeted: “Crap! Robin Hood airport is closed. You’ve got a week and a bit to get your shit together otherwise I’m blowing the airport sky high!!” Those 134 characters, seen by an airport worker, led to arrest by anti-terror police, a conviction and three appeals, and cost Chambers two jobs before a crowdfunded legal campaign got the conviction quashed.

With the capability – and maybe soon the legal requirement – for algorithms to scan every social media post for problematic phrases, the potential for trouble increases exponentially. One way a machine might assess your content is through lists of keywords: a message containing one or two of these might not trigger an alert, but too many, too close together, and you are in trouble. Take a message such as: “Hey man, sorry to be a martyr, but can you get round to shipping me that fertiliser? I really do need it urgently. Thanks, you’re the bomb! See you Friday, Insha’Allah.”

An algorithm designed to flag content that might be inappropriate – triggering perhaps automated deletion, or account suspension – would have a much lower threshold than one sending a report to an intelligence officer suggesting she spend the rest of her day (or week) tracking an individual. How should the tool be tuned? Too tight and it will miss all but the most obvious suspicious messages. Too lax and the human operators will be drowning in cases.

In practice, algorithms designed to police content are set far more loosely than those to catch terrorists: keywords for intelligence agencies are more likely to be focused: names of particular individuals, or phrases picked up from other suspects.

Algorithms can get far cleverer than simply using keywords. One way is to pick up subtle ways in which messages from known terror suspects vary from the main population, and scan for those – or even to try to identify people by the rhythm of their typing. Both are used to a degree now, but will spread as they become better understood.

However sophisticated these systems are, they always produce false positives, so if you are unlucky enough to type oddly, or to say the wrong thing, you might end up in a dragnet.

Data strategist Duncan Ross set out what would happen if someone could create an algorithm that correctly identified a terrorist from their communications 99.9% of the time – far, far more accurate than any real algorithm – with the assumption that there were 100 terrorists in the UK.

The algorithm would correctly identify the 100 terrorists. But it would also misidentify 0.01% of the UK’s non-terrorists as terrorists: that’s a further 60,000 people, leaving the authorities with a still-huge problem on their hands. Given that Facebook is not merely dealing with the UK’s 60 million population, but rather a billion users sending 1.4bn messages, that’s an Everest-sized haystack for security services to trawl.
GCHQ from the air
GCHQ, in Cheltenham, Gloucestershire. The British government, like the US, has data on millions of ordinary people. Photograph: EPA

Share the wrong link

It’s pretty hard for machines right now to know exactly what we mean when we talk, so it is much easier for them to look for some kind of absolutely reliable flag that content is suspect. One easy solution is to use databases of websites known to be connected to extremists, or child abuse imagery, or similar. If you share such a link, then it is a pretty reliable sign that something is awry. If you do it more than once, even more likely that you are a terrorist. Or a sympathiser. Or a researcher. Or a journalist. Or an employee of a security agency …

If the database is accurate, this system works (sort of). The problems come if they are crowdsourced. Many major sites, such as YouTube, work in part through user-led abuse systems: if a user flags content as inappropriate, they are asked why. If enough people (or a few super-users) flag content for the same reasons, it triggers either suspension of the content (or user), or review by a human moderator. What happens when the pranksters of 4chan decide, en masse, to flag your favourite parenting website? Other systems rely on databases supplied by NGOs or private companies, which are generally good, but far from infallible.

Anyone who has got an “adult content warning” browsing the internet on their mobile – where first world war memorials, drug advice sites, and even Ada Lovelace Day have fallen foul of O2 filters, for example – might be a little alarmed.

Know the wrong people

Everyone knows that hanging out with the wrong crowd can get you in trouble. Online, the crowd you hang out with can get pretty big – and the intelligence agencies are willing to trawl quite a long way through it.

We know, post-Snowden, that the NSA will check up to “three hops” from a target of interest: one hop’s your friends, two hops is friends of friends, and three hops drags in their friends too. Given that, thanks to Kevin Bacon, we know six hops is enough to get to pretty much anyone on the planet, three hops is quite a lot of people. If the NSA decided I was a target of interest, for example, that could drag in 410 Facebook friends, 66,994 friends of friends, and 10.9 million of their pals. Sorry, guys.

