We must accept the fact that internet-connected devices are not securable. If a professional wants your information, they are going to get it–if you started from a device that touches, has touched, or can itself touch, the internet. The issue is that the end points–the devices sending and receiving, encrypting and decrypting– must be secure. Without secure end points, encryption is easy to defeat and becomes a joke.
The internet is a gigantic collection platform whose complexity will always work in favor of criminal elements and other malicious types. We now live in an age of spying, and the spies have many advantages. The interesting thing, on the other hand, is that it is actually easy to defeat them if one first disconnects and starts with an off-line system (genuinely air-gapped) and learns how to use encryption properly.
All guarantees of absolute security for internet users–for privacy and anonymity–are false.
But near-absolute security (NAS) can be realized if the following steps are observed:
1. Start from an air-gapped device that has never touched the internet and whose firmware is clean. No Wifi, no network interface card, no Bluetooth, no audio/microphone jack, no hard drive, and no wireless antenna. Start from a live USB or Disc whose download was verified as to its source and its integrity.
2. Make sure the air-gapped device is physically secure
3. Encrypt off-line with unweakened encryption
4. Use a cascade of encryption and compression
-the cascade can involve different types of encryption, or different implementations of the same kind of encryption, or both. Compression is important and should not be excluded. Good compression makes attacks much more difficult.
5. Move encrypted files one way so that the electronic trail is broken
-from safe device to unsafe internet-connected device, methods such as using a DVD-R to transport encrypted files once (and then destroy the disc) are acceptable. Using a USB is not acceptable at all.
-moving from collection-platform-connected device to safe device is dangerous and requires attention to detail. But it can be done. One must be careful not to transport malicious code from the collection-platform-connected device to the safe device.
6. Metacontent is erased (metadata)
-we need to stop using the word “metadata” and use the word “metacontent”
-metacontent should be erased every time a file is about to be moved
7. Use steganography or TOR for anonymity
8. Use passwords that are truly random that use at least 90 characters and are at least 36 characters long. (most keyboards have 94 characters: 26 + 26 + 10 +32)
-this is not easy to do, but it is necessary. Patriot COMSEC has come up with a way to make it easy.
You are on the way to winning the game. Congratulations.
Now you are ready to get on a “secure” internet-connected computer and send your stuff.