The idiot’s guide to internet privacy (or 6 must-have tools for all web users)


By Mohammad T.

Recent revelations by Edward Snowden concerning the National Security Agency’s massive surveillance dragnet have put refocused the public’s attention to the privacy pitfalls of casual internet use. Coupled with near daily news stories about internet security systems being compromised, and it’s enough for a lay internet user to be frazzled into submission. Fear not — I decided together a handy guide for folks who want to push back against the war being waged against user’s privacy and anonymity. What you’ll find here is a compilation of tools and services that will help ensure, as much as is currently possibly, a modicum of anonymity and security in a treacherous world of tracking, advertising, data retention, and surveillance. I personally use all of these, and in my humble awesome opinion, they are all, well, awesome.

There’s much more out there to what I’ve listed below, but this will get you started if you’re new to this world. I’ve included a couple links below which you can follow to truly update your nerd-dom if you’d like; otherwise, we’ll start here for now.

Of course, none of this stuff is intended to prevent government surveillance of the type we’ve read about from the NSA — nor could it, as we’ve found out from Lavabit. It will help, however, push back against the massive tracking and surveillance apparatus erected by the private sector that monetizes everyday individuals’ behaviors online.

With that brief introduction, let’s get to it.

Internet search: DuckDuckGo

The problems with the large search providers (Google, Bing, and Yahoo) are numerous, but the benefits they provide aren’t as great as they once were. The trend of these large providers toward creating an inter-connected online eco-system for their users is fraught with privacy and surveillance implications that we have yet to fully understand. Think, for example, of Google: internet search, Google Docs, Maps, YouTube, etc. Google’s unified privacy policy makes it such that one user’s actions across all Google services are potentially used to build a profile about you.

My alternative: DuckDuckGo. This easy, effective browser provides easy and effective search results, but without storing information about your searches. It uses a compilation of sources to provide search results, and prominently displays Wikipedia results. It also is very ad-light, which makes for a more spiritual online search experience.

DuckDuckGo has been profiled in a number of different media outlets, and has seen a large uptick in traffic in the aftermath of the Snowden revelations. I’d recommend it!

Internet browsing: Tor

Navigating the web has become a treacherous enterprise, with many sites you visit (and many you don’t visit) scrambling to collect location-based data on you, your habits, and your online behaviors. In order to break up this system, and enable to privately surf the web without compromising your location and your habits, there’s Tor. It’s a free, open network of servers and users built to allow you to route your internet traffic through anonymous locations across the web — a kind of relay approach to web browsing where the runner who finishes the race does not know who the runner who started the race is.

I highly recommend this free, easy program. When you open the program, it connects you with the Tor network, connects you to it, and allows you to surf the web through a built-in Firefox-powered browser. Super simple, but incredibly effective.

There’s only one drawback: speed. Traditionally, you browse the web by connecting your computer directly to, say, Amazon’s servers. Tor creates a bridge between the two connections, thereby making you connect your computer to a number of intermediaries that anonymize your location before you ultimately end up at Amazon. As a result, your internet speed is cut down, from lightning fast to slightly-less-than lightning fast. But this could be a small price to pay if you value your private space.

Bonus internet browsing tool: HTTPS Everywhere

If you’re not ready to plunge deep into private internet browsing, you can always use this handy tool produced by the Electronic Frontier Foundation in collaboration with the Tor Project to at least connect securely with the websites you currently visit. It’s a great little tool, currently available for Firefox and Chrome users, which allows you to connect securely with sites which support an encrypted connection protocol called HTTPS. It’s easy to use, and works with many sites that support such connections, including Google, Facebook, the New York Times, and PayPal. No reason not to download this goodie, frankly.

Internet tracking: Ghostery

Ever wonder how a company like Facebook, Google, or Yahoo are so wickedly capitalized, even though it seems like most of their services are absolutely free? Of course, these internet behemoths have premium offerings that are usually tailored to large enterprises, but the vast majority of their users pay nothing for the vast majority of their services. The answer is advertising: these companies profit from creating a profile about you. What you search for, where you get directions to, what you shop for, what videos you watch, and to whom you send emails to — all of this stuff is tracked, compiled, distributed, and monetized.