Obviously no agency on the planet would manually review 66,994 of anyone’s contacts (let alone nearly 11 million), but if a few of those second- or third-degree contacts happened to also be in the networks of other people of interest to the NSA, then their odds of being scrutinised rockets.

The potential of these huge, spiderlike networks-of-networks is an exciting one for the agencies. They don’t always live up to the hype, though. According to Foreign Policy magazine, General Keith Alexander, the former head of the NSA, was an enthusiastic advocate for bulk surveillance programmes. In his bid to convince colleagues of their worth, he could be seen giving briefings in the Information Dominance Center, pointing to complex diagrams showing who knew who – including some places being called by dozens of people in the network. Maybe the data had found the kingpin?

“Some of my colleagues and I were sceptical,” a former analyst told the magazine. “Later, we had a chance to review the information. It turns out that all [that] those guys were connected to were pizza shops.”

Have the wrong name

With all the talk of “smart analytics” and “big data”, it is easy to forget that a lot of automatic systems will unthinkingly dive on anything that looks like a target. If you are unlucky enough to have the same name as a major terror suspect, your emails, messages and more will almost certainly have ended up in at least one intelligence agency database.

Things get even worse with no-fly lists: because of clerical errors, false flags on names or similar, for the first few years after 9/11, some unfortunates were detained on dozens of occasions flying around the US, and even imprisoned. These included Stanford academic (and US citizen) Rahinah Ibrahim, who uses a wheelchair. She had been flagged when someone hit the wrong checkbox on an online form, as she learned only years later through a court challenge. Only after several court battles was the system tidied up, and some people still need to fly with letters – to show to humans – stating that they are absolutely, definitely, not a terrorist, no matter what the computer says.
NSA HQ
The National Security Agency’s HQ in Fort Meade, Maryland. Photograph: Greg E Mathieson/Rex Features

Act the wrong way

It is possible that, mindful of companies tracking you for ads, governments tracking you to keep you safe, and schoolfriends tracking you down to show baby pictures, you have decided to try to use the internet a bit more privately.

One way might have been to install software such as Tor, which, when used properly, anonymises your internet browsing. The US navy helped develop the software, which receives public money to this day for its role in protecting activists in dictatorships around the world. At the same time, though, British and US spies decry the hiding place it offers to terrorists, serious criminals and others. According to the Snowden files, GCHQ and the NSA constantly attempted to break and track the network, created special measures to save traffic of Tor users, and even constructed some malware tools that would target any Tor users who happened upon a site hosting the virus. The sophisticated attack used problems in browser software to allow almost total access to any compromised computer.

Do nothing at all

In the online era, there is every possibility that you could fall into surveillance without ever posting, acting or associating suspiciously. With so much traffic flowing across the internet, it is sometimes easier for intelligence agencies to collect everything they see rather than targeting particular people – so sometimes even merely using the most innocuous or esoteric web services can get your pictures into agency databases. It is unlikely to lead to your impending arrest, and could well never be read by an actual human – but it would be there all the same.

One example is a GCHQ system codenamed OPTIC NERVE that was designed to capture images from every Yahoo webcam chat picked up by GCHQ’s bulk-intercept system. The capability was created, Snowden documents suggested, because some GCHQ targets used the webcam software – and so the agency picked up everything it could. Our poor spies quickly discovered that lots of people – up to 11% of users – rely on such webcam services to exchange “adult” moments, and staff had to be issued with advice on how to avoid seeing such smut. Such are the hazards of snooping: you set out to find terrorists, and end up building (probably) the world’s largest porn collection.

Another place the agencies saw some of their targets was in the world of online gaming. Noticing suspects playing online role-playing games, or messing with Angry Birds, the agencies responded to cover those areas of the internet too. GCHQ documents show the agency analysed how to read and collect information sent back and forth from that and other online games, including how to extract and store text in bulk from some game chatrooms. Other GCHQ analysts managed to wangle the geek’s dream assignment of becoming human agents in online games, including Second Life and World of Warcraft.

