Category Archives: Privacy

Protect Your Privacy

encryptedLast month I shared my concern about our diminishing privacy. Now I hope to share some ideas about how you can protect yourself. The key is encryption. Below I’ll give practical steps that you can take. I’ll cover a lot of different areas, I recommend doing as much of this as you’re comfortable with. The strategy is to encrypt everything. Most of these are easy to implement, so regardless of your background or technical ability you’ll be able to make a difference. The goal here is to become more secure in your daily life.

Your connection to the web should always be secure, which means enabling WPA2 encryption on your router at home and avoiding public networks. If you do need to surf on public wifi (coffee shops, airports, etc) then I strongly recommend that you take precautions to protect yourself. Disable sharing, turn on your firewall and use a VPN. I’ve used OpenVPN while traveling and I loved it. There are plenty of VPN services available. Protip, the Premium version of Disconnect blocks malware and is a VPN as well.

The best option here would be to avoid the companies known to have leaked to the NSA, but I’ll concede that isn’t realistic. Fortunately you have options. First, get the HTTPS Everywhere plugin for your browser and turn it on. Second, try DuckDuckGo or StartPage instead of Google, Bing or Yahoo.

Block ads & tracking scripts
Start with the simple, enable do not track within your browsers. Next, get the Disconnect browser plugin and configure it to block your browser from responding to requests. Finally, get Ad Block Plus and turn it on.

Encrypt your computer
This one used to be a challenge, but recently operating systems have appropriately taken over and now its a pretty straight forward task. For Windows you’ll enable BitLocker. For OS X you’ll turn on FileVault. Both of these are robust, well supported and easy to turn on. Just don’t forget your password. There are options for Linux as well, but my guess is that if you’re using Linux you don’t need my help.

Encrypt your data in the cloud
If you use a cloud storage service like Dropbox, Google Drive, iCloud or Box, your connection may be secure but if your files are unencrypted than anyone that gains access to those services has your pictures & files. These services have become a target for precisely this reason. There are a couple of options. If you already have files stored in one of the above services, you can use Boxcryptor or Viivo to encrypt what’s already there. These are freemium services so there’s a free option that will work for most, and a subscription option for more advanced features. They support most storage providers and most platforms, which makes them a great option. The next level would be choosing SpiderOak or Tresorit, which are zero-knowledge, secure cloud storage services. They both offer a free plan and modest fees for increased storage.

Encrypt your phone
Your phone goes everywhere with you. If it is lost or stolen, all of your data is ripe for the picking. Passwords aren’t enough to keep people out, you need to encrypt it so that the data is hidden. The good news is that it’s simple. Android, iPhone & Windows Phone each have native tools to easily enable this feature. In fact, for these devices phone encryption is just a setting.

Secure Email
This is the trickiest one of all. Until recently encrypted email has been challenging enough that for most people it wasn’t worth the effort. It’s also, in my opinion, the most important. Your email tells just about everything there is to know about you in one spot. Your friends, your interests, your calendar updates, where you bank, and more. This really could be its own series of blog posts, but my goal here is to keep things simple. For Gmail, Yahoo & Hotmail, you want Mailvelope, which is a browser plugin for Firefox or Chrome that simplifies the steps involved in PGP encryption. A better option would be to switch to a free secure email provider like ProtonMail or Tutanota. These services handle end-to-end encryption for you.

If you take these steps, you’ll both protect yourself from being a target for hacking, and protect your identity while online. Without the keys to decrypt it, it just looks like static or junk data. In fact, it IS junk data.

I’ve covered these topics pretty quickly. If you’d like to know more, I’d encourage you to do some investigating and educate yourself.


Privacy is not a crime

Image by Jürgen Telkmann via Flickr

A couple of recent events have gotten me thinking about privacy. More specifically, it’s the lack of privacy that has captured my attention. The web has now been ubiquitous for the better part of a decade. Companies earn staggering sums of money making the web an awesome experience for us. And they have, most adults I know have at least 3 devices with constant internet access. The nasty down side is that everything we do online is traceable. You would be surprised by how little data is required to uniquely identify a person, but that’s no problem because our devices betray quite a bit about us.

None of this is new, the fact that companies and the NSA track our activities has been known for 10 years or more. The two things that have struck me recently are that more companies are joining this bandwagon, and there is no way to opt out.

This summer the news lit up with stories about Windows 10 spying on you, then slipped user tracking tools into Windows 7 & 8 as well. Spotify raised quite a ruckus with an updated privacy policy enabling them to collect just about everything on your phone, pictures, location (GPS data), Facebook friends, etc. And in June Uber revealed that their mobile app could continue to monitor your location even after you exit the app.

It’s impossible to opt out of this tracking. None of us are immune from this privacy invasion. If you surf the web, if you have a cell phone, then you are sharing data about your habits and interests with companies and the government. Google & Facebook know you individually, whether or not you have an account with those services. Google’s free analytics service is used on half of the top million domains, and Facebook’s like or share buttons are present on more than 13 million websites. If you do have an account with those companies, they know a lot more about you, but don’t be fooled, they know your habits either way. The only way to avoid them is to not use the phone or surf the web.

We also have no control over what happens with this data about us. Major cell phone carriers are sharing the content, not just meta data but the actual conversations, with the NSA. There are reports from reputable journalists indicating that up to 50 companies are willingly supplying customer data to government agencies. The net effect is that the NSA collects nearly everything you do online, without user consent or a warrant.

Those are examples of the companies complying, but something this valuable is definitely a target for theft. Consider the Ashley Madison breach, last month hackers stole then released the full Ashley Madison database, including personal details. Whether or not you like the site or agree with its business model, enough data was shared about its customers that all of them are now susceptible to identity fraud. Think about that. Names, email addresses, credit card info, transaction data. These breaches aren’t limited to anonymous criminals though, the NSA is all to happy to steal data as well. They’ve stolen data in bulk from Google, Yahoo, Facebook and AT&T that we know of. Again, this is without the consent of the companies or a warrant.

Apart from the personal intrusion, though, how can you have a true democracy when everyone is being watched? We need to be free to explore and express ideas, to argue and debate, without concern for third party misinterpretation or intervention. Privacy is a means to democracy. We currently do not have this freedom, at least not via phone, email or social network. I know of at least two websites that have been forcibly shut down, secure email provider Lavabit and the social legal site Groklaw. I don’t know anything about why these sites shut down other than what’s in the news, but I somehow doubt that the owners of either website feel very free. I do know that Groklaw was a community where open source software advocates and attorneys collaborated to help one another. These heavy handed tactics discourage civic participation and sharing of ideas.

The American public deserves to know what its leaders and government are up to, both at home and abroad. Citizens cannot consent to the importance or effectiveness of any program they don’t know about. There is inherent value in citizens knowing their government’s activities and being able to form judgments about public policy. I do understand that in global politics governments need to spy on one another. That the government do this to its own people and then try to cover it up damages the relationship between citizens and their government.

I find it absolutely chilling that companies and governments have colluded to eradicate our privacy. The private sector figured out how profitable it is to offer free services and sell data about us, and the government figured out how to capture that data and use it for their own purposes. The result is that a lot of people I’ve never met and have no reason to trust know my interests, habits, background, and what I look like. They know these things about you, too. And none of us have any voice in what they choose to do with that information. It’s horrifying.

I don’t know that its possible to fully protect ourselves from this, but there are some things we can do to protect ourselves. I’ll share those ideas in a separate post.