ØNSAHome | What Is This? | Terms | Contact

Encrypt Messages Using Your Browser or Smartphone

Despite the obvious benefits of anti-terror intelligence gathering efforts, it's disheartening that the NSA's wholesale, illegal, and unconstitutional spying on innocent Americans is more widespread than previously imagined.

Thanks to Mark Klein and others, we now know that the NSA regularly vacuums up domestic Internet traffic and email in violation of the fourth amendment and the NSA's charter, which forbids it from spying on Americans.

ØNSA is a protest of the NSA's practices in the form of an online encryption tool that lets you encrypt (scramble) messages to yourself or friends using any password you want, and your password is never transmitted over the Internet — all encryption happens right inside your browser. After your message has been encrypted, you can copy the encrypted message, paste it into an email it to your friend, and then she or he can decrypt it (assuming you've shared the password with your friend, of course).   ØNSA uses industry-standard, 256-bit AES encryption that is currently believed to be uncrackable by any government, so any encrypted message you send remains safe.

Fun With NSA Watchwords

In the case of email, it's become well-known that the NSA scans for "danger" watchwords like bomb and anthrax — but also benign words like pork, power, and smart.  In theory, if all of us began including words like these in our emails (pork! pork! pork!), the bogus information would create so many false positives that NSA's system would light up like a Christmas tree, making it difficult to single out any one person as a target for eavesdropping.

So, to that end, after ØNSA encrypts a message with AES, it converts the encrypted text into a randomized list of NSA watchwords. For example, when I encrypt the words "hello there" with the password "jelly", ØNSA produces an encrypted message of:

exposure bomber spy worm cain black chemicals port marijuana hazmat riot trafficking protected domestic brown trojan hazmat national drug bomb botnets worm protected security tail scam security disaster tnt phish drug plot plot toxic port drug undercover outbreak protected brown protect download tnt mitigate

...which can be decrypted right back to "hello there" using the password "jelly".

Granted, the use of watchwords doesn't make for a very efficient communication scheme, but the AES makes it secure as hell.   And it's fun. Who doesn't want to receive emails containing words like spies and pork? Plus, you get the satisfaction of telling the NSA you're aware of all the laws its breaking while making eavesdropping on your messages substantially harder.

Even more, using watchwords for encryption gives you plausible deniability, since anyone looking at your encrypted text will see only a list of words; nobody can prove that your list of words is actually an encrypted message, which makes it less likely someone would try to compel you to decrypt it (since they won't know it's a message at all). This is the same key advantage used in cryptosystems like steganography.

"But wait — won't packing our emails with NSA watchwords make it harder for the NSA to detect bad guys?"  Not really.  "Smart" terrorists, insurgents, and spies use strong encryption, or undetectable communications, so it's doubtful that the NSA will be able to detect them or read their communications anyway in the course of vacuuming up the Internet.  And as for the morons, they're frequently caught using other means.  The real question is: How much freedom are you willing to give up on your own soil in the search for extremely unlikely events like terrorist attacks, especially given that the NSA isn't even supposed to be in the business of monitoring Americans?  Do the odds of death-by-terrorist (about 1 in 20 million) justify having all of your online activities monitored, or possibly even used against you? Absolutely not.  Exercise your rights.  Enjoy.

Note: If you'd rather encrypt using AES without using NSA watchwords, use this URL instead (it also offers an on-screen keyboard, in case you're worried about keyboard sniffing):



Usage Tips

If you're seriously worried about having your messages read, use the longest and most complex password you can stand, with uppercase, lowercase, numbers, and special characters included, in order to resist brute force attacks. Also avoid using dictionary words, since these can make attacking the encryption easier. Also, when sharing a password with a friend, don't share it electronically or over the telephone, since these are monitored by the NSA; instead, use old fashioned paper, a memory stick, homing pigeon, or some other out-of-band means of transmission.

Bad password choice: mypassword123

Better: zU*$4UvYn19^cQxDQ



"The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches
and seizures, shall not be violated...."

—Amendment IV