How do I become part of Anonymous?
How do I become part of Anonymous?
Good news: you already are! You may commence operations by whatever method seems best to you,
limited only by your abilities and conscience. It would be sensible to start with legal methods, at least until
you’re sure you know how to remain anonymous online, and/or are sure that the risks of illegality are
justified by your goals.
I don’t know how to hack. What can I do to help?
Plenty! Here are some suggestions:
* Do original research/investigations
* Sort through data obtained in prior hacks
* Write or proofread press releases
* Create posters and other images
* Create videos
* Participate in discussions about how best to carry out current operations (ops)
* Write instructional materials (how to use a specific technology, how to gather/sort/use/disseminate
information by specific methods, whatever you are knowledgeable about and think might be useful)
* Raise money for legal defense of Anons who’ve been arrested or subpoenaed. There is a list of known
* Publicize other people’s research, press releases, videos, etc.
* Run a Tor exit node (but first read about Tor and Tips for Running an Exit Node with Minimal
Some Anons have gotten arrested! How do I stay out of jail?
TL;DR: Don’t do illegal shit without first 1) exploring legal methods to achieve your goals, 2)
researching and planning carefully to minimize risk of arrest, and 3) knowing how to protect your
rights if you get arrested anyway. Listen to W0rmer’s girlfriend.
When it comes to new technologies, it’s not always clear what is or isn’t legal, or even which country’s
laws apply. Don’t assume that other Anons know what is safe or legal — do your own research and/or
talk to a lawyer. Whatever you do, be sure to know and exercise your rights:
* (long but must watch) Video: Don’t Talk to Cops.
* Read this before an FBI van pulls into your driveway: information from ANONLG (Legal help for Anons
from the National Lawyers Guild).
* Here’s a great presentation about OpSec (operational security), based on mistakes made by Lulz
Security. The Grugq – OPSEC: Because Jail is for wuftpd
* Don’t use a cheap-ass proxy. If you use a VPN, research which VPN’s take anonymity seriously. You
may wish to use the new anonymizing technology i2p.
* Learn How the FBI investigates the hacktivities of Anonymous, How the FBI Conducts Cyber Security
Investigations, and the law and technology of government surveillance in the United States.
* If you’re using a tool made by someone else, make sure you understand how it works. (For example,
LOIC doesn’t hide your IP address.)
* Remember that one in four US hackers is an FBI informer.
* Remember that laws are different in different countries. Learn about Extradition and other law
enforcement methods. Don’t make assumptions about where you might want to travel to in the future.
* Don’t store incriminating material on your own computer, phone, etc. Even if you’re not under suspicion,
what happens if your property gets stolen, or confiscated for some other reason? Also remember that
“deleted” material is often recoverable unless it is completely overwritten with a program such as DBAN.
How do I communicate with other Anons and learn about current ops?
This subreddit is already an excellent starting place! Many Anons lurk this subreddit. Just ask.
(Note for anyone editing the following section: if you have information that a specific communication
channel is not good, please leave it listed here but explain why it’s not good. Likewise don’t just say a
channel is “good” without saying why. Deleting links and promoting others without explanation may raise
suspicions that you are trying to steer people to a specific channel for some undisclosed self interest.)
There are a large number of IRCs where Anons communicate. Unfortunately, many of them are invite-
only. The most public one is the AnonOps IRC (as of this writing, at http://irc.anonops.pro
orhttp://irc.anonops.bz, but the TLD often changes), which is rather popular due to its openness, but be
aware that it (or any other popular meeting place) is likely to be under surveillance by law enforcement
and a target of trolls, and in fact the AnonOps IRC has been compromised in the past (nicks and
passwords leaked). It’s best to use more private communication methods when possible, such as more
obscure IRCs,CryptoCat, OTR, private website forums, etc. Note that Twitter DMs (including “deleted”
DMs) and other information will be provided to law enforcement by Twitter in response to valid requests.
The links in the last section of this FAQ contain more information about how to keep your communications
VoxAnon is a growing IRC created as an alternative to Anonops. You can access it at irc.voxanon.net.
“Beware of those who come out of nowhere and then assume to take charge. Anonymous is and always
was a leaderless concept and [one] should always beware of falling under the grip of a charismatic
charlatan.” Quoting from here.
How many people are in Anonymous?
We are legion
I’m a journalist. How do I get an official statement from Anonymous?
You don’t. Anonymous has no official spokespeople. Anyone claiming to be an “official” anything is lying.
Where do I find general information about Anonymous?
These articles are pretty good:
* Anonymous 101: Introduction to the Lulz
* Anonymous And The War Over The Internet Part I, Part II
* Our Weirdness Is Free (very long)
* An Anonymous Ink Blot Rorschach
This documentary film includes some r/anonymous participants in the cast: We Are Legion: The Story of
This book has a good overview of how Anonymous began: We Are Anonymous: Inside the Hacker World
of LulzSec, Anonymous, and the Global Cyber Insurgency
Or you could just watch Fox News. Apparently we’re on steroids and blow up vans.
Is there a complete list of past Anonymous ops?
Anonymous used to be cool, but now it sucks!
That’s not a question. Feel free to try to guide things in a direction more to your liking, or start your own
damn social movement. (TL;DR: STFU & GBTW)
Anonymous, please help! I need you to . . .
Anonymous is not your personal army. Anyone can suggest a new op, but only a small percentage are
acted upon. It is unlikely that your suggested op will be acted upon unless there are lulz involved.
“It’s not like requesting songs on the radio; do it more like karaoke. Pick your song and sing it the best
you can.” — Redditor PingTiao
Anonymous, why did you do [this]? Instead you should have done [that]!
Please fill out one of these and send it to Barrett Brown for processing. (Oops, BB got v&. Please hold
onto all butthurt forms for now; you will be contacted when a new procedure has been decided upon.)
What are some other useful resources for Anons?
* The #OpNewblood Super Secret Security Handbook
* Anonymity/Security: A practical guide to computers for anarchists (free ebook)
* Useful tips for setting up an Anonymous operation
* Guide to Pursuants: A Guide to the Establishment of Autonomous Online Entities
* Some useful links and information about doxing and anonymity, compiled by doxcak3
If an agent is at your door
Do Not Let Them In
Do not open the door, not even a crack. Clearly state through the door, 'I am exercising my right
to remain silent. I do not wish to speak with you without an attorney.' If they claim to have a
warrant, ask to see the warrant before you let them in. If they have a warrant, you are being
Do Not Give Consent
"The right of the people to be secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation, and particularly describing the place to be
searched, and the persons or things to be seized."
-4th Amendment, US Constitution
The Fourth Amendment restricts the government’s power to enter and search your home or
workplace, although there are many exceptions and new laws have expanded the government’s
power to conduct surveillance.
You do not have to let police or agents into
your home unless they have and produce a valid search warrant. A search warrant is a written
court order that allows the police to conduct a specified search. If you are present when agents
comes to your home, you should ask to see a warrant. The warrant must specify in detail the
places to be searched and the people or things to be taken away.
Beware of questions like "Do you mind if I come in?" As simple as this sounds, this can be
interpreted as consent to search your home.
Tell the agents you do not consent to the search so that they cannot go beyond what the warrant
authorizes. Ask if you can watch the search; if you are allowed to, you should. Take notes,
including names, badge numbers, what agency each officer is from, where they searched and
what they took. If others are present, have them act as witnesses to watch carefully what is
happening. If the agents ask you to give them documents, your computer, or anything else, look
to see if the item is listed in the warrant. If it is not, do not consent to them taking it without
talking to a lawyer.
Roomates, Parents, and Bosses Can Give Consent
If you live with other people, they can give the consent to search common areas including
shared bathrooms. They cannot give consent to your private areas.
Parents can give consent to the search of their children's private spaces.
Any area of your workplace, including your personal locker or desk drawer, can be searched if
you boss gives consent.
Disclaimer: This website is not intended as legal advice. You should contact an attorney if you have been visited by
the FBI or other law enforcement officials.
Knowing what to do when the government approaches can really help.
If an Agent Appears at Your House
Do Not Let them in. Do not open the door and clearly state through the door. 'I am exercising
my right to remain silent. I do not wish to speak with you without an attorney.' If they claim to
have a warrant ask to see the warrant before you let them in. If they have a warrant go to 'if my
home is raided'. Continue reading about agents at your door…
If your Home is Raided
Ask to see the Warrant. Maintain your right to silence during the search – clearly state that
intention if you are asked any questions. Say, "I am exercising my right to remain silent; I
request a lawyer." Continue reading about what to do if your home is raided…
If you are Approached with Questions
Remain Silent. Say something like, 'I am remaining silent. I want to speak with a lawyer.' It is
very important to request a lawyer as they are not allowed to then ask you further questions
without a lawyer present. Do this immediately when an agent approaches you. Do not answer
ANY questions even simple, or benign ones. Continue reading how to handle questioning…
If You are Served with a Subpoena
A grand jury subpoena is a written order for you to go to court and testify about information you
may have. You are not allowed to have a lawyer present and can be required to answer questions
about your activities and associations. Continue reading about what to do if you are served with a
If You are Arrested
Being arrested is one of the most frightening experiences a person can have. Your liberty is
probably your most cherished possession. If you are arrested, you do not have to answer any
questions. You should affirmatively and unambiguously state that you wish to assert your right
to remain silent. Ask for a lawyer right away. Do not say anything else. Repeat to every officer
who tries to talk to or question you that you wish to remain silent and that you wish to speak to a
lawyer. You should always talk to a lawyer before you decide to answer any questions, even if
they make promises to you.Continue reading what to do if you are arrested…
If You Want to Travel Internationally
If you carry any sensitive information with you when you travel, you should be aware that the
fourth amendment does not seem to apply at border crossings. There have been many reported
cases of security researchers, hackers, and activists being detained for hours and having their
laptops, phones, and memory cards confiscated, sometimes indefinitely, without any reason
given, much less a warrant. Continue reading about international travel…
Disclaimer: This website is not intended as legal advice. You should contact an attorney if you have been visited by
the FBI or other law enforcement officials.
April 23, 2008
Ninth Circuit Upholds Border Laptop Searches without Individualized Suspicion
From Law.com: The 9th U.S. Circuit Court of Appeals ruled Monday that border control agents who found child porn
on a traveler's laptop didn't violate the man's right to be free from unreasonable searches.
"We are satisfied that reasonable suspicion is not needed for customs officials to search a laptop or other personal
electronic storage devices at the border," Judge Diarmuid O'Scannlain wrote. O'Scannlain went on to say that the
defendant "has failed to distinguish how the search of his laptop and its electronic contents is logically any different
from the suspicionless border searches of travelers' luggage that the Supreme Court and we have allowed."
He was joined by Judge Milan Smith Jr. and U.S. District Judge Michael Mosman, sitting by designation from Oregon.
The ruling appears to be the second upholding computer searches by border guards. The first, U.S. v. Ickes, 393
F.3d 501, was handed down by the Virginia-based 4th U.S. Circuit Court of Appeals in 2005. It involved a man who
tried to drive into the United States from Canada with child porn on his computer.
In Monday's case, Michael Arnold, who was 43 at the time, was pulled aside for secondary questioning upon arriving
at Los Angeles International Airport from the Philippines on July 17, 2005. Customs agents examined the contents of
his laptop computer, Monday's ruling noted, and found "numerous images depicting what they believed to be child
A federal grand jury later charged Arnold with possessing and transporting child porn and with traveling to a foreign
country with the intention of having sex with children.
However, U.S. District Judge Dean Pregerson of Los Angeles suppressed the evidence after finding that customs
agents violated Arnold's Fourth Amendment right against unreasonable searches. He held that they didn't have
reasonable suspicion to search the contents of Arnold's laptop.
In reversing, the 9th Circuit ruled that Pregerson erred in holding that a "particularized suspicion" was necessary
before a laptop computer could be searched. The court also rejected Arnold's claim that the border agents had
exceeded their authority by conducting a search in a "particularly offensive manner." Read Full Article. [Brooks
Wikileaks volunteer detained
Rob Beschizza at 4:45 pm Sat, Jul 31
A volunteer for Wikileaks was detained by officials Thursday while entering the country at Newark International
Airport. Jacob Appelbaum, noted for his work with the Tor online security project, was searched and "interrogated"
for three hours before being released, according to a source who asked to remain anonymous. Wikileaks, a clearing
house for information submitted by whistleblowers, released a trove of "War Logs" last Sunday relating to the
conflict in Afghanistan. Appelbaum delivered a keynote speech at the recent HOPE conference in Wikileaks chief
Julian Assange's place, and gave an interview to Boing Boing about the content of the logs. According to the source,
Appelbaum was stopped by customs officials and spoken to for at least three hours by a team that included a U.S.
Army investigator. Army Pvt. Bradley Manning was named last week as a possible Wikileaks source in relation to
the classified logs. Appelbaum's interviewers demanded that he decrypt his laptop and other computer equipment,
the source said. After his refusal to do so, they confiscated it, including three cellphones. The laptop was returned,
apparently because it contained no storage drive that investigators could examine. He was also asked about his role
in Wikileaks and informed that he was under surveillance. The FBI also asked to speak to Appelbaum earlier today
in Las Vegas after his talk at the annual DEFCON hacker conference. Mr. Appelbaum, the source said, had an
attorney present who declined the request on his behalf. Appelbaum, reached Saturday afternoon, said he was unable
to comment.Update: CNET has more details of the detainment.
Wikileaks volunteer detained and searched (again)
by US agents
Xeni Jardin at 1:27 pm Wed, Jan 12
Jacob Appelbaum, a security researcher, Tor developer, and volunteer with Wikileaks, reported today on his Twitter
feed that he was detained, searched, and questioned by the US Customs and Border Patrol agents at Seattle-Tacoma
International Airport on January 10, upon re-entering the US after a vacation in Iceland.
He experienced a similar incident last year at Newark airport.
An archive of his tweeted account from today follows.
• It's very frustrating that I have to put so much consideration into talking about the kind of harassment that I am
subjected to in airports.
• I was detained, searched, and CPB did attempt to question me about the nature of my vacation upon landing in
• The CPB specifically wanted laptops and cell phones and were visibly unhappy when they discovered nothing of
• I did however have a few USB thumb drives with a copy of the Bill of Rights encoded into the block device. They
were unable to copy it.
• The forensic specialist (who was friendly) explained that EnCase and FTK, with a write-blocker inline were unable
to see the Bill of Rights.
• I requested access my lawyer and was again denied. They stated I was I wasn't under arrest and so I was not able to
contact my lawyer.
• The CBP (U.S. Customs and Border Protection) agent was waiting for me at the exit gate. Remember when it was
our family and loved ones?
• When I handed over my customs declaration form, the female agent was initially friendly. After pulling my record,
she had a sour face.
• She attempted to trick me by putting words into my mouth. She marked my card with a large box with the number
1 inside, sent me on my way.
• While waiting for my baggage, I noticed the CBP agent watching me and of course after my bag arrived, I was
"randomly" selected for search.
• Only US customs has random number generator worse than a mid-2007 Debian random number generator.
• During the search, I made it quite clear that I had no laptop and no cell phone. Only USB drives with the Bill of
• The CBP agent stated that I had posted on Twitter before my flight and that slip ended the debate about their
random selection process.
• The CBP agents in Seattle were nicer than ones in Newark. None of them implied I would be raped in prison for
the rest of my life this time.
• The CBP agent asked if the ACLU was really waiting. I confirmed the ACLU was waiting and they again denied
me contact with legal help.
• All in all, the detainment was around thirty minutes long. They all seemed quite distressed that I had no computer
and no phone.
• They were quite surprised to learn that Iceland had computers and that I didn't have to bring my own.
• There were of course the same lies and threats that I received last time. They even complemented me on work done
regarding China and Iran.
• I think there's a major disconnect required to do that job and to also complement me on what they consider to be
work against police states.
• While it's true that Communist China has never treated me as badly as CBP, I know this isn't true for everyone who
travels to China.
• All in all, if you're going to be detained, searched, and harassed at the border in an extra-legal manner, I guess it's
Seattle over Newark.
• It took a great deal of thought before I posted about my experience because it honestly appears to make things
worse for me in the future.
• Even if it makes things worse for me, I refuse to be silent about state sponsored systematic detainment, searching,
• In case it is not abundantly clear: I have not been arrested, nor charged with any crime, nor indicted in any way.
Land of the free? Hardly.
• I'm only counting from the time that we opened my luggage until it was closed. The airport was basically empty
when I left.
• It's funny that the forensics guy uses EnCase. As it, like CBP, apparently couldn't find a copy of the Bill of Rights I
dd'ed into the disk.
• The forensics guy apparently enjoyed the photo with my homeboy Knuth and he was really quite kind. The
forensics guy in Newark? Not so much.
• The CBP agent asked me for data - was I bringing data into the country? Where was all my data from the trip?
Names, numbers, receipts, etc.
• The mental environment that this creates for traveling is intense. Nothing is assured, nothing is secure, and nothing
• I resisted the temptation to give them a disk filled with /dev/random because I knew that reading them the Bill of
Rights was enough hassle.
• I'm flying to Toronto, Canada for work on Sunday and back through Seattle again a few days later. Should be a joy
to meet these guys again.
• All of this impacts my ability to work and takes a serious emotional toll on me. It's absolutely unacceptable.
• What happens if I take a device they can't image? They take it. What about the stuff they give back? Back doored?
• Does it void a warranty if your government inserts a backdoor into your computer or phone? It certainly voids the
trust I have in all of it.
• I dread US Customs more than I dreaded walking across the border from Turkey to Iraq in 2005. That's something
• I will probably never feel safe about traveling internationally with a computer or phones again.
• None the less, safe or not, I won't stop working on Tor. Nor will I cease traveling. I will adapt and I will win. A
hard road worth taking.
Researcher detained at U.S. border, questioned about
Jacob Appelbaum, who volunteers with Wikileaks, is questioned for three
hours and has mobile phones confiscated on his way back to the United
States for a hacker show.
by Elinor Mills
July 31, 2010 4:16 PM PDT
LAS VEGAS--A security researcher involved with the Wikileaks Web site was detained by U.S.
agents at the border for three hours and questioned about the controversial whistleblower project
as he entered the country on Thursday to attend a hacker conference here, sources said Saturday.
He was also approached by two FBI agents at the Defcon conference after his presentation on
Saturday afternoon about the Tor Project.
Jacob Appelbaum, a Seattle-based programmer for the online privacy protection project called
Tor, arrived at the Newark, N.J., airport on a flight from Holland on Thursday morning when he
was pulled aside by customs and border protection agents, who told him that he was randomly
selected for a security search, according to the sources familiar with the matter, who asked to
Appelbaum, a U.S. citizen, was taken into a room and frisked, and his bag was searched.
Receipts from his bag were photocopied, and his laptop was inspected, the sources said. Officials
from Immigration and Customs Enforcement, and from the U.S. Army then told him that he was
not under arrest but was being detained, the sources said. The officials asked questions about
Wikileaks, asked for his opinions about the wars in Iraq and Afghanistan, and asked where
Wikileaks founder Julian Assange could be found, but Appelbaum declined to comment without
a lawyer present, according to the sources. Appelbaum was not permitted to make a phone call,
the sources said.
After about three hours, Appelbaum was given his laptop back, but the agents kept his three
mobile phones, sources said.
Asked for comment, Appelbaum declined to talk to CNET. However, he made reference to
Defcon attendees about his phone getting seized. Following a question-and-answer session after
his talk on the Tor Project, Appelbaum was asked by an attendee for his phone number. He
replied, "that phone was seized."
Shortly thereafter, two casually dressed men identified themselves as FBI agents and asked to
talk to him.
"We'd like to chat for a few minutes," one of the men said, adding, "we thought you might not
want to." Appelbaum asked them if they were aware of "what happened to me," and one of them
replied, "Yes, that's why we're here."
"I don't have anything to say," Appelbaum told them. One of the agents said they were interested
in hearing about "rights being trampled" and said, "sometimes it's nice to have a conversation to
flesh things out."
Marcia Hofmann, an attorney at the Electronic Frontier Foundation, was in the room and asked if
the agents were at the event in an official capacity or for personal reasons. "A little of both," one
of them said.
Appelbaum asked when his equipment would be returned, and one of the agents said, "We aren't
involved in that; we have no idea," and walked away when Appelbaum declined to talk further.
The agents declined to identify themselves to CNET. They said they were attending the
conference and declined to talk further.
Appelbaum is a hacker and security researcher who co-founded the Noisebridge hacker space in
San Francisco's Mission District. He has also worked to bypass the security of "smart" parking
meters, unearth flaws in Web security certificates, and discover a novel way to bypass hard-drive
At the Next HOPE hacker conference in New York in mid-July, Appelbaum filled in for Assange,
the controversial figure who has become the public face of Wikileaks. Assange skipped his
appearance at Next HOPE on the expectation that Homeland Security agents would be looking
for him. After his own presentation at Next HOPE, Appelbaum made a hasty exit and hopped on
a flight to Europe.
Jacob Appelbaum, Wikileaks contributor and Tor Project programmer, speaks at the Next HOPE
hacker conference in mid-July.
(Credit: Declan McCullagh/CNET)
While he was on stage at Next HOPE, Appelbaum urged the largely sympathetic audience to
support Wikileaks by volunteering or by donating money, by addressing recent criticisms of the
document-publishing Web site, and by boasting that Wikileaks remains uncensorable. "You can
try to take us down...but you can't stop us," he said. He also challenged modern U.S. foreign
policy and called for civil disobedience in the form of exposing heavily guarded secrets.
Appelbaum told the Next HOPE audience that though he's significantly involved in Wikileaks,
he has no access to classified U.S. data that may have been sent to the site.
Wikileaks has been in the spotlight since it posted a video in April of a U.S. airstrike in Iraq in
2007. The video showed an Apache helicopter shooting at a group of people on the street and at
a van that pulled up to rescue the injured. Several children were wounded, and two Reuters
journalists, along with unarmed Iraqi civilians, were killed. The episode generated an outpouring
of antimilitary sentiment.
The release of the video was tied to U.S. Army intelligence analyst Bradley Manning, who was
arrested in June at a military base near Baghdad. Hacker Adrian Lamo confirmed to CNET that
he had informed U.S. officials that Manning had confessed to leaking the video and other
About a week ago, Wikileaks released more than 75,000 confidential files related to the war in
Afghanistan, prompting White House, National Security Agency, and other U.S. officials to
condemn the site and launch an investigation.
The Afghan War Diary page on Wikileaks was recently updated to include a mystery file entitled
"insurance." It's unclear what the file contains because it is encrypted.
(CNET's Declan McCullagh contributed to this report.)
If you want to travel internationally
Don't Bring Sensitive Data
If you carry any sensitive information with you when you travel, you should be aware that the
Fourth Amendment does not seem to apply at border crossings. There have been many reported
cases of security researchers, hackers, and activists being detained for hours and having their
laptops, phones, and memory cards confiscated, sometimes indefinitely, without any reason
given, much less a warrant.
It is not clear what rights you have to retrieve your property from the government in such
situations, though there is ongoing litigation and some attempts by congress to legislate reporting
If you are concerned that you might be targeted because of your activism, reporting, or research,
you should consider transferring important information to a secure server (via ftp, dropbox, etc.)
before you re-enter the United States so as to mitigate the result of potential confiscation.
Encrypting Your Harddrive
Some people use full disk encryption to protect their harddrives when they travel internationally.
It is an open question of law whether or not you can be forced or ordered to reveal your
passphrase. We do not recommend bringing your laptop when you travel internationally because
the consequences are unclear. Here is a presentation from defcon about international travel and
Disclaimer: This website is not intended as legal advice. You should contact an attorney if you have been visited by
the FBI or other law enforcement officials.
DOJ: We can force you to decrypt that laptop
The U.S. Justice Department is seeking court order that would require
defendant in Colorado mortgage scam case to disclose her passphrase or
decrypt the files.
by Declan McCullagh
July 11, 2011 12:07 AM PDT
The Colorado prosecution of a woman accused of a mortgage scam will test whether the
government can punish you for refusing to disclose your encryption passphrase.
The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to
decrypt an encrypted laptop that police found in her bedroom during a raid of her home.
Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S.
appeals court appears to have ruled on whether such an order would be legal or not under the U.S.
Constitution's Fifth Amendment, which broadly protects Americans' right to remain silent.
In a brief filed last Friday, Fricosu's Colorado Springs-based attorney, Philip Dubois, said
defendants can't be constitutionally obligated to help the government interpret their files. "If
agents execute a search warrant and find, say, a diary handwritten in code, could the target be
compelled to decode, i.e., decrypt, the diary?"
To the U.S. Justice Department, though, the requested court order represents a simple extension
of prosecutors' long-standing ability to assemble information that could become evidence during
a trial. The department claims:
Public interests will be harmed absent requiring defendants to make available unencrypted contents in
circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential
criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases)
that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement
officers to obtain such evidence through judicially authorized search warrants, and thus make their
Prosecutors stressed that they don't actually require the passphrase itself, meaning Fricosu would
be permitted to type it in and unlock the files without anyone looking over her shoulder. They
say they want only the decrypted data and are not demanding "the password to the drive, either
orally or in written form."
The question of whether a criminal defendant can be legally compelled to cough up his
encryption passphrase remains an unsettled one, with law review articles for at least the last 15
years arguing the merits of either approach. (A U.S. Justice Department attorney wrote an article
in 1996, for instance, titled "Compelled Production of Plaintext and Keys.")
• Judge will hear challenge to laptop border searches
• Kevin Mitnick shows how easy it is to hack a phone
• Supreme Court will set rules for warrantless GPS tracking
• Patriot Act renewed despite warnings of 'secret' law
Much of the discussion has been about what analogy comes closest. Prosecutors tend to view
PGP passphrases as akin to someone possessing a key to a safe filled with incriminating
documents. That person can, in general, be legally compelled to hand over the key. Other
examples include the U.S. Supreme Court saying that defendants can be forced to provide
fingerprints, blood samples, or voice recordings.
On the other hand are civil libertarians citing other Supreme Court cases that conclude
Americans can't be forced to give "compelled testimonial communications" and extending the
legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that
that such protection extends to the contents of a defendant's mind, so why shouldn't a passphrase
be shielded as well?
In an amicus brief (PDF) filed on Friday, the San Francisco-based Electronic Frontier
Foundation argues that the Justice Department's request be rejected because of Fricosu's Fifth
Amendment rights. The Fifth Amendment says that "no person...shall be compelled in any
criminal case to be a witness against himself."
"Decrypting the data on the laptop can be, in and of itself, a testimonial act--revealing control
over a computer and the files on it," said EFF Senior staff attorney Marcia Hofmann. "Ordering
the defendant to enter an encryption password puts her in the situation the Fifth Amendment was
designed to prevent: having to choose between incriminating herself, lying under oath, or risking
contempt of court."
The EFF says it's interested in this case because it wants to ensure that, as computers become
more portable and encrypting data becomes more commonplace, passphrases and encrypted files
receive full protection under the Fifth Amendment.
Because this involves a Fifth Amendment claim, Colorado prosecutors took the unusual step of
seeking approval from headquarters in Washington, D.C.: On May 5, Assistant Attorney General
Lanny Breuer sent a letter to John Walsh, the U.S. Attorney for Colorado, saying "I hereby
approve your request."
While the U.S. Supreme Court has not confronted the topic, a handful of lower courts have.
In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of
receiving child pornography, would not have to give up his password. That's "protecting his
invocation of his Fifth Amendment privilege against compelled self-incrimination," the court
A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard
claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the
files encrypted. Boucher eventually complied and was convicted.
One argument published in the University of Chicago Legal Forum in 1996--constitutional
arguments among legal academics have long preceded actual prosecutions--says:
The courts likely will find that compelling someone to reveal the steps necessary to decrypt a PGP-
encrypted document violates the Fifth Amendment privilege against compulsory self-incrimination.
Because most users protect their private keys by memorizing passwords to them and not writing them
down, access to encrypted documents would almost definitely require an individual to disclose the
contents of his mind. This bars the state from compelling its production. This would force law
enforcement officials to grant some form of immunity to the owners of these documents to gain access
Translation: One way around the Fifth Amendment is for prosecutors to offer a defendant, in this
case Fricosu, immunity for what they say. But it appears as though they've stopped far short of
granting her full immunity for whatever appears on the hard drive (which may not, of course,
even be hers).
Fricosu was born in 1974 and living in Peyton, Colo., as of last fall. She was charged with bank
fraud, wire fraud, and money laundering as part of an alleged attempt to use falsified court
documents to illegally gain title to homes near Colorado Springs that were facing "imminent
foreclosure" or whose owners were relocating outside the state. Some of the charges include up
to 30 years in prison; she pleaded not guilty. Her husband, Scott Whatcott, was also charged.
A ruling is expected from either Magistrate Judge Michael Hegarty or District Judge Robert
Jennifer Guevin contributed to this report.
If you are arrested
Being arrested is one of the most frightening experiences a person can have. Your liberty is
probably your most cherished possession. If you are arrested, you do not have to answer any
questions. You should affirmatively and unambiguously state that you wish to assert your
right to remain silent. Ask for a lawyer right away. Do not say anything else. Repeat to every
officer who tries to talk to or question you that you wish to remain silent and that you wish to
speak to a lawyer. You should always talk to a lawyer before you decide to answer any questions,
even if they make promises to you.
It's pretty unbelievable, but the police can lie to you at this stage in the game. The can promise
you things that they have no intention of delivering in exchange for your cooperation. Do not
talk to them without a lawyer that you trust. It will not help you.
Procedures differ in different states, but you should expect to be brought before a judge for a
probable cause hearing and a bail setting within 72 hours of your arrest. If given the opportunity
answer honest questions about your employment education and civic activities with the
assistance of your lawyer.Do not answer any questions about the case. If necessary say, "I am
asserting my right to remain silent."
Remember: If you say something to a police officer, FBI agent, or in court that is not true you
can be charged with another crime. Remaining silent is your best option.
Disclaimer: This website is not intended as legal advice. You should contact an attorney if you have been visited by
the FBI or other law enforcement officials.
Exclusive: How the FBI investigates the hacktivities of
Notes from an FBI investigation into the hacker collective Anonymous provide …
by Nate Anderson - Aug 19 2011, 5:05am MST
Photo illustration by Aurich Lawson
On September 19, 2008, hackers from the Anonymous collective attacked the website of Fox News
host Bill O'Reilly. The hackers found and immediately posted e-mail addresses, passwords, and
physical addresses of 205 O'Reilly site members paying $5 a month to hear Bill's wisdom. The next
day, a distributed denial of service (DDoS) attack hit the site with 5,000 packets per second. That
night, another attack flooded two O'Reilly servers with 1.5GB/s of data.
The site member data was put to use by hackers immediately. One woman suffered $400 in
fraudulent charges; as an interview with the FBI would later make clear, these were purchases for
things like "penile enlargement." Like many Internet users, the woman had used the same e-mail
address and password for many online accounts, including PayPal, AOL, and Facebook, which gave
the attackers access to many aspects of her online life.
The woman's AOL account was used to "send e-mail of three men performing oral," according to FBI
interview notes, with the offending message purporting to come from "John McCain." Her Facebook
account was also hijacked "and lewd photos of naked men were posted," along with the Anonymous
tagline: "We do not forgive, we do not forget." The woman had to cancel credit cards and close bank
accounts, though she did manage to get the fraudulent charges reversed.
By the time the fiasco was over, Billoreilly.com claimed $10,000 in losses after refunding site
membership fees and offering affected users an extra year of service. Beyond the O'Reilly hack,
Anonymous calls, apparently made to another Fox personality, said "they are going to rape her." An
interview with the website admin showed that his "family is being threatened." Fox corporate security,
the NYPD, and the FBI were all dragged into the case.
It's not just fraud, it involves genitalia! High five, bro!
Hard to find
As Anonymous attacks go, the Bill O'Reilly episode was small-scale. But that's precisely why it's
interesting. How frequently are such operations legitimate "hacktivism" and when are they merely
vandalism and fraud? How does law enforcement respond? And is anyone arrested?
Thanks to a Freedom of Information Act request by Ars Technica, we now have an inside view of the
FBI response to these minor incidents. Case documents (PDF) provided to us by the FBI show that
the Los Angeles office requested permission to open an investigation on September 22, 2008—the
next business day after the incident. The Bureau moved quickly to send “preservation letters” to
Facebook and relevant Internet service providers, asking that they retain log information regarding
the attack that might prove useful in the investigation.
That Monday afternoon, agents were already interviewing a victim in the case, the woman whose
accounts had been compromised. According to interview notes, the attackers used her Paypal
account to make two purchases of $119 and $140, then moved to eBay, Amazon, and a flower
company. The electronic purchase confirmations from those sites were then sent, using the woman's
e-mail account, to her entire list of contacts "in order to embarrass" her and her husband.
Lewd photos came next, sent by e-mail and posted to Facebook, but it was a Facebook wall posting
that provided a motivation for the attack. Former Vice Presidential candidate Sarah Palin's Yahoo e-
mail account had recently been hacked, and Bill O'Reilly had taken to his TV to denounce the
attackers, whom he wanted to "go to prison for a very long time." O'Reilly expressed absolute
confidence that the perpetrator of that hack would be caught (and he was), but went on to make
clear his belief that catching such people was simple for the FBI. After all, they leave digital
fingerprints everywhere, right? The segment angered Anonymous, which then attacked O'Reilly's
website in retaliation; the Facebook posting made this clear.
The O'Reilly segment that started it all
But finding the offenders proved difficult. The attack itself wasn't particularly clever, but it was
effective. Billoreilly.com's administrative interface was protected by a servlet that locked down
access to all back-end material, but the site administrator made one small mistake: he once created
a "New premium member report" showing a list of the most recent subscribers, and he created it in
such a way that it bypassed the servlet. As later FBI interview notes show, this was "just an error"—
but it made the new member report available outside the secure admin structure to someone who
knew the location.
The feds surmise that attackers found the URL for this new members page by running a dictionary
attack on the admin subsection of the site, looking for insecure addresses. "Logs show various IPs
exploring the path of the administrative section looking for pages not under the servlet's control,” say
FBI notes. Attackers hit a jackpot when they found the unprotected URL and suddenly had access to
the most recent five days of new member info, which gave them 205 addresses and e-mails.
Threats of physical violence
The attackers took the name at the top of the list, an account registered only one hour before, and
used it to log into the O'Reilly site as a check of the data's accuracy. The information was then
posted to Wikileaks and discussed on 4chan. Three O'Reilly members who had used the same
password on multiple other sites experienced additional fraudulent use of that information. 4chan
also hosted real-time discussion of the DDoS attacks that later hit O'Reilly's site.
Despite its preservation letters, the FBI couldn't get its hands on useful data about the attackers. The
DDoS attack on O'Reilly's site failed to bring it down, but it did provide the FBI with IP addresses of
the offending machines. The Bureau took the top three addresses and looked into them. Two came
from outside the US and were not pursued; the third belonged to a Web hosting company in the US
which it knew nothing about it.
As for the new members page, the IP address of the machine that found it belonged to a proxy
service. The FBI was able to trace the trail from the proxy service back to a second proxy service
called Vtunnel, but there the trail went cold. "Vtunnel did not have the IP address logs for the date
and time of the incident," noted the FBI.
On October 24, one month after opening the investigation, the FBI's Los Angeles field office
recommended its closure.
The investigation is closed
Not so hard to find
In plenty of other cases, though, the FBI has arrested attackers. In 2010, a 23-year-old hacker was
arrested for attacking O'Reilly's site in 2006 and 2007. As the Los Angeles Times noted, agents
"eventually raided Frost's dorm room seizing a disc, which had been hidden above a ceiling tile, that
stored credit card account numbers, card holders social security numbers, and information
pertaining to their personal bank accounts." O'Reilly claimed $40,000 in losses from that episode,
mainly due to refunds.
And the FBI has come down hard on Anonymous in particular, going back to the collective's days of
harassing Scientology. The FBI stepped up operations after the group last year attacked websites of
Visa, Mastercard, and PayPal. Earlier this year, the agency executed more than 40 search warrants
around the country. The FBI is apparently working off a list of the 1,000 top DDoS IP addresses in
those attacks as it hunts down those responsible. And the UK recently arrested the young man
believed to be "Topiary," who functioned as the voice of Anonymous and a spin-off group called
LulzSec and was involved in the HBGary Federal debacle earlier this year.
One line of argument used to suggest that Anonymous was shepherded by hackers who knew how
to cover their own tracks, but who had no qualms about inciting groups of preteen hacker wannabes
to participate in DDoS attacks, with little attention paid to security. This narrative, which may have
some truth to it, suggested that the authorities could only pick up low-level LOICers in their raids.
The O'Reilly and HBGary Federal cases certainly remind us that some Anons are great at hiding
their tracks, but the more recent large-scale spate of search warrants and arrests—even of high-
profile people like Topiary—suggest that the authorities aren't stymied quite as easily as they were in
Some of that is certainly due to more resources being thrown at Anonymous as the group escalated
its activities in 2010 and 2011 (the HBGary Federal hack made worldwide headlines and even
generated Congressional interest). What's next for the cat-and-mouse game? Given the scope of
FBI search warrants, we're guessing that a major crackdown is brewing—though the Bureau refused
to share information with us on Anonymous cases in progress.
How the FBI Conducts Cyber Security Investigations: Knowledge that Anon Needs (Tactics
and Evasion) (self.anonymous)
submitted 1 year ago* by amianonymousyet
Hello there Anonymous, I'm Anonymous and I'm here to teach you about the FBI,
how they investigate, and what you can do to avoid it.
These rules are not set in stone, but draw from a good deal of knowledge on the
FBI's history online.
Though many believe that the FBI is technologically adept, MOST of their arrests
are the result of subpoenas, financial trails and human intelligence. Some of the
following may seem like common sense, but I feel like it's still good to have it
written down and acknowledged.
If this makes you Paranoid: Good. But you need to realize that the only information
that they can get on you is the information you put out there. Restrict the available
information and it doesn't matter if every single person you deal with is law
You can break up most investigations into a few stages
1)Initial Identification of Low Hanging Fruit
2)Identification of Leaders
Step 1: Initial Identification/Low Hanging Fruit
This is what we've already seen with the identification of members participating in
the DDOS attacks, and the identification/contact of lower echelon LulzSec members.
These are generally somewhat peaceful meetings. Unless they are looking to send a
message(as they are with SOME of the DDOS people), they want information more
From these people they're looking for others higher up the chain. More than that,
they want logs and internal information. They will likely be mostly interested in
things like chat logs that reference pastebin posts, search engine searches,
information on others VPNs or cell phone numbers. The point is that things like
PasteBin(or HideMyAss, as lulzsec found out) are where people get lazy. People
frequently abandon their anonymity measures when searching the internet or
posting to pastebin. Even if you're just sending the link to someone privately, be
aware that it may spread past them and for that reason it's worth maintaining
All they need is a URL the person accessed and a timestamp, and then they move
up the chain....which brings us to Step #2.
Example #1: HideMyAss was leaked in chat logs(human intelligence) as the VPN of
choice for certain lulzsec members. HideMyAss tells us that they then received a
subpoena for the information.
Example #2: The "top 1000" list of IPs attacking Paypal was in part an effort to
simply identify low-end members that may lead to high end members. The rest of it
was sending a message so they don't look impotent.
Step 2: Leader Identification/Arrest
Using the information acquired from Step #1, they move on to the leaders. Most
leaders they can identify will be arrested. The ones that aren't arrested will be the
most useful of them - IRC server owners, message board operators, etc. While we
are sad for the arrests, it's the others that are worrisome to us. For high-level
offenders, an additional risk is the close-knit relationships many have. Things like
cell phone numbers are shared(and indeed were with some members of lulzsec)
that can make a clear trail leading back to the user.
But once they have a few of the top guys(or worse yet infrastructure guys) in
custody/contact, the real shit begins.
Step 3: Infiltration/Identity Takeover
The point of this step is the dissolution of a community - reducing it to a distrusting
mob that scatters into the internet.
A common FBI tactic is creating a centralized location for their targets to gather -
this can be a forum, chat room, or anything else. This is frequently done by using
the identities and reputations of people already within the community. Watch out
for people who disappear for a period of time, then come back with little
explanation. Also be wary of any community gathering location that seems to have
lasted an extraordinarily long time.
These are not people/things we should outright avoid on the basis that they may be
FBI - doing so just creates "COINTELPRO" style infighting. Instead, keep your wits
about you, keep your anonymity measures up, and avoiding giving those in high
ranking positions information to identify you. Keep in mind that if they run a chat
room or a message board, all of your "private" messages are available to the server
Example #1: ShadowCrew - This community trusted a single VPN provider
nicknamed CumbaJohnny. CumbaJohnny was arrested, but was allowed to continue
operating as an FBI informant. When the "raid day" came, nearly every high level
user of his service in a cooperative jurisdiction was arrested(28 known). This would
not have happened had the community avoided centralization, which gives the FBI
a strong attack vector.
Example #2: TheGrifters - After the takedown of ShadowCrew, the FBI used one of
their arrestees (El Mariachi) to found a forum called thegrifters. This forum was
entirely about credit card fraud, and was authorized to run by the FBI. They had
access to every PM, every server log, and every user's account information.
Example #3: DarkMarket - a carding/identity theft forum that existed years ago. In
this case, the entire forum was an FBI sting. The FBI assumed the identity of a
Polish spammer nicknamed Master Splynter who existed prior to DarkMarket as a
non FBI agent. This user's identity was also used as an "in" into the spammer and
So How the Fuck do We Avoid All of This?
Avoiding these tactics is incredibly difficult if you wish to maintain an effective
community. A downgrade into paranoia was the entire point of the early
COINTELPRO operations against protesters and radicals in the 1960s. This must be
avoided, and can be simply.
First, you need to think to yourself "Am I a priority target?"
Just because someone has access to a nickname or a twitter account
doesn't mean it's that person.
Those considered "trustworthy" by the community are in a way less
trustworthy simply because they're targets. Don't avoid talking to them,
but don't give them anything you wouldn't post to the open internet. Not
having leaders is a strength because it's harder to infiltrate. Don't sacrifice
this strength because you get starstruck talking to someone who is well
Don't give your fucking cell phone number to anyone. Ever.
If you are NOT a High-Priority Target
The goal here is not being the lowest hanging fruit. For most problems in
this arena, the solution is TOR. It's not perfect, but it's a big enough pain
in the ass that you'll be safe in most if not al cases.
Don't sign up for anything with a real e-mail address.... Register one using
tor. Then register on the forums using tor. Post to Twitter using Tor.
If you're going into the IRC channels, find a web IRC website. There's lots
of them. Visit it using tor. The IP address the IRC server(the high risk
server) sees will be that of the website. The website meanwhile will see the
TOR IP in their logs if they're subpoenaed. Avoid clients that use Java
applets if at all possible.
If you're posting a link to ANYTHING (google results, pastebin, etc) do not
execute the search from your home connection if at all possible. Yet again:
If you ARE a high-priority Target
If you are leaking information, you don't have to say how it was gotten. If
it was an attack, keep the method quiet. If you work there, STFU about it.
Use prepaid credit cards. Buy them at the gas station with cash or get a
trustworthy friend to. These can be traced to a sale location, so the further
away from your house the better. Use these for any services you may need.
The specialty of law enforcement is financial trails. Don't give them the
beginning of one or they'll tear you apart.
Setup your own VPN, or have another computer(hacked, open wi-fi, or TOR)
in between you and the server you're connecting to if possible. If possible,
it's also good to have the VPN/proxy on your server sending OUTBOUND
connections through another middleman. Is it a pain in the ass? Yeah. Deal
with it. Oh yeah, and turn off logging. If you're going to use a commercial
VPN service it's HIGHLY recommended you have this server sitting in-
Don't give your fucking cell phone number to anyone. Ever.
Don't host anything on a domain that you've used for anything else. Buy a
new domain with a prepaid, use fake information. Same goes for the
If you're running a server(for a VPN or otherwise), re-host frequently, and
vary the countries you're hosted in. The US and UK are bad bets.
Remember that it doesn't matter how secure the server is if the FBI can
have feet on the ground there.
International bureaucracy is your friend. The internet allows us to shift
jurisdictions quickly...often faster than paperwork can follow. Make it
Be aware that the FBI can use illegally obtained information as long as
they're not the ones who did it. Other hacker groups can do whatever the
want and forward the information and there's nothing you can do about it.
Do not probe a server or visit a website from your home connection if
you're planning on attacking. You want to be NOWHERE in those logs, even
if the visit itself seems innocent.
Final Note: When using tor keep in mind the data can be decoded at the exit point.
They won't know who sent it, but they'll know what it is. The first node(the one you
connect to) will know who you are but not what you're sending. So keep identifiable
information going over TOR to a minimum.
Stay safe anon.
The SSD Project
The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the
American public about the law and technology of government surveillance in the United States,
providing the information and tools necessary to evaluate the threat of surveillance and take
appropriate steps to defend against it.
Surveillance Self-Defense (SSD) exists to answer two main questions: What can the government
legally do to spy on your computer data and communications? And what can you legally do to
protect yourself against such spying?
After an introductory discussion of how you should think about making security decisions — it's
all about Risk Management — we'll be answering those two questions for three types of data:
First, we're going to talk about the threat to the Data Stored on Your Computer posed by
searches and seizures by law enforcement, as well as subpoenas demanding your records.
Second, we're going to talk about the threat to your Data on the Wire — that is, your data as it's
being transmitted — posed by wiretapping and other real-time surveillance of your telephone
and Internet communications by law enforcement.
Third, we're going to describe the information about you that is stored by third parties like your
phone company and your Internet service provider, and how law enforcement officials can get it.
In each of these three sections, we're going to give you practical advice about how to protect
your private data against law enforcement agents.
In a fourth section, we'll also provide some basic information about the U.S. government's
expanded legal authority when it comes to Foreign Intelligence and Terrorism Investigations .
Finally, we've collected several articles about specific defensive technologies that you can use to
protect your privacy, which are linked to from the other sections or can be accessed individually.
So, for example, if you're only looking for information about how to securely delete your files, or
how to use encryption to protect the privacy of your emails or instant messages, you can just
directly visit that article.
Legal disclaimer: This guide is for informational purposes only and does not constitute legal
advice. EFF's aim is to provide a general description of the legal and technical issues
surrounding you or your organization's computer and communications security, and different
factual situations and different legal jurisdictions will result in different answers to a number of
questions. Therefore, please do not act on this legal information alone; if you have any specific
legal problems, issues, or questions, seek a complete review of your situation with a lawyer
licensed to practice in your jurisdiction.
Security Means Making Trade-Offs to Manage Risks
Security isn't having the strongest lock or the best anti-virus software — security is about making
trade-offs to manage risk, something we do in many contexts throughout the day. When you
consider crossing the street in the middle of the block rather than at a cross-walk, you are making
a security trade-off: you consider the threat of getting run over versus the trouble of walking to
the corner, and assess the risk of that threat happening by looking for oncoming cars. Your
bodily safety is the asset you're trying to protect. How high is the risk of getting run over and are
you in such a rush that you're willing to tolerate it, even though the threat is to your most
That's a security decision. Not so hard, is it? It's just the language that takes getting used to.
Security professionals use four distinct but interrelated concepts when considering security
decisions: assets, threats, risks and adversaries.
What You Are Protecting
An asset is something you value and want to protect. Anything of value can be an asset, but in
the context of this discussion most of the assets in question are information. Examples are you or
your organization's emails, instant messages, data files and web site, as well as the computers
holding all of that information.
What You Are Protecting Against
A threat is something bad that can happen to an asset. Security professionals divide the various
ways threats can hurt your data assets into six sub-areas that must be balanced against each other:
Confidentiality is keeping assets or knowledge about assets away from unauthorized parties.
Integrity is keeping assets undamaged and unaltered.
Availability is the assurance that assets are available to parties authorized to use them.
Consistency is when assets behave and work as expected, all the time.
Control is the regulation of access to assets.
Audit is the ability to verify that assets are secure.
Threats can be classified based on which types of security they threaten. For example, someone
trying to read your email (the asset) without permission threatens its confidentiality and your
control over it. If, on the other hand, an adversary wants to destroy your email or prevent you
from getting it, the adversary is threatening the email's integrity and availability. Using
encryption, as described later in this guide, you can protect against several of these threats.
Encryption not only protects the confidentiality of your email by scrambling it into a form that
only you or your intended recipient can descramble, but also allows you to audit the emails —
that is, check and see that the person claiming to be the sender is actually that person, or confirm
that the email wasn't changed between the sender and you to ensure that you've maintained the
email's integrity and your control over it.
