Your Online Privacy Plan
It wouldn't be a stretch to say that privacy, at least in much of the Western world, is pretty much dead. Every day seems to bring a new assault on this most basic of human rights – whether it be to do business and hold bank accounts in another country without government influence, to travel from one place to another without in-depth tracking or simply to surf the Internet without government, business, and/or criminals keeping tabs on everything we do.
It is the Internet that, at least to your humble correspondent, seems to be the most concerning at the moment for two reasons:
First, because we have become so dependent on this marvel of technology for everything from research to basic communication, from our banking and financial management to entertainment. To “unplug” would be very difficult and change many of our lives in ways we probably couldn't imagine.
Second, because most people aren't aware that literally EVERYTHING you do on the web can now be tracked, recorded and stored permanently – specific to you. Every time you enter a search into Google, every time you type in a web address and every e-mail you receive – at least if you haven't taken the necessary precautions.
And so brings us to the point of today's article – preserving some semblance of privacy in a non-private world. To do that, privacy expert Paul Rosenberg has graciously offered to share a few of the simplest and easiest ways to do that.
Your Online Privacy Plan
By Paul Rosenberg
Founder, Cryptohippie
Although the “leading voices” worked long and hard to convince people that Internet surveillance was a conspiracy theory spun by hucksters, it is now clear that governments, crooks and advertisers are stealing nearly every piece of information that anyone sends over the Internet. Worse, they are storing it, searching it, cross-linking their databases, and selling your most private information to anyone willing to pay for it.
In one way, the powers that be have won. They can now see and record nearly everything transmitted through the open Internet. But we still retain the ability to protect what we are doing by creating a private Internet that they can't see… a “darknet.”
KEEPING THEM OUT
Your privacy plan begins with making sure the bad guys can't get access by devious means. These first steps are fast, easy and free, and they'll help keep other people's fingers out of your computers.
- Use the Firefox browser. Firefox is an excellent browser, but the important thing about it is that it is open source software. That means that the programming code can be viewed by the user, which creates transparency. Any programmer can look it over to see that there are no secret backdoors or other dirty tricks. Microsoft and the others will not let programmers look at their code. We're supposed to take their word for it that they are secure.
- Once you have downloaded Firefox, you need to add some of their optional extensions. Go to the TOOLS menu, then ADD-ONS, and then find EXTENSIONS. First, get the NoScript extension. That will give you one-click control over Javascript, which you should use only when necessary. (The use of Javascript can allow a lot of information to slip out of your machine.)
- Next, follow the same process and get the Better Privacy extension. This one will keep the really nasty cookies off your computer (the ones that can track your activities across whatever web sites you visit).
- As a general rule, remember to clear your history and cookies regularly.
STOP SIMPLE TRACKING
As much as we like Firefox, it does have a few problems. The big one is that it will, if you let it, sense nearby wireless networks, then send their names and your computer's IP address to Google Location Services. (We'd like to know how Google accomplished that.) So, unless you want Google and all of their friends to know your physical location all the time, here's how to fix this:
1. In Firefox, type about:config in the address bar. Disregard the warning that appears.
2. Scroll down to geo.enabled, and double-click to change default value to False.
3. Scroll down to geo.wifi.uri, right click then click on Modify.
4. Type in localhost and hit OK.
The same problem shows up in Thunderbird, which is Firefox's (very good) email program. To deactivate Google Location Services, follow these steps:
- From the Thunderbird menu bar, click on TOOLS, then OPTIONS, and then ADVANCED. (For Macs, the menu path is THUNDERBIRD, then PREFERENCES, then ADVANCED.)
- Click on Config Editor and disregard the warning that appears.
- Scroll down to geo.enabled and double-click to change from default to False.
We noticed the same problem appears in Apple machines, specifically in Mac OS 10.5 and 10.6. Here's how to shut it off in version 10.6 (and perhaps others):
1. Click on the Apple symbol.
2. Choose System Preferences.
3. Choose Security.
4. Choose General.
5. Choose Disable Location Services.
AN OUTGOING FIREWALL
One slick little tool is called an outgoing firewall. It makes sure that only approved transmissions leave your machine. The only really good one of these we know is called Little Snitch, and it is (so far) only available for Macs.
PROTECTING YOUR DATA
For a data thief, breaking into computers can be difficult work, and unless you can pick out specific machines, you may not get any payoff from the exercise. So, the smart thieves don't really focus on that. Instead, they just grab all the data that people are sending back and forth all day. If you were a crook, wouldn't that be the method you'd choose?
To protect your data, however, requires something from you. Either you put a lot of time and effort into it yourself, or you pay someone to do it for you. There's really no other choice.
So, I'll start by showing you how to do it for free:
The primary program you need for this is called Tor, and it functions by using something called onion routing. Onion routing can be very slow, and it has had problems, but it is free. Here's how to use it:
- Setup Tor with a program called Privoxy. (Download and install both.)
- Configure Privoxy to use Tor, then configure your browser to use Privoxy.
- Reconfigure every program that will connect to the Internet for Tor, including word processors, Skype, email programs, graphics programs, games, and so on. Each must support either SOCKS or HTTP.
- Re-download and re-install Privoxy every two months. (If you do not, you will have problems.)
- Download Thunderbird from Mozilla and start using it exclusively for email.
- Get GnuPG, create a set of keys, and start using encryption for all your correspondence.
- Get the Enigmail extension for Thunderbird and use it to encrypt/decrypt your emails.
- Get the Pidgeon chat program and the GPG extension. Use them.
- Clear your browser's history regularly.
- Install a decent firewall (Zone Alarm has a nice one) and don't open unknown email attachments.
There are also other tools you can use to protect yourself, but let's stop here. I've given you a lot of simple things you can easily do, and one option that is more difficult and time consuming. That's enough to take on at once, and these are the most important things anyway.
This may be a lot of work, but if protecting your privacy is important to you, it is worthwhile. The alternative is to pay a company like mine to provide protection for your data. Either way, I urge you to implement your own plan to protect your computer privacy.
Cryptohippie – Free Trial Offer
Note from IM's Managing Director: I first became a customer of Paul's Cryptohippie service a few years ago – it is arguably the most sophisticated VPN solution I've ever used. While there are definitely other options out there, most are quite complex and if setup incorrectly, can actually cause more problems than they solve. On the other hand, you can use a system like Paul's – it's just not free. However, we've been able to arrange a 7-day free trial if you want to check it out before making any commitment. Click here for more info.