As a german I have learned at school too much control is dangerous. In 1936 the Gestapo was responsible for finding political enemies of the nazi regime. The Gestapo could easily arrest people without going the cumbersome way through justice. After the war Germany was divided and East Germany run the “Ministry of National Security” (roughly translated). It is better known as the Stasi. While the Gestapo needed to open handwritten letters the Stasi could already listen to phone calls. The Stasi was also responsible to find enemies to the regime.
In 1990 Germany reunited. One should think we have learned “total control” is not a good thing. Snowden showed us PRISM and Tempora and sacrificed his life. But instead of shocked protests almost nothing happens in Germany. I am shocked by my nation that it seems we haven’t learned anything from our history.
I now realized that we all underestimated the value of privacy and security in the computer world. Previously people who protected their privacy were called paranoid computer geeks. But it’s easy. Snowden showed it is not paranoia if you believe somebody spies upon you. And this blog wants to show you don’t need to be a computer geek to protect yourself (maybe a little bit).
Do I have something to hide?
I have (almost) nothing to hide. I just don’t show my letters to my neighbours. I close my doors and I believe the status of my health is private to me. My e-mails belong to me. Even the ones I get from my mum. I don’t allow anybody to treat me like a criminal or a terrorist.
I believe systems are fragile. If an Edward Snowden can show up the secrets of PRISM almost everybody else from that organization can cause problems for me too. It’s money, which talks. Knowledge like what is stored in PRISM is powerful. When you are having a couple of parties in summer your insurance might kick you out, because they already know about it and consider it risky to go out for a party. Try to discuss critical about your government when the government listens. People in China went to jail for that. There are a lot of possibilities to abuse the system. Hackers can make you a NSA target when they get access to your computer.
With my privacy I protect my freedom of thought. Yes, I am critical on the government. It is my duty in a democracy. A democracy without opposition is not longer a democracy.
Here are a few things I am currently considering or already actively using:
Recently I changed my DNS servers to use the Open NIC project. Computers have an unique ID. If you enter a domain into the browser, the domain needs to be translated to this ID (called IP address). This is done by DNS servers. Using Open Nic, you can protect your DNS requests:
“Governments all over the world are looking for ways to capture your Internet usage data. You can choose the DNS server you connect to, what country it’s located in, and how much logging is done with OpenNIC, so at least you are not tracked through your DNS requests.”
- Open Nic Project
The service is free of charge and there are easy to follow how-tos available. I use Open Nic for more than two weeks now and my internet experience didn’t change.
Some of your data is more important than others. You can easily protect it with TrueCrypt. It has a lot of features. Most important you can create a “virtual” hard drive, which can be mounted like a network drive in Windows or a DMG on OS X. Whatever you put there is encrypted and to date cannot be read except with your password / key. Of course, you should not lose your key because there is no backdoor and your data will be lost.
If you use Dropbox you could put your virtual disk there too.
Dropbox runs unencrypted. Every Dropbox employee can access your data. If you need a service like Dropbox for backup or sharing purposes you might want to look at SpiderOak. I am using it for some sensitive data and I enjoy the service so far. It is as easy as Dropbox.
From their website:
In technical terms it means that the server has ‘zero-knowledge’ of your data. In non-technical terms it means that your data is 100% private and only readable to you.
Signing and encrypting e-mails has been around for a long time. But its a bit tricky and maybe this was the reason people are not using it daily. I am a Gmail user and this is a problem. Due to the amount of my e-mail I cannot simply “switch”. It’s complicated. Luckily there are a few extensions which help me out of my misery, for example Mymail-Crypt. This is a Chrome extension which encrypts your e-mail before sending, with just clicking a button. In the same vein it can decrypt your e-mail.
The trick is it uses GPG. In other terms you’ll need a private key to encrypt your e-mails. And you’ll need to give your public key out to the people you want to be able to decrypt your e-mails. I have multiple private keys for multiple customers.
It would be even better if you would use Thunderbird with the Enigma extension.
If you would like to go with S/Mime or want another certificate, you could also check out CAcert.
You never know what Windows does under the hood. I am a Mac user because I believe it is a bit more secure than Windows. But actually I will need to change this. Apple is one of the companies affected by PRSIM and it means my data might not be safe anymore. It is not easy to switch operating systems or tools. When you use your computer at work it is sometimes almost impossible. But if you have a chance, you could try Linux. Linux has evolved well and it is very usable even on Desktops and on Smartphones. Valve even ported some great games to Linux recently.
There are a couple of Linux distributions out there. One of the most popular is Ubuntu. If you have not much clue on Linux you should start with that as it is well supported. If you feel comfortable with computers in general you might want to give a distribution a try which is just maintained by the community without any company in back. And if you are really looking for a challenge you might give OpenBSD (or other BSDs a try) which are very secure in general.
In general Open Source solutions most likely do not contain “privacy leaks”. In theory everybody can look into the code and in theory everybody can build it own their own. It makes it impossible to include code which sends your data to some third party.
When you are browsing the web your anonymity is gone. It is different if you browse covered by a virtual private network. There are some good services with less cost available which do not log what you are doing. As they do not log, they can’t give anything out to third parties. From the provider Private Internet Access:
Our service utilizes high grade encryption based on the cryptographically secure Blowfish CBC algorithm. This is used in conjunction with the OpenVPN protocol and is able to secure your data transmissions.
Basically you connect to the VPN provider and then to your target. Your target webserver only sees the IP address of the VPN provider. And finally the data you transfer between target webhost and your local computer is encrypted. Your provider is not able to see anymore what you are transferring.
VPN is also an option when you live in a region with active censorship (like for example China).
This website shows a list of VPN providers which you could choose. Please note, a VPN might make it possible to share files. I am definitely buying the art (music mostly) I consume. You should do the same.
Skype promised our messages and voice calls are encrypted. But there a rumors it didn’t help us.
Lucky us, there is something like Jitsi. Look at this how-to to learn more about it. Jitsi uses SIP, which is an open protocol. There are many implementations for it. You might find a free SIP provider here. Or you can run your own SIP server with OpenSips.
Jitsi provides Messaging but also Voice Chat and Screensharing. They say:
Jitsi can encrypt your calls using the innovative ZRTP.
If you don’t believe it, look for yourself - it’s Open Source.
Current smartphones are a black hole. You simply don’t know what they are doing. Apple, Google and Microsoft are all affected by PRISM. In future there will be phones running Ubuntu or Firefox OS. Both might provide you better transparency what happens with your data.
The best security is always to not rely too much on your smartphone. Currently I am only taking a phone with me when I am on longer travel for emergency cases. I got a paper calendar with the most important phone numbers and my appointments. It has a brilliant display and doesn’t need any power.
If you need your smartphone, look out for secure apps like the upcoming Heml.is.
It is necessary that we look at the tools we use. A website like Prism-Break helps a lot.
What are you doing to protect your privacy? Let me know! I am also glad to know if you have some experiences with the mentioned services.