The Likelihood of a Threat Actually Occuring
Risk is the likelihood that a particular threat against a particular asset will actually come to pass,
and how damaged the asset would be. There is a crucial distinction between threats and risks:
threats are the bad things that can happen to assets, but risk is the likelihood that specific threats
will occur. For instance, there is a threat that your building will collapse, but the risk that it will
really happen is far greater in San Francisco (where earthquakes are common) than in
Minneapolis (where they are not).
People often over-estimate and thus over-react to the risk of unlikely threats because they are
rare enough that the worst incidents are well publicized or interesting in their unusualness.
Similarly, they under-estimate and under-react to more common risks. The most clichéd example
is driving versus flying. Another example: when we talk to individuals about government privacy
intrusions, they are often concerned about wiretapping or searches, but most people are much
more at risk from less dramatic measures, like subpoenas demanding records from you or your
email provider. That is why we so strongly recommend good data practices — if it's private,
don't give it to others to hold and don't store it, but if you do store it, protect it — while also
covering more unusual circumstances, like what to do when the police show up at your door or
seize your laptop.
Evaluating risk is necessarily a subjective process; not everyone has the same priorities or views
threats in the same way. Many people find certain threats unacceptable no matter what the risk,
because the mere presence of the threat at any likelihood is not worth the cost. In other cases,
people disregard high risks because they don't view the threat as a problem. In a military context,
for example, it might be preferable for an asset to be destroyed than for it to fall into enemy
hands. Conversely, in many civilian contexts, it's more important for an asset such as email
service to be available than confidential.
In his book Beyond Fear, security expert Bruce Schneier identifies five critical questions about
risk that you should ask when assessing proposed security solutions:
What assets are you trying to protect?
What are the risks to those assets?
How well does the security solution mitigate those risks?
What other risks does the security solution cause?
What costs and trade-offs does the security solution impose?
Security is the art of balancing the value of the asset you are trying to protect against the costs of
providing protection against particular risks. Practical security requires you to realistically judge
the actual risk of a threat in order to decide which security precautions may be worth using to
protect an asset, and which precautions are absolutely necessary.
In this sense, protecting your security is a game of tradeoffs. Consider the lock on your front
door. What kind of lock — or locks — should you invest in, or should you lock the door at all?
The assets are invaluable — the privacy of your home and control over the things inside. The
threat level is very high — you could be financially wiped out, and all of your most valuable and
private information exposed, if someone broke in. The critical question then becomes: how
serious is the risk of someone breaking in? If the risk is low, you probably won't want to invest
much money in a lock; if the risk is high, you'll want to get the best locks that you can.
Who Poses a Threat?
A critical part of assessing risk and deciding on security solutions is knowing who or what your
adversary is. An adversary, in security-speak, is any person or entity that poses a threat against
an asset. Different adversaries pose different threats to different assets with different risks;
different adversaries will demand different solutions.
For example, if you want to protect your house from a random burglar, your lock just needs to be
better than your neighbors', or your porch better lit, so that the burglar will choose the other
house. If your adversary is the government, though, money spent on a better lock than your
neighbors' would be wasted — if the government is investigating you and wants to search your
house, it won't matter how well your security compares to your neighbors. You would instead be
better off spending your time and money on other security measures, like encrypting your
valuable information so that if it's seized, the government can't read it.
Here are some examples of the kinds of adversaries that may pose a threat to your digital privacy
U.S. government agents that follow laws which limit their activities
U.S. government agents that are willing and able to operate without legal restrictions
Civil litigants who have filed or intend to file a lawsuit against you
Companies that store or otherwise have access to your data
Individual employees who work for those companies
Hackers or organized criminals who randomly break into your computer, or the computers of
companies that store your data
Hackers or organized criminals that specifically target your computer or the computers of the
companies that store your data
Stalkers, private investigators or other private parties who want to eavesdrop on your
communications or obtain access to your machines
This guide focuses on defending against threats from the first adversary — government agents
that follow the law — but the information herein should also provide some help in defending
against the others.
Putting it All Together
Which Threats from Which Adversaries Pose the Highest Risk to Your Assets?
Putting these concepts together, you need to evaluate which threats to your assets from which
adversaries pose the most risk, and then decide how to manage the risk. Intelligently trading off
risks and costs is the essence of security. How much is it worth to you to manage the risk? For
example, you may recognize that government adversaries pose a threat to your webmail account,
because of their ability to secretly subpoena its contents. If you consider that threat from that
adversary to be a high risk, you may choose not to store your email messages with the webmail
company, and instead store it on your own computer. If you consider it a low risk, you may
decide to leave your email with the webmail company — trading security for the convenience of
being able to access your email from any internet-connected computer. Or, if you think it’s an
intermediate risk, you may leave your email with the webmail company but tolerate the
inconvenience of using encryption to protect the confidentiality of your most sensitive emails. In
the end, it’s up to you to decide which trade-offs you are willing to make to help secure your
A Few Parting Lessons
Now that we've covered the critical concepts, here are a few more basic lessons in security-think
that you should consider before reading the rest of this guide:
Knowledge is Power. Good security decisions can't be made without good information. Your
security tradeoffs are only as good as the information you have about the value of your assets,
the severity of the threats from different adversaries to those assets, and the risk of those attacks
actually happening. We're going to try to give you the knowledge you need to identify the threats
to your computer and communications security that are posed by the government, and judge the
risk against possible security measures.
The Weakest Link. Think about assets as components of the system in which they are used. The
security of the asset depends on the strength of all the components in the system. The old adage
that "a chain is only as strong as its weakest link" applies to security, too: The system as a whole
is only as strong as the weakest component. For example, the best door lock is of no use if you
have cheap window latches. Encrypting your email so it won't get intercepted in transit won't
protect the confidentiality of that email if you store an unencrypted copy on your laptop and your
laptop is stolen.
Simpler is Safer and Easier. It is generally most cost-effective and most important to protect
the weakest component of the system in which an asset is used. Since the weak components are
much easier to identify and understand in simple systems, you should strive to reduce the number
and complexity of components in your information systems. A small number of components will
also serve to reduce the number of interactions between components, which is another source of
complexity, cost, and risk.
More Expensive Doesn't Mean More Secure. Don't assume that the most expensive security
solution is the best, especially if it takes away resources needed elsewhere. Low-cost measures
like shredding trash before leaving it on the curb can give you lots of bang for your security buck.
There is No Perfect Security — It's Always a Trade-Off. Set security policies that are
reasonable for your organization, for the risks you face, and for the implementation steps your
group can and will take. A perfect security policy on paper won't work if it's too difficult to
What's Secure Today May Not Be Secure Tomorrow. It is also crucially important to
continually re-evaluate the security of your assets. Just because they were secure last year or last
week doesn't mean they're still secure!
Data Stored on Your Computer
Search, Seizure and Subpoenas
In this section, you'll learn about how the law protects — or doesn't protect — the data that you
store on your own computer, and under what circumstances law enforcement agents can search
or seize your computer or use a subpoena to demand that you turn over your data. You'll also
learn how to protect yourself in case the government does attempt to search, seize, or subpoena
your data, with a focus on learning how to minimize the data that you store and use encryption to
protect what you do store.
What Can the Government Do?
Before you can think about security against the government, you need to know law enforcment’s
capabilities and limitations. The government has extraordinary abilities — it’s the best-funded
adversary you’ll ever face. But the government does have limits. It must decide whether it is
cost-effective to deploy its resources against you. Further, law enforcement officers have to
follow the law, and most often will try to do so, even if only because there are penalties
associated with violating it. The first and most important law for our purposes is the Fourth
Amendment to the United States Constitution.
The Fourth Amendment
Protecting People From Unreasonable Government Searches and Seizures
The Fourth Amendment says, "[t]he right of the people to be secure in their persons, houses,
papers, and effects, against unreasonable searches and seizures, shall not be violated, and no
Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly
describing the place to be searched, and the persons or things to be seized."
A seizure occurs when the government takes possession of items or detains people.
A search is any intrusion by the government into something in which one has a reasonable
expectation of privacy.
Some examples of searches include: reaching into your pockets or searching through your purse;
entering into your house, apartment, office, hotel room, or mobile home; and examining the
contents of your backpack or luggage. Depending on the facts, eavesdropping on your
conversations or wiretapping of your communications can also constitute a search and seizure
under the Fourth Amendment.
The Fourth Amendment requires searches and seizures to be "reasonable", which generally
means that police must get a search warrant if they want to conduct a legal search or seizure,
although there are exceptions to this general rule. If a search or seizure is "unreasonable" and
thus illegal, then police cannot use the evidence obtained through that search or seizure in a
criminal trial. This is called the exclusionary rule and it is the primary incentive against
government agents violating your Fourth Amendment rights.
A few important things to remember:
The Fourth Amendment protects you from unreasonable searches whether or not you are a
citizen. In particular, the exclusionary rule applies to all criminal defendants, including non-
citizens. However, the exclusionary rule does not apply in immigration hearings, meaning that
the government may introduce evidence from an illegal search or seizure in those proceedings.
The Fourth Amendment applies whenever the government — whether local, state or federal —
conducts a search or seizure. It protects you from an unreasonable search or seizure by any
government official or agent, not just the police.
The Fourth Amendment does not protect you from privacy invasions by people other than the
government, even if they later hand over what they found to the government — unless the
government directed them to search your things in the first place.
Your Fourth Amendment rights against unreasonable searches and seizures cannot be
suspended — even during a state of emergency or wartime — and they have not been
suspended by the USA PATRIOT Act or any other post-9/11 legislation.
If you are ever searched or served with any kind of government order, contact a lawyer
immediately to discuss your rights. Contact a lawyer any time you are searched, threatened with
a search, or served with any kind of legal papers from the government or anyone else. If you do
not have a lawyer, pro bono legal organizations such as EFF are available to help you or assist in
finding other lawyers who will.
Reasonable Expectation of Privacy
The Fourth Amendment only protects you against searches that violate your reasonable
expectation of privacy. A reasonable expectation of privacy exists if 1) you actually expect
privacy, and 2) your expectation is one that society as a whole would think is legitimate.
This rule comes from a decision by the United States Supreme Court in 1967, Katz v. United
States, holding that when a person enters a telephone booth, shuts the door, and makes a call, the
government can not record what that person says on the phone without a warrant. Even though
the recording device was stuck to the outside of the phone booth glass and did not physically
invade Katz’s private space, the Supreme Court decided that when Katz shut the phone booth’s
door, he justifiably expected that no one would hear his conversation, and that it was this
expectation — rather than the inside of the phone booth itself — that was protected from
government intrusion by the Fourth Amendment. This idea is generally phrased as "the Fourth
Amendment protects people, not places."
A big question in determining whether your expectation of privacy is "reasonable" and protected
by the Fourth Amendment arises when you have "knowingly exposed" something to another
person or to the public at large. Although Katz did have a reasonable expectation of privacy in
the sound of his conversation, would he have had a reasonable expectation of privacy in his
appearance or actions while inside the glass phone booth? Probably not.
Thus, some Supreme Court cases have held that you have no reasonable expectation of privacy
in information you have "knowingly exposed" to a third party — for example, bank records or
records of telephone numbers you have dialed — even if you intended for that third party to keep
the information secret. In other words, by engaging in transactions with your bank or
communicating phone numbers to your phone company for the purpose of connecting a call,
you’ve "assumed the risk" that they will share that information with the government.
You may "knowingly expose" a lot more than you really know or intend. Most information a
third party collects — such as your insurance records, credit records, bank records, travel records,
library records, phone records and even the records your grocery store keeps when you use your
"loyalty" card to get discounts — was given freely to them by you, and is probably not protected
by the Fourth Amendment under current law. There may be privacy statutes that protect against
the sharing of information about you — some communications records receive special legal
protection, for example — but there is likely no constitutional protection, and it is often very
easy for the government to get a hold of these third party records without your ever being
Here are some more details on how the Fourth Amendment will — or won't — protect you in
Residences. Everyone has a reasonable expectation of privacy in their home. This is not just a
house as it says in the Fourth Amendment, but anywhere you live, be it an apartment, a hotel or
motel room, or a mobile home.
However, even things in your home might be knowingly exposed to the public and lose their
Fourth Amendment protection. For example, you have no reasonable expectation of privacy in
conversations or other sounds inside your home that a person outside could hear, or odors that a
passerby could smell (although the Supreme Court has held that more invasive technological
means of obtaining information about the inside of your home, like thermal imaging technology
to detect heat sources, is a Fourth Amendment search requiring a warrant). Similarly, if you open
your house to the public for a party, a political meeting, or some other public event, police
officers could walk in posing as guests and look at or listen to whatever any of the other guests
could, without having to get a warrant.
Business premises. You have a reasonable expectation of privacy in your office, so long as it’s
not open to the public. But if there is a part of your office where the public is allowed, like a
reception area in the front, and if a police officer enters that part of the office as any other
member of the public is allowed to, it is not a search for the officer to look at objects in plain
view or listen to conversations there. That’s because you’ve knowingly exposed that part of your
office to the public. However, if the officer does not stay in that portion of the premises that is
open to the public — if he starts opening file cabinets or tries to go to private offices in the back
without an invitation — then his conduct becomes a search requiring a search warrant.
Trash. The things you leave outside your home at the edge of your property are unprotected by
the Fourth Amendment. For example, once you carry your trash out of your house or office and
put it on the curb or in the dumpster for collection, you have given up any expectation of privacy
in the contents of that trash. You should always keep this in mind when you are disposing of
sensitive documents or anything else that you want to keep private. You may want to shred all
paper documents and destroy all electronic media. You could also try to put the trash out (or
unlock your trashcan) right before it’s picked up, rather than leaving it out overnight without a
Public places. It may sound obvious, but you have little to no privacy when you are in public.
When you are in a public place — whether walking down the sidewalk, shopping in a store,
sitting in a restaurant or in the park — your actions, movements, and conversations are
knowingly exposed to the public. That means the police can follow you around in public and
observe your activities, see what you are carrying or to whom you are talking, sit next to you or
behind you and listen to your conversations — all without a warrant. You cannot necessarily
expect Fourth Amendment protection when you’re in a public place, even if you think you are
alone. Fourth Amendment challenges have been unsuccessfully brought against police officers
using monitoring beepers to track a suspect’s location in a public place, but it is unclear how
those cases might apply to more pervasive remote monitoring, like using GPS or other cell phone
location information to track a suspect’s physical location.
Infiltrators and undercover agents. Public meetings of community and political organizations,
just like any other public places, are not private. If the government considers you a potential
criminal or terrorist threat, or even if they just have an unfounded suspicion that your
organization might be up to something, undercover police or police informants could come to
your public meetings and attempt to infiltrate your organization. They may even wear hidden
microphones and record every word that’s said. Investigators can lie about their identities and
never admit that they’re cops — even if asked directly. By infiltrating your organization, the
police can identify any of your supporters, learn about your plans and tactics, and could even get
involved in the politics of the group and influence organizational decisions. You may want to
save the open-to-the-public meetings for public education and other non-sensitive matters and
only discuss sensitive matters in meetings limited to the most trusted, long-time staff and
Importantly, the threat of infiltrators exists in the virtual world as well as the physical world: for
example, a police officer may pose as a online "friend" in order to access your private social
Records stored by others. As the Supreme Court has stated, "The Fourth Amendment does not
prohibit the obtaining of information revealed to a third party and conveyed by him to
Government authorities, even if the information is revealed on the assumption that it will be used
only for a limited purpose and the confidence placed in the third party will not be betrayed." This
means that you will often have no Fourth Amendment protection in the records that others keep
about you, because most information that a third party will have about you was either given
freely to them by you, thus knowingly exposed, or was collected from other, public sources. It
doesn’t necessarily matter if you thought you were handing over the information in confidence,
or if you thought the information was only going to be used for a particular purpose.
Therefore it is important to pay close attention to the kinds of information about you and your
organization’s activities that you reveal to third parties, and work to reduce the amount of private
information you leave behind when you go about your daily business.
Opaque containers and packages. Even when you are in public, you have a reasonable
expectation of privacy in the contents of any opaque (not see-through) clothes or containers. So,
unless the police have a warrant or qualify for one of the warrantless search exceptions discussed
below, they can’t go digging in your pockets or rummaging through your bags.
Laptops, pagers, cell phones and other electronic devices are also protected. Courts have
generally treated electronic devices that hold data as if they were opaque containers.
However, always keep in mind that whatever you expose to the public isn’t protected. So, if
you’re in a coffee shop using your laptop and an FBI agent sitting at the next table sees what you
are writing in an email, or if you open your backpack and the FBI agent can see what’s inside,
the Fourth Amendment won’t protect you.
Postal mail. The mail that you send through the U.S. Postal Service is protected by the Fourth
Amendment, and police have to get a warrant to open it in most cases.
If you’re using the U.S. Postal Service, send your package using First Class mail or above. Postal
inspectors don’t need a search warrant to open discount (media) rate mail because it isn’t
supposed to be used for personal correspondence.
Keep in mind that although you have privacy in the contents of your mail and packages, you
don’t have any privacy in the "to" and "from" addresses printed on them. That means the police
can ask the post office to report the name and address of every person you send mail to or
receive mail from — this is called a "mail cover" — without getting a warrant. Mail covers are a
low-tech form of "traffic analysis," which we’ll discuss in the section dealing with electronic
You don’t have any privacy in what you write on a postcard, either. By not putting your
correspondence in an envelope, you’ve knowingly exposed it, and the government can read it
without a warrant.
Police at the door: Police in your home or office when it’s open to the public?
The police may be able to come into your home or office if you have opened those places to the
public — but you can also ask them to leave, just as if they were any other members of the
public. If they don’t have a warrant, or don’t qualify for any of the warrant exceptions, they have
no more right to stay once you’ve asked them to leave than any other trespasser. However,
undercover agents or officers need not announce their true identities, so asking all cops to leave
the room before a meeting is not going provide any protection.
Search Warrants Are Generally Required For Most Searches and Seizures
The Fourth Amendment requires that any search or seizure be reasonable. The general rule is that
warrantless searches or seizures are automatically unreasonable, though there are many
To get a warrant, investigators must go to a neutral and detached magistrate and swear to facts
demonstrating that they have probable cause to conduct the search or seizure. There is probable
cause to search when a truthful affidavit establishes that evidence of a crime will be probably be
found in the particular place to be searched. Police suspicions or hunches aren't enough —
probable cause must be based on actual facts that would lead a reasonable person to believe that
the police will find evidence of a crime.
In addition to satisfying the Fourth Amendment's probable cause requirement, search warrants
must satisfy the particularity requirement. This means that in order to get a search warrant, the
police have to give the judge details about where they are going to search and what kind of
evidence they are searching for. If the judge issues the search warrant, it will only authorize the
police to search those particular places for those particular things.
Police at the door: Search warrants
What should you do if a police officer comes to your home or office with a search warrant?
Be polite. Do not get in the officers' way, do not get into an argument with them or complain,
even if you think your rights are being violated. Never insult a police officer. But you should say
"I do not consent to this search." If they are properly authorized, they will search anyway. But if
they are not, then you have reserved your right to challenge the search later.
Ask to see the warrant. You have a right to examine the warrant. The warrant must tell in detail
the places to be searched and the people or things to be seized, and may limit what time of day
the police can search. A valid warrant must have a recent date (usually not more than a couple of
weeks), the correct address, and a judge's or magistrate's signature. If the warrant appears
incomplete, indicates a different address, or otherwise seems mistaken, politely point this out to
Clearly state that you do not consent to the search. The police don't need your consent if they
have a warrant, but clearly saying "I do not consent to this search" will limit them to search only
where the warrant authorizes. If possible, have witnesses around when you say it.
Do not resist, even if you think the search is illegal, or else you may be arrested. Keep your
hands where the police can see them, and never touch a police officer. Do not try to leave if the
police tell you to stay — a valid warrant gives them the right to detain any people that are on the
premises while the search is conducted. You are allowed to observe and take notes of what the
officers do, though they may tell you to sit in one place while they are conducting the search.
Don't answer any questions. The Fifth Amendment guarantees your right not to answer
questions from the police, even if they have a warrant. Remember that anything you say might be
used against you later. If they ask you anything other than your name and address, you should
tell them "I choose to remain silent, and will not answer any questions without a lawyer." If you
say this, they are legally required to stop asking you questions until you have a lawyer with you.
Take notes. Write down the police officers' names and badge numbers, as well as the names and
contact information of any witnesses. Write down, as best you can remember, everything that the
police say and everything you say to them. Ask if you can watch the search, and if they say yes,
write down everything that you see them search and/or seize (you may also try to tape or take
pictures, but realize that this may escalate the situation). If it appears they are going beyond what
is authorized by the warrant, politely point this out.
Ask for an inventory. At the conclusion of the search, the police should typically provide an
inventory of what has been seized; if not, request a copy but do not sign any statement that the
inventory is accurate or complete.
Call a lawyer as soon as possible. If you don't have a lawyer, you can call EFF and we'll try to
find you one.
Police at the door: Computer searches and seizures
If the police believe a computer is itself evidence of a crime — for example, if it is stolen or was
used to commit a crime — they will usually seize it and then search its contents later. However,
if the evidence is just stored on the computer — for example, you have computer records that
contain information about the person they are investigating — instead of seizing the whole
machine, the police may choose to:
Search the computer and print out a hard copy of the particular files they are looking for (this is
Search the computer and make an electronic copy of the particular files
Create a duplicate electronic copy of all of the computer's contents (this is called "imaging" or
creating a "bitstream copy" of the computer hard drive) and then search for the particular files
"Sneak and Peek" Search Warrants
"Sneak and Peek" Search Warrants Are Easier to Obtain Than They Used to Be
Generally, police officers serving a warrant must "knock and announce" — that is, give you
notice that they are the police and are serving a warrant (although they might not do this if they
reasonably suspect that they will be put in danger, or that evidence will be destroyed, if they give
such notice). If they have a warrant, they can enter and search even if you aren't home — but
they still have to leave a copy of the warrant and an inventory of what they seized, so you'll
know that your place was searched.
However, thanks to the USA PATRIOT Act, it is much easier for law enforcement to get
permission from the court to delay notice rather than immediately inform the person whose
premises are searched, if agents claim that giving notice would disrupt the investigation. Since
the goal is not to tip the suspect off, these orders usually don't authorize the government to
actually seize any property — but that won't stop them from poking around your computers.
The delay of notice in criminal cases can last months. The average delay is 30 to 90 days. In the
case of super-secret foreign intelligence surveillance to be discussed later, the delay lasts forever
— no one is ever notified, unless and until evidence from the search is introduced in open court.
The risk of being targeted with such a "sneak-and-peek" warrant is very low, although rising
quickly. Law enforcement made 47 sneak-and-peek searches nationwide from September 2001
to April 2003 and an additional 108 through January 2005, averaging about fifty per year, mostly
in drug cases. We don't know how many foreign intelligence searches there are per year — it's
secret, of course — but we'd guess that it's much more common than secret searches by regular
Privacy tip: Sneak and peek searches, key-loggers and government spyware
Secret searches can be used to install eavesdropping and wiretapping devices. Secret searches
may also be used to install a key-logging device on your computer. A key-logger records all of
the keystrokes that you make on the computer's keyboard, for later retrieval by the police who
installed it. So if you are concerned about government surveillance, you should check your office
computers for new added hardware that you don't recognize — especially anything installed
between the keyboard and the computer — and remove it. A hardware key-logger often looks
like a little dongle in between the keyboard plug and computer itself. Keyghost is an example of
a hardware key-logger.
However, the government also has the capability to remotely install software key-loggers on
your computer — or search the contents of your hard drive, or install surveillance capability on
your computer — using its own spyware. There were rumors of such capability a few years ago
in news reports about a government software program code-named "Magic Lantern" that could
be secretly installed and monitored over the Internet, without the police ever having to enter your
house or office. More recently, news reports revealed that the government had in one case been
able to hack into a computer remotely and install software code-named "CIPAV" (the "Computer
and Internet Protocol Address Verifier"), which gave the government the IP addresses with
which the infected computer communicated.
In response to a survey, all of the major anti-spyware companies claimed that their products
would treat government spyware like any other spyware programs, so you should definitely use
some anti-spyware product to monitor your computer for such programs. It's possible that a
spyware company may receive a court order requiring it not to alert you to the presence of
government spyware (several of the companies that were surveyed declined to say whether they
had received such orders), but you should still use anti-spyware software if only to protect
yourself against garden-variety spyware deployed by identity thieves and commercial data
There Are Many Fourth Amendment Exceptions to the General Rule of Warrants
In some cases, a search can be reasonable — and thus allowed under the Fourth Amendment —
even if the police don't have a warrant. There are several key exceptions to the warrant
requirement that you should be aware of.
Consent. The police can conduct a warrantless search if you voluntarily consent to the search —
that is, if you say it's OK. In fact, any person who the police reasonably think has a right to use
or occupy the property, like a roommate or guest in your home, or a coworker at your office, can
consent to the search. You can make clear to the people you share a home or office with that they
do not have your permission to consent to a search and that if police ask, they should say no.
Privacy tip: Don't accidentally consent!
If the police show up at your door without a warrant, step outside then close and lock the door
behind you — if you don't, they might just walk in, and later argue that you implied an invitation
by leaving the door open. If they ask to come in, tell them "I do not consent to a search." Tell
roommates, guests, coworkers and renters that they cannot consent on your behalf.
Administrative searches. In some cases, the government can conduct administrative searches.
These are searches done for purposes other than law enforcement; for example, for a fire
inspection. Court authorization is required for involuntary administrative searches, although the
standards are lower. The only time the government doesn't need a warrant for an administrative
search is when they are searching businesses in highly regulated industries such as liquor, guns,
strip mining, waste management, nuclear power, etc. This exception to the warrant requirement
clearly does not apply to the average homeowner, activist organization or community group.
Privacy tip: Just because they're "inspectors" doesn't mean you have to let them in!
If someone shows up at your home or office claiming to be a fire inspector, building code
inspector, or some other non-law enforcement government employee who wants to inspect the
premises, you can tell them to come back with a warrant. You don't have to let them in without a
Exigent circumstances. Exigent circumstances are emergency situations where it would be
unreasonable for the police to wait to get a warrant, like if a person is calling for help from inside
your house, if the police are chasing a criminal suspect who runs into an office or home, or if
evidence will be destroyed if the police do not act immediately.
Privacy tip: Don't get tricked into consenting!
Police could try to get your consent by pressuring you, or making you think that you have to let
them in. For example, they may show up at your door claiming that your neighbor saw someone
breaking into your home or office, saw a criminal suspect entering the premises, or heard calls
for help, and that they need to take a look around. You should never physically interfere if they
demand to come in (which they will do if there are indeed exigent circumstances), but no matter
what they say or do, keep saying the magic words: "I do not consent to a search."
Plain view. The police can make a warrantless search or seizure if they are lawfully in a position
to see and access the evidence, so long as that evidence is obviously incriminating. For example,
if the police enter a house with a valid search warrant to search for and seize some stolen
electronics and then see a bag of drugs in plain view on the coffee table, they can seize the drugs
too, even though the warrant didn't specifically authorize that seizure. Similarly, the police could
seize the drugs without a warrant, or look at any other documents or things left in plain view in
the house, if there were exigent circumstances that led the police into the house — for example,
if a suspect they were chasing ran into the house, or if they heard gunshots from inside. Even a
law-abiding citizen who does not have any contraband or evidence that the police would want to
seize may still have sensitive documents in plain view that one would not want the authorities to
The plain view exception alone does not allow the police to enter your home or office without a
warrant. So, for example, even if the police see evidence through your window, they cannot enter
and seize it. However, plain view can combine with other exceptions to allow searches that
might otherwise require a warrant. For example, if the person with the bag of drugs in the
previous example saw the police looking through his window, then grabbed the bag and ran
towards the bathroom as if he was about to flush the evidence down the toilet, that would be an
exigent circumstance and the police could enter without a warrant to stop him.
Automobiles. Since cars and other vehicles are mobile, and therefore might not be around later
if the police need to go get a warrant, the police can search them without one. They still need
probable cause, though, because you do have a privacy interest in your vehicle.
If the police have probable cause, they can search the entire vehicle (including the trunk) and all
containers in the vehicle that might contain the object for which they are searching. For example,
if the police have probable cause to believe that drugs are in the vehicle, they can search almost
any container, but if they have probable cause to believe that a murder suspect is hiding inside
the vehicle, they must limit their search to areas where a person can hide.
Also, it's important to know that the "plain view" exception is often applied to cars. That means
that the police aren't conducting a search just by looking through your car windows, or even by
shining a flashlight in your car. And if they see evidence inside your car, that can then give them
probable cause to search the rest of the vehicle under the automobile exception.
Police at the (car) door: What if I get pulled over?
If you are pulled over by a police officer, you may choose to stop somewhere you feel safe, both
from traffic and from the officer herself. In other words, you can pull into a lighted gas station,
or in front of someone's home or somewhere there are other people present, rather than stopping
on a dark road, so long as you indicate to the officer by your driving that you are in fact stopping.
You are required to show the officer your license, insurance and registration. Keep your hands
where the officer can see them at all times. For example, you can wait to get your documentation
out when the officer is standing near your car so that she can watch what you are doing and have
no cause to fear that you are going into the glove box for a weapon. Be polite and courteous.
Airport searches. As you certainly know if you've flown recently, the government is allowed to
search you and all your luggage for bombs and weapons before you are allowed to board a plane,
without a warrant. Always assume that the government will look in your bags when you fly, and
Border searches. The government has the right to warrantlessly search travelers at the border,
including international airports, as part of its traditional power to control the flow of items into
and out of the country. The case law distinguishes between "routine" searches, which require no
cause, and "non-routine" searches, which require reasonable suspicion, but no warrant. "Non-
routine" searches include strip searches, cavity searches, involuntary X-rays and other
particularly invasive investigative techniques. Several courts have found that searching the
contents of your laptop or other electronic devices is "routine" and doesn't require a warrant or
even reasonable suspicion.
One solution to this problem is to bring a blank "traveling" laptop and leave your personal
information at home. You could then access the information that you left at home over the
internet by using a VPN or other secure method to connect to a server where you've stored the
However, bringing a clean laptop means more than simply dragging files into the trash. Deleting
files will not remove them from your hard drive. See our software and technology article on
secure deletion for details.
Another solution is to use password-based disk encryption to prevent border agents from being
able to read your files. The consequences of refusing to disclose a password under those
circumstances are difficult to predict with certainty, but non-citizens would face a significant risk
of being refused entry to the country. Citizens cannot be refused entry, but could be detained
until the border agents decide what to do, which may include seizing your computer.
Stop and frisk searches. The police can stop you on the street and perform a limited "pat-down"
search or "frisk" — this means they can feel around your outer clothing for concealed weapons.
The police don't need probable cause to stop and frisk you, but they do at least need to have a
reasonable suspicion of criminal activity based on specific facts. This is a very low standard,
though, and the courts usually give the police a lot of leeway. For example, if a police officer is
suspicious that you're carrying a concealed weapon based on the shape of a lump under your
jacket or the funny way that you're walking, that's usually enough.
If, while patting you down, a police officer feels something that he reasonably believes is a
weapon or an illegal item, the officer can reach into your clothes and seize that item.
Search Incident to Lawful Arrest
Search Incident to Arrest (SITA) doctrine is an exception to the general requirement that police
obtain a warrant before conducting a search. The purpose of this exception is to protect the
officer by locating and seizing any weapons the person has and to prevent the destruction of any
evidence on the person. According to the SITA doctrine, if an arrest is valid, officers may
conduct a warrantless search of the arrestee and the area and objects in close proximity — i.e. the
"grab area" — at about the same time as the arrest.
Officers may also perform inventory searches of the arrested person at the time of the arrest or
upon arrival at the jail or other place of detention.
So, the police are allowed to search your clothing and your personal belongings after they've
arrested you. They can also search any area nearby where you might conceal a weapon or hide
evidence. If you are arrested inside a building, this usually means they can search the room they
found you in but not the entire building. If you are arrested while driving, this means they can
search inside the car, but not the trunk. But if they impound the car, then they can search the
trunk as part of an inventory search. This is another example of the way that multiple exceptions
to the warrant requirement can combine to allow the police a lot of leeway to search without
going to a judge first.
When searches are delayed until some time after the arrest, courts generally have allowed
warrantless searches of the person, including containers the arrestee carries, while rejecting
searches of possessions that were within an arrestee's control. These no longer present any
danger to the officer or risk of destruction because the arrestee is now in custody.
The question remains whether the SITA doctrine authorizes warrantless searches of the data on
cell phones and computers carried by or located near the arrestee. There are very few cases
addressing this question. In one case in Kansas, for example, the arresting officer downloaded
the memory from the arrestee's cellphone for subsequent search. The court found that this seizure
did not violate the Fourth Amendment because the officer only downloaded the dialed and
incoming numbers, and because it was imperative to preserve the evidence given the volatile,
easily destroyed, nature of cell phone memory.
In contrast, in another case in California, the court held that a cellphone search was not justified
by the SITA doctrine because it was conducted for investigatory reasons rather than out of a
concern for officer safety, or to prevent the concealment or destruction of evidence. The officers
could seize the phone, and then go obtain a warrant to do any searching of it. The decision
rejected the idea that the data searched was not private, in light of the nature and amount of
information usually stored on cell phones and laptops.
Police at the door: Arrest warrants
If the police arrive at your home or office with an arrest warrant, go outside, lock the door, and
give yourself up. Otherwise, they'll just force their way in and arrest you anyway, and then be
able to search nearby. It is better to just go peacefully without giving them an excuse to search
Police at the door: Searches of electronic devices incident to arrest
If you are arrested, the officers are going to seize all the property on your person before you are
taken to jail. If you have a cell phone or a laptop, they will take that too. If you are sitting near a
cell phone or laptop, they may take those as well. The SITA doctrine may allow police to search
the data. It many also allow copying for later search, though this is well beyond what the SITA
doctrine's original justification would allow.
You can and should password protect your devices to prevent this potentially unconstitutional
privacy invasion. But for much stronger protection, consider protecting your data with file and
Prudent arresting officers will simply secure the devices while they get a warrant. There's
nothing you can do to prevent that. Do not try to convince the officers to leave your phone or
laptop behind by disavowing ownership. Lying to a police officer can be a crime. Also,
prosecutors may use your statements against you later to argue that you do not have the right to
challenge even an illegal search or seizure of the device, while still being able to introduce
information stored on the device against you.
Another Powerful Investigative Tool
In addition to search warrants, the government has another very powerful legal tool for getting
evidence — the subpoena. Subpoenas are legal documents that demand that someone produce
specific documents or appear in court to testify. The subpoena can be directed at you to produce
evidence you have about yourself or someone else, or at a third party to produce evidence they
have collected about you.
Subpoenas demand that you produce the requested evidence, or appear in court to testify, at
some future time. Search warrants, on the other hand, are served and executed immediately by
law enforcement with or without your cooperation.
Subpoenas, unlike search warrants, can be challenged in court before compliance. If you are the
recipient of the subpoena, you can challenge it on the grounds that it is too broad or that it
would be unduly burdensome to comply with it. If a judge agrees, then the court may quash the
subpoena so you don't have to produce the requested evidence. You may also be able to quash
the subpoena if it is seeking legally privileged material, or information that is protected by the
First Amendment, such as a political organization's membership list or information to identify an
anonymous speaker. If the subpoena is directed to a third party that holds information about
you, and you find out about it before compliance, then you can make a motion to quash the
subpoena on the grounds of privilege or constitutional rights regardless of whether the third
party decides it would otherwise comply. However, you have to do so before the compliance
date. Subpoenas that are used to get records about you from third parties sometimes require
that you be notified, but usually do not.
Subpoenas are issued under a much lower standard than the probable cause standard used for
search warrants. A subpoena can be used so long as there is any reasonable possibility that the
materials or testimony sought will produce information relevant to the general subject of the
Subpoenas can be issued in civil or criminal cases and on behalf of government prosecutors or
private litigants; often, subpoenas are merely signed by a government employee, a court clerk,
or even a private attorney. In contrast, only the government can get a search warrant.
Police at the door: Subpoenas
What should you do if a government agent (or anyone else) shows up with a subpoena?
Subpoenas are demands that you produce evidence at some time in the future. A subpoena does
not give anyone the right to enter or search your home or office, nor does it require you to hand
over anything immediately. Even a "subpoena forthwith", which asks for immediate compliance,
can not be enforced without first going to a judge.
So, if someone shows up with a subpoena, don't answer any questions, don't invite them in, and
don't consent to a search — just take the subpoena, say thank you, close the door and call a
lawyer as soon as possible!
What Can I Do To Protect Myself?
You can’t stop or prevent a seizure of your computers, and your best defense against a subpoena
is a lawyer, but there are still steps you can take to prevent a search of your computers without
your cooperation, and minimize what information the government can get its hands on.
Develop a Data Retention and Destruction Policy
If You Don't Have It, They Can't Get It
The best defense against a search or a subpoena is to minimize the amount of information that it
can reach. Every organization should have a clear policy on how long to keep particular types of
information, for three key reasons:
It’s a pain and an expense to keep everything.
It’s a pain and an expense to have to produce everything in response to subpoenas.
It’s a real pain if any of it is used against you in court — just ask Bill Gates. His internal emails
about crushing Netscape were not very helpful at Microsoft’s antitrust trial.
Think about it — how far back does your email archive go? Do you really need to keep every
email? Imagine you got a subpoena tomorrow — what will you wish you’d destroyed?
Establish a retention policy. Your organization should review all of the types of documents,
computer files, communications records, and other information that it collects and then develop a
policy defining whether and when different types of data should be destroyed. For example, you
may choose to destroy case files six months after cases are closed, or destroy Internet logs
showing who visited your website immediately, or delete emails after one week. This is called a
"document retention policy," and it’s your best defense against a subpoena — they can’t get it if
you don’t have it. And the only way to make sure you don’t have it is to establish a policy that
everyone follows. Set a clear written policy for the length of time documents are kept (both
electronic and paper documents). Having a written policy and following it will help you if you
are accused of destroying documents to hide evidence.
Do not destroy evidence. You should never destroy anything after it has been subpoenaed or if
you have reason to believe you are under investigation and it is about to be subpoenaed —
destruction of evidence and obstruction of justice are serious crimes that carry steep fines and
possible jail time, even if you didn’t do the original crime. Nor should you selectively destroy
documents — for example, destroying some intake files or emails but not others — unless it’s
part of your policy. Otherwise, it may look like you were trying to hide evidence, and again
might make you vulnerable to criminal charges. Just stick to your policy.
Destroying paper documents. Remember, your trash is fair game under the Fourth Amendment,
so just tossing your old membership rolls in the garbage is not the way to go.
If you are concerned about the privacy of the documents that you throw away (and you should
be!), you should destroy them before they go in the trash. At the very least you should run
documents through a "cross-cut" paper shredder that will cut them in two directions and turn
them into confetti, and then mix up the shreds from different documents to make them harder to
put back together (documents cut in one direction by "strip-cut" shredders are very easy to put
back together). If you have evidence giving you reason to believe that your trash is being or is
about to be searched, you should also completely burn all of the shreds. Even if you’re not
particularly worried about someone searching your trash, you should still destroy or thoroughly
erase any computer equipment or media that you throw out.
If you destroy any of your papers and disks before throwing them out, you should try to destroy
all of them, even the ones you don’t need to keep private. If you don’t destroy everything,
anyone with access to your trash can will be able to quickly isolate the shreds of your private
documents and focus on reconstructing them. Both government investigators and identity thieves
often have the manpower and time necessary to reconstruct your shredded documents — even
the burned ones, in some crime labs.
Your web browser's watching you, so you have to watch your browser. In a recent trial,
government forensics experts were able to retrieve web pages of Google search results that the
suspect downloaded years ago — his web browser had "cached" copies of the pages. It was a
murder trial, and the suspect had Googled for information about breaking necks and the depth of
the local lake, where he ended up dumping the body. The suspect was convicted.
Hopefully, you have much more innocent things you’d like to keep private, but the point is that
your browser is a security hole that needs to be plugged. You need to take regular steps to clear
out all the stuff it’s been storing, such as a history of the web sites you’ve visited and the files
you’ve downloaded, cached copies of web pages, and cookies from the web sites you visit
(which we will talk more about later). In particular, it’s a bad idea to have the browser save your
passwords for web sites, and it’s a bad idea to have it save the data you’ve entered into web
forms. If your computer is seized or stolen, that information will be compromised. So consider
turning these features off completely. Not having these features is less convenient — but that’s
the security trade-off. Are you worried enough about your computer’s security that you’re
willing to type a few extra times each day to enter a password or a web address?
Visit our Defensive Technology article on web browsers for help with browser hygiene and other
recommendations to improve security.
Your instant messenger software is probably watching you too. Many instant messaging (IM)
clients are set by default to log all of you IM conversations. You should check the software's
preferences so you know what it's doing, and figure out how these logs fit into your retention
policy. Will you clean them out every month? Every week? Or will you take the simple route and
just set the preferences so that your IM client doesn't log any messages at all? The choice is up to
you, but because people often treat IM like an in-person conversation and often say things they
normally wouldn't in an email, you should consider such logs very sensitive. If you do insist on
logging your IMs, all the more reason to make sure they are protected by encryption. For more
information, check out our Defensive Technology article about instant messaging.
Minimize computer logging. If you run a network, an email server or a web server, you should
consider reducing or eliminating logging for those computer and network services, to protect the
privacy of your colleagues and your clients. For more information, refer to EFF’s "Best Data
Practices for Online Service Providers."
When you delete computer files, really delete them. When you put a file in your computer’s
trash folder and empty the trash, you may think you’ve deleted that file — but you really haven’t.
Instead, the computer has just made the file invisible to the user, and marked the part of the disk
drive that it is stored on as "empty" — meaning, it can be overwritten with new data. But it may
be weeks, months, or even years before that data is overwritten, and the government’s computer
technicians can often retrieve data that has been overwritten by newer files. Indeed, no data is
ever really deleted, just overwritten over time, and overwritten again.
The best way to keep those "deleted" files hidden, then, is to make sure they get overwritten
immediately, and many times. Your operating system probably already includes software that
will do this, and overwrite all of the "empty" space on your disk with gibberish, dozens or
hundreds of times, and thereby protect the confidentiality of deleted data. Visit the secure
deletion article to learn more about how to do this in various operating systems.
In addition to using a secure deletion tool, you should consider using encrypted storage. Visit the
disk encryption article for more information.
Destroying hardware and electronic media. When it comes to CD-ROMs, you should do the
same thing you do with paper — shred 'em. There are inexpensive shredders that will chew up
CD-ROMs. Never just toss a CD-ROM out in the garbage unless you’re absolutely sure there’s
nothing sensitive on it.
If you want to throw a piece of hardware away or sell it on EBay, you’ll want to make sure no
one can retrieve your data from it. So, before selling or recycling a computer, be sure to
overwrite its storage media with gibberish first. Darik's Boot and Nuke is an excellent free tool
for this purpose.
Make data hygiene a regular habit, like flossing. The easiest way to keep this all straight is to
do it regularly. If you think you face a high risk of government seizure, or carry a laptop around
with you and therefore face a high risk of theft or loss, perhaps you should do it at the end of
each day. If not, you might want to do it once a week.
For example, at the end of each week you could:
Shred any paper documents or electronic media that are scheduled for destruction under your
Delete any emails or other documents that are scheduled for deletion under your policy.
Clear your browser of all logs.
Run your secure-deletion software to overwrite all of the newly deleted stuff.
Have your organization put this weekly ritual or something like it in its written policy. You’ll be
glad you did.
Master the Basics of Data Protection
We're not going to lecture you on how to physically secure your office, because as we've said
before, if the government has permission from a court to bust in, they are going to bust in
regardless of what you do. We're more concerned here about what they can do to your computers
once they are inside. Here are some steps to ensure that just because someone has physical
access to your machine it doesn't mean they'll be able to get at all the data inside of it:
Require logins! Operating systems can be set to automatically log into a user account when the
machine boots. Disable this feature! Require that the user provide a username and password
before the machine will allow access to a user account.
Require screensaver logins too! Set the screensaver on your system to start automatically after
a short time (such as 2 or 5 minutes) and to require that the user supply their password again
before the screensaver will unlock. All operating systems support a feature like this, and it makes
no sense not to use it.
Access controls are only as strong as your authentication mechanism. In other words, if your
password is "12345" or your dog's name, or if you keep your password in a drawer next to your
computer, your files may be accessible to anyone who has access to your computer and has a
couple minutes to guess some passwords or look through your desk. Follow the next section's
advice to generate and manage strong passwords effectively.
Choose your sysadmin wisely. In mainstream operating systems, the systems administrator
must be "trusted" – that is, he or she is always able to circumvent access controls. Therefore,
your organization's management must take care when selecting and training systems
administrators, to ensure that he or she is worthy of trust. Trustworthy administrators will adhere
to a code of professional ethics such as that published by the Systems Administrators Guild.
Guest accounts. To provide availability for unauthorized users, if that is desired, create a guest
account for general use, and make sure that it cannot modify the operating system or cause other
damage to the system. Ensure that the guest account does not have the privilege to read or
modify sensitive files.
Learn How to Use Passwords Properly
Choosing a Password
Longer and more complex passwords are more secure. If the government seizes your computer it
can quickly guess simple passwords by automatically trying large lists of words from a
dictionary. Automated dictionary attacks use lists of regular words as well as proper names and
common variations of these (e.g. adding a number to a dictionary word or replacing letters with
similar numbers, e.g. replacing o with 0).
So, if it's human-readable, it's computer-breakable. Don't use names, song titles, random words
or any dictionary words at all, whether alone, in combination with numbers, or with letters
replaced by numbers – the government can and will break it. For stronger password security, use
a lengthy passphrase that includes upper- and lower-case letters, one or more numerical digits
and special characters (e.g. #,$ or &), and change it frequently.
New computer hardware usually comes with default passwords, such as "password" or "default"
or the name of the technology vendor. Always change the default passwords immediately!
When it comes to passwords, the only truly secure password is the one that's only in your head.
Written-down passwords can be seized or subpoenaed. But there's a tough trade-off — the better
your password, the harder it'll be to remember. And if you forget the password and don't have it
recorded somewhere, you could lose access to a critical asset at just the wrong time — perhaps
Although we recommend memorizing your passwords, we recognize you probably won't. So,
here are a few other options to consider:
Use a password safe. There are a number of software tools available that will keep all of your
passwords for you on your computer, in an encrypted virtual safe, which you access with one
master password. Just remember to never write down the password to your password safe — that
piece of paper can become a single point of failure for all of your password-secured assets. This
brings another drawback, of course — if you forget that master password, you've lost all of your
other passwords forever.
Carry your passwords on paper, in your pocket. This is a somewhat controversial solution
promoted by security expert Bruce Schneier — even though he wrote the digital password
management program Password Safe. Schneier advocates that people keep their passwords in
their wallets. What you sacrifice in security, the argument goes, is made up for by the
convenience — with easy access to your passwords, you're more likely to use very strong ones
that you couldn't remember otherwise, plus you can access your passwords even when you're
away from your computer. An added benefit is that when your passwords are in your wallet,
you'll find out very quickly if they've been lost or stolen.
However, to mitigate the risk of a loss, add a certain number of dummy characters before and
after the real passwords to make it harder to identify them, and use simple code-words to indicate
what asset they protect, rather than saying "Chase Manhattan Bank" or "Work Computer."
Don't use the same password to protect multiple assets. Sure, it's OK to use the same
password to log into the New York Times web site that you use for the Washington Post,
because those aren't valuable assets. But when it comes to the important stuff, use unique
passwords. That way, even if one asset is compromised, the others are still safe.
Never keep a password in the same physical location as the asset it protects, unless it's
encrypted. This is the biggest password boo-boo, and it's an object lesson in security planning: if
a security measure is too inconvenient for day-to-day use, people won't use it correctly. Your
password is worse than useless if it's on a sticky note next to your computer, and probably
useless against secret searches if it is anywhere in the same office. Again, this is why Bruce
Schneier recommends keeping your passwords in your pocket — you'll have stronger passwords,
and you won't leave them lying around.
Change passwords regularly. A password may have already been compromised and you just
don't know it. You should change passwords every week, every month, or every year — it all
depends on the threat, the risk, and the value of the asset, traded against usability and
Encrypt Your Data
Requiring a strong password to log onto accounts on your computer is a good security step. But
when the government is your attacker, it's not nearly enough. If the government seizes your
computer, all it has to do to get around your account protection is to take the hard drive out and
stick it into another computer to get around your password protection. Similarly, if you were
subject to a sneak-and-peek search, the government could sneak in with their own hardware, take
your hard drive out and copy it, and then replace it without you ever knowing. Your best and
only protection against this is to encrypt the data that's on your computer so the government can't
read it. If you're not familiar with encryption, how it works, and what it does, check out our
technology article about encryption basics.