One way to avoid such unwanted attention might be to stick with console shoot-’em-ups: play this sort of game on Xbox Online, and you are more likely to see a GCHQ hiring advert than fall foul of surveillance. If you can’t beat ’em, why not join ’em?

Source:
The Guardian, UK

Tuesday, 2 December 2014

Ministry of Defence and Office of National Security Adviser Rift Over Control of Defence Spending

There are strong indications of a rift over the control of the country’s defence spending, with the Ministry of Defence and the Office of the National Security Adviser split over where the power to spend the fund should reside.

Wednesday, 5 November 2014

Communication With Skype, WhatsApp, Facebook Chat, SnapChat, Yahoo Messenger etc Are Disappointingly Insecure - EFF

Photo Credit: PathDoc/Shutterstock
Secure communication is something we all crave online, particularly after Edward Snowden's NSA revelations increased public interest in privacy and security.

Sunday, 20 July 2014

Snowden Alleges 'Caliph' Al Baghdadi Was Trained, Propped by MOSSAD and Western Intelligence Agencies

The former employee at the National Agency for American security, Edward Snowden, revealed that the British and American intelligence and the Mossad worked together to create the ex-EIIL or Islamic State Iraq and the Levant, according to Iranian news agency Farsnews.

Snowden said the intelligence services of three countries, namely the United States, Britain and the Zionist entity have worked together to create a terrorist organization that is able to attract ALL extremists of the world to one place, using a strategy called “the hornet’s nest.”

The documents of the American National Security Agency refers to “the recent implementation of an old known as the” hornet’s nest “to protect the Zionist entity PLANbritannique, and creating a religion including Islamic slogans reject any religion or faith.”

According to the document, “The only solution for the protection of the” Jewish State “is to create an enemy near its borders, BUT the draw against Islamic states who oppose his presence.”
Leaks revealed that “Abu Bakr al-Baghdadi took an intensive military training for a whole year in the hands of Mossad, besides COURSES in theology and mastering the art of speech.

Source:
SomdailyNews

somdailynews.com/snowden-confirms-that-al-baghdadi-was-trained-by-mossad/


Saturday, 19 July 2014

Snowden Alleges 'Caliph' Al Baghdadi Was Trained, Propped by MOSSAD and Western Intelligence Agencies

The former employee at the National Agency for American security, Edward Snowden, revealed that the British and American intelligence and the Mossad worked together to create the ex-EIIL or Islamic State Iraq and the Levant, according to Iranian news agency Farsnews.

Snowden said the intelligence services of three countries, namely the United States, Britain and the Zionist entity have worked together to create a terrorist organization that is able to attract ALL extremists of the world to one place, using a strategy called “the hornet’s nest.”

The documents of the American National Security Agency refers to “the recent implementation of an old known as the” hornet’s nest “to protect the Zionist entity PLANbritannique, and creating a religion including Islamic slogans reject any religion or faith.”

According to the document, “The only solution for the protection of the” Jewish State “is to create an enemy near its borders, BUT the draw against Islamic states who oppose his presence.”
Leaks revealed that “Abu Bakr al-Baghdadi took an intensive military training for a whole year in the hands of Mossad, besides COURSES in theology and mastering the art of speech.


Source:

SomdailyNews

Thursday, 17 July 2014

US Spying: Germany 'May revert Typewriters' to Counter Hi-Tech Espionage

German politicians are considering a return to using manual typewriters for sensitive documents in the wake of the US surveillance scandal.

The head of the Bundestag's parliamentary inquiry into NSA activity in Germany said in an interview with the Morgenmagazin TV programme that he and his colleagues were seriously thinking of ditching email completely.
Asked "Are you considering typewriters" by the interviewer on Monday night, the Christian Democrat politician Patrick Sensburg said: "As a matter of fact, we have – and not electronic models either". "Really?" the surprised interviewer checked. "Yes, no joke," Sensburg responded.

"Unlike other inquiry committees, we are investigating an ongoing situation. Intelligence activities are still going on, they are happening," said Sensburg.
Last week, Merkel's government asked the CIA's station officer in Germany to leave the country after an employee of the German intelligence agency BND confessed to passing confidential documents to the US secret service. The ongoing investigation prompted speculation that the CIA may have actively targeted the Bundestag's NSA
inquiry committee.

