At the time I started writing this article the NSA drama was unraveling, and everyone seemed to be very concerned that their lives were no longer private. What I intend to show you is that the NSA recording your phone calls is only the tip of the iceberg. It’s actually the least scary thing happening right now.
A quick overview of what we’ll cover:
- Privacy is very important.
- We are all leaking massive amounts of data about ourselves.
- This data is being recorded and monitored by many people, not just the US government, mostly legally.
- That data is very insecure.
- We can do many things to protect our private lives, but most of them require technical proficiency and they must all be used together with consistency.
Along the way I will show you what little you can do to protect your privacy.
How Important Is Privacy?
A while back, a friend of mine asked how he could post something on the web anonymously. Really he wanted to compile some of his advice that probably wouldn’t mesh well with things like his future or current employers, but he didn’t know how to go about it.
Being a tinfoil hat neck-beard myself and not knowing what he was posting at the time, I gave him the “hide from the FBI level privacy” technique, which was way overkill.
Though, when I think about it, is any level of privacy overkill? With all the crazy spying going on, whether it’s the government, Chinese industrial espionage, or just your crazy ex-girlfriend, privacy is getting harder to maintain. Even if you have nothing to hide, once your life is on the internet, it’s there for good. Remember #scarlettjohanssoning?
Who is to say that your data stored somewhere on a server, whether it’s your search queries or your medical data, will remain safe forever? As long as someone else has control over your data, that data is vulnerable.
Privacy is very important. In some cases, privacy is the difference between freedom and oppression. When my bros ask how to surf Facebook while on vacation in China, it doesn’t seem like a big deal, but for the people who live in countries that block access to much of the web, privacy allows these people to get important information from, and deliver important information to, the rest of the world. Revolutions can hinge on simple privacy measures.
Many people who have traditionally thought themselves safe from prying eyes are now realizing that none of their data is safe. Those living in Europe are having their web traffic analyzed by governments halfway across the world.
So, my goal here is to show you some basic tools to protect both your data as well as your identity from a host of potential voyeurs.
I do want to temper any enthusiasm now, though. Even if you are a highly sophisticated user, it is virtually impossible to use technology and completely protect your data. At best, you can only hide well enough to never give those like the NSA a reason to go looking for you.
What is privacy?
To me privacy is comprised of a couple ideas:
- securing information you don’t want others to see
- disconnecting your identity from information you do want others to see
Our gut reaction to privacy is that we shouldn’t post what we don’t want on the internet, and this is good advice.
The problem that we run into, though, is that there’s a lot of stuff that we do want some people to see.
A simple example is a search query. You want to see funny pictures of cats so you tell Google to find them for you. They can’t give you what you want without you giving them some data (what you’re searching for).
However, if you’re searching for something more private, like a CD of Kathy Lee Gifford singing Christmas songs you don’t necessarily want anyone to know that it’s you doing the searching.
Many things work this way. We can’t just shut off the internet. We need to share some data while protecting other data. Simultaneously, we need to connect our identity to some data and separate it from others.
So, not only are the things you post, like status updates or pictures of your dog up for grabs, your search queries, the websites you visit, your location, etc., are all in play here. Most everything you do and everywhere you go are being recorded in some way.
Meta Data vs. Content
Before getting into some of the intricacies of privacy, we first need to better understand what data we are transmitting.
As the NSA story has unraveled, there’s been much debate about meta data. Back when the US government was only claiming to monitor meta data, they argued that meta data wasn’t a big deal.
So what is meta data?
Meta data is data about data. It describes other information. Meta data includes information like location, time, IP address, urls, names, etc.
When you send an email for example, the content of that email might be very sensitive, but the information generated about that email — i.e., the meta data — might be just as valuable.
Even though you might encrypt the content, information like the time the email was sent, the location (IP), who it was to, who else accessed that account, etc., may give away far more than what is contained within the message. It can be used to determine where the sender or receiver was located and what they were doing based on that location.
If you make a phone call while standing in an clinic, your location is just meta data about a phone call. Yet if we know the type of clinic your standing in, this can tell us something about your medical history, something you may want to keep this pretty private. This is why meta data is real data and should be treated as such.
One of the dudes you play soccer with happens to be a terrorist? Guess who else is going to be on a watch list?
All of this data can then be mined to paint a picture about someone’s behavior, who they associate with, etc.