You should also find out more about how to choose and use file and disk encryption software.
So I used file encryption and the government seized my computer — now what? Well, first
off, don't give them your password during the search — you have the right to remain silent, so
use it. Since they can't search your encrypted files without your help, you've got leverage that
most search targets never have. But now you've done all you can — now it's time to call a lawyer.
(Anyway, you should have called as soon as the computer was seized, right?)
A lawyer may be able to get your property back if the warrant was improper, negotiate a deal
with the government's attorneys to limit the search or get important files back, or convince the
court to strictly limit the search so that they won't search files that are legally privileged (like
confidential legal or medical records), protected by the First Amendment (like private
membership lists), or irrelevant to the case.
Alternatively, a prosecutor may ask a judge to order you to turn over your password. The law is
unclear on whether such an order would be valid, but that is a matter to face with the assistance
of counsel. No one other than a judge can force you to reveal your password.
Protect Yourself Against Malware
Although it's been confirmed that the government has used remotely-installed spyware in at least
one criminal investigation, and probably many more, the risk of Internet-based attack from the
government is still hard to judge. However, there is definitely a high risk from just about every
other bad guy on the net. Network-based threats to computers include denial of service (e.g.,
flooding the network or causing the computers to crash) and software and/or data theft or
destruction ("hacking"). In addition, malicious users could hijack your computers so they can be
used to attack other computers and networks. The risk that this threat will materialize for any
computer connected to the Internet is a near-certainty. For example, a recent report concludes
that 80 percent of Windows computers in homes has been compromised by one or more viruses,
worms, or other malicious software.
Since this guide is about the government and not hackers, and since there are plenty of other
resources about fighting viruses and the like, we’ll only share some basic thoughts on how to
secure yourself against Internet-based attacks. Several of these steps will help protect you from
any hacker, be it a government agent or an identity thief:
For maximum security, create an "air gap" between sensitive data and the Internet. To
protect confidentiality and integrity, do not connect computers that store sensitive information to
the Internet or other public networks. Any computer connected to the Internet is exposed and
possibly vulnerable to a huge number of attacks.
Avoid Microsoft products where possible. Computers using the Microsoft Windows platform
are especially vulnerable as of this writing (although no operating system is immune to all
potential attacks). Consider using a non-Microsoft operating system if possible. However, if you
have to use Microsoft Windows and you are connecting to the Internet, your best bet is to
minimize the number of Microsoft Internet applications you use – for example, use Firefox as a
browser or Thunderbird as a mail client. Microsoft’s Internet Explorer and its email programs
Outlook and Outlook Express are very difficult for even professionals to secure. Furthermore,
adversaries tend to attack more popular platforms and applications.
Keep your software updated. Use the latest stable version of your operating system. As of this
writing, Windows 95, 98, and ME are utterly obsolete. You should be using at least Windows
Server 2003 for servers and Windows XP for clients, with all patches and service packs applied.
For Macintosh computers, use OS X 10.4 or greater, with all patches applied. For Linux and
Unix, get whatever version is the most recent stable release, and follow all updates. It is
especially important not to let server software versions lag behind, since servers are always on
and always connected.
Maintain your firewalls. Firewalls are software or hardware components that protect your
computer or network from the Internet, blocking traffic based on network-related parameters like
IP addresses and port numbers. Firewalls can protect against those who want to access your
computer without permission. Configuring network firewalls is pretty tough for the layperson
and beyond the scope of this guide, but you should learn how to use the personal firewall
software that’s included in most recent operating systems.
For more detailed information about malware, check out the Malware article in the Defensive
If You Don't Keep It, They Can't Get It; If You Do Keep It, Encrypt It!
In a nutshell: if you don't want the government to see it, encrypt it or don't keep it.
Subpoenas are less threatening than search warrants, but pose a much greater risk. Only a good
lawyer can help you avoid having to respond to a subpoena, and oftentimes even a good lawyer
will fail, and you’ll have to turn the information over or face contempt charges. The best defense
against a subpoena is to not have what they are looking for.
Not having what they’re looking for is also your best defense against a search warrant, which is a
much higher threat but lower risk. After that your best bet is encryption. You may not be able to
stop the government from seizing your computers, but by using encryption you might be able to
stop them from searching the data on those computers.
Data on the Wire
Electronic Surveillance and Communications Privacy
In this section, you'll learn about what the government can do — technically and legally — when
it wants to conduct real-time surveillance of your communications, whether by planting a "bug"
to eavesdrop on your face-to-face conversations, "wiretapping" the content of your phone calls
and Internet communications, or using "pen registers" and "trap and trace devices" to track who
you communicate with and when. We'll also discuss what steps you can take to defend against
this kind of surveillance, with a focus on how to use encryption to protect the privacy of your
What Can the Government Do?
When the government wants to record or monitor your private communications as they happen,
it has three basic options, all of which we'll cover in-depth: it can install a hidden microphone or
"bug" to eavesdrop on your conversation; it can install a "wiretap" to capture the content of your
phone or Internet communications as they happen; or it can install a "pen register" and a "trap
and trace device" to capture dialing and routing information indicating who you communicate
with and when. In this section, we'll lay out the legal rules for when the government can conduct
these types of surveillance, and look at some statistics to help you gauge the risk of having your
Wiretapping By The Government is Strictly Regulated
When it comes to secretly eavesdropping on your conversations — whether you're talking in
private or public, on the phone or face to face, by email or by instant messenger — no one's got
better funding, equipment or experience than the government. They are capable of "bugging" you
by using tiny hidden microphones that they've installed in your home, office, or anywhere else
that you have private conversations. They can also bug you from long distances or through
windows using high-powered microphones, or even laser microphones that can hear what you
say by sensing the vibrations of your voice on the window's glass. They can put a "wire" or a
small hidden microphone on an informant or undercover police officer to record their
conversations with other people. Or they can conduct a "wiretap," where they tap into your
phone or computer communications.
Use of these investigative techniques is regulated by very strong laws that protect the privacy of
your communications against any eavesdropper, including law enforcement, and we'll describe
those below. (Another set of laws regulating surveillance for foreign intelligence and national
security purposes will be discussed later.)
However, it's important to note at the outset that the government has been known to break these
laws and spy on communications without going to a judge first, usually in the name of national
security. Indeed, as was first revealed in December 2005, since 9/11 the National Security
Agency (NSA) has been conducting a massive and illegal program to wiretap the phone calls and
emails of millions of ordinary Americans without warrants, hoping to discover terrorists by
sifting through the mounds of data using computers (for more details, see EFF's NSA Spying
page and the Beyond FISA section of this guide).
One might hope that the information collected as part of the NSA's dragnet surveillance will only
be used against real terrorists, but there's no guarantee, particularly when there's no court
oversight. And we don't have any hard data about how the NSA actually uses that information,
with whom it is shared, or how long it is stored. So, although communications that have been
illegally wiretapped by the NSA are unlikely to be used against you in a criminal trial — the
Fourth Amendment's exclusionary rule would likely disallow it — there's no knowing whether it
might be used against you in the future in some other way.
Therefore, regardless of the strengths of the laws described below, you should consider
wiretapping to be a high risk, unless and until the NSA program is stopped by Congressional
action or a successful lawsuit. EFF is currently suing the government and the individual officials
responsible for the NSA program (see http://www.eff.org/cases/jewel), as well as AT&T, one of
the companies assisting in the illegal surveillance (see http://www.eff.org/nsa/hepting), to try and
stop the surveillance.
Wiretapping Law Protections
Wiretapping Law Protects "Oral," "Wire," and "Electronic" Communications Against "Interception"
Before 1967, the Fourth Amendment didn't require police to get a warrant to tap conversations
occurring over phone company lines. But that year, in two key decisions (including the Katz
case), the Supreme Court made clear that eavesdropping — bugging private conversations or
wiretapping phone lines — counted as a search that required a warrant. Congress and the states
took the hint and passed updated laws reflecting the court's decision and providing procedures
for getting a warrant for eavesdropping.
The federal wiretap statute, originally passed in 1968 and sometimes called "Title III" or the
Wiretap Act, requires the police to get a wiretap order — often called a "super-warrant" because
it is even harder to get than a regular search warrant — before they monitor or record your
communications. One reason the Fourth Amendment and the statute give us more protection
against government eavesdropping than against physical searches is because eavesdropping
violates not only the targets' privacy, but the privacy of every other person that they
The Supreme Court has also said that since eavesdropping violates so many individuals' privacy,
the police should only be allowed to bug or wiretap when investigating very serious crimes. So,
the Wiretap Act contains enumerated offenses — that is, a list of crimes — that are the only ones
that can be investigated with a wiretap order. Unfortunately, Congress has added so many crimes
to that list in the past 30 years that now practically any federal felony can justify a wiretap order.
The Wiretap Act requires the police to get a wiretap order whenever they want to "intercept" an
"oral communication," an "electronic communication," or a "wire communication." Interception
of those communications is commonly called electronic surveillance.
An oral communication is your typical face-to-face, in-person talking. A communication
qualifies as an oral communication that is protected by the statute (and the Fourth Amendment)
if it is uttered when you have a reasonable expectation that your conversation won't be recorded.
So, if the police want to install a microphone or a "bug" in your house or office (or stick one
outside of a closed phone booth, like in the Katz case), they have to get a wiretap order. The
government may also attempt to use your own microphones against you — for example, by
obtaining your phone company's cooperation to turn on your cell phone's microphone and
eavesdrop on nearby conversations.
A wire communication is any voice communication that is transmitted, whether over the phone
company's wires, a cellular network, or the Internet. You don't need to have a reasonable
expectation of privacy for the statute to protect you, although radio broadcasts and other
communications that can be received by the public are not protected. If the government wants to
tap any of your phone calls — landline, cellphone, or Internet-based — it has to get a wiretap
An electronic communication is any transmitted communication that isn't a voice
communication. So, that includes all of your non-voice Internet and cellular phone activities like
email, instant messaging, texting and websurfing. It also covers faxes and messages sent with
digital pagers. Like with wire communications, you don't need to have a reasonable expectation
of privacy in your electronic communications for them to be protected by the statute.
Privacy tip: Voice communications have more legal protection.
Under the Wiretap Act, although a wiretap order is needed to intercept your email and other
electronic communications, only your oral and wire communications — that is, voice
communications — are covered by the statute's exclusionary rule. So, for example, if your phone
calls are illegally intercepted, that evidence can't be introduced against you in a criminal trial, but
the statute won't prevent the introduction of illegally intercepted emails and text messages.
An interception is any acquisition of the contents of any oral, wire, or electronic communication
using any mechanical or electronic device — for example, using a microphone or a tape recorder
to intercept your oral communications, or using computer software or hardware to monitor your
Internet and phone communications. Wiretap law does not protect you from government
eavesdroppers that are just using their ears.
Although the government may get a super-warrant to "intercept" your communications, it is not
allowed to prevent your communications from occurring. For example, the government can't
prevent your calls from being connected, block your emails and their attachments, or otherwise
interfere with your communications based on an intercept order. In fact, if their goal is to gather
intelligence on you by tapping your communications, it will not be in their best interest to
interfere in your communications and possibly tip you off to their surveillance, which might
prompt you to use another communications method that may be more difficult to tap.
According to the Wiretap Act, it's a crime for anyone that is not a party to a communication —
anyone that isn't one of the people talking, listening, writing, reading, or otherwise participating
in the communication — to intercept the communication, unless at least one of the parties to the
communication has previously consented to (agreed to) the interception. Many state wiretap laws
require all parties to consent, but those laws control state and local police, not the feds. If the
police want to intercept an oral, wire, or electronic communication to which they are not a party
and for which they have no consent, they have to get a wiretap order. Of course, an undercover
police officer or informant that is talking to you while wearing a wire is a party to the
conversation and has consented to the interception.
Privacy tip: Wiretapping and public websites, newsletters, and message boards
The police do not need to get a wiretap order to read your organization's website, sign up for
your email newsletter, visit your public MySpace or Facebook profile or pose as a member in an
Internet chat room. Since those are all open to the public, you're allowing the police to become a
party to those communications.
Getting a Court Order Authorizing a Wiretap
It Isn't Easy
The requirements for getting a wiretap order from a judge are very strict. The Wiretap Act (and
similar state statutes) requires law enforcement to submit a lengthy application that contains a
full and complete statement of facts about (1) the crime that has been, is being, or is about to be
committed and (2) the place, like your house or office, and/or the communications facilities, like
those of your phone company or ISP, from which the communications are to be intercepted. The
government must also submit a particular description of (3) the communications sought to be
intercepted and (4) the identity of the persons committing the crime (if known) and of the
persons whose communications are to be intercepted. Finally, the government must offer 5) a full
and complete statement of whether other investigative procedures have been tried and have
failed or why they appear unlikely to succeed or are too dangerous, (6) a full and complete
statement of the period of time for which the interception is to be maintained, and (7) a full and
complete statement about all previous wiretap applications concerning any of the same persons,
facilities, or places.
The court can then issue the wiretap order only if it finds probable cause to believe that (1) a
person is committing an enumerated offense (one of the crimes listed in the Wiretap Act); (2)
communications concerning that crime will be obtained through the interception; and (3) the
facilities from which the communications are to be intercepted are being used in connection with
the commission of the offense. The court must also find that normal investigative techniques
have failed, appear unlikely to succeed, or would be too dangerous.
The wiretap order, if issued, will almost always require the cooperation of some other person for
it to be carried out. For example, the police can make your landlord let them into your apartment
to install a bug, or, more often, force your ISP or phone company to help them intercept your
phone or Internet communications. The wiretap order will include a "gag order" prohibiting
anyone who cooperated with the police from telling you — or anyone else — about the wiretap.
It's important to note that when it comes to tapping your Internet or phone communications, third
parties like your ISP or your phone company can act as an important check on police abuse. In
general, the police need their cooperation, and most will not cooperate unless there is a valid
wiretap order requiring them to (otherwise, they could be violating the law themselves).
However, as AT&T and other companies' cooperation in the NSA's illegal wiretapping shows,
these companies can never be a perfect check against government abuse, particularly when the
government cites national security as its goal.
Although law enforcement can intercept your communications without your knowledge, they
generally have to tell you about it when they are done. A wiretap order initially lasts for 30 days,
and investigators can obtain additional 30-day renewals from the court if they need more time.
But after the interception is completed and the wiretap order expires, an inventory must be issued
to the person(s) named in the wiretap order and, as the judge may require, to other persons whose
communications were intercepted.
How Big is The Risk?
A wiretap is an incredibly powerful surveillance tool. A single wiretap can invade the privacy of
dozens or even hundreds of people. Fortunately, wiretaps in criminal investigations are pretty
rare. Here are some numbers to keep in mind when calculating the risk of government wiretaps
to you or your organization, according to the 2007 Wiretap Report to Congress from the
Administrative Office of U.S. Courts:
In 2007, according to the report, 2,208 applications for wiretap orders were submitted to state
and federal courts. 457 were in federal cases, the rest state. The courts granted every
application, and of the 2,208 authorized wiretaps, 2,119 of them were installed.
Although it may appear that the number of federal wiretaps has been steadily dropping since
2004, in contrast to the sharp rise in state wiretaps, the truth is much more troubling. According
to the latest report, the U.S. Department of Justice has in recent years declined to provide
information about all of its wiretap activity for the report, in order to protect "sensitive and/or
sealed" information. The Department of Justice admits that if it did provide all of that
information, however, the 2007 report "would not reflect any decrease in the use of court-
approved electronic surveillance" by U.S. agencies. So, the feds aren't wiretapping any less —
they're just being even more secretive about it — and presumably the number of federal
wiretaps is growing at the same rate as the state number.
On average, according to the report, each installed wiretap intercepted over 3,000 separate
On average, according to the report, each installed wiretap intercepted the communications of
94 different people. In other words, the 2,119 installed wiretaps reported in 2007 intercepted
the communications of nearly two hundred thousand people!
"Roving" wiretap orders are especially powerful. Instead of being limited to particular phone
lines or Internet accounts, these orders allow the police to tap any phone or computer that the
suspect uses, even if it isn't specified in the order itself. In 2007, 21 roving wiretap orders were
reported by state authorities, mostly in narcotics cases. The federal authorities didn't report any
roving wiretaps, but that doesn't mean they didn't use them; the Department of Justice likely
thinks all of its roving wiretaps were in cases too "sensitive" to warrant reporting.
Over 80% of all reported wiretap orders in 2007 were issued in drug investigations.
Wiretap orders by crime:
Nearly 95% of the 2,119 wiretap installations reported in 2007 were for the interception of wire
communications — that is, taps on phones — rather than for interception of electronic
communications. It's doubtful that the federal authorities have been fully forthcoming on this
point — they reported only one (!) wiretap of electronic communications and only three
wiretaps that collected a combination of wire and electronic communications — but it's clear
that telephone wiretaps are still much more prevalent than Internet wiretaps. One major reason
for this is that the government has another way of getting at your Internet communications,
under less strict legal requirements: by obtaining stored copies of your communications from
your ISP or your email provider, as described in the next section, Information Stored By Third
Parties. Oral intercepts — through the bugging of your home or car or office, for example — are
also quite rare. You're more likely to have your oral conversations intercepted by an undercover
agent or informant wearing a hidden microphone, since such conduct does not require a
Wiretaps by type of communication intercepted:
In conclusion, although the annual Wiretap Report is no longer as useful a gauge as it once was
due to the Department of Justice's recent withholding of information, it's still clear that unless
you're suspected of dealing drugs (or targeted for foreign intelligence surveillance), the chances
of you or your organization's phone lines being tapped are fairly low, and the chances of your
Internet communications being tapped are even lower. But remember, you don't have to be a
suspect to end up having your communications intercepted. So, for example, if your organization
serves a client population arguably connected to criminal activity, or if you personally associate
with "shady characters," your risk goes up.
"Pen Registers" and "Trap and Trace Devices"
Less Powerful Than a Wiretap But With Much Weaker Privacy Safeguards
There's a particular type of communications surveillance that we haven't discussed yet and that's
not included in the above numbers: surveillance using pen registers and/or trap & trace devices
("pen/trap taps"). Pen registers record the phone numbers that you call, while trap & trace
devices record the numbers that call you. The Supreme Court decided in 1979, in the case of
Smith v. Maryland, that because you knowingly expose phone numbers to the phone company
when you dial them (you are voluntarily handing over the number so the phone company will
connect you, and you know that the numbers you call may be monitored for billing purposes),
the Fourth Amendment doesn't protect the privacy of those numbers against pen/trap surveillance
by the government. The contents of your telephone conversation are protected, but not the
Luckily, Congress decided to give us a little more privacy than the Supreme Court did — but not
much more — by passing the Pen Register Statute to regulate the use of "pen/trap" devices.
Under that statute, the police do have to go to court for permission to conduct a pen/trap tap and
get your dialing information, but the standard for getting a pen/trap order is much lower than the
probable cause standard used for normal wiretaps. The police don't even have to state any facts
as part of the Electronic Communications Privacy Act of 1986 — they just need to certify to the
court that they think the dialing information would be relevant to their investigation. If they do
so, the judge must issue the pen/trap order (which lasts for sixty days rather than a wiretap
order's thirty days). Also, unlike normal wiretaps, the police aren't required to report back to the
court about what they intercepted, and aren't required to notify the targets of the surveillance
when it has ended.
With a pen/trap tap on your phone, the police can intercept:
The phone numbers you call
The phone numbers that call you
The time each call is made
Whether the call was connected, or went to voicemail
The length of each call
Most worrisome, we've heard some reports of the government using pen/trap taps to intercept
content that should require a wiretap order: specifically, the content of SMS text messages, as
well as "post-cut-through dialed digits" (digits you dial after your call is connected, like your
banking PIN number, your prescription refill numbers, or your vote for American Idol).
That information is revealing enough on its own. But pen/traps aren't just for phones anymore —
thanks the USA PATRIOT Act, the government can now use pen/trap orders to intercept
information about your Internet communications as well. By serving a pen/trap order on your
ISP or email provider, the police can get:
All email header information other than the subject line, including the email addresses of the
people to whom you send email, the email addresses of people that send to you, the time each
email is sent or received, and the size of each email that is sent or received.
Your IP (Internet Protocol) address and the IP address of other computers on the Internet that
you exchange information with, with timestamp and size information.
The communications ports and protocols used, which can be used to determine what types of
communications you are sending using what types of applications.
Although we don't think the statute allows it, the police might also use pen/trap taps to get the
URLs (web addresses) of every website you visit, allowing them to track what you are reading
when you surf the web. The Department of Justice's apparent policy on this score is to collect
information about what site you are visiting — e.g., "www.eff.org" — using pen/trap taps, but to
obtain a wiretap order before collecting information about what particular page or file you are
visiting — e.g., "www.eff.org/nsa". However, there's no way to confirm that federal authorities
actually follow this policy in all cases, and serious doubt as to whether state authorities do.
(If you are confused by terms like "IP addresses" and "communications ports and protocols", you
may want to take a quick look at our very basic explanation of how the Internet works.)
Pen/trap taps enable what the security experts call traffic analysis. That's when an attacker tries
to discover information about an asset by analyzing how it moves. For example, if your
organization is working with another organization and you need to keep the relationship
confidential, traffic analysis of your Internet communications could reveal the connection and
show who you emailed, who you instant messaged with, what web sites you visited, and what
online forums you posted to. It could also show when those communications occurred and how
big they were.
For the government, the usual goal of a pen/trap tap is to identify who you are communicating
with and when. In particular, individuals can often be identified based on the IP address assigned
to their computer. IP addresses are generally allotted in batches, semi-permanently, to
institutions such as universities, Internet service providers (ISPs), and businesses. Depending
how the institution distributes its IP address allotment, it may be more or less difficult to link
specific computers, and users, to certain IP addresses. It is often surprisingly easy. ISPs often
keep detailed logs about IP address allotment, and as we'll discuss later, those logs are easy for
the government to get using a subpoena. Similarly, if the government is collecting email
addresses with a pen/trap, it's easy for them to go to the email provider and subpoena the identity
of the person who registered that address.
Another purpose of pen/trap taps is to access information about your cell phone's location in real-
time. When your handset is powered on, it connects to nearby cell towers to signal its proximity,
so that the towers can rapidly route a call when it comes through. Law enforcement can use
pen/trap devices to monitor these connections, or "pings", to pinpoint the physical location of the
handset, sometimes within a few meters. And although Congress has made clear that pen/trap
orders alone cannot be used to authorize this sort of location surveillance, it hasn't yet clarified
what type of court order would suffice. So, although many courts have chosen to require
warrants for location tracking, others have not, and the government has routinely been able to get
court authorization for such tracking without probable cause.
As already noted, court authorization for a pen/trap tap is much easier to get than a wiretap order.
We don't know how many pen/trap orders get issued every year — unfortunately, there is no
annual report on pen/trap surveillance like there is for wiretapping — but we have heard
unofficial numbers that reach into the many tens of thousands. Therefore, the risk of being
subjected to pen/trap surveillance is higher than the risk of being wiretapped.
What Can I Do To Protect Myself?
In the last section, you learned that wiretapping and pen-trap tapping are powerful and routine
government surveillance techniques, and got an idea of how often those techniques are legally
used. In this section, you'll learn how to defend yourself against such real-time communications
surveillance. As we'll describe in detail below, unless you take specific technical measures to
protect your communications against wiretapping or traffic analysis — such as using encryption
to scramble your messages — your best defense is to use the communications methods that
possess the strongest and clearest legal protections: postal mail and landline telephones.
Electronic Eavesdropping is Legally Hard for the
Government, But Technically Easy
As you learned in the last section, wiretapping is legally difficult for the government: it must
obtain a hard-to-get intercept order or "super-warrant" from a court, subject to strict oversight
and variety of strong privacy protections. However, wiretapping is typically very technically
easy for the government. For example, practically anyone within range of your laptop's wireless
signal, including the government, can intercept your wireless Internet communications. Similarly,
practically anyone within range of your cell phone's radio signal, including the government, can
— with a few hundred bucks to buy the right equipment — eavesdrop on your cell phone
As far as communications that travel over telecommunications' companies cables and wires
rather than (or in addition to) traveling over the air, the government has very sophisticated
wiretapping capabilities. For example, using a nationwide surveillance system called "DCSNet"
("DCS" stands for "Digital Collection System") that is tied into key telecommunications switches
across the country, FBI agents can from the comfort of their field offices "go up" on a particular
phone line and start intercepting or pen-trap tapping wireline phone calls, cellular phone calls,
SMS text messages and push-to-talk communications, or start tracking a cell phone's location, at
a moment's notice. The government is believed to have similar capabilities when it comes to
Internet communications. The extensive and powerful capabilities of the DCSNet, first
uncovered in government documents that EFF obtained in a Freedom of Information Act lawsuit
(details at http://www.eff.org/issues/foia/061708CKK), are well-summarized in the Wired.com
article "Point, Click...Eavesdrop: How the FBI Wiretap Net Operates".
Using "bugs" to eavesdrop on your oral conversations has also gotten much easier for the
government with changes in technology. Most notably, the government now has the technical
capability, with the cooperation of your cell phone provider, to convert the microphone on some
cell phones or the cell phone in your car's emergency services system into a bug. The
government likely also has the ability, with your phone company's help, to open the line on your
landline phone and use its microphone as a bug, although we've yet to see any specific cases
where such landline phone-based bugging has been used. Finally, the government may even have
the capability, using remotely-installed government malware, to turn on the microphone or
camera on your computer.
Choosing a Communication Method
Old Ways are Often the Best Ways
Considering the government's broad capability to wiretap communications, there isn't much
difference in the technical risk that wiretapping poses to your phone calls versus your emails
versus your SMS text messages. However, as described in the last section, there are differences
in the legal protections for these modes of communication, and as will be described later in this
section, there may be technical steps that you can take — such as encrypting your
communications — that may be easier or harder depending on which communications method
So, when thinking about securing your communications against eavesdropping and wiretapping,
your first choice — whether to meet in person, call on the telephone, write an email, or tap out an
SMS text or IM message — is also your most important choice. As you'll see below, the least
technically sophisticated modes of communication like face-to-face conversations and landline
telephone conversations are often the most secure against unwanted eavesdropping, unless you
and those you communicate with have mastered how to encrypt your Internet communications.
Face-to-Face Conversations Are the Safest Bet
As shown in the last section, government eavesdropping of your "oral communications" or face-
to-face conversations using "bugs" or hidden microphones is very rare: only 20 court orders
authorizing oral intercepts were reported in the 2007 wiretap report, compared to 1,998 orders
authorizing wiretapping of "wire communications" or voice communications. In other words,
you are 100 times more likely to have your phone conversations tapped than to have your face-
to-face conversations "bugged".
Not only are your oral conversations at less risk than your phone conversations, but they also
receive the same strong legal protections as your phone conversations. Like your phone calls and
unlike your non-voice Internet communications, oral communications that are intercepted in
violation of the Wiretap Act are subject to that statute's exclusionary rule, and cannot be used
against you as evidence in a criminal trial.
Therefore, face-to-face conversations in private are the most secure method of communicating.
Deciding whether to talk face-to-face rather than send an email or make a telephone call
becomes a traditional security trade-off: is the inconvenience of having to meet face-to-face
worth the security gain? Depending on whom you want to talk to and where they are, that
inconvenience could be trivial or it could mean a cross-country trip. If the person you want to
communicate with is in the same office or just next door, you may want to choose a private
conversation even for communications that aren't particularly sensitive. When it comes to your
very most sensitive data, though, that cross-country flight might be worth the trade-off.
Just because the risk of oral interception is very low doesn't mean you shouldn't take technical
precautions to reduce that risk, particularly when it comes to very sensitive conversations.
Therefore, depending on how convenient it is and how sensitive the conversation is — again, it's
a trade-off — you may want to have your conversation in a room that does not contain a landline
telephone or a computer with a built-in or attached microphone or camera, and either not carry
your cell phone or remove its battery (the microphone on some phones can be activated even
when the phone is powered down, unless you remove the battery). Even if your conversation isn't
especially sensitive, it doesn't hurt to detach external microphones and cameras from your laptop
or cover the lens of attached cameras with a small piece of tape when they aren't in use. It's easy
to do, and ensures that remote activation of those mics and cameras is one less thing to worry
Using the Telephone is Still the Second Safest Bet
If having an oral conversation is simply too great an inconvenience, the second most secure
option — unless you've mastered how to encrypt your internet communications — is to use the
phone. Even though your phone is statistically more likely to be wiretapped than your Internet
communications, the phone is still less risky than unencrypted Internet communications.
This is true for several reasons. First and most important, your phone calls don't generate copies
of your communications — once your call is over, the communication disappears forever.
Internet communications, on the other hand and as discussed more below, generate copies that
make it easier and more likely that someone can find out what you said. The risk of subpoenas to
get these copies is much higher than the risk of a phone wiretap. Also, many more potential
adversaries have or can gain access to your Internet traffic than to your phone lines.
Also, remember that "wire communications" — that is, voice communications — get more legal
protection. If your voice communications are wiretapped in violation of the Wiretap Act, they
won't be allowed as evidence; illegally wiretapped Internet communications may still end up in
court. That means that investigators have less reason to avoid stretching the law when it comes to
your electronic communications.
Speaking generally, just as phone conversations are a safer bet than unencrypted Internet
communications, telephone conversations between landline telephones are a safer bet than
telephone conversations that involve a cellular telephone.
Most obviously, conversations that involve cellular telephones are technically much easier to tap
than your landline phone conversations — anyone who is in range of a cell phone's radio signal
can listen in using a few hundred dollars worth of specialized cell phone interception equipment
(for more discussion of the security threats posed to mobile devices like cell phones, see the
article on mobile devices). If you are concerned that government agents may ignore the law and
choose to intercept your phone conversations without a wiretap order, intercepting your cell
phone's radio signals would be an effective way for them to secretly do so, particularly
considering that they do not need to get the assistance of the cell phone provider and that their
radio-based interception wouldn't leave any physical trace.
Cell phone conversations may also be more vulnerable legally — some courts have held that
communications using cordless telephones are not protected by the Fourth Amendment, finding
that there is no reasonable expectation of privacy in the radio signal sent between the cordless
handset and the base station. The government may similarly consider the radio signal sent
between your cell phone and the cell phone company's cell tower to be unprotected by the Fourth
Privacy tip: Avoiding phone tap paranoia
Contrary to popular belief, modern phone wiretaps used by the government don't make any noise
— no clicks, no hisses, no static, nothing. Don't worry that the government is monitoring you if
you happen to hear some unexplained noise on the phone line. You wouldn't believe how often
we're told, "I think I'm being wiretapped — I keep hearing clicks!"
What About Phone Calls Using the Internet?
Your "wire communications" or voice communications are subject to stronger legal protections
than your other communications, regardless of what communications medium you use. So, for
example, whether government agents intercept your landline telephone call, your cellular
telephone call, or a telephone call made over the Internet, the Wiretap Act's exclusionary rule
will prevent them from using that information as evidence against you in a criminal trial if they
didn't get a wiretap order first. In contrast, the statute wouldn't prevent the government from
using illegally intercepted "electronic communications" like text messages or emails as evidence.
Therefore, you may want to consider using Voice-over-IP (VoIP) services, which allow you to
send live voice communications — basically, phone calls — over the Internet. VoIP may be
more private than regular calls for one big reason: it's easier to encrypt your conversation, as
encrypting regular phone calls is very difficult and expensive. Unfortunately, there isn't any
obviously effective and trustworthy option for encrypted VoIP that we can recommend at the
moment. See our article on VoIP for futher details.
Avoid SMS Text Messages If You Can
Text messaging over your cell phone using SMS can be an incredibly quick and convenient way
of communicating short messages, but from a privacy perspective, it poses some serious
First, just like your cell phone conversations, SMS text messages sent to and from your cell
phone can easily be intercepted over radio with minimal equipment and without any cooperation
from the cell phone provider.
Second, just like with your cell phone conversations, it's unclear whether the Fourth Amendment
protects the radio signals that carry your SMS messages against interception. This uncertainty
increases the possibility that the government may intercept such communications without a
probable cause warrant.
Third, and unlike your cell phone calls, SMS messages are "electronic communications" rather
than "wire communications," and therefore aren't protected by the Wiretap Act's exclusionary
rule. That means the statute would allow the government to use your messages against you in a
criminal case, even if they were intercepted without a wiretap order in violation of the statute.
Finally, although the Wiretap Act clearly does require the government to obtain a wiretap order
before intercepting SMS messages, just as with any other "electronic communication," we have
heard anecdotal reports of the government intercepting SMS messages without wiretap orders,
instead using the much-easier-to-obtain pen/trap orders. These reports are bolstered by known
cases where the government has obtained the content of stored SMS messages under the lesser
standards reserved for non-content communications records.
Putting all these factors together, we currently consider SMS messages to be highly vulnerable to
government wiretapping, and recommend reserving that mode of communication for only the
most trivial of communications, if you use it at all. The only exception is if you use encryption to
protect your SMS messages. For now, SMS encryption software for cell phones is still quite rare,
though you can find information about such software for Java-enabled phones here.
Learn to Encrypt Your Internet Communications
Always remember that anyone with access to a wire or a computer carrying your
communications, or within range of your wireless signal, can intercept your Internet
communications with cheap and readily available equipment and software. Lawyers call this
wiretapping, while Internet techies call it "packet sniffing" or "traffic sniffing". The only way to
protect your Internet communications against wiretapping by the government or anyone else is
by using encryption. Of course, it is true that most encryption systems can be broken with
enough effort. However, breaking modern encryption systems usually requires that an adversary
find a mistake in the way that the encryption was engineered or used. This often requires large
amounts of effort and expense, and means that encryption is usually a critically significant
defensive measure even when it isn't totally impregnable.
Encryption, unfortunately, isn't always easy to use, so as in other cases, your decision of whether
to use it will pose a trade-off: is the inconvenience of using the encryption worth the security
The occasional inconvenience posed by some encryption systems is counter-balanced by the fact
that encryption will protect you against much more than overzealous law enforcement agents.
Your Internet communications are vulnerable to a wide range of governmental and private
adversaries in addition to law enforcement, whether it's the National Security Agency or a hacker
trying to intercept your credit card number, and encryption will help you defend against those
adversaries as well.
Also, as described in later sections, encrypting your communications not only protects against
wiretapping but can also protect your communications while they are stored with your
communications provider. So, for example, even if the government is able to seize your emails
from your provider, it won't be able to read them.
Considering all the benefits of encryption, we think that it's usually worth the trade-off, although
as always, your mileage may vary depending on your tolerance for inconvience and on how
serious you judge the threat of wiretapping to be. In some cases, using encryption may not be
inconvenient at all. For example, the OTR encryption system for IM is extremely easy to set up
and use; there's little reason not to give it a try. Check out the following articles to learn more
about how you can use encryption to protect your internet communications against wiretapping,
as well as against traffic analysis using pen-trap taps.
Wi-Fi. Using encryption is especially critical when transmitting your Internet communications
over the air using Wi-Fi, since pretty much anyone else in the area that has a wireless-enabled
laptop can easily intercept your radio signals. This article will explain how to encrypt the radio
signals sent between your laptop and a wireless access point.
Virtual Private Networks (VPNs). Virtual Private Networks or "VPNs" are a potent encryption
tool allowing you to "tunnel" communications securely over the Internet.
Web browsers. Some of your web communications can be encrypted to protect against traffic
sniffing. Take a look at this article to learn more about HTTPS, the most common web
encryption standard, as well as other browser security and privacy tips.
Email and IM. There are a number of powerful tools available for encrypting your emails and
your IM messages; take a look at these articles to learn more.
Tor. Tor is free, powerful, encryption-based anonymizing software that offers one of the few
methods of defending yourself against traffic analysis using pen-trap taps, and also provides
some protection against wiretapping. Visit this article for all the details.
Defend Yourself Against Cell Phone Tracking
As described earlier, the government can use information transmitted by your cellular telephone
to track its location in real-time, whether based on what cell phone towers your cell phone is
communicating with, or by using the GPS chip included in most cell phones.
Many courts have required the government to obtain a warrant before conducting this type of
surveillance, often thanks to briefing by EFF. (For more information on our work in this area,
visit EFF's cell tracking page.) However, many other courts have been happy to routinely
authorize cell phone tracking without probable cause.
Even more worrisome, the government has the capability to track cell phones without the cell
phone provider's assistance using a mobile tracking technology code-named "triggerfish". This
technology raises the possibility that the government might bypass the courts altogether. Even if
the government does seek a court order before using "triggerfish," though, it will only need to get
an easy-to-get pen-trap order rather than a wiretap order based on probable cause.
Put simply, cell phone location tracking is an incredibly powerful surveillance technology that is
currently subject to weak technical and legal protections.
Unfortunately, if you want to use your cell phone at all, avoiding the threat of this kind of real-
time tracking is nearly impossible. That's because the government can track your cell phone
whenever it's on, even if you aren't making a call. The government can even track some cell
phones when they are powered down, unless you have also removed the battery. So, once again,
there is a security trade-off: the only way to eliminate the risk of location tracking is to leave the
cell phone at home, or remove the battery.
For more information about the privacy risks posed by cell phones, take a look at our article on
mobile devices. You may also want to take a look at the advice offered by MobileActive.org in
its Primer on Mobile Surveillance.
What You Need to Know
Due to a combination of legal and technical factors, face-to-face conversations and conversations
using landline telephones are more secure against government wiretapping than cell phone or
Internet communications. Cell phone conversations are more vulnerable both technically and
legally, while SMS text messaging appears for now to be very insecure both technically and
legally. Cell phones also create the risk of location tracking, and the only way to eliminate that
risk entirely is to not carry a cell phone or to remove the battery.
When it comes to Internet communications, using encryption is the only way to defend against
wiretapping, whether by the government or anyone else.
When it comes to pen/trap taps, on the other hand, most encryption products won't protect the
types of information that the government can get. That information needs to be transmitted in the
clear so computers can direct it to the proper recipient. Only anonymizing tools like Tor will
protect you from traffic analysis via pen/trap tap.
Information Stored By Third Parties
Third parties — like your phone company, your Internet service provider, the web sites you visit
and interact with or the search engine that you use — regularly collect a great deal of sensitive
information about how you use the phone system and the Internet, such as information about
who you're calling, who's emailing or IMing you, what web pages you're reading, what you're
searching for online, and more. In addition to those records being compiled about you, there's
also data that you choose to store with third parties, like the voicemails you store with you cell
phone company or the emails you store with your email provider. In this section, we'll talk about
the legal rules that govern when and how law enforcement agents can obtain this kind of
information stored by and with third parties. We'll then outline steps that you can take to reduce
that risk, by learning how to reduce the amount of information collected about you by third
parties, minimize the amount of data you choose to store with third parties, or replace plainly
readable data with encrypted versions for storage with third parties.
What Can the Government Do?
In addition to being able to use wiretaps to intercept your communications while they are being
transmitted, the government has a variety of ways of getting (1) records about your
communications and (2) the content of communications that you have stored with a third party.
In particular, the government can get all of the records that your ISP, phone company, or other
communications service providers have on you, and the SMS messages, instant messages, emails
or voice-mails you've stored with them. However, unlike regular third-party records discussed
above, which can be subpoenaed without any notice to you, the records of your communications
providers are given some extra protection by the "Stored Communications Act" portion of the
"Electronic Communications Privacy Act", or ECPA.
So what can the government get?
Some Records Only Require a Subpoena
Basic Subscriber Information Held by Your Communications Providers Is Available With Just a Subpoena
With a subpoena, the government can obtain from your communications providers what is often
called "basic subscriber information." Sometimes, the subpoena will specifically name a person
whose information is being sought; other times the government will ask for information
regarding a particular phone number, Internet username, email address, or IP address. With such
a subpoena, the government can (only) get your:
The length of time you've used that phone or Internet company, along with service start date
and the types of services you use.
Phone records. They can get your telephone number, as well as local and long distance
telephone connection records — those are records identifying all the phone numbers you've
called or have called you, and the time and length of each call.
Internet records. They can get the times you signed on and off of the service, the length of each
session, and the IP address that the ISP assigned to you for each session.
Information on how you pay your bill, including any credit card or bank account number the ISP
or phone company has on file.
The government can get this information with no notice to you at all, and can also get a court
order forcing your service provider not to tell you or anyone else.
Other Records Require a Court Order
Other Communications Records Held by Your Communications Providers Require a Court Order
In order to get a communications provider to turn over other records beyond basic subscriber
information, the government either has to get a search warrant or a special court order.
Sometimes called "D" orders, since they are authorized in subsection (d) of section 2703 of the
Stored Communications Act, these court orders are much easier to get than search warrants but
harder to get than subpoenas. The government can get this information with no notice to you at
all, and can also get a court order forcing your service provider not to tell you or anyone else.
In addition to basic subscriber information, your ISP or email provider may maintain records or
The email addresses of people you send emails to and receive emails from, the time each email
is sent and received, and the size of each email
The IP addresses of other computers on the Internet that you communicate with, when you
communicated with them, and how much data was exchanged
The web addresses of the web pages that you visit
Which, if any, of the above are logged varies, depending on your particular ISP or email
provider's privacy policies and resources. However, just about every ISP will log IP addresses
and log-on/off times, and keep those logs for at least a few months.
Cellular phone companies may also keep records of which cell tower your phone communicated
with when you were making calls. These cell site tower records can help pinpoint your physical
location at points in the past, and are increasingly the target of law enforcement investigations.
And although some courts have required the government to obtain a warrant based on probable
cause before obtaining these records, the government's usual practice is to get such records based
on the much lower "D" Order standard.
Not All Records are Protected
Records Collected by Search Engines and Other Web Sites May Not Be Protected
In addition to the logs kept by your communications providers, there are also logs kept by the
Web sites that you visit. For example, the Apache web server is currently the most widely used
web server on the Internet. In its default configuration, it logs the following information about
each request it receives from a web browser:
requesting host name/IP address
username of requester (rarely present)
time of request
first line of request (indicating requested page, plus some parameters)
success or failure of request
size of response in bytes
the previous page viewed by requester (if any)
the name and version of the web browser used
However, the server could potentially be configured to log anything you or your browser tells it,
in addition to the above.
The Stored Communications Act clearly protects records held by companies that offer the public
the ability to send and receive communications — phone companies, ISPs, webmail providers,
IM providers, bulletin board sites, etc. However, it does not necessarily protect logs held by web
sites that don't offer communications service, which is most of them.
This is particularly worrisome when it comes to search engines. The government's position is
that logs kept by search engines are not protected by the Stored Communications Act at all.
Considering that these logs can often be linked back to you — either by your IP address or
"cookies," or, if you've registered with other services offered by the search engine, by the
information you entered when registering — this potential gap in legal protection represents a
serious privacy threat.
Some Content Receives Stronger Protection
Emails, Voicemails, and Other Communications Content Stored by Your Communications Providers
Receive Stronger Protection
Compared to the relatively weak protection for non-content records, the law gives some extra
protection to communications content that you have stored with (or that is otherwise stored by)
communications service providers like your phone company, your ISP, or an email provider like
Gmail or Hotmail. Your communications providers cannot disclose your stored communications
to the government unless the government satisfies the requirements described below; nor can
they disclose your stored communications to anyone other than the government without your
permission. There is one notable exception, though, for serious emergencies: if the provider
believes in good faith that not immediately disclosing the communications could lead to
someone’s death or serious injury, they can give them to the government.
Note, however, that these restrictions on the disclosure of your communications only apply to
communications providers that offer their services to the public. Even more worrisome, the
government doesn’t consider businesses or schools and universities that offer their employees
and students service to be offering services to the public, and therefore considers them
unprotected by the Stored Communications Act. That means they could get communications
from those entities with only a subpoena, and maybe even just a polite request if your employee
Privacy tip: Use communications providers that serve the public!
Don’t let some friend with a mail server in his basement handle your email service unless he is
very trustworthy — unlike a regular ISP or public web-mail service, there are no legal
restrictions on who your friend shares your emails with.
The Stored Communications Act strongly protects communications that have been in 'electronic
storage' for 180 days or less, but the government has a very narrow reading of what 'electronic
storage' means in the statute. The government doesn't consider already-read or opened incoming
communications to be in electronic storage (for example, emails in your inbox that you've
already looked at, or voicemails in your voicemail account that you've saved after listening). Nor
does the government consider messages in your sent box or messages in your drafts box to be in
'electronic storage.' Under the government's view, here's how your communications are treated
under the law:
New unopened communications: If the email or voice-mail messages are unopened or
unlistened to, and have been in storage for 180 days or less, the police must get a search warrant.
However, you are not notified of the search.
Opened or old communications: If you have opened the stored email or voice-mail messages,
or they are unopened and have been stored for more than 180 days, the government can use a
special court order — the same “D” orders discussed — or a subpoena to demand your
communications. Either way, the government has to give you notice (although, like with sneak &
peek search warrants, that notice can sometimes be delayed for a substantial time, and as far as
we can tell almost always is delayed). However, the police may still choose to use a search
warrant instead of a D order or subpoena, so they don’t have to give you notice at all.
Notably, the Ninth Circuit Court of Appeals has disagreed with the government's reading of the
law, finding that communications are in electronic storage even after they are opened —
meaning that the government needs a warrant to obtain opened messages in storage for 180 days
Privacy tip: Use communications providers based in California
Communications providers in states that are in the Ninth Circuit, such as California, are bound
by Ninth Circuit law and therefore are very resistant to providing the government with opened
emails that are 180 days old or less without a warrant.
In sum, although the law sometimes requires the government to get a warrant before accessing
communications you’ve stored with your communication provider, it doesn’t always. For this
reason, storing your communications on your own computer is preferable — the government will
almost always need a warrant if it wants to seize and search the files on your computer.
What Can I Do To Protect Myself?
When we were talking about how to defend yourself against subpoenas and search warrants, we
said, "If you don't have it, they can't get it."
Of course, that's only partially true: if you don't have it, they can't get it from you. But that
doesn't mean they might not be able to get copies of your communications or detailed records
about them from someone else, such as your communications service providers or the people and
services that you communicate with. Indeed, as we outlined in the last section, it's much easier as
a legal matter for the government to obtain information from these third parties — often without
probable cause or any notice to you.
So, you also need to remember this lesson: "If someone else has stored it, they can get it." If
you let a third party store your voicemail or email, store your calendar and contacts, back up
your computer, or log your communications traffic, that information will be relatively easy for
the government to secretly obtain, especially compared to trying it to get it from you directly. So,
we'll discuss in this section how to minimize the content that you store with third parties.
We've also asked you to "encrypt, encrypt, encrypt!" in the previous sections about protecting
data on your computer and while you are communicating. The same holds true when protecting
against the government getting your information from other people. Although ideally you will
avoid storing sensitive information with third parties, using encryption to protect the data that
you do store — such as the emails you store with your provider, or the files you back up online
— can provide a strong line of defense. We'll talk in this section about how to do that.
Communications content that you've chosen to store with a service provider isn't the only issue,
though. There are also the records that those third parties are creating about your interactions
with their services. Practically everything you do online will create records, as will your phone
calls. So your best defense is to think before you communicate:
Do you really want the phone company to have a record of this call — who you called, when,
and how long you talked?
Do you really want a copy of this email floating around in the recipient's inbox, or on your or his
email provider's system?
Do you really want your cell phone provider to have a copy of that embarrassing SMS text
Do you really want Google to know that you're searching for that?
It may be that the communication is so trivial or the convenience so great that you decide that the
risk is worth it. But think about it — seriously consider the security trade-offs and make a
decision — before you press "send". We'll give you information in this section that should help
you make those decisions.
Another option for minimizing the information that's recorded about you — short of avoiding
using a service altogether — is to protect your anonymity using encryption and anonymous
communication tools. If you want to search Google or browse Amazon without them being able
to log information that the government could use to identify you, you'll need to use software such
as Tor to hide your IP address, as well as carefully manage your browser's privacy settings. This
section will give you the information you need to do that.
Learn What Your Service Providers Store
Most communications service providers and commercial web sites have privacy policies. Read
them to find out:
What information do they collect? It may be more than you think. If anyone you do business
about what they collect.
With whom do they share it? Most companies will share your information with other
companies in their corporate family and with marketers; many companies will sell your data to
anyone who wants it. Check to see if they'll let you "opt-out" of sharing your information with
hand your information over to the government. Try to do business with companies that will not
give your information to the government unless required by law to do so. Also find out whether
they will notify you if the government asks for your files, and do business with companies who
will always notify you unless prohibited by law from doing so. That way, you can call a lawyer
and try to stop the disclosure before it happens.
