{"id":11331,"date":"2022-02-09T23:30:00","date_gmt":"2022-02-09T23:30:00","guid":{"rendered":"http:\/\/ci029956ab6000278d"},"modified":"2025-01-29T12:36:35","modified_gmt":"2025-01-29T12:36:35","slug":"circumventing-surveillance-on-the-open-internet","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/technical\/circumventing-surveillance-on-the-open-internet","title":{"rendered":"Circumventing Surveillance On The Open Internet"},"content":{"rendered":"
<\/div>

With the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, two U.S. senators have reintroduced<\/a> a surveillance bill that could have major impacts on privacy and free speech, turning the offering of encryption services into legal risk territory for service providers. <\/p>\n

While the censorship of free speech is already flourishing on public platforms such as Twitter,<\/a> the EARN IT act would enforce the transmission of all communication between users in plain text format, transforming our inboxes into searchable data mines. But here\u2019s the good news: there are numerous ways to encrypt our communication by ourselves.<\/p>\n

\n

\u201cGovernments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.\u201d<\/p>\n

\u2013John Perry Barlow, \u201cDeclaration Of Independence Of Cyberspace<\/a>,\u201d 1996<\/p>\n<\/blockquote>\n

The EARN IT Act<\/a>, first proposed in 2020, seeks to amend section 230 of the Communications Act of 1934<\/a>, which originally regarded radio and telephone communication, granting service providers immunity from civil lawsuits for removing inappropriate content. <\/p>\n

The Communications Act of 1934 was first overhauled with the Telecommunications Act of 1996, which included the Communications Decency Act<\/a>, aiming to regulate indecency and obscenity on the internet, such as pornographic material. Section 230 of the Communications Decency Act protects service providers from legal proceedings regarding content issued via their platforms by stating that service providers are not to be understood as publishers. It is this section which the EARN IT Act attempts to alter, putting more responsibility on website operators and service providers.<\/p>\n

Under the guise of stopping the distribution of child pornography, the EARN IT Act would render the deployment of end-to-end encryption and other encryption services as punishable acts, which would affect messaging services such as Signal, WhatsApp and Telegram\u2019s Secret Chats, as well as web hosting services such as Amazon Web Services, pressuring service providers to scan all communication for inappropriate material. <\/p>\n

If the EARN IT Act is passed, our inboxes will turn into fully-searchable databases, leaving no room for private conversation. While it may be possible to forbid end-to-end encryption as a service, can the banning of the use of end-to-end encryption be deemed unconstitutional by infringing on our right of the freedom of speech, as encryption is nothing but another way to communicate with each other in the form of written text? <\/p>\n

While it is unclear whether the EARN IT Act will pass at the time of writing, it is clear that the regulation of speech is a tedious and close-to-senseless endeavor on behalf of governments, as it is impossible to stop the spread of words without divulging toward a totalitarian superstate. We can all use encryption to stay private in our communication, ranging from easy-to-use cyphers to military grade encryption mechanisms.<\/p>\n

Circumventing The Twitter Police With Cyphertext<\/h2>\n

Anyone who isn\u2019t careful in their communication on public platforms such as Twitter has probably spent a fair share of time in the ominous \u201cTwitter jail\u201d: preventing them from posting on the platform for defined periods of time as a consequence of saying things the Twitter algorithm found inappropriate. An easy way to circumvent surveillance and, consequently, censorship by the Twitter police is ROT13 encryption<\/a>.<\/p>\n

ROT13 is an easy form of encryption which circumvents the readability of Twitter\u2019s policing mechanisms by rotating letters by 13 places, initially used to hide the punchlines of jokes on Usenet<\/a>. <\/p>\n

Want to express your opinion on COVID-19 without getting punished by the Twitter algo? Rotate the letters of what you\u2019d like to write by 13 places, making your text readable for anyone who knows that you\u2019re using ROT13 encryption, while causing the Twitter algorithm to detect nothing but gibberish in what you wrote. For example: \u201cCOVID SUCKS\u201d turns into \u201cPBIVQ FHPXF.\u201d ROT13 encryption can be translated via free online service providers such as rot13.com<\/a>, or by hand via the board below. <\/p>\n

While ROT13 is not deemed a secure form of encryption, as anyone may be able to decipher what has been written, it is a fun and easy way to get used to protecting one’s communication on the open internet. It is also possible to come up with one’s own encryption mechanisms, such as rotating letters seven instead of 13 places.<\/p>\n

<\/figure>\n

Circumventing Location Detection With Where39<\/h2>\n

When we communicate our location via unencrypted messengers such as iMessage or Telegram, we are also leaking our location to anyone who gets their hands on the contents of our inboxes. Services such as Google Maps automatically detect locations in our written text, and are able to form patterns of our movements. If you\u2019d like to meet someone without revealing your location to Googlezon MacCrapple, you should obviously leave your phone at home, but need to find a way to communicate your meeting place without being detected as a meeting place from the get go. <\/p>\n

