Slashdot Mirror
Ask Slashdot: How Do You Protect Your Privacy These Days? Or Do You?
An anonymous reader writes "The NSA snoops traffic and has backdoors in encryption algorithms. Law enforcement agencies are operating surveillance drones domestically (not to mention traffic cameras and satellites). Commercial entities like Google, Facebook and Amazon have vast data on your internet behavior. The average Joe has sophisticated video-shooting and sharing technology in his pocket, meaning your image can be spread anywhere anytime. Your private health, financial, etc. data is protected by under-funded IT organizations which are not under your control. Is privacy even a valid consideration anymore, or is it simply obsolete? If you think you can maintain your privacy, how do you go about it?"
not truthfully responding to such questions
Nothing you do electronically is anonymous. I don't use the Internet, I don't make phone calls, and I don't do email. Ever. At all. I only pay cash (coins actually, because bills have serial numbers that can be tracked). And I certainly would never, ever, post anything online.
My private data does not leave my home network. I lack off site backups, but Google spies on all my email. I rarely bother with Tor, just enough to draw suspicion. Gee, maybe I should rethink some of this, but that sounds like work.
I think my issue here is the same as a lot of peoples: maintaining privacy requires you actually bother to do stuff. My categorical banning of all cookies, java script and browser plugins except for white lists is really the only effort I've put into my privacy.
I don't go around spamming private stuff on Facebook, but I still expose my reading habits to web servers, my ISP etc. I don't host my own sites, so I'm leaking lots of info about my users/readers to the hosts. I lack HTTPs support on most of my sites, so I'm leaking lots of stuff.
I've toyed with Tor hidden services (I made one), and bitcoin (I have some), but never actually done anything with them. I have a big interest in privacy, but generally I don't bother with it. Its kinda sad really.
We need better tools to make having privacy not be a sacrifice: it needs to be easy, and not lose you features, or even the people who care (like me) won't even bother. We are a long way from this, which in the purest sense isn't even actually possible (You have to lose some features if you have true privacy).
Most people I have talked with are angry, but don't know how to act against it.
I send everything to Snowden for safe-keeping.
Table-ized A.I.
I don't have anything the NSA is interested in.
The people that are likely to try to gain from violating my privacy are likely to spend 10 times more then they gain.
I'm less worried about the likes of the NSA, and more worried about criminal gangs getting hold of my data and using it to make my life a misery through identity theft.
Anyhow, the way these things work is:
- Either a very small percentage of people are seriously affected by breaches in privacy, in which case I don't need to worry too much about it, or
- A significantly large number of people are seriously affected, so that it becomes a political issue and there's a push to do something about it.
Deal with reality - the world as it is - rather than ideality - the world as you would like it to be.
I think it's important to protect my privacy despite not having much they are interested in. I encrypt my harddrives, have my own domain with e-mail that I've set up with GnuPG on my workstation and laptop, I sometimes use the TOR bundle as well as a USB with Tails on it. The simplest thing is that I subscribe to https://www.privateinternetaccess.com/ to get proxy/VPN access to the net. Also, setting Firefox up with HTTPS everywhere, DNTPlus, NoScript etc. is important.
It doesn't take much to make their jobs harder. I use these things also for everyday items, it's not like I fire up PIA to "go dark and do evil stuff". I've plenty of friends that don't see the point of doing what I do when what I use it for isn't illegal, but privacy means privacy from prying eyes, I decide what I share with others.
So you plan on never going to the doctor. Never getting a job. No girlfriend. Never walking down a city street. Never owning a car. Never renting or owning a place to live. Oh, and groceries...
About all you could do is head to the woods and live off the land, but not yours. ( Of course then you have the satellites to worry about.. ).
Good luck with that plan.
