I have decided to share with you something which I originally sent out to the key members of the Saker community: my recommendation on how to keep your private communications private in the age of “Big Brother” aka NSA, ECHELON, GCHQ, Unit 8200, etc. I have been interested in the topic of encryption for many years already, and I have had to use encryption techniques in the past to protect myself from snooping by indelicate employers. There have also been some discussions inside the Saker community of what did and did not work for us. I have now come to the conclusion that there are two services out there which I feel I can recommend to our entire community, one for emails and another for messaging/audio/video/file sharing. Why two different services rather than one?
The truth is that the confidentiality issues with email are unique and require a unique solution. Typically, emails are designed to remain kept on some kind of storage device whereas most telephone calls or video conferences are not recorded (at least not by the participants).
Let’s look at these two issues separately.
ABSTRACT: if you want to protect your communication from any kind of snooping, including government snooping, the most reliable and advanced solution currently available are:
For your emails: Prontonmail https://protonmail.com/ (free of charge)
For your messaging/telephone/video/filesharing needs: the Silent Phone app for Android and iOS https://www.silentcircle.com/products-and-solutions/software/ ($9.99/month)
Protecting your emails with Protonmail:
Protonmail is a Swiss company whose history is well described in this Wikipedia article: https://en.wikipedia.org/wiki/ProtonMail. I won’t repeat it here. I will just say that with Protonmail your mailbox remains encrypted in such a manner that even the managers and technicians at Protonmail cannot access it. Here are a few videos which will give you more details:
Quick Introduction To ProtonMail and ProtonMail Plus:
ProtonMail – Is this The alternative email we’ve been looking for?:
Protonmail and Encryption – A Re-visit:
Protecting your messaging/telephone/video with Silent Circle’s Silent Phone:
Unlike Protonmail which deals ONLY with emails, Silent Circle’s software (called “Silent Phone”) which can be installed on any Android or iOS smartphone, protects your instant messaging, your telephone conversations (audio), your video conferences and even allows you to securely send your files up to 100MB in size. However, while the Silent Phone software is free of charge for download, you will have to pay $9.99 a month to get all of the following:
- Unlimited Worldwide Secure Voice/Messaging between Silent Circle Members
- Up to 100MB File Transfer
- Full Burn Functionality
- Video Calling
- Conference calling for up to 6 callers
- Direct access to Technical Support
- Available on iOS, Android, and Silent OS
You can check all their fancy marketing materials here: https://www.silentcircle.com/
Here is the Wikipedia article about them: https://en.wikipedia.org/wiki/Silent_Circle_(software)
This is the link to their software solution: https://www.silentcircle.com/products-and-solutions/software/
And this is the link to their White Paper: https://www.silentcircle.com/enterprise-cybersecurity-white-paper/
Finally, here are some of their case studies: https://www.silentcircle.com/wp-content/uploads/2017/01/SilentCircle_Case-Studies.pdf
This is all very slick and could hide anything, right? Actually, no. What makes their offer so interesting is that it is based exclusively on open source code which is publicly available. Why is that important? For two reasons: first, they cannot hide some backdoors in the software. But second, even MUCH more important, is that the best encryption algorithms are NOT the secret ones that nobody can check, but the public ones which everybody can check. This is long to explain, but please trust me. The level of confidence which you can have in the technologies used in Silent Phone are about as good as it gets. Not perfect maybe, but very very close.
[If you are interested in the details, I can explain to you one on one why you ALWAYS want to make use only of open sourced encryption technologies (You can find out about the protocols and algorithms used by Silent Circle here: https://www.silentcircle.com/products-and-solutions/technology/zrtp/)]
You might notice that both Protonmail and Silent Circle (the company which makes the Silent Phone app) are located in Switzerland. This is not a bad thing since Swiss laws about privacy are pretty good. However, this is not the reason why you can trust these products. In fact, in the past the Swiss have worked with the US CIA to sell the Iranians encryption devices with backdoors. The current Swiss government is as pro-USA as any other. No, the reason why I like these is that Switzerland has some of the best cryptologist on the planet (even if very few people know about this). In fact, the technology for Silent Phone is so secure that even the US government had to certify it for governmental use (in spite of it being open source, which tells me that they don’t have much better): http://www.zdnet.com/article/silent-circle-phone-app-cleared-for-us-government-use/
I hope that this reference to the US government does not freak you out. If it does – relax, Silent Circle was co-founded by Phil Zimmerman, the man who single handedly forced the US government to give up trying to keep a monopoly on military-grade encryption (read about him here: https://en.wikipedia.org/wiki/Phil_Zimmermann).
Here is a keynote presentation by Zimmerman
and here is an interview with him:
In other words, his “I do not work for the NSA” credentials are the best on the planet.