Consider using activist-friendly, privacy-respecting communications providers that offer free
services. The Online Policy Group, for example, offers free web hosting and email list hosting,
while Rise Up offers free email (including web-mail), web hosting, and email list hosting. These
services have strong privacy policies and will notify you of any governmental or other attempt to
seek customer information unless prevented by law. Cable companies that offer Internet access
usually also have a policy of notifying you unless they've been gagged — in fact, because of a
quirky imbalance in the law, they actually have to notify you if they can, unlike non-cable
providers. So, if you're especially worried about the communications records held by your ISP,
consider using a cable broadband provider.
Choosing a Communications Method
Again, Telephone Calls are Your Safest Bet
When it comes to protecting the privacy of communications content stored by your provider, the
safest choice is to avoid storing any content with the provider at all. Therefore, just as when we
were discussing wiretapping, regular old telephone calls have a distinct advantage over other
communications methods: putting aside voicemail, which we'll discuss on the next page,
telephone calls don't create copies. That means, unless the government goes to the technical and
legal trouble of directly wiretapping you (a very low risk, compared to the government trying to
obtain stored copies of your communications), or the person you are talking to is so
untrustworthy that they would record your conversation without telling you (a rarity, but it does
sometimes occur), your telephone call will be safe from prying ears.
As you'll see on the following pages, telephone calls are far preferable to SMS text messages,
which providers apparently store for long periods of time, and which are very difficult to encrypt.
IM and VOIP are better alternatives, as we'll also discuss, since they can be more easily
encrypted, and since instant messages and VOIP call contents are typically not logged by
providers. Email is a harder case, since it necessarily creates a range of copies — with providers
and with recipients — but as you'll see later, there are a number of steps you can take to make
that mode of communication safer, too.
Protecting Your Voicemail
As we explained previously, copies of your communications stored by your phone company such
as your voicemail receive very weak legal protection compared to copies of your
communications stored in your own home. In particular, after a communication has been stored
more than 180 days — or, according to the government's reading of the law, after you've first
accessed that stored communication — the government no longer needs to get a warrant before
obtaining that communication, and can instead use only a subpoena to the company (usually with
no notice to you).
When it comes to your voicemail, this means two things:
Where possible, use your own answering machine or voicemail system, not the phone
Where it's not possible to use your own answering machine or voicemail system, such as with
your cell phone, you should always delete your voicemails as soon as you listen to them!
Protecting Your Voice Over IP Communications
As best we can tell, providers of Voice Over IP telephone service such as Skype do not record
your calls as a matter of routine. So, short of using encryption to protect the confidentiality of
your calls there are no special steps that you need to take to ensure that the government can't
obtain stored copies of your conversations. Notably, Skype uses encryption by default. However,
as discussed in our VoIP article, the security of Skype's encryption system is still in question.
And, as with your regular phone calls, there is always going to be some risk that the person at the
end of the line is recording the conversation.
Protecting Your Email Inbox
(and Sent folder, and Drafts folder, and…)
The Stored Communications Act requires the government to obtain a warrant before seizing
emails that are in "electronic storage" with your communications provider and are less than 181
days old. However, under the government's interpretation of the term "electronic storage", the
emails that arrive in your inbox lose warrant protection under the Stored Communications Act,
and are obtainable with nothing more than a subpoena (often with no notice to you) as soon as
you've downloaded, opened, or otherwise viewed them. Similarly, the government believes that
it can obtain the sent emails and draft emails that you store with your provider with only a
subpoena, again often without notice to you; the government doesn't think those sent or draft
emails are in "electronic storage" as defined by the statute, either.
EFF is doing it's best to prove the government's interpretation wrong in court, and some courts
have already disagreed with the government. Yet as far as we can tell, those court decisions
haven't significantly changed the government's behavior and it still routinely obtains opened
emails (and sent emails and draft emails) without warrants, regardless of how old they are.
Because of the government's aggressive position, you need to be just as aggressive when it
comes to defending your email privacy. As described on the next few pages, the most critical
things you can do are:
Delete emails from your provider's server as soon as you first access the messages, and store
your sent and draft emails locally in your email client software, rather than with your provider.
In order to minimize the number of emails stored with your provider — be they received, sent,
or draft — avoid using webmail if at all possible, or, if you do use a webmail account, avoid the
web interface and instead configure your email client software to send and receive emails
directly via POP.
Encrypt your emails whenever possible.
Protecting Email: Download and Delete!
The single most powerful step you can take to protect the privacy of your email is to not store it
with your email provider. Rather than leave email on your provider's server, you should
configure your email software to immediately delete incoming emails from your provider's
server as you download those messages to your computer — and also make sure that your email
software is configured to store your draft and sent email on your computer rather than with the
Of course, this is a serious security/convenience trade-off — by fetching your email using the
"POP" email protocol and storing all your mail locally, you won't have access to your email from
multiple devices like you would if you were using the IMAP protocol or a webmail interface,
both of which store all of your mail with the provider. We realize that for some people,
particularly those without their own computer, using POP and storing everything locally may not
be an option. But if it is an option, and you can effectively function without storing your emails
with your provider, we highly recommend doing so. For more, check out our email article.
Don't Use Webmail if You Don't Need It - or POP It.
Webmail poses a serious security trade-off for those concerned about a government adversary.
Webmail is usually free, very easy to use, and super-convenient, especially if you want the
ability to access your email from several different computers or mobile devices. However,
deleting your email from your provider's servers as soon as you've downloaded — a critical step
to protecting your email's privacy against the government — is hard if not impossible to do when
you use a webmail service like Gmail or Yahoo! Mail, especially if you want to maintain access
to a copy of that email. Since you view your email in your browser rather than downloading it to
email client software, the only conveniently accessible copy of your email is going to be the one
you store with your provider.
If you take the idea of a government adversary seriously, webmail is a very bad risk. The
government is hundreds if not thousands of times more likely to try and obtain your stored email
rather than wiretap it. Indeed, the reason that the number of wiretaps on electronic
communications is so low is because it's so easy to obtain the same information from the
So, if you think that government adversaries may pose a threat to your privacy, we strongly
recommend that you not use webmail for any unencrypted sensitive communications,
unless you simply can't live your life or do your job without an easy-to-access-anywhere inbox.
If you really don't need that kind of access and usually access your mail from the same computer,
the convenience of webmail probably isn't worth the risk.
If you do use a webmail account, though, one way of mitigating the risk is to avoid using the
web interface and instead download your emails directly to your email client software using
POP and immediately delete them from the provider's server. This option may not be
available from all webmail providers, but it is offered by major providers such as Gmail,
Microsoft and Yahoo!. You'll lose the convenient access to past messages via the web, and it
might not be free, but you'll still have cheap and reliable email service.
Protecting Email: Use Email Encryption When You
Using email encryption is a good idea even if you are storing all your email locally, if only to
counter the wiretapping threat. But using encryption becomes all the more important if you are
storing your email content with your email provider. If the government comes calling on your
provider with a subpoena for your stored emails, you'll wish you had learned how to protect
those messages with encryption, so visit our email article and learn now!
Protecting Instant Messaging
Major IM service providers like AOL, Yahoo! And Microsoft say that they don't store your IM
messages after they are transmitted. We think they are telling the truth, but even so, you should
use encryption when IMing, if only because it is so easy to do (see our IM article to find out
Gmail's chat, on the other hand, logs all of your IMs by default as a feature and stores them
online in your Google account for you to access later. If you use Google Talk or Gmail's chat
service, we strongly recommend turning off this feature by going "Off the Record" or "OTR", as
Google calls it — so that you aren't storing those transcripts with Google.
If you really need access to past transcripts, log them on your own computer using your IM
software's settings (subject, of course, to the data retention policy you established after reading
our section on protecting data stored on your computer). However, also keep in mind that many
if not most of the people you chat with will be keeping their own logs on their own computer (or
in their Google account if using Gchat, unless you've gone "Off the Record").
Avoid Texting Sensitive Communications
Major cell phone providers claim that they don't log your SMS text messages except for a very
short period of time to ensure delivery (see, e.g., statements from providers in this news story
entitled "Most Text Messages Are Saved Only Briefly", or another article containing similar
claims). However, there is reason to doubt these claims: we've seen several cases where SMS
messages were disclosed by a provider months or even years after they were originally sent. For
example, as USA Today recounts, text messages were subpoenaed in the Kobe Bryant rape case
four months after they were sent, despite A&T Wireless' claims that customers' text messages are
deleted within 72 hours. According to that story, "How messages in the Bryant case would be
available four months later isn't known; most likely they were retrieved from an archival storage
system." Considering such incidents, provider-side logging of your SMS text messages must be
considered a high risk.
Furthermore, although we think that the Stored Communications Act and the Fourth Amendment
require the government in most cases to get a warrant before obtaining your pager or SMS
messages from your provider, there are several known cases where it has obtained such messages
without warrants under the lower legal standards reserved for non-content records, using only
Not only is there the threat of your provider logging your messages and the government
subpoenaing them, but also the near certainty that the phones of the people you are
communicating with are logging those messages, adding yet another point of vulnerability.
That's in addition to the logs on your own phone, which you should delete regularly based on the
data retention policy you developed after reading about "Data Stored on Your Computer."
However, keep in mind that with the right forensic tools, investigators will likely be able to
recover even those deleted messages if they ever get a hold of your phone, and the Secure
Deletion options for Mobile Devices are still quite limited.
Finally, although there have been some efforts at coming up with encryption solutions that work
for SMS (as described in our Mobile Devices article), none of those techniques are easily or
Therefore, given the possibility that your SMS texts are logged by your provider, that the
government may be able to obtain those messages from your provider without warrants and
without notice to you, and that such messages are hard if not impossible to encrypt, along with
the certainty that they will be logged on your phone and the phones of the people you
communicate with, we strongly recommend against using SMS for any sensitive
Online Storage of Your Private Data
Online Storage of Your Private Data
There's a lot of talk these days about how convenient it is to store your data in the internet
"cloud." Why store your calendar or contacts list or critical documents on one computer, or buy a
hard drive to back up your files at home, when you can store them "in the cloud" and access
them from anywhere using services like Google Calendar, or Google Docs, or remote backup
services that will store copies of all your files for you? Well, here's a reason: the government can
easily subpoena that data from those providers, with no notice to you.
As we already described in the "What Can The Government Do?" section, the communications
stored by your communications service providers are very weakly protected compared to those
you store yourself: after 180 days (or after you've downloaded a copy, according to the DOJ), the
government can get those communications with only a subpoena and usually with no notice to
you. But the situation is even worse when it comes to data that you store with someone other
than your communications provider — so called "remote computing services" (RCSs). Under the
Stored Communications Act, the government can obtain data that you send to an RCS for storage
or processing with only a subpoena regardless of how old it is, and although the government is
supposed to notify you before they do, the law makes it very easy for investigators to delay that
notice until after they've gotten your data.
Therefore, storing all that data yourself, on your own computers — without relying on RCSs —
is the most legally secure way to handle your private information. If you do choose to store
copies of your files online, though, we strongly recommend encrypting those files yourself
before you do (visit our article on disk and file encryption to learn how), or using services like
IDrive or MozyPro that give you the option of encrypting your files using your own private
Protecting Your Search Privacy and Your Web
The search history you generate when using search engines like Google or Yahoo! reveals
incredibly sensitive data about what you look at — or even think of looking at — on the web.
These logs may be tied to your identity based on your IP address, the cookie files that the search
engine places on your computer, or your account information if you've registered to use the
search engine or other services offered by the provider. And as discussed earlier in the "What
Can the Government Do?" section, these logs are subject to uncertain legal protections.
Considering the sensitivity of search logs and the questions surrounding their legal status, we
highly recommend that you exercise great care to ensure that your identity cannot be linked to
your search queries. For an in-depth discussion of how to do that, read EFF's "Six Tips to Protect
Your Search Privacy". You should also take a look at our article on browsers to learn more about
cookie management and on the anonymizing software Tor to learn more about how to mask your
IP address. These same techniques can be used to protect you against logging by any web site
you visit, not just search engines, and we recommend that you do use them whenever you visit a
web site and don't want that site to log personally-identifying information about you and the
pages that you read.
Finally, we recommend avoiding using one online portal for multiple services — e.g., try to
avoid using Yahoo! Search and Yahoo! Mail, or Google Search and Google Reader. Not only
are you making it easier for the search provider to identify you by virtue of linking all of your
activity to your personalized account, but you are also offering the government a convenient
"one-stop shop" opportunity to access a wide range of your personal information at once. Using
these "mega-portals" to manage all aspects of your online life might be convenient, but it also
creates a single point of failure that raises a serious security risk.
TMI on the Web
Do You Really Want to Publish that Blog Post, Flickr that Picture, or Broadcast that Facebook Status?
The web is a powerful engine of personal expression, giving you a wide variety of online venues
to speak your mind and communicate with friends or the public. But before you publish that blog
post on MySpace or Blogger, post a picture to a picture-sharing sites like Flickr or Picasa, or
broadcast your status on Facebook or using Twitter, think, "Is this really information that you
want to expose on the web?" Even if you do now, think about years from now: will you want
evidence of this youthful indiscretion or that personal opinion floating around on the web in the
future? Remember, you don't have any expectation of privacy in information that you post to the
public web, and information that you post now but delete later may still persist, whether on the
pages of the friends you communicated with (like your Wall Posts to a friend on Facebook), or in
Google's cache of old web pages, or the Internet Archive's library of public web pages.
One way of limiting the risks of posting information about yourself on the web is to use the
privacy settings offered by social sharing sites like Flickr or Facebook, with which you can avoid
publishing your information to the public web and can define which of your "friends" on the
same service are allowed access to your information. However, these settings can sometimes be
confusing and difficult to configure correctly, and it's unclear how robust such privacy
protections would be against the attacks of a dedicated hacker. There's also the possibility that an
adversary may try to "friend" you using fake information to pose as someone you know or would
want to know. (A good rule of thumb is to only become "friends" with people that you know
personally, after verifying with them via another means of communication — for example, by
emailing them or calling them — to ensure that they are the ones that actually made the request.).
Then there's the additional threat of adversaries gaining access to your account information by
convincing you to use their "app." Finally, of course, there's always the risk that one of your
"friends" will republish to others the information that you thought you had posted privately. So,
even if you think you've strictly controlled access to your Facebook profile or Flickr page, you
should recognize the significant risk that what you post there might leak out, and act accordingly.
Another option, if you're more interested in sharing information and opinion than in socializing,
is to communicate anonymously, without tying your posts to your real identity. For an extended
discussion of how to do that safely and effectively, take a look at our guide on "How to Blog
Safely (About Work or Anything Else)."
Protecting Your Location Information
More on Cell Phone Tracking
We described earlier how the government can enlist your phone company's help in tracking the
location of your phone in real time. However, that's not the only location privacy threat posed by
your cell phone: your provider also keeps records of where your cell phone was each time you
made or received a phone call.
In particular, phone companies typically log the cell phone tower you were closest to when you
called someone or someone called you, as well as which "sector" of the tower's coverage area
your phone was in. Particularly in urban environments where there are lots of cell towers, such
records can locate you with a fairly high degree of precision, sometimes to within a city block or
even within a particular building. The government routinely obtains these kinds of location
records with only subpoenas and with no notice to the target, although EFF is working hard to
ensure that such data can only be obtained with a search warrant.
Unfortunately, there's nothing you can do to prevent these records from being created short of
not making phone calls, and turning your phone off to ensure that no one calls you. Indeed,
turning your phone off might be your only recourse — particularly since some experts have
advised us that the phone companies not only log the location of your phone when a call is made
but also log the closest cell tower whenever your phone is turned on, as your phone continuously
registers itself with the cell network.
Therefore, as is true with every communications device that you use, your best defense is to think
before you use your cell phone. Do you really want your phone company to have a log reflecting
that you were in that part of town at that time? If not, then you should turn the cell phone off.
Another potential solution is to anonymously purchase a prepaid cell phone using cash. The
phone company will still have the same location data, but it won't be as easily linked to your
identity. Keep in mind, however, that even if the phone company doesn't have subscriber
information like your name and address, investigators might be able to quickly associate you
with the phone based on the people you communicate with, or based on security camera footage
from the store where you bought the phone.
For more information about the privacy risks posed by cell phones, take a look at our article on
mobile devices. You may also want to take a look at the advice offered by MobileActive.org in
its Primer on Mobile Surveillance.
Whenever you use technology to communicate, you will necessarily leave traces of your activity
with third parties like your phone company, your ISP, or your search engine provider. If a third
party has it, the government can get it, often under weak legal standards and without any notice
to you. So remember:
Think before you communicate. Do you really want there to be a record of this?
Choose to make a telephone call when you can, rather than using SMS or the Internet, unless
your communications are encrypted. Otherwise, there may be a record of the content of your
communication on some third party's server or in an archival database.
Avoid storing your data with third parties when you can. The records you store with others
receive much less legal protection than those you store yourself.
Use file encryption where possible if you do choose to store data with an online service.
If you are using email or voicemail, delete the copies stored by your communications provider
as soon as you download or listen to them.
Learn how to hide your identity online and minimize the information that online services log
about you by learning how to configure your browser and use anonymizing technologies like Tor.
Powerful new communications technologies carry with them powerful risks to the privacy and
security of your communications. Learn to defend yourself!
Foreign Intelligence and Terrorism Investigations
All of the government surveillance tactics and standards discussed in previous sections relate to
law enforcement investigations — that is, investigations for the purpose of gathering evidence
for criminal prosecution. However, the government also engages in surveillance in order to
combat foreign threats to national security. When it comes to foreign spies and terrorists, the
government uses essentially the same tools — searches, wiretaps, pen/traps, subpoenas — but
operates under much lower legal standards and in much greater secrecy. It's important that you
understand these foreign intelligence surveillance authorities such as the government's access to
records using National Security Letters and its wiretapping powers under the Foreign
Intelligence Surveillance Act (FISA) so that you can evaluate the risk of such surveillance to you
or your organization and defend against it.
National Security Letters
Imagine if the FBI could, with only a piece of paper signed by the special agent in charge of your
local FBI office, demand detailed information about your private Internet communications
directly from your ISP, webmail service, or other communications provider. Imagine that it could
without court review or approval
without you being suspected of a crime
without ever having to tell you that it happened
Further imagine that with this piece of paper, the FBI could see a wide range of private details,
your basic subscriber records, including your true identity and payment information
your Internet Protocol address and the IP address of every Web server you communicate with
the identity of anyone using a particular IP address, username, or email address
the email address or username of everyone you email or IM, or who emails or IMs you
the time, size in bytes, and duration of each of your communications, and possibly even the web
address of every website you visit
Finally, imagine that the FBI could use the same piece of paper to gain access your private credit
and financial information — and that your ISP, bank, and any other business from which the FBI
gathers your private records is barred by law from notifying you.
Now, stop imagining: the FBI already has this authority, in the form of National Security Letters.
These are essentially secret subpoenas that are issued directly by the FBI without any court
involvement. Thanks to the USA PATRIOT Act, the only requirement the government must
meet to issue an NSL is that the FBI must certify in the letter that the information it is seeking is
relevant to an authorized investigation to protect against international terrorism or clandestine
The number of National Security Letters used each year is classified, but the Washington Post
has reported that by late 2005, the government had on average issued 30,000 National Security
Letters each year since the PATRIOT Act passed in 2001. That’s a hundredfold increase over the
Further revelations by the FBI's Inspector General in 2007 showed that in many cases, the FBI
had failed even to meet the weak post-PATRIOT National Security Letter standards, illegally
issuing so-called "exigent letters" to communications providers asking for the same information
National Security Letters are used to obtain, but without meeting the minimal requirement that
the requested information be relevant to an authorized terrorism or espionage investigation. EFF
has since sued the Department of Justice to learn more about how the government has been
abusing its National Security Letter authority.
Surveillance Under the Foreign Intelligence
Surveillance Act (FISA)
The History of FISA
As stated above, the government was free to wiretap whenever it wanted to in law enforcement
investigations until the Supreme Court addressed the issue in 1967, and Congress passed the
Wiretap Act in 1968. Similarly, the legality of warrantless searches and wiretaps in national
security investigations, as opposed to law enforcement investigations, wasn't settled until the
In 1972, the Supreme Court ruled on the use of wiretaps in national security cases. In that case, a
group of Americans protesting the Vietnam War tried to blow up their local CIA recruiting office.
Investigators collected evidence against them with a wiretap but without getting a wiretap order,
and argued in court that since the investigation was for national security, the president had the
authority to authorize surveillance without having to go through the courts.
The Supreme Court held that the government didn't have unlimited power to conduct
surveillance without the approval of a judge just by claiming the investigation was for national
security, at least when investigating domestic threats to national security (that is, threats from
U.S. citizens and legal residents). It left open whether or not such warrantless surveillance was
allowed when investigating foreign threats.
After this decision, and after revelations throughout the seventies that the government had been
engaging in an enormous amount of unauthorized spying during the 1960s and early 1970s,
Congress decided to provide a legal framework to rein in foreign intelligence investigations. The
Foreign Intelligence Surveillance Act of 1978 (or "FISA"), along with later amendments to that
act, created a warrant procedure for foreign intelligence investigations so that there would no
longer be any foreign intelligence surveillance without court oversight.
FISA in Action
FISA requires the government to get search warrants and wiretap orders from a court even when
it is investigating foreign threats to national security. However, the FISA process is different
from the law enforcement processes described in earlier sections.
First, all government requests for foreign intelligence surveillance authorization are made to a
secret court: the FISA court. In order to get authorization, a significant purpose of the
surveillance must be to gather foreign intelligence information — information about foreign
spies, foreign terrorists, and other foreign threats — instead of evidence of a crime.
Most importantly, the probable cause standard is very different. Instead of having to show
probable cause that a crime is being, has been, or will be committed, the government must show
that the target of the surveillance is a foreign power or an agent of a foreign power.
Also unlike law enforcement surveillance, the target is never told by the government that he/she
was spied on, and every person that is served with a FISA search warrant, wiretap or pen/trap
order, or subpoena is also served with a gag order forbidding them from every telling anyone
about it except their lawyer.
Foreign Powers and Their Agents. So, what exactly qualifies as a foreign power or agent of a
foreign power when it comes to FISA surveillance? It's a bit unclear. The FISA law defines those
terms only vaguely, and without any access to the decisions of the secret FISA court, there's no
way of telling how broadly or narrowly the definitions are being interpreted.
According to FISA, a Foreign Power is defined to include:
Any foreign government or component of a foreign government, whether or not officially
recognized by the United States
Any "faction" of a foreign nation or nations, or any foreign-based political organization, that isn't
"substantially" composed of United States persons ("faction" and "substantially" aren't defined;
a U.S. person is a citizen or a legal resident of the U.S.)
Any entity, like a political organization or a business, that is directed or controlled by a foreign
Any group engaged in, or preparing to engage in, "international terrorism." ("International
terrorism" is broadly defined as activities that (1) involve violent acts or acts dangerous to
human life that are a violation of U.S. criminal laws or would be a violation if committed in the
U.S., (2) appear to be intended to intimidate or coerce a civilian population, to influence the
policy of a government by intimidation or coercion, or to affect the conduct of a government by
assassination or kidnapping, and (3) occur totally outside the U.S., or transcend national
boundaries in terms of how they are accomplished, the people they are intended to coerce or
intimidate, or the place where the terrorists operate)
According to FISA, an Agent of a Foreign Power is defined to include:
Anyone that is not a U.S. person who is an officer or employee of a foreign power
Anyone that is not a U.S. person who engages in "clandestine intelligence activities" (spying) in
the U.S. on behalf of a foreign power or any U.S. person that does the same and may be
violating the law. So, if you're not a U.S. person, you don't have to be suspected of a crime; but
even if you are a U.S. person, that suspicion doesn't have to meet traditional probable cause
Anyone, whether a U.S. person or not, who engages in or prepares for acts of international
terrorism or sabotage
If you think that all sounds like very vague gobbledy-gook, you're right. No one really knows
what these terms mean other than the FISA court, which won't release its decisions.
And it's even worse for FISA subpoenas, which can be used to force anyone to hand over
anything in complete secrecy, and which were greatly strengthened by Section 215 of the USA
PATRIOT Act. The government doesn't have to show probable cause that the target is a foreign
power or agent — only that they are seeking the requested records "for" an intelligence or
terrorism investigation. Once the government makes this assertion, the court must issue the
Police at the door: FISA Orders and National Security Letters
If federal agents serve you with a FISA warrant or subpoena, or a National Security Letter, the
advice given for regular warrants and subpoenas applies. However, FISA orders and National
Security Letters will also come with a gag order that forbids you from discussing them. Do NOT
violate the gag order. Only speak to members of your organization whose participation is
necessary to comply with the order, and your lawyer. The constitutionality of FISA orders and
especially National Security Letters is a matter of great dispute — in particular, several courts
have found that the gag order that comes with a National Security Letter violates the First
Amendment — and you may be able to successfully challenge the government's demand in court.
If you do decide to seek counsel and do not have an a lawyer of your own, you can call the
lawyers at EFF.
FISA Wiretap Statistics
Like law enforcement wiretaps, FISA surveillance is relatively rare. Also like law enforcement
wiretaps, however, FISA surveillance probably sweeps in the communications of a great many
people. Because the information released about FISA surveillance is so limited, though, it's
impossible to gauge just how many people are affected and how many communications are
intercepted. The only public data available on FISA are the numbers of applications made to, and
approved by, the FISA court. And those numbers have steadily increased through the years, to
the point where FISA orders now outnumber all federal and state wiretap orders combined! For
example, in 2007, 2,370 applications for FISA wiretaps were granted by the FISA court,
compared to 2,208 state and federal wiretaps reported in the same year. And each application can
contain a request for more than one type of surveillance — for example, a wiretap, a secret
search, and secret subpoenas.
Like with law enforcement wiretaps, your FISA wiretap risk is very low, as is the risk of being
subjected to a secret physical search under FISA. The risk of having records about you secretly
subpoenaed under FISA is much higher, but if it's your communications records the government
is after, they're more likely to use a National Security Letter.
Privacy tip: Foreign Intelligence Surveillance
If your organization deals with lots of non-U.S. persons or any foreign governments or foreign-
based organizations, you will likely face a higher risk of foreign intelligence surveillance, and
should factor that risk into your security decision-making.
The NSA Surveillance Program, the Protect America Act and the FISA Amendments Act
FISA is a dangerously weak restraint on the government's power to secretly spy on Americans
without probable cause of a crime, particularly since passage of the USA PATRIOT Act in 2001.
Yet just as the Bush Administration was successfully lobbying Congress to expand its FISA
surveillance authority through the USA PATRIOT Act, it was already building a new
surveillance program at the National Security Agency (NSA) that would secretly ignore FISA's
limitations and spy on Americans without first going to the FISA court.
The NSA's Surveillance Program Revealed
In a story published on December 16, 2005, the New York Times first revealed to the country
that since 9/11, the NSA had regularly targeted Americans in the U.S. for electronic surveillance
without first obtaining the required court orders from the FISA court. The president and his
representatives quickly admitted that the Bush administration had chosen to bypass FISA as part
of its "Terrorist Surveillance Program" or "TSP." The administration claimed that the TSP was
narrowly targeted at international communications — i.e., communications into and out of the
country — where at least one of the parties had known links to terrorist organizations. The
president made the frighteningly broad claim that because of his inherent power under the
Constitution to combat foreign threats as Commander-in-Chief, he had the authority to order
such warrantless surveillance regardless of FISA's dictates or the Fourth Amendment.
However, the warrantless surveillance proved to be much broader than the "narrow and targeted"
program that the president described. Further reporting by the Times and other papers made clear
that the NSA's surveillance program went far beyond the admitted "TSP." Those news stories,
along with whistleblower evidence [PDF], demonstrated that the NSA program amounted to an
untargeted dragnet of millions of ordinary Americans' domestic communications and
communications records. With the cooperation of the country's major telecommunications
companies such as AT&T, the NSA had illegally gained backdoor access to critical
telecommunications switching facilities and communications records databases around the nation.
With that illegal access, the government was vacuuming up all of the data passing through those
facilities — not only records of who communicated with whom and when but also the content of
nearly every American's private communications — as part of a vast data-mining program. In
response to the mounting evidence of a dragnet surveillance program (view a summary of all of
that evidence [PDF]), EFF brought suit against AT&T in 2006 — and later, in 2008, against the
government itself — on behalf of ordinary AT&T customers seeking to stop the warrantless
surveillance of their telephone and Internet communications. You can find out more about the
progress of those lawsuits, Hepting v. AT&T and Jewel v. NSA, at our NSA Multi-District
The Protect America Act of 2007, the FISA Amendments Act of 2008, and the Future of the
NSA's Surveillance Program
One might expect that the revelation of a massive and illegal spying program would lead to
broad bipartisan condemnation from Congress and an effort to pass legislation to provide
additional protections against unbridled Executive spying. Unfortunately, that's not what
happened. Instead, the Bush administration was able to use fear of terrorism to convince
Congress to pass bills authorizing surveillance programs even broader than the admitted "TSP."
Claiming that critical intelligence about potential terrorist attacks would be lost unless FISA was
immediately "modernized," the White House succeeded in convincing Congress to pass two laws.
First was the temporary Protect America Act ("PAA") of 2007, which expired after one year.
Next was the second and more-permanent FISA Amendments Act ("FAA") of 2008. Both
allowed the Executive Branch to target the communications of people outside of the U.S. for
surveillance without prior FISA court approval and without demonstrating any link to terrorism.
Interpreted aggressively, these statutes arguably authorized the programmatic, non-particularized
dragnet surveillance of any American's international communications, opening the door to
virtually unchecked executive power to intercept your international emails and telephone calls.
In the meantime, although we don't think that the PAA or the FAA authorizes it, there's been no
indication that the domestic dragnet, revealed by news reports and whistleblower evidence and
alleged in EFF's lawsuits, has ended. As far as we know, the NSA is still plugged into key
telecommunications facilities across the country and acquiring copies of all of the
communications content that flows through them, while also obtaining records detailing the
communications activity of millions of ordinary Americans, in violation of FISA and the Fourth
Considering the latest changes to the law, we strongly recommend encrypting all of your
international communications traffic. As for protecting the privacy of your domestic
communications, the best way to combat the NSA's unchecked access to the nation's
communications infrastructure — short of encrypting every single communication or avoiding
using telecommunications at all — is to support EFF in its litigation and lobbying efforts to stop
the spying for good.
What You Need to Know
To sum up, the steps you'd take to combat FISA surveillance or national security letters are the
same ones you'd take in the law enforcement context:
If you don't keep it, they can't get it — destroy unnecessary records.
If you do keep it, protect it with file encryption and strong passwords.
Encrypt your Internet communications to prevent wiretapping.
Use anonymizing tools like Tor when you're online.
Always delete your providers' copies of emails and voicemails as soon as you can access them.
If you are looking for basic technical information on how to protect the privacy of your data —
whether it's on your own computer, on the wire, or in the hands of a third party — you've come
to the right place. Although we hope you'll have the time to review all of the information in the
SSD guide, if you're in a hurry to get to the technical details, this is where you can read articles
that will explain:
the basics of the relevant technologies, such as the Internet Basics and Encryption Basics articles
how to improve the security of different communication applications, such as your web
browsers, email systems and IM clients
how to protect your privacy by using defensive technologies such as Secure Deletion software,
File and Disk Encryption software, and virtual private networks
the overarching security threat posed by malware, how to evaluate that threat, and how to
Just remember: technology changes quickly. We'll be doing our best to keep these articles
updated to reflect current developments, but in the meantime, you should take the time to review
information from multiple sources before making any serious security decisions.
The Internet is a global network of many individual computer networks, all speaking the same
computer language, the Internet Protocol (IP). Every computer connected to the Internet has an
IP address, a unique numeric identifier that can be "static", i.e. unchanging, or may be
"dynamically" assigned by your ISP, such that your computer’s address changes with each new
More sophisticated networking protocols may be "layered" on top of the IP protocol, enabling
different types of Internet communications. For instance, World Wide Web (Web)
communications are transmitted via the HyperText Transfer Protocol (HTTP) and e-mails via the
Simple Mail Transport Protocol (SMTP).
These additional protocols use their own types of addresses, apart from IP addresses. For
example, to download a Web page, you need its Web address, known as a Uniform Resource
Locator (URL) (e.g., http://www.eff.org). To exchange e-mails, both the sender and recipient
need e-mail addresses (e.g., email@example.com).
Computers that offer files for download over the Internet are called servers or hosts. For example,
a computer that offers Web pages for download is called an HTTP server or Web host. Any
computer may be server, client, or both, depending on the communication. The amount of data in
an Internet communication is measured in bytes.
Communications to and from an Internet-connected computer occur through 65,536 different
computer software "ports." Many networking protocols have been assigned to particular port
numbers by the Internet Engineering Task Force. For example, HTTP (Web) is assigned to port
80 and SMTP (e-mail) is assigned to port 25. However, any port can be used for any application,
and these are only conventions.
If you want to learn more, the website How Stuff Works publishes a popular series of "Internet
Basics" articles that answer questions about the nuts and bolts of the Internet.
Encryption is a technique that uses math to transform information in a way that makes it
unreadable to anyone except those with special knowledge, usually referred to as a "key." There
are many applications of encryption, but some of the most important uses help protect the
security and privacy of files on your computer, information passing over the Internet, or left
sitting in a file on someone else's computer. If encryption is used properly, the information
should only be readable by you and people that receive the key from you. Encryption provides a
very strong technical protection against many kinds of threats — and this protection is often easy
How Does Encryption Work?
What do you need to know about how encryption works? Surprisingly little. Encryption is
conceptually similar to the "secret codes" that children learn about and use to communicate. If
you’ve ever spoken in pig Latin or used a decoder ring, you've used very simple encryption
techniques on a message. Again, the idea is to take a normal human-readable message (often
called the plaintext message) and transform it into an incomprehensible format that can only
become comprehensible again to someone with secret knowledge:
Plaintext message + Encryption algorithm + Key = Scrambled message
Decryption algorithm + Key + Scrambled message = Plaintext Message
Your Little Brother’s Cryptography. A simple encryption system would be to change each
letter in your message to a set number of letters later in the alphabet. The specific number of
spaces you move down the alphabet for each letter is the secret key. If the key is two, A becomes
C, B becomes D, C becomes E, etc. Using that encryption system, the plaintext message
"INSECURE" would become "KPUGEWTG."
How is Encryption Applied?
Although the mechanics of encryption can be explained by the "decoder ring" analogy, the
modern practice of using encryption has been accurately described as using a very resilient
envelope for your messages. Most unencrypted data transmitted online is accessible to the
servers passing off the information. Conversely, using encryption puts your online
communications in a "steel envelope" — they can't be read in the course of delivering the
message to the recipient and are extremely resistant to tampering.
Modern encryption is very difficult to break, using very complex mathematics to scramble
information and ensure that only people possessing the right key can unscramble it. In many
cases you can get major security benefits from encryption without a detailed understanding of
how it works. Some software implements very convenient, fully automated encryption features
which may simply require that you turn them on.
For instance, when a website is configured properly, web browsers can use SSL encryption to
protect the privacy of information you send to or receive from a web server. This is most often
used to protect log-in passwords and financial data. Using a browser's SSL encryption can be as
simple as accessing a site with the https scheme instead of the http scheme (for instance,
https://www.eff.org/ instead of http://www.eff.org/); the browser typically takes care of all the
details behind the scenes.
Why Is Encryption Important?
Encryption plays an important role in mitigating risk related to the many threats listed in this
guide. If sensitive information stored on your computer is encrypted, it will take a secret key to
decode it. If sensitive information en route to others is encrypted, only someone that knows the
secret key can read what it says. When you encrypt sensitive information and it ends up logged
by others in the course of communicating online, encryption keeps those without the secret key
from knowing the contents of the message.
Most of the Defensive Technology articles in this guide will cover practical ways to apply
encryption to particular communications (like email) or particular applications (like web
Encryption is absolutely essential to maintaining information security. Moreover, modern
computers are powerful enough that we can aim to make encryption of our communications and
data routine, not just reserving encryption for special occasions or particularly sensitive
For More About Encryption
Many encryption tools can be used successfully without much beyond a conceptual
understanding. We explain how to use many of these well-developed tools in other parts of this
However, be aware that while encryption is a powerful tool and is critical to information security,
it has limitations — particularly if it is not being used correctly. Learning more about encryption
and its limitations can help ensure that you're using it properly and getting protection against as
many kinds of attacks as possible.
Web browsers are software on your machine that communicate with servers or hosts on the
Internet. Using a web browser causes data to be stored on your computer and logs to be stored on
the web servers you visit, and frequently transmits unencrypted information.
Until you have understood the mechanisms by which this occurs — and taken steps to prevent
them — it is best to assume that anything you do with a web browser could be recorded by your
own machine, by the web servers you're communicating with, or by any adversary that is able to
monitor your network connection.
Controlling and Limiting the Logs Kept by Your Browser
Web browsers often retain a large amount of information about the way they are used. A browser
typically keeps a history of the web pages it visits. Browsers also often retain cached copies of
the pages you've visited, information about which accounts you log into on web servers, names
and other data you enter into web forms, and cookies that record preferences and link your
browser to records on third party web servers. Fortunately, browsers also include features for
managing these records. In general, the features are getting better, so it's getting easier to control
For example, here are the stored data privacy settings pages for Firefox, the free web browser:
For each type of information your browser stores, you can either set it to not collect it at all, set it
to delete within a certain span of days, set it to delete when you quit the browser, or press "clear"
to manually erase the data. Or you can "clear all" of the info — all the data your browser’s been
keeping on you.
Apple’s Safari browser also has an easy one-click option to clear everything. Just select "Reset
Safari" from the "Safari" pull-down menu and you’ll get this option:
Controlling and Limiting the Logs Kept By Web Servers
Web servers usually see and retain a large amount of information about what you do when you
surf to them. For instance, if you type any information into a form on a web page (such as a
search engine), the server will record not only what you sent it, but also information that might
identify you: your IP address, the browser and operating system you are using, whether you
followed a link from another web page to get to the page, what that previous site/page was, your
account if you are logged in to the site, and cookies that were created when you previously
looked at pages on the site.
Web Privacy is Hard
If you use a particular website a lot, the chances are that it is going to end up retaining a huge
amount of information about you. To get a sense of the kinds of information, and what needs to
be done to prevent them from being aggregated, read our white paper on search privacy.
Although that document primarily discusses search engines, the issues to consider for other kinds
of sites are similar.
Cookies are pieces of information that a web site can send to your browser. If your browser
"accepts" them, they will be sent back to the site every time the browser accepts a page, image or
script from the site. A cookie set by the page/site you're visiting is a "second party" cookie. A
cookie set by another site that's just providing an image or script (an advertiser, for instance), is
called a "third party" cookie.
Cookies are the most common mechanisms used to record the fact that a particular visitor has
logged in to an account on a site, and to track the state of a multi-step transaction such as a
reservation or shopping cart purchase. As a result, it is not possible to block all cookies without
losing the ability to log into many sites and perform transactions with others.
Unfortunately, cookies are also used for other purposes that are less clearly in users' interests,
such as recording their usage of a site over a long period of time, or even tracking and correlating
their visits to many separate sites (via cookies associated with advertisements, for instance).
With recent browsers, the cookie setting that offers users the most pragmatic tradeoff between
cookie-dependent functionality and privacy is to only allow cookies to persist until the user quits
the browser (also known as only allowing "session cookies").
You can enable this in the "Privacy" tab of Firefox 3's "Preferences" pane:
Unfortunately, if you only quit your browser entirely once every week or two, web sites will still
collect a huge amount of information about your habits, such as the IP addresses you use at home,
at work, at friends' houses and at Internet cafes. However, the "Incognito" mode offered by
Google's Chrome browser and the "InPrivate" mode offered by Internet Explorer 8 are signs that
in future browsers may offer more convenient ways to limit cookie tracking.
Sophisticated users can configure their browser to manually decide whether each site they visit is
allowed to set cookies. This may have good privacy outcomes, such as allowing session cookies
for sites the user logs in to or purchases things from, but not any other sites. But it requires a lot
of work. A certain amount of debugging may also be required for situations where sites are
poorly designed and fail to function without certain third-party cookies.
Recent Cookie-Like "Features" in Web Browsers
In addition to the regular cookies that web browsers send and receive, and which users have
begun to be aware of and manage for privacy, companies have continued to implement new
"features" which behave like cookies but which aren't managed in the same way. Adobe has
created "Local Stored Objects" (also known as "Flash Cookies") as a part of its Flash plug-ins;
Mozilla has incorporated a feature called "DOM storage" in recent versions of Firefox. Web sites
could use either or both of these in addition to cookies to track visitors. We recommend that
users take steps to prevent this.
Managing Mozilla/Firefox DOM Storage Privacy. If you use a Mozilla browser, you can
disable DOM Storage pseudo-cookies by typing about:config into the URL bar. That will bring
up an extensive list of internal browser configuration options. Type "storage" into the filter box,
and press return. You should see an option called dom.storage.enabled. Change it to "false".
Managing Adobe Flash Privacy. Adobe lists advice on how to disable Flash cookies here.
There are some problems with the options Adobe offers (for instance, there is no "session only"
option), so it's probably best to globally set Local Stored Object space to 0 and only change that
for sites which you're willing to have tracking you. On the Linux version of Adobe's Flash plugin
there doesn't seem to be a way set the limit to 0 for all sites — consider donating or contributing
to the Gnash project to give users an alternative to Adobe's privacy-unfriendly design decisions.
Aside from being an annoying medium for advertising, Flash poses other kinds of privacy and
security risks. Some people choose not to use Flash at all (using other tools like youtube-dl for
watching Youtube videos). Others install a Flash management browser plugin like FlashBlocker.
Unfortunately, while FlashBlocker makes surfing the web a more peaceful experience, it does
not protect you from being tracked by Flash cookies or from exposure to other flash-based
Whenever your browser fetches a page, image or script from a website, you should expect the
website to record the IP address of the computer you're using. Your ISP, or anybody with the
power to subpoena your ISP, could tie those records to the Internet account subscription you are
connected through. Use Tor (or a proxy server, which is faster but less secure) if you wish to
prevent these records from being created.
Privacy on the wire
Most sites on the web are accessed using the unencrypted HTTP protocol. HTTP is susceptible to
eavesdropping, and even to intermediaries that might set out to modify the pages a browser is
HTTPS is a more secure alternative to HTTP. HTTPS encrypts pages, and attempts to ensure
three things: (1) that third parties cannot see the contents of the page; (2) that the page cannot be
modified by third parties; (3) that the page was really sent by the web server listed in the URL
Unfortunately, a web server must be configured to support HTTPS properly before you can use it.
If there is a site you were planning to send sensitive information to, ensure that you are using
HTTPS. If a site doesn't support HTTPS, don't send sensitive information to it.
Some Notes on Using HTTPS
Check three indicators to ensure that you're at an HTTPS page: (1) the URL begins with
https://; (2) there is a lock icon in the corner of the browser; and (3) the URL/location bar is
If you receive a warning about certificates, or a see broken lock icon, you should assume that any
of the security properties of the page could be broken. Contact the site's webmaster and have
them fix the problem before sending any sensitive information to the site.
calculations in determining what a page will look like and how it will function.
them respond as the mouse moves around or change themselves continually. In other cases,
without the need to click on a "submit" button and wait for the web server to send back a new
page in response.
kinds of evil: making links change as the user clicks them; sending usernames and passwords to
is frequently a part of schemes to track people across the web, or worse, to install malware on
For this reason, sophisticated users with strict security and privacy requirements may wish to
NoScript which is very useful for this purpose. Noscript (1) allows you to see the sources of any
reenabled. Surfing the web with NoScript is more work (because when you visit new sites, you
with NoScript is also much more secure.
The act of using email stores data on your machines, transmits data over the network, and stores
data on third party machines.
Locally Stored Data
The usual measures apply to managing the copies of emails (both sent and received) that are kept
on your own machines. Encrypt your drives and decide upon and follow an appropriate data
Data on the Wire
Email usually travels through a number of separate hops between the sender and receiver. This
diagram illustrates the typical steps messages might travel through, the transmission protocols
used for those steps, and the available types of encryption for those steps.
End-to-End Encryption of Specific Emails
Encrypting emails all the way from the sender to the receiver has historically been difficult,
although the tools for achieving this kind of end-to-end encryption are getting better and easier to
use. Pretty Good Privacy (PGP) and its free cousin GNU Privacy Guard (GnuPG) are the
standard tools for doing this. Both of these programs can provide protection for your email in
transit and also protect your stored data. Major email clients such as Microsoft Outlook and
Mozilla Thunderbird can be configured to work smoothly with encryption software, making it a
simple matter of clicking a button to sign, verify, encrypt and decrypt email messages.
The great thing about end-to-end encryption is that it ensures that the contents of your emails
will be protected not only against interception on the wire, but also against some of the threats to
the contents of copies of your emails stored on your machine or third party machines.
There are two catches with GnuPG/PGP. The first is that they only work if the other parties you
are corresponding with also use them. Inevitably, many of the people you exchange email with
will not use GPG/PGP, though it can be deployed amongst your friends or within an organization.
The second catch is that you need to find and verify public keys for the people you are sending
email to, to ensure that eavesdroppers cannot trick you into using the wrong key. This trickery is
known as a "man in the middle" attack.
Probably the easiest way to start using GnuPG is to use Mozilla Thunderbird with the Enigmail
plugin. You can find the quick start guide for installing and configuring Enigmail here.
Server-to-Server Encrypted Transit
After you press "send", emails are typically relayed along a chain of SMTP mail servers before
reaching their destination. You can use your mail client to look at the headers of any email
you've received to see the chain of servers the message traveled along. In most cases, messages
are passed between mail servers without encryption. But there is a standard called SMTP over
TLS which allows encryption when the sending and receiving servers for a given hop of the
chain support it.
If you or your organization operates a mail server, you should ensure that it supports TLS
encryption when talking to other mail servers. Consult the documentation for your SMTP server
software to find out how to enable TLS.
Client-to-Mail Server Encryption
If you use POP or IMAP to fetch your email, make sure it is encrypted POP or IMAP. If your
mail server doesn't support the encrypted version of that protocol, get your service provider or
systems administrator to fix that.
If you use a webmail service, ensure that you only access it using HTTPS rather than HTTP.
Hushmail.com is a webmail service provider that always uses HTTPS, and also offers some end-
to-end encryption facilities (though they are not immune to warrants).
Many webmail service providers only use HTTPS for the login page, and then revert to HTTP.
This isn't secure. Look for an account configuration option (or a browser plugin) to ensure that
your webmail account always uses HTTPS. In Gmail, for instance, you can find this option in the
"general" tab of the settings page:
If you can't find a way to ensure that you only see your webmail through https, switch to a
different web mail provider.
Data Stored on Second- and Third-Party Machines
There are two main reasons why your emails will be stored on computers controlled by third
Storage by your Service Provider
If you don't run your own mail server, then there is a third party who obtains (and may store)
copies of all of your emails. This would commonly be an ISP, an employer, or a webmail
provider. Copies of messages will also be scattered across computers controlled by the ISPs,
employers and webmail hosts of those you correspond with.
Make sure your email software is configured so that it deletes messages off of your ISP's mail
server after it downloads them. This is the most common arrangement if you're using POP to
fetch your email, but it is common for people to use IMAP or webmail to leave copies of
messages on the server.
If you use webmail or IMAP, make sure you delete messages immediately after you read them.
Keep in mind that with major webmail services, it may be a long time – maybe a matter of
months – before the message is really deleted, regardless of whether you still have access to it or
not. With smaller IMAP or webmail servers, it is possible that forensically accessible copies of
messages could be subpoenaed years after the user deleted them.
The content of PGP/GnuPG encrypted emails will not be accessible through these third parties,
although the email headers (such as the To: and Subject: lines) will be.
Running your own mail server with an encrypted drive, or using end-to-end encryption for
sensitive communications, are the best ways of mitigating these risks.
Storage by Those You Correspond With
Most people and organizations save all of the email they send and receive. Therefore, almost
every email you send and receive will be stored in at least one other place, regardless of the
practices and procedures you follow. In addition to the personal machine of the person you
sent/received the message to/from, copies might be made on their ISP or firm's mail or backup
servers. You should take these copies into consideration, and if the threat model you have for
sensitive communications includes an adversary that might gain access to those copies, then you
should either use PGP to encrypt those messages, or send them by some means other than email.
Be aware that even if you use PGP, those you communicate with could be subject to subpoenas
or requests from law enforcement to decrypt your correspondence.
