Skip to main content

Open Source Privacy Tools NSA Can't Crack: OTR, PGP, RedPhone, Tor And Tails

In a recent talk at the Chaos Communication Congress, Jacob Appelbaum, who is a core member of the Tor Project and is now working with Der Spiegel and Laura Poitras to analyze the Snowden documents, unveiled some documents showing which tools NSA couldn't crack.


OTR (Off The Record) is a crypto protocol best known for its ability to encrypt every message with a new key (a feature called Perfect Forward Secrecy) and to have plausible deniability (in that it can't be proven you were the one sending the message). The protocol is used in multiple clients, including in Pidgin, Jitsi or Adium for desktop, or in mobile clients such as CryptoCat or ChatSecure.

TextSecure used to use it as well, until it changed to the more modern Axolotl protocol (recently adopted by Whatsapp as well), which has the advantage of asynchronous conversations (you can leave someone messages even if they are offline). With OTR-based clients, the users need to be online to receive the messages. The Snowden documents didn't say anything about TextSecure's Axolotl because they date from 2012 or before, when Axolotl didn't exist.


The PGP (Pretty Good Privacy) protocol invented by Phil Zimmerman (who is now working at Silent Circle) is more than two decades old, but it seems to have stood the test of time. The Snowden documents unveiled by Appelbaum and Laura Poitras showed how the NSA can't decrypt PGP, either.

PGP does have at least two major weaknesses, though; one is technical, and the other is related to the user experience. PGP messages can't be "forward secure," so if a key is stolen, then all previous messages can be decrypted. As for the UX issue, it's well known by now that Glenn Greenwald almost missed the reporting on the Snowden documents by not being able to set up PGP properly. Right now it's too hard to use for most people.

Fortunately, there are multiple individuals and companies working on making it easier. One of these companies is Google, which is working on the "End-to-End" extension for email. However, we're probably at least a year away from a public release, and we also don't know yet if it will remain as secure as using the original PGP or if it will introduce new vulnerabilities along with a new easier-to-use design. So far it looks promising, though.


In the documents seen by Jacob Appelbaum, RedPhone is labeled as "Catastrophic" in terms of how easy it is to break. RedPhone, along with its Signal variation for iOS, is an encrypted voice app that uses the ZRTP protocol, invented by Phil Zimmerman, Jon Callas (both at Silent Circle), and other security researchers. It's also what Silent Circle's "Silent Phone" uses as well.


Tor is a network of over 5,000 relays that redirect user traffic, enabling online anonymity. Tor and the Tor browser seem to have posed many problems for NSA, in general making it very difficult to track people. However, we know from recent busts such as the ones involving Silk Road, that if specifically targeted by the NSA, Tor users can be identified.

Sometimes that happens because the targets don't update to the latest version of the Tor browser with all the latest patches, while other times they simply make mistakes they aren't supposed to make, such as logging in with accounts that can be linked to their real names and addresses. Overall, Tor still remains the most privacy-friendly and censorship-resistant tool out there for the vast majority of people.


Tails is a Linux distribution that has been customized to work only through Tor to make it harder for those trying to snoop on a certain person to identify who they are. It should go without saying that a machine running Tails shouldn't be your main machine, because if you log in to Facebook or Gmail from it, then that whole anonymity provided by the system becomes pointless.

For extra security, Tails can be used from a DVD, ensuring no malware that's meant to expose you can be written to it. Then, every time you use Tails it will be like using a clean install of it.

What seems to tie all of these projects together is that none of them are written and maintained by large corporations with billions of dollars in profits. It's not Apple, Google, Microsoft or Facebook's security that's stopping NSA, but some free open source tools written by individuals who are putting the brakes on NSA's mass surveillance programs.

Follow us @tomshardware, on Facebook and on Google+.

