Over-the-Top Digital Security Measures to Beat the NSA

By Chris Mills on at

Because they're out there, watching.

Well, maybe not you specifically. But they could be, if they wanted to, and that's a bit creepy. Here's how to shut them outta your life.

 

Get a Security Token

Passwords? Forget that crap. What you need is a Yubikey. Basically, it's a flash drive that works as the second token in all your authentication system. You plug it in, and it generates a secure password. The best way to use it is as the master key for a password manager like LastPass. That way, there's no combination of birthday and mother's maiden name to crack -- your Gmail password will be a completely random string of characters, accessible only with your super-secure flash drive.

On that note, you should probably turn two-factor authentication on (this is worthwhile even if you're not being hunted by the NSA).

 

Encrypt Your Crap

One interesting revelation from NSA whistleblower Edward Snowden is that well-encrypted messages generally won't be read by the sneaky US government. The best tool for encrypting your electronic missives (freely available, anyway), is PGP, or Pretty Good Privacy. You generate a public key and a private key, which can be used to encrypt and decrypt your messages respectively, by inputting the unique random key (the flowchart above does a much better job of explaining than me). Despite being invented way back in 1991, the mathematical basis behind PGP is still sound, and probably your best bet for going super-sneaky on the US government.

But that's just message encryption. What if the feds get hold of your laptop? You need drive encryption, of course. Macs come with the pretty decent FileVault encryption system as standard; Windows users can plump for the free-and-easy TrueCrypt, which lets you create encrypted partitions or entire snoop-free drives.

 

A Big-Arse Safe

So you've got your stuff encrypted; but where are you going to store the keys? That calls for a safe. Taking a few lessons learnt from The Italian Job, we can deduce that a) we want a safe that takes more than a few minutes to crack, and b) you should never store your safe above a river.

Provided you don't live in Venice, something from the Mosler safe company should fit the bill. The stuff of legend ever since they survived an atomic bomb in Hiroshima, the MSD-T model comes with a digital keypad to gain entry, and fire resistance rated for a good few hours. Good luck trying to get into that one.

 

Don't Forget Your Faraday Cage!

Of course, that safe is no good if there's a hidden camera nearby to record your passcode. The best way to make sure that won't happen is, of course, to make your safe room (hereby referred to as 'The Vault') into a Faraday cage -- a space contained within a shield of a fine mesh of conducting material, which blocks any radio signals trying to go in or out of the cage. Added bonus: you'll be impervious to lightning.

 

Or the Retina Scanner

Every good secure vault needs an equally secure way of getting inside; there aren't many better than a retina scanner.  EyeLock's EyeSwipe Nano, pictured above, is a pretty decent scanner, which paired with an electronic lock, should do the business.

 

Let's Talk Internet

So your digital wares are secure; you're safe from The Man for the time being. But what's life without unrestricted access to World of Warcraft, eh? To access the internet, we're going to need more than a standard fibre connection.

Step 1: We'll set up a VPN. Buy yourself an anonymised credit card, and use that to buy a Virtual Private Server with a hosting company. Or, even better, buy yourself some BitCoins, and use those to buy the VPS. (Of course, they'll ask for your real details, but no one will know if you choose to lie. Which you shouldn't do, obviously.) Follow this guide here to set up a VPN to your home, which will be handily and thoroughly encrypted. No one knows what you're sending to your VPN server -- result!

But that's only Step 1. For complete internet anonymity, we're also going to use the Tor network. Buy yourself another server using your burner card or BitCoin, and install Debian on it. Then, follow this simple guide to set up a Tor hidden service on the server, which you can then connect to through your VPN. Congrats, your internet should now be well and truly anonymised.

 

 

The Little Extras

With all this talk of digital security, it's all too easy to forget the little day-to-day details of evading simple stuff like having your credit card details compromised. Contactless payment cards can, with the right tools, be read without your permission, while the cards are in your pocket. The best defence is actually pretty simple: block NFC signals from passing through your wallet. Tinfoil works pretty neatly here, but some testing with NFC tags and readers of our own have found that tinfoil, tissue paper, melted chocolate and duct tape all work too (the duct tape was less messy than the chocolate, FYI).

Let's also not forget your phone here. Having a secure password is a must -- something ten characters or more, and turn off visible keypress if your OS allows it. Disabling NFC and Bluetooth is probably a good idea (for your battery life, if nothing else).

Then we've got messaging. All the normal messaging clients you'd probably use are busted wide open by PRISM, apparently with the exception of one -- iMessage. Apple says that because the encryption is end-to-end, neither they or any government agencies can intercept them. We're going to have to take that at face value, clearly. For added security, however, you should at least be able to hook your smartphone into your VPN network, to give at least a veneer of security.

Of course, extensive reading of Tom Clancy novels will tell you that even with all the security measures in place, nothing will stop the bad/good guys tailing you and learning your innermost secrets. There's also the argument that going completely over the top on security will make you more of a target, but hey, since Uncle Sam is collecting all our data anyway, we might as well make them work for a living.

Image credit: Man looking through window from Shutterstock