This could be a simple email. In the example of Petraeus, he never even sent an email, merely saved drafts. They used the meta data about what IPs checked that email address and tied them back to hotel records. Now they know who was saving those drafts, where they were staying, and eventually what they were doing.
Many applications generate far more meta data than a simple email. Often meta data is cached on your local machine or your cellphone and by companies who provide you with services like cell coverage, cloud storage, and internet services. This data is accessible to the NSA or others by subpoena, by direct access, by hacking, or because it’s shared by the company with their partners.
The NSA and other organizations that are monitoring your every move want to downplay the importance of meta data, but as you will see later on, meta data is still data, and this data is very powerful.
Not only do we need to protect our content, we must protect our meta data.
Securing Information You Don’t Want Others to See
The first step to securing your data is to assume that your data isn’t going to be secure. Systems are compromised all the time. End user agreements change between you and the company holding your data. I’ll bet you didn’t know there’s a company that’s been indexing your Facebook data. Even if you change your Facebook privacy settings or delete your account, it’s still there. [profileengine.com]
If information is important to keep private, then it’s important to keep it off the web or any devices connected to the web. If we have data that needs to be somewhere on the web, we must have control over this data, and we must make sure it is secure.
Disconnecting Your Identity
To be anonymous, what we must do is remove any point where our identity and the information we’re posting can be connected.
A simple example: You buy some adult diapers from Amazon with a credit card and have them shipped to your address.
That means that somewhere out there in a database is a record with your name, address, email address and adult diapers. All these things are now connected.
As long as this database remains secure, your incontinence remains private.
You however, do not have control over the security of this database. If Amazon is compromised — or more likely — decides to sell this data, your data is no longer private.
What you’re relying on in this situation is that no one cares about using this data. It has no value except for, perhaps, marketing.
But what if this data does have value? Are there things you buy that you don’t want others to know about? Maybe we shouldn’t buy these types of things online?
Analytics & Tracking
Everything you do on the web is put into a database somewhere, and I do mean EVERYTHING.
Most of the websites you go to have Google Analytics installed (including this one). This is used mostly so that people who have websites can see how many people visited each page and how they get to the site. This is very valuable information and ultimately helps those creating content to tailor their content to the people visiting the site.
The sketchy part is that Google is tracking pretty much every site you visit. Everywhere you go on the web sits in a database. Attached to the information about the sites you are visiting is your IP address, which can be used to determine your location.
Again, we’re relying on Google to secure this data, and we’re also relying on the fact that no one cares about this data….except for maybe the NSA, which is looking over it for you.
Analytics isn’t the only thing tracking your movements though. Every time an advertiser displays an image, they’re tracking you. Most of the time when you see a Facebook button on a page that means Facebook is tracking you.
This is very real, and it’s going on 100% of the time.
So how do we secure our data and then disconnect it from our identity?
The first thing we were taught in information security was the concept of layered defense. Layered defense relies on the idea that no one security measure will make us 100% secure. So, like a castle, we put up multiple walls with each one protecting us a little more. The Vikings might get across the moat around our castle, but we’ll stop several of them. They might get past the first wall of the castle, but we’ll stop some more. Eventually if we put up enough walls, we will take out all the Vikings before they get to the center of the castle.
If we have only one wall, and that wall is compromised, those Vikings are going to get all up in our castle quite easily.
Layered defense allows us to have a hole or weakness in one countermeasure, while another compensates. The stronger and more elaborate our defenses, the more likely a hacker is going to move on to easier prey, even if our defenses are not perfect.
So, we’re going to secure our data at each point along its path to its final destination….at least to the degree that we can.
Starting at the most basic level, we need our local machine to be reasonably secure to have any hope of privacy. Your local computer or cellphone has the most data and is, therefore, the largest threat.
Start with some basic fundamentals:
- Keep your operating system and all of it’s software updated, ideally automatically or at least daily.
- Run a decent antivirus.
- Run a firewall and spend the effort to control which applications have access to the web. Often you can catch a virus when an application that doesn’t need access to the web tries to phone home.
- Use strong usernames and passwords to get into your machines (14+ characters).
- Keep your machines physically secured (locked away when traveling, out of plain site, locked in a cabinet, car trunk, etc.).
If you’re housing really private data such as financial data (you did save your taxes locally didn’t you?), then consider whole disk encryption. Any laptop you have should definitely use whole disk encryption, because laptops get lost and stolen very frequently. Anyone who robs your house is specifically looking for laptops because they are easy to transport and sell, and they have lots of juicy data.
