Encryption: are we F#ck'd?

Reports that the NSA can break nearly any encryption at will (except PGP, and Tor is hard).


I'd like to see an episode of the Tek devoted to securing internet privacy, in light of these new reports.

Is is pointless to run through a VPN like PIA?

Tek did an episode on privacy. 

At the end of the day if the NSA wants to find you they can. It is better to hide yourself from Big Brother's little brothers (Facebook, Google, MS, etc...) since they sell/give your data to more entities than just the government.

> if the NSA wants to find you they can


I accept this, but the article describes the NSA/GCHQ breaking VPN/SSL nearly at a matter of routine, rather than targeting highly interesting communications.

Yes it is troubling. But if you had the most secure encryption they would just waterboard you until you told them what ever it is they want. The trick is low profile and simple masking like VPN, HTTPS, and SSL normally will keep off the radar. 

No, you are fine as long as you use well designed strong end to end encryption.  However it seems like you need to be sufficiently paranoid in order to be safe, and that leaves out most consumers because there are a lot of flawed systems being sold.

PIA says they use Blowfish CBC, which has some issues which you may or may not care about.  If you're doing something truly criminal, I'd use something else.

If you're going to pursue a plan of world domination, you'll want to hire a good crypto person.  I think when the NSA has the capability to store all traffic it sees, it all gets significantly harder.  Imagine having absolutely all your encrypted traffic stored, ready to be decrypted at any point in the future and used against you.


People should really stop recommending VPNs imo, especially if they use IPSec or PPTP. 


This is like 2008 news. I think they talked about this in the first 3 episode in the tek, not sure. :S

Meh, I'm worried about what corporations and criminals can see. The toys that GCHQ/NSA will have most definitely won't be in their hands so carry on with usual best practice for VPN's and email and HDD encryption tools to protect yourself.

If you're trying to hide from the NSA then yeah, PIA probably isn't for you.  The point of a VPN is more to keep some privacy from your ISP.  It is possible to be almost completely secure, but it takes so much effort as to not be worth it to most people.