image

Edward Snowden

Internet users, spooked by US spying, seek tools to hide presence on web

Revelations of extent of US spying send internet users in search of anonymising tools to hide their presence and activity on worldwide web

PUBLISHED : Monday, 17 June, 2013, 12:00am
UPDATED : Tuesday, 13 August, 2013, 3:43pm

News of the US National Security Agency's surveillance has sent web users scrambling to find new ways to avoid tracking.

It might have seemed paranoid not long ago when internet users used tools to hide their tracks, "shred" data or send self-destructing messages.

Web anonymisers, encryption programs and similar tools have been available for years, but have often been associated with hackers, criminals and other "dark" elements on the internet.

"I think the notion of what is an unreasonable level of paranoia has shifted in the past couple of weeks," said Alex Stamos, an NCC Group security consultant and self-described "white hat" hacker.

Ironically, some tools for eluding detection come from US government-funded programmes to help people living under authoritarian regimes.

"The technologies usable in Tehran or Phnom Penh are just as usable in New York or Washington," said Sascha Meinrath, who heads a New America Foundation programme helping users maintain secure communications in totalitarian countries.

"The real problem is that many people don't know these tools exist and a lot of them are not usable to non-geeks."

One of the well-known programs used to hide online traces is Tor, a tool originally developed by the US military and now managed by the charity Tor Project.

Tor, which has some 500,000 users worldwide, about 15 per cent of whom are in the US, can be used online to hide one's IP address, effectively blocking tracking by governments or commercial entities seeking to deliver targeted advertising.

Tor's development director, Karen Reilly, said the US government promotes the program in other countries, but noted that it also protects against snooping by US law enforcement.

"We get inquiries from law enforcement saying criminals are using Tor, and they want to know where the back door is," she said. "There is no back door. We are protecting you not only from your (internet provider) but from us. We never keep records that can identify our users."

Reilly brushed aside concerns about villains hiding behind Tor or its ilk. "Criminals are the ultimate early adopters of new technologies," she said. If such programs were not available, "they would find another option".

People in the hacker and security communities say they are not surprised about the National Security Agency's Prism program, but that its scope and its ability to scoop up huge amounts of data are frightening.

"The problem is we are keeping 'gold' in databases and it's impossible to secure this," said Nico Sell, a founder of Wickr, a start-up that makes an app to allow people to secure and "shred" data sent on mobile devices.

She had seen "a tremendous uptick in downloads over the last week" of the Wickr app. "People are realising they get more security and are switching over from Skype," she said. "All of our messages self-destruct … everyone has wanted self-destructing messages since Mission Impossible."

Casey Oppenheim, co-founder of an identity-masking program called disconnect.me, said he has surprisingly not seen a surge in downloads, adding it was not clear if web users understood Prism's implications. The databases of major firms contained history of web browsing that he called highly personal. "It's a direct connection to your personal thoughts … all of that information is online, it's very easy to get a hold of. Most people don't understand the extent to which this happens."

Oppenheim said the software operated like Tor but had "an extra layer of protection" that allowed users to log into their personal accounts and still remain anonymous online.

Stamos said corporate communications could not be encrypted because they had to be available in case of legal action. Individuals could encrypt their e-mails but this was too complicated for most people.

In the browsing area, the search engine DuckDuckGo, which does not store IP addresses, said it has seen record growth. "I think since the story broke, people have been seeking out privacy alternatives," founder Gabriel Weinberg said. "No one from law enforcement has ever come to us for data, but if they did we wouldn't have it."

British-based security consultant Graham Cluley said people who used privacy tools should not be viewed as criminals. "What would be troubling is if society begins to slide towards a viewpoint that paints the use of encryption and other tools that aim to protect our privacy as somehow 'dark arts'," he said.

Meinrath said it would be ludicrous to try to ban privacy tools. "You would have to make illegal the pen or the computer or just about any other communication tool ever devised," he said. The US Postal Service cannot open mail without probable cause "and yet the government is saying that if that is an electronic communication they have a right to surveillance", he said. "The privacy of our correspondence is fundamental to our democracy."