By now you must be wondering if I am working for Silent Circle or whether I have bought shares in their company. Don’t worry, I did not. I am only writing to let you know that I think that this product is fairly secure and very reasonably priced. I know of no better one. Just think of it – worldwide unlimited calling (including VIDEO!) for 10 bucks is already a halfway decent deal. But with rock solid encryption it becomes very good.
There is one important caveat which you have to keep in mind: Both Protonmail and Silent Phone are truly secure only if BOTH people communicating are using them (from Protonmail to Protonmail email addresses or from Silent Phone subscriber to Silent Phone subscriber). Likewise, the $9.99 suybscription costs with Silent Phone only covers all communications between Silent Phone subscribers. You *can* call a non-subscribed number, but it will not be secure and you will pay international calling rates.
Also, if you get Silent Phone, you will be given 2 options: a) to use a username only b) to pay 2 dollars a month for a dedicated phone number. Since using Silent Phone only really makes sense if used between two Silent Phone subscribers, I recommend you forgo the extra cost for a dedicated telephone number unless you really need it (depending on your usage of your telephone).
Here are a few short videos showing how Silent Phone works on Android (for iOS go to the Silent Circle YouTube channel):
Calling and Conference calling
Logging and Setting:
We live in complicated and, frankly, dangerous times. Having personally worked in Electronic Warfare (EW), Communication Intelligence (COMINT) and military intelligence in general, I believe that the ability to keep communications secure is absolutely crucial for most people. Until recently, the kind of technology which could protect you from government (or corporate) snooping was simply too complex to be used by most people (keep in mind that bad encryption is much worse than no encryption since it gives you an illusion of security!). Even software like the famous PGP/GNUpg were not that easy to use and required a fairly solid understanding of the technologies used. Nowadays we are lucky that we can use VERY sophisticated services with do not require that kind of expertise from us. But then, you might ask, how do we know that we can trust them? There are two replies to this. We can trust them because
- all the technologies used by these services, including source code, protocols, algorithms, etc, are fully “open source” meaning that they are available for download and audit. Not by you or me, but by colleges, institutes, corporations and even governments worldwide. For encryption that is the highest standard of security: when everybody can see your code and check it for flaws.
- because all these services are regularly audited by entities we can trust, such as the Electronic Frontier Foundation (EFF) which, for example, reported this “scorecard” for Silent Phone:
If you are an active member of the Saker Community (author, researcher, translator, computer tech, editor, etc.) I STRONGLY recommend that you use both Protonmail and Silent Phone. If you are not a member of our community, I recommend that you at least use Prontonmail. If you make a lot of international calls to trusted relatives, friends or colleagues, I also STRONGLY recommend use sign up for the Silent Phone subscription as for $9.99 you get unlimited worldwide and high-quality audio (telephone) and even video everybit as good or better than Skype or Whatsapp. And it happens to as secure as the best government/military grade communications.
Finally, three final and minor points:
First, let’s imagine that some government agency (Swiss, American or other) comes to Prontonmail or Silent Circle and orders them to have them over all your communications (as has happened already so many times): neither Prontonmail nor Silent Circle will be able to comply, not because of bad will or some heroic resistance to pressure, but because they will NO ACCESS to your data: in the case of your mailbox, it will be completely encrypted and only you will have the capability to decrypt it, and in the case of Silent Phone the encryption used is one between end-user to end-user which is NOT shared with Silent Circle in anyway and as soon as you hang up it is also erased.
Second, the company Silent Circle also manufactures a real “physical” phone, called the “Blackphone 2“. It was a failure, don’t bother with it. I don’t want to discuss the reasons for that, but just ignore that option which simply does not work too well and has major problems.
Third, I want mention something crucial here: both Protonmail and Silent Phone offer the option to destroy your email, message, of file after a specific delay. In other words, you can configure these two services to destroy everything which you ever send through them. So by the time somebody tries to get that data it will already have vanished. So even though your Protonmail mailbox is heavily encrypted and even though Silent Phone exchanges encryption keys only between end-users (p2p), you have that additional level of security of having all your data self-destruct after a pre-sent time/date.
That’s it. Please don’t bombard me with questions about these technologies and products. If you do your own research and just follow all the links above you should get all the info you need. Right now I literally don’t have the time to do more about this than share the above with you. And just to make thing worse, I currently have a painful gout flare-up which makes it hard for me to sit and type. If you still have questions, ask them in the comments section and the more tech-wise will probably help you, but first please make sure that you do your own research. The geek community refers to this as RTFM or Read the “French” Manual :-) Also please do take the time to watch the videos above, they are very informative.
I hope that the above has been useful and that at least some of you will decide to at least try out these two outstanding service.
Good luck, kind regards,