Last year, the Russian government reportedly took similar measures after the extent of US electronic surveillance was revealed by the whistleblower Edward Snowden.
The federal guard service, a powerful body tasked with protecting Russia's highest-ranking officials, put in an order for 20 Triumph Adler typewriters, which create unique "handwriting", that allows the source of any documents created on them to be traced.

But judging by the reaction to Sensburg's comments, manual typewriters are unlikely to be widely adopted in German political circles.
"Before I start using typewriters and burning notes after reading, I'd rather abolish the secret services," tweeted Martina Renner, an opposition member of the parliamentary committee investigating the activities of US and other intelligence agencies in Germany. Sahra Wagenknecht, Die Linke party's deputy chair, described the suggestion as grotesque.

Christian Flisek, the SPD's representative on the committee, told Spiegel Online: "This call for mechanical typewriters is making our work sound ridiculous. We live in the 21st century, where many people communicate predominantly by digital means. Effective counter-espionage works digitally too. The idea that we can protect people from
surveillance by dragging them back to the typewriter is absurd."

Yet while Sensburg may regret his comments, there is little question that revelations about digital surveillance have triggered a fundamental rethink
about how the German government conducts its communications.
"Above all, people are trying to stay away from technology whenever they can," wrote Die Welt .
"Those concerned talk less on the phone, prefer to meet in person. More coffees are being drunk and lunches eaten together. Even the walk in the park is increasingly enjoying a revival."

Last November, in the immediate aftermath of the revelations of NSA monitoring of Merkel's mobile phone, the German government instructed its MPs to only use encrypted mobile phones for sensitive calls. The use of iPhones for intra-governmental
communications is reportedly banned. Since then, some have even questioned whether the state-of-the-art "Secusmart" encryption mobile currently used by the chancellor is safe from bugging attempts.

The Bundestag's NSA inquiry committee has found its own way of protecting itself from surveillance: before every meeting, members leave their mobiles in a metal box in an adjacent room, in which any remaining snippets of conversation are drowned out by the music of Edvard Grieg played at full blast.

Courtesy:
The Guardian

Friday, 11 July 2014

Apple's iPhone Branded a 'National Security Concern'

Apple's iPhone has been labelled a "national security concern" by Chinese state broadcasters as relations between the country and US over cybersecurity worsen.

The influential state-sponsored China Central Television broadcast declared the iPhone a "national security concern" as part of its national noon broadcast on Friday, according to the Wall Street Journal. CCT criticized the "frequent locations" function present on Apple's iOS 7 operating system, declaring that researchers believe data points recorded by the service could give those with access to this data knowledge of Chinese concerns and even "state secrets."

Found in Settings , the "frequent locations" function is an opt-in feature which allows users to grant their
devices permission to record places they often go, in order to provide useful location-based information.
The relationship between China and the US in relation to cybersecurity has never been close, but became far more strained following the leak of
confidential documents by former US National Security Agency (NSA) contractor Edward Snowden earlier this year.
Out of all the leaks which showed the widespread surveillance activities of the intelligence agency, the NSA's secret tapping of networks belonging to Chinese telecom and internet giant Huawei were of interest to the country, as were disclosures which suggest the NSA hacked major telcos in China to mine text messages - as well as sustained attacks on Tsinghua University networks.

The broadcast touched upon the Snowden leaks, and according to the WSJ called the US technology firms'
databases a "gold mine." In addition, the broadcast quoted Chinese officials who insisted that Apple would need to "take on any legal responsibilities" if data leaks caused by the firm's devices caused harm.
In addition, the recent arrest of five "military hackers" who allegedly stole US corporate data by US law
enforcement is not likely to have improved matters. Following the arrests, China's defence ministry
said:
"From 'WikiLeaks' to the 'Snowden' case, US hypocrisy and double standards regarding the issue of cyber security have long been abundantly clear."

