When news broke that PRISM, a surveillance program operated by the United States National Security Agency, has been collecting the phone records, emails, and other forms of communications, there was considerable uproar from the citizenry – and with good reason. Data from Microsoft, Yahoo, Google, Facebook, AOL, and Skype has been given to the PRISM program (as has PalTalk, but joke’s on the NSA there because who uses PalTalk?). While you can don a tinfoil hat to keep them from harvesting information from your brain, layering your phone in the same material isn’t going to do anything but make it shiny and considerably noisy every time you take it out of your pocket. But that doesn’t mean you don’t have options for protecting your conversations from unwanted and unwarranted – in two senses of the word – spying.
When it comes to securing communication on your phone, encryption is the key word. We’re looking past the standard SSL encryption that most email services provide, as unencrypted versions of your data are kept by most companies. Instead, we’ll want to go to end-to-end encryption services which will encrypt your data on your device, send it off, and decrypt it when it arrives. This leaves no middle man to hold onto the data and possibly pass it along to a snooping government official.
Voice and Video Communication
Shockingly, phones can be used for voice communications. It’s a feature we often forget about between texts and Snapchats and IMs and whatnot, but it’s still there. You’d probably like your calls to be private but if you’re on a major service provider, it’s a little like turning your back to people without dropping the volume of your voice and expecting they won’t here you: They definitely can, and they’ll happily pass along what you say. Securing these calls will go a long way toward keeping the NSA out of your business.
RedPhone from WhisperSystems offers Android users a free and open source solution for call encryption. When talking to another RedPhone user, it offers the ability to secure the call and encrypt your conversation without otherwise affecting your phone experience. Calls are made over wifi or with your data plan rather than your minutes, but your phone’s dialer is still used to place the call. We reached out to find out if making calls via the standard dialer leaves call records for providers to access and were informed by Moxie Marlinspike that there is no “direct access to metadata” by service providers because “calls are not switched through the PSTN (Public Switched Telephone Network).”
If you’re looking to video chat without sacrificing privacy on your Android device and you’re feeling brave enough to give the alpha build of an open source project a shot, you can check out Jitsi. It’s a popular video chat and instant messenger app that is available on a plethora of desktop platforms and is giving mobile a shot. Think of it as an encrypted alternative to Skype, but keep in mind the Android build is in early stages and is bound to have its rough patches. Don’t expect perfection quite yet, though the team behind it has a fine pedigree.
For a robust and stable solution, frequent callers with an itch for extra privacy may want to look toward Silent Phone. Part of the Silent Circle family of communication encryption tools, it requires a subscription fee ($10 a month if you subscribe for a year) but also offers a powerful family of tools for secure communication – some of which we’ll get to later. Silent Phone is available for iOS and Android and – because it’s making calls over 3G, 4G, or Wifi – works when calling cross-platform. Silent Phone also offers a secure video call feature, allowing you to have encrypted visual communication if you prefer.
Users of Silent Phone are assigned an unique 10-digit phone number that can still interact with existing contacts on your phone. You can even use it to make conference calls that are entirely end-to-end encrypted. If you’re really serious about your security you can add $24 a month to your subscription and get “Out-Circle Access,” a feature that allows you to place calls to non-Silent Circle numbers and still have your half of the call encrypted. Like RedPhone, Silent Circle utilizes open sourced encryption that is peer-reviewed to provide assured security.
The solutions mentioned above all work as advertised and provide a great solution for private voice and video calls, but they are inherently limiting because the communication is only truly and secure when talking to a person using the same app. That is a problem that the Ostel project is attempting to solve. The goal of Ostel is “promoting the use of free, open protocols, standards and software, to power end-to-end secure voice communications on mobile devices, as well as with desktop computers.” To do this, it has developed the Open Secure Telephony Network (OSTN) which works with various apps on all mobile platforms.
Users create an account at Ostel.co, then download one of the apps that supports the OSTN. Android users can use CSipSimple, which has a simple setup option for Ostel users. Groundwire for iOS is the app of choice for iPhone and it supports both voice and video calls. (Groundwire is $10 to download and receive encrypted calls, and a $25 in-app purchase for the capability to place secure calls.) BlackBerry and Nokia Windows Phone users can turn to PrivateGSM, but it’s worth noting that it is an interprise solution that requires a paid membership to function. PrivateGSM is also available on some iOS and Android devices.
Texting and Instant Messaging
We’re willing to bet that a considerable amount of talking done on your phone involves no voice at all. Texting and instant messaging are quick, convenient modes of conversation and are often more direct. As such, they’re an ideal medium to pull information out of if you can access it. Lucky for us, it also has an abundance of options to lock down those messages and keep unwanted eyes away from them. We’ll focus on some of the popular and proven options available.
From the Guardian Project team, a group dedicated to creating simple and secure mobile apps to protect lines of communication, comes Gibberbot for Android. Gibberbot offers a wide array of options that you can chat with including popular choices like Facebook chat, Google chat, Jabber, and others. This means all your friends on various platforms will still be accessible to you and your contacts will be added immediately when you add an account to Gibberbot. You can chat with people on other mobile devices or on desktop OSes with this app. Of course, to keep your conversations secure, your friends will also have to use an end-to-end encryption chat program like Gibberbot. Supported options include the previously mentioned Jitsi, Adium, Pidgin, or our next app of choice: ChatSecure.