  • yumri
    I highly doubt that the NSA cant hack them it is more likely they are just working on it and cannot do it correctly in all cases as of yet. This is because the NSA hires the best and the brightest of the hackers in the nation that will work for them of course within the restrants of the employment agreement.
    Anyways the NSA is infamous for haveing massively overkill computers set one onto a algithim for a private and public key and give it a few hours as if they are with a computing computer not just a storeage computer they are able to crack it. In that because they are open source the ways which they work can be used against them if needed just it will take alot longer than unenypted messages or even MD5 or SHA-256 encyptioned messages as they are easier for computers to crack.
  • derekullo
    Tomshardware ran an article a few years ago about the biggest danger to encryption is not from graphics cards or processors, but from cheap services like the amazon cloud. I'm sure the NSA has their own cloud or at the very least has a large block of servers rented from amazon for their own personal use.
  • yumri
    @derekullo with how well they are funded i will not be surprised if they hand their own inhouse compute server farm for it to keep the results out of the hands of whoever or whatever the cloud service might sell or leak them too.
  • David Trimble
    False sense of security, encrypted traffic is stored and if needed it's put through the NSA's massive array of super computers. Brute force with out shortcuts would take much longer but shortcuts exists and thus reduce the time to de-crypt greatly. Personally as a sys admin if I saw a lot of encrypted traffic constantly it would raise a red flag. Bouncing around traffic and encrypting it buys you time, but if they want to crack current encryption, sometimes the time is very short, other times it's minute to hours. This article encourages individuals to use software that has flaws and in the end the user has a false sense of security. The hope is, eventually as more services provide heavy encryption it will require more and more processing power and it will become too expensive. With today's computing standards this is a possibility. But if quantum computer evolve, encryption will be much more vulnerable. In the end, it's a gamble to put anything online, you can only reduce the risk if you want to keep something totally private.
  • yumri
    @Divid Trimble i feel like you have more real world expence with this kind of stuff than i do so people please listen to this guy / girl / thing as he / she / it is knowelgable in this area or at least get talk like he / she / it is. Only thing which i will add is that closed systems that are not connected to the internet in any way are the safest systems also are physical media that is removed from the system like a CD or DVD for the most security and only working with it on a disconnected system when needed to be worked with. If you are that paranoid you probably already know that but it is just a word to the masses about security and how to avoid detection as no security protocal hackers can hack you when you are disconnected from the network ... unless you save onto the computer and leave it there when you reconnect to the network again.
  • Stop wearing tin-foil hats. The NSA can't crack AES or PGP (or GPG). It doesn't matter if they have the best people, penta-flops computing farms and near unlimited budget. It's not mathematically possible to break these types of encryption with current or future technology in a reasonable time (less than 100 years). AES is quantum computing proof, so that should tell you something.

    If your information is so valuable, they can simply "convince" you to give them the codes.
  • palladin9479
    NSA can not "crack" modern encryption protocols, the math behind them makes it an impossibility. If you encrypted a chunk of data using one of the modern algorithms then it is safe provided the key is kept unavailable. The moment the encryption key is made available, then you might as well have no encryption at all.

    Which goes to the most basic and important rule of cryptography, the key is always the weakest link. All encrypted messages have a key, how secure that key is will determine the security of the message. It is always in the end users best interest to maintain 100% accountability and physical control over the key. Don't use any service that stores the keys remotely as they can be compelled to hand over the key to any interested party or just decrypt the data themselves and hand that over.
  • ZolaIII
    Let's start from the beginning. Why would NSA check everything & everyone on so massive scale? Their is no justification for it. It's against our basic human rights and it's not constitutional. Still no one did fight a real legal fight against them?
    Their no such a thing as uncrakable encryption it's a simple question of computing power & available time. So problem is not controlling the output of highly risk person's but wasp majority of normal citizens. As the computing power will rise same way will rise & encryption length.
  • jehanne
    Too many comments in this thread as simply "ignorance on parade". I would suggest that everyone read the following:'s_algorithm
    In particular, " Thus factoring of a 4096-bit number requires 4,947,802,324,992 quantum gates." (Hmmm...)
  • Christopher1
    Tomshardware ran an article a few years ago about the biggest danger to encryption is not from graphics cards or processors, but from cheap services like the amazon cloud. I'm sure the NSA has their own cloud or at the very least has a large block of servers rented from amazon for their own personal use.
    Except that even with all the computing power on the planet, it would take decades to crack 1024-bit encryption, let alone encryption stronger than that.
    So, in the real world, using encryption is pretty much an adamantium-locked box, absent some weaknesses in the encryption schema.