There can be few people alive now who have not heard about Edward Snowden.
I realised that in my Gravatar profile I state: “Keen on privacy and IT Security. A volunteer counsellor. I use blogging to improve my writing.” There has been a few blog items on writing and the odd one related to counselling but except for the EXIF article precious little in support of privacy.
Snowden showed us that if you decide to put something on the Internet it is not private anymore. (No matter how much security you imagine protects it).
Security services have techniques that can read information, often when we believed that information was protected.
Information that you put on the Internet today, believing it to be secure, is exposed in a security breach tomorrow.
Some people believe that this is fair enough, if you decide to put a nude selfie online for example then on your head be it.
This article is not for them.
Still reading? Ok, well there are some basic steps that you can take which will protect you. Some more advanced steps you can take if you are very keen on privacy. There are also steps you should take if your life depends on privacy (which is sadly not unfamiliar to some activists in the world today).
- Mobile Phones Mobile Phones – transmit a great deal of information about you. they are used by shops to track your purchasing preferences. They still transmit information even when you have turned location services off.
If you are in the group that really needs to protect your privacy faraday bags for phones do work.If you like your privacy but your life isn’t likely to be in danger over it – turn on location services only when you need it.
Similarly turn off Bluetooth and wireless when they are not in use.Better still if you do not want to be tracked leave the phone at home.
- Encrypt Encryption uses mathematics to render the information inaccessible to anyone other than the people you want to have access.However encryption does not solve all problems.There is some evidence that some encryption has been circumvented. .However encryption will defeat prying eyes in the majority of cases.
You can use encrypted file storage online .
- Encrypted Apps – Use encrypted alternatives to text messages. The recommended system here is an app called Signal which is as easy to use as any text message system.
- Unique Passwords – Make certain that every website you log into has a unique password.
Breaches in passwords happen every day.
A breach is when a company loses the usernames and passwords of its customers onto the Internet. Criminals then get hold of these details and attempt to log into as many websites as they can. It takes criminals minutes to do this it can take many years before a company is aware of the leak.
- Password Managers – maintaining a different password for each login (for every website) is a discipline that is sometimes beyond the memory of the average individual. This means that you really must use a password manager.
Password Managers store all your passwords in one place and you only need to remember the one password – the one to access the password manager.
I use KeePass . It is a standalone password manager (in that it is not integrated with your browser).This reduces functionality a little but increases security a lot. (With all your passwords in one place you do want the solution to be secure).
- Use two-factor authentication. Remember I said that passwords are leaked onto the internet every day? How do you stop a criminal logging in when you don’t know that your password is already out there?
Make certain logging on to your account takes more than a password.
A number of sites permit use of two-factor authentication. Usually this means that after you add your username and password you get a text on your mobile phone giving you a code that you also need to enter.This small amount of extra effort can have a big effect on your security.
- Use a VPN service that cloaks your location.Every ISP has a list of addresses that they hand out to their clients. This means that when you browse the Internet others on the Internet can determine which ISP you use. In many cases this gives a good approximation of where you are accessing the Internet from.In addition every piece of browsing behaviour goes through a link provided by your ISP who has a log of your activity. The only way to disguise your activity from your ISP is to have a tool that uses an encrypted tunnel to hide what you’re are doing.
For the truly privacy conscious use ToR.
ToR is not a panacea but it does make it much more difficult to trace any actions back to you. ToR is a technology that sends the messages you use to communicate on the Internet through a very convoluted route, making it very difficult to trace.
Of course it is far easier to keep something private if you do not share it in the first place. If you share something which would have consequences (if it became public) then perhaps sharing it is not wise. Don’t depend for example on Facebook privacy settings. It is known that people use Facebook to monitor and to trap the unwary.
Don’t put your holiday destination into Facebook until after you have returned.
Many sites allow recovery of your account if you supply personal details about yourself. This means that they allow you access after you share with them a secret that they know about you. A favourite is Mother’s maiden name for example. If you forget your password – you supply your mother’s maiden name – you get to reset your password.
If that information (your mother’s maiden name) is on the Internet already (say on social media) it is no longer a secret. Criminals can use this information too.
Firstly be careful what you share. Secondly if you are asked for a secret that can be used to reset your account – lie. If your dog is called Fido and the recovery question is “pet’s name” use ”jambalaya” for example (don’t do that – it’s in the Internet now so people know it – make up your own version and keep it secret).
Once you have created a lie make sure you record it somewhere offline (say in the password manager) so if you need to recover the account you can remember what lie it was that you told them.
Make certain that you use the HTTPS version of a website (most sites have a HTTPS version now). The HTTPS-everywhere add-on can do this for you. HTTPS uses secure communication and hence is more secure to use than HTTP.
Adverts on the Internet have been the source of a great many attacks. Wherever possible use an ad-blocker. This also makes it harder for sites to track your behaviour and use it to bombard you with ads.
It is known that search engines like Google mine your information in order to sell it to advertising companies. One way to obviate this is to use an alternative search engine that does not log your behaviour. The best known of these is DuckDuckGo.
If you are one of the people whose life depends on your privacy then this article is not going to be cautious enough for you.
ToR is a good start. There are also guides as to how compartmentalise your life. There are guides about how to communicate with journalists. Encrypted email solutions exist and should be considered. Even operating systems designed to preserve security.
However it would be remiss of me to advise about these given my life has never been at risk because of a lack of privacy. You must gauge the level of risk and apply appropriate precautions.
For everyone else these few steps can make a big difference.
If you liked this article why not follow this blog