The iOS counterpart of sorts to Gibberbot is ChatSecure. Using a similar Off-the-Record (OTR) protocol as Gibberbot, ChatSecure encrypts your conversations and keeps them between you and the recipient of the message. It works with Google Chat and Jabber and can be used to talk cross-platform with other clients on mobile or desktop devices.
RedPhone users may want to turn their attention to TextSecure as it comes from the same developer, WhisperSystems, as the encrypted voice call app. Rather than go the instant messaging route like Gibberbot or ChatSecure, TextSecure is an SMS/MMS app for Android that replaces the default text messaging app. While the same rules apply here as in previous instances, you’ll need to talk with another person using the app for end-to-end encryption, TextSecure encrypts all of your messages locally regardless of what your recipient uses for texting. This protects your messages if your device is lost or stolen. It’s worth noting that when we asked Moxie Marlinspike if service providers would be able to access information from texts sent through TextSecure, he explained, “TextSecure currently uses SMS/MMS, so while the message contents are encrypted, the telco does have access to that metadata. We’re in the progress of migrating to using the data channel, however, so that will no longer be the case.”
BlackBerry users have their own way to text with BBMs, and there is an option to encrypt those messages as well thanks to a plugin called Ekboo. Available for $15, Ekboo utilizes 512 bit RSA encryption to secure the conversations that take place between you and your BBM partners. It also adds a SnapChat-esque disappearing message feature called TextBomb, which sends temporary messages that automatically delete after a predetermined amount of time. The plugin won’t interfere with your standard BBM features, just provide some extra protection during conversations.
Browsing the Web and Emailing
What’s said in messages or over the phone isn’t the only way to find out information from you: Your web browser history probably gives a good indication of what you’re interested in (or at least what words you can’t spell and random questions you ask Google to answer for you). Locking down your internet activity should definitely be on your list of to-dos when securing your phone, and here’s some of the best ways to go about doing so.
The Guardian Project hasn’t steered us wrong yet, so it’s hard not to go back to it for a web browser solution like Orweb. Available for Android, Orweb claims to be the “most private and anonymous web browser,” and we have no reason to doubt them. In case you do, though, the app does have the Electronic Frontier Foundation (EFF) stamp of approval. The app circumvents network restrictions, defeats censorship attempts, and encrypts your activity while sending it through computers across the world rather than connecting directly or through a proxy. There’s a near endless amount of options for disguising your browsing with Orweb, as you can do everything from mask the device you’re using and trick a site into thinking your visiting via a different platform, to taking control over cookies. Orweb blocks Flash threats, and keeps no history, among other security measures.
To accompany Orweb, you’ll need to also install Orbot. The importance behind this app is that it empowers Orweb to use Tor, the free network for online anonymity. Tor can occasionally be associated with some negative things thanks to what can occur on the hidden web that Tor unlocks, but it’s quite possibly the most important tool for creating privacy on the web.
Those doing their browsing from an iOS device that want to get in on the security that Tor’s Orbot provides can check out the Onion Browser. It’s a $1 app to download and it gives users the ability to take to the internet without fear of being compromised. Your internet access goes through Tor, meaning websites will never see your true IP address and you’ll be able to bypass pesky blockades that limit your browsing ability. Your connection through the Onion Browser is encrypted to protect you from anyone who may otherwise see your activity, from a government agent to a person sharing a connection with you.
We’d guess that you probably do a fair amount of emailing from your phone, and it’s another form of communication that you would probably like to have an added layer of privacy with. There are tons of encrypted email options out there – popular ones being HushMail or Lockbin – but the problem with them is they require you to create an entirely new account. If you have an established email address that you’d like to maintain but still send protected emails from, your options are a bit more limited.
One option we did find to fit this need is Enlocked. Available for both iOS and Android in app form and as a plugin for most major browsers, Enlocked enables users to send and receive encrypted emails for free. It’s compatible with Gmail, Yahoo, AOL, and Outlook, covering pretty much all the bases for major email services. Encryption with Enlocked can be applied on a message by message basis, but there is a catch to it: Your recipient must also have Enlocked to receive the message.
It’s also worth noting that some users have called into question the terms and conditions of the service, claiming Enlocked has access to unencrypted emails on their servers and questioning why it uses its own encryption methods rather than standardized encryption algorithms. Enlocked has been active in dispelling any doubters, but these are things that you may want to take into consideration when looking into the service yourself.
Staying safe on your phone and keeping your communications private has never been more important. To truly have a secured conversation on a mobile device, all parties involved have to dedicated to maintaining their privacy. While learning of the NSA’s spying techniques with its PRISM program may seem scary, it’s also one of the biggest driving forces in convincing people to move to safer platforms. After all, it’s not paranoia anymore if you think the government can access your data; It’s real.
That’s not to say it won’t be an uphill battle; How many people do you know that actually quit using and haven’t returned to Facebook, Google, Yahoo, and the like after the PRISM story broke? Moving away from services that we’re familiar with and reliant on can be tough, but moving away from ones that are willing to compromise our data and communications shouldn’t be. Give yourself the security you deserve if those companies and services aren’t going to do it for you and you’ll be able to talk with your friends and family, browse the web, and communicate with the world without that suspicion in the back of your mind that the eyes you intend your message for might not be the only ones looking at it.