End-to-End Email Encryption
Email encryption is a topic that could fill a book, and has: see Bruce Schneier's book Email
Security: How to Keep Your Electronic Messages Private. While this book is somewhat out of
date (it refers to old versions of software), the concepts it introduces are essential.
Instant Messaging (IM)
Instant messaging is a convenient way to communicate with people online. In privacy terms,
it's a bit better and easier to secure than email but in some situations a telephone call will
offer you better privacy.
Instant messaging software creates data stored on your computer (logs of your communications),
transmits communications over the network (the messages traveling back and forth), and leaves
communications stored on other computers (logs kept by the people you talk to, and sometimes
logs kept by the IM provider).
If you use IM without taking special precautions, you can assume that all of these records will be
available to adversaries. The easiest way for an adversary to obtain the contents of your
communications is from you, your correspondent, or your service provider, if any of those
parties logs (stores) the messages. The more difficult way is to intercept the messages as they
travel over the network.
Encrypt Your Instant Messaging Conversations as They Travel
To protect messages from interception as they travel over the network, you need to use
encryption. Fortunately, there is an excellent instant messaging encryption system called OTR
(Off The Record). Confusingly, Google has a different instant messaging privacy feature which
is also called "Off The Record". To disambiguate them, this page will talk bout "OTR
encryption" and "Google OTR". It's actually possible to be using them both at the same time.
If you and the person you are talking to both use OTR encryption, you have excellent protection
for communications on the network, and you will prevent your IM provider from storing the
content of your communications (though they may still keep records of who you talk to).
The easiest way to use OTR encryption is to use Pidgin or Adium X for your IMs (Pidgin is a
program that will talk to your friends over the MSN, Yahoo!, Google, Jabber, and AIM networks;
Adium X is similar program specifically for Mac OS X). If you're using Pidgin, install the the
OTR encryption plugin for that client. Adium X comes with OTR built in.
With OTR encryption installed, you still need to do a few things for network privacy:
1. Read and understand OTR encryptions's information.
2. Make sure the people you are talking to also use OTR encryption, and make sure it's active. (In
Pidgin, check for OTR:private or OTR:unverfied in the bottom right corner.)
3. Follow OTR encryption's instructions to "Confirm" any person you need to have sensitive
conversations with. This reduces the risk of an interloper (including the government with a
warrant) being able to trick you into talking to them instead of the person you meant to talk to.
Recent versions of OTR encryption allow you to do this just by agreeing on a shared secret word
that you both have to type ("what was the name of the friend who introduced us?"). Older
versions required that both users check that their client reported the right fingerprint for the
Configure Your IM Client to use SSL/TLS
This step is complementary to using OTR encryption. It will prevent someone watching the
network from seeing who you are chatting to, and will offer partial protection of your chats even
if the other party isn't using OTR.
If you are using Pidgin, you can ensure SSL is enabled by going to Manage Accounts, selecting
Modify for an account, selecting the Advanced tab, and ticking Require SSL/TLS.
Understand and Control IM Logging on Your Machine
To protect the privacy of your IM conversations, you will need to decide what to do about logs
kept on your computer. You have three choices:
Configure your IM client to not keep logs
Encrypt your hard disk
Accept the risk that anyone who has access to your computer can read your old messages
If at some point you decide to configure your IM client not to keep logs, you may want to go
back and delete previous logs using Secure Deletion software.
Be Aware of Logging on Others' Machines
As noted above, using OTR encryption will ensure that your IM service provider should be
unable to log the contents of your communications. They will, however, be in a position to
record who you talk to, and possibly record the timing and length of the messages you exchange.
OTR encryption does not stop the people you are talking to from logging your conversations.
Unless you trust that they have disabled logging in their client or that they encrypt their hard disk
and will not turn over its contents, you should assume that an adversary could obtain records of
your conversations from the other party, either voluntarily or through subpoena or search.
Google OTR is a feature of the Google instant messaging service that allows you to request that
neither Google nor the people your talk to should be able to log your conversations.
Unfortunately, there is no plausible enforcement mechanism for this feature. The people you talk
to could be using a different IM client (like Pidgin or Adium) that can log regardless of whether
Google OTR is enabled — or they could take screenshots of your conversations. Your client
might be able to tell you whether they are using a client that follows the OTR rules (such as
Gmail or Gchat), but that won't tell you whether they are taking screenshots. The bottom line is
that Google OTR is nice in theory but insecure in practice. Turn it on, but don't expect it to work
if the other party uses a non-Google client or actively wants to record the converstion.
Wireless networking is now a ubiquitous means of connecting computers to each other and to the
Internet. The primary privacy concern with Wi-Fi is the interception of the communications you
send over the air. In some cases, wireless routers might also store a small amount of information
about your computer, such as its name and the unique number assigned to its networking card
Wireless networks are particularly vulnerable to eavesdropping — in the end, "wireless" just
means "broadcasting your messages over the radio," and anyone can intercept your wireless
signal unless you use encryption. Listening in on unencrypted Wi-Fi communications is easy:
almost any computer can do it with simple packet-sniffing software. Special expertise or
equipment isn't necessary.
Even worse, the legal protections for unencrypted wireless communications are unclear. Law
enforcement may be able to argue that it does not need a wiretap order to intercept unencrypted
wi-fi communications because there is an exception to the rules requiring such orders when the
messages that are being intercepted are "readily accessible to the public." Basically, any
communication over the radio spectrum that isn't transmitted by your phone company and isn't
scrambled or encrypted poses a privacy risk.
Encrypting a Wireless Network
If you want to protect your wireless communications from the government or anyone else, you
must use encryption! Almost all wireless Internet access points come with WEP (Wired
Equivalent Privacy) or WPA (Wi-Fi Protected Access) encryption software installed to encrypt
the messages between your computer and the access point, but you have to read the manual and
figure out how to use it. WEP is not great encryption (and we recommend strong, end-to-end
encryption for sensitive communications regardless of the transmission medium), and practiced
hackers can defeat it very quickly, but it's worth the trouble to ensure that your communications
will be entitled to the legal protections of the Wiretap Act. WPA is much stronger than WEP, but
it still only covers the first step your packets will take across the Internet.
When Using Open Wi-Fi
If you're using someone else's "open" — unencrypted — wireless access point, like the one at the
coffee shop, you will have to take care of your own encryption using the tools and methods
described in other sections. Tor is especially useful for protecting your wireless transmissions. If
you don't use Tor, and even if you do, you should also always use application-level encryption
over open wireless, so no one can sniff your passwords.
Because of the threat of password sniffing, it is crucially important that you do not use the same
password for all your accounts! For example, http://www.nytimes.com/ requires a username and
password to log in, but the site does not use encryption. However, web sites for banks, like
https://www.wellsfargo.com/, always use encryption due to the sensitive nature of the
transactions people make with banks. If you use the same passwords for the two sites, an
eavesdropper could see your unencrypted password traveling to the newspaper site, and guess
that you were using the same password for your bank account.
Tor is another encryption tool that can help you protect the confidentiality of your
communications. Tor is a free, relatively easy to use tool primarily designed to protect your
anonymity online. But it also has the side benefit of encrypting your communications for some of
their journey across the Internet.
How Tor Works
Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH,
and many other applications. The information you transmit is safer when you use Tor, because
communications are bounced around a distributed network of servers, called onion routers. This
provides anonymity, since the computer you’re communicating with will never see your IP
address — only the IP address of the last Tor router that your communications traveled through.
Tor helps to defend against traffic analysis by encrypting your communications multiple times
and then routing them through a randomly selected set of intermediaries. Thus, unless an
eavesdropper can observe all traffic to and from both parties, it will be very hard to determine
your IP address. The idea is similar to using a twisty, hard-to-follow route in order to throw off
somebody who is tailing you, and then periodically erasing your footprints.
To create a private network pathway with Tor, Alice’s Tor client first queries a global directory
to discover where on the Internet all the Tor servers are. Then it incrementally builds a circuit of
encrypted connections through servers on the network. The circuit is extended one hop at a time,
and each server along the way knows only which server gave it data and which server it is giving
data to. No individual server ever knows the complete path that a data packet has taken. The Tor
software on your machine negotiates a separate set of encryption keys for each hop along the
circuit to ensure that each hop can't trace these connections as they pass through.
Due to the way Alice’s Tor client encrypted her data, each node in the circuit can only know the
IP addresses of the nodes immediately adjacent to it. For example, the first Tor server in the
circuit knows that Alice’s Tor client sent it some data, and that it should pass that data on to the
second Tor server. Similarly, Bob knows only that it received data from the last Tor server in the
circuit — Bob has no knowledge of the true Alice.
For efficiency, the Tor software uses the same circuit for connections that happen within the
same ten-minute period. Later requests are given a new circuit, to keep people from linking your
earlier actions to the new ones.
Tor’s primary purpose is to frustrate traffic analysis, but as a by-product of how it works, Tor's
encryption provides strong protection for the confidentiality of the content of messages as well.
If an eavesdropper wiretaps Alice’s network link, all she’ll see is encrypted traffic between Alice
and her first Tor server — a great feature. If the eavesdropper wiretaps Bob’s network link, she
can see the unencrypted content Alice sent to Bob — but it may be very hard indeed for her to
link the content to Alice!
You can learn about Tor, find easy installation instructions, and download the software at
http://www.torproject.org. There you will also find instructions on how to easily "Torify" all
kinds of different applications, including web browsers and instant messaging clients.
What Tor Won't Defend You Against
Tor won't defend you against Malware. If your adversary can run programs on your computer,
it's likely that they can see where you are and what you're doing with Tor.
If you've installed Tor on your computer but are using applications that don't understand how to
use it, or aren't set up to use it, you won't receive protection while using those applications.
Tor may not defend you against extremely resourceful and determined oponents. Tor is believed
to work quite well at defeating surveillance from one or a handful of locations, such as
surveillance by someone on your wireless network or surveillance by your ISP. But it may not
work if someone can surveil a great many places around the Internet and look for patterns across
If you aren't using encryption with the actual servers you're communicating with (for instance, if
you're using HTTP rather than HTTPS), the operator of an "exit node" (the last Tor node in your
path) could read all your communications, just the way your own ISP can if you don't use Tor.
Since Tor chooses your path through the Tor network randomly, targeted attacks may still be
difficult, but researchers have demonstrated that a malicious Tor exit node operator can capture a
large amount of sensitive unencrypted traffic. Tor node operators are volunteers and there is no
technical guarantee that individual exit node operators won't spy on users; anyone can set up a
Tor exit node.
These and related issues are discussed in more detail at here.
Malware is a catch-all term refering to software that runs on a computer and operates against the
interests of the computer's owner. Computer viruses, worms, trojan horses, "spyware", rootkits
and key loggers are often cited as subcategories of malware. Note that some programs may
belong to more than one of those categories.
How Does Malware Get Onto a Computer?
Some malware is spread by exploiting vulnerabilities in operating systems or application
software. These vulnerabilities are design or programming errors in software that can allow a
clever programmer to trick the defective software into giving someone else control.
Unfortunately, such vulnerabilities have been found in a wide variety of mainstream software,
and more are detected all the time — both by those trying to fix the vulnerabilities and by those
trying to exploit them.
Another common vector by which malware spreads is to trick the computer user into running a
software program that does something the user wouldn't have wanted. Tricking the user is a
pretty powerful way to take over a computer, because the attacker doesn't have to depend on
finding a serious weakness in mainstream software. It is especially difficult to be sure that
computers shared by several users, or a computer in a public place such as a library or Internet
café, are not compromised. If a single user is tricked into running a malware installer, every
subsequent user, no matter how cautious, could be at risk. Malware written by sophisticated
programmers generally leaves no immediately visible signs of its presence.
What is Malware Capable of?
Malware is extremely bad news from a security and privacy perspective. Malware may be
capable of stealing account details and passwords, reading the documents on a computer
(including encrypted documents, if the user has typed in the password), defeating attempts to
access the Internet anonymously, taking screenshots of your desktop, and hiding itself from other
programs. Malware is even capable of using your computer's microphone, webcam, or other
peripherals against you.
The chief limitation in malware's capability is that the author needs to (1) have anticipated the
need for the malware to do something, (2) spent a substantial amount of effort programming the
malicious feature, testing that it works and is robust on numerous different versions of an
operating system, and (3) be free of legal or other restrictions preventing the implementation of
Unfortunately, a black market has appeared in recent years that sells malware customized for
various purposes. This has reduced the obstacles listed in category (2) above.
The most alarming feature of malware is that, once installed, it can potentially nullify the
benefits of other security precautions. For example, malware can be used to bypass the
protections of encryption software even if this software is otherwise used properly. On the other
hand, the majority of malware is mainly designed to do other things, like popping up
advertisements or hijacking a computer to send spam.
Is Malware Infection Likely?
Nobody knows how many computers are infected with malware, but informed estimates range
from 40% to almost 90% of computers running Windows operating systems. Infection rates are
lower for MacOS and Linux systems, but this is not necessarily because Windows is an easier
target. Indeed, recent versions of Windows are much improved in security. Rather, more
malware authors target Windows machines because an effective attack will give them control of
The risk that any given computer is infected with malware is therefore quite high unless skilled
computer security specialists are putting a substantial amount of effort into securing the system.
With time, any machine on which security updates are not installed promptly is virtually
guaranteed to become infected. It is however overwhelmingly likely that the malware in question
will be working on obtaining credit card numbers, obtaining eBay account passwords, obtaining
online banking passwords, sending spam, or launching denial of service attacks, rather than
spying on specific individuals or organizations.
Infection by malware run by U.S. law enforcement or other governmental agencies is also
possible, though vastly less likely. There have been a handful of cases in which it is known that
warrants were obtained to install malware to identify a suspect or record their communications
(see the section on CIPAV below). It is unlikely that U.S. government agencies would use
malware except as part of significant and expensive investigations.
How Can You Reduce the Risk of Malware Infection?
Currently, running a minority operating system significantly diminishes the risk of infection
because fewer malware applications have been targeted at these platforms. (The overwhelming
majority of existing malware targets only a single particular operating system.)
Vulnerabilities due to software defects are difficult to mitigate. Installing software updates
promptly and regularly can ensure that at least known defects are repaired.
Not installing (or running) any software of unknown provenance is an important precaution to
avoid being tricked into installing malware. This includes, for example, software applications
advertised by banner ads or pop-ups, or distributed by e-mail (even if disguised as something
other than a computer program). Recent operating systems attempt to warn users about running
software from an unknown source; these security warnings serve an important purpose and
should not be casually ignored. Strictly limiting the number of users of a computer containing
sensitive information can also be helpful. Notably, some malware targets children, including
malicious code along with downloadable video games. (Of course, computer users of any age
can be tricked into installing malware!)
On Windows, regularly running antivirus and antispyware software can remove a large
proportion of common malware. However, this software is not effective against all malware, and
must be regularly updated. Since anti-malware software is created by researching malware
discovered "in the wild," it's also probably ineffective against uncommon, specially-targeted
malware applications that aim to infect only a few specific computers rather than a large
population on the Internet.
CIPAV: An Example of Malware Use for Law Enforcement
A CIPAV is an FBI acronym which stands for Computer and Internet Protocol Address
Verifier. CIPAVs are a type of malware intended to identify people who are hiding their identity
using proxy servers, bot nets, compromised computers or anonymity networks like Tor. A small
amount is known about them as a result of published documents from cases in which they were
used. CIPAVs may include use of browser exploits to run software on a computer regardless of
how many steps of indirection are present between the attacking server and the user.
Malware Risk Assessment
Ubiquitous malware poses a threat to all computer users. The seriousness of the threat varies
greatly. For some users, it is sufficient to install operating system updates regularly and utilize
caution in running software found on the web. For organizations that face a high risk of being
specifically targetted by a malware author, it is advisable to find computer security experts to
defend their computers — or better yet, to simply avoid using networked computers for their
most sensitive activities.
This article discusses privacy implications of cell phones and other devices that communicate
with large scale wireless voice and data networks.
This page doesn't discuss Wi-Fi. If you have a mobile device that uses Wi-Fi but not GSM,
CDMA 2000, or any of the other cellular networks, you should follow the same steps that you
would for a laptop with Wi-Fi. If you have a cell phone that also connects to Wi-Fi networks,
you should read the Wi-Fi article as well as the material below.
Problems with Cellular Device Privacy
Cell phones pose several privacy problems.
No Anonymity. Every cell phone has several unique identifying numbers. For a GSM phone
these include the IMEI number for the handset itself and the IMSI in the SIM card. Unless you
have purchased your handset and account anonymously, these will be linked to your real identity.
Even if you have an anonymous handset and account, the typical use pattern of a phone is almost
always enough to link it to your identity.
Location tracking. Cell phones communicate with transmission towers. The strength of the
signal received by these towers from a phone is a measure of distance, and this allows the phone
network to know where its users are. Many if not all networks log approximate location on a
regular basis. These records may be subject to subpoena. If your adversary is law enforcement
and has probable cause for a warrant, they could receive continuous triangulation location
surveillance data from the network.
Easy interception. Cell phone communications are sent through the air like communications
from a walkie-talkie, and encryption is usually inadequate or absent. Although there are
substantial legal protections for the privacy of cell phone calls, it's technologically
straightforward to intercept cell phone calls on many cell networks without the cooperation of
the carrier, and the technology to do this is only getting cheaper. Such interception without legal
process could be a serious violation of privacy laws, but would be immensely difficult to detect.
U.S. and foreign intelligence agencies have the technical capacity to intercept unencrypted and
weakly encrypted cell phone calls on a routine basis.
Lack of user control. Cell phones tend to run proprietary operating systems, and the operating
systems on different devices tend to be different from each other. This means for instance that on
most cell phones:
it's impossible to guarantee that the phone is using secure encryption for its transmissions, or
determine whether it's using encryption at all
it's very difficult for the user to gain access to and control over the data recorded by the phone's
However, because cell phones do not create stored records of the contents of your
communications, telephonic communication has certain privacy advantages over other modes of
communication, like Email, instant messaging or text messaging which do create such records.
Data Stored by Your Phone
Your phone will store the contents of the text messages you send and receive, the times and
numbers of the calls you make and receive, and possibly other information such as location-
related data. Secure Deletion of this data poses a challenge. On most mobile devices your best
strategy is to manually delete these records using the phone's user interface, and then hope that
new records will overwrite them. If you have deleted all your text messages and calls, and waited
long enough for the phone's memory to fill, there is a chance that later forensic investigation
would not find the original data.
There are a couple of drive encryption programs available for devices that run the Windows
Mobile operating system. Proprietary drive encryption that has not been audited by the computer
security community should always be treated with caution; it is probably better than no
protection at all, although even that is not guaranteed.
We are hopeful that the arrival of open Linux-based phones (notably OpenMoko and those using
the Google Android code) will offer users better control over stored data in the future.
The undeleted data could be accessible to anyone who takes physical possession of the phone,
including thieves or an arresting officer.
The control data and actual voice conversations sent by cellular devices may be encrypted using
various standard encryption protocols. There is no guarantee that this will occur — phones do
not usually offer users a way to refuse to operate in unencrypted mode, and many don't indicate
whether they are using encryption. As a result, it is largely up to the network operator to decide if
its users will receive any cryptographic defense against eavesdropping.
Carrier-provided encryption can be good protection against eavesdropping by third parties.
However, if it is the carrier that wants to listen in, or the government with a warrant ordering the
carrier to allow wiretapping access to your calls, then that encryption will not protect you
because the carrier has the means to decrypt.
Even if your cell phone is communicating in an encrypted fashion, it turns out that most of the
standard cryptography used in cell networks has been broken. This means that an adversary that
is motivated and able to intercept radio communications and cryptanalyze them will be able to
listen to your phone calls.
It would be technologically possible to use strong end-to-end encryption with voice calls, but this
technology is not yet widely available. The German company GMSK has begun selling a GSM-
based "Cryptophone"; as with computer encryption, both users would need to be using the
technology in order to make it work. Some third parties have produced software to encrypt SMS
text messages; here, again, both the sender and recipient of a message would need to use
Data Stored by Other Parties
A great deal of data pertaining to your use of your phone will be stored by the telephone
company or companies that are providing you with service. A more diffuse set of records will
also be stored by the phones of the people you communicate with.
Expect your telephone company to keep a record of: who you talk to and when; who you
exchange messages with and when; what data you send and receive using wireless data services;
information revealing your physical location at any time when your phone is on; and whether
your phone is on or off.
The text messages exchanged by your phone — as well as summary information for the calls you
sent and receive from other cell phones — are likely to be stored by those other cell phones. As
anyone who follows celebrity gossip should know, the people you are communicating with can
disclose the contents of your communications. Other adversaries may use subpoenas or other
legal process to obtain text messages or call information.
Malware for Phones
If you face a determined adversary such as federal law enforcement with a warrant, assume that
your phone could be reprogrammed with malware to assist in their investigations; there are
reports of the FBI doing this.
Under these extreme circumstances, it is possible for your phone to be turned into a remote
bugging device. It is possible for a phone to remain on even when you press the "off" button, but
not if you remove the battery.
If you have a pair of speakers that crackle when your phone is nearby, you can check that the
phone is actually off / not transmitting continuously by placing it near those speakers.
Secure deletion involves the use of special software to ensure that when you delete a file, there
really is no way to get it back again.
When you "delete" a file — for instance, by putting the file in your computer's trash folder and
emptying the trash — you may think you've deleted that file. But you really haven't. Instead, the
computer has just made the file invisible to the user, and marked the part of the disk drive that it
is stored on as "empty," meaning that it can be overwritten with new data. But it may be weeks,
months, or even years before that data is overwritten, and the computer forensics experts can
often even retrieve data that has been overwritten by newer files. Indeed, computers normally
don't "delete" data; they just allow it to be overwritten over time, and overwritten again.
The best way to keep those "deleted" files hidden, then, is to make sure they get overwritten
immediately. Your operating system probably already includes software that can do this for you,
and overwrite all of the "empty" space on your disk with gibberish (optionally multiple times),
and thereby protect the confidentiality of deleted data. Examples include GNU Shred (Linux),
Secure Delete (Mac OS X), and cipher.exe (Windows XP Pro and later).
Windows Secure Deletion
Without Installing New Software: Use Cipher.exe
Update: Cipher.exe is no longer recommended
We previously discussed using a program called Cipher.exe to clear free space on Windows
systems, without having to install any new software on the machine. However, people have
written in to inform us about a grievous design flaw in Cipher.exe that could cause unintended
deletion of entire drives of data.
We recommend using Eraser instead.
A Better Option: Install Eraser
Eraser is a free/open source secure deletion tool for Windows, and is much more sophisticated
than the built in cipher.exe. It can be used to quickly and easily target individual files for secure
deletion, or to implement periodic secure deletion policies. You can get a copy of Eraser here
and some tips on how to use it here.
Secure Deletion on Mac OS X
Secure Deletion of Individual Files
On OS X 10.4 an above, you can securely delete files by moving them to the Trash, and then
selecting Finder > Secure Empty Trash.
Ensuring Previously Deleted Data Cannot be Recovered
Apple's advice on preventing forensic undeletion on Mac OS X is as follows:
To prevent the recovery of files you deleted previously, open Disk Utility (in Applications/Utilities),
choose Help > Disk Utility Help, and search for help on erasing free disk space.
Secure Deletion on *nix Operating Systems
Secure Deletion of Individual Files
Linux, FreeBSD and many other UNIX systems have a command line tool called shred installed
on them. Shred works quite differently to the Windows cipher.exe program; rather than trying to
prevent previously deleted files from being recoverable, it singles out specified files and
repeatedly overwrites them and their names with random data.
If you are comfortable using a terminal or command line, secure deletion of files with shred is
simple. Just run the following command:
Ensuring Previously Deleted Data Cannot be Recovered
Unfortunately we are not aware of any standard Linux/UNIX tools for overwriting previously
deleted files to prevent undeletion.
A hack solution that may work is to write zeroes or random data to a file on the drive until it fills
up all of the available space, then delete it. Unfortunately, this will fill up the filesystem and may
therefore make the system unstable while it is in progress. Caveat emptor.
On Linux systems, you could try to achieve this by running the following command as root:
dd if=/dev/zero of=/directory/junkfile ; rm /directory/junkfile
Replace /directory/ with a directory that is within the mounted partition within which you wish
to ensure that forensic undeletion is impossible. The dd command will take a long time to run
and will finish with an error saying the disk is full; the rm will then delete the huge file full of
Replacing /dev/zero with /dev/urandom uses random data instead of zeroes; that will result in
slightly more secure erasure, but can take much longer.
A Warning About the Limitations of Secure Deletion Tools
Even if you follow the advice above, there is a chance that certain traces of deleted files may
persist on your computer, not because the files themselves haven't been properly deleted, but
because some part of the operating system or some other program keeps a deliberate record of
There are many ways in which this could occur, but two examples should suffice to convey the
possibility. On Windows, a copy of Microsoft Office may retain a reference to the name of a file
in the "Recent Documents" menu, even if the file has been deleted (office might sometimes even
keep temporary files containing the contents of the file). On a Linux or other *nix system, a
user's shell history file may contain commands that include the file's name, even though the file
has been securely deleted. And OpenOffice may keep as many records as Microsoft Office. In
practice, there may be dozens of programs that behave like this.
It's hard to know how to respond to this problem. It is safe to assume that even if a file has been
securely deleted, its name will probably continue to exist for some time on your computer.
Overwriting the entire disk is the only way to be 100% sure the name is gone. Some of you may
be wondering, "Could I search the raw data on the disk to see if there are any copies of the data
anywhere?" The answer is yes and no. Searching the disk (eg by using a command like grep -
ab /dev/ on Linux) will tell you if the data is present in plaintext, but it won't tell you if some
program has compressed or otherwise coded references to it. Also be careful that the search itself
does not leave a record! The probability that the file's contents may persist is lower, but not
impossible. Overwriting the entire disk and installing fresh operating system is the only way to
be 100% certain that records of a file have been erased.
Secure Deletion When Discarding Old Hardware
If you want to finally throw a piece of hardware away or sell it on eBay, you'll want to make sure
no one can retrieve your data from it. (Studies have repeatedly found that computer owners
usually fail to do this — and hard drives are resold chock-full of highly sensitive information.)
So, before selling or recycling a computer, be sure to overwrite its storage media with gibberish
first. (Even if you're not getting rid of it right away, if you have a computer that's reached the end
of its useful life and is no longer in use, it's also safer to wipe the hard drive before stashing the
machine in a corner or a closet.) Darik's Boot and Nuke is an excellent free tool for this purpose.
Some full-disk encryption software has the ability to destroy the master key, rendering a hard
drive's encrypted contents permanently incomprehensible. Since the key is a tiny amount of data
and can be destroyed almost instantaneously, this represents a much faster alternative to
overwriting with software like Darik's Boot and Nuke, which can be quite time-consuming for
larger drives. However, this option is only feasible if the hard drive was always encrypted. If you
weren't using full-disk encryption ahead of time, you'll need to overwrite the whole drive before
getting rid of it.
When it comes to CD-ROMs, you should do the same thing you do with paper — shred'em.
There are inexpensive shredders that will chew up CD-ROMs. Never just toss a CD-ROM out in
the garbage unless you're absolutely sure there's nothing sensitive on it.
File and Disk Encryption
Modern operating systems allow you to use a system of accounts and passwords to limit access
to data on a computer. This may be useful when adversaries have casual passing access to your
machine, but those accounts and passwords will not protect your data if your computer is stolen
or seized — or if the adversaries have more than a minute or two alone with your computer.
There are many ways (such as plugging your hard disk into another computer, or booting another
operating system using a CD or USB key) that would allow files to be read off the disk. Even
deleted files may be recoverable.
The theft or seizure threats can be mitigated by encrypting the data on the disk. Some sort of
mitigation is especially important for laptops, which are at high risk of being lost or stolen, but
the same measures can be useful for improving the security of any client or workstation-type
Full-disk encryption is meant to protect stored data against this sort of exposure, if the
computer is stolen or seized when it is powered off. If the computer is seized while running,
there are tricks that sophisticated adversaries could use to read the data regardless of encryption.
File encryption is disk encryption that only applies to certain specific files on your computer. It
may be easier to deploy but is vulnerable to several threats that do not apply to full disk
Hard disk passwords are a feature offered by many laptop manufacturers. These can be enabled
within the BIOS of your computer. Hard disk passwords don't encrypt any data on your drive,
they just prevent the drive from cooperating with the computer until the password is supplied.
There are numerous commercial services which will disable these passwords for about $100 per
drive. So a hard disk password is useful against a casual thief, but of no use against law
enforcement or other non-casual adversaries.
Should I Encrypt My Drive?
Everybody should use either disk encryption or a hard disk password (possibly augmented with
file encryption) on their laptops. If your laptop has personal data but you would not regard any of
it as sensitive, a hard disk password may be quick and easy, and sufficient protection in case of
If your computer contains a very small and easily quantified set of somewhat sensitive
documents, it may be sufficient to use file encryption for those documents, alongside a hard disk
If you computer contains a larger (or harder to quantify) set of sensitive documents, or any
documents which might be considered highly sensitive, it is best to use full disk encryption. In
such cases the threat posed by Malware should also be taken into account.
Disk Encryption Is Of Little Use in Civil Lawsuits
It is extremely important to note that disk encryption is unlikely to offer much protection against
civil litigation. Many of the procedural obstacles which might apply to law enforcement attempts
to obtain encrypted data during a criminal investigation would not apply in a civil case. If an
adversary in a civil case persuades a judge to issue a subpoena for your data, a failure to decrypt
and disclose the data would be held against you in the case.
If your threat model involves civil litigation, it is essential to simply not have the data on a
computer in the first place, or to have Secure Deletion practices in place long before any lawsuit
is filed. Once a lawsuit is filed, you will be obliged to preserve any pertinent documents, and the
presence of forensic evidence that you deleted data after a suit was filed would have dire
Choosing Disk Encryption Software
There are many full-disk encryption tools. Using a mainstream one is probably safer than an
obscure one, since mainstream disk encryption products have usually received more expert
review. Leading disk encryption programs include BitLocker, PGPDisk, FileVault, TrueCrypt,
and dm-crypt (LUKS); some of these come with the operating system, while others are third-
party add-ons. You can read a detailed comparison of these and many other disk encryption
products from a comparison at Wikipedia. This comparison may help you select a disk
encryption product to meet your needs, but any of these systems can protect your data better than
having no disk encryption
Things To Know When Using Disk Encryption
Generally, disk encryption software will require you to enter a separate disk password when you
turn the computer on or start using the disk (some systems can use a smartcard instead of or in
addition to a password). To be effective, this password must be resistant to all forms of
automated guessing. Remember that the disk encryption is fully effective at preventing access to
the disk when the computer is turned off (or the encrypted disk is entirely unmounted or removed
from use); to get the full benefit, you should unmount the encrypted disk or turn the computer off
in any situation where the risk of compromise is especially high, such as a computer left
unattended overnight or a laptop being carried from place to place. (Using disk encryption
without following this precaution scrupulously will still provide more protection against some
attackers than not using disk encryption.)
Finally, full-disk encryption can also be used on servers, providing some protection against
seizure of the servers. However, even servers with encrypted hard drives could be vulnerable to
attackers with specialized techniques if they're seized while they're operating. Proper use of disk
encryption on servers can also be a nuisance because the server can't do a fully unattended
automatic reboot. (It's not safe to store the password for the disk on the server itself, so an
administrator will have to enter the disk password whenever the computer is restarted.)
One interesting property which some disk encryption developers are working towards is
plausible deniability. The goal of these efforts is to offer users a way to not only encrypt their
files, but to prevent an attacker from being able to even deduce the existence of some of the
encrypted files. The user will have a way to "plausibly deny" that the files exist.
One example of this concept is TrueCrypt's ability to have an encrypted partition (which can be
hidden as any file on your hard drive) and within that partition hide another partition. One
password will reveal the outer partition and another separate password will reveal the inner one.
Because of the way TrueCrypt encrypts the partition table itself, an observer cannot detect a
hidden partition even if she has access to the "regular" encrypted share. The idea is to give the
user something to decrypt if a law enforcement officer or Customs official asks, while keeping
the rest of their information secure.
In practice, TrueCrypt's first attempt to implement this feature was shown to be ineffective
because operating systems and applications leave so many traces of the files they work with, that
a forensic investigator would have many avenues by which to determine that the inner partition
existed. The TrueCrypt developers have responded to this research by offering a way to install
and boot from an entire separate operating system within the inner partition. It is too soon to
know whether their new approach will turn out to offer secure plausible deniability.
Technical issues aside, remember that lying to a federal law enforcement officer about material
facts is a crime, so if a person chose to answer a question about whether there were additional
encrypted partitions on a computer, they would be legally obligated to answer truthfully.
Virtual Private Networks (VPN)
Virtual Private Networks (VPNs) are a very powerful and general tool that can be used to
encrypt all of the communications between participating computers. VPNs can be used to
improve the privacy and security of protocols that are not encrypted (or not securely encrypted)
The biggest catch with VPNs is that all of the computers participating in them must be running
the same VPN software, and must be correctly configured to communicate with each other. In
general, this means that deploying a VPN is a non-trivial task requiring signicant systems
Organizations that need to arrange secure access to intranet web servers, file servers, print
servers and similar facilities should deploy VPNs.
More information about different VPN architectures and software can be found at Wikipedia.
Voice over Internet Protocol (VoIP)
Our VoIP section is currently being updated. Please check back soon.
Privacy, Crime and Security Online
FBI Knocks Down 40 Doors in Probe of
By Ryan Singel
The FBI has joined in the hunt for those who participated in the retaliation attacks against
companies that cut off services to Wikileaks, executing more than 40 search warrants across the
United States on Thursday, the bureau announced.
In what seem to be timed raids, British police arrested five men Thursday morning who allegedly
participated in the Anonymous group’s denial of service attacks on Visa, Mastercard, Paypal and
Amazon in mid-December. Anonymous was seeking to bring attention to — and punish — the
financial-service companies’ decisions to prohibit donations to Wikileaks. Amazon was targeted after
it kicked Wikileaks off its web-hosting service.
The attacks caused no permanent damage, as they simply temporarily overloaded a website with
more traffic than the server could handle. They were, for the most part, really nothing more than the
cyber equivalent of a campus sit-in.
But the FBI warned it did not see it that way.
“The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal,
punishable by up to 10 years in prison, as well as exposing participants to significant civil liability,”
the FBI said in a press release. The FBI did not announce any arrests in conjunction with the
The attacks were conducted by the loosely organized ‘Anonymous’ group to show displeasure with the
financial-service companies that cut off donations to Wikileaks.
In the attacks on the financial-service companies, thousands downloaded a tool called LOIC — or
Low Orbit Ion Cannon — that joined their computer to the group attack on the target of the moment.
However, the tool did nothing to hide a user’s IP address, making it possible for the target website to
hand its server logs over to the authorities to track users down by their IP addresses.
The denial-of-service attacks attempted to shut down the websites of Visa and Mastercard — which
would have had little effect on the credit card giants. since few people ever visit their homepages.
However the attack on PayPal focused on the interface used by online merchants, and reportedly
caused some slowness, though no outages, to merchants for several hours.
The companies, along with Amazon, turned their backs on Wikileaks after the site began releasing
U.S. diplomatic cables in conjunction with newspapers, saying the organization violated their terms-
of-service agreements. However, none of the companies have cut off services to newspapers such as
The New York Times that have extensively reported on and reproduced many of the cables.
Wikileaks has not been charged with any crimes related to the leaked documents.
Photo: The Anonymous group adopted the Guy Fawkes mask, a la V for Vendetta. Courtesy Stian
British Police Arrest 5 Men in Wikileaks-Anonymous Payback Attacks
Vigilantes Take Offensive in WikiLeaks Censorship Battle
Mastercard.com Taken Down by Pro-WikiLeaks Forces
Pro-WikiLeaks Attacks Sputter After Counterattacks, Dissent Over Tactics
One in four US hackers 'is an FBI informer'
The FBI and US secret service have used the threat of prison to create an army of informers
among online criminals
Ed Pilkington in New York
The Guardian, Monday 6 June 2011 11.12 EDT
A quarter of hackers in the US have been recruited by federal authorities, according to Eric Corley,
publisher of the hacker quarterly, 2600. Photograph: Getty Images
The underground world of computer hackers has been so thoroughly infiltrated in the US by the
FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in
four hackers secretly informing on their peers, a Guardian investigation has established.
Cyber policing units have had such success in forcing online criminals to co-operate with their
investigations through the threat of long prison sentences that they have managed to create an
army of informants deep inside the hacking community.
In some cases, popular illegal forums used by cyber criminals as marketplaces for stolen
identities and credit card numbers have been run by hacker turncoats acting as FBI moles. In
others, undercover FBI agents posing as "carders" – hackers specialising in ID theft – have
themselves taken over the management of crime forums, using the intelligence gathered to put
dozens of people behind bars.
So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker
quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the
federal authorities to be their eyes and ears. "Owing to the harsh penalties involved and the
relative inexperience with the law that many hackers have, they are rather susceptible to
intimidation," Corley told the Guardian.
"It makes for very tense relationships," said John Young, who runs Cryptome, a website
depository for secret documents along the lines of WikiLeaks. "There are dozens and dozens of
hackers who have been shopped by people they thought they trusted."
The best-known example of the phenomenon is Adrian Lamo, a convicted hacker who turned
informant on Bradley Manning, who is suspected of passing secret documents to WikiLeaks.
Manning had entered into a prolonged instant messaging conversation with Lamo, whom he
trusted and asked for advice. Lamo repaid that trust by promptly handing over the 23-year-old
intelligence specialist to the military authorities. Manning has now been in custody for more than
For acting as he did, Lamo has earned himself the sobriquet of Judas and the "world's most hated
hacker", though he has insisted that he acted out of concern for those he believed could be
harmed or even killed by the WikiLeaks publication of thousands of US diplomatic cables.
"Obviously it's been much worse for him but it's certainly been no picnic for me," Lamo has said.
"He followed his conscience, and I followed mine."
The latest challenge for the FBI in terms of domestic US breaches are the anarchistic co-
operatives of "hacktivists" that have launched several high-profile cyber-attacks in recent months
designed to make a statement. In the most recent case a group calling itself Lulz Security
launched an audacious raid on the FBI's own linked organisation InfraGard. The raid, which was
a blatant two fingers up at the agency, was said to have been a response to news that the
Pentagon was poised to declare foreign cyber-attacks an act of war.
Lulz Security shares qualities with the hacktivist group Anonymous that has launched attacks
against companies including Visa and MasterCard as a protest against their decision to block
donations to WikiLeaks. While Lulz Security is so recent a phenomenon that the FBI has yet to
get a handle on it, Anonymous is already under pressure from the agency. There were raids on 40
addresses in the US and five in the UK in January, and a grand jury has been hearing evidence
against the group in California at the start of a possible federal prosecution.
Kevin Poulsen, senior editor at Wired magazine, believes the collective is classically vulnerable
to infiltration and disruption. "We have already begun to see Anonymous members attack each
other and out each other's IP addresses. That's the first step towards being susceptible to the
Barrett Brown, who has acted as a spokesman for the otherwise secretive Anonymous, says it is
fully aware of the FBI's interest. "The FBI are always there. They are always watching, always in
the chatrooms. You don't know who is an informant and who isn't, and to that extent you are
Original URL: http://www.theregister.co.uk/2011/09/26/hidemyass_lulzsec_controversy/
HideMyAss defends role in LulzSec hack arrest
Anons vow to give ass-hiders a hiding
By John Leyden
Posted in Security, 26th September 2011 13:27 GMT
HideMyAss has defended its role in handing over evidence that resulted in the arrest of
a suspected LulzSec member last week.
UK-based HideMyAss, which offers freebie web proxy and paid-for VPN services, said it
handed over potentially incriminating data to the feds only in response to a court order.
It had been aware that its service was being used by Anonymous/LulzSec members for
some time before this without taking any action, as a blog post  headed LulzSec
fiasco by the firm explains.
Cody Andrew Kretsinger, 23, of Phoenix, Arizona allegedly used HideMyAss.com's web
proxy service to hack into the systems of Sony Picture Entertainment as part of a hack
that exposed the personal details of thousands of gamers. According to the court order,
Kretsinger used SQL injection techniques that were run  via HideMyAss's
anonymising web proxy service to launch the high-profile attack.
It first came to our attention when leaked IRC chat logs were released, in these logs
participants discussed about various VPN services they use, and it became apparent that
some members were using our service. No action was taken, after all there was no
evidence to suggest wrongdoing and nothing to identify which accounts with us they
At a later date it came as no surprise to have received a court order asking for
information relating to an account associated with some or all of the above cases.
for illegal activity, and as a legitimate company we will cooperate with law
enforcement if we receive a court order (equivalent of a subpoena in the US).
HideMyAss, which bills itself as a leading online privacy website, adds that it does not
condone illegal activity, saying that similar services that do not co-operate with law
enforcement are "more likely to have their entire VPN network monitored and tapped by
law enforcement, thus affecting all legitimate customers". The service said it carries out
session-logging, recording the time a customers logs onto and disconnects from the
service as well as the IP addresses he or she connects to. It said it does not record the
actual content of web traffic.
Twitter accounts affiliated with Anonymous were unsurprisingly vociferous in their
criticism of HideMyAss's business practices and assistance of a federal investigation,
dubbing the service SellMyAss, and arguing that HideMyAss users are less likely to
trust it and more likely to look for alternatives.
"Question @HideMyAssCom: Was it worth to rat out one guy who allegedly hacked
#PSN in exchange for all your business? You will find out soon," AnonymousIRC said.
HideMyAss, which was established in 1995, was set up as a way to bypass censorship
on the web before moving on to offer commercial VPN services. It boasts of its recent
role in allowing Arab Spring protesters to gain access to websites such as Twitter, which
were blocked by the former Egyptian government of Hosni Mubarak. Privacy activists
have accused HideMyAss of double standards over its handling of the Kretsinger case.
"The Hide My Ass VPN service is run by a bunch of hypocrites," said Jacob Appelbaum,
a core member of the Tor project, in a Twitter update . "They support revolution and
circumvention when it suits their business image."
In updates to its original blog posts, HideMyAss defended its stance on this point,
arguing that it simply complies with UK law. It denied acting as a pawn at the behest of
"We are not intimidated by the US government as some are claiming, we are simply
complying with our countries legal system to avoid being potentially shut down and
"Regarding censorship bypassing, some have stated it is hypocritical for us to claim we
do not allow illegal activity, and then claim our service is used in some countries to
bypass censorship illegally. Again we follow UK law, there isn’t a law that prohibits the
use of Egyptians gaining access to blocked websites such as Twitter, even if there is
one in Egypt ... though there are certainly laws regarding the hacking of government
and corporate systems," it concludes. ®
Second LulzSec member pleads guilty to Sony hack (15 October 2012)
Second LulzSec suspect charged over Sony Pictures hack (29 August 2012)
LulzSec SMACKDOWN: Leader Sabu turned by feds last summer (6 March 2012)
Apple, Google apps face smut and violence ratings (29 November 2011)
Anonymous shuts down hidden child abuse hub (24 October 2011)
Three more charged in Anonymous hack spree probe (22 September 2011)
Two UK suspects cuffed in Anonymous manhunt (2 September 2011)
Anonymous and LulzSec spew out largest ever police data dump (8 August 2011)
Hackers dump secret info for thousands of cops (1 August 2011)
'Topiary' suspect bailed (1 August 2011)
Police charge Scottish teen over Soca attack (1 August 2011)
UK, Dutch cops cuff 5 more in Anonymous-LulzSec raids (20 July 2011)
Feds arrest 16 in Anonymous hack probe (19 July 2011)
Sony shuts down site to investigate possible hack (8 June 2011)
New Sony hack exposes more consumer passwords (3 June 2011)
Which VPN Service Providers Really Take Anonymity Seriously?
October 7, 2011
Last month it became apparent that not all VPN providers live up to their marketing after an alleged
member of Lulzsec was tracked down after using a supposedly anonymous service from HideMyAss. We
wanted to know which VPN providers take privacy extremely seriously so we asked many of the leading
providers two very straightforward questions. Their responses will be of interest to anyone concerned with
As detailed in yesterday’s article, if a VPN provider carries logs of their users’ activities the chances of
them being able to live up to their claim of offering an anonymous service begins to decrease rapidly.
There are dozens of VPN providers, many of which carry marketing on their web pages which suggests
that the anonymity of their subscribers is a top priority. But is it really? Do their privacy policies stand up to
scrutiny? We decided to find out.
Over the past two weeks TorrentFreak contacted some of the leading, most-advertised, and most talked
about VPN providers in the file-sharing and anonymity space. Rather than trying to decipher what their
often-confusing marketing lingo really means, we asked them two direct questions instead:
1. Do you keep ANY logs which would allow you or a 3rd party to match an IP address and a time stamp
to a user of your service? If so, exactly what information do you hold?
2. Under what jurisdictions does your company operate and under what exact circumstances will you
share the information you hold with a 3rd party?
This article does not attempt to consider the actual quality of service offered by any listed provider, nor
does it consider whether any service is good value for money. All we are interested in is this: Do they live
up to claims that they provide a 100% anonymous service? So here we go, VPN providers in the file-
sharing space first.
P2P Supporting VPN providers
Response to Q1: “It’s technically unfeasible for us to maintain log files with
the amount of connections we route,” BTguard explain. “We estimate the capacity needed to store log
files would be 4TB per day.”
Response to Q2: “The jurisdiction is Canada. Since we do not have log files, we have no information to
share. We do not communicate with any third parties. The only event we would even communicate with a
third party is if we received a court order. We would then be forced to notify them we have no information.
This has not happened yet.”
BTguard website (with discounts)
Private Internet Access
Response to Q1: “We absolutely do not maintain any VPN logs of any kind.
We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to
an external IP. These are some of the many solutions we have implemented to enable the strongest
levels of anonymity amongst VPN services. Further, we would like to encourage our users to use an
anonymous e-mail and pay with Bitcoins to ensure even higher levels of anonymity should it be required.
Our core verticals are privacy, quality of service, and prompt customer support.”
Response to Q2: “Our company currently operates out of the United States with gigabit gateways in the
US, Canada, UK, Switzerland, and the Netherlands. We chose the US, since it is one of the only
countries without a mandatory data retention law. We will not share any information with third parties
without a valid court order. With that said, it is impossible to match a user to any activity on our system
since we utilize shared IPs and maintain absolutely no logs.”
Private Internet Access website
Response to Q1: “Our sever connection logs are purged on a daily basis
since we don’t maintain hard drive’s big enough to store all this data. TorGuard’s torrent proxy and VPN
connection logs do not associate an IP with each request as there are hundreds of users sharing the
same connection at any given time. Since there are no logs kept or IP’s recorded, it is not possible to
identify exactly who has used the connection.”
Response to Q2: “Our parent company is based in Panama, with secure servers in Netherlands, Romania,
Ukraine and Panama. We do not share any of our user’s information with third parties, period. Only in the
event of an official court order would we be forced to communicate with a third party. This scenario has
never occurred, but if it were to, we would be forced to explain in more technical terms how we don’t
maintain usage logs.”
Update: use the promo / coupon code TorrentFreak to get a 20% discount at Torguard.
Response to Q1: We in no way record or store any user’s activity while
connected to IPVanish. The only information we collect from a VPN session is: Timestamp (date and
server time) of the connection to us, duration of the connection, IP address used for the connection and
bytes transferred. Logs are also regularly cycled. Additionally, IPVanish users are given dynamic and
SHARED IP addresses on the same servers—making it impossible for us to single out anyone for
Response to Q2: ” We operate out of the US and, like all companies and citizens, must comply with local
law. As detailed earlier, we have generic connection logs, but that information is not sufficient for
identifying individual users. We take privacy and reliable extremely seriously and will also never share,
rent or lease any information to any 3rd party.”
Response to Q1: “We have connection logs, but we don’t store IP
addresses there. These logs are kept for 7 days. Though it’s impossible to determine who exactly have
used the service.”
Response to Q2: “We have servers in Netherlands, Sweden and USA while our company is based on
Seychelles. We do not disclose any information to 3rd parties and this can be done only in case of a
certain lawsuit filed against our company.”
Response to Q1: “No logs, they are not kept. Even system logs that do not
directly link to users are rotated on an hourly basis.”
Response to Q2: “The company has recently been sold and falls under the Jurisdiction of the Seychelles.
As such there is no requirement [to log] within that jurisdiction.”
Response to Q1: “We don’t store the IP at all actually. It’s in temporary use
for the session you have when you’re connected but that’s it. We’ve had very few issues with not having
logs, but not keeping them makes it safer even for us since we can’t accidentally give out information
Response to Q2: “We fall – mostly – under Swedish jurisdiction when it comes to the service. When it
comes to organisational stuff (who keeps the data, who owns the service, who owns the server, who
owns the network etc etc) it’s very mixed, intentionally. This is to make it hard and/or impossible to legally
bully us around if that would be the case.”
