A USB drive encrypted at the hardware level.
“In the wake of this year’s disclosure, it should be clear that unencrypted journalist-source communication is unforgivably reckless.”
– Edward Snowden
Would-be whistleblowers, please jump to your section below.
To all supporters of privacy and whistleblowers: the best way to fight the dragnet is to encrypt everything. It’s not too hard. The best crypto tools are all free and open source, and the Reset The Net campaign has made them easy to set up with its Privacy Pack. Secondarily, the CryptoParty wiki has a ton of information. The Guardian Project creates mobile tools, and PRISMbreak is an exhaustive list. Support the cause by supporting the Electronic Frontier Foundation and members of stopwatching.us. The most active locally-distributed organization around this issue appears to be Restore The Fourth.
June 2014 update: The encryption behind Off-The-Record (OTR) chat has some holes, according to the Reset the Net folks. That’s a shame, because it’s super easy to use. They say it can still thwart dragnet surveillance but can’t be trusted for situations in which you could be targeted. If you still want to use it, you can find me as “Typewriter1787” on the XMPP server jabber.ccc.de.
To would-be whistleblowers:
Don’t just email me (hey -at- brandonsmith -dot- com) from accounts that are associated with you already: work, personal. Create a new account from a computer and an internet connection that doesn’t tie back to you at all.
If you’re not yet familiar with strong crypto tools, you don’t need to teach yourself now. In fact, please don’t investigate them on your home or work computers. (Out-of-the-way internet cafes might work, but leave your cell at home and pay cash for transit.)
If you want true privacy in speaking with me, send a paper letter—without a return address on the outside—to Brandon Smith, 444 N. Wabash, Fifth Floor, Chicago, IL 60611. Propose an in-person meeting downtown around lunchtime, or elsewhere in the evening or on a weekend. Again, we’ll pay cash for transit and leave our electronics behind.
Please remember: if you’re preparing sensitive documents, make sure you don’t leave a digital trace of that action. At least, don’t leave one that’s out-of-the-ordinary for you or the material.
If you already use PGP regularly and safely, I have a public key. (It’s 4096-bit RSA and its ID starts with “9DB.”). This isn’t my most secure key, but it’s a start, and we can move to a more secure one soon.
Search my e-mail address, hey -at- brandonsmith -dot- com, on public keyservers like keys.gnupg.net or pgp.mit.edu.
Look forward to hearing from you.