Consider yourself entering fullbody see-through scanner every time you conveniently send email, chat or do video call with Skype.
For total privacy use Tor-based communications channels, such as tormail.org (instead of any other email provider) and similar Tor-based solutions.
The price for better privacy is usually less convenience and slower speeds.
If someone wants privacy then I would suggest using gpg/openpgp encryption for email/documents/etc., make sure https everywhere plugin is installed on your browser, noscript, adblock, etc. I suppose you get the same type of protection using the Tor Browser, also.
The problem is encryption. For the average user it's a bit a pain to understand and use. Then again, I'm sure if people want it enough they will learn.
You have , for example websites that say "your data is protected by 256 bit encryption!". What does that even mean? Is just encrypted in transit? Is it only stored in an encrypted form on the other end? What is the key and who has to know it?
There is also a pretty big disadvantage to using good crypto, mainly if you lose/forget the key (or password used to derive it) you are completely fucked.
And almost all users, and most IT folks and developers are too lazy to follow processes. Plus management and shareholders don't want to invest the time and money for training or implementation.
It can feel a bit "advanced" for the average user to setup, but if that is the case and they NEED privacy then they could use something like http://www.hushmail.com/ which will encrypt the emails (but only with other users with encryption keys). It's web based to there's the whole use from anywhere thing... Of course, just use Thunderbird and get the whole things for free :)
I have to wonder if nowadays its safer to simply pick up an analogue telephone, call up your terrorist cell, gun runner, drug dealer, politician, prosecutor, whatever, and simply tell them what to do. Or just write an old fashioned letter. Would the NSA even see that coming? Yeah, I know.....
Who is being "spied" on. I find it odd that uber evil people would even begin to use the internet for communicating. We "geeks" are paranoid enough, how paranoid are the evil doers? Would they not just assume that what ever electronics they are using, some government agency will have a way in? I would. Most here seem to have that feeling. But international terrorists and bankers don't? (I include bankers because they have damaged me and every one I know more so than any terrorist could ever hope to. They are so much better at terrorising me than AQ could ever have hoped to.)
Well, law enforcement must surely know this, so what is all the data they are collecting and back doors for? Not big evil crime, so it must be for us, the "plebs".
How useful is all this data for politicians and power people? Business, politics and people control. That what it is for. We get blinded by scare stories, while a mass of benign data is used to help those in power remain there. What else is there?
Or is that paranoid tin foil hat stuff?
In a recent discussion (which I can't track down at the moment) of Wikileaks and Julian Assange somone noted the juxtiposition of photos of Wikileaks' own dataceter, and the paper-based filing system of the FBI during the 1950s. Whilst computers make accessing, analyzing, and searching through large record dumps much more efficient, they also make disclosure of those same documents to others, including unauthorized others, more efficient.
Total privacy is not found by having a go-to technology. It's found by having a vast understanding of information tech in general, knowing the current state of defeating security protocols, and assuming that anyone interested in your data is one step beyond that.
Sometimes that means Tor is enough. But not always.
I'd say don't expect privacy - end of story. Commercial platforms as well as "secure" ones that use encryption are still liable to surveillance and confiscation of data. I think, when you're on the net, your data is always being saved somewhere (since that's usually a big revenue model, and also simply a software development practice for analyzing users/software bugs, etc), even if your connection is secure. The only way I could see that anything could purport to be "truly" absolute on your privacy would be that they - like DuckDuckGo for example - simply would not save any data, period. If you have that plus encryption, you still have the problem of your ISP, which is semi-mitigated by Tor-based solutions.
i.e. the long and short of this issue is, if there's a problem with someone seeing the SMTP headers on your mails, you're doing it wrong. If tormail is a honey pot, it's a much more concentrated source of suspicious data than the inconspicuous mail sent through Gmail or another typical route, and therefore those routes may in fact be much safer, because your mail is not likely to come under any scrutiny there unless you try really hard to call attention to yourself (by sending mail to the recipient listed above, for example).
With GPG/PGP encrypted messages, you will not have this problem as much.
If a person is only seeking privacy then GPG/PGP is more than enough to secure their messages (while keeping in mind the headers are visible - just alter it).
It think tormail is great for journalists etc. who need anonymity to protect themselves from dangerous times. That's about the only thing I would use it for.