Apple is the latest in a string of US companies to be facing backlash over tense relations between China and
the United States, following questions raised by Chinese media in June over the security of Microsoft's Windows
operating system and an earlier ban of the use of Windows 8 in government computers by the Chinese Central Government Procurement Centre.

Courtesy:
ZDNet.com

Thursday, 10 July 2014

NSA and FBI Spied on 5 High-Profile Americans Muslims - Report

US spy agencies snooped on the emails of five high- profile Muslim Americans in an effort to identify security threats, documents leaked by fugitive ex-NSA contractor Edward Snowden show.
The targets include a lawyer, professor and a political operative, according to a report published in the Intercept.

The Intercept is an online news site overseen by Glenn Greenwald, who helped publish many of Mr Snowden's
leaks.
The FBI and NSA said they only spied on Americans when they had probable cause. "The National Security Agency and FBI have covertly monitored the emails of prominent Muslim Americans... under secretive procedures intended to target terrorists and foreign spies," according to The Intercept report.

Those allegedly spied on include:
• Faisal Gill, a Republican Party operative and former Department of Homeland Security employee
• Asim Ghafoor, a lawyer who represented clients in terrorism-related cases
• Hooshang Amirahmadi, an Iranian-American professor at Rutgers University
• Agha Saeed, a former political science professor at California State University
• Nihad Awad, the executive director of the Council on American-Islamic Relations.

According to the report - the result of a three-month investigation using classified documents obtained from
Mr Snowden - all five individuals have denied involvement in terrorist activities. 'Ethnic stereotypes'
The NSA and Department of Justice quickly responded to the report, saying emails of Americans are only accessed if there is probable cause.
"It is entirely false that US intelligence agencies conduct electronic surveillance of political, religious or activist figures solely because they disagree with public policies or criticise the government, or for exercising constitutional rights," the agencies wrote in a joint statement.
The White House has ordered a review of national security agencies in the wake of the allegations, however.
"Upon learning of this matter, the White House immediately requested that the Director of National Intelligence undertake an assessment of Intelligence Community policies, training standards or directives that promote diversity and tolerance," White House national security spokeswoman Caitlin Hayden said on Wednesday.
"The use of racial or ethnic stereotypes, slurs, or other similar language" is not acceptable, she added.

Edward Snowden, a former NSA contractor, leaked a trove of secure documents to international media
Several dozen civil liberties groups have also spoken out against the allegations made in The Intercept report, urging US President Barack Obama to provide a full public accounting of domestic surveillance.
It is not the first time US agencies have been accused of snooping on Americans. Previous documents leaked by Mr Snowden indicate the electronic files of thousands of citizens were scanned by the NSA.
Last year, Mr Snowden - a former NSA contractor now residing in Russia - fed a trove of secret NSA documents to news outlets including the Washington Post and the Guardian, where Mr Greenwald worked.

The US Congress has attempted to curb online snooping in the wake of the snooping revelations, with the House of Representatives passing legislation to that effect in mid-June.
The measure, added to a $570bn (£335bn) defence spending bill, would bar the NSA from collecting Americans' personal online information without a warrant.
Earlier this year the House also passed the USA Freedom Act that would limit the NSA's bulk data collection and storage of some American landline
telephone call records.

Courtesy:
BBC

Monday, 7 July 2014

United States 'To work With Germany' To Resolve Spy Row

A White House spokesman said he could not comment directly but efforts were being made to solve the problem.

Earlier, German Chancellor Angela Merkel voiced her concerns about the alleged US spy in German intelligence, while on a visit to China.

"It would be a clear contradiction of what I consider to be trusting co-operation" with the US, she said.

She said that if the allegations about a double agent were true, it would constitute a serious breach of trust.

"If the reports are correct, it would be a serious case," Ms Merkel said on Monday while at a news conference with Chinese Premier Li Keqiang.

It is the second day of her three-day visit, which is dominated by trade issues.

The latest twist in the ongoing spying row between the two countries happened last week when a German employee of the country's foreign intelligence service (BND) was arrested.

The man is suspected of having handed over more than 200 documents over a two-year period in exchange for 25,000 euros (£20,000; $34,000).