---- Booth was a patriot ----
The issue is you cannot protect your privacy directly from the NSA. They seem to have tapped communication between Google data centres, can request any information they wish from any company (Google, FB, your local ISB and phone provider, etc), so the only option is limiting the amount of data you provide. Interestingly I started taking the following steps even before the leaks simply because I became uncomfortable with the major corporations gathering my data and then changing their privacy policies at will. That's not how contracts are supposed to work, and disagreeing doesn't seem to have any effect. Once Snowden went public, my paranoia turned out to be justified.
In general terms, I do not share anything truly personal on a public forum. So on FB I never upload pictures, I do not share places I visit, and I do not provide a phone number. I just use it to set up events like Birthdays or nights out. I do not use twitter, foursquare, pinterest, instagram, myspace or whatever social fad of the day happens to be. It could be that in my early thirties I'm becoming a technology Luddite, but then I was never denied a job because my *insert questionable behavior here* is posted all over the net.
Google is a special case. I started using Gmail when getting invites was almost impossible, and Youtube when they were still independent. So giving up my Gmail account would be a VERY significant undertaking, especially since I couldn't come up with better alternatives (fast, supporting POP3, almost perfect uptime, and guaranteed not to shut down). But I never stay signed into Gmail outside checking my mail, I do not use G+, I stopped using YT while being logged in, and I search through DuckDuckGo. And if anyone can suggest a reliable email provider that is NOT Google, MS or Yahoo, I am all ears.
Getting to specific platforms, on a Windows 7 PC, I use Seamonkey with Adblock Plus and No Script. I also block all third party cookies. I'm also considering adding Ghostery to the mix. This takes care of most of the trackers, cookies, ads, etc. I have not used Linux on a desktop in years, and I am yet to touch Windows 8, so I can't comment there. I also never share my location, although it's pretty braindead to find out where my IP is located anyway.
On my smartphone, I run CyanogenMod without GApps, meaning no Google account, no PlayStore, no Google Maps, etc. You get the idea. Every single app on my phone is installed from F-Droid. I have a fully functional, OSS book reader (Cool Reader), browser (Firefox with Adblock Plus), map application (rmaps), email client (k-9). So my phone is fully functional for my needs without any connection to the Google servers. As before, I never share my location which on a smartphone does make a difference.
This is pretty much what I've done to avoid Big Data without using any functionality and giving up only a bit of convenience. Any suggestions for improvements are more than welcome.
Anything I care to keep private, I don't put on the internet. That's about it.
"First they came for the slanderers and i said nothing."
So you plan on never going to the doctor. Never getting a job. No girlfriend. Never walking down a city street. Never owning a car. Never renting or owning a place to live. Oh, and groceries...
Slashdotters don't do any of these things. Especially not the job or the girlfriend or leaving the basement.
That is the question I'd like to start with. Because I'd answer yes it is. I don't want my identity stolen, my economic future decided by whether my boss sees a photo a friend of a friend of mine posted 5 years ago to a social networking site I didn't join, or my emails to my ex-girlfriend read by anyone other than me or her. So if it is worth protecting, then when we realize "how can you protect your privacy" is really broken up into subdomains, and for many of those the answer is "right now you cannot", we have motivation to then ask "how can we change that?".
The main thing I do to protect my privacy is not to use "free" services, such as Gmail, Hotmail for personal email. I maintain my own server which has a mailserver installed. This means that no-one except me (and anyone who manages to break in) can just access my email.
I live in the Netherlands where ISPs are forced to keep "traffic records" of me. Because I'm an academic I get to use the academic ISP, which is not bound by that law, at least for Internet traffic. But having my own mailserver means that also my my email traffic is not monitored and can not be requested by the police. Furthermore, having your own mailserver and domain also makes it very easy to compartmentalise service subscriptions. Just make a new email address for each service.
I used to use Google Calendar, and Contacts but stopped with that since I discovered that OwnCloud is a really decent private drop-in replacement that you can host yourself.
I use many different privacy plugins (Ghostery, Adblock, etc.), while being aware that this makes my browser ID somewhat unique and identifiable. At least I'm making it harder for them.
Don't worry, it's all just 1's and 0's anyway...