Ben Arc\u2019s Where39<\/a> is an easy way to encrypt meeting places in plain text communication by assigning every square meter in the world with four words. Originally building on the service What Three Words<\/a>, Arc\u2019s version uses the most distributed word list in the world which every Bitcoiner has heard of in one way or another, as it is also used to generate our passphrases: the BIP39 word list<\/a>. <\/p>\n

For example, if I wanted to meet a friend for coffee at Francis Place, on the corner of Edinburgh Drive near Clayton University in St. Louis, Missouri,, I\u2019d text them \u201cRapid Thing Carry Kite.\u201d My coffee date could then look up the location via the Where39 map, without the plain text being detected as an address. <\/p>\n

Encrypting Messages To Dedicated Recipients With PGP<\/h2>\n

When texting with friends, we assume that our messages are only read by us as the senders, and our counterparties as the receivers. Unfortunately, when messages are sent via unencrypted messengers, anyone with access to the servers or one of the sending or receiving parties’ devices may read these messages as well. <\/p>\n

As the EARN IT act makes it incredibly risky for service providers to offer in-app encryption mechanisms, this is where PGP comes into play for anyone wanting to keep their messages private: Military-grade encryption which can only be deciphered by those holding the private key to decipher communications.<\/p>\n

PGP<\/a>, short for Pretty Good Privacy, was invented by Phil Zimmerman in 1991, and has seen its fair share of government combating in the past. With PGP, we assign ourselves secret keys used to encrypt and decrypt messages, so that only those in control of the secret keys are able to read what we have written. This way, I can copy\/paste an encrypted message into any unencrypted messenger, while keeping it unreadable for third-party adversaries. <\/p>\n

Here\u2019s an example of an encrypted message I have sent to a friend via Telegram, which is only readable for the person holding the secret key to decrypt it:<\/p>\n

—–BEGIN PGP MESSAGE—–<\/p>\n

hQIMA0Y84L8CE6YzAQ\/9GzF8eO0sj+2QJ9CNn8p7IJfA+iCB1IbUFQwQkiefxoQe<\/p>\n

K7XXVKX2V9HnOMaQH66VuweqGqq8TVqUVil4xvHfWOiX\/ytvQC3D9zaEz3hsX8qB<\/p>\n

WFVAQL37wBAMSjefb73VqnV7Fiz5K5rWzxT5IdimICpHEkei7PQ2ccy4hGnBWh3z<\/p>\n

f4HWBMruO3U4Lf8SPAwHOJhvCSCBz0wkk6IQC9sQnzFv0bcEmZ4NvU8k\/Ke6GER3<\/p>\n

94xbJu+GEXST9CGoGZviJL+48lNwWfIrtro1rCVdqZJE\/gyS557VKJXkxWj06D1U<\/p>\n

6+2aG64ELMqvlxjbjUAVr5oumtz2WWPwRU4mVuuYq2s90ooWd0x1YqvAFsL8jJqu<\/p>\n

jtyEQounGdHMbALRK9QBXQqEm5izxNIH4Wlrvj+OcgBBNsbyRhBV6o7IE49onVBC<\/p>\n

PdqjDSrbk6He42DRoRrBmpaYwhEQwSsp\/yRhcjJg49sDp7YHBwu9TqZGSc8\/WxJx<\/p>\n

VlLyW94dmmL7Es\/hqcW+\/tt35sQyasjQExXIiYNm9mDSNQg2ebMwi5+yDalwMTW5<\/p>\n

lgrM4GMiTKjC2rMM8X1gpcfkPX+SjsN44RaCxLGwuZauBmaq6emol1OE3bGNmAri<\/p>\n

9UMDRoV\/9450e0BHz3RgPjzldLohThIAgf6OvbNIQFoc0NOlSzVZ7xpZsp6EpJjS<\/p>\n

QwGXJ\/zqRLSLncumZreunbv6Bs98zidS1cfvK5abHMgioS+2J5bSnsaxGrALkVRK<\/p>\n

i6KJaJWcGVTBckPpfdWuPu\/AzJo=<\/p>\n

=J55a<\/p>\n

—–END PGP MESSAGE—–<\/p>\n

PGP will likely be the most powerful tool to circumvent the EARN IT act when it comes to keeping our communications private. To generate your own PGP keys, you first need to install the GnuPG<\/a> software. This is most easily done via terminal on Linux, by running \u201csudo apt-get install gnupg.\u201d Next, you generate your keys by running \u201cgpg \u2013gen-key\u201d and adding an alias, like an email address to your key. <\/p>\n

