How to protect your SMS text messages from the NSA


Because the NSA and GCHQ have been revealed to be collecting (and keeping) all text messages we send/receive on our mobile phones:

If you are thinking “so what? I have nothing to hide“, feel free to share your thoughts in the comments area below. To prove that you really have nothing to hide please also include your full name and home address.


Are you using an Android phone? (if you’re not sure, look for a “Google Play” icon somewhere, it looks like this:

Google Play logo

If you’ve got this icon, you are using an Android phone)

  1. Install the free TextSecure app by OpenWhisperSystems.
  2. Tell all your friends with Android phones to do the same.
  3. Open the TextSecure app and setup a very simple password – don’t worry, you will disable it immediately.
  4. Hit the “menu” button -> Settings -> select “Disable Passphrase”
  5. That’s it! Now text your contacts as normal. If any of them happen to be using TextSecure, the app will ask them:
    You have received a message from someone who supports TextSecure encrypted sessions. Would you like to initiate a secure session?
    They should click the “Initiate Exchange” button.
  6. Any messages you send or receive from your TextSecure contacts with whom you have “Initiated Exchange” will now be encrypted and unreadable to the NSA and their friends.

No Android phone? In that case you are out of luck. You cannot currently protect the content of your SMS text messages. Might be time to complain to the phone manufacturer for some built-in privacy features for a change?

The best alternative you have right now, if you have a data plan and can be connected to the Internet most of the time, is to use the free ChatSecure app by The Guardian Project. ChatSecure gives you unlimited instant messages (IM) with your friends. Unlike WhatsApp, Viber, Google Hangouts, Facebook, Skype, Y! messenger etc, ChatSecure can make your messages unreadable to the NSA and their friends. ChatSecure works on Android phones as well as iPhones.

Note: Even when using TextSecure, the NSA (and your mobile service provider) will know who you texted and who texted you. This “metadata” cannot be hidden, it’s just the way the SMS texting service works. The best you can do right now is to hide the content of your text messages, and TextSecure does that very well.

Hayashi's Blog

Too often the discourse around media convergence is about utilising cutting-edge, networked computing technologies to deliver, produce and consume media content. We are constantly being reminded that we will be prosuming media on connected multiple platforms, sharing and remixing content and information, interacting with authors and celebrities on the social web, being recommended / directed / given access to quality media content that meets our tastes and preferences. These seemingly rosy pictures, however, are accompanied by some socio-technical, legal and ethical challenges. A technology-determined view sometimes over-celebrates what technologies can do and ignores other crucial elements that make media convergence possible (or difficult).

My STS background constantly guides me to think critically when approaching the phenomenon of media convergence. Despite my continuing effort of engaging with technologies actively myself, I would also like to bring that critical thinking into the teaching, and indeed everyday practice of ‘media convergence’.

I was…

View original post 731 more words

Good analysis of the “Why you should not get a CISSP” Twitter storm kicked up by the recent DEFCON talk of the same title.

- ex[b10w]sive security -

There’s been quite a lot of conversation on Twitter by the InfoSec community about the CISSP. Most of the hubbub has been generated by the Skytalk given by Timmay and a little help from Jericho at I was one of the fortunate folks to have a (nearly) front-row seat for this talk and I’ll be the first to say that I agree 100% with what was said. The title of the talk was “Why You Should Not Get A CISSP” – not “All CISSPs Are Dipshits” or “If You Have A CISSP: Kill Yourself” or “You Shouldn’t Be Hired In The InfoSec Community If You Have A CISSP”. There are plenty of folks out there who have a CISSP and are great assets to the community and are far better InfoSec folks than yours-truly. The main point of the talk was how the claims of the…

View original post 864 more words