Unencrypted communication

Unencrypted communication has no confidentiality. This means every entity relaying the packets can see the content of all messages. It is the digital equivalent of communication using postal cards.

1 - Unencrypted

The HSA is able to collect unencrypted communication

a) Passively, by tapping into optical fibers using dedicated hardware (similar to this) that makes use of a device called beam splitter.

b) Actively, by becoming a man-in-the-middle (MITM): HSA gains control of computer systems that relay traffic in the Internet backbone either with NSL or malware.

Because unencryted communication has no integrity, you can not be sure HSA relaying the message has not altered or created the message. When the text on messages changes red, it means it may at that point have been created or altered by HSA.

MITM capability is usually limited traffic that flows through the host country of HSA, but  in the case of US, the capability is global: QUANTUMSQUIRREL is a codename for NSA’s ability to “be any IP in the world”, meaning it’s able to masquerade as any server or client.


Slide leaked by whistleblower Edward Snowden.

A messaging system therefore must assume HSAs are both tapping the connection and performing a MITM attack between client and server. The only way to provide confidentiality and integrity to digital communication is cryptography.

So if you’re still using Mxit, Empathy, ICQ, Palringo, Nimbuzz or Xfire for private conversation, it’s time to move on. Even if you “have nothing to hide”, or if you’re talking to strangers on public chatroom, you still want to make sure no one changes the content of messages you send.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s