I don't use my real name on the internet. This is no small thing, because Facebook will throw you off their network for using a fake name, and while I find facebook to be ubelievably drab and awful, I suffer a penalty in relationships from not being on it, since nearly everybody I know has some kind of presense on Facebook, I'd rather not trust the NSA with my personal information, but since i am not a criminal, the potential negative consequences involved are finite. I could be harassed for my views, though they're not particularly extreme, or falsely accused of a crime, But there are a billion people on the internet, and they've got a billion agendas, and i know from experience that some of them can truly be evil motherfuckers. There's no sense in trying to measure or aniticipate what can happen, what they're going to individually decide or figure out. I'm probably safe. I'm a 55 year old male with not much money. Nobody's going to want to stalk me for anything, but I refuse to participate in this crazy experiment whereby we turn down the privacy settings for civilization, and see who thrives, and who gets hurt. Zuck you, Fuckerberg!
Everything Snowden released has shown that the NSA doesn't have magical ways to break modern encryption. They rely on strong-arming various organizations and hacking vulnerable systems.
faraday cage cell phone case
Just take the battery out. Physically remove it. Or if you want to be 110% sure don't carry a phone at all, it's not like it's law that you have to carry one.
Don't use windows. Even if you don't believe the NSA backdoored windows the NSA do get every bug alert long before anyone else does. They also have no problem using script kiddie tactics.
Using windows is like storing your data in a transparent bag in full view of the world.
Here's the thing:
There are two levels of private here. There's keeping things private from potential employers, friends, family, associates and so on and there's keeping things private from the NSA, GCHQ, Chinese Government and so on. The average guy or girl has absolutely no hope of keeping their online dealings private from the latter. From the former, you don't so much keep them private as be a bit circumspect when making use of the internet, your mobile phone and so on.
So far over the last 10 years I've had 1 credit card attempted theft (tried to transfer £4,000 out of it, bank caught it as "suspect" so it didn't happen) and I've had 2 email accounts hacked and used to send spam. Of the latter, the problem was weak passwords. I now have a "system" for passwords and none are weak, but that doesn't mean the NSA and GCHQ can't still read them. I have no intention of fighting a room full of Mathematics PhDs for my data.
Even if you get the NSA to stop doing this through political action, the Chinese, Russians and so on will still be doing it.
The government snooping around doesn't bother me all that much, as while it might be a waste of money, it really doesn't affect me. It's just dead data sitting around on some NSA server. There is more interesting stuff to read then my email. What I am bothered by is the leaking of private data that happens all over the place, things like the people you follow on Twitter or Youtube being publicly visible information. Why exactly does every modern social webpage treat what are essentially bookmarks as public information and publishes it to the world? Why is everybody just accepting that and not complaining about? You can't even switch it off most of the time. I find that incredible annoying and avoid any service that does that when I can. I don't have much of a problem with my information being out there, but at the very least a service should make it very clear what kind of information is public and what is private and modern services don't really do that.
Another thing I have a real issue with is the starting pervasiveness of requiring real life authentication to log into a webpages. Mobile phone numbers started as just a way to get your password back, but now quite a few webpages are requiring them and Google+ and Facebook have their real name requirements. Furthermore there are more and more webpages that only allow you to access them via your Facebook or Twitter login, not via a webpage specific account. So once Facebook or Google switching on the requirement for a mobile phone number or real name and enforce that, that means your real life identity is linked to a ton of a webpages and you can't stop that from happening unless you completely avoid that webpage, as even Tor doesn't give you a free anonymous mobile phone number.
I don't have anything the NSA is interested in.
It's correctable. Just ask your congressman to make your everyday activity punishable. Here in Russia I read about 3 reports per day about people punished due to use of social networks to publish dissent with official national policy.
Three things:
- I am making an effort - both privately, and for the companies I consult with, to move away from US-based services. This is a long-term strategy, as changing company infrastructure can take time.