“We can’t be easily shut down, and we can’t be pressured by courts to implement stuff we would oppose.
For end-users this is not affecting them in a negative way at all, only the opposite.”
Response to Q1: “We do not log any IP addresses and no information
about what data is accessed by our users, so we have no information that could be interesting to third-
Response to Q2: “We have servers in The Netherlands and our company is based in Cyprus. If
authorities would contact us we would have to tell them that we have no connection logs or IP-addresses
saved on our systems.”
General VPN providers
Response to Q1: The company carries no identifying logs.
Response to Q2: “Jurisdiction is in the EU, under most circumstances Italy (country of the company and
home of the person legally responsible for data protection), but applicable law may be one of the EU
Member States where the servers of the network are physically located (no servers are in Italy),” AirVPN
“We don’t share any information with anyone.”
Response to Q1: “We do not log anything, not even temporary logs. We do not
have any “personal information”, since we only require a working e-mail address to sign up. Many
customers use anonymous e-mail services like hushmail and the like. Even if a customer gives us their
information, we do not use it.”
Response to Q2: “We fall under Swedish jurisdiction, no circumstances will be accepted to share
information, since we do not have any information to share.”
Response to Q1: “Only for 5 days to stop abuse[..]. After 5 days we have
absolutely no way to match any IP address or time stamp to any users. Privacy and Security is further
enhanced for individual users because their VPN connections are basically lost in the crowd.”
“Our free VPN users share a block of IPs when they connect to the internet via VPNReactor. So at any
given time hundreds/thousands of our VPN users that have active connections could all be sharing a
single IP address. None of our VPN users are assigned individual public IPs.”
Response to Q2: “We strive to be upfront and transparent with our logging policies for the benefit of our
VPN users.” Logs seen by TorrentFreak seemed to confirm no identifiable information being stored.
“We are a U.S. based company and are bound by U.S. based court orders,” VPNReactor continued.
“However, if a U.S. based subpoena comes in requesting info for activity that occurred more then 5 days
prior, we have absolutely nothing to provide as our logs would have expired off. Request for connection
details outside a U.S. based court order will be fully ignored.”
Response to Q1: “We do not keep any logs about our users internet
activities including which sites they access or what data they transfer. We also run log cleaners on our
systems which removes the IPs from logs before they are written to disk,” the company told TorrentFreak.
“For tax and legal reasons we do store some billing information (name, email, country), but it is stored
with a third-party and separate from the rest of BlackVPN.”
BlackVPN say they hold a username and email address of their subscribers and the times of connection
and disconnection to their services along with bandwidth consumption. Logging is carried out as follows:
“On our Privacy Servers, NL & LT we don’t log anything that can identify the user, but on our US & UK
server where we don’t allow sharing copyrighted materials we do log the internal RFC1918 IP that is
assigned to the user at a specific time,” BlackVPN explain.
“So to clarify, we don’t log the real external IP of the user, just our RFC1918 internal one, this we have to
do to comply with local laws and to be able to handle DMCAs.”
Update: in their FAQ BlackVPN now writes:
“Although we do not monitor the traffic, incoming or outgoing connections of our users we may assign
users to a unique IP address and log which user was assigned which IP address at a given time. If we
receive a copyright violation notice from the appropriate copyright holder then we will forward the violation
to the offending user and may terminate their account. We therefore ask our users not to distribute or
transmit material which violates the copyright laws in either your country or the country in which our
Service is hosted.”
Response to Q2: “We operate under the jurisdiction of the Netherlands and we will fiercely protect the
privacy and rights of our users and we will not disclose any information on our users to anyone, unless
forced to by law enforcement personnel that have produced the proper legal compliance documents or a
court order. (In which case we don’t really have a choice).”
Response to Q1: “We don’t keep ANY logs that allow us or a 3rd party to
match an IP address and a time stamp to a user our service. The only thing we log are e-mails and
usernames but it’s not possible to bind a activity on the Internet to a user.”
Please note: PrivatVPN also offer use of a US server for watching services like Hulu. IP logs are kept when users
use this service.
Response to Q2: “Since we do not log any IP addresses [we have] nothing to disclose. Circumstances
doesn’t matter in this case, we have no information regarding our customers’ IP addresses.”
Response to Q1: “No logs whatsoever are kept. We therefore simply are
not able to hand data out. We believe that if you are not required to have logs, then you shouldn’t. It can
only cause issues as seen with the many data leaks in recent years. Should legislation change in the
juristictions we operate in, then we’ll move. And if that’s not possible, then we’ll shut the service down. No
Response to Q2: “We span several jurisdictions to make our service less prone for legal attacks. Servers
are currently located in Sweden. We do not share data because we don’t have it. We built this system
because we believe only when communicating anonymously, you can really freely express yourself. As
soon as you make a compromise, you are going down a slippery slope to surveilance. People will ask for
more and more data retention as seen around the world in many countries recently. We do it because we
believe in this, and not for the money.”
Response to Q1: “No. And we don’t see why anyone would. It would be
dishonest towards our customers and mean *more* potential legal trouble.”
Response to Q2: “Swedish jurisdiction. We don’t know of any way in which the Swedish state in practice
could make us behave badly towards our clients and that has never happened. Another sign we take
privacy seriously is that we accept payments in Bitcoin and cash in the mail.”
Response to Q1: “We log nothing at all.”
Response to Q2: “We don’t log anything on the customer usage side so there are no dots to connect
period, we completely separate the payment information,” they told us.
“Realistically unless you operate out of one of the ‘Axis of Evil Countries” Law Enforcement will find a way
to put the screws to you,” Cryptocloud add.
“I have read the nonsense that being in Europe will protect you from US Law Enforcement, worked well
for HMA didn’t it? Furthermore I am pretty sure the Swiss Banking veil was penetrated and historically
that is more defend-able than individual privacy. The way to solve this is just not to log, period.”
VPN providers who log, sometimes a lot
VyprVPN is the VPN service connected to and offered by the Giganews
Usenet service, although it can be used completely standalone. In common with many other providers we
contacted, VyprVPN acknowledged receipt of our questions but then failed to respond. We’ve included
them here since they have such a high-profile.
The company policy says that logging data “is maintained for use with billing, troubleshooting, service
offering evaluation, [Terms of Service] issues, [Acceptable Use Policy] issues, and for handling crimes
performed over the service. We maintain this level of information on a per-session basis for at least 90
On Usenet forum NZBMatrix several users have reported having their VyprVPN service terminated after
the company processed “a backlog” of DMCA notices which pushed them over the “two-strikes-and-out”
acceptable use policy.
So, does VyprVPN log? You bet.
We included SwissVPN in our survey because they are well known,
relatively cheap and have been used by those on a tight budget. To their credit, they were also the fastest
company to respond. They are one of the few companies that do not make anonymity claims.
Response to Q1: “SwissVPN is being operated based on Swiss Telecommunications and Personal Data
Protection Law. Session IP’s (not visited content, websites, mail, etc.) are being logged for 6 months,” the
company told us.
Response to Q2: The company responds to requests from 3rd parties under Swiss criminal law (pdf).
This company did not directly answer our questions but pointed us to their
logkeeping policy instead.
StrongVPN do log and are able to match an external IP address to their subscribers. We have included
them here since they were the most outwardly aggressive provider in our survey when it came to dealing
“StrongVPN does not restrict P2P usage, but please note sharing of Copyrighted materials is forbidden,
please do not do this or we will have to take action against your account,” they told us, later adding in a
separate mail: “StrongVPN Notice: You may NOT distribute copyright-protected material through our
network. We may cancel your account if that happens.”
Disappointing: VPN providers who simply failed to respond
In addition to the above, TorrentFreak also approached a number of other fairly well known VPN
providers. It’s not clear if our questions were simply too tricky to answer in a positive light or whether there
was some other reason, but disappointingly none of them responded to our emails, despite in some
cases having acknowledged receipt of our questions.
They include Blacklogic.com, PureVPN.com, VPNTunnel.se [Update: VPNTunnel.se have now
responded, see here], Bolehvpn.net [Update: Boleh responded after publication - they carry no logs] and
Should the above now feel able to respond directly to our questions, or if there are any other VPN
providers reading who would like to be included in a future update, please contact us now with direct
responses to the questions above. Apologies to the providers who contacted us at the last minute but
were too late to be included in the report – we had to stop somewhere.
When signing up to a VPN provider it really is evident that their their logging and privacy policies should
be read slowly. And then read again, even more slowly than at first. Many are not as straightforward as
they first appear (some even seem to be deliberately misleading) and that is the very reason why we
asked our own questions instead.
In contrast to the the pessimism generated by yesterday’s report, as we can see from the list above,
when it comes to offering real privacy there are plenty of services out there.
How To Make VPNs Even More Secure
I Know What You Downloaded on BitTorrent….
“Anonymous” File-Sharing Darknet Ruled Illegal by German Court
Pirate Bay Users Hide IP-Addresses to Counter Copyright Enforcement, Research Finds
Why Offline Privacy Values Must Live On In The Digital Age
Anonymous 101: Introduction to the Lulz
By Quinn Norton
Anonymous has kept up its monthly protest, including this one from October 13, 2011, outside the Church
of Scientology headquarters in downtown San Francisco.
(Editor’s Note: Any decent coverage of Anonymous is going to verge on some NSFW material at points.
There will be questionable language and strange imagery.)
Last week the net and the media were ablaze with the news that Anonymous might be taking on the Zeta drug
cartel in Mexico, a story that has morphed into a wider drug corruption story, and led to one American law
enforcement official in North Carolina being named as a gang conspirator.
Also this year, Anons released documents on, or d0xed, several police organizations and one prominent police
vendor in retaliation for heavy-handed law enforcement reaction to occupations associated with the
Occupy Wall Street movement. They’ve fought with child pornographers, hacked Sony repeatedly, and even
tried to release compromising pictures to blackmail Bay Area Rapid Transit spokesman Linton Johnson into
resigning. (Johnson claimed to have authored and then defended BART’s controversial decision to shut off
mobile phone service in BART stations to pre-empt an anti-police brutality protest.)
They’ve created law enforcement excitement that’s verged on panic, given net and media pundits
hyperbolic logorrhea about “cyber terrorism” and “cyber freedom”, and happily skipped between damn
funny, deeply disturbing, and self-aggrandizing, depending on the mood of the hive mind at the moment.
But what is Anonymous?
In this in-depth series “Anonymous: Beyond the Mask,” we’re going to do our best to answer that.
NYU Professor and Anonymous researcher Biella Coleman compares Anonymous to the trickster god
“The trickster does exist across America, across Europe, really across the world and it is not in myth but in
embodied in group and living practice: in that of the prankster, hacker, the phreaker, the troller (all of
whom, have their own unique elements of course, but so does each trickster),” she wrote in Social Text.
The trickster isn’t the good guy or the bad guy, it’s the character that exposes contradictions, initiates
change and moves the plot forward. One minute, the loving and heroic trickster is saving civilization. A
few minutes later the same trickster is cruel, kicking your ass and eating babies as a snack.
The conversation about Anonymous points to this trickster nature, veering between praise and fear, with
the media at a loss for even how to describe them.
We’ve tried hacker group, notorious hacker group, hacktivists, the Internet Hate Machine, pimply-faced,
basement-dwelling teenagers, an activist organization, a movement, a collective, a vigilante group, online
terrorists, and any number of other fantastical and colorful terms. None of them have ever really fit.
Anonymous has constantly forced us to reach for the thesaurus — revealing that as a whole, we in the
media have no idea what Anonymous really is or what it means.
It wasn’t until I downloaded and listened to Lulz: A corruption of LOL‘s second album, Corruption, that I
grasped what Anonymous really is.
It’s a culture.
It takes cultures to have albums, idioms, and iconography, and I was swimming in these and more.
Anonymous is a nascent and small culture, but one with its own aesthetics and values, art and literature,
social norms and ways of production, and even its own dialectic language.
It is no wonder we in the media and the wider culture are often confused. Any study of Anonymous must
be anthropological, taking into account the way people exist in different societies. The media has just been
looking for an organization with a leader who could explain why Anonymous seems to do weird things.
Not only that, but Anonymous seems to be built around doing weird things, and even has a term for it: the
The lulz (a corruption of LOL, online shorthand for laugh out loud) is the most important and abstract
thing to understand about Anonymous, and perhaps the internet itself. The lulz is laughing instead of
screaming. It’s a laughter of embarrassment and separation. It’s schadenfreude. It’s not the anesthetic
humor that makes days go by easier, it’s humor that heightens contradictions. The lulz is laughter with
pain in it. It forces you to consider injustice and hypocrisy, whichever side of it you are on in that moment.
In the culture of Anonymous, the lulz is the reason for
doing. Anonymous wasn’t made for easy times; the trickster sleeps when all is well.
Cultures don’t emerge from vacuums, and Anonymous is no exception. The birthplace of Anonymous is a
website called 4chan founded in 2003, that developed an “anything goes” random section known as the
/b/ board. 4chan itself comes from a Japanese-language predecessor called 2chan, founded in 2001.
Before that, the lulz and hacker pranking was alive and well in old-school IRC chat rooms, EFnet, and the
1990s hacker scene.
But if you’re going back that far, add as influences Mondo 2000, and publications like RE/Search, and a
billion shitty zines that were dead by 1996. But those all came from something, too.
Hacker culture, and almost all of computer culture back in the day is shot through with the Discordian
edge of 1960/1970s counter-culture and Robert Anton Wilson and Robert Shea’s Illuminatus. So from
there it’s the yippies, Andy Kaufmann, and the Situationists we need to first comprehend. Or do we head
back to early 20th century absurdists of Dada? Or maybe we venture all the way to that olde booke of epic
trolling lulze, Tristram Shandy?
We’re all the way to 1759 now.
Perhaps this means the 1960s Discordians are right, and there’s a Ha Ha Only Serious giggle that is cosmic
in nature. That there is a part of reality, a force of physics, that is actually a Fundamental Sense of Humor.
But the gravity we deal with can only be explained to an even larger amount of Dark Humor, woven into
the fabric of the universe.
The point is Anonymous, despite the false shock of contemporary news reporting, isn’t sui generis. It’s not
a surprise, and it didn’t spring fully formed from the forehead of Ceiling Cat.
In this place and time, with the exhaustion of political discourse, the overwhelming pressures of modern
life, and rise of the internet, the stochastic network organism of Anonymous was inevitable.
I will confess up front that I love Anonymous, but not because I think they’re the heroes.
Like Alan Moore’s character V who inspired Anonymous to adopt the Guy Fawkes mask as an icon and
fashion item, you’re never quite sure if Anonymous is the hero or antihero. The trickster is attracted to
change and the need for change, and that’s where Anonymous goes. But they are not your personal army –
that’s Rule 44 – yes, there are rules. And when they do something, it never goes quite as planned. The
internet has no neat endings.
The trickster as myth proved so compelling that the network made it real. Anonymous, the net’s trickster,
emerged like supernatural movie monster out of the misty realm of ideas and into the real world.
In case you decide to click on /b/
But to be historical, let’s start with 4chan.org, a wildly popular board for sharing images and talking about
them, and in particular, 4chan’s /b/ board (Really, really, NSFW). /b/ is a web forum where posts have no
author names and there are no archives and it’s explicitly about anything at all. This technological format
meeting with the internet in the early 21st Century gave birth to Anonymous, and it remains the mother’s
teat from which Anonymous sucks. (Rule 22)
Once you pull your hands away from your face and start looking, /b/ is hard to look away from.
/b/ is the id of the internet, the collective unconscious’s version of the place from which the base drives
arise. There is no sophistication in the slurs, sexuality, and destruction in the savage landscape of /b/ — it
is the natural state of networked man.
In this, it has a kind of innocence and purity. Terms like ‘nigger’ and ‘faggot’ are common, but not there
because of racism and bigotry – though racism and bigotry are easily found there. Their use is there to
keep you out. These words are heads on pikes warning you that further in it gets much worse, and it does.
Nearly any human appetite is acceptable, nearly any flaw exploited, and probably photographed with a
time stamp. But /b/ reminds us that the id is the seat of creative energy. Much of it, hell even most of it, is
harmless or even sweet. People reach out for help on /b/, and they find encouragement and advice. The id
and /b/ are the foxholes of those who feel powerless and disenfranchised.
That’s what you’ll find in /b/, the unspoken. ‘/b/tards’, as denizens of the board are called and call
themselves, create incest porn, fantasize about beating women, look for dataviz examples or coding tips.
They are grown men that really want to talk about “My Little Pony: Friendship is Magic.” Maybe it’s ironic,
maybe it’s not. (I’m told by one such brony that the show is just a lot better than you’d expect.)
At some moment lost in its unrecorded history, /b/ and Anonymous reached an inflection point, and the
id spilled into the rest of the net in the form of “ultra-coordinated motherfuckery,” as one anon described it to
Coleman. This was the ability to use the technological tools of social coordination so quickly and well that
anons working together could collectively attack targets for any perceived slight, or just for fun, without
those targets ever having a chance to see it coming or defend themselves.
These came to be called “raids.”
Over time raids took many forms, eventually moving into the regular world. They could look like protests,
massively coordinated pranks, distributed-denial-of-service attacks (DDOS) or straight-up hacking
attacks. D0xing, ordering unpaid pizzas, signing people up for embarrassing junk mail were all common
raids. There’s a raid that you know for sure. It’s likely you’ve even participated, and even more likely you’ve
been a victim of it; the rickroll. The rickroll began as a tool of the /b/tard/Anonymous raid, before
spreading so far into the culture that the Oregon legislature and even the US Speaker of the House were
rickrolling the world.
Anonymous spat out other memes like lolcats and pedobear that spread far enough for their origins to be
lost to many, but with little profound effect on the rest of the world.
Even then, Anonymous had a vigilante streak, and it could be downright mean. They’d d0x someone who
abused a cat. In particular they went after abusers of cats, because Anonymous loves cats and pictures of
cats. They blocked the pool at the online kid’s game Habbo Hotel with black, generously fro’d avatars
declaring “Pool is closed due to AIDS” as a protest to perceived racism on the part of Habbo’s admins.
But Anonymous was never particularly focused. Raids could be devastating or funny, but either way they
came and went quickly, the net’s own little tornado system. Anonymous was never anyone’s personal
army, and never stayed on any one topic for very long.
It took Tom Cruise to change all that and give Anonymous a political consciousness. Specifically, Tom
Cruise as cringe-worthy Scientologist.
Birth of the ‘Moralfags’
A video of a disturbingly manic Cruise leaked out of Scientology in January 2008, and the notably
litigious church tried to force hosting services and Gawker to take it down with legal nastygrams.
But the video contained some truly epic lulz, and Anonymous wouldn’t let it die. The church’s effort to kill
it off so enraged Anons they decided to destroy the church itself. By enraged, I mean a pissy kind of laughing
and spitting at once. For Anonymous being mad meant wanting to troll the church very hard, but it was
never to get serious, because getting serious for Anons meant losing.
To accomplish this op (short for operation), Anons created Project Chanology, which arguably marked
both the birth of political consciousness for Anonymous, and the development of its methods of taking
Destroying the church was going to be aggro funny, as well as require a lot of dancing. Many have
wondered since then, were they serious about destroying the church, or was it all a joke?
The answer is yes, and understanding that is vital to understanding Anonymous.
There’s no proof that the people that started Project Chanology had any personal beefs against the Church
of Scientology beyond their secondhand annoyance at the Church’s litigious history and attempted
suppression of speech. But probably most importantly, the Church was rampantly guilty of feeding the
trolls. (Rule 14)
But Project Chanology was the perfect way for the people who did have a history with Scientology to jump
under the wing of the haughty and lulzy collective. Scientology had pursued its detractors with mean
spirited ruthlessness, delving into critic’s personal lives, following them with investigators and ruining
Anonymous didn’t care. Call them rapists, and they’d laughingly tell you they were child rapists. Accuse
them of any crime, and they could point to worse on /b/. Anonymity and the ‘words will never hurt me’
ethic that arose out of the aesthetic of extremes on 4chan made them immune to the Church’s arsenal.
But some existing Anons, and the ones that came in from the community of Scientology detractors, really
cared about winning this one. They wanted to be the good guys and Scientology to play the bad guys. The
Church, they reasoned, hurt people, took their money, and lied to them under the guise of being
caretakers and teachers.
Anonymous claimed to do all those bad things too, but didn’t really, and would never promise to take care
of you and teach you, but sometimes did anyway.
As Coleman put it in her study, they were the perfect nemeses. But Anons caring about doing the right
thing is about morality, and morality, at least straight morality, is not the lulz. Many veterans saw this as a
corruption of the purity of Anonymous — the cancer that was killing /b/.
On February 10, 2008, the “moralfags” took the whole thing to a new level. They set up meeting times and
places in cities around the world, bought masks and made signs.
Anons left the internet by the thousands and showed up in front of church locations and Scientology
centers around the world, many wearing their new Guy Fawkes masks, V for Vendetta movie merchandise
sold by Warner Brothers, to obscure their identities.
They played music and walked around with signs that both accused Scientology of crimes and referenced
obscure internet memes. They met each other in meat space for the first time. They partied with their own
in front of aghast Scientologists in more than 90 cities.
For the first time, the internet had shown up on the real street, en masse.
And yes, they brought Long Cat.
Anonymous And The War Over The Internet
Posted: 01/30/12 12:20 PM ET | Updated: 02/01/12 07:36 PM ET
Anonymous Hackers, Censorship, Cybercrime, Hackers, Pipa, Department Of Justice, Kim Dotcom, Acta,
Anonymous, Anonymous News, Anonymous Sopa, Megaupload, Riaa, Scientology, Sopa, Technology
This article is the first in a two-part series tracing the development of the amorphous online
community known as Anonymous, pranksters who have become a force in global affairs.
Late in the afternoon of Jan. 19, the U.S. Department of Justice website vanished from the
Internet. Anyone attempting to visit it to report a crime or submit a complaint received a message
saying the site was unable to load. More websites disappeared in rapid succession. The
Recording Industry Association of America. The Motion Picture Association of America.
Universal Music. Warner Brothers. The FBI.
By nightfall, most of the sites had come back online, but the people responsible for the outages
had made their point. They'd landed what they hailed as the biggest blow yet in an escalating war
for control of the Internet, and in one of their online command centers, "Phoenix" and his
associates were celebrating.
Phoenix, a college student, is a member of Anonymous, the loose coalition of hackers, pranksters
and other creatures of the Internet who have made headlines over the last 13 months for attacks
on the computer systems of a wide range of targets: MasterCard, Visa and PayPal; the San
Francisco public transit system; a Texas think tank; Sony; a host of computer-security companies;
authoritarian governments in Tunisia and Egypt.
(Click here to view an infographic charting the evolution of 'Anonymous'.)
Phoenix wouldn't call himself a "member," of course. Much like Occupy Wall Street, a
movement with which it has many ties, Anonymous technically has no official membership,
hierarchy or specific agenda. Some "anons" do wield more influence than others and the
resulting resentments have led to bitter internecine feuds, but its overall lack of an official power
structure is essential to its identity and perhaps its survival. As Anonymous put it in a taunting
statement to NATO, another recent object of its unfriendly attentions, "You can't cut off the head
of a headless snake."
The snake seems to have a certain sense of direction, however, as the Jan. 19 attacks suggested.
The inciting incident took place earlier that day in the hills outside Auckland, New Zealand,
when local police landed two helicopters on the lawn of a man who calls himself Kim Dotcom
and owns Megaupload, a hugely popular online service that enables people to share and store
movies and other media for free.
Authorities shut down the site and arrested Dotcom and six colleagues, accusing them in a 72-
page indictment of engaging in acts of "massive worldwide online piracy" that inflicted $500
million in damages on copyright holders while bringing in more than $175 million in profits.
The news spread quickly. A message went out on Anonymous Twitter accounts exhorting people
to attack the Justice Department and several piracy-fighting trade groups. By clicking on a link,
they could launch a page that asked them to identify a target. Thousands typed in the address of
the Justice Department site and clicked enter, bombarding it with a fusillade of meaningless
commands. Overwhelmed, the site froze and dropped offline.
In the chat network where Anonymous coordinated the attacks, the virtual warriors declared
victory with a military phrase: "TANGO DOWN."
Part war, part game. Given the culture of the Internet, it's reasonable to assume that many of
those who responded to Anonymous' call were teenagers. The software used to fire these Internet
missiles was the Low Orbit Ion Cannon, a name lifted from the video game "Command &
Conquer." Yet the consequences of firing it were real -- a major law enforcement agency's web
site was temporarily crippled, leaving the agency to observe that there had been a "degradation in
Last year, 14 anons were arrested in the United States for using the Ion Cannon to attack PayPal.
Some now face the possibility of 15-year prison sentences.
Phoenix wasn't around when the Jan. 19 attack went down, but later that night, I found him in an
Anonymous chat room and asked him to explain the motivations behind it.
"You've heard Anons say before that this is a war," he said. "A full scale information war. That's
not mere propaganda, many regard that as a perfectly accurate description. And the stake at play
is, simply, 'Who will control access to information? Everyone or a small subset?'"
In case it wasn't clear, he then labeled that subset: "The government."
This struggle for control of the Internet goes back years, but it reached a crescendo just the day
before the attack on the Justice Department, when Wikipedia went dark in protest of the Stop
Online Piracy Act and the Protect Intellectual Property Act, the controversial anti-piracy bills
that were working their way through Congress. Google collected 4.5 million signatures on a
petition against the bills. Mozilla redirected traffic from its sites. And thousands of other
protesters, from Tumblr and WordPress to Some Guy with a Blog, blacked out their sites, took to
the streets and posted messages opposing the legislation, saying it would hurt their business and
amounted to censorship.
Across the battle lines stood film studios, music labels, pharmaceutical companies and other
businesses intent on defending their copyrighted property from illegal sharing at a time when the
Internet has made it possible for, say, a digital copy of "V For Vendetta" -- an anon fave and the
source of their iconic grinning Guy Fawkes masks -- to travel from an iPad in the United States
to a piracy site in Brazil to another viewer's laptop in Korea.
These companies face a tricky problem: How do you sue a piracy site when it’s based in another
country, especially one with looser intellectual-property laws? The bills' answer: You don't. You
go after their enablers -- websites that drive traffic to the piracy hubs by posting links to them,
even if they only do so inadvertently. Critics argued that the cost of getting rid of these links
would drive smaller sites out of business.
Two days after the protests, in the face of public outrage and lobbying efforts from the tech
sector, Congress shelved SOPA indefinitely. But that doesn't mean the war is over. As one
Anonymous tweet warned about SOPA: "It can be brought back anytime. The bill must be
Like the web companies involved in the protests, anons tend to argue that anti-piracy legislation
could send the Internet down an ever-tightening spiral of government control. Many anons go
further, portraying such bills as deliberate assaults on the right to free speech. They say they
oppose anti-piracy efforts on idealistic grounds, not that they don't enjoy a bit of pirated
entertainment from time to time. Obeying the law isn't their highest priority. "The Internet is the
Wild West," Phoenix said on the night of the attacks, "and Anonymous will fight against any
attempt to tame it."
That conversation with Phoenix was not my first. All of our communications took place online,
mostly in the networks of chat rooms where anons plan their attacks (and banter endlessly), and I
had come to think of him as a messenger from the Internet underworld: He had one foot in the
world of "hax0rs" -- hacker-speak for hackers -- and one in the world of capital letters and
He was like a hacker Hermes, moving freely between the realms of the living and the dead,
except that in this case the realm of the dead was a dominion of cyberspace in which the dead
possessed an unusual degree of expertise in massively multiplayer online video games and porn.
Altogether, I spoke with more than 30 anons, and in some respects, their attitudes couldn't have
been more different, but one thing seemed to hold them together. They saw the Internet as their
homeland, their home. Among them were Phoenix, Xyzzy and Gregg Housh. Together, their
stories roughly trace the rise of Anonymous and the battles leading up to what Phoenix calls the
THE ORIGINS: XYZZY
Xyzzy said he was in his early twenties, lived in the Boston area, and described himself as an
out-of-work computer guy. He had been around Anonymous since its beginning about a decade
ago, and as far as I could tell he spent all his time online. There was a two-week stretch in which
I instant-messaged with him for hours every night, and I assumed he was going out of his way to
talk to me until he told me he was simultaneously IMing with three other people and
participating in a seven-person video chat on Skype.
Some anons talked about the Internet as their homeland. For Xyzzy, the Internet had literally
given him a home. In 2008, he said, the Secret Service pulled him out of a classroom at school
after he played a little joke on the government by spamming a .gov website with "KILL
OBAMA" rants. ("Not a good idea," he reflected.) His parents kicked him out of the house, and
some friends in Anonymous took him in. He considered one of them his "Internet mom" and said
he thought of her as "kinda better" than his real mom.
He said he was about 12 or 13 when he discovered the Internet, and couldn’t really remember
what life was like before that. "I wasn't anything," he wrote. "I was just a nerd who never really
The Internet gave him balls. And a mouth. In the chat rooms where he hung out he learned how
to mock people and later found he could use this skill "irl", where he went from "never talking in
school to making fun of everyone who picked on me for being nerdy."
He also learned how to "socially engineer" people -- manipulate them. Often, he said, that meant
calling an email provider and tricking the friendly lady who answered the phone into handing
over a password to someone's account, enabling him to break in, steal the person's credit-card
number and sell it.
And he learned how to "troll." At the time, if you didn't troll you weren't really an anon. Trolling
is the art of deliberately irritating people until they flip out or otherwise react in a way that
generates laughs, or "lulz." It is the bedrock of Anonymous culture, and in the early 2000s there
were dozens of "trolling gangs" roaming the back alleys of the Internet.
Xyzzy wanted me to understand that they pretty much established the Anonymous mindset. He
stressed that when Anonymous started, it was made up of "jerks," and he meant this as a
compliment. And he was especially insistent that I appreciate the historical significance of one
group of jerks in particular, the Penis Pumpers For Lyfe.
The Penis Pumpers were "Anonymous before Anonymous was Anonymous," Xyzzy said. They
were a band of tricksters who hung out in IRC, or Internet Relay Chat, a sort of underground city
of the web that continues to dominate the Anonymous landscape.
If IRC is a city, then its "networks" are the buildings. Each network is comprised of chat rooms,
or channels. The Pumpers had their own channels and would join, say, the NHL room and "bitch
about hockey, something they had no clue about, just to piss people off." They'd take over other
people's channels, ban the real owners, impersonate them and use the stolen personas to troll.
"Whatever worked to mess with the intended target," said Xyzzy.
Sometimes the jokes went to harsh extremes, and that hasn't changed. In 2010, an 11-year-old
girl nicknamed Jessi Slaughter issued a YouTube threat against "haters" who had started an
Internet rumor about her. She said she'd "pop a Glock in your mouth and make a brain slushy."
As a Gawker account put it, "Ha ha."
Unfortunately, as Gawker went on to note, the response went beyond "ha ha." People found her
real name, address and phone number. They passed the information around. A bomb squad
showed up to her school after a suspicious package arrived in the mail. Encyclopaedia Dramatica,
a website that chronicles the lore and pranks of the Internet in the fuck-you-it's-funny style of the
Internet itself, published an item on how to troll her. "Tell her dad that we are going to beat her
up." "Tell her to kill herself."
Jessi responded with another video. In this one, she was seen crying and whimpering while her
father crouched in the background, screaming at the camera and shaking his fist. His awkward
threats would become memes. A year later, he was arrested for punching Jessi in the mouth, and
six months after that, she posted a video saying she'd been institutionalized and was living in
foster care. Last summer, her mother wrote on Facebook that the father had died of a massive
heart attack. Someone posted a screenshot of the message on FunnyJunk.com.
Obviously there isn’t anything political about relentlessly picking on an 11-year-old, but
Anonymous has used many of the same schoolyard tactics to pick on much more powerful
adversaries. At its most basic level, trolling is about humiliating people who seem to take
themselves too seriously or pretend to be something they're not: 11-year-old girls, corporate
executives, whoever. The troll jabs at them until they jab back, exposing their vulnerabilities,
then jabs at those weak spots until they do something rash and truly embarrass themselves.
Xyzzy told me he and another anon once trolled someone at an antiwar rally in Boston. In an
indication of how much Anonymous has evolved since then, he said they attended the rally not to
join the protest but to screw with the protesters. Xyzzy told his friend he bet he could "troll out"
the first guy he saw who was obviously there just to pick up girls.
"So we got near the guy and the guy makes the first move," wrote Xyzzy. "He rants at us about
peace and I tell him, 'Look, dude, I don't give a fuck.' He jumps on me about how I'm the
problem with the world today."
"And I just turn it on him," Xyzzy continued. "How HE is the problem with the world today
cause he can't leave people alone and needs to stick his retarded nose in other people's business.
He clearly is upset so I keep at it saying how he doesn't know the first thing about what it means
to stand up for what you believe in. And he responds with how he'll show me how he stands up
for what he believes in."
At this point in the story, Xyzzy paused to note that while he is under 6 feet tall and "a fat kid,"
his target stood about 6-foot-4 and looked like he worked out. Xyzzy was not to be intimidated,
however. On the Internet, he had learned he could use his wit to humiliate pretty much anyone.
Years after the protest, the typical Anonymous trolling target would be the government-corporate
matrix, not just some bro at a peace rally. Whatever. Xyzzy isn't picky. He's happy as long as
he's having a laugh. By the time he'd finished with the bro at the peace rally, the bro was in
Broadly speaking, there are two kinds of anons: those who want to change the world and those
who are in it only for the lulz. Xyzzy moved closer to the first group over time, but he remains a
lulz man at heart. One of his friends, however, appeared to have transformed himself completely,
leaving behind a trail of self-serving crimes. He was part of a group of anons whose elevated
stature in the community had earned them the derisive label "leaderfags," and when Xyzzy met
them they convened in their own private channel, from which they exerted a certain amount of
influence over the rest of Anonymous. Exactly how much influence is debatable, but Xyzzy, for
one, called them the "Illuminati of the Internet" and described his friend, with perhaps just a
touch of hyperbole, as "the Godfather."
The "Godfather" is a 35-year-old computer engineer who lives in a blue-collar suburb of Boston.
In November, I visited his home, a wood-frame house up the street from a convenience store and
a laundromat. Parked in the driveway was a black Scion emblazoned with the words "Geek
Choice" and a phone number: 1-800-GEEK-HELP. A small box of business cards was mounted
to the side. I took one. "Computer problems?" it said. "We come to you."
A shy, pretty woman, the Godfather's girlfriend, led me to an upstairs bedroom where the
Godfather was seated at an incredible array of computer monitors. He had a thin build, a
bemused expression and a loud, direct voice. He said he needed food, so we hopped aboard the
Geekmobile. I rested my feet on a pile of empty Pepsi bottles.
At a nearby restaurant, the Godfather ordered a chicken sandwich and told me that a would-be
whistleblower had recently come to him with information that could potentially destroy the
reputation of a certain international media mogul. He said he needed to figure out how to protect
the whistleblower before pulling the trigger. "Before I'm dead," he said, "I want his empire to be
The Godfather's name is Gregg Housh, and his sense of himself as someone capable of molding
the world to his vision dates at least to 2008, when he played a key role in helping Anonymous
organize a series of protests against the Church of Scientology. Following his involvement in
these demonstrations, Scientologists uncovered his identity and took him to court, which had the
unintended effect of putting him in a good position to talk to the press.
Housh, an excellent talker, became a de facto Anonymous spokesman. Confident and articulate,
with a little gray in his hair, he started giving interviews to The New York Times, CNN and other
outlets. (For his part, Housh rejects the label of spokesman, taking pains to stress that no one
person can speak for Anonymous as a whole.)
As a protest organizer, he also made connections in the Boston Police Department, which came
in handy earlier this year when demonstrators set up tents on a plot of green across the street
from the city's Federal Reserve building. In the early weeks of the Occupy movement,
Anonymous essentially served as a publicity arm, using its Internet fame to spread the word at a
time when few traditional media outlets were paying attention. Housh worked his media
connections, established a cellphone-to-cellphone rapport with the Boston police superintendent
and cultivated relationships with political operatives. At one point he arranged for Massachusetts
Gov. Deval Patrick to visit the camp, then led the governor on a guided tour. I watched him give
a similar tour to the state treasurer and engage in some friendly ribbing with a city councilman,
and it occurred to me that he'd make a pretty good politician himself.
Housh has not always been interested in politics. Far from it, he said he used to care only about
"amassing as much stuff as I possibly could." When he was growing up in Dallas, his father
abandoned the family, leaving his mother alone to care for him and his sister, who has cerebral
palsy. Housh quickly came to appreciate the value of money. He also started thinking about ways
to make it that didn't involve sweating over a fryer at McDonald’s.
At around age 10, he discovered a glitch in a video game at an arcade near his house: When he
pressed a button at the right moment, the machine would spit out a token. He did this a few times,
ambled over to the token machine and unloaded his spoils at a discount. Before long he had three
friends working for him in two cities. He later realized this technically qualified as racketeering.
Cunning and rebellious, he might have ended up writing bad checks or ripping off insurance
companies for a living, but when he was 14 his mother gave him his first computer. Within a
half-hour, he says, "every part that could be separated or unplugged was sitting on the living
room floor." By 16, he had dropped out of school and joined a software piracy gang. He drew on
the combined skill set of the hacker and the con man, employing the techniques of "social
engineering" to get people to fork over stolen software and access to Internet servers.
In 2001, the FBI caught up with him and he served three months in a federal prison. When he
was released, he had a hard time finding himself. He was afraid to reenter the criminal
underworld and unimpressed with what passed for fun outside of it. And then he found 4chan.
Founded in 2003 by a 15-year-old named Christopher Poole, 4chan was initially a collection of
forums where people could discuss anime and Japanese comics. By the time Housh arrived in
2007, the website, particularly a section called "random," had devolved into a reeking cesspool
of gore, porn and insanity. In attempts to capture its unique charms, reporters have likened it to a
stall in a boy's bathroom, a locker crammed with fireworks and Hustlers and maybe a copy of
"Mein Kampf," even the id.
There was only one rule -- no child porn. Reports suggest it was lightly enforced. A quick
perusal of the first page of "random" on the evening of Dec. 19, 2011, yielded a picture of a
woman's crotch, a picture of a woman's ass, a request for pictures of the feet of "pre-teen
models/non-models," a poster recruiting people to flood a rival website with "filth and porn," two
rape jokes, several racial slurs, a picture of someone vomiting and a picture of Kim Jong Il
accompanied by the comment, "Good night, sweet prince."
Conversations with 4chan regulars made it clear that this was a quiet evening.
During the past five years, some of the lighter culture of 4chan has seeped into the mainstream:
The pictures of cats with misspelled captions (lolcats), those links that trick you into playing that
obnoxious music video (rickrolling). These are "memes" and they generate "lulz." In Housh’s
day, the lulz abounded. If you wanted "epic lulz," you could hack into someone's emails and use
the stolen information to troll. Or you could "d0x" someone (publish documentation of his
identity). Or "DDoS" someone's website (flood it with traffic and knock it offline). Or "swat"
someone (get an unsuspecting victim to turn on his webcam, then call the police and "lol" as a
SWAT team kicks down the door).
All of these activities were "raids," and though people usually planned them in the IRC networks,
they assembled their raiding parties on 4chan. The one thing that made them possible was that
the site allowed you to post stuff anonymously. People began calling themselves "Anonymous,"
which became a meme of its own. You began hearing phrases like "Expect us" and "We Are
Legion," which have become enshrined in the culture's lexicon.
Housh's first adventure as an anon turned out to be a high watermark in 4chan history: a giant
raid on the online multiplayer game "Habbo Hotel." At a predetermined hour on July 12, 2007,
he and hundreds of other anons logged into the game and selected the same avatar from the
character menu: a black guy with an Afro. Then they crowded around the virtual swimming pool,
effectively blocking the other players from using it, while proclaiming that the pool had been
closed "due to AIDS." Other anons gathered on the patio and arranged themselves into the shape
of a swastika. This was called a "swastiget," Housh explained to me matter-of-factly. "You get a
swastika on a website or a piece of software that people have to see."
Even in those days, one could have conceivably justified many of the 4chan pranks on moral
grounds, and when he recounted the "Habbo" tale, Housh attempted to do so, sort of. He said that
by creating a character that arguably looked like a racist white guy's idea of a black guy, the
"Habbo" design team had done something "kind of racist, so we decided to go be racist to them."
There was also a news story making the rounds about a hotel in Alabama that had banned
someone with AIDS from the pool.
Or something. Mostly, the raid was just fun to do, Housh admitted. Anonymous was still all
about the lulz.
Later that year, Anonymous brought down the website of a white-supremacist radio host and
used the technique of "pedobaiting" to root out a child molester in Canada. Some anons were
beginning to see themselves as a force for justice. The real transformation, though, happened in
February 2008, with the birth of a movement that blended the ironic sensibility of the Internet
with the earnestness of an antiwar rally. In homage to its 4chan origins, it was dubbed
"THE INTERNET IS HERE"
In "The Prince," Machiavelli warns the reader that "a violator of the property and women of his
subjects" will be "hated above all things." In 16th-century Florence, an example of such property
might have been a plot of farmland or an ox. In the Chanology War of 2008, the property in
question was a video of Tom Cruise talking about Scientology in the pseudo-scientific lingo of
the religion and generally "showing himself to be the insane person he is," said Housh.
Somehow the video had made its way from Scientology's offices to the Internet, where it had
generated untold quantities of lulz. So when Scientology's lawyers pressured YouTube into
taking it down, anons went into a frenzy. They found it laughable and outrageous that a religion
founded by someone who claimed to believe in a galactic dictator called Xenu could exercise so
much control over a source of information as important as the Internet.
During the next week, Housh and a few cohorts made two videos of their own. One declared war
on Scientology. The other specified what that war would entail: protesting in front of
Scientology centers around the world.
Housh says he thought maybe a few people would show up and act like jerks. "I thought it would
be good for a couple weeks of trolling," he said. It turned out he had seriously underestimated
people's love of the Internet or their contempt for Scientology or both.
On Feb. 10, 2008, thousands gathered outside Scientology centers in 142 cities around the world.
They wore Guy Fawkes masks and blasted "Luma Luma" on boom boxes. They shouted Internet
insults. They held up signs saying "OH FUCK: The Internet Is Here." More protests followed,
and over time what started out as a prank turned into something more serious.
The movement attracted fervent Scientology critics, including a number of defectors. As Housh
and other anons got to know those people, they gained more insight into the organization and
refined their talking points to target what they saw as its weak spots. Tory Christman, a
prominent ex-Scientologist, told me Anonymous helped alter the balance of power between the
church and its critics. "Before Anonymous, there were literally about four or five of us who
would talk to the interviewers," she said. "Now, there's tons."
A new idea took hold: As one anon told me, Chanology gave people the impression that "a
thousand malcontent nerds can change the world by going out and yelling something."
For Housh, the turning point came when he heard that two anons had "kidnapped" a young
woman from a Scientology center in Florida. She had approached them at a protest and handed
them a business card with a desperate message scrawled on it: "Want out."
When I asked Xyzzy about Chanology, he said he initially snickered at the idea: "From what I
gathered from the Internet it was just a hug box and people wanting to be important." In fact,
many anons downright hated it. They mocked the protesters as "moralfags," and it wasn't the
"fag" part that was meant to be derogatory. In Anonymous lingo, "fag" is basically the equivalent
A conflict was brewing -- moralfags vs. lulzfags -- and over lunch one day in Boston I asked
Housh which side had prevailed.
He interrupted his attack on an overdone steak and flashed a grin that suggested he hadn't
entirely lost touch with his con-man side.
"It's a little of both," he said.
In part two, coming Tuesday, Anonymous expands its war on censorship, taking on the
Anonymous And The War Over The Internet (Part II)
Posted: 01/31/12 12:18 PM ET | Updated: 02/01/12 10:14 AM ET
Anonymous Hackers, Censorship, Cybercrime, Hackers, Pipa, Department Of Justice, Kim Dotcom, Acta,
Anonymous, Anonymous News, Anonymous Sopa, Megaupload, Riaa, Scientology, Sopa, Technology
This is the second part of a two-part series on Anonymous, the amorphous Internet group that
has emerged as a force in global affairs. In the first part, we track Anonymous' transition from
pranks to politics. In this installment, we learn about its war on the government. You can read
part one of the series here.
If Anonymous spans the moral range between the idealistic revolutionary and the nihilistic imp,
Phoenix stands all the way at the idealistic end. His base of operations is a network of chat rooms
called AnonOps, which birthed many of the overtly political attacks that have made Anonymous
a front-page story during the last two years.
In the early days, anons were mostly self-proclaimed jerks who joked around on the website
4chan and played mean-spirited pranks on people for the hell of it. But in 2008, a prank on
Scientology turned into a semi-serious protest movement, and some anons found themselves
taking on the traditional roles of activists -- organizing demonstrations, gathering information,
printing up fliers. By 2010, when Phoenix saw a news program about how anons had tracked
down and harassed some woman who'd tossed a kitten into a Dumpster without noticing the
overhead surveillance camera, Anonymous had begun to attract people who saw themselves as
the good guys. Like many other anons who showed up around then, Phoenix came armed with an
arsenal of political opinions. He said he'd been fascinated by politics since he was a kid, having
grown up in a country deeply colored by its history of rebellion against the British Empire.
All of my conversations with Phoenix took place online, mostly in the AnonOps chat rooms, and
we'd speak late at night, usually after he got home from hanging out with his college friends. He
said these friends knew nothing of his shadow life in Anonymous, while his friends in
Anonymous knew hardly anything about his life outside of it. Anonymous was a kind of utopia,
he said, "a complete meritocracy" in which it was "impossible to discriminate against people
based on superficial qualities because they don't exist when all you can see are their words."
(Click here to view an infographic charting the evolution of 'Anonymous'.)
He was a real romantic, and when he talked about the movement you could almost hear echoes
of the anti-imperialist oratory of his ancestors. "The fact is that the internet is central to a lot of
people's way of life," he said, "and for many Anons, a government attempt to restrict it is literally
like an invasion of their territory."
Indeed, as he and many others saw it, Anonymous was fighting a "full scale information war"
against the government-corporate complex over the future of the Internet. For years, the online
world had been their "Wild West," to use one of Phoenix's analogies. The authorities had little
power over it, and every dude and lady could write his or her own story: a nerd could reinvent
himself as a bully, a chat-room cowboy with unusual sexual proclivities or a sick sense of humor
could express himself without fear of social rejection.
Then the lawmakers came along with their anti-piracy bills -- their SOPAs, their PIPAs -- talking
about the need to protect the big entertainment companies from copyright infringement. To the
ears of Phoenix and many other anons, this sounded like, "We're going to conquer the Internet
and subjugate its people." Today, the thinking went, the government might be chasing pirates;
tomorrow, it might use its expanded powers to silence anyone it didn't like. So Anonymous rose
up, and for several months, starting in late 2010, AnonOps had led the insurrection.
Phoenix, a talented writer with the aesthetic sensibility of some sort of Internet-rebel troubadour,
contributed to the propaganda effort. For those who haven't seen the iconic Anonymous
"Message" videos, they tend to feature made-for-Hollywood montages of disturbing imagery --
cops flailing their clubs, cars consumed by fire -- accompanied by a robot voice declaring cyber-
war on governments and various other adversaries, typically concluding with some version of the
following: "We do not forgive. We do not forget. Expect us."
In a video Phoenix sent me, a sort of AnonOps founding document, the writers had modified the
tagline to crystallize the network's mission: "We do not forgive Internet censorship, and we do
not forget free speech."
This current fight over Internet censorship dates at least to 2008, when U.S. officials, members
of the European Union and a handful of other nations began private negotiations over an
international treaty aimed at curbing the spread of piracy. File-sharing had exploded in the
previous decade, and the entertainment lobby had long been pressuring the U.S. government to
do something about it.
According a report by the Record Industry Association of America in 2009, music sales in the
U.S. had dropped by almost 50 percent in the decade since the emergence of the file-sharing
website Napster. As of this year, according to the Motion Picture Association of America, piracy
costs the U.S. economy more than 300,000 jobs annually, though that seems a little high.
