Those of us of a certain age are familiar with the Nixon presidency and Watergate, and these days we have the Snowden revelations, but it's not just government we have to worry about. Howard Hughes, the famous aviator, aerospace engineer, movie producer and womanizer, provided financial support for right-wing spying on liberals in his day. The Koch brothers do the same today.
But keeping your communications secure is much more than encryption. Here are some of the things you need to consider:
- Finding secure services. Probably services like proton mail or tor instant messaging are secure, but how can you be sure? One of the Snowden revelations was that the NSA plants saboteurs among the developers of such software to weaken its security in subtle ways. And besides, to be secure, you need to be perfect, and no one's perfect. Still, this is probably not your biggest problem.
- Using a secure operating system. It does no good to use a secure service if your operating system is broken. Windows is hopeless and even Linux has myriad security problems, though it can be made better by using "hardening" procedures.
- Using a secure device. The hardware itself is subject to tampering. It's not paranoid to imagine that your home could be broken into and your motherboard replaced with one that is in some way more friendly to attackers. Smaller, simpler devices, such as Raspberry Pi, are easier to secure, so long as you keep them as "bare bones" as possible. And there are "hardening" practices recommended for these devices as well. To be safe, you need to epoxy the case closed and paint it with distinctive designs to prevent tampering with or swapping the device.
- Protecting meta information. Even if the content of your messages is secure, knowledge about who is communicating with whom, how much and when, can be a great help to your enemies. You have to assume that they know who you are and are targeting you. They can plant a hardware device in your internet connection or infiltrate your internet provider. So you need to use random internet connections, at cyber cafes and the like, rather than your home or work connections.
- Generating noise. One of the best ways to protect yourself is to create a lot of noisy but unimportant communications using insecure means. This will keep your watchers busy and they may be too lazy to look further. It's useless to try to hide from them. They know who you are. If you try to conceal all your activities, they will just keep looking that much harder.
Assuming you have achieved secure communication, you still have the problem of "social engineering" attacks. If you have much interest in spy stories, these will be familiar to you:
- Moles. Your enemies may plant people in your organization who are disloyal. They may be people who seem the most gung-ho and the most ideologically pure. They are likely to be newcomers to your organization, possibly with a fabricated history of support for your cause. You need to be suspicious of anyone who doesn't have verifiable history with people you know.
- Traitors. Your people can be bought, seduced or blackmailed. Look for changes in behavior, especially if they seem to be pressing for information. Their handlers will be impatient and push them to find out as much as possible as quickly as possible. This will give them away if you're looking out for it.
- Disruption. This is the flip side of the problem of moles and traitors. Your enemies can try to convince you that loyal people are actually disloyal and create confusion and conflict in your organization. There's no solution to this conundrum except to be smarter than your enemy.