Go Ahead and Try to Lead a Secure, Private Online Life
Photograph by Helen King/Corbis
With government snooping entering the public consciousness in the past couple of months, many people are wondering how best to protect their privacy and security while online. So what are the tools that will ensure their safety?
Sorry to be a downer, but they may not exist yet. There are tools out there that can probably protect you, but for the most part it would be a mistake to view them as a sure thing. That doesn’t mean they’re not worth looking into, though, and here’s why.
There’s no doubt that encryption is the first step you should take to protect the contents of your communications. If you’re dealing with sensitive data, you should already be doing it, NSA or no NSA.
E-mail is the obvious starting point and, if you don’t trust that government agencies won’t get their hands on Microsoft (MSFT) and Google’s (GOOG) master keys, you should set up your own private e-mail service. A good package is Mozilla’s Thunderbird client, combined with the Enigmail security extension and the GNU Privacy Guard (GnuPG). Here’s a guide to setting these up. Follow those instructions and set up a self-hosted e-mail server such as Kolab (not a trivial task), and you’re about as protected as you can get on that front.
That is, as long as the people you’re e-mailing are as security-conscious as you. An encrypted e-mail is no use if the person on the other side of the conversation doesn’t have the facilities to decrypt it. That shouldn’t be a problem if you’re dealing with corporate communications, but as for applying encryption to everyday e-mail, unless your aged aunt happens to be crypto-savvy, forget about it.
There’s a reason services such as Gmail don’t support encrypted content, and that’s the fact that encoding and decoding it introduces an added layer of inconvenience. (Incidentally, there are a few browser extensions for encrypting webmail, such as Mailvelope and SecureGmail, but they’re only in alpha or beta, so tread cautiously.)
“Most public key encryption is always going to be strong enough to keep out snoopers, but you have the extra hassle of installing a new e-mail client and distributing the key,” Professor Alan Woodward, of the Department of Computing at the University of Surrey in England, told me. “Most people don’t realize how to do it. It’s not technically difficult, but people are just not aware of it, and people who are just not technical wouldn’t think about it.”
There is, however, another issue with encryption. As the leading cryptographer Bruce Schneier wrote recently:
“Since the Snowden documents became public, I have been receiving e-mails from people seeking advice on whom to trust. As a security and privacy expert, I’m expected to know which companies protect their users’ privacy and which encryption programs the NSA can’t break.
“The truth is, I have no idea. No one outside the classified government world does. I tell people that they have no choice but to decide whom they trust and then to trust them as a matter of faith. It’s a lousy answer, but until our government starts down the path of regaining our trust, it’s the only thing we can do.”
In the past couple of weeks, security researchers have also warned that recent mathematical breakthroughs might make it much easier to break commonly-used encryption techniques.
There are several elements to surfing in as private and secure a manner as possible. The first is the browser itself.
Here, the Tor Browser Bundle is probably as trustworthy a service as you can find. Tor is a network of nodes run by volunteers: The user surfs through Tor’s Firefox-based browser, and all the traffic gets bounced around these nodes at random, making it impossible to figure out which node will be used to connect the user with the public Internet.
Recent events have demonstrated, however, that Tor can be susceptible to vulnerabilities in the underlying Firefox code (users were urged to upgrade to the latest bundle this week and also to stop using Windows). What’s more, there’s the slight issue of who runs those nodes. The same might apply to many VPNs, incidentally.
“Tor relies on trust in those running Tor, and Tor is run by volunteers. Anyone can sign up [to run exit nodes],” Woodward warned. He added that Tor’s use by criminals has “attracted a lot of attention” despite its legitimate use by journalists and dissidents, meaning law enforcement agencies are trying to work around Tor’s security mechanisms to identify its users.
Even if the exit node you’re using is compromised, though, encrypted browsing should sufficiently garble what the attacker sees. That means sticking to sites whose URLs start with “https.” But there again, you’re trusting that the NSA, or whoever, hasn’t gotten to the companies that issue SSL certificates, allowing that “https” prefix to be displayed. Again, we don’t know what they’re capable of.
Tor has other issues, too: All that relaying makes for slower browsing, and it also doesn’t play nicely with financial services and other websites that are seriously looking out for fraudulent access. That means you probably need to use Tor alongside another browser, dividing your workload between them as appropriate.
Happily, things are a bit less complicated on the search front. Google alternatives such as DuckDuckGo, Blippex, and Ixquick don’t come with the risk of agencies knocking on the provider’s door and demanding users’ search histories, because they simply don’t record those histories in an identifiable way. They’re not as pretty as Google or Bing, but they do the job without logging IP addresses and the like.
Mobile and the rest
Broadly speaking, you can just forget about privacy in the mobile domain. Handsets are constantly tracked by the mobile network, even when they’re turned off. Recent research suggests that each device’s radio broadcasts a unique signature based on minute variations in hardware. We can be identified based on the predictability of our daily movements. And smartphones are packed with all sorts of sensors, such as accelerometers and gyroscopes, that can even identify users by their gait.
On top of that, as things stand today, the broad permissions required by most popular apps mean too much data are collected unnecessarily. Add in the factor of APIs connecting apps to each other and a variety of backend services (often without the user’s knowledge), and who knows who is in a position to offer up that data if asked?
If you’re willing to overlook all of that, though, there are options for those brandishing an Android handset. The CyanogenMod community and others offer Android variations that break with Google’s services, but users should be aware that apps coming from outside the Google Play ecosystem carry a slightly enhanced risk of being infected with nastiness.
As for normal Android and iOS and Windows Phone, well, we just don’t know how deeply involved with Prism Google, Apple (AAPL), and Microsoft are. The companies are certainly involved to some extent, and it will probably never be possible for them to prove the negative they need to prove: “We can demonstrate that the NSA can’t tap into our data.” So if you really want to be sure of your privacy, you simply shouldn’t use their products.
So that covers communications, surfing, and mobile use. For other suggestions (social networking, instant messaging, and so on) you can check out the Prism Break website. You’ll notice that everything on that list is open source. This is crucial, because it means experts can crawl around the source code, looking for hidden backdoors and vulnerabilities. If you can audit it, you can probably trust it.
The services you will find there, however, exemplify the fundamental problem facing the privacy-minded individual today: that this stuff isn’t for everyone. Yes, some of these products and services don’t require much technical knowledge to install and use, but all require a level of geekiness that the average user won’t have or won’t want to acquire. If they didn’t, they’d be widely used now. Their technology and techniques would be built into the consumer services we use every day.
What’s needed is a serious advance in usability. That means re-architecting or replacing some technologies, such as public-key based encryption, but it also means the volunteer projects creating these open-source tools need to think more beyond their own kind and take the nontechie user into account. It sounds trivial, but making Tor prettier—just improving the interface and user experience—would make it infinitely more valuable than it is today.
Because ultimately, the Internet is all about interacting with others, and it’s no good obeying privacy and security rules yourself when the people you’re interacting with provide snoopers with an easy way in. Until they become everyday tools for normal people, most of the products and services listed above are of only limited utility.
Also from GigaOM
Why the Pentagon’s Seal of Approval Matters in Mobile (subscription required)