4 ways to protect your online privacy right now: a Philly advocate's guide - Technical.ly Philly

Civic

Jan. 9, 2017 12:47 pm

4 ways to protect your online privacy right now: a Philly advocate’s guide

After all, everyone deserves curtains on their windows, right?

You can show someone how to download encrypted messaging app Signal while you wait for dessert, says Kate Krauss.

(Photo by Flickr user Jessica Rossi, used under a Creative Commons license)

This is a guest post by online privacy advocate Kate Krauss.

Happy new year! I’m an online privacy advocate, and I’m here to encourage you to start the year with better digital security.

“Eh, nobody cares about what I do online,” you may say. But watch as these good guy systems administrators who thought that very same thing get the scare of their lives. You don’t need to be a sysadmin to care about privacy. After all, everyone deserves curtains on their windows, right? Why should your research into that mysterious lump you found, or your unhealthy obsession with Ryan Gosling, be saved, and possibly sold, by strangers?

These days, it doesn’t matter if you have a lock on your door. If you don’t have online privacy, you don’t have privacy at all. So here are simple and powerful steps you can take to protect it.

Calls and texts: Use Signal

There is a confusing array of online privacy tools to choose from, with more being built every day. My suggestion: Download Signal, an easy-to-use phone app that lets you text and make phone calls (even international ones) with end-to-end encryption, free of charge. There’s also a PC version, so you can type on your laptop keyboard if you like.

Signal’s Moxie Marlinspike, recently profiled in the Wall Street Journal, is a well-known and respected software developer in the information security community.

Signal is so simple that you can show a friend how to download and use it while you’re waiting for dessert at a restaurant — in about 10 minutes. Signal gives you your first, trusted encrypted channel. Now you can text, phone, send photos or even paste and send a document, very, very safely.

Signal received a real-world test last year when the feds subpoenaed Signal’s company, Open Whisper Systems, for data on a particular user, and the company turned over everything it had — which was just the date that the user started the service. There were no names, no message content and no phone logs. Open Whisper Systems saves almost nothing about its users, so there is nothing to turn over — privacy by design.

Some of Apple’s products also have end-to-end encryption, but many security analysts prefer Signal. After all, last week Apple caved in to the Chinese government and removed the New York Times app from its iTunes store in China.

Advertisement

That was another kind of real-world test. Signal is also open source and undergoes regular security audits.

Fix your web browsing habits

Every time you visit a website, you leave behind information about who you are and what you care about, whether you are researching VCs or looking for a therapist. And the website can see your IP address — which is awkward if you are, for instance, checking out a competitor. Companies also sell this information, which you provide unknowingly and for free, to advertisers. Multiple governments may collect and literally warehouse this information so that they can use it later for their own purposes.

Every time you visit a website, you leave behind information about who you are, whether you are researching VCs or looking for a therapist.

So second, I’d download and fire up the Tor browser. It allows you to surf the web anonymously. It’s like Firefox or Chrome but it has many privacy features built in. Tor’s a bit slow because your computer connection hops around the world before reaching its destination, but it includes the incomparable invisible features of freedom and privacy. It’s used by judges, diplomats, journalists, human rights activists and maybe now, you.

Full disclosure: I work for the Tor Project, a nonprofit organization that develops the Tor browser. But don’t just take my word for it: Edward Snowden recommends (and uses) Tor.

I’d also use a password manager — I use LastPass. Theoretically, someone could hack LastPass, but that’s a lot less likely (for me, at least) than getting into trouble by re-using an old password. And do turn on two-factor authentication on important accounts, so bad guys would need two pieces of information, and not just your password, to access your account.

(Editor’s note: There’s also DuckDuckGo, the Paoli-based search engine that promises not to track you. You can set it up to be your default search engine and still use Google through it using a simple keyboard code.)

Next, teach a couple friends how to use Signal, and share this article. The key to protection is to get as many people onboard as possible. And that’s the friendly thing to do.

One final thought

Officials in Washington would like even more power to spy on you and collect your data. Yet the members of Congress in charge of approving this authority aren’t yet tech-savvy, and many don’t understand the real world, Bill of Rights implications of these powers. So stay alert. History shows that once information is collected and saved, it is often misused.  Follow digital rights advocates on Twitter (or sign up for their newsletters): Senator Ron Wyden and The Electronic Frontier Foundation are good places to start.

Philadelphia is home to prominent electronic privacy and information security researchers like Matt Blaze at Penn and Rachel Greenstadt at Drexel. Groups of privacy advocates meet in places like The Hacktory, a makerspace in Powelton Village, and new groups are forming to hold “cryptoparties,” where people teach each other the tools to stay safe online over a beer. There are lots of ways to get involved, but first: Use Tor, use Signal. And spread the word.

-30-
Kate Krauss

Kate Krauss is an internet privacy advocate. She's the former director of communications and public policy for the Tor Project.

Profile   /   @aidspol   /   Send an email
  • Nick

    Nice and informative article. I prefer VPN over Tor because of much greater speeds and adaptability. Proper VPN such as Traceless means great privacy protection without effect on internet speed. Among things mentioned in article, I think encryption is also important for protecting online privacy.

  • Salla

    What’s the “simple keyboard code” to use Google through duckduckgo? If it’s “!G”, doesn’t that still just pull up a Google page, meaning your Google account is used (and if you aren’t signed into Google, how is that any different from searching directly from Google.com without being signed in?)

  • Caittm

    Great piece of content. For the ultimate privacy, I always opt for using a VPN. PureVPN has been really good at protecting my privacy.

    • Allen

      People, be aware, PureVPN and Ivacy (actually it’s the the same company) are famous for their shills. Google them before purchasing anything: http://imgur.com/a/Tw8Sv

  • Kate

    VPNs are comparatively easy to hack. It’s easy for bad guys to locate the VPN company’s servers, which carry all of your personal information, and hack them. The VPN may even sell your information, or someone could simply bribe or subpoena the VPN’s CEO. There is a single point of failure. In contrast, the Tor network has a decentralized network of 7,000 servers and a highly unpredictable pattern for the Internet traffic that travels among them (typically your traffic travels to three different servers before arriving at its destination).

    By the way: DuckDuckGo, a great Philadelphia company with a conscience, is the default search engine for the Tor browser. DuckDuckGo has even established an onion service that you can only reach via the Tor browser (download and install it at torproject.org). You type this address into the Tor browser address bar to reach DuckDuckGo: 3g2upl4pq6kufc4m.onion When you do this, your search on DuckDuckGo never leaves the Tor network at all. This is an exceptionally safe way to search on the Internet. Who might use this? Well, lots of people. Diplomats who are searching the websites of repressive governments, or journalists who are investigating a corrupt politician. Or you, if you want to be super safe. (Thanks to my colleagues at Tor for helping me to think through the difference between exiting Tor to DuckDuckGo versus staying within the Tor network.)

  • reaper

    I thought TOR was infiltrated and taken over by the government? i’m still skeptical as many sites will still turn over your info once issued with a national security letter and or warrant from the government and then won’t let you know they turned the info over

    • Kate

      Nah, definitely not infiltrated. We don’t have your info to turn over and have never been sent a National Security Letter (our theory is that the feds know better than to try).

  • Bill

    GREAT article. Keep is informed please.

Advertisement

Sign-up for regular updates from Technical.ly