Questioned by reporters on Monday, White House spokesman Josh Earnest praised the "valuable" relationship the US had with Germany and said: "We are going to work with the Germans to resolve this situation appropriately,"

Analysis - Stephen Evans, BBC News, Berlin

Spying is particularly sensitive in Germany, whether it's listening in to Chancellor Merkel's phone or reading secret documents meant for a parliamentary committee. Mrs Merkel grew up in East Germany where the intrusions of the secret police - the Stasi - were pervasive and poisonous. And democracy has something of a sacred quality in Germany today because of the Nazi and then the Communist years.

"Outrage" runs across the political spectrum - it's not just a "chattering class" issue. Wolfgang Bosbach, for example, who is the Christian Democrat [centre-right] head of the Bundestag committee which oversees interior affairs, questioned whether the US and Germany could be considered as "partners" any more.

The first allegation of spying came just after President Obama's visit to Berlin where he was greeted as a long-lost friend. And this latest one concerns material for the very parliamentary committee set up to investigate the previous allegation. Spies spy, and no doubt spies spy on friends, but there are political consequences when they are caught at it, even if it's just in terms of a loss of goodwill.

German-US relations have been strained since it emerged that the US National Security Agency (NSA) had been monitoring Ms Merkel's mobile phone calls.

The scale of NSA surveillance was revealed by US whistleblower Edward Snowden, a former NSA contractor who remains a fugitive in Russia.

Courtesy

BBC

Friday, 20 June 2014

United States House of Representatives Backs Limits on NSA Spying


WASHINGTON –  House libertarians and liberals banded together for a surprise win in their fight against the secretive National Security Agency, securing support for new curbs on government spying a year after leaker Edward Snowden's disclosures about the bulk collection of millions of Americans' phone records.
The Republican-led House voted 293-123 late Thursday to add the limits to a $570 billion defense spending bill. The provision, which faces an uncertain fate in the Senate, would bar warrantless collection of personal online information and prohibit access for the NSA and CIA into commercial tech products.

Wednesday, 18 June 2014

How to Anonymize Everything You Do Online

Written By Andy Greenberg  (Wired)

One year after the first revelations of Edward Snowden, cryptography has shifted from an obscure branch of computer science to an almost mainstream notion: It’s possible, user privacy groups and a growing industry of crypto-focused companies tell us, to encrypt everything from emails to IMs to a gif of a motorcycle jumping over a plane.

But it’s also possible to go a step closer toward true privacy online. Mere encryption hides the content of messages, but not who’s communicating. Use cryptographic anonymity tools to hide your identity, on the other hand, and network eavesdroppers may not even know where to find your communications, let alone snoop on them. “Hide in the network,” security guru Bruce Schneier made his first tip for evading the NSA. “The less obvious you are, the safer you are.”

Though it’s hardly the sole means of achieving online anonymity, the software known as Tor has become the most vouchsafed and developer-friendly method for using the Internet incognito. The free and open source program triple-encrypts your traffic and bounces it through computers around the globe, making tracing it vastly more difficult. Most Tor users know the program as a way to anonymously browse the Web. But it’s much more. In fact, Tor’s software runs in the background of your operating system and creates a proxy connection that links with the Tor network. A growing number of apps and even operating systems provide the option to route data over that connection, allowing you to obscure your identity for practically any kind of online service.

Some users are even experimenting with using Tor in almost all their communications. “It’s like being a vegetarian or a vegan,” says Runa Sandvik, a privacy activist and former developer for Tor. “You don’t eat certain types of food, and for me I choose to use Tor only. I like the idea that when I log onto a website, it doesn’t know where I’m located, and it can’t track me.”

Here’s how you can use the growing array of anonymity tools to protect more of your life online.

Web Browsing
The core application distributed for free by the non-profit Tor Project is the Tor Browser, a hardened, security-focused version of Firefox that pushes all of your Web traffic through Tor’s anonymizing network. Given the three encrypted jumps that traffic takes between computers around the world, it may be the closest thing to true anonymity on the Web. It’s also rather slow. But the Tor browser is getting faster, says Micah Lee, a privacy-focused technologist who has worked with the Electronic Frontier Foundation—one of the organizations that funds the Tor Project—and First Look Media. For the past month or so, he’s tried to use it as his main browser and only switch back to traditional browsers occasionally, mostly for flash sites and others that require plugins.

