7. How to keep your Internet communication private

The convenience, cost-effectiveness and flexibility of email and instant messaging make them extremely valuable for individuals and organizations with even the most limited access to the Internet. For those with faster and more reliable connections, software such as Jitsi, Skype and other Voice-over-IP VoIP tools also share these characteristics. Unfortunately, these digital alternatives to traditional means of communication can not always be relied upon to keep sensitive information private. Of course, this is nothing new. Postal mail, telephone calls and text messages are all vulnerable as well, particularly when used by those who may have been targeted for surveillance by the authorities.

One important difference between digital, Internet-based communication techniques and more traditional methods, is that the former often allow you to determine your own level of security. If you send emails, instant messages and VoIP conversations using insecure methods, they are almost certainly less private than letters or telephone calls. In part, this is because a few powerful computers can automatically search through a large amount of digital information to identify senders, recipients and specific key words. Greater resources are required to carry out the same level of surveillance on traditional communication channels. However, if you take certain precautions, the opposite can be true. The flexibility of Internet communication tools and the strength of modern encryption can now provide a level of privacy that was once available only to national military and intelligence organizations.

By following the guidelines and exploring the software discussed in this chapter, you can greatly improve your communication security. The RiseUp email service, the Off the Record OTR plugin for the Pidgin instant messaging program, Mozilla Firefox and the Enigmail add-on for the Mozilla Thunderbird email client are all excellent tools. While using them, however, you should keep in mind that the privacy of a given conversation is never one hundred percent guaranteed. There is always some threat that you did not consider, be it a keylogger on your computer, a person listening at the door, a careless email correspondent or something else entirely. The goal of this chapter is to help you reduce even the threats that do not occur to you, while avoiding the extreme position, favoured by some, that you should not send anything over the Internet that you are not willing to make public.

Claudia and Pablo work with a human rights NGO in a South American country. After spending several months collecting testimonies from witnesses to the human rights violations that have been committed by the military in their region, Claudia and Pablo have begun taking steps to protect the resulting data. They have kept only the information they need, which they store in a TrueCrypt partition that is backed up in several physical locations. While preparing to publish certain aspects of these testimonies in a report, they have found that they must discuss sensitive information with a few of their colleagues in another country. Although they have agreed not to mention names or locations, they still want to ensure that their email and instant messaging conversations on this topic remain private. After calling a meeting to discuss the importance of communication security, Claudia has asked if anyone in the office has questions.

What you can learn from this chapter

  • Why most webmail and instant messaging services are not secure
  • How to create a new and more secure email account
  • How to improve the security in your current email account
  • How to use a secure instant messaging service
  • What to do if you think someone might be accessing your email
  • How to verify the identity of an email correspondent