I’ve been meaning to write a post on protecting yourself from online surveillance and hacking for a while, but I keep stumbling over the complexity of online encryption. There is no single magic bullet. To truly protect yourself, it takes a variety of tools, and a continuing effort to maintain good practices and educate yourself on new developments. But you know, fuck it, because now there’s a movement afoot and I am all about it.
The Background:
TLDR: the US government sucks, there are increasing numbers of criminals hacking you and stealing your data, and online corporations are storing your entire life in data warehouses. A grass roots movement called Reset the Net (brought to you by the Stop SOPA! guys) is pulling things together to get Internet bigshots to enact sweeping protections and to provide individuals with workable encryption tools to protect themselves. (As opposed to the brain-meltingly complex ones that were available in days of yore.)
For a rundown of the news as of June 11, you can check their site or read this article.
How To Do It:
You can find an array of privacy/security ools in this neatly organized webpage:
They include apps, plugins, and some tips.
There are a lot of tools, because 1: there are a lot of operating systems, and 2: we do a lot of different things on our computers (and cell phones and tablets). Different tools for different uses.
Deciding which ones you want, and how far you want to go to secure your privacy, is a matter of personal preference.
I strongly recommend HTTPS (a link to the HTTPS Everywhere plugin is a bit more than halfway down the page), which protects your internet browsing on, say, public networks where some dude with a cell phone and the right app could tap in to read the data you’re transmitting.
There are also tools to protect your IM sessions. Or your phone calls. You might even want to load up the TOR browser and vanish into the near-untraceable depths of the worldwide web. (It’s kind of cool, and you don’t HAVE to do anything shady with it.)
Here’s another collection of security things you can do, including excellent explanations. You’ll notice a sweeping theme of “Protect yourself from Google.” On that note…
Corporations and Data Privacy:
That’s because a major security/privacy hole for the Internet at this point is corporations.
When a for-profit company promises to protect your data, they generally mean they’ll protect it from everybody except them. And also, they’re legally beholden to respect the demands of the nations under which they operate.
Information companies like Google, Facebook, and even Tumblr are out to turn a buck. They collect your information—you give them permission to collect your information by using their service—in order to use it for things like figuring out target audiences for advertising. Unlike the EU, the US does not have laws guaranteeing that a person’s online data belongs to them (in the EU, if someone asks to have their account deleted, you had better damn well actually do it, but in the US they can just flip you off and keep it, or delete it from public access but store copies of it without telling you).
Thus: you might want to consider ditching Google Chrome. It may or may not be the most hack-safe browser (I haven’t kept up on that news lately), but with Google increasingly building in your Google account and tracking your activities when you’re logged in, it is far from the most secure browser. If you don’t want Google to have your information (and, perhaps, a government that wishes to requisition your data), then you may want to go with a browser like Firefox.
Likewise Google Search. And Facebook and Facebook Connect (which lets Facebook know what sites you’re signing into using your Facebook ID).
Disclaimers:
1: Some of these apps can be complicated to use, or to use well. Some of them are super-easy. HTTPS Everywhere is a set-and-forget browser plugin (except for that time it fucked up Tumblr for me). But others require more work. Again, depends on your personal threshold of effort vs. security.
2: These apps are not perfect. This is the complicated part about protecting your online privacy. These apps and techniques will help protect you, and using them is certainly better than not. But if you’re really serious about not being spied on, then you need to do your homework and understand the details of the strengths and limitations of each application, and how best to layer them to fully protect yourself. There are layers to the internet, and those different layers need different types of protection.
3: Encryption isn’t always perfect. For example, OpenSSL and Heartbleed. These things happen, but you do your best.
So again: it’s never perfect. But it can be—and is quickly becoming—much, much better.