How Wikileaks’ timing might just be impeccable, and why you should still use software like Signal
With WikiLeaks’ recent revelation that the CIA (and other alphabet agencies) have “lost control” of their home-made/bought/stolen collection of hacking software and malware, it’s easy to start thinking that nothing you do — tape over your webcam, unplugging your microphone, muting Alexa, turning off your Smart TV, using Signal instead of Samsung’s nightmare version of the vanilla Android messenger (or instead of Messenger itself)— will matter.
But that’s not true.
Think about the timing of this leak, whose source is (for good or bad) anonymous. It’s a few weeks after there’s a nice piece in the New York Times about Signal and OWS in general, just a few weeks after the least tactful candidate in history won the Presidency here in America and immediately started upping our military (assumably including black) budgets at the cost of pretty much every other agency…just when privacy is being brought to the forefront, with articles here on Medium and elsewhere on the internet driving the message home (things like the easy-to-follow and generally good (if not exactly as inclusive as the title might lead you to believe) tutorial by Quincy Larson — “How to Encrypt Your Entire Life in Less than an Hour”— and others) more and more…all leading to the number of people using apps like Signal and other open source software like GnuPG dramatically increasing, including high profile people whose personal day-to-day information is most useful to data thieves and profiteers, people who are using that software to make their communications more secure and, in combination with other circumstances like Google’s shift to monthly security updates to Android devices…who stands to lose in this situation?
Those same agencies trying to gather intelligence that we were discussing before. So what if they decide to release some outdated info, some info that's just scary enough, just true enough, to prevent you from downloading that secure messaging app? To prevent you from “bothering,” because you perceive that you’ve already lost?
There have been many, many comparisons to 1984 (especially in the wake of the revelation of “Weeping Angel,” which is almost literally something out of its pages). But let’s think a little further about what makes the omnipresent surveillance in 1984 scary: consider the fact that much of the power of the Thought Police comes from the fact that none of the citizens actually know how/when their “telescreen” (read: mass surveillance TV) is being listened to or watched. And thus, as the narrator points out, one is forced to act as if they are watching all of the time. To quote the book directly:
“There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live — did live, from habit that became instinct — in the assumption that every sound you made was overheard and…every movement scrutinized.”
To reiterate: an important part of the power of Orwell’s thought police was not only in just how widespread it was, but in the lack of information the people under it had about it and the inherent assumption they then had to make that it was in fact always watching. But we do not (yet) live in such a world, and to make such an assumption at this point is to defeat ourselves.
Yes, there are some incredibly scary pieces of malware included in “Vault7,” with innumerable harmful 0-days (exploits of which the general public and the manufacturer are unaware until they are used), privilege escalation and general information gathering malware, and of course, the all-too-real “we can hack your car and flip you into the nearest oncoming lane and/or brick wall” malware (which, by the way, has been true for years, specifically since tires started communicating via Bluetooth…it's just easier now). But for the most part, if you’ve been paying attention, diligently applying your updates, and taking the precautions we’ve all been warned to take many times, you’re no more vulnerable than you were before.
But does that mean that, for example, Signal is insecure?
No! It means that these alphabet soup agencies have discovered/bought/stolen a whole lot of exploits…almost entirely for devices that fall into two categories:
- Unpatched and/or old versions of software that are already known to be insecure.
- Proprietary hardware/software that has never been looked at/checked by anyone other than the people/corporation that created it and the people/agency tasked with breaking it.
The fact is that, for the most part (yes, there are some important caveats that apply to the general statement I’m about to make), if you’re running up-to-date, patched, modern and open-source software and you want to know what’s changed, the answer is NOTHING.
Note: this is not the same thing as saying you’re “safe.”
Users should know by now: there is no such thing as “100 percent security.” This is an arms’ race, people, and the weaponry is code and information. You need to remember that every time you say “oh, well, the other side is just too big” that it’s you who has granted them the victory they could not have otherwise achieved!
There are cases in which your phone can be remotely unlocked and your data hacked…if, for instance, you’re running KitKat, the 2013–2014 era (KitKat was released on October 31st of 2013) Android OS. Or if you have a certain, very specific model, of phone(mostly Samsung, sorry guys, but it’s the truth), you’re (according to the WikiLeaks article) at risk.
Don’t let misinformation, or lack of specific information in this case, scare you away from Signal and similar software. Continue to take all the precautions you can, continue to apply updates, and most importantly: continue to educate — yourself and anyone else who will listen.