I use PGP for as much mail as I can on my normal server. Even if you use PGP, it's still not a good idea to use a honeypot unless the risks at play have been carefully calculated aforehand. We want the available attack surface to be as small as possible, for lots of potential reasons: PGP mails can be encrypted incorrectly either by operator error or a bug in your crypto stack, recipients may be able to be divined from the crypted message, the government may have a secret weapon capable of decrypting certain messages, the government definitely can make an educated attempt if they determine your content is high-value, etc. etc.
Basically I think a good privacy setup shouldn't need to include anonymously-run services like tormail that are just as likely (if not more likely) to be honeypots as honestly run by a kind-hearted security enthusiast with impenetrable integrity.
As for Jitsi from riseup.net
"In the past, we have recommended that people avoid Jitsi. It had a flaw that made it easy for an attacker to force Jitsi to use unencrypted connections. Supposedly, this has been fixed, but we are not sure in what version."
According to jitsi-dev mailing list it doesn't work so well with a VPN either.
For text messaging (Android only) I use the excellent 'TextSecure' app, which is an open source drop-in replacement for the standard messaging app on your phone. You can read more about it at http://www.whispersystems.org/
The aforementioned Whisper Systems also has an app called 'RedPhone' for secure voice, but I have yet to try it. If anyone uses it, I would be very glad to hear your opinion.
Works as advertised in China which is great success for businesses worried about their blackberries or iphones being exploited by industrial espionage.
Another bonus is moxie is considering moving everything over to voip so you won't even need a cell contract (since google voice numbers don't work worldwide). Move around the city like a ninja using wifi
The problem is that it's not end-to-end crypto, which means the provider can betray you.
during that incident it was excellent, because Skype admins told complaining users that they were infected with malware.
On the other hand, Skype does keep logs of all your conversations on their servers, seemingly indefinitely. There's no easy crypto drop-in like OTR that I know of, and there's no easily evident way to delete those logs. I refuse to use it for non-mandated chats for these reasons.
Concerns about Microsoft are not unique to Microsoft. They are just a popular vessel for the internet's unease.
Very little information on the security services (e.g. NSA).
Honestly I'm uncomfortable using anything except a local Mumble server for VoIP telephony. Been using Google Hangouts recently for video calling, but would be interested in a Mumble equivalent for video.
Some years ago it was common that your messages through Live Messenger (and Windows Messenger when it was still called so) got censored in real time. In one case any message containing the string "download.php" never reached the receiver and another time the same was true if your message contained a link to the piratebay or simply the phrase "live messenger". I can't remember any more concrete examples but there were many times you could easily figure out the pattern.
Even if the software was free, Microsoft could still spy on you. (I'm planning on writing a much more detailed response about how this relates to free software and SaaS later today; I'm stuck at work for now.)
Frankly it is because there is NO open source software in the VoIP/IM/etc space that is worth five minutes of your time, let alone full usage of.
Every time this point comes up the OSS apologists start naming some convoluted solution involving stringing five different software packages (and a SIP provider!) together to get even then a barely workable solution.
In general this is one of the least competitive sectors that exists. Right now we have Google+ and Skype, and even Google+ barely implements 1/8th of Skype's feature set.
No, he means free software.  
: This confusion is why the term "open source" was invented.
Schneier's opinion on security is generally held in high regard, however, in this instance, his fallacious reasoning is somewhat surprising.
IOW, it's highly unlikely that 'trusting Microsoft', is the only option we have.
For mobile there's SilentCircle, but it's $20 a month or something.
I imagine that's against TOS or something though. I've just always wondered if it was possible.
Plus one of Skype's benefits is that it works on "everything" (Windows, Linux, Mac, Android, iOS, etc); so your solution is only as good as the platforms you can tag.
Interests are US Federal laws not to mention other countries. When the FBI knocks with a warrant or whatever is needed, Microsoft (Google, or Apple, or FB, or Twitter, or AT&T...) can't do much. Do not trust them for super-sensitive info: if you're gossiping about your in laws, maybe it's safe...drug dealing, assassinations and Al Qaeda stuff probably not so much.
There are more kinds of private conversations than frivolous and evil.
>> Do not trust them for super-sensitive info
Yes, that's the takeaway. We need an easier end-to-end encrypted VOIP method, so you don't have to trust the pipes you're using.