Whole disk encryption provides us with some degree of physical security. Even though someone can steal our machine, it’s less likely that they can retrieve its data for use. Note that if your encryption is provided by a vendor like Apple, Google, or Microsoft, rather than an open source foundation, it contains back doors which allow the government to decrypt your drive. These back doors may also be exploited by hackers. However, bad encryption is better than no encryption (layered defense).
Truecrypt seems to be the defacto standard for free whole or partial disk encryption.
If you own a cellphone, even a lame one, you are sending massive amounts of personally identifiable data to many companies 100% of the time. Virtually all of this data can be accessed by any government agency with a rubber stamped warrant and much of it can be accessed by just asking nicely or using one of the unlimited access portals. The companies that have this data often simply share it with their partners for fun and profit. This includes long-term historical data as well as real time data.
How does this work?
By law, cell phone companies must be able to provide location data in the event of a 911 call. Companies either use cell tower triangulation (AT&T, T-Mobile), called estimated time of arrival, or they just put a GPS chip in every phone (Verizon, Sprint). This data is then retained for various amounts of time, but in some cases, going on 8 years now. Your location can even be pinpointed with your cell phone turned off. As long as your phone is connected to a tower, your location is being recorded.
Let me rephrase this:
EVERY PLACE YOU’VE EVER BEEN WHILE HOLDING A CELLPHONE HAS BEEN RECORDED IN A DATABASE THAT PEOPLE ARE ACCESSING.
In addition to tower and GPS data accessed directly through the phone company, your cell phone is transmitting your mac address, a semi-unique identifier, to any wireless access points in the area. For $200 the coffeeshop down the street can track how often you walk by, and the mall can track what stores you enter with a popular system like euclidanalytics All this data is being transmitted automatically by your cell phone to anyone who will listen. The same applies to private cell towers installed in the mall or your local stadium. They can see any unique identifiers you are transmitting, as can anyone who hacks these systems. Note that disabling GPS doesn’t actually disable any of this location tracking, it merely prevents some applications from accessing GPS.
These are legit systems, hackers building their own systems are of course able to directly intercept your phone calls.
Any time you connect or even ping a wireless access point, meta data is potentially generated. Your IP address can be used to pinpoint your location.
Many applications need to use GPS data to work, but many others merely record those data for data-mining and profit. Once an application records this data, it will go to a database and be used for whatever purposes the company desires. Most often a single application that collects location data will share it with multiple other partners including advertisers, API providers, parent companies, data mining companies, advertisers, etc. Your data is everywhere.
An application as simple as an alarm clock was shown to collect and then distribute your precise longitude and latitude to multiple 3rd parties. Pandora collects and distributes a host of data about you including your birthday, location, etc.
Images taken by your cell phone usually, by default, record the precise location when the picture was taken (exif). This allows any application that has access to images can collect location data without having access to GPS or “location” settings. Any image you upload to websites like Facebook, Twitter, Instagram, or Reddit, can have your exact location embedded for all to see.
The data cached on your phone is just as valuable as the data that is transmitted. Applications can read this cached data, which may reveal your location. The same applies to rootkits or other viruses installed by hackers, your ex-girlfriend, or the NSA on your cellphone.
What’s the big deal about location data? Well, not only can they see where you are now, they can see every place you’ve ever been, and they can put it on a nice heat map interface.
- They know when and where you go on vacation.
- They know when you go to the sketchy place where girls wear platform shoes and little else.
- They know which gas station you buy gas at.
- They know you went to Planned Parenthood.
- They know you went to an medical clinic.
- They know who you were with and for how long.
They can use predictive modeling to tell where you’re going to be at any given time based on your patterns.
Anyone who hacks the phone company system also has this data, as does anyone with access to the self server computer system designed to make viewing this data easy.
Some creep likes your profile picture on some website? Now he knows where you live because anyone can read the exif data.
This is real. It’s happening right now. There are websites that map images from Twitter to locations so you can just browse a neighborhood block for pretty ladies with their pictures embedded in Google street view.
These are simple examples. We all have data we want to keep private. Privacy is not about criminals hiding from the government.
You don’t commit any crimes so it’s no big deal? What if there’s something you’ve done, completely legal, totally innocent that other people may simply disagree with…even 8 years ago? Do you want those people to have this data? How might you be blackmailed with this data? How might this affect your ability to get a job?