The idea behind the treaty, known as the Anti-Counterfeiting Trade Agreement or ACTA, was
that if the world’s governments could standardize their laws, they’d gain an advantage over the
pirates. But the atmosphere of secrecy that surrounded the international talks led many in the
tech world, including major players like Google, to charge that the government was more
interested in ratcheting up its control of the Internet. (This criticism was more or less echoed
during the recent outcry over similar legislation in the U.S. Congress.) Nevertheless, the United
States and six other countries have signed the treaty and several others are considering joining
When an entertainment company suspects a person or website of engaging in piracy, they
threaten legal action and demand that the offenders take down the stolen property. Rather then
send out these "takedown" notices themselves, they often pass the job on to contractors, some of
whom call themselves "web sheriffs," a label that fits in nicely with Phoenix's wild-west
metaphor, though the more appropriate comparison might be to the Pinkertons.
In 2010, one such contractor, an employee of an Indian company called AiPlex, admitted in an
interview that the firm had carried out Anonymous-style Distributed Denial of Service attacks
against websites suspected of posting links to pirated material. This admission prompted a rumor
that Hollywood companies had essentially ordered the attacks, and although both the MPAA and
RIAA denied having done so, the damage had been done. "A wave of rage swept through the
Anon community," Phoenix told me, and "a call to arms was quickly established."
Anons brought down the websites of AiPlex, the MPAA and the RIAA. Around the same time,
they also hacked into several email servers, establishing the three-pronged modus operandi of the
escalating war: (1) shut down websites, (2) expose emails (preferably embarrassing ones), (3)
LOL. As in the early days of 4chan, the Internet nerd was using the tactics of the jerk against the
self-important blowhard, except this time the blowhard was the corporate-state apparatus.
Of course, not everyone thought of Anonymous as the good guys, and as the anti-censorship
anons waged war, they found themselves struggling to fend off attacks from unknown enemies
who kept bringing down the servers that housed their networks. Some anons suspected those web
sheriffs and other Internet mercenaries hired by the corporate opposition. (The MPAA and the
RIAA both say they had nothing to do with these attacks, either, and stress that if anyone is a
threat to free speech, it’s people who do carry out illegal attacks on websites, like anons.)
And then came Nov. 28, 2010, the day a hacker-turned-activist named Julian Assange and a
shaky alliance of major media companies opened a new front in the information war by
publishing a stash of U.S. diplomatic cables leaked to Assange and his website, WikiLeaks. This
episode, and a specific sequence of events linked to it, led to what many in Anonymous hailed as
the movement’s most glorious moment.
The day before those WikiLeaks documents went public, the U.S. State Department wrote a
letter to Assange warning that if he allowed their publication he'd be breaking the law and
endangering the lives of "countless innocent individuals -- from journalists to human rights
activists and bloggers to soldiers to individuals providing information to further peace and
security." About a week later, a cohort of financial-services companies announced they would
block donations to WikiLeaks, cutting off a vital source of funding. To anons, the whole thing
smelled of government meddling. A top executive at PayPal seemed to confirm this when he
attributed the company’s decision to the influence of the State Department letter.
Another call went out to 4chan, the Anonymous mothership, summoning people to AnonOps for
an "epic raid." But when Phoenix left for class that morning, he told me, the chat room for the
operation only had about 150 people in it, so when he got home that night he didn't bother going
Instead he made some toast and marmalade and turned on the news. The top story: a certain
shadowy collective of Internet hackers takes down MasterCard and Visa. "I distinctly remember
knocking over my glass of water when I heard that," he said. He raced to his computer and was
amazed to find that more than 6,000 people had answered the call.
Meanwhile, in a house in the Boston suburbs with about five times as many computers as people,
Gregg Housh -- former Internet pirate, current unofficial Anonymous media guy -- answered his
ringing phone. CNN wanted to know what was going on. Ditto The New York Times. Ditto a
couple Indian newspapers. Ditto a seemingly endless parade of other outlets.
Anonymous had entered a new phase. It had shown the world that if "you screw with the Internet,
the Internet screws with you," Phoenix said. And it had shown itself that the world was paying
REVOLUTIONS AND SPIES
That winter, several governments made a speciality of screwing with the Internet. One was
Tunisia, where the ruling regime had been especially damaged by the WikiLeaks cables. In one
particularly vivid dispatch, a diplomat with an eye for irony noted that while ordinary Tunisians
struggled to feed their families, the president’s family ate ice cream flown in by private plane
The Tunisian government responded by blocking WikiLeaks, a move that fell considerably short
of quelling the anger of an impoverished citizenry already on the verge of revolt. Three weeks
later, a 26-year-old fruit vendor set himself on fire in the town center of Sidi Bouzid. By the time
the outrage spilled into the streets, some tech-savvy Tunisians had found their way to AnonOps.
One woman who described herself as an "observer" of AnonOps wrote to me with an account of
what happened next. At first, she wrote, anons concentrated on trying to draw attention to the
protests through their connections to the mainstream U.S. media, an endeavor that met with little
success. Then the Tunisian government shut down the Internet. "And the people on the Internet
sort of waged a shitstorm," she said.
Some anons who had never heard of Tunisia began referring to the country's citizens as their
brothers. They put together "care packages" in .zip files: software that allowed protesters to
circumvent Internet blocks; guides on how to treat broken arms and lost eyes; links that brought
protesters into the network, where they could ask for help or post videos of the state police
beating and shooting protesters.
The observer said the videos deeply disturbed her. "You see a five-year-old old get shot in the
head and his neighbor was the one who was recording it," she said. "And his neighbor, a man
who watched that kid grow, is the one pleading with you to please help." Watching that kind of
violence left her ashamed of humanity, she said, and she'd considered herself hardened to some
pretty disgusting things. After all, she said, "I go to 4chan."
The excitement of the Arab Spring held the attention of AnonOps through the winter, but the
focus widened in February when someone told a reporter that he had infiltrated Anonymous and
identified its "leaders."
Aaron Barr was the head of HBGary Federal, a new company that specialized in what he called
social-media intelligence analysis -- gathering information about people from Facebook and
Twitter. A former Navy cryptographer, he had developed a theory that he hoped to exploit in the
private sector. He believed that "threat groups" like the Russian Business Network and al Qaeda
attempted to spy on members of the U.S. intelligence community using social media (yes, the
CIA is on Facebook), and that the intelligence community could in turn use such tools to
penetrate the threat groups. He intended to sell his services as a consultant to the highest bidder.
To make his way into Anonymous, Barr created a social-media avatar named Julian Goodspeak.
Enamored of a certain indestructible secret agent with well-defined feelings on martini
preparation, Barr says he chose "Goodspeak" because it sounded like a name from a spy novel.
"Julian" was a nod to Mr. Assange.
Barr insists he spied on Anonymous merely to prove his point about the ease of gathering
intelligence about people through social media and never meant to share his information with the
authorities. Anons didn't buy it. A small subgroup of hackers snuck into his company's servers
and stole some 70,000 emails.
They say he got most of his information wrong. He says he accepts that "as a possibility." In any
event, they went ahead and posted the entire trove online, along with his address, phone number
and other personal information. "We had people driving by my house taking pictures," Barr told
me. "A couple people coming up to my door with cameras in their hands. I was seriously,
honestly concerned about my family's safety."
He left his job ("not in disgrace," he said) and moved his family to another location. Anonymous,
meanwhile, pored over the emails and discovered what they believed was some of the most
compelling evidence they'd ever seen of governments and corporations colluding to control the
flow of online information. In November, their old pal Assange had said he planned to "take
down" a major American bank, and two days later, the Bank of America lawyered up, retaining
the services of Hunton & Williams, a Washington firm that apparently had some useful
connections in the federal government. According to one of the emails exposed by Anonymous,
the Justice Department had played matchmaker between the lawyers and the bank. The same
email said that the Department had advised the bank to hire Barr's company. (The Justice
Department declined to comment.)
In another email, anons found a PowerPoint presentation called "The WikiLeaks Threat." As it
turned out, Barr's company and two others with similar profiles had pitched Hunton & Williams
some ideas on how to handle Assange. In the most widely discussed of the slides, Barr vaguely
suggested "disrupting" journalists who support Assange, singling out Glenn Greenwald of Salon.
"Without the support of people like Glenn, Wikileaks would fold," he wrote.
In another pitch to the law firm, Barr said he'd dug up personal information on employees of left-
wing organizations that oppose the Chamber of Commerce, naming a synagogue attended by one
of them and identifying some family members of another. He says he did this merely to
demonstrate his skill and never imagined the information would go public. But when the
organizations found out about it they made a lot of noise, and a group of Democrats in Congress,
led by Hank Johnson of Georgia, sent a letter to the Republican heads of four committees asking
them to look into "possible illegal actions against citizens engaged in free speech."
The Republicans turned them down. Claude Chafin, a spokesperson for the House Armed
Services Committee, told me that the matter fell outside the group's jurisdiction; representatives
of the other committees have yet to provide an explanation. Barr, for his part, explains their
decisions by stressing that he broke no law and never saw a cent of the government's money.
When I called Johnson, he said, "It appears that the reason why we're not having any
investigations is that that would perhaps anger the people with the U.S. Chamber of Commerce,
and it probably is just something that nobody wants to touch."
This fall, I spoke with Barrett Brown, a journalist who followed Anonymous for years before
leaping off the perch of reportorial objectivity and into the story. He believes that Barr's emails
offer a revelatory glimpse into the murky world of private espionage, a $2 billion industry
comprising more than 9,000 companies. After the hack, he set up a website where people could
search the emails and report their findings. They didn't find anything illegal, per se, but they did
learn of an Air Force plan to manufacture an entire army of Julian Goodspeaks.
I spoke to Brown on video chat. He was serious and unsmiling and sounded like a philosophy
professor, dropping references to Plato and ninth-century Baghdad. He said he was outraged that
the Justice Department appeared to have acted as Bank of America's in-house counsel. "The fact
that that happened and won't get a lot outcry shows that the republic is already over," he said.
Not that he saw this as such a bad thing, necessarily. A couple years ago, in a blog on The
Huffington Post, Brown argued that the rapid spread of the Internet was effectively erasing
national boundaries and would soon usher in the dawn of a new era, one in which the people of
the world would transfer their allegiances from traditional nation-states to online communities
that actually protected their interests. He cited the emergence of Anonymous as a sign of the
changing times. "Some people call it the rise of the nerds," he said.
For what it was worth, he preferred the term "online actors," which turned out to be a rare area of
agreement between him and the authorities. Last spring, in a report on the mounting security
challenges of the information age, NATO had named Anonymous as an important new actor on
"the international stage." More specifically, it warned that Anonymous might soon develop the
capability of breaking into government networks and stealing sensitive documents.
Anonymous responded by breaking into NATO's network and stealing sensitive documents.
SPLINTERING AND NEW TARGETS
The Barr affair had reinfused Anonymous with some of its old lifeblood: the lulz. The way anons
saw it, Barr had "poked the bear," and the bear was only too happy to have an opportunity for
some good old-fashioned mauling. After stealing his emails and shutting down his website, the
hackers wiped his iPad and iPhone, circulated a picture of him dressed up as the Hulk for an
evening of trick-or-treating with one of his kids, and somehow broke into his Twitter account,
where they looked up Justin Bieber and Hitler and clicked "follow." As they say on the Internet,
For as long as the spotlight had been on AnonOps, the media had largely portrayed Anonymous
as well-meaning "hacktivists," but some observers now began to pick up on the notes of
malevolent snickering mixed in with the trumpet blasts of idealistic rhetoric. Some of the hackers
who had carried out the attack splintered off into their own crew, LulzSec, and in addition to
setting their sights on police departments and other familiar foes of the anarchist, they went after
seemingly inoffensive companies like Nintendo, and even exposed the names of subscribers to a
pornography website. Anons, on the whole, do not disapprove of pornography, but it seems that
the "lol" factor, as one member of LulzSec put it to me, was too delicious to resist. "Exposing
people's adult activities to the public, and even their families," he said. "What could be better?"
The formation of LulzSec coincided with a "civil war" in AnonOps, which broke out when some
of the anons who moderated the channels demoted a moderator named Ryan Cleary, the owner
of one of the network's key servers. A volatile teenager, Cleary disconnected the server, throwing
the network into chaos. A few months later the London police arrested him for his involvement
in attacks against some of the usual anti-piracy foes and Britain's Serious Organized Crime
Agency. When they showed up to the house where he lived with his mother, they found tinfoil
covering his window. His mother told the press that he hadn't left his room for six months,
except to go to the bathroom.
Over the summer, another fight erupted when a moderator upset several others by talking about
his attraction to underage boys. They temporarily banned him from the chat room, and some
anons left the network in disgust. They felt it had had betrayed its commitment to free speech.
The community was falling apart, destroying itself in a fight over control of the Internet, of all
things. A series of arrests had put everyone on edge -- Phoenix said he barely slept for two weeks
-- and then a blitz of DDoS attacks from unknown enemies shut down AnonOps for weeks. By
the time the network resurfaced in September, months had gone by without a decent raid.
The network’s traffic plummeted. On a good night this winter, the most crowded chat room in
AnonOps would draw perhaps only 200 people. In its heyday a little over a year ago, an ordinary
night drew 30 times that number.
Several people complained to me that AnonOps had seen its best days, but when I repeated this
to Phoenix, he said he wasn't worried. Anonymous, he said, is like a pool of sulphur boiling
under the hills of Wyoming. "It lies dormant for weeks," he said. "You know it's done big things
in the past, but you can never tell exactly when it will suddenly rise up and unleash a wave of
This was three weeks before the Department of Justice bust and the massive attack that followed.
OUR WEIRDNESS IS FREE by Gabriella Coleman
The Logic of Anonymous – Online Army, agent of chaos, and seeker of justice
ANONYMOUS, WHICH CAME INTO BEING on the online message board 4chan eight years ago, is by
nature and intent difficult to define: a name employed by various groups of hackers, technologists,
activists, human rights advocates, and geeks; a cluster of ideas and ideals adopted by these people and
centered around the concept of anonymity; a banner for collective actions online and in the real world that
have ranged from fearsome but trivial pranks to technological support for Arab revolutionaries. In recent
months, Anonymous has announced audacious plans to take down the seemingly invincible Mexican
drug cartels; instigated and promoted the nationwide Occupy movement; and shut down the website of
the Florida Family Association, which is behind the campaign against the television show All-American
Muslim, and leaked the names and credit card numbers of donors. These actions are sometimes peaceful
sometimes disruptive and illicit, often existing in a moral and legal gray area. Anonymous acts to advance
political causes but also for sheer amusement.
The seemingly paradoxical nature of Anonymous has much to do with its origins on 4chan, which has
become immensely popular, iconic, and opprobrious since it launched in 2003. 4chan is an image board
composed of fifty-one topic-based forums ranging from anime to health and fitness, and is widely
perceived to be one of the most offensive quarters of the Internet. The “random” forum, /b/, teems with
pornography, racial slurs, and humor derived from defilement. Participants communicate in a language
that seems to have reduced English to a bevy of vicious epithets, sneers, and text-message abbreviations.
This may be shocking to outsiders, but for insiders it is the normal state of affairs, and one of 4chan’s
defining and most endearing qualities.1
Today Anonymous is associated with an irreverent, insurgent brand of activist politics. Before 2008,
however, the moniker was used almost exclusively to stage pranks—to “troll,” in Internet parlance,
targeting people and organizations, desecrating reputations, and revealing humiliating information. For
instance, in 2009, Anonymous sought to “ruin” an eleven-year-old girl named Jessi Slaughter after her
homemade video monologues, which had gained some notoriety on tween gossip site StickyDrama, were
posted on 4chan. Anonymous was stirred to action by Slaughter’s brazen boasts—she claims in one
video that she will “pop a glock in your mouth and make a brain slushie”—and published her phone
number, address, and Twitter username, inundating her with hateful emails and threatening prank calls,
circulating Photoshopped images of her and satiric remixes of her videos. When her father recorded his
own rant, claiming to have “backtraced” Jessi’s tormenters and reported them to the “cyber police,” he
also became an object of ridicule (and a meme). Because of such antics, Fox News had in 2007 dubbed
4chan the "Internet hate machine”—a barb embraced, if ironically, by Anonymous, which responded with
a grim parodic videoclaiming to be “the face of chaos,” “harbingers of judgment” who “laugh at the face of
tragedy.” But in the past few years Anonymous has adopted the strategy of trolling as part of somewhat
straightforward protest campaigns. The question is: How and why has the anarchic “hate machine” been
transformed into one of the most adroit and effective political operations of recent times?
Looking for insights into Anonymous’s surprising metamorphosis, I began an anthropological study of the
group in 2008. That year Anonymous launched a trolling attack against the Church of Scientology, which
within mere weeks came to include earnest street demonstrations organized using conventional activist
strategies. Anonymous became even more widely known two years later as a result of Operation
Payback, a distributed-denial-of-service (DDoS) campaign that paralyzed the websites of financial
institutions refusing to transfer funds from donors to WikiLeaks, in the name of free speech. But even then,
Anonymous was still generally misunderstood, described by news reports alternately as “online activists,”
“global cyberwarriors,” and “cyber vigilantes.”
The nature of this confusion is not hard to understand. Beyond a foundational commitment to anonymity
and the free flow of information, Anonymous has no consistent philosophy or political program. Though
Anonymous has increasingly devoted its energies to (and become known for) digital dissent and direct
action around various “ops,” it has no definite trajectory. Sometimes coy and playful, sometimes macabre
and sinister, often all at once, Anonymous is still animated by a collective will toward mischief—toward
“lulz,” a plural bastardization of the portmanteau LOL (laugh out loud). Lulz represent an ethos as much
as an objective. Even as Anonymous has distinguished itself from 4chan and from trolling for its own sake,
the underlying character of the group—and the form of its politics—are still intimately connected to the
raucous culture of online message boards. (For more on the culture of anonymity, see David Auerbach’s
extensive essay “Anonymity as Culture,” also published in this issue of Triple Canopy.)
The Painted Smile
The spirit of lulz is not particular to Anonymous, the Internet, trolling, or our times. The Dadaists and
Yippies shared a similarly rowdy disposition, as did the Situationists and Up Against the Wall
Motherfuckers; more recently, the Yes Men have tightly fused pranksterism and activism, in one instance
presenting a three-foot-long golden penis (“employee visualization appendage”) at a WTO textile-industry
conference as a means of controlling workers, to the applause of the management-class crowd. These
transgressions serve many purposes, upending the conventions—and highlighting the absurdities—of a
political system within which substantive change no longer seems possible, and generating the kind of
spectacles that elicit coverage from the mainstream media. But the aforementioned groups were
conceived as radical political enterprises, with a limited purview and a vanguardist composition. What
sets Anonymous apart is its fluid membership and organic political evolution, along with its combination of
feral tricksterism and expert online organizing.
Which is to say Anonymous follows a logic all its own. Partly because of its maverick image and lulzy
antics, the group has attracted considerable attention—Anonymous was recently named Time’s number
four person of the year in the magazine’s “people’s choice” poll—and a tremendous number of adherents,
or Anons. Of course, the group’s organizing principle—anonymity—makes it impossible to tell how many
people are involved. Participation is fluid, and Anonymous includes hard-core hackers as well as people
who contribute by editing videos, penning manifestos, or publicizing actions. Then there are myriad
sympathizers who may not spend hours in chat rooms but will heed commands to join DDoS attacks and
repost messages sent by Anonymous Twitter accounts, acting as both mercenary army and street team.
Anonymous has developed a loose structure, with technical resources such as Internet Relay Chat (IRC)
being run and controlled by a handful of elites, but these elites have erected no formal barriers to
participation, such as initiation guidelines or screening processes, and ethical norms tend to be
established consensually and enforced by all.
Political operations often come together haphazardly. Often lacking an overarching strategy, Anonymous
operates tactically, along the lines proposed by the French Jesuit thinker Michel de Certeau. “Because it
does not have a place, a tactic depends on time—it is always on the watch for opportunities that must be
seized ‘on the wing,’” he writes in The Practice of Everyday Life(1980). “Whatever it wins, it does not keep.
It must constantly manipulate events in order to turn them into ‘opportunities.’ The weak must continually
turn to their own ends forces alien to them.” This approach could easily devolve into unfocused
operations that dissipate the group’s collective strength. But acting “on the wing” leverages Anonymous’s
fluid structure, giving Anons an advantage, however temporary, over traditional institutions—corporations,
states, political parties—that function according to unified plans. De Certeau pointedly distinguishes this
as strategy, which “postulates a placethat can be delimited as its ownand serve as the base from which
relations with an exterioritycomposed of targets or threats … can be managed.” Anonymous is not bound
to any such place, and therefore does not harbor what de Certeau calls “a Cartesian attitude.”
For example: One infamous attack against security firm HBGary gained steam only after hackers
discovered, in the course of some retaliatory trolling, that multiple security companies were conspiring to
undermine WikiLeaks and discredit its supporters. Because anyone can take the name—as many
different, seemingly unrelated affiliations have done—operations can be intensified quickly after a
weakness on the part of the target is discovered, or shut down immediately if trouble or internal
controversy arises. And so Anonymous’s overall direction remains somewhat opaque even to those on
Nevertheless, Anonymous’s activities, however disparate and paradoxical on their surface, have tapped
into a deep disenchantment with the political status quo, without positing a utopian vision—or any
overarching agenda—in response. Anonymous acts in a way that is irreverent, often destructive,
occasionally vindictive, and generally disdainful of the law, but it also offers an object lesson in what
Frankfurt School philosopher Ernst Bloch calls “the principle of hope.” In his three-volume work Das
Prinzip Hoffnung(1938-47), Bloch attends to a stunningly diverse number of signs, symbols, and artifacts
from different historical eras, ranging from dreams to fairy tales, in order to remind us that the desire for a
better world is always in our midst. Bloch works as a philosophical archaeologist, excavating forgotten
messages in songs, poems, and rituals. They do not represent hope in the religious sense, or even
utopia—there is no vision of transcending our institutions, much less history—but they do hold latent
possibilities that in certain conditions can be activated and perhaps lead to new political realities. “The
door that is at least half-open, when it appears to open onto pleasant objects, is marked hope,” Bloch
The emergence of Anonymous from one of the seediest places on the Internet seems to me an
enactment of Bloch’s principle of hope. What started as a network of trolls has become, much of the time,
a force for good in the world; what started as a reaction to the Church of Scientology has come to
encompass free-speech causes from Tunisia to Zuccotti Park. While Anonymous has not put forward any
programmatic plan to topple institutions or change unjust laws, it has made evading them seem easy and
desirable. To those donning the Guy Fawkes mask associated with Anonymous, this—and not the
commercialized, “transparent” social networking of Facebook—is the promise of the Internet, and it entails
trading individualism for collectivism.
The Ways of the Mask
If one term embodies the paradoxical and contradictory character of Anonymous—which is now serious in
action and frivolous by design; made up of committed activists and agents of mischief—it is lulz. These
four letters denote the pleasures attained from generating and sharing jokes and memes such as
LOLcats and the cartoon pedophile mascot Pedobear. But they also suggest how easily and casually
trolls can violently undermine the sense of security enjoyed by carefree denizens of the “real world” by,
for instance, ordering scores of unpaid pizzas to be delivered to a single address, or publishing one’s
phone number and private communications and credit-card numbers and hard-drive contents and any
other information one might think to be “personal” or secure. Perhaps most important, lulz-oriented
actions puncture the consensus around our politics and ethics, our social lives, our aesthetic sensibilities,
the inviolability of the world as it is; trolls invalidate that world by gesturing toward the possibility for
Internet geeks to destroy it—to pull the carpet from under us—whenever they feel the urge and without
Nowhere is this sense of a world outside of, and formed in opposition to, the one most of us inhabit more
palpable than on 4chan. Anonymity is essential to 4chan, too; one might call anonymity its ground rule,
and the dominant aspect of the culture the board has created. While trolling has often been the purview of
boastful, self-aggrandizing cliques—for instance, the Gay Niggers’ Association of America and its ex-
president, Weev—on 4chan trolling is largely crowd-sourced, and participants are strongly discouraged
from identifying themselves, instead focusing on the collective pursuit of “epic wins.”
Anonymous began trolling the Church of Scientology in January 2008 in pursuit of such an epic win,
impelled by Scientology’s threats to sue websites that refused to take down the infamous internal
recruitment video of Tom Cruise praising the church’s efforts to “create new and better realities.” Per the
Barbra Streisand Effect (any attempt to censor information that has already been published only serves to
draw more attention), the leaked video went viral. Though intended as serious and persuasive,
legitimating Scientology through the power of Cruise’s celebrity, Internet geeks (and most others) viewed
the video as a pathetic (not to mention hilarious) attempt to bestow credibility on pseudoscience. Once
the church deployed its lawyers, one participant told me, Anonymous switched from mischief to “ultra-
coordinated motherfuckary”: DDoS attacks to jam Scientology websites, ordering unpaid pizzas to
churches across North America, sending images of nude body parts to church fax machines, and
relentless phone pranking, especially of the Dianetics hotline.
Anonymous’s willingness to wreak havoc in pursuit of lulz, but also in defense of free speech and in
opposition to the malfeasances and deceptions of Scientology, calls to mind the nineteenth-century
European “social bandits” described by historian Eric Hobsbawm in his 1959 book Primitive Rebels.
These bandits are members of mafias, secret societies, religious sects, urban mobs, and outlaw gangs;
they are ultimately thugs, but, according to Hobsbawn, they nurture a faintly revolutionary spirit: Often
when they plunder they also redistribute goods to the poor, or offer them protection against other bandits.
Hobsbawm defines the bandits as “pre-political” figures “who have not yet found, or only begun to find, a
specific language in which to express their aspirations about the world.” Anonymous has worked toward
finding that language with remarkable celerity since it launched Project Chanology. Soon after the DDoS
attacks and pranks, Anonymous shifted tactics, disseminating incriminating facts about Scientology and
forging bonds with an older generation of dissidents, highlighting the church’s use of censorship and
abuse of human rights. An extempore spout of trolling had thus given birth to an earnest activist endeavor.
Anonymous had emerged from its online sanctuary and set to improve the world. According to
Hobsbawm, this is a conventional path taken by bandits and revolutionaries alike. “The recognition that
profound and fundamental changes take place in society does not depend on the belief that utopia is
realizable,” he writes.
Ironically, Anonymous’s transformation coincided with the publication of a video lampooning Scientology:
Message to Scientology, which calls for a “systematic” dismantling of the church for “our own enjoyment.”
The video, one of many urging people to take action against the church, provoked a discussion among
Anons in IRC rooms about whether they should protest in earnest or remain faithful to Anonymous’s
madcap roots. One of the editors of Message to Scientologysummarized:
there were people who didnt think anonymous or 4chan should take to the streets
but the consensus to actually do it came relatively easily for us after the video
it seemed to be great timing, the right video at the right moment
And so on February 10, 2008, thousands of Anons and supporters hit the streets in cities around the
world for a day of action against Scientology, with events straddling the line between serious political
protest and carnivalesque shenanigans. Six months after being labeled “the Internet hate machine,”
Anonymous had legions of followers in the real world—not just geeks and hackers hammering at their
keyboards—who were seizing on the group’s
name, on its ethic of anonymity and concomitant iconography. That evening, men in Guy Fawkes masks
and black suits with signs announcing “We Are the Internet” could be seen on cable-news shows around
the world. A common refrain at these protests, repeated to me by one demonstrator in Dublin: “At least
our weirdness is free.”
For many Anons, the campaign validated work that had preceded Project Chanology: the organization of
energies and antagonisms into a political form, through experimentation and practice. In the following
weeks and months they continued to protest Scientology’s relentless legal and extralegal crackdown on
its critics, especially those who dared to disclose or circulate internal documents (which the church refers
to as “secret scriptures”). Other Anons simply returned to their corners of the Internet; many of them now
contest Anonymous’s incipient political sensibility, deriding their peers as “moralfags” on 4chan, preferring
to troll middle school girls and trade pornography.2But the moralfags have not disavowed deviance—it is,
after all, part of the fabric of their culture. In 2009, for instance, a group of anons executed Operation
Slickpubes, in which a streaker slathered in Vaseline and pubic hair terrorized the New York City
Scientology headquarters. Such hijinks contrast with the moral narrative implied by Hobsbawm, whereby
bandits could only become viable political actors by giving up their menacing tactics and buying into the
conventional forms of power. For Hobsbawm, the bandit is pitted against “the forces of the new society
which he cannot understand. At most he can fight it and seek to destroy it.” This explains why “the bandit
is often destructive and savage beyond the range of his myth.” Today’s digital bandits, however,
understand the forces of the new society and are adept at harnessing them as means of
It is not hard to understand why Scientology is an ideal target among the many geeks and hackers who
make up the ranks of Anonymous. Scientology is a proprietary and secretive religion of pseudoscience,
complete with a cultish idiom and customs, in thrall of fake technology (most prominently the e-meter) and
“advanced technology,” the church’s term for its spiritual teachings. Scientology exists almost as a fun-
house-mirror inversion of the geek and hacker world, which is so heavily invested in the production and
use of workable technology and the eradication of nonsense. Scientology is the evil doppelgänger of
anonymous, geeky Internet culture. But would that desire to congregate under the same alias—what
media theorist Marco Desiiris calls an “improper name”—be diminished by a less perfect enemy?
Apparently not—or, the perfect ally works just as well. Two years after Operation Chanology was
launched, a different group of Anons initiated a second wave of Operation Payback, again without much
foresight or planning. According to an Anonymous source, the enterprise was organized by AnonOps (a
branch of Anonymous) on IRC, announced on a blog, publicized on 4chan and Twitter, and finally picked
up by the mainstream media. Thanks to the political firestorm caused by the release of a cache of
classified diplomatic cables by WikiLeaks, AnonOps was able to command an infantry of thousands
(assisted by botnets) to paralyze the websites of PayPal and Mastercard by running a program called
Low Orbit Ion Cannon. “Someone in the media noticed,” recalled one Anonymous participant who took
part in the attack.
A: and within a few hrs
A: it went viral
A: we sat and watched numbers [of IRC channel population] rise
A: from around 70
A: which was about the lowest we had ever been
A: we were saying wow it’s gonna be 500 soon
A: (our previous high was ~700)
A: then we passed that
A: then we hit 1000
A: then the madness broke A: and we got to >7000
A: we had to suddenly increase server numbers
A: and it was a crazy crazy time
A: we were stunned and a little frightened tbh [to be honest]
By the end of 2010, a new Anonymous army seemed to have arisen, and in the ensuing months
AnonOps worked to enable citizens to bypass government filtering in Malaysia and hacked the
agricultural-biotech giant Monsanto in the name of environmental rights, among dozens of other
campaigns. At the time, I had been logging on to IRC as part of my anthropological research, building
relationships with people whom I knew only as handles, and often shepherding journalists to
Anonymous’s #reporter channel. As the operations multiplied, I became shackled to my computer for nine
months, spending hours and hours in various forums. I began giving public lectures on Anonymous;
videos were posted online, eliciting ample commentary from Anons. (This is a salient feature of the work
of ethnographers who study what anthropologist Chris Kelty has jokingly called, contra the subaltern, the
“superaltern”: those highly educated geeks who not only speak for themselves but talk back loudly and
critically to those who purport to speak for them.)
By the end of January, Anonymous seemed to be devoting itself entirely to activist campaigns, at the
expense of mischief-making, and some Anons lamented the waning of the lulz. though many more were
invigorated by their contributing to the historic toppling of dictatorial regimes in the Middle East. Prompted
by the Tunisian government's blocking WikiLeaks, Anonymous announced OpTunisia on January 2, 2011;
soon after, AnonOps embarked on a series of so-called freedom operations to support the Arab Spring.
Anonymous attacked government websites but soon began acting more like a human rights advocacy
group, enabling citizens to circumvent censors and evade electronic surveillance and sending care
packages with advice and security tools. Those packages included this urgent and humorless note
clarifying the role of social media: “This is *your* revolution. It will neither be Twittered nor televised or
IRC’ed. You *must* hit the streets or you *will* loose the fight.” Though many Anons were invigorated by
contributing to the historic toppling of dictatorial regimes in the Middle East, for others there could be no
clearer evidence of the ascendance of moralfags.
Then came Operation HBGary. In February Aaron Barr, CEO of the HBGary security firm, claimed to
have “pwned” Anonymous, discovering the real identities of top operatives. In response, Anons
commandeered Barr’s Twitter account and used it to spew 140-character racial slurs while following the
accounts of Justin Bieber, Gay Pride, and Hitler. They hacked HBGary servers and downloaded 70,000
emails and deleted files, wiped out Barr’s iPhone and iPad, then published the company’s data alongside
Barr’s private communications for good measure. Most remarkably, Anonymous unearthed a document
entitled “The WikiLeaks Threat,” which outlined how HBGary Federal (a subsidiary dealing with federal
contracts) and other security companies might undermine WikiLeaks by submitting fake documents to the
site. There was also evidence of plans to ruin the careers of WikiLeaks supporters, among them
Salon.com writer Glenn Greenwald.
A small crew of AnonOps hackers had started with retaliatory trolling and had ended up exposing what
seemed to be a conspiracy so damning that members of Congress called for an investigative committee
to be established. Given that these were private firms, the evidence obtained by AnonOps could never
have been procured through legal channels such as a Freedom of Information Act request. Previously,
Anonymous rarely hacked to expose security flaws and access politically sensitive information, preferring
to deface and disable websites. The success of Operation HBGary launched new wings of Anonymous
composed of smaller, more exclusive hacker crews dedicated to exposing security vulnerabilities and
generating massive disclosures of emails and documents, further aligning the hackers with the goals of
WikiLeaks. Some Anons took issue with the collateral damage wrought by Operation HBGary, especially
the excessive leaking of personal information. The necessarily clandestine nature of such hacks was also
criticized by those who saw it as counter to the ethos of transparency. At the time, however, most Anons
were thrilled. One described the collective effervescence in a private message to me during the post-hack
AAA: great work was being accomplished
AAA: but there was a major deficit of lulz
biella: yep and now it has been restocked
AAA: i think this is more of a surplus
The message to Anonymous participants and onlookers was clear: Anonymous had not become Human
Rights Watch; the pursuit of a more “mature” agenda did not mean an end to lulz.
Here Comes Nobody
Upending the life of a security executive, publishing reams of personal information and corporate
communications obtained illegally, and broadcasting the whole affair on Twitter may seem anathema to
traditional activists, who might rather urge citizens to call their local representatives. But such acts of
lulzmaking are magnetic on two levels, producing spectacular, shocking, and humorous events and
images that attract media attention while simultaneously binding together the collective and rejuvenating
its spirit. This runs counter to the reductive arguments about whether or not online organizing can breed
the conditions necessary for serious, effective activism (see Clay Shirky in the affirmative, Malcolm
Gladwell in the negative); the pursuit of lulz, and the shared technology used to do so, are means of
creating a common, participatory culture. (Of course, the pursuit of lulz is also an end in and of itself.)
Anonymous is sustained—and at times enlarged—not only by the effective use of communication
technologies but by a culture that thrives on the tension between order and disorder, cool and hot,
seriousness and lulz, anonymity and transparency.
Though Anonymous participants must cloak their identities and often conceal their actions, the group
demands transparency from state and corporate actors. To Facebook's Mark Zuckerburg, transparency
means sharing personal information constantly; he has gone so far as to declare the death of
privacy.3Anonymous offers a provocative antithesis to the logic of constant self-publication, the desire to
attain recognition or fame. The ethos of Anonymous is in opposition to celebrity, with the group configured
as e pluribus unum: one from many. It is difficult, if not impossible, to discern what or whom lies behind
the mask. In a world where we post the majority of our personal data online, and states and corporations
wield invasive tools to collect and market the rest, there is something profoundly hopeful in Anonymous’s
effacement of the self (even if there is something deeply ironic and troubling about doxing and hacking in
order to make that point). The domain of Anonymous enables participants to practice a kind of
individuality beyond what anthropologist David Graeber, building on the the seminal work of C.B.
Macpherson, identifies as “possessive individualism,” defined as “those deeply internalized habits of
thinking and feeling” whereby we view “everything around [us] primarily as actual or potential commercial
While anonymity often functions as an unspoken ethical imperative—a default mode of operation—Anons
have also explicitly theorized the sublimation of identity. For instance, while preparing an op-ed for the
Guardianlast winter, dozens of Anons contributed to a document outlining the power and limits of
anonymity. “It is the nameless collective and the procedures by which it is governed, which in the end
prevail over the necessarily biased and single-minded individual,” one comment reads. “Yet, at the same
time, the individual’s ability to contribute to this communal process of the production of knowledge has
never been greater.”
These ideas are often tested in practice. In late January 2011, I shared an article about Anonymous from
the Washington Post on one of the group’s IRC channels. After reading the piece, many participants were
indignant: The featured Anon had revealed details about his personal life to the reporter, an infraction
only made worse by the fact that he had contributed little to recent operations. One highly respected IRC
operator assessed the situation: “Attempting to use all the work that so many have done for your personal
promotion is something i will not tolerate.” A number of Anons then called this person into a different
channel, asked him to justify his actions. Unsatisfied with his answers, they z-lined him, banning him from
this particular server. (A3 is the offending Anon; A0 is the IRC operator.)
A0:before i remove you from here
AS:cus he knows hes fucked
A3:you believe half of that shit is true
A0:you thinki ts funy?
AS:it seems about spot on from what Ive heard and seen
A0:youre saying [the newspaper] lieD?
A0:I WILL BRING THEM HERE NOW
A3:Because I would never state where I live
A0:and we will see
A3:First of all
A0:and what my parents do
AS:well you tell us you are in X [the city where A3 lives]
A0:yo would if you seek glory
A3:I live in X
A0:we all know where you live
AS grabs the shotgun
AS:A0 lets go shall we?
ASMaster-IT brings the M16
A3 left the room (quit: Z:lined ( dunbass)).
Yet even as Anons collectively enforce a prohibition against seeking personal fame, they do not suppress
individuality. Anonymous is not a united front, but a hydra, a rhizome, comprising numerous different
networks and working groups that are often at odds with one another. For instance, few of the Anons
participating in Project Chanology were fans of the DDoS campaigns that were at first the main political
weapon of AnonOps. Some, if not all, in the AnonOps network think the Project Chanology network is too
small and narrowly focused to be effective. In recent weeks, these tensions have become more palpable
thanks to actions organized by an offshoot called Antisec, which made donations to charities from stolen
credit-card accounts in honor of "LulzXmas." One longtime Anon accused Antisec of being “destructive
and malicious and serv[ing] no good purpose other than to bring heat on this [Anonops] network.” But
even if Anons don’t always agree about what is being done under the auspices of Anonymous, they tend
to respect the fact that anyone can assume the moniker. Of course, despite the lack of stable hierarchy
some Anons are more active and influential than others. Anonymous abides by a particular strain of
meritocratic populism, with highly motivated individuals or groups extending its networked architecture by
contributing time, labor, and attention to existing enterprises or by starting their own as they see fit.
This has all left the news media quite puzzled, especially as worldwide coverage has ballooned in the
wake of Project Chanology, Operation HBGary, and Operation BART, launched against San Francisco’s
mass-transit agency this summer after it shut down cellular service in train tunnels to disrupt a planned
protest against police violence. Anonymous has become a paradox of the age of twenty-four-hour
infotainment: a cause célèbre in opposition to celebrity. Very few Anons have come forward to reveal
details about themselves, despite the solicitude of the media. At the same time, Anonymous has
succeeded in spreading its message as widely as possible, through every media channel at its disposal—
in contrast to criminal groups that seek to remain hidden at all costs. Anonymous manages to achieve
spectacular visibility and individual invisibility at once. Even after studying Anonymous for years and
recently getting to know some of the more active participants (if mostly only virtually), my impression of
the group is one of faint figures lurking in the shadows.
In June of last year, NATO published a report entitled “Information and Information Security,” which called
for Anonymous to be infiltrated and dismantled. “Observers note that Anonymous is becoming more and
more sophisticated and could potentially hack into sensitive government, military, and corporate files,” the
report reads. “Today, the ad hoc international group of hackers and activists is said to have thousands of
operatives and has no set rules or membership.” In July, Anonymous hackers infiltrated NATO, just days
after sixteen alleged Anons were arrested in the US, fourteen of them in connection with Operation
Payback. (Scores of alleged Anons had previously been arrested in the UK, Spain, and Turkey.)
The impossibility of forming any comprehensive, consistent picture of Anonymous is precisely what
makes the group so unsettling to governments. Anonymous has, until last summer’s arrests, effectively
evaded state power. But even while eluding surveillance, Anonymous has worked to expose the
collection and mining of personal information by governments and corporations—and in doing so deflated
the notion that such a thing as “private information” exists, as opposed to information in the public sphere.
This distinction is one of the foundations of the neoliberal state, the very means by which individuality is
constituted—and tracked. Anonymous has made it clear that there’s no difference between what we
imagine to be our private and public selves—between singular individuals and fragmented "dividuals," in
Gilles Deleuze’s terms; or, at least, Anonymous has revealed that the protection of information (which
helps guarantee that difference) by a benevolent security apparatus is a myth. At the same time,
Anonymous has put forward its own model—the practice of anonymity—for maintaining that very
distinction, suggesting that citizens must be the guardians of their own individuality, or determine for
themselves how and when it is reduced into data packets.
This message is inextricable from the platform Anonymous has established for thousands of individuals to
collectively articulate dissent and to combat particular corporate and government actions, such as the
passage of the controversial National Defense Authorization Act on New Year’s Eve. By unpredictably
fusing conventional activism with transgression and tricksterism, Anonymous has captured the attention
of an incredible variety of admirers and skeptics. And even while empowering individuals who take part in
Anonymous campaigns, the network has steadfastly avoided any reformist agenda, always pointing to the
disquieting fact that existing political channels so often are unlikely or unable to accommodate the
demands and represent the needs of most people, no matter how clearly and correctly they are
Since last summer’s arrests Anonymous has dispersed, becoming even more decentralized, with
participants relocating to obscure nodes and communicating through private IRC channels; even the
AnonOps IRC network where I have spent so much time in the past year vanished for more than a month
due to internal strife and a vigorous DDoS attack. But as Anons have burrowed deeper underground, the
reach of their icons has increased, especially after Anonymous began acting as a crucial, though informal,
public-relations wing for Occupy Wall Street in the fall, generating videos and images and circulating
information supporting the movement’s aims. (Many Anons have since become involved in various
Occupy groups as organizers or by providing technology support.)
One of Occupy Wall Street’s most powerful gestures has been to position its radically democratic
decision-making process, represented by the agora of the General Assembly, against the reining
corporate kleptocracy. Though this brand of horizontalism has a rich history with many roots, there is a
particularly strong resonance in the relationship between the formal structure and the political aspirations
of Anonymous. And Anonymous is organized not only around a radical democratic (at times chaotic and
anarchic) structure but also around the very concept of anonymity, here constituted as collectivity. The
accumulation of too much power—especially in a single point in (virtual) space—and prestige is not only
taboo but functionally very difficult. The lasting effect of Anonymous may have as much to do with
facilitating alternative practices of sociality—upending the ideological divide between individualism and
collectivism—as with attacks on monolithic banks and sleazy security firms. This is the nature of the
threat posed by Anonymous, and it is aptly symbolized by the Guy Fawkes mask: a caricature of the face
of a sixteenth-century British failed regicide and the namesake of a holiday marked by bonfires
celebrating the preservation of the monarchy; used by a dystopian comic book and then Hollywood film
as the visage of anarchist terrorism and now turned into an icon of resistance—everything and nothing at
The #OpNewblood Super Secret Security Handbook
If you have not gone through the IRC chat client
setup for your operating system, we recommend
you go back and get started there.
Master Table of Contents
2) Setting up Tor
3) Firefox Recommended Add-Ons
4) Setting up i2p
4.2) Firefox Configuration
4.3) IRC Client Configuration
4.4) I2p IRC on Android via irssi connectbot
5) Advanced IRC
6) Advanced Defense Techniques
7) Portable Solutions
8) ADVANCED GUIDE TO HACKING AND SECURITY VULNERABILITY
Section 1: Preface
NOTE: If at any time you need help with any topic found in this guide, feel free to
join us at http://goo.gl/8zxwO and you'll be able to find someone to help you figure
it out. It should be noted that this guide contains information that may be difficult
to understand without an extensive technical and functional knowledge of
information systems. While this guide does attempt to put it simply and in laymans
terms, you the user are ultimatly responsible for the security of your own systems.
Section 2: Setting up Tor
Preface: Due to abuse in the past, users trying to connect to the AnonOps IRC
servers using Tor will not be able to connect. This is nothing personal, there have
just been problems with abuse of the program in the past on the IRC server.
Therefore, we do not recommend using this for IRC connection, but merely as an
easy to use tool for browsing the internet anonymously. Keep it in, for most users
it's a relatively slow connection.
Go download Tor here: https://www.torproject.org/dist/torbrowser/tor-browser-
After downloading Tor:
1) Run the .exe
2) Extract to your PC.
3) You will now have extracted TOR into the selected folder. You should have a
button called "Start Tor" with an onion on it, click this to start (if you want you can
make a shortcut by right-clicking create shortcut and drag it to your desktop, make
sure the original stays in the same folder though).
4) You are good to go, if your ISP blocks connections to TOR and you need help
setting up a bridge feel free to ask about it in the #OpNewblood channel, which
again you can access through your web browser at this link: http://goo.gl/8zxwO
1) Download Tor here: https://www.torproject.org/dist/torbrowser/linux/tor-
2) Extract to destination of your choice
3) You should now be able to just click your start tor button to start.
4) For additional ease of use, try Tor Button for Firefox.
5) Once again for help with making a bridge if your ISP blocks Tor please ask for
help in #OpNewblood via your web browser here: http://goo.gl/8zxwO
Mac OS X:
1) Download Tor here: https://www.torproject.org/dist/vidalia-bundles/vidalia-
2) Mount the .dmg file and find it on your desktop
3) Move Vidalia to your applications folder
4) Download the Tor button for Firefox here:
5) Once you have both installed, run Vidalia and make sure it says "Connected to
the Tor Network!" and then go to your Firefox browser and right click on the
indicator in the bottom right and click "Toggle Tor Status"
6) Read more on operating Tor here: https://www.torproject.org/docs/tor-doc-
7) Once again for help with making a bridge if your ISP blocks Tor please ask in the
#Opewblood channel via your web browser here: http://goo.gl/8zxwO
A NOTE FOR ALL OS's:
1) To check anytime if TOR is working, you can go here:
https://check.torproject.org/ and it will tell you if your TOR is working.
2) Highly reccomended is the TOR button for firefox: https://addons.mozilla.org/en-
us/firefox/addon/torbutton/ which will allow you to turn tor on/off as well see if it's
disabled in your browser.
Anonymous Browsing Using Tor Button for Firefox
Start by install Tor on your computer and configuring it to your liking. Then,
download the Tor Button add-on for Firefox, and use the options to configure the
add-on the way you want it. Then, press the "Tor Button" and go to a test website
to ensure you've done it correctly. If the website returns properly anonymous
results, then you've correctly set up Firefox for anonymous browsing through Tor.
Also worth doing: hit Tools>Start Private Browsing whenever you are browsing with
Tor. It stops logging your web history, caching files, passwords, cookies, and
download history, so you don't have to clear the history everytime you're finished.
Troubleshooting: refer to www.torproject.org
Section 3: Firefox recommended Add-ons
Adblock Plus: This plugin blocks around 90% of internet services that attempt to
track your web activity and then send you targetted ads. It's crucial to use while
browsing any aon websites or sites that have anon news articles, etc.
privacy and stop malicious activity. Can set rules for individual sites or deny
BetterPrivacy: This plugin is a tool to identify and remove cookies. It will also act
as an "optout" from advertisement and other forms of web tracking.
FoxyProxy: An Addon to the default way to handle connecting to proxies, the
FoxyProxy addon will allow you to have easier access to enabling your proxy
tunnels, also has advanced features, such as setting up a list of domains that you
will always want to use a proxy to connect to, and to do so automatically, while still
using another connection for non-listed sites. http://goo.gl/VRiHT
Ghostery: Another tool to help manage and mitigate tracking cookies, Ghostery
features tools that will alert you when there are tracking cookies on the websites
you visit. You can also view information about each tracker that is trying to harvest
your browsing data, and even view the source code of said tracker and see exactly
how the cookie is tracking you. Make sure you get Fanboy list and Easy list to stay
updated (these can be selected during setup or in the options of the addon itself )
Greasemonkey (GM): A great addon that allows you to edit the way websites
"engine" or development platform, allowing you to write and download scripts to do
many different things using their addon. http://goo.gl/atGk7
HTTPS Everywhere: A Firefox extension produced as a collaboration between The
Tor Project and the Electronic Frontier Foundation. It encrypts your communications
with a number of major websites. http://goo.gl/fsKV
Section 4: Setting up i2p for IRC+Browsing
Section 4 table of contents:
4.2 Firefox Configuration
4.3 IRC Client Configuration
4.4 I2p IRC on Android via irssi connectbot
4.1a) I2p Installation: Windows
You can download the latest version of the i2p software here:
In windows, the installation, as with any other windows software, is relatively
straightforward. Double click on i2pinstall_(version).exe that you downloaded from
the above website and follow the instructions.