To check whether your keys have been generated, run \u201cgpg \u2013list-keys.\u201d Next, you export your keys via \u201cgpg \u2013output public.pgp \u2013armor \u2013export [your alias, which you can find via gpg \u2013list-keys]\u201d and \u201c\u2013output private.pgp \u2013armor \u2013export [your alias, which you can find via gpg \u2013list-keys].\u201d Make sure to never share your private keys with anyone, and to keep the keys safely stored in a password-protected folder. Once you\u2019ve lost access to your private keys, or to the passphrase you\u2019ve been prompted to generate for your keys, you will not be able to access messages sent to you which are encrypted toward the keys in question. <\/p>\n

Next, you should share your public key with people you\u2019d like to communicate with via PGP, so that those parties can encrypt messages that are only readable by the person holding your private key (which is hopefully only you). The easiest way to do this is to upload your public key file to a public key server, such as keys.openpgp.org<\/a>, via its web UI. You can also share the fingerprint of your keys in your social media profiles or on your website. <\/p>\n

To find the fingerprint for your key, run \u201cgpg \u2013list-keys\u201d again, and select the long string of letters and numbers appearing under the \u201cpub\u201d section. If the entire string is too long to share, for example in your Twitter bio, you can also share your short fingerprint, which consists of the last 16 characters of your fingerprint. People who\u2019d like to send you an encrypted message can now find your public key via the terminal command \u201cgpg \u2013recv-keys [fingerprint].\u201d But remember: A PGP key which you\u2019ve retrieved online does not guarantee that this key actually belongs to the person you\u2019re wanting to communicate with. The safest way to receive someone\u2019s keys will always be in person.<\/p>\n

Let\u2019s use PGP to send an encrypted message to me. In your terminal, import my keys via \u201cgpg \u2013recv-keys C72B398B7C048F04.\u201d If you\u2019ve configured to access your keys via a different keyserver than openpgp, then run \u201cgpg \u2013keyserver hkps:\/\/keys.openpgp.org \u2013recv-keys C72B398B7C048F04.\u201d Now, run \u201cgpg \u2013list-keys\u201d to check whether the key import was successful. To encrypt a message for me, run the command \u201cgpg -ae -r [my alias, which you can find via gpg \u2013list-keys]\u201d and hit \u201center.\u201d Write whatever it is you\u2019d like to share with me in plain text, such as \u201cHello PGP,\u201d then end the message with \u201cctrl+d.\u201d Next, a PGP message block should appear on your screen. Copy\/paste this message including \u201cBEGIN PGP MESSAGE\u201d and \u201cEND PGP MESSAGE\u201d into any public forum or messenger of your choice, sending an encrypted message over the open internet, only readable by its designated recipient. For example, you could now send this message to me via Twitter direct message, post it publicly on GitHub or share it in a public Telegram group of which I am a part. <\/p>\n

Once I\u2019ve received your message, I will send you a message back via PGP. For me to be able to send you an encrypted message back, make sure that your message includes your PGP fingerprint. The easiest way to do this is to include it in your encrypted message. When you receive an encrypted message back, you can decrypt it by running \u201cgpg -d\u201d in your terminal and copy\/pasting the encrypted message, including \u201cBEGIN PGP MESSAGE\u201d and \u201cEND PGP MESSAGE.\u201d The message should then be resolved to plain text. Et voila<\/em>, you are now set to communicate in private with your counterparties over the open internet, giving law enforcement no chance to surveil the contents of your communication. <\/p>\n

Conclusion<\/h2>\n

It can be assumed that our technocratic overlords will continue to increase pressure to deanonymize communication over the open internet in the years to come. Proposals such as the EARN IT Act will only be the first steps. <\/p>\n

But as the cypherpunks had proven in the 1990s, encryption is speech and it is impossible to ban. As long as we resort to informing ourselves on the possibilities of private communication, there is no way for governments and big tech to stop us from cutting them out of the picture, and enacting our right to the freedom of speech across all communication channels.<\/p>\n

Privacy notice: This article only gives an overview of encryption mechanisms for beginners. If you are dealing with sensitive data, it makes sense to inform yourself further on more secure handlings of PGP, such as managing GPG via Tor and encrypting and decrypting messages via air-gapped devices. <\/em><\/p>\n

This is a guest post by <\/em>L0la L33tz<\/em>. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or <\/em>Bitcoin Magazine.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

As the resurgence of the EARN IT Act shows, we\u2019re all in need of tools for communicating privately online.<\/p>\n","protected":false},"author":2528,"featured_media":6574,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[1665,1467,422,2321,73,219,72],"class_list":{"0":"post-11331","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technical","8":"tag-communication","9":"tag-encryption","10":"tag-feature","11":"tag-pgp","12":"tag-privacy","13":"tag-regulation","14":"tag-surveillance"},"author_data":{"id":2528,"name":"L0La L33Tz","nicename":"l0la-l33tz","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2025\/03\/cropped-1p9qrztI_400x400-1-96x96.jpg"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/privacy.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/11331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/2528"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=11331"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/11331\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/6574"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=11331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=11331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=11331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}