After about a week, he says, the switch was hardly noticeable. “It may not be entirely necessary, but I haven’t found it that inconvenient either,” Lee says. “And it does have real privacy benefits. Everyone gets tracked everywhere they go on the Web. You can opt of out of that.”

Email
The simplest way to anonymously send email is to use a webmail service in the Tor Browser. Of course, that requires signing up for a new webmail account without revealing any personal information, a difficult task given that Gmail, Outlook, and Yahoo! Mail all require a phone number.

Runa Sandvik suggests Guerrilla Mail, a temporary, disposable email service. Guerrilla Mail lets you set up a new, random email address with only a click. Using it in the Tor Browser ensures that no one, not even Guerrilla Mail, can connect your IP address with that ephemeral email address.

Encrypting messages with webmail can be tough, however. It often requires the user to copy and paste messages into text windows and then use PGP to scramble and unscramble them. To avoid that problem, Lee instead suggests a different email setup, using a privacy-focused email host like Riseup.net, the Mozilla email app Thunderbird, the encryption plugin Enigmail, and another plugin called TorBirdy that routes its messages through Tor.

Instant Messaging
Adium and Pidgin, the most popular Mac and Windows instant messaging clients that support the encryption protocol OTR, also support Tor. (See how to enable Tor in Adium here and in Pidgin here.) But the Tor Project  is working to create an IM program specifically designed to be more secure and anonymous. That Tor IM client, based on a program called Instant Bird, was slated for release in March but is behind schedule. Expect an early version in mid-July.

Large File Transfers
Google Drive and Dropbox don’t promise much in the way of privacy. So Lee created Onionshare, open-source software that lets anyone directly send big files via Tor. When you use it to share a file, the program creates what’s known as a Tor Hidden Service—a temporary, anonymous website—hosted on your computer. Give the recipient of the file the .onion address for that site, and they can securely and anonymously download it through their Tor Browser.

Mobile Devices
Anonymity tools for phones and tablets are far behind the desktop but catching up fast. The Guardian Project created an app called Orbot that runs Tor on Android. Web browsing, email and IM on the phone can all be set to use Orbot’s implementation of Tor as a proxy.

Apple users don’t yet have anything that compares. But a 99-cent app called Onion Browser in the iOS app store offers anonymous web access from iPhones and iPads. An audit by Tor developers in April revealed and helped fix some of the program’s vulnerabilities. But Sandvik suggests that prudent users should still wait for more testing. In fact, she argues that the most sensitive users should stick with better-tested desktop Tor implementations. “If I were in a situation where I needed anonymity, mobile is not a platform I’d rely on,” she says.

Everything Else
Even if you run Tor to anonymize every individual Internet application you use, your computer might still be leaking identifying info online. The NSA has even used unencrypted Windows error messages sent to Microsoft to finger users and track their identities. And an attacker can compromise a web page you visit and use it to deliver an exploit that breaks out of your browser and sends an unprotected message revealing your location.

So for the truly paranoid, Lee and Sandvik recommend using entire operating systems designed to send every scrap of information they communicate over Tor. The most popular Tor OS is Tails, or The Amnesiac Incognito Live System. Tails can boot from a USB stick or DVD so no trace of the session remains on the machine, and anonymizes all information. Snowden associates have said the NSA whistleblower is himself a fan of the software.

For the even more paranoid, there is a lesser-known Tor-enabled OS called Whonix. Whonix creates multiple “virtual machines” on the user’s computer—software versions of full computer operating systems that are designed to be indistinguishable from a full computer. Any attacker trying to compromise the user’s computer will be confined to that virtual machine.

That virtualization trick underlines an important point for would-be anonymous Internet users, Lee says: If your computer gets hacked, the game is over. Creating a virtual sandbox around your online communications is one way to keep the rest of your system protected.

“Tor is awesome and can make you anonymous. But if your endpoint gets compromised, your anonymity is compromised too,” he says. “If you really need to be anonymous, you also need to be really secure."