Security

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Online security is nowhere near absolute. But most of us don’t do as much as we can do with the tools that are available and expose ourselves to more online surveillance than we have too. If you’d like to minimize yours, here are a few things to try out.

With thanks to Defend Our Movements (MayFirst/PeopleLink) and Surveillance Self Defense (Electronic Frontier Foundation)

 

I – Email

Email is notably, notoriously insecure and is so by design. The risks are virtually endless: spoofing, phishing, lost and stolen passwords, government turnover orders. Everything you can do to increase your email security almost inevitably reduces your email convenience. The trade-offs are as individual as each email user. Make a calculation based on your risk tolerance, your risk profile, the way you use email and who and what you are trying to protect.

Basic precautions: Never email personally identifying information like social security numbers, credit cards, bank account information, online passwords, or in extreme circumstances your home telephone number or address. Use secure sites for online transactions that contain any of that kind of information and if you must exchange casually, do so via an encrypted text message or email service. Or pick up the phone.

Email services: Some email services will take precautions to prevent your emails from being recoverable for a governmental information order. Rise-up will encrypt your email on their server. ProtonMail offers secure email from a base in Switzerland. Tutanoa provides service from Germany.

PGP/GnuPG: Any individual can encrypt their own email using PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard). Howver, you will need to adopt a new email client, an add-on application, generate public and private keys for yourself and understand that these programs are not 100% bulletproof.

In short, the protocol for self-encryption is to download either PGP or GPG for Mac OS or Windows. For a cell phone, GPG is available for Android or iPhone. Once you do so, generate a public and private key for yourself. A key is a paragraph of code that you make available in public (hence public key) to those who you would like to send you encrypted email. Messages sent to your public key can only be unlocked by a matching private key that you own.

Once you generate your public and private keys, you will need to adopt an email client that is compatible with encryption, The usual one is Mozilla’s Thunderbird. Once you set up Thunderbird as your email client, you will need to add an extension called Enigmail, which enables Thunderbird and the encryption software to understand each other.

And then you are done. It’s a lot of steps. For more guidance, see https://ssd.eff.org/en/module/how-use-pgp-windows and https://ssd.eff.org/en/module/how-use-pgp-mac-os-x and https://ssd.eff.org/en/module/how-use-pgp-linux

II – Password Managers

A password manager allows you to use long, unique and complicated passwords for different websites, rather than forcibly simple ones so you can remember them. In the event of a security breach, your passwords should be much harder for a password cracker program to guess and access to *one* of your passwords will not be the same as access to *all* of your passwords.

There are a number of password programs. One of the primary differences is whether your passwords are stored on your hard drive (more secure, less convenient) or in the cloud (less secure, more convenient).

Programs to try: KeepasXC, Bitwarden, Dashlane

KeepassXC stores your passwords on your hard drive, Bitwarden and Dashlane use the cloud.

Two factor authentication can foil a thief with your password. A two factor authentication system will require a second piece of information, like a code texted to your mobile, when logging in from an unrecognized IP address. When it’s an option offered to you, use it.

III – Smartphones

Texting is one of the easiest and most heavily used person-to-person communication systems and one that most people want to keep private. Using an encrypted texting service is an easy security add-on.

Signal is an easy to use texting program that will provide mostly secure user to user text message encryption. The catch is that both users have to have the program to enable the encryption, so you need to use Signal and you need to make your friends use Signal too. But once that transition is made, you will have taken a big step to secure your communications. If you use Signal to text with someone who isn’t on Signal on an Android phone, everything will work but your message content will not be fully secure. On an iPhone, you’ll be promoted to switch to Apple’s messaging program.

WhatsApp is heavily used in other countries and was one of the first messaging services to use end to end encryption. It’s still popular, but acquisition by Facebook, a technology company with some of the worst privacy practices on the planet, has reduced its trustworthiness. WhatsApp recently changed its protocol to use Signal’s encryption.

Telegram is a fairly new encrypted texting service which has growing popularity abroad. It offers self-destruct features similar to the program Snapchat. Opinions vary on its efficacy, and most experts have better things to say about Signal.

IV – Browsers/Search Engines

If you are concerned about your security and privacy, you want to use Mozilla’s Firefox among the primary browser options (Chrome,Firefox, Bing, IE). Duck Duck Go and Startpage offer search engines without tracking.

If you genuinely want to conceal your online activity, you can use Tor browser. Most people only use Tor sometimes because it is considerably slower than a browser like Firefox. Also be aware that Tor users are visible as points to entities like the NSA, so if you are in a small, rural or remote area where you may be the only Tor user in your vicinity, it is possible to draw unwelcome attention to yourself. Using Tor is perfectly legal, but since some illegal activities are conducted using Tor, law enforcement pays a significant amount of attention to Tor traffic.

Virtual Private Networks or VPN’s allow you to search and browse the web anonymously. There are many available for a price and many for free, but not all the free ones are reliable. A free VPN that is reliable is Hotspot Shield

Some good fee for service VPN’s are Express VPN, and IP Vanish. 

HTTPS Everywhere is a helpful browser addon for Chrome, Firefox, and Opera that will secure your browsing on sites that support https (secure browsing), but aren’t defaulting to it. If using one of those browsers, it’s a good idea to install it.

Anti-Tracking Software. Many website collect cookies, track your vists and show you ads. Here are some software programs you can use to minimize your digital tracks and the amount of ads shown to you. AdBlock Plus will block many ads. Ghostery blocks 1,800 website trackers and will give you some information about what sites are tracking you and how extensively. EFF’s Privacy Badger is a Ghostery alternative. If you remain a Facebook user, installing Facebook Purity will eliminate the ads and installing Metal on your phone instead of Facebook will keep Facebook out of your phone’s operating system.

V – Video Conferencing

Video Conferencing is a common way for groups of people to talk to each other. If you’d like to do so with higher security, you can use apps that will provide some level of encryption.

Jitsi doesn’t require you to download anything and simply allows you to visit the site, grab a room and get started.

Zoom provides a more fully featured meeting service and will require participants to download a software application.

VI – The Cloud

The “cloud” is terminology for shared and stored documents that don’t reside on your own hard drive or on a server that you can lay your hands on, but instead reside in Internet space but are instantly accessible to you at any device. The cloud is very convenient, but things sitting out on the Internet can potentially be accessed. Some developers are providing competing product packages that are more privacy-friendly. Some to check out: NextCloud, Spider Oak, Tresorit, Box Crypter

Windows users might want to grab a copy of Eraser, a file shredder program that will genuinely delete your deleted files.

VI – Resources

Surveillance Self Defense

Defend Our Movements

Tactical Tech

Tech Activist

Electronic Privacy Information Center (EPIC)

Civil Liberties Defense Center

Equality Labs

Privacy Rights Clearinghouse

Wizcase Online Privacy Guide

 

Facebooktwitter