Encrypt your cellphone? Apple and Google will unencrypt your cellphone and send that data to law enforcement upon request. This is a fancy way of saying the encryption is not secure. Use it anyway, but don’t expect it to keep your data private.
The best you can do is try to disallow as much of your data from leaking through your cellphone, but cellphones cannot be reliably secured from what I’ve seen. Go through your settings one by one and learn what they do. Make a conscious choice about what those settings should be. There are too many to cover here, and all of them are weak. Turning off location data is a good idea, but it’s not 100%, and it doesn’t apply to your cell phone carrier nor their partners.
A private VPN using decent encryption is the only real recommendation I can make, which simply prevents your passwords from being sniffed over wifi on websites that don’t use SSL to log in. More on this below.
Also, as a side note, a large percentage of applications in the various “app stores” contain regular old viruses. No one is reviewing the code for hundreds of thousands of applications line by line to determine which contain viruses.
If you care deeply about privacy, just don’t carry a cell phone every minute of every day.
Are you running a wide open wireless network? Is the password to your wireless router the default password that everyone can look up with a quick Google search?
Set up your router to use WPA AES encryption (not WEP). Change the usernames and the passwords. Enable the “firewall.”
Are you sitting on a public network? Anyone on that same network can capture everything that goes through the network unencrypted…with a simple browser plugin. Firesheep pulls out your login data and makes it easy to read your email or log into an application which isn’t protected by encryption such as SSL. An encrypted VPN can help prevent this. See more on VPN below.
Your internet service provider (ISP) is logging most everything you do and probably keeping those logs at least a year, if not indefinitely. They are the first people to intercept and play with your data. They will also hand over your data to any government entity, usually without a warrant or probable cause. If you live in China, your ISP works with the government to determine which sites you’re allowed to go to and blocks the naughty ones.
Even if you aren’t doing anything illegal, your ISP is watching your traffic, and in many cases, “shapes” that traffic based on what you’re doing. Youtube taking up too much bandwidth? We’ll let’s just make it slower, and the same goes for Netflix.
You can encapsulate all of your data and hide it from your ISP or others on your local network by using a VPN (virtual private network). A VPN creates a tunnel between your local computer and a server out on the internet. Your ISP sees that you’re connecting to this server, but that’s it.
That server then acts like an intermediary between you and the internet, called a proxy. The server sends the request for funny cat pictures out to the internet and receives the response for you. Then the server encrypts those cat pictures before sending them back to you.
It also performs this encryption for things like passwords to websites that don’t use encryption on their own. The real advantage to an encrypted VPN is that is encrypts all the data flying over your local network or wireless so that someone sniffing (recording) your traffic can’t access your data.
The important thing about VPN providers is that they can keep logs just like your ISP. So it’s critical to select a VPN that doesn’t keep logs. Note that we’re trusting the VPN provider to not keep logs, which is never 100%.
A VPN doesn’t just protect you from your ISP, it protects your ISP and, to some degree, your identity from everyone else. People commonly use VPNs for Bittorrent. If someone sees that you’re sharing their copyrighted funny cat pictures and wants to send your ISP a subpoena, well, they’re out of luck, because they don’t know who your ISP is.
All the internet can see is that VPN server and your VPN server doesn’t keep logs (in theory), so they don’t know which of their thousands of customers is copyright infringing those hilarious cat pictures.
Besides using Bittorrent, a VPN allows you to pretend to be in another country. Many sites block some countries from accessing their servers or charge different rates to foreign countries. Choosing a VPN located in the country of your choice allows you to bypass these restrictions.
VPN access cost $20 a year for most purposes, so it’s really not a big deal to use one. The only downside of VPN is that there’s a bit of overhead in encrypting your connection. A good VPN provider should have decent speeds, but you’ll have to weigh the loss of speed against your privacy. Also your ISP may throttle VPN traffic. There’s no free lunch.
Note that there are stand-alone or even web-based proxies, like megaproxy.com, which can allow you to get to sites that are blocked by firewalls. However, without encryption (like a VPN), these proxies aren’t able to secure that data on it’s way to the proxy.
Tor is a publicly available free VPN that anyone can host on their own. The software connects you to a random server and then bounces you around a few times before sending your traffic to its final destination. The idea is that you’re insulated from your destination by several servers. Your final destination doesn’t know where you’re coming from; they just see the last server that you bounced off of.
