Did they or didn't they? That's the question at the end of this week's ground-shaking news that two highly classified programs reveal the U.S. government has been spying on its citizens behind closed doors for years, made public in leaks as reported by Guardian U.K.
One NSA program brought to light this week harvests phone records via Verizon. The second program is called Prism, in which the NSA data-mines user information directly from nine Internet giants, including Apple, Facebook, Google, Microsoft and Skype.
No one has contested the Verizon data/surveillance exchange deal. President Obama today confirmed the existence of both NSA programs and acknowledges Prism, tech companies Google and Facebook issued carefully-worded statements with each company saying it had never head of Prism.
If the NSA is getting their intel without our knowledge or consent straight from the tap, there's nothing we can do to protect ourselves. Except maybe yell at them really loud. Just like in a classic scary movie, the calls are actually coming from inside the house.
Add to this the element of outside information seekers: data dealers who work to make a buck by scraping sites, exploiting security holes, or making direct data sales with the very same companies alleged to be part of Prism. Now we can extend the horror film analogy, where we find out (always too late!) that the serial killer is also the babysitter.
Even against odds, I felt that at the very least we can make someone's job a little bit harder.
Hence the title of this post. I asked not just one, but several hackers who work professionally in high-level security environments what the best anti-surveillance, pro-privacy phone apps are. What is on their phones? What should be on mine?
After they finished laughing at my question (especially in light of the Prism revelations), I got solid answers. You can tell me what I left out in the comments, but I only wanted to post apps that were tested and in use by people whose jobs (or more) depend on personal communication security.
Keep in mind that the sudden activation of encryption tools can draw attention to you, when before there might have been none.
However, now might be a good time to take advantage of the fact that in the middle of this news storm, suddenly lots of people are going to be trying out anti-surveillance software.
Most recommended: Text Secure and Red Phone by Whisper Systems (Android only; iOS in development).
Both apps are free and open source, "enabling anyone to verify its security by auditing the code."
1. Text Secure (play.google.com)
TextSecure encrypts your text messages over the air and on your phone. It's almost identical to the normal text messaging application, and is just as easy to use.
TextSecure provides a secure and private replacement for the default text messaging app. All messages are encrypted locally, so if your phone is lost or stolen, your messages will be safe.
Messages to other TextSecure users are encrypted over the air, protecting your communication in transit. TextSecure is the only Android private SMS/MMS messenger replacement that uses open source peer-reviewed cryptographic protocols to keep your messages safe.
Rather than simply pretending to hide your texts by putting them in another place, TextSecure uses cryptography to ensure that they remain truly secure.
2. Red Phone (play.google.com)
RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
RedPhone uses your normal phone number to make and receive calls, so you don't need yet another identifier. Use the default system dialer and contacts apps to make calls as you normally would.
RedPhone will give you the opportunity to upgrade to encrypted calls whenever the person you're calling also has RedPhone installed.
RedPhone calls are encrypted end-to-end, but function just like you're used to. Uses wifi or data, not your plan's voice minutes.
Both Onion Browser and Orbot make use of the Tor Project, but they each function slightly differently (with privacy protection limitations falling on the Apple side of the tree due to the closed nature of iOS).
3. Onion Browser (Apple iTunes)
Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy.
Websites do not see your real IP address. Your connection is encrypted before it leaves your device, providing protection against snooping by ISPs or people who share a WiFi connection with you.
Tunnel bypasses restrictive firewalls: you can access the entire Internet from behind ISPs or corporate connections, or when inside countries that practice online censorship. Access websites on the "dark net" of anonymous .onion web sites, only accessible in the Tor network.
User-Agent spoofing: hides the fact that you are using an iPhone/iPad from websites you visit. Ability to block third party cookies or all cookies. Can change IP address and clear cookies/history/cache in one button.
CHINA/IRAN NOTE: Due to online censorship techniques using deep-packet inspection (DPI), this app does NOT currently function in China or Iran.
4. Orbot (play.google.com)
Orbot is a "proxy app that empowers other apps to use the internet more securely. It uses Tor to encrypt Internet traffic and hide it by basically bouncing through a series of computers around the world; it is the official version of the Tor onion routing service for Android.
(...) instead of connecting you directly like VPNs and proxies. This process takes a little longer, but the strongest privacy and identity protection available is worth the wait.
Use with Orweb, the most anonymous way to access any website, even if it’s normally blocked, monitored, or on the hidden web. Use Gibberbot with Orbot to chat confidentially with anyone, anywhere for free.
Orbot can be configured to transparently proxy all of your Internet traffic through Tor. You can also choose which specific apps you want to use through Tor.
The thing to know about Tor-based projects is that they will slow down your response times, and for many — privacy or not — this is a dealbreaker.
To Tor or not to Tor, everyone agreed that running a VPN (Virtual Private Network) of some kind is a smart thing to do. Read Why You Should Start Using a VPN (and How to Choose the Best One for Your Needs).
Yes, there is so much more you can do.
The EFF now has a two-click form — Massive Spying Program Exposed — where visitors can instantly send emails to their representatives calling for a full Congressional investigation saying, "It's time for a full accounting of America's secret spying programs—and an end to unconstitutional surveillance."
Update Saturday, June 8, 2:34am PST to include footnote: These apps are good to protect you from many types of invasive attacks, but they won't protect against skilled attackers (such as powerful, unethical governments with unrestrained technical access). It's important to know that mobile devices - in this instance mobile phones, specifically - are generally weak platforms. If you're a person who's at-risk, don't bet your life on any app - or any phone.