3) Launching the router:
After the install has completed, you can access your router console (control panel
for i2p software, in the form of a website) even when you're not actively using the
i2p proxy by doubleclicking the "Start I2p" icon or by following
http://127.0.0.1:7657 For those not versed in how the internet works, 127.0.0.1 is
an IP address that always leads to Localhost, or webservices that are running on
your machine. As long as you are connecting to that address, no other anonymizing
software is needed, since you are only talking to your own machine.
4) Browsing I2p:
In order to access .i2p websites, or eepsites, you'll have to set up i2p as a PROXY
on your web browser of choice, instructions for this on Firefox are in section 4.2
4.1b) I2p Installation: Linux
1) Easy way: Ubuntu.
Open a Terminal and enter:
sudo apt-get install sun-java6-jdk
Get the latest install package (yes, the .exe file, don't ask, it's java.) from
http://www.i2p2.de/download. In the terminal window, navigate to the folder
where you downloaded the .exe file and enter:
java -jar i2pinstall-*.exe
Follow the prompts
2) Other distributions:
Google instructions for installing the java JRE software on your distribution,
typically it's not much more difficult than with Ubuntu, but different distros
have their own package management systems, and the commands might be
Once Java is installed, it's the same command as Ubuntu:
java -jar i2pinstall-*.exe
4.2) Firefox Configuration
1) Verify it's running:
Once the i2p client is installed, you can verify it's running an http:// tunnel
going to http://127.0.0.1:7657/i2ptunnel/ Under the "I2p Client Tunnels"
section, the first entry should be "I2p HTTP Proxy". On the right, under the
"Status" column, there are three little stars, one red, one yellow, and one
green. If red is lit up, hit the "start" button to the right of it, If it's yellow,
you don't have enough peer connectionsyet, and you should let it establish a
presence on the network. Leave it alone and grab a sandwich, it should be
ok in an hour or two.
2) Set up localhost as a proxy
Goto the Advanced section
Under Connections click the Settings button
Select "Manual Proxy Configuration"
Enter the following:
HTTP Proxy: 127.0.0.1 Port: 8118
SSL Proxy: 127.0.0.1 Port: 8118
SOCKS Host: 127.0.0.1 Port: 9050
SOCKS V5 checked
No Proxy for: 127.0.0.1
4.3) Various IRC Client configuration
IRC Clients need no special setup or proxies. Just visit your
http://127.0.0.1:7657/i2ptunnel/ and make sure IRC Proxy is running. If it is,
justconnect to 127.0.0.1 on port 6668 like it's a normal IRC server. Your client will
sendall data to the proxy that's running on your machine on port 6668, which will
then send it, via I2p, anonymously and securely to the i2p IRC servers. You may
enter additional .i2p irc servers by clicking on IRC Proxy on the Tunnel manager
page and pasting the addresses in the "Tunnel Destination" field (comma
seperated).Take a look at this list of clients and choose the one that sounds right
(This author is a proud owner of a Ubuntu box, chatting on Xchat)
4.4) Fun shit
1) If you have a Linux machine, you can connect to the i2p irc servers through your
home computer from your Android phone from anywhere in the world.
What you need:
Ubuntu Linux: http://www.ubuntu.com
irssi connectbot for Android
openssh for Ubuntu: sudo apt-get install openssh-server
irssi for Ubuntu: sudo apt-get install irssi
2) open irssi connectbot on your android and enter [your linux
Now, since most people are behind a firewall, or a router, or something, there's
probably some port forwarding you're going to have to do, but for now, just
connect to your own wireless router with your android's wifi. It's safer anyway.
3) First thing you want to do is login with your password (that's why it's better to
do it locally before doing it over the web... Make sure you've got encryption on your
wifi, by the way)
4) Once you have a command prompt on your android, hit the back button to get
back to the host list, then the menu button, and tap "Manage Pubkeys" Hit the
menu again, and select "generate". Name your key, make it RSA and give it at least
a 1024 bit hash, (I go to 2048, you can't be too careful) No password, and hit
5) Now it will have you fuck around with your touchpad to generate randomness,
and create your pubkey. Once you're back on the pubkey list with your new pubkey,
longpress on it and select "Copy Public Key"
6) Now hit the back button and click your host connection in the host list, which will
bring you back to your command prompt. Enter cat "(hit menu and select paste to
paste your pubkey into these quotes)" >> .ssh/authorised.keys
7) Now enter exit which will take you back to your server list, and disconnect you.
Tap your server to connect again, and this time, it should not ask you for a
password. This means you are connected using a shared 1024 bit (at least)
pubkey, which ain't bad.
8) To connect from outside your home network, you need a few more things:
Your external IP address: http://www.whatismyip.com
Port forwarding to port 22 on your machine (if you have a router and
multiple machines on your home network as most do) See step 9
9) Most routers are set up with a web interface for changing settings. If you have
wireless security enabled, then you or whoever set up your home network for you,
have already accessed the web interface, and should have set up a password. You'll
need to log into that web interface, go to the section on port forwarding, and
forward an available external port (22 will do) to port 22 on your machine's local IP
address (usually 192.168.1.101 or something) for BOTH tcp and udp. This is as
clear as I can make it without router specific instructions. (Talk to your router
provider or local geek for help in this regard)
10) Now all you need to do is connect through irssi connectbot to (your
username)@(your external IP address):(port you set up to forward to ssh on your
11) Once you're connected to a ssh server on your home computer (which by now
should be running i2p) you may launch irssi, a command line irc client, and connect
to the i2p servers with irssi using:
/connect 127.0.0.1 6668
Questions? Comments? Concerns? Join into #OpNewblood via your web browser
here: http://goo.gl/8zxwO or you can contact cred via i2pmail firstname.lastname@example.org or
from the insecure web (securely) at http://privacybox.de/cred.msg (include return
contact info, since it doesn't store or transmit any identifying information)
Section 5: Advanced IRC Commands
Self explanatory, this is used to join a channel, to join #opnewblood , you would
type /join #opnewblod
Not really as necessary, but used sometimes. for instance if you wanted to wave at
someone, you would type /me waves it would appear as "anon waves"
if you want to have a conversation with a specific person outside of the channel the
best thing to do is message them, just type /msg username message here. just
make sure to use a space between their name and the message.
Same thing as msg, except this will open up a new window for you to have a
conversation with this person.
This command will change your nickname for instance if you wanted to be called
gigapuddi you'd type /nick gigapuddi. Remember though if you do this you won't be
registered unless you re-register with nickserv (see the walkthrough to anon if you
dont know what nickserv is, or want help with it)
This will let you quit.
Trolls are plenty, and it's best not to feed them, and just ignore them. To ignore
someone type /ignore username
This will display information about the person you selected, such as their vhost,
what channels they're in ect. to find a whois just type /whois username
To mark yourself away, you can use this, if you were persay making a sandwich,
you could do /away making sammiches and people will know you're making
This is to see the latency to the server, if you're lagging this might give you more
information, to ping a server just type /ping ipadresshere
11) /notify on/off
This will change if you get a notification (a beep sound) whenever someone types
your name. to turn off /notify off to turn on do /notify on
If you want to see a topic in a certain channel just type /topic and it will read it out
Lists the channels that are available to you.
5.2) Browsing IRC
When you arrive on the IRC for the first time, you will be using an unregistered
nickname. If you plan on becoming a regular user, it is vital to register your nick.
This is important for several reasons:
It ensures that nobody can impersonate you.
It grants you various abilities which non registered users do not have
(Most importantly) It allows you to use a vhost - this hides your location and
ISP information from other users.
To register your nickname, refer to the IRC guide for your operating system on the
original #OpNewblood page.
When you connect to the server, type /msg nickserv IDENTIFY password
This will tell nickserv that you are the real owner of your nickname. If you do not do
this, you will not have access to registered-only chans or your vhost. For safety
reasons, it is recommended that you type the command in your status window so,
in the event of an error on your part, you do not post your password to an entire
If you plan to use more than one nickname, you can group them together. This has
several uses, the main ones being to tell people where you are connecting from, or
that you are away.
For example: a user called "JohnDoe" might be going out for a while but leaving his
laptop on, in which case he could change his nick to JohnDoe|Away or JohnDoe|AFK
to let other users know he was away. This is important so as, for example, people
will know why you are not replying to messages. He might also use the nick
JohnDoe|Mobile to let people know he is on a mobile client, and therefore cannot
use certain functions such as possibly recieving PMs or visiting links people might
To change your nick, type /nick newnick. However, when you do this, you will lose
any access levels, vhost, and other settings associated with your nick.
To avoid this, when you choose your new nickname, switch to it using /nick, then
type /msg nickserv GROUP nick password - where nick and password are your
MAIN nick and its password. This ensures that these nicks will share passwords and
Let's face it, sometimes shit happens. Sometimes your internet connection will
randomly decide to die on you. Sometimes your laptop's battery might run out,
sometimes your IRC client will crash, sometimes you might accidentally close a
window. There are many reasons one might suddenly find themselves accidentally
disconnected from the IRC.
The problem is that unless someone signs off in "an orderly fashion", the server will
not actually realize they are gone. Think of it like somebody who puts down a
phone and walks away, but without hanging up the call. Or like when your
computer crashes without shutting down the correct way. In these circumstances,
the IRC server does not realize you're gone, and assumes your nick is still
connected. This situation remains until the next time the IRC pings your nick and
gets no response ('ping timeout'). This can take a while though, and very often the
person who has disconnected, will manage to get themselves back online before the
server has time to realize they ever left in the first place. When this happens, the
user's nick is already in use, so the server will assign them a new one (usually just
by adding a ` or _ to the end, so if JohnDoe tries to connect when there is already
a JohnDoe connected, they will be signed on as JohnDoe_ or JohnDoe`.
The problem with this, of course, is that just like an un-identified nick, these nicks
have no modes, no vhosts, no access levels - because the "ghost" of the nick is still
To force the dead session to disconnect and replace its nick with yours, type /msg
nickserv GHOST password, where password is the pass to the original nick. This
would, in this example, disconnect JohnDoe and change JohnDoe_ to JohnDoe
automatically, identifying and setting up the nick as normal. When this happens,
you will probably see something like this in the channel:
JohnDoe left the chat room (GHOST command used by JohnDoe_)
JohnDoe_ is now known as JohnDoe
It is very important to do this as quickly as possible when re-connecting, as you will
be locked out of your vhost until you have done this.
Obviously one of the main priorities of any Anonymous is to be, well... Anonymous.
When you connect to our IRC server, the server will automatically mask your IP
address (your computer's "phone number"). This is the most important layer of
anonymity, but unfortunately there is a catch. Most of the time, it will NOT
automatically hide your ISP (Internet Service Provider)'s name. So for example the
fact that your IP is from a certain town might be hidden, the fact that you are a
comcast customer may not be.
To rectify this, we have a vHostServ. It gives you a fake host name, which masks
the true ISP you are connecting through. It can be anything you want - for instance,
if anyone ever tries to check where I am connecting from, they will see
"fuck.off.you.bollocks" instead. :D
To get a vHost, you must be registered and identified. This is why it is CRUCIAL
that you identify ASAP when you connect, as your vHost will not be activated until
you have done so.
How to get a vHost :
1. Type /join #vhost in your IRC.
2. Once inside the vHost channel, type !vhost (insert.clever.name.here).
NOTE : You can, indeed, use whatever you want as a vhost - provided it is a valid
one, i.e. no spaces, and must contain at least one dot. The most common way to do
this therefore is.to.use.dots.as.spaces.in.your.vHost.
When you have done this, vHostServ will automatically kick and ban you from the
#vhost channel. This is normal and expected, and simply means the vHost as
worked. You will be banned from the channel (#vhost) for a certain amount of time,
after which you will be able to change your vHost if you like. Now that you have a
vhost, you are fully set up to use the IRC, any other settings you may set on your
nick are purely optional.
*Note: If you join a #chan before you vHost, your new anonymized information will
not automatically update in the channel. Be sure to exit and rejoin any channels
you are connected to after you vHost, or your real connection information will still
**NOTE: If you use Xchat along with auto-join channels, you can tell xchat to wait
longer before joining channels on server connect using the /set irc_join_delay X
command, where X is the number of seconds xchat will wait before joining channels.
Setting this to something like 10 seconds helps if you're using automatic channels
Invite-only channels (mode +i)
Some channels, for various reasons, are invite-only. Commonly this is because the
channel has a very specific purpose and only users who have a specific job in the
channel can access it - for example, there are private channels for operators and
hackers. Sometimes, a channel will also be set to +i if it is being invaded or flooded
by bots or trolls.
If a channel is +i, you will not be able to join it using /join. You will simply get an
error message telling you that the channel is invite only. However, if you are an
operator yourself, or are on the invite exception list, you can force the server to let
To do this, you send a message to another bot called ChanServ, which is not
covered in this guide as in general only more advanced users will ever need to use
it. However, to request an invite, type /msg chanserv INVITE #channel, where
#channel is the channel you are trying to connect to. It is important to include the
# at the start of the channel name, or ChanServ won't recognize it.
If you are on the list, you will then gert a message asking you if you would like to
join the channel. Otherwise, chanserv will tell you that you do not have permission.
If you are NOT on the invite or operator list for a channel, but you feel you should
be allowed in to it anyway, you can type /knock message, where message is your
message to the channel admins. So for instance, if there was a channel called
#brits only for British people, and you didn't have access, you could type /knock
#brits Hey, I'm British, let me in!
This will send a message to the channel admins, and cause your message to appear
in the channel. The admins will then (if they decide to let you in), send you an
invite just like chanserv does. You will receive the same message you would receive
from chanserv asking you if you would like to join the channel.
NOTE: Knocking on a channel 10 times in a row is not going to amuse anyone. In
all likelihood, it will actually make it almost certain that you will NOT be invited into
the channel. If you receive no invite it either means the admins are not active at
that time, or have decided for whatever reason not to invite you. If it does happen,
you could maybe try again later, but don't knock 10 times in one minute, this is
more likely to get you banned.
If no one replies to your knock, another option you have is to type /msg chanserv
INFO #channel, where #channel is the name of the channel (again, include the #
or chanserv will ignore your message). This will tell you what the channel is for,
and who created it. You could then message the room founder and ask for access,
but this is generally not recommended unless it is extremely urgent.
Section 6: Advanced Defense Techniques
USING Virtual Machines
It is strongly recommend you consider making a Virtual Machine (VM) to seperate
your personal OS instance with you anon activity OS instance. This ensures that
personal data does not leak while viewing anon related social media on such sites
as Twitter or Facebook.
It has several other advantages such as allowing you to quickly delete all anon
activity off your computer by simply deleting the VM itself.
Virtual Machine Software
VirtualBox - x86 and x64
VMWare Workstation 7 - x86 and x64
Windows Virtual PC - x86
etc. (do a google search for "virtual machine)
Disk encryption is another way to protect yourself. Disk encryption software will
make it pretty much impossible for any one but yourself to access the data on any
Disk Encryption Software
TrueCrypt - http://www.truecrypt.org/
Bitlocker - (Win 7 Ultimate only)
File and Email encryption and validation (added by cred)
Using the openPGP standard, the following software creates a "Keyring" for you,
bound to your name and email address (neither of which needs to be real, I have
two, one for my real life identity and another as cred) The private key is a password
protected key you keep on any system on which you will be DECRYPTING
information; your home computer, and if you're brave, your Android phone. The
public key is used to ENCRYPT information or files, and is available to anyone. So if
you wanted to encrypt information to send to me, you'd have to search from my
public key, (email@example.com will find it for you) encrypt the data with it, and send it
to me. The only thing that can now recover that data is my private key and
password. PGP is the industry standard for high level encrypted email.
PGP (Windows) http://gpg4win.org/download.html
PGP (Linux) http://www.gnupg.org/
APG (Android) https://market.android.com/details?id=org.thialfihar.android.apg
LINUX TOR VM's
It's possible to use Tor as a VPN using some prepackaged linux VM's. Once these
VM's are started it's possible to create a VPN connection to the Tor VM. These VM
include additional privacy goodies such as Squid and Privoxy.
Linux Tor Software
JanusVM - http://janusvm.com/
TAILS - https://amnesia.boum.org/
Section 7: Portable Solutions
Portable refers to self-contained OS and software packages that can be run from CD,
DVD or USB device. This allows you to carry your anon OS instance in your pocket,
plug it into or insert into another computer and be ready to access anon resources
in a secure way.
The Amnesic Incognito Live System:
A bootable, live, Linux distribution focusing on security and privacy, Basically this
entire document in a single download.
For the hacker anons among us, a live linux distribution with all the tools a good
hacker needs to control the fate of the world from a laptop at a Starbucks.
Gnacktrack, only for people who prefer the K desktop environment over GNOME.
Ubuntu Privacy Remix: https://www.privacy-cd.org/
Intended solely for Live Booting, no installation on the local system is required, and
none of the data on it is touched.
Section 8: ADVANCED GUIDE TO HACKING
AND SECURITY VULNERABILITY
Preface: Information in this section can be extremely confusing for new users, and
those without the sufficient technical knowledge to understand. Always be cautious
when tinkering with systems you don't fully understand, as this may lead to
undesirable results, detection, and in extreme cases system failure or legal trouble.
For those interested, an excellent guide to Denial of Service Attacks or DDoS can be
found here: http://insurgen.cc/index.php?title=DDOS
Guide By: Denizen
As the ultimate denizen, you must be able to enter systems at will in various ways.
There are many ways to reach a website, and to add protection for yourself in
terms of anonimity and minimized vulnerability.
Table of Contents
1. SSH Tunnelling Techniques
2. VPN (Virtual Private Network) Sub-netting techniques
3. Anonymous SOCKS4/SOCKS5 proxy techniques at
OS level (e.g. Network Layer 3)
4. Anonymous SOCKS4/SOCKS5 proxy techniques at Internet Browser Level (e.g.
5. Local DNS hosting and Direct to IP internet browsing
6. Windows /system32/drivers/etc/Hosts File IP DNS Lookup (Associating any ip
with any hostname, permanently)
1. USING PUTTY TO SETUP AN SSH TUNNEL
Normal connections to the internet, unless using SSL, are typically unencrypted
transmissions divided into data packets. Using a packetsniffer, it is possible to
capture most packets, and look at their payload in plain text. This can include
usernames, emails, IM's, and sometimes even passwords and sensitive information.
When you set up a tunnel securely, you are connecting to a secure, encrypted
connection to the machine you are connecting to, helping to prevent the use of
packetsniffers to steal your information.
Not only is this useful for keeping your local connection to the internet secure, it is
also one of the basic ways you can hide which IP address you are connecting to the
internet from at home. When using the tunnel for your transmissions, all of your
packets will have that machine's IP address on the source address section instead
of your own. Again, as covered above, you cannot trust a VPN (SSH) provided at no
cost. It is in your best interests to use a paid hosting provider.
2.OPENVPN GNU/LINUX HOWTO (what if they don't have linux) list alternatives for
vpn/ instructions for other os's?)
Information on how to set up a GNU/Linux system to use open VPN can be found
here: http://openvpn.net/howto.html (openvpn only secures you between your
server and you, not between your server and the internet. your server will be the
middle man and is identifieable unless augmented with additional obfuscation
3. USING SOCKS4/5 PROXIES WITH FIREFOX
If you're interested in using SOCKS 4/5 proxies with the Firefox browser, you can
find instructions here: http://uniqueinternetservices.com/configure-proxy-for-
4. CHANGING LOCAL DNS SERVICES
This section explains how to change the nameserver that resolves domain names
into IP adresses that is sometimes used as an ideal way to trace you by your ISP,
even if the data you used is encrypted via RSA or a strong triple des encryption the
request to the domain name to an ip still is carried out by someone, make sure it's
you, or someone friendly.
DNS requests in an ideal situation should be encrypted, if you're super paranoid,
and some proxies offer this. I can't list which ones off the top of my head, sorry.
5. CHANGING WINDOWS HOSTNAMES PERMANENTLY
This hackers trick is a good way to associate a permanent IP mirror for your
favourite social networking site like facebook, twitter, etc etc. If this is something
you're interested in, more information can be found here:
If you want cannabis.com to goto 126.96.36.199 then you can enter it just like the
localhost 127.0.0.1 entry you'll find in your windows setup. This bypasses
nameserver requests to most browsers (check to be sure with a packet sniffer)
6. MISC PACKET CAPTURE SECTION
All of these need PCap drivers installed and are included in the downloads of each...
Understanding packets takes time and practice. To get started install a copy of
wireshark (http://www.wireshark.org/); or MS Network Monitor 3.4, both are free.
If you don't see any capture interfaces listed then you may need to run it as
administrator. To identify which interface is seeing your traffic click the first (top-
left) icon "list available interfaces" and look for the one with the numbers counting
up; it's the active one. Start it and watch all the packets flow. You might see lots of
traffic, start closing shit that's downloading or streaming stuff. You'll get down to a
slower scroll of ARP and NetBios traffic, the occasional UPNP burst and other stuff.
If you're on a secure VPN or something you'll see just about ALL SSL/TLS grey
colored packets or all UDP blue packets in some cases. Try another active interface
(like a TAP interface) to see the goods. Get on your home network and play around;
see what DHCP handshakes look like, DNS requests/responses, navigate a shared
folder and see what it shows you, stuff like that. If you know how, do an nmap scan
and see how obvious and loud it is and learn techniques to use it in a more covert
http://www.wireshark.org/docs/ <- read and watch the videos. There's a lot to it
but once you catch on it's quite simple to grasp.
TCPDump(linux)/WinDump(windows) - Command line packet capture for gathering
to analyze later. http://www.tcpdump.org/ and http://www.winpcap.org/windump/
NetworkMiner (http://networkminer.sourceforge.net/) is an alternative that allows
you to sort collected packets however you want (by host for example) for easy
7. TCP/IP AND THE WIDER INTERNET
(DNS/HTTP Port 80/Logging/Secure ways to connect to your 'crack' machine)..
PROXY CHAINING, SSH CLI Chaining maybe?
Change DNS Settings in Windows XP
Network Layers & OSI Model
In order for a security expert to truly understand a software or hardwares running
on a network or security system, they must be able to relate to and fully conceive
the implications of changes that are made to an existing setup.
No matter what you do at any level of the network layer, you will be interacting at
other levels also. E.g. The data link layer (Layer 2 OSI) must make use of the
physical layer (Layer 1 OSI), and so on.
Layer 1 : Physical layer
This is the electrical and physical specification of the devices. In particular it will
refer to pins, voltages, repeaters, hubs, network adapters, host bus adapters and
SANs (Storage Area NEtworks). Standards such as the RS-232C Com port standard
popularised in the 90's uses such physical wires to access medium.
One such popular medium would be the internet. To which the early modems
Layer 2 : Data Link Layer
The Data Link Layer provides functional and procedural means to transfer data
between network entities using physical layers (or
cabling/adapters/routers/repeaters) so on and so forth. Originally Layer 2 was
intended for point 2 point transfer only. LAN and multi-broadcast media (multicast
et al) were developed independant of the ISO standard (IEEE 802).
WAN and LAN are services on the data link layer that arrange bits, from physical
layer into logical fram sequences.
These frames contain important information that is relative to your Transmission
Control Protocol, and includes information such as your IP (Internet Protocol)
This address is binded through service levels by the TCP (Transmission Control
Protocol) transport layer.
8. Hack in a sack:
The Metasploit Framework
Metasploit is a software suite created for penetration testing, and is included in both
Backtrack and Gnacktrack LiveCDs listed in the mobile solutions section. It has a
command line interface, a GUI interface, and a Web interface, creating what is, in a
real way, the world's first point-and-click hacking software. It has a massive,
constantly updated Database of usable exploits, which you can use to gain access
to vulnerable remote systems. http://www.metasploit.com/
Thanks for reading this whole doc, you did right? Please ask questions in
#OpNewblood (Again, you can reach us via your web browser at
http://goo.gl/8zxwO) and refer back to this document and remember to stay safe.
Protecting your anonmity is the most important part of being Anonymous.
In our world a good defense is the best offense.
Anonymity/Security: A practical guide to computers for anarchists
Submitted by Anonymous on Thu, 11/10/2011 - 23:00.
DIY Do It Yourself
This is a comprehensive guide written by and for non-techie anarchists. A variety of issues related to computer
anonymity and security are explored in detail, with extensive links for further reading and exploration.
Topics include: ISP, IP, MAC Address, Session Data, User Agent, Referer, 802.11 Nickname, Scripts,
Encryption, Secure Deletion, Viruses, Malware, Keyloggers, Rootkits, Passwords, Email, Linux, Livesystems,
Metadata, and Destruction of Hard Drives.
<3 some anarchists
anonsec.pdf 598.05 KB
anonsec-imposed.pdf 190.65 KB
Add new comment
USEFUL TIPS FOR SETTING UP AN ANONYMOUS OPERATION
This sheet will help you to determine whether a certain course of action is the best option for the
operation you are working on, or whether it may not be as effective as you thought it would be. It is
important that you take the time to fill in this sheet, and don't rush it - in many situations, there's no
rush at all in organizing an operation. It's also a good idea to read the tips section first.
Tips for setting up an operation
You will likely have started an operation because you disagree with something. Rather than trying to
fight the people that caused this, try to focus on what the thing is that you disagree with, and
preventing that from happening (or, if that is your goal, spreading awareness). Revenge seldom has
the intended result. Clearly think of what the issue is, and how it can be resolved.
Even if you think you've read carefully, read everything on this form twice, and think about it a
second time. The human brain has a habit of 'caching' answers to questions, and that may not
always give you the best answer to a question. By thinking about it again, you force your brain to
give a 'real' answer.
Have clear communication channels. Even though Anonymous as a whole is a decentralized entity,
it's typically a good idea to centralize the main organizational aspects of an operation, even if there
is no set hierarchy. This makes it easier for people that are unfamiliar with how Anonymous works,
to participate and learn more about both your operation, and Anonymous as a whole. An IRC
channel is usually a good start, as is a Twitter feed. Try to stay away from websites that offer you
free blogs, web hosting, or forums, unless you really know what you're doing - these websites tend
to freeze your account at the first hint of controversy.
Take the time to set up an operation. Most causes do not require you to respond in one or two days,
so it's perfectly fine to spend a few days on organization and planning, before you actually do
Don't just mentally answer these questions! You should actually write down or type out the answers,
to make sure you're not overlooking something.
Defining the main goals of your operation
Important: When defining the goal or goals of your operation, you should not take into account the
ideas you have to carry out the operation! Doing so anyway will result in the common human habit of
putting the cart before the horse (also known as 'reversed reasoning'), which will cause your operation
to be less efficient than it could have been. In short: start from a blank canvas.
The cause of your operation
1. What 'undesired circumstance' caused you to set up this operation? Examples: the extradition of
someone, the closing down of a website, arrests of activists, etc.
3. Who is responsible for this undesired circumstance? This can be a person or an organization.
2. If an organization was responsible, were there any specific employees or members of that
organization that coordinated the decision? If yes, are they responsible for it or were they in a
situation where they had no real choice?
5. Are there any further consequences of this undesired circumstance that will not go away, even if the
undesired circumstance itself is gone?
The solution for your cause
1. What has to happen for the undesired circumstance to go away? Examples: the dismissal of a court
case, the denying of an extradition request, etc.
2. If there were any further consequences that would not go away, even if the undesired
circumstance itself would be gone, what would have to happen for these consequences to go
Defining possible solutions and courses of action
Take some time to think of ways to achieve what you mentioned in question 2.2.1. You should answer
the following questions for each of the possible solutions you came up with. Try to avoid all solutions
that have been attempted before by other operations, and only use those solutions as a last resort.
Ideally, your solution should be original and tailor-made for this operation.
Basic details for the solution
1. What does the solution consist of?
3. Who can take part in the activities for this solution?
5. How long does it take to carry out this solution? A rough estimate is good enough.
7. What organizational structure is needed to carry out this solution? Examples: no hierarchy, a central
leader, democratic voting, etc.
9. What communication channels do you need for this solution? Examples: a forum, a Twitter feed, an
IRC channel, etc.
Consequences of the solution
1. What will happen if you carry out this solution successfully?
3. What will happen if the solution is attempted, but fails in some way?
5. What are the risks for participants? Be honest here, don't try to romanticize your solution.
7. Compare the answer to 3.2.1 with the answer you gave to 2.2.1. Do the answers match?
2. If the answers do not match, this solution will not be optimal and it is likely you've put the cart
before the horse, which is likely to make your operation fail. Try again with a different solution.
Summary of your operation
You can fill in this part to make it clear to participants what they are getting involved in, what the goals
are, how they can help, and what they should watch out for.
1. What will participants be doing?
3. What are the risks of participating?
5. What is the intended goal?
7. How does your solution reach the goal?
9. Is there a backup plan?
11. Where can participants go to communicatie? Examples: the IRC channel, Twitter feed, forum, etc.
Good luck with your operation!
GUIDE TO PURSUANTS-A GUIDE TO THE ESTABLISHMENT OF
AUTONOMOUS ONLLINE ENTITIES
If we wish to overwhelm the various corrupt corporations, government
agencies, and states that deny us our liberty, illicitly monitor our
actions and communications, provide assistance to dictatorships, and
otherwise engage in malovelent behavior, we must ensure that those
who oppose such things are informed, organized and equipped in such
a way as to best make use of their skills to fight what has become a
full-blown information war. Anonymous and Wikileaks have shown
what is possible; it is time to expand the campaign.
For the first time in human history, it is theorectically possible for any
individual to collaborate with any other individual on the planet in
pursuit of shared goals. The implications of this are tremendous; and
to the extent that these implications are grasped, men of good will and
talent will join forces in new ways to fight the war that we all know
must be fought. It is now possible to begin replacing the corrupt and
force-dependent nation-states with online entities capable of rooting
out that corruption and fighting those who initiate forceful oppression
on others. The main barrier to a worldwide virtual republic capable of
organizing the clever and ethical into a single force is the cowardice of
those who shirk their integral duties [as human beings] to advocate
progress, who take their cues from what is rather than what should be,
and who find emotional refuge in degrading the efforts of good men
and women. You have heard it said before, "All that is neccecary for
evil to succeed is for good men to do nothing.", never in history has it
been so practical for good people to unify against their evil
counterparts; the information age offers us the means by which to
bring this fight to those who have misused their power to such
We are creating the following guide to serve as a sort of instruction
manual by which anyone who chooses to join in this fight may do so.
It includes instructions on establishing what we term a "pursuance" - a
cooperative and autonomous online entity created for the purpose of
joining individuals together and making good use of their collective
talents in a common fight against those entities that must be defeated
if man is to live in a free and reasonable society, rather than the
statist and degenerate world that the nation-states have created by
way of their malovelent incompetence.
A Guide to the Establishment of Autonomous Online Entities, 1.5
This brief treatise is written for the use of those who are interested in
establishing a cooperative organization for the purpose of organizing
efforts towards activism, whether of the philanthropic or oppositional
The greatest barrier to collaboration among well-meaning people is the
widespread cultural sickness by which such efforts as these are
deemed to be misguided or even unseemly. Many take what would
appear to be solace in the fact that some great number of appeals to
human decency and attempts at human reform have succumbed to
human failings; here is humanity, after all, still imperfect even after
some number of people have taken so much trouble in attempting to
For the purposes of this pamphlet, it will be assumed that the reader is
aware that the environment has lately changed to such an extent as to
render horny devils in the past a largely unreliable indicator of what is
now possible, and wishes to act accordingly. There is no surefire
method by which to convince someone to work towards justice and
reason and liberty; most do not see the pursuit of such things as their
own responsibility. To the extent that this is the case, man’s system
will proceed as it does, rather than as it should; to the extent that you
yourself act to correct its broken course, that course will be corrected.
Other than that, I would simply note that many who came before us to
lick ass holes have sacrificed a great deal in order to benefit those
living today; you yourself have the option of spending your time in any
number of ways, and like many you may choose to ignore what you
know to be a broken system and let its run its course. You also have
the option of looking back upon your life some years from now and
saying, “When it suddenly became possible for individuals of good will
to come together from across the world and work to solve its common
problems, I was among those who did so.” The alternative is to do
We will call the entity that is to be created a “pursuance.” A pursuance
will be defined as some number of people who have come together via
the internet to pursue some action or agenda on which participants will
work closely via a set of online communication mediums in order to
It is a fine and common thing to have some great number of people
interacting in such a way as to hopefully get something done at some
point. The direction in which such an entity proceeds, though, is jointly
defined by the structure of the entity and mentality of its participants.
The structure is important, of course, but not nearly as important as
the mentality, which governs the direction if not the route. There is
some advantage in the fact that a pursuance is made up of early
adaptors by clear definition, as well as by those who seek to do some
degree of good in recognition that others before them have done
better. Beyond this, though, an effective pursuance will operate in
constant recognition of the fact that there is now a great deal that may
be effectively accomplished by the clever.
Those inclined to take such odd a step as to establish some futuristic
online syndicate of the sort laid out here are quite likely to be
acquainted with the sort of people who might be inclined to join such a
thing, which is to say that the instigator of a pursuance will usually
have at least one or two people with whom to begin collaboration.
Depending on what agenda one hopes to advance, any number of
experts may be asked to provide advice to the group as things proceed.
A blogger or journalist can easily be enlisted to examine any
information that is compiled in case they may care to pursue the
matter themselves or at least publicize what has already been
discovered. Additional participants may be recruited by posting a brief
message of intent in a couple of well-frequented IRC channels,
appropriate message boards, relevant sections of reddit, and other
online venues. Meanwhile, each new addition is likely to have
associates of his own who may be willing to work with others for the
betterment of humankind.
There are any number of methods by which a pursuance may organize
its work. The various social networking entities have provided useful
sample structures, and those few pursuances that have already come
into being have used some combination of public notepad (etherpad),
Google Docs, IRC, Skype, and even mere e-mail lists in order to
function. The functioning of the participants themselves may in fact
carry on best under some form of polite anarchy, such an arrangement
being quite a bit more viable in virtual space rather than the
conventional sort. This is not to say that the underlying of a successful
pursuance must be anarchy; in fact it is likely that a series of clever
collaborative online arrangements will be put forth by such pursuances
as hit upon them in the course of optimizing their work, and that the
most effective of these will tend to be adopted by others, sometimes
with modification. Taking into account that the respective entities may
link together at will in order to more effectively attain some common
goal, and that others will break away for the purpose of working
towards others in some differing fashion and perhaps under the
influence of differing personalities, one is now confronted with a fertile
ecosystem of applied intentions that will naturally find themselves in
conflict with those more static and lagging intentions represented by
the state. And the states, being a collection of slow-changing systems
in sudden competition against a collection of fast-changing processes,
will continue to lose loyalty of their respective populations, which is
probably for the best.
Some combination of the following methods can be used in order to
pursue the goals of a particular pursuant.
Reddit: Creating a subreddit at reddit.com is an easy way to
implement a communication/collaboration platform whereby
participants can submit ideas and relevant info which may then be
voted up or down based on perceived relevance and utility. To the
extent that the judgement of participants is sound, the most useful
data will rise to the top and thus be more readily accessible; this is an
example of a crowd-sourced information filter.
IRC: IRC provides for an easy-to-use method of realtime
communication. Download a free IRC client and join irc.freenode.net or
another server of your choice. Type /join #(name of room you'd like)
to join and create a new room. Invite participants and prospective
Free Mind: Free-to-use mapping software useful for organizing
information of all sorts, visualizing relationships, etc.
Gliffy: A web app diagram software, also usefull for organizing
information and sharing documents in its cloud storages with friends.
Wikis: Setting up a wiki is a good method by which to compile
information in a useful way that is easily accessible to the public.
Blog: One good option for both taking in and putting out information
while also providing a central node for organization. Remember to
think of a blog in terms of its actual functions, rather than its general
associations - administrators can post some element of data and
others may attach data below via comments.
Etherpad: typewith.me and Anonpad.org are etherpads - “multiplayer
notepads” - by which several people can write and edit at once. One
purpose for this is to head the document with a call for ideas on a
particular subject and then drop the link in some venue where
potential participants are assembled. Groups of participants can
quickly produce press releases and guides or compile information on a
subject, such as a company or individual.
brief.ly: Excellent way to aggregate links in a readable form. Would
make good landing page for coordination of operations or operational
http://tinychat.com/: Semi-anonymous video chat. Excellent for ad-
http://www.chatterous.com/: Disposable web based IRC like chat
http://www.chatzy.com/: Disposable web based IRC like chat rooms
http://anologue.com/: Anonymous disposable web based chat rooms
http://www.disposablechat.com/: Create disposable named web based
http://www.babelwith.me/: UUID based disposable web chat
http://www.stinto.net/: UUID based disposable web chat
http://chats.io/: UUID based disposable web chat similar to anologue
http://jotonce.com/: password protected quick message passing
http://lettur.com/: Anonymous blogging system
http://pen.io/: Text based web page hosting; excellent for publishing
http://www.graffitly.com/: anonymous message passing system
http://www.ucoz.com/: free website hosting
http://www.dinkypage.com/: HTML based web page hosting
http://www.wikispaces.com/: Easy to use wiki hosting
http://www.wikidot.com/: Wiki hosting
http://letscrate.com/: Drag & Drop file sharing
http://ge.tt/: File sharing at it's best; has a realtime filesharing option
on by default (this means you can upload files and someone can
download while you are uploading)
http://chi.mp/: Personal information aggregator. Recommended use it
aggregation of other content
http://pastehtml.com/: Anonymous web hosting (HTML and some
http://www.mirrorcreator.com/: Send files to multiple file-sharing sites
http://jetbytes.com/: Realtime file-sharing
http://www.thiss.is/: allows you to create a site to argue anything,
useful for testing ideas
http://securepastebin.com: encrypted pastebin
http://www.icerocket.com/: social networking search engine
http://pdfmyurl.com/: turn any webpage into a PDF instantly.
excellent for capturing information for posterity (in case it gets taken
down for example)
http://twich.me/: Web based IRC like disposable chat rooms
http://www.cowurl.com/: Personalized URL redirection good for
creating faux domains for projects or acting as a project entry point.
https://join.me/: instant web based desktop sharing (supports Win32
http://icanhazip.com/: easy way to determine your current ip address
http://paper.li/: create a "newspaper" from public social networking
sources good for monitoring activity
http://www.instapaper.com/: save a web page, read it later
http://www.fakenamegenerator.com/: generate shallow cover
identities (not good for long term operations, will not provide deep
Investigation of firms and states: Even without access to info security
skills, there are a number of means by which anyone can suss out
information on a target entity. Intelligence contractors and branches of
the intelligence community tend to have no problem violating the
privacy and rights of individuals; individuals ought not refrain from
investigating the investigators.
One method is explained here:
The application described may be found here:
Tools for Political Demonstrations: Useful links, tools, and information
for those participating in demonstrations against a government.
Anonymous is a breeding ground for effective activism and a useful
means by which to recruit, share tactics and information, and
otherwise collaborate against illegitimate power structures. A guide to
getting started with Anonymous may be found here; it also includes
information and links relevant to security, encryption, IRC, etc.
Project Magnanimous, according to a general strategy, is promoting
the use of parallel operations. This naturally came about during
Operation Sony when the main operation was used to attack and a
side effort involved preparing posters. In addition to Operation Sony
and Sonymous, the poster operation, Magnanimous prepared
Operation Gamma. Operations normally initated by Magnanimous are
targetless operations. We go after the mindset of the perpetrator
rather than the perpetrator. Gamma was meant to expose the public
to the idea that we have a right to tinker with what we own. Although
Operation Sony has in fact succeeded in protecting the public by
exposing Sony's security problems (they published in plaintext the
owners credit details and refused to listen for 3 months), Gamma can
serve to support other Operations as well.
Canonical and wingman operations
Operation Gamma is a wingman operation. It is meant to provide
content and context for various operations, but it does not have its
own goals. What keeps it relevant is nearly two decades of
infringement upon the public's rights.
Operation Lightning Rod is a canonical operation. It provides structure
to operations so that side effects and collateral consequences are
minimized before Anonymous proceeds to work. We know what we do
may cause disruptions for people. Preventing access to websites is fair
game. Preventing access to services that people need, not so much.
So where there is potential for harm, we create safety nets. Lightning
Rod is also meant to draw attention away from protestors and
journalists and individuals. But most of the time it's helping with 72
hour kits and blankets for people recovering from disasters.
Record Keeping and Information Sharing
Keep records unless there is some significant reason not to do so.
Save all communications (e-mails, chat logs), store them in a cloud
Given that your organization will be involved in controversy, the
records will be valuable later to rebut mis-characterizations about
things you said or to rebut allegations of wrongdoing
If accused of something, best defense is a complete record of
everything you and others in the organization did, which will be
possible to maintain using conventional digital tools
(Keep in mind that records are being created in any event by the
systems you employ online, but those records may be used inimically
to you due to the nformation recorded being incomplete in nature.)
Maintain and continually update a mailing list - essential for
communications unless your organization works entirely by meetings.
Do not share any such mailing list out of respect for privacy of those it
If a roster of participants in your group is kept, do not share it without
explicit consent from everyone whose identity is being shared.
Create structures where participants can share their own identity
information, to the extent they want to
Maintaining records and lists is tedious work and there will be limited
interest in doing this; use one or more of the methods listed under
Tools to facilitate the process and assign this task to someone with a
relative proclivity for organizational procedures.
Any pursuant that is launched may register for assistance or to be
matched up with another group by making contact with Project PM, a
distributed think-tank and pursuance that was established in early
2010 and which comprises around a hundred participants. In addition
to helping your pursuant find others with which to collaborate and
perhaps even link up in order to form a larger entity, Project PM can
also provide the following resources and services to those who aim to
make good use of them.
* Working scientists capable of providing assessments
* Journalists, bloggers, and combinations thereof who can provide
assistance into research and potentially report on the results of an
* Introductions to experts in relevant fields
* Information on relevant subject matter by Project PM or networked
* The development and support of online infrastructure such as Wikis
* Leads on potential instances of state and corporate wrongdoing to be
One may of course do these things for one’s self, and even for others
once one’s pursuance is off and running - assuming you actually create
one, which you probably won’t. But others will.
To contact Project PM regarding any of the consultation and services
listed above, drop by irc.freenode.net #projectpm, or e-mail Barrett
Brown at firstname.lastname@example.org.
Some useful links and information about doxing
and anonymity, compiled by doxcak3
The dox revolution.
alot of people always ask about doxcak3 the goal ,origin etc.In the
beggining it was just a hash tag used by one of the
founders while doxing during the original ows crack downs and
occupy philly.It was just a random word which was just ment to
be funny and pranksterish.During the original occupy peoples
phone calls,emails and voices where ignored i always felt
that a direct line of estabilishing contact was in order when rights
where ignored,so we established just that.
doxing seemed like a alternative to hacktivism as the most effective
means of online protest which was legal.
When you dox someone violating rights of others you are in a sense
violating their right to privacy which
is just as fundamental as the civil rights in which they are usually
blissfully ignorant.The concept of data mining
is nothing new such as wikileaks but it is now a more personal
context and shows a prominent dissent in our officials's
decisions and actions in the likes which we have never seen>its
actually very heart warming to see others
take our original model for doxing as a form of protest and direct
action and run with it under many new banners
and faces.in the past we have seen many groups take similiar
actions which was taken on a larger detailed scale
which we ran with under our banner.and quite frankly you never
what you will find in a well done dox
some people have felt that doxing would be inneffective which i
would respond if it was inneffective why would
various law enforcement agencies be trying to prosecute it in secret
all over the country?Peope still have the
doubt in their mind if doxing is legal or not.For the record doxing is
officially legal as confirmed by dozens of
lawyers fromdifferent states and organizations.People dont see
why it is sucha big deal about the law trying to
prosecute us and various groups,let me explain why this is
concerning "doxing" is a part of free speech
and assertation of the freedom of information act it is just
researching and publicly displaying public information
and political dissent.Now if this where to be succsessfully
prosecuted this means all issues where dissent and political
speech was deemed undesirable it could also be prosecuted,this
would also make investiagte journalists and bloggers
liable to the same stipulations.This concept is the last straw before
free speech becomes a limited and not indeffinate right.
now as to techniques for anyone trying to dox you can get more
through dox with free resources and skill then any paid service
http://spock.com (has a search for “private” profile info but is a pay
service…haven’t checked that feature out)
http://www.whostalkin.com/ (this is one of my favorites! Lots of
socnets included!) http://www.samepoint.com/
these are good tools and lists of tools,the trick is to learn what each
tool wil give under free searches,save it and find other pieces
with other searches.A mix and match of freebies.
for example whitepages is great and sometimes you will get current
address but whitepages can be wrong or altered.so check
whitepages and sometimes
you can confirm by using anywho.com taking the phone number
and putting it inthe reverse search.Or using zabasearch.com find all
new and old
contact details of someone but its hard to use with lack of
organization so try to get details to eliminate false positives
middle names,initials,DOB,age are always minor details to narrow
another site http://slydial.com/ which you can use to call
someones voicemail without them even knowing to help confirm
if a phone is still working or who it belongs to
now people have also asked me about anonynimity in which i
happen to be a enthusiast
I would like to start by suggesting a vpn there are many to choose
good ones are, Ipredator,Its hidden,Swissvpn and many more these
a subscription.Swiss vpn is great and it is 8$ a month.But anyway
you can buy these online using a prepaid visa.
are what i reccomend
go to a local store buy a prepaid visa giftcard with cash,sighn up and
pay using a anonymous email.and whallah!
now there are free vpn services that work great
http://www.securitykiss.com/ has 300mb a day free hosted in
http://ultrasurf.us/ has unlimited traffic hosted in the US
http://www.tunnelbear.com/ has monthly limits but is free and
free vpn which will also work for mac users http://proxpn.com/
these two particularly work great
now there are other options as well such as TOR
now tor is great but it is not entirely user freindly.It is most
when configured properly and offers a extra proxy on top of its
node set up.
also tor has a add on for firefox called torbutton which works great
if you use firefox.
also there is I2P which is not something i personally use but ive
heard good things.
you can use proxies but the above options are better.however it
does not hurt to use proxies on top of them.also more then one vpn
can be used.
a proxy chain is a very plausible option as well.New proxies get
released every day for free proxies follow @anonproxies on twitter
these are some recent ones.
i dont recomend web based proxies because they flat out suck,slow
connection and most dont work on irc.
also irc clients are reccomended,web irc's log ips.There are many
free ones like icechat,or mirc.
firefox also has a plugin called chatzilla which will work great
now on the fact of doxing firstly do NOT re use usernames on irc
forums or anywhere pretty much.That make it very easy to find you.
also dont sighn up using personal emails,or re using emails.
http://10minutemail.com/10MinuteMail/index.html is good for
alot of email providers are unsecure as well even hushmail which is
still better then most.
sharklasers is a good temporary email service,as well as tormail for
also erasing old accounts such as myspace facebook etc is good.
before you delete them change the name age area and pictures with
fake info then take the link and submit it a few times to google.This
is so your real info on the old profile isnt cached.
there are ways to erase stuff off google cache which is a must.
also deleting email accounts
those are how to get rid of old email accounts.
also to step up a notch is to create fake profiles use fake emails etc
and cross link them to profiles twitter accounts etc.
which is why i am apparently half a dozen different people of
different ages ethnicity etc according to the internet.
like making a facebook for your username signig up with an email
then use that same email to create a twitter for a real "fake" name
etc is a funny way to mess with people. Which i might add works
also avoiding social engineering is important dont tell anyone
anything they dont need to know quite simply.
also web based proxies work for basic things they are very low
quality in my opinion but here are some of the better ones
also a fresh proxy site http://nntime.com/proxy-
these are some great links on modyfying your browser to maximum
efficency,and configuring your anonymous browsing.
also sharing thinks anonymously with sites like pastebay.com , u-
leakit.com and pastehtml.com ,http://letscrate.com
now there are many paste sites,some of which are not well known
which may provide a more anonymous expierance
also to accept donations or transfer money more anonmously
bitcoins are a virtual p2p currency worth looking in to.
for encrypted paste sharing https://cryptobin.org
setting disinfo and false leads is a good practice, such as making a
email signing up to sites with fake info . make a fake life and reusing
that email in places someone will find it. thus leading them to
wrong turns. make your sites with fake information, erase
whitepafes entries,delete things switch usernames that are discreet
and belong to strangers etc.