Tor has a couple problems though. One, it’s basically volunteer-supported so you might be connecting to a server in Russia hosted on an Atari 2600. It can be incredibly slow. Try disconnecting and reconnecting if it’s really bad.
The other problem with Tor is that you don’t know who you’re connecting to and the first server you connect to does know who you are (your IP address). Pick your favorite 3-letter government agency, and it’s rumored that they are hosting a ton of Tor servers for this exact reason.
Because Tor is used by an entire world of sketchy dudes, you’re dabbling in that world. If I were doing an investigation of the sketchy underworld, I’d probably start by going to an ISP and pulling everything they had on dudes who are using Tor. Just be aware of that.
I’ve also heard rumors that services like USPS look for people connecting to their online tracking application using tor. So if check the tracking number on the cookies sent by your grandma while using tor, it’s more likely that they’re going to open the package. More and more we will see those trying to protect their privacy treated as suspicious.
Despite these limitations, Tor is very powerful and provides thousands of people with privacy for free. Download the browser bundle which is an executable with a clean Firefox browser. This ensures that there are no cookies and that other data from your prior surfing is transmitted.
Also note that you can buy your own server and set up your own proxy system. While this gets you encryption, paying for said server anonymously, securing it, and ensuring that there are no logs connecting you to that server, are beyond the scope of this post. However, if you just want to avoid the snooping eyes of your ISP or people on your local network, this can work. Also simply setting up a server in a foreign country — like say Iceland, which isn’t as cooperative with other more oppressive governments — is also a simple way to give you a small layer of anonymity.
A VPN isn’t absolutely necessary for normal people. It does provide a bit of insurance in case someone is sniffing traffic on a wireless network. If you’re submitting a password on a site that isn’t encrypted, VPN at least protects your login from the other people at the coffeeshop. The likelihood of this happening is pretty low, but the penalty for this compromise might be pretty high. Use your best judgment.
Thus far most of our discussion has centered around security. Security is necessary for privacy, but privacy itself is going to take more than some encryption and antivirus.
How many sites that you log into use your email as the login? These sites may never even send you an email, but email is basically the primary key for people on the internet. That’s a nerd way of saying that everyone’s email address is unique, and, therefore, it’s convenient to use that email as the way we identify people. Your email is like a social security number, at least the way most people use email.
This means that your email is the first way we connect your activity on the internet with your identity.
If I know your email address, then any place where you post that email address, I know you were there.
Because we treat email as an identifier, it’s important to recognize when we need to separate our identity from an email address.
Throw-Away or “Spam” Email Addresses
So you need to login to a sketchy website where you don’t trust the owner of the site nor do you want anyone to be able to connect you with that website. It could also be that you just don’t want a bunch of junk in your inbox from the site. You can use either a brand new throw-away email address for one time use or a separate spam address that gets reused.
To me this should be obvious, but for many people it’s not.
Neither of these addresses should be used for transactions, nor should you use your real name in anything you submit to these sites.
The advantage to the reused spam account is that you can relogin to that site because you don’t forget the email you originally submitted. The disadvantage is that you are creating more opportunity to make mistakes because you’re reusing the email address.
The same rules apply to usernames and avatars. If you reuse the name “funnycatfan24” on every website you post on, anyone searching for “funnycatfan24” can find all of your posts on the internet. Now if at some point you post your name, legit email, a picture of your face, one of your friends, a link to your Facebook, or your friend’s Twitter account, etc. while using that username, you can be identified. Now everything that you’ve posted on the internet via that username can be connected to you directly.
If you use the same avatar, someone doing a reverse image search on Tinyeye can find all those posts. If they can identify you in one post, they now can identify you in any post using that avatar.
Your primary email, the one you use to login to legit sites where you are actually openly identifying yourself, needs to be limited to only those sites.
So the email you use for Amazon, Facebook, etc. should not also be the email you use for endangered-species-wholesale.com, some bogus free car giveaway signup, or the cashier at the bookstore.
Even if a site isn’t sketchy, but you want anonymity, use a throw-away account.
Even when you trust a site or bookstore cashier with your email or even your phone number, the database that phone number goes in, probably isn’t secure, and hundreds of people inside that company have legitimate access to your data. Some of those people may sell your data even if it’s unauthorized by the company. Most likely the company itself sells that data. In short, limit who you give your data to unless there is a compelling reason not to.
A very quick but insanely important note about email security: Your email password must be absolutely unique and not used in any of your other accounts.
I’m going to type that again but now in bold YOUR EMAIL PASSWORD MUST BE ABSOLUTELY UNIQUE.
