(Photo by Flickr user Jessica Rossi, used under a Creative Commons license)
Happy new year! I’m an online privacy advocate, and I’m here to encourage you to start the year with better digital security.
“Eh, nobody cares about what I do online,” you may say. But watch as these good guy systems administrators who thought that very same thing get the scare of their lives. You don’t need to be a sysadmin to care about privacy. After all, everyone deserves curtains on their windows, right? Why should your research into that mysterious lump you found, or your unhealthy obsession with Ryan Gosling, be saved, and possibly sold, by strangers?
These days, it doesn’t matter if you have a lock on your door. If you don’t have online privacy, you don’t have privacy at all. So here are simple and powerful steps you can take to protect it.
Calls and texts: Use Signal
There is a confusing array of online privacy tools to choose from, with more being built every day. My suggestion: Download Signal, an easy-to-use phone app that lets you text and make phone calls (even international ones) with end-to-end encryption, free of charge. There’s also a PC version, so you can type on your laptop keyboard if you like.
Signal’s Moxie Marlinspike, recently profiled in the Wall Street Journal, is a well-known and respected software developer in the information security community.
Signal is so simple that you can show a friend how to download and use it while you’re waiting for dessert at a restaurant — in about 10 minutes. Signal gives you your first, trusted encrypted channel. Now you can text, phone, send photos or even paste and send a document, very, very safely.
Signal received a real-world test last year when the feds subpoenaed Signal’s company, Open Whisper Systems, for data on a particular user, and the company turned over everything it had — which was just the date that the user started the service. There were no names, no message content and no phone logs. Open Whisper Systems saves almost nothing about its users, so there is nothing to turn over — privacy by design.
Some of Apple’s products also have end-to-end encryption, but many security analysts prefer Signal. After all, last week Apple caved in to the Chinese government and removed the New York Times app from its iTunes store in China.
That was another kind of real-world test. Signal is also open source and undergoes regular security audits.
Fix your web browsing habits
Every time you visit a website, you leave behind information about who you are and what you care about, whether you are researching VCs or looking for a therapist. And the website can see your IP address — which is awkward if you are, for instance, checking out a competitor. Companies also sell this information, which you provide unknowingly and for free, to advertisers. Multiple governments may collect and literally warehouse this information so that they can use it later for their own purposes.
Every time you visit a website, you leave behind information about who you are, whether you are researching VCs or looking for a therapist.
So second, I’d download and fire up the Tor browser. It allows you to surf the web anonymously. It’s like Firefox or Chrome but it has many privacy features built in. Tor’s a bit slow because your computer connection hops around the world before reaching its destination, but it includes the incomparable invisible features of freedom and privacy. It’s used by judges, diplomats, journalists, human rights activists and maybe now, you.
Full disclosure: I work for the Tor Project, a nonprofit organization that develops the Tor browser. But don’t just take my word for it: Edward Snowden recommends (and uses) Tor.
I’d also use a password manager — I use LastPass. Theoretically, someone could hack LastPass, but that’s a lot less likely (for me, at least) than getting into trouble by re-using an old password. And do turn on two-factor authentication on important accounts, so bad guys would need two pieces of information, and not just your password, to access your account.
(Editor’s note: There’s also DuckDuckGo, the Paoli-based search engine that promises not to track you. You can set it up to be your default search engine and still use Google through it using a simple keyboard code.)
Next, teach a couple friends how to use Signal, and share this article. The key to protection is to get as many people onboard as possible. And that’s the friendly thing to do.
One final thought
Officials in Washington would like even more power to spy on you and collect your data. Yet the members of Congress in charge of approving this authority aren’t yet tech-savvy, and many don’t understand the real world, Bill of Rights implications of these powers. So stay alert. History shows that once information is collected and saved, it is often misused. Follow digital rights advocates on Twitter (or sign up for their newsletters): Senator Ron Wyden and The Electronic Frontier Foundation are good places to start.
Philadelphia is home to prominent electronic privacy and information security researchers like Matt Blaze at Penn and Rachel Greenstadt at Drexel. Groups of privacy advocates meet in places like The Hacktory, a makerspace in Powelton Village, and new groups are forming to hold “cryptoparties,” where people teach each other the tools to stay safe online over a beer. There are lots of ways to get involved, but first: Use Tor, use Signal. And spread the word.