- Encrypt everything. It take a bit of work, but you can set up encryption so that it is transparent to the casual user. Just as an example, with EncFS you can automatically and transparently encrypt data you store in the cloud. The user sees the unencrypted version, but the encrypted version is synchronized with the cloud.
- Teach people about password managers like KeePass. Get people to use long, cryptographically difficult passwords. Bonus points: copy-paste out of a password manager eliminates over-the-shoulder observation, keyloggers, passwords written on post-its, etc.
Enjoy life! This is not a dress rehearsal.
Come on, you're asking the wrong question!
The sun doesn't revolve around you or me.
Those here who answer "I don't care" are halfway right.
None of us will be betrayed by Google or Amazon - that's bad business.
NSA won't post your private stuff or steal your money - they just want to do their job, damn the consequences.
However, after the next economic depression and mass unemployment, or after the next great war,
when we elect our Führers, or support revolutions ending in a totalitarian states,
they will find it convenient that our governments have built the infrastructure for their tyranny.
To answer the question that your should have asked:
* Voice your opinion.
* Support EFF https://www.eff.org/action and similar organisations.
* Contact your representative.
* Vote with your head and your heart - not your wallet.
No sig to see here. Move along.
We've seen a lot of this propaganda in the past years and I refuse to believe it. What I mean is the attempt to spread a meme that says "post-privacy" or "privacy is done for anyways".
Look who the proponents of this meme are. Always, always the people who want it to be the case - Zuckerberg, government spy units, advertisers.
No, the battle isn't over while one side still fights. And there is quite a lot you can do to maintain your privacy. And like everywhere, there's a law of diminishing returns, which means the first steps, that bring you a ton of privacy back, are really, really easy.
Step No. 1: Don't post all your life to Facebook, Instagram and Twitter. Security researchers have demonstrated years ago how from that data alone they can create extensive profiles on you, including movement data that police would need a search warrent for your mobile provider for.
Step No. 2: Keep your secrets secret. If you want to share them with someone because you just have to talk with someone about the guy you murdered last week, or the hot chick you cheated on your wife with last month, or how you really hate your grandma even though you always play nice at the family events because she's rich - or whatever is on your conscious, do it in person, face-to-face only.
And that's about it. 80% of your privacy restored right there.
Whine about the NSA all you want, but if I can reconstruct where and with whom you have been with at what time on which day from your social media data, the biggest threat to your privacy is yourself.
Assorted stuff I do sometimes: Lemuria.org
A few commenters have suggested that they have nothing to worry about because they let no "sensitive" information out onto the web.
Sorry to break it to you, but the world is not fair. People are sometimes framed or kangaroo-ed into apearing guilty of something when they are clearly not (I have had it happen). Sometimes, various authorities need to catch someone to hang blame upon for some crime. I've even heard cops tell a public defender, "We know he didn't do it, but we know he's a bad kid, so we got him."
Also, numerous (unregulated) consumer-monitoring agencies scrape up everything from public databases, buy lists from shops, service providers, your bank, your phone company, your credit card company, and your grocery "club card," sold subscriber lists, and so on. All of this data is correlated based on a few unique or semi-unique identifiers such as full name, SSN, phone number, credit card transaction number (it's illegal to track by CC #, but they get around this.), bank and account's last-four digits, addresses, and so on. This approach does produce some viable correlations, but typically yields "profiles" that are rife with errors.
HR departments use reports from these aggregators as if they were 100% accurate. There is no law in place that will allow you to opt out, to see their entire file on you, or to correct errors. There are anecdotes of people searching months for a job, only to find out at some point from an interviewer that, "you have XXXXX crime in your profile," even if you don't have a record. I once had collection agencies coming after me from Time-Warner Cable for bills on a Texas account — I have never lived in Texas, but the burden of proof was on me.
Despite what the aggregators would have everyone think, names are not unique. Phone numbers are not unique, as they are recycled. Email addresses are often not unique, as they are recycled.
Like it or not, there are many profiles on you that are beyond your access, and the law has not yet caught up with these practices.
Happy privacy!