That’s where handy programs like Ghostery come in. Ghostery lets you understand, and block, the “invisible web” of trackers whose purpose it is to map your online behavior and monetize it. It is a browser extension that you can download for Firefox, Chrome, or Safari, and operates with a relatively low footprint. You can specify which trackers you want to block, or you can block ’em all. It’s great, it’s easy, and it’s effective.

(A good alternative is DoNotTrackMe.)

Secure e-mail: Lavabit

Just kidding. The government forced this company to shut down, the circumstances of which are sealed. In short, Lavabit provided end-to-end encrypted email, full-proof from prying eyes. But it appears that the government has forced Lavabit and its peers to either enable a backdoor to allow the government access to email contents, or to enable a mechanism for the company itself to transfer the contents of emails to the government. Because the company cannot do so without compromising its very goal of providing encrypted fully secured email, it shut down in an act that Mega chief executive Vikram Kumar called “privacy seppukku.”

There are a few alternatives, which you can read about here and here. I haven’t tried any of these alternatives, or attempted to encrypt my google email messages — any thoughts would be welcome.

Online storage: SpiderOak

Cloud-based online storage is a great way to store some of your most important files, enabling you not only to create full-proof backups of your sensitive files, but also to share them with friends and colleagues. One problem: the stuff you store is (usually) not encrypted, and the services you use (sometimes) troll through your data. What’s a backup-needer to do? Use SpiderOak.

SpiderOak solves that problem. It allows you to securely (read: encryption) store your data online, sync them between all of your devices (including between Macs and PCs, which has been great for me), view your files on your smartphone, and share files easy with others. But the biggest benefit of SpiderOak is that it has a “zero knowledge” policy: the password you use on your account encrypts the files you back up to the cloud, and only you have access to that password. SpiderOak does not know your password, and therefore cannot access your files. What does that mean? The most secure and private storage solution out there.

It’s recent update has added a few new features which are cool. I would totes recommend this.

(Alternatives encrypted storage solutions are also available, but SpiderOak is my fave. Also, please excuse the link I posted above for SpiderOak — it’s a referral link which, if used to create a new account, gives me an extra GB of storage. Shameless, I know).

Password manager: LastPass

I’m increasingly convinced that password managers are a necessary tool in the belt of all internet users. Their premise is simple: securely store all  your login and password information for the bazillions of sites you have accounts for, thereby allowing you to forget them all. You can retrieve your account information for any site only by remembering one “master” password. That master key unlocks all of your stored passwords. Never have to worry about whether a site uses a login ID or an email for a login password. Never fret over whether a service required your password to have one unique character, one lower case character, or a bat symbol.

But there’s a less-recognized benefit of password manager: because you only have to remember a master code, you can create impossibly complicated passwords for your most sensitive accounts, and change those passwords on a constant basis. I do this with my email accounts and my banking accounts: the passwords for these accounts are random strings of numbers, symbols, and characters that I don’t have to remember, but which create a tall barrier of entry for hackers and ne’er-do-wells. Trust me: this is something you want to do, unless you want this to happen to you.

There a number of password managers out there, but I prefer LassPass. It’s easy to use, and operates as a low-footprint browser extension that you can install on all of your browsers that you use. It stores your passwords online in an encrypted file securely, and provides some great added features (increased security through a USB password, a smartphone application for your passwords, and the ability to store notes with sensitive information in them). And it’s all free. You need this program.

(Speaking of passwords, make sure you use two-factor authentication for all of your accounts where available. For example, Google’s two factor authentication is pivotal for all Gmail users.)

For more information…

This concludes my (hopefully) handy guide to programs and services for your worry-free internet use. There’s obviously a lot missing here, and I was purposely not obtuse in my descriptions of the technology, so I invite you to suggest any additional programs, tools, or sites that you use. What works for you? What issues do you have with any of my recommendations? I’d love your feedback.

And for more information, check out EFF’s Surveillance Self-Defense project. It’s a great primer for those who want to protect themselves in the contemporary online environment.

Also peek EPIC’s online guide to practical privacy tools. There is a ton of good stuff linked there.


Leave a comment

Filed under Technology and Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s