Why am I so crazy about this? If any other login is hacked or any other site using that email is compromised, then a hacker is going to take that database of logins over to gmail.com, hotmail.com, yahoo.com etc. and try that email address and password. If you use the same password they have now hacked your email.
This is how hackers compromise a reasonably secure email system like gmail. They don’t compromise gmail, they compromise some unimportant Sony server and then just try those username/password combinations elsewhere.
The same happens to Twitter, Facebook, and many other sites. They don’t hack your Facebook, they simply hack something else and most people use the same email password combo, so they try those same logins. Boom, they have everything.
You should use unique passwords for all important sites, but email is vitally important because you are going to reset and fix your Facebook account after it’s hacked by having Facebook reset your password which is sent to…..your email address. If your email address is now dead, you’re locked out of EVERYTHING.
This can happen even if your email password is very strong, because they are not cracking your password, they are simply copying it out of a database where it’s stored in plain text.
A quick note about passwords. If you want to make strong passwords that are easy to remember, simply make them really long. Use a passphrase like “I like apple pie on Sunday afternoons.” Don’t use anything that others could know about you like your birthday, address, kids’ names, etc. Just use a long sentence that is nonsense.
Secure email isn’t really a thing. No email provider will secure your data on it’s own. The FBI has been reading your email en mass as far back as 1997. While we can only speculate how far this goes today, we do know that they are performing real time symantic analysis on pretty much all the major providers (ie they’re reading your email). Whether the NSA now pretty much stores everyone’s email…we’re probably getting close. This goes for people both in and outside the US.
Any data you provide to an email provider is up for grabs, so the only way to secure your actual message is to encrypt your message before pasting it into a webmail system (see below on PGP). Then you must only connect to this webmail system while using proxies like Tor. Most email providers like gmail don’t let you connect through Tor, so you’ll need an “anonymous” email provider.
The email providers du jour change all the time so just do a quick search. They get compromised regularly by those that don’t follow the steps above.
This is an old tutorial on creating anonymous email accounts, but the principles remain.
So we’ve locked down everything that get’s us to the internet. You did smash your cellphone with a hammer, didn’t you? Now we’ve reached the biggest hole. The internet itself — which usually passes through your browser.
As we discussed, everything you do is tracked by various analytics programs and corporate spyware like the Facebook graph.
We can block many of these folks by refusing to load their scripts or their images. How do we block scripts? See resources below for options:
The Tor browser bundle blocks all scripts by default.
When possible, we can try to use HTTPS when that’s an option and we can use the always https plugin in Firefox to keep many of our passwords from being sniffed over wifi.
Google created Chrome for a reason. Data.
I use Firefox because I don’t trust Chrome (tin foil hat, I know) and because Internet Explorer is just insecure garbage. Firefox comes with a host of great plugins to secure and improve your browsing experience.
I don’t really care which browser is 7 milliseconds faster.
Sometimes you just want to post some stuff on the web. Maybe it’s just a bit too weird or unprofessional for potential employers to see, if they ever want to hire you, or maybe you are a whistle-blower trying to save the world from oppression.
To stay anonymous, you have to ensure that the host isn’t connected to you.
If you are registering a domain, get private whois or just use fake information (slightly more problematic) in the registration.
It’s important to know which companies will give up your “private” registration with some trickery or a court order (don’t use GoDaddy for this reason and about 100 other reasons). So do your homework when selecting a host.
If you’re doing something super sketchy, you’re going to also need to pay for this domain and hosting with some sort of anonymous payment (prepaid gift cards bought with cash, bitcoin, etc.)
If you don’t need your own domain, there are hundreds of free hosts that will build your site for free. I like wordpress.com. You can use a random email address to register these and be up and starting revolutions in no time. The same can be said for social media accounts. Just toss up a random Twitter account. However, know that you can never connect to these without a proxy if you want proper anonymity.
Public Key Encryption
The final wall of our castle is public key encryption. We’ve secured the transmission of our data from our own computer out to the internet…kinda, but eventually this data has to get to its recipient.
Your komodo dragon dealer needs to know your address, and you just don’t trust endagered-species-trader.com with your address. Public key encryption allows you to post that address on a website so that only the recipient, your komodo dragon dealer, can read it. Your komodo dragon dealer can also verify that you were the one sending the message and reply back to you so that only you can read her reply.
