Post PRISM and NSA super spying dragnet thoughts on privacy

The release of the extent of the NSA’s surveillance network in June 2013 has released a shock wave of anger across the internet, and understandably so. Being anonymous in the wake of such revelations is obviously incredibly difficult, near impossible in fact, but there are some steps you can take to limit your exposure.

In a previous article of mine (A simple guide to anonymity on the Internet) I discussed some technical solutions to protecting yourself on the Internet, the article discussed some easy ways to block third party cookies and disable some of the everyday tracking methods that are employed by data mining companies.

The NSA scandal however adds an entirely new chapter to the already confusing book on just how many ways you can be tracked/spied upon on the Internet. A government sanctioned back-door or worse, wholesale turn over of stored data to a government agency is pretty difficult to avoid via purely technical means.

But there are ways to at least limit the data that can be extracted by anyone (not just governments) using these methods.

The Internet is a giant spy network

Obviously there is more to the Internet than just spying on one another, but you have to understand that true anonymity on the Internet is virtually impossible You can come close to it, but the problem is that you must always entrust someone else to carry your data or to pass data to you, there is simply no way around this.

Even worse, the architecture of the system means that it is a centralised network. There are single access points (ISP’s) through which most people access the Internet and even those ISP’s share the same physical infrastructure, this means that data from billions of Internet users is funnelled through a relatively small amount of access points, making it easy to tap into their data.

Individual government laws aside, the actual infrastructure of the Internet lends itself toward surveillance. So whilst it may seem alarmist to consider the internet as giant spy network, you should always be mindful of the potential for eavesdropping,, and it’s not just governments spying, it’s anyone that get away with it and make money, although non government agencies are obviously limited to widely data mining techniques (for now).

The internet is PUBLIC

This is the key thing to keep in your head as you interact with sites and applications on the Internet. If you post anything or put any of your personal details anywhere then you are relying on a third party (the site or application that you posted the information too) to keep your data safe. Time and time again this has proven to be a bad idea, even before the NSA spying revelations.

Think of this, imagine a company, Rants Inc. that allow you to go round to their offices where they’ve gathered a shed load of people. Some of these people are your friends, some are friends of friends, but mostly there a lot of people present that aren’t related to you at all and are just bored. You can go there and shout about whatever you want, whenever you want and these people will hear the whole thing. They’ll even record the whole show so that other people can witness your loose brained giberish in the future. This service sounds awful right? I mean why would you air your private madness so publicly? So why do you post all that loose brained, personal gibberish all over the internet then?

Quite simply, do not trust any third parties with your data unless you absolutely have to or for some reason you trust them explicitly. Fill out the bare minimum of details about yourself, do not post personal information, your location data, your inner thoughts, future plans for world domination or anything like that unless you have a really good reason or it will prove useful to others in some fashion (like ranting in a blog about security for instance).

Surfing anonymously

You really have a few options for anonymous surfing, and unfortunately neither of them are fool proof. A good VPN that you trust is an excellent way to surf anonymously, however you have to be aware that you just pushing your trail onto that VPN, someone within the network can still log your activity and pass it on to others. You will need to find a VPN that you trust, I have found plenty of popular ones (like ProXPN which is even free) however it all comes down to trust. I’d imagine that the best VPNs are word of mouth only, but please do look around and see what other people are using, and please let me know if you find a really good one.

TOR is a good option as well, however you still trusting a third party to keep your data secure, and with TOR you literally have no idea who that third party is. Still though it appears to be a decent option at the moment, and it’s free, so try it out.

Use your own mail server

Stop using mass email solutions like Gmail, MSN and the like, these are particularly vulnerable, both Google and Microsoft are not only involved in the PRISM program, but even outside of this both companies have admitted that they are regularly subpoenaed and forced to release customer information and emails. Additionally, these centralised mail solutions are obviously a big target for hackers, they might seem secure at the moment but in the future who knows how long this will hold true for.

Consider this, say you’ve had all of your snail mail delivered to a nearby building owned by a mail holding company, Mails’rus. Everyone’s mail is kept together, whenever you go in to look at your mail, there is always a security guard with you that ensures that you can only look at your own mail. The problem with this is that the mail company itself can do whatever they like with the mail when you’re not around. You wouldn’t do this with your snail mail would you? So why do it with email? Which most likely contains information of greater importance that what you receive via snail mail.

Instead of using a centralised mail service get yourself a domain name and a cheap mail server. You will have to pay a small monthly fee, but at least you will be in control.

If you have the knowledge an even better solution would be to purchase a DIY server solution like Linode and build your own mail server, this way you will have complete control over your mail. Linode even have a fairly easy to follow guide on setting up your own mail server.

Use social networks carefully

This may sound old fashioned, but whatever happened to good old face to face communication?

Really, why do all those random people that you never actually speak too need to know all the intimate details of your life? The answer is that they don’t, the people that you really care about will see you in person anyway, so why post lots of personal crap onto social networks?

Keep your details light, only fill out the minimum detail about yourself on any social network, also keep your profile as private as possible, although this won’t stop Facebook (or whatever social network your on) themselves from seeing your data, but it helps.

Do not use social networks like an email system! Facebook messaging and whatnot are just as vulnerable as Gmail and the like, use your personal email whenever possible and try to direct people away from messaging you via Facebook about anything personal.

Mobile phones have limited security options

Unfortunately this statement is the reality of the situation, mobile providers represent an even smaller number of access points when compared with ISP’s, and there are virtually no encryption options when it some to cellular calls and text messages.

The only secure cellular application that I’ve heard of is Seecrypt which allows for secure peer to peer calling and messaging between smartphones. They have Android and iOS apps available that are free and pretty easy to get going with. They have been getting good press, so they might be worth a look, whether they are 100% secure or not is another question of course.

Without some level of encryption however you are completely at the mercy of your provider, hopefully in the future more encryption options will emerge alongside Seecrypt.

Other privacy tips

  • Don’t use Skype at all, it’s been postulated that it’s had a back-door ever since Microsoft took it over, the NSA scandal just confirms it.
  • DuckDuckGo is a supposedly secure search engine that has minimal logging, try using it instead of Google.
  • Stay signed out of Google and Youtube, only sign in when you have to.
  • Look at my previous article A simple guide to anonymity on the Internet for some more tips.