While I do agree with you generally, I'm not sure there is much you can do if a governmental body wants you for some reason. I always find Mickens to have the best explanation here:
Threat: The Mossad doing Mossad things with your email account
Solution: Magical amulets? Fake your own death, move into a submarine? YOU’RE STILL GONNA BE MOSSAD’ED UPON
Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff
at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN’T REAL. When it rains, it pours.
I think my favourite Usenix paper is appropriate here:
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT." -- https://www.usenix.org/system/files/1401_08-12_mickens.pdf
Good passwords and biometrics help if your adversary is not-Mossad.
Anybody who thinks biometrics or encryption or anything short of "Magical amulets? Fake your own death, move into a submarine?" is going to protect them again a nation state level adversary is kidding themselves.
Quitting social networks and using Tor and PGP isn't going to protect you from a nation-state intelligence agency. To suggest so is laughable and naive. We're not even at amateur hour yet.
You're better off reading Grugq's post[1] on developing good OPSEC, and even then you're far and away from it.
Yeah. If you've come to the attention of the wrong sort of "the cops", you're fucked.
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT." -- https://www.usenix.org/system/files/1401_08-12_mickens.pdf
There's a lot of humour in that article, but some cold hard truth as well.
> In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US"
> Threat:
Organized criminals breaking into your email account and sending spam using your identity
Solution:
Strong passwords + common sense (don’t click on unsolicited herbal Viagra ads that result in keyloggers and sorrow)
> Threat: The Mossad doing Mossad things with your email account
With all due respect to the former CIA officers, there's a bunch of poor and outdated advice in this article.
The one I'll point out is using a dead person's birth certificate to get ID and an SSN. The databases for the death index were cleaned up after 9/11 and if you try this, your attempt will be flagged and you'll likely be visited by law enforcement pretty shortly. You will not get an ID nor an SSN.
The best way to hide is to not leave any (legitimate) money/electronic trails. Practice disinformation. For example, use a credit card to buy a plane ticket to Bangkok on Saturday, then go buy a bus ticket to Mongolia with cash for Friday and similar tactics. It won't stop professionals from eventually finding you, but it will buy you (sometimes significant) time.
All this is pointless because almost certainly the US IC knows exactly where Snowden is already. It's laughable that anyone believes they're still searching for Snowden.
I don't really think ordinary people (and rich people TBF) can completely defend themselves against any state player.
Anonymous guides I read mostly recommend Tor, anonymous sim card and purchasing electronics with cash. But I don't think it's going to render any state player's work impossible. I mean if they are really onto you.
On the other side, three char agencies cannot waste resources on every individual, so the best way is to stay out of the radar.
Buy a train ticket for a random location. Pay in cash. Destroy your credit cards, drop all your phones pads and computers. Never log in your old accounts. If you must create new accounts use different services, different logins, different passwords, and if possible a diffferent idiom (people can be identified from very short texts!).
Change your name and SSN. Have your face changed surgically (including the bone structure, to avoid face recognition). Burn your fingerprints.
Out of my mind, this should take care of your wife tracking you to kill you, IF she doesn't work for governmentals TLAs. If she does, you're fucked, (remember Saddam or Osama), unless you can quickly build a space ship and move to a random planet OUTSIDE the solar system. If you know an E.T. you may try hitch hiking or an official asile request, if they have such things.
5) run faster than the NSA/CIA, FSB, DGSE, GCHQ/MI6, etc. Because if any of them finds you they will challenge your opsec with a wrench or with electrical wires strategically placed.
If you're not already operating under the assumption that TLAs have full access to your entire online history, there's really no point in trying to start now. Use secure apps like Signal to hide your information from hackers, thieves, and generic script kiddies, not to hide from national security agencies. Especially when said agency can send a van to your house to take all your digital equipment (fully legally if backed by a warrant) until you comply and give up all your passwords and encryption keys.
You cannot defeat the legal system through technical means, your only hope is having some kind of escape submarine or private jet to get yourself extracted to a non-extradition country like Russia (or, if you're Snowden, trolling journalists with your flight so all the goons get on the wrong plane).
It is possible that someone is playing a bad prank on Nadim, or that Nadim made the story up to gain attention.
Please read on. If this is real, then I'm sorry and recommend you to consider all suggestions before deciding illogical.
DON'T COMMIT SUICIDE!
If you watched the movie "Enemy of the State", I'd become paranoid, but not afraid. Stay calm and act logical.
I've looked at cryptocat two days ago, what's special about it? I don't see any reason for the Government to observe you, except that you would be a good fit into their Cyberwar Team. And that you have the wrong connections in the internet. I mean your friends are all hackers. It makes you appear dangerous too. Anyway, the government observes everyone, but with different priority and detail. I think only you might know why they observe you. No need to share the info.
Just as in the Movie: I'd replace all clothes, shoes and hardware with new ones and move to a different place. Acquire encryption software from a trusted source or compile it myself on a newly obtained Netbook and encrypt the hardrive+swap with a password and keyfile. Hide the keyfile. Put your hardware and new phone into a cool faradaybag.com. Stay in public, but personally invincible. Leak everything that isn't harmful for you using delayed transmissions with ifttt.com. Always have multiple copies of important documents, just for the case it's necessary.
Oh and I'd get a weapon and buy a bulletproof jacket (not vest). Avoid any contact to officials should be priority.
Use Tor and VPNs like spotflux, hide.io, ovpn.to etc. and inform close friends to guard you.
A more effective list of tactics (for the long term):
1. poison databases; feed bogus information to surveillance systems at all levels, do this as a matter of course, make it pop culture.
2. build darknets: for instance wifi nodes disconnected from the internet that multiple communities use as a dropbox and rendezvous point ( a linux box, a solar cell, some git magic (or UUCP/Usenet for the old school feel ), and you have something that exists beyond the knowledge of the network ) for extra kicks confine it to only a few locations and times. Or build entire networks air-gapped from the internet; wire your neighborhood and make your own media.
3. If everybody's an informant, make a game of it. Rat out your enemies to the authorities, better yet rat out the informants as rabble rousers...
4. Get serious; break into secret databases, copy them and spread them around.
5. Identify effective advocates of the national security state and neutralize them. But only the effective ones. If you're doing the job right the 10 people within the NSA who are politically adept and technically competent should be in jail for child pornography by this time next year. Any mid-level member of the intelligence community who isn't regularly getting hit with bogus charges and stupid anonymous pranks is probably grossly incompetent.
6. If you know anyone who works in the intelligence community, shame them socially; ask them why they are making the USA into East Germany.
if your computing devices have cameras and microphones, disconnect them.
do not use credit cards or online payment systems. cash, grass, or ass.
... and they'll still know anything they care to about you; and failing that will make up anything they need, should anyone with access to the levers of power decide that you are a worthy target, for whatever reason.
Jeez. Get a phone or other comms that can't be traced directly back to you. Destroy hard disks and thumb drives completely--invest in a blowtorch. Stay off the Internet and especially no cloud services--they are hoovering up everything. You want to play in that world and stay alive you have to be 10 steps ahead of them.
Your solution?
* Magical amulets?
* Fake your own death, move into a submarine?
* YOU’RE STILL GONNA BE MOSSAD’ED UPON
https://www.usenix.org/system/files/1401_08-12_mickens.pdf
reply