I won’t bore you with all the math involved, but you can download PGP (pretty good privacy) and be up and running quite easily.
Applications and Social Media
Everything you post on Facebook, Twitter, etc. is insecure and should be treated as public. Forget privacy settings, third parties still have access to your data, and these accounts get hacked all the time. Every stupid ap your friends use on facebook has access to your data. The government has access to your private data and is regularly monitoring it through social media.
Boot CDs, Open Wireless, and Tin Foil
So for the people who’ve just added an additional layer of tin foil to their hats, another option to consider is using a secure linux boot system that doesn’t save data to your hard drive.
Often really paranoid people doing naughty things will combine this with open wifi located far from their house and not within view of any security cameras. This makes it pretty tough to track their location through IP address.
How hard is it to make a purchase without revealing any part of your identity? It’s borderline impossible.
20 years ago you would just hand a clerk your cash and they would hand you your new Swedish-made vacuum pump.
Now when you make a purchase it goes a little something like this:
You order online and your IP address, your actual address, your credit card, your browsing habits up until you bought your new product, and your name are all recorded in a database. Your credit card company watches that transaction to make sure it’s not fraud, then it goes to your bank which makes sure you’re not laundering money. All these data elements are shared with partners and data miners looking for patterns, and then the NSA or other organizations look over it all to make sure you’re behaving appropriately.
If you make the purchase in person, you are recorded by cameras (which may have facial recognition, like in casinos), they often ask for your name, zipcode, or email address (remember our discussion above). They give you a customer card or use your credit card to track your prior purchases at that store to predict what coupons to give you or what advertising to send to your email. Then the transaction goes to the credit card companies, the bank, the government, and anyone who hacks their systems.
If law enforcement needs to see those security cameras, all they have to do is ask. They can watch you walk into the store, perform your transaction, see your license plate number, track you as you drive away from the store, and watch any place you go within reach of a security camera. They may also keep a database of license plates and locations automatically logged via cameras using a form of OCR, call automated license plate readers.
These security cameras, and often the credit card systems that are tracking your data, are frequently wide open, often passing data in clear text over wifi or accessible without passwords from the internet.
Everyone is getting all rustled by the NSA leak and the idea that potentially all of their transactions, email, and web history are being monitored.
The fact is, many of these things are 100% monitored by the government, by law. It’s just that no one outside these industries understands how it works.
The banking industry is a good example. Forget the warrantless mining of transactions that have been happening for years. By law, every bank must monitor all its transactions for suspicious activity and report its findings to the US government. The justification for this is simply anti-money laundering (AML).
To prevent money laundering, most large banks have automated systems that search through every transaction a customer performs and classify each customer based on risk. Everyone is familiar with the $10,000 limit on transactions, but AML software goes much further than this. Not only do they look for large dollar amounts (easily spotted manually by auditors), they look for patterns in where transactions originate, the dollar amounts, changes in frequency as well as types of transactions. Every penny is evaluated.
While each bank can determine what their thresholds for suspicious activity may be, it doesn’t change the fact that all your transactions are monitored and, if deemed suspicious or just high risk, these transactions are reported to the government where they’re dumped into a database and examined for further patterns. Then, the government starts sending out audit letters or kicking down doors.
My grandmother who is 11ty billion years old, actually got a visit from the FBI when she pulled all her money out of her bank account. Some bank teller made her mad so she switched banks.
How is this really different than if the NSA were your credit card processor themselves? The only difference is that each bank does the bulk of the work for them and it’s not only legal, but required by law.
How Do We Buy Stuff with Anonymity?
We have very few options. Most don’t work Even if you are able to transfer money anonymously, you still have to ship your stuff.
Cash is anonymous except that it must be exchanged face to face, face to surveillance camera, or via mail. As long as you’re not committing a crime, surveillance cameras aren’t a big deal. Cash’s biggest limitation is that you can’t really buy on the internet with cash and all the cool stuff is on the internet.
Bitcoins are quickly becoming the standard for semi-anonymous transactions. The advantage of bitcoin is that they don’t require a central clearing house like a bank to perform the transfer. To individuals can send bitcoins to each other, and the peer to peer network will then perform the actual transfer.
This provides a layer of anonymity; however it’s important to note that all transactions are recorded and publicly available for data mining. While there aren’t names associated with this data, theoretically, one could analyze patterns based on accounts they know to be owned by a specific person.
Acquiring bitcoins can also be annoying. The major clearing houses require ID because of pressure from the United States, and others are shut down all the time. You can buy bitcoins face to face, or you can often purchase them indirectly through local cash deposits at your local Walgreens, CVS, or bank…or at least you could.
The other limitation with bitcoins is that there is very little you can actually buy with bitcoins. New services are opening up all the time, but making your everyday purchases through bitcoin isn’t yet feasible.
If you can purchase a traveler’s check without an ID, you can then spend those anonymously.
How Secure Is Your Data?
I hate to be the bearer of bad news, but all the data that’ve been leaking from your cellphone and computer is ripe for the taking, no matter where it’s stored.
We like to think of the NSA or the CIA as having the best security in the world. No one is going to hack the NSA. Well, the NSA actually has very poor security and apparently they have all your data, as do other foreign governments that have access to NSA systems.
How do I know the NSA has terrible security?
The financial industry is subject to much higher standards for information security than anyone else. Having performed internal and external audits all over the country, I can tell you than hacking or even robbing a bank is as simple as picking up a telephone or sending a fax.
There just is no such thing as security in a large organization. As any system becomes larger, whether it’s computer code or number of people, it becomes less secure. In fact, bugs and vulnerabilities increase exponentially with size.
I was able to get a username and password from a bank secretary on my very first social engineering attempt ever, with co-workers laughing hysterically in the background at my incompetence. The bank secretary also gave me the secret word of the day used to verify that I’m an actual employee, which we then used on the rest of the people we called to extract their information as well. This was at a bank which regularly receives training and audits for pretext calling.
The people I worked with performing penetration tests (hacking) were able to get domain admin more than 80% of the time with, at most, 3-4 days to do it. This means the more often than not, anyone who knows what they’re doing can completely take over a bank’s network and, eventually, most of the applications that run on that network. They can do it from across the globe, across the parking lot, or while standing in the computer room that they snuck into (which we were also able to do more than half the time).
The “most secure” organizations in the world have security that is, quite simply, a joke. I’ve seen banks build physical fortresses that can withstand any natural disaster for months on end. Cement walls two feet thick. Motion tracking. Generators the size of a house. However, you put one girl in a business suit and have her start crying at the front desk because she needs in the computer room, and they’ll walk her straight into the computer room and let her plug in her laptop. Yes, this actually happened.
So what does this have to do with the NSA?
Well as we’re learning from people like Snowden and also common sense, is that the NSA uses a lot of 3rd party contractors. We know from a former Defense Security Service auditor that the audit process for these third party contractors is basically worthless, when and if it happens, which isn’t very often. Even contractors handling Top Secret classified data might not be audited for 6 months, and even then, the audit coverage is completely inadequate. Negative (i.e., unfavorable) audit findings are typically suppressed, and the audit coverage itself is largely dictated by a board comprised of defense contractors who have an interest in keeping these audits a joke.
Banks are audited day in and day out, by independent firms. Any critical system they are running also must be audited by a 3rd party, and the bank must evaluate the audit report (called a SAS70). So if the bank with an unlimited budget and massive federal security regulations written by audit companies can’t keep hackers out, how is the NSA going to secure your location data when top secret data is sitting on unencrypted laptops and in random filing cabinets?
AT&T? When was the last time you reviewed a SAS70 (audit report) from AT&T? When was the last time someone was notified that their location data might have been compromised? They aren’t subject to any real security regulations requiring them to be audited or notify customers in the event of a compromise. Perhaps California has some generic privacy regulations, but there’s no way to enforce them, and they’re all financial regulations. Your location data isn’t private.
The banks are well-regulated, and they’re insecure. The people writing Facebook apps, the people handling your email, the people that track your search queries, and the people storing your genetic data can pretty much do whatever they want. Not only is this data not secure from bad guys, it’s openly shared with other companies and your government or foreign governments.
Remember that these tools work together and no single tool is reliable on it’s own. Even with all the tools and advice here, we’re all still pretty easy to track down. Hopefully this provided you with a decent overview of privacy on the internets. Only with massive legal and policy changes can we attain even a small piece of what we had 20 years ago.
Privacy is a right under the fourth amendment. Go out there and make your voice heard if you want privacy. No one is going to do it for you. Vote with your feet and with your wallet.
Check out the https://www.eff.org/ for more current stuff on privacy. They are one of the few well organized groups of people that are out there defending your privacy online.
Discuss on reddit.
Discuss on hacker news
What are your favorite privacy tools?