I’m no Steve Wozniak but I carry a healthy distrust of computers. After hearing of the Equifax data breach affecting the privacy of more than 145 million Americans, learning Uber paid and tried to cover up the loss of 57 million driver and passenger records and seeing the lasting impact of the Meltdown attack I’m starting to understand the gravity this quote from Woz:
Never trust a computer you can’t throw out a window.
Steve Wozniak
And that was just 2017, before Google CEO Sundar Pichai testified in front of Congress. Even before the Cambridge Analytica scandal became public knowledge, further justifying my long-standing concerns about Facebook.
So what are we as individuals to do to stay safe online when governments and the businesses they operate cannot even protect themselves?
We stay educated. And here’s what I can tell you to help.
Securing Your Digital Life
Review the following threats and responses you can take against those threats to hack your way to better privacy.
Advertisements seem to be following you around the Web, do they? You bet they are.
In 2007 Google, the world’s top search provider, spent 3.1 billion to acquire a company called DoubleClick. With the acquisition Google introduced a feature called Demographics and Interests in their wildly popular (and free) Google Analytics tool—itself an acquisition just two years prior.
Google then incentivized Analytics users into bugging their own websites with something called the DART cookie—which today gives Google detailed insights into not just your search behavior, but allows Google to track your very specific browsing behavior.
Don’t go wasting your time with oldschool ad blockers. Do this instead:
-
Learn how to go Beyond Incognito with a
host
file override and curtail at the OS-level all outbound traffic to nefarious ad and malware servers. -
Though few people know it, Google gives users the ability to opt out of personalized ads through Ad Personalization. Go ahead and disable personalized ad tracking right now. And while you’re in there have a have a look at all the other stuff Google is tracking too, including a precise history of your location if you’re an Android user.
-
Not the tech savvy type? Not to worry. There’s a browser from Brendan Eich, the creator of JavaScript, called Brave. Brave browser automatically disables ads and other trackers and helps prevent unnecessary bandwidth usage—saving you time and money while you browse.
Brave is available for both desktop and mobile and has tight integration for MetaMask and BitWarden. Use Brave to surf the Web, manage ERC-20 tokens landed during Initial Coin Offerings and help you maintain your privacy online.
Looking for an amnesiac mobile experience? Check out Firefox Focus, another privacy-focused browser with the ability to block trackers for Safari Mobile and does some nifty things for Android users as well.
It’s no surprise Facebook captures your data and mines it. But did you know it even shapes the way you think using AI? Everything you say and do on Facebook is not only used to fine-tune the ads targeted at you by DoubleClick and others, it is also used to train itself to hold your attention longer–turning you into the best consumer possible.
If you are not paying for it, you’re not the customer; you’re the product being sold.
Andrew Lewis
Facebook also owns a number of apps not commonly associated with Facebook such as WhatsApp, which uses deep learning to collect metadata and monetize users without showing advertisements.
-
Message using encrypted chat. Apps such as Signal, Keybase and Telegram can be used for encrypted messaging and group chat. Use both to reveal social and personal personas with various degrees of privacy. Heads up, though, Edward Snowden tweeted concerns about Telegram prior to their ICO due to collection of metadata.
-
Use ProtonMail with end-to-end email encryption. They have both 2048 (bank-level) and 4096-bit encryption options, it’s completely free and you can even opt in to receive receipt notifications at another inbox to help you maintain multiple inboxes.
If you pay a little money you can use ProtonMail along with the ProtonMail Bridge to encrypt email from an existing email client along with vanity domain name support.
Not sold yet? ProtonMail lays out why its more secure than Gmail and the case they make is very compelling to say the least.
-
Communicate ephemerally with Snapchat. Not only did Snapchat reinvent the camera, to solves the problem of too many disturbances when using social media. A little known fact, Snapchat also allows you to hide photos from your phone.
-
Believe it or not iMessage by Apple is also E2E encrypted. If you’re fortunate enough to own a computer with iOS you’re already protected by their messaging service when you communicate with any other iMessage user.
Most people understand the importance of changing their passwords for each account or app and using only secure, difficult to crack, passwords. But none of that matters when your online password manager can get hacked like LastPass was hacked in 2015 before critical security flaws popped up again just two years later.
And by you I mean everyone, with all their eggs in one basket. Of course the LastPasses and Dashlanes of the world are prime targets for hackers. And if hackers can get past ultra high-security DMZs like Equifax likely has of course they’re going to find a way in to a centralized database if you don’t save your passwords properly using something like KeePassX.
And if you’re looking for something newer with a stellar mobile experience at the expense of a little privacy check out BitWarden, which helps keep all your devices in sync and integrates with Brave browser.
Years ago I received an email from a college buddy named Tom who was traveling overseas. In the email he pleaded for help after losing his wallet—he needed money and fast. Several hours later I received another email from Tom.
The second email was from the Tom explaining how he hadn’t lost his wallet and didn’t need money. Tom went on to explain he was at an internet cafe using an insecure Wi-Fi connection and someone jacked his passwords using a packet sniffer like WireShark.
In the past setting up VPN was a tricky task and meant installing some fugly-looking software and reading a bunch of dry technical instructions. That is if you didn’t choose to pay for your VPN… But those days are over.
Today we have TunnelBear — a VPN app for iOS, Android, Windows, Linux and macOS. The bear will give you VPN easily, and it’ll do it for up to 1.5GB/month free. TunnelBear comes recommended by the privacy aficionados at DuckDuckGo and, based on my personal experience, is a damn pleasure to use.
Update 2019-12-12: I no longer use TunnelBear and instead recommend you check out Mullvad with WireGuard or Bitmask if you need something easy to use.
Use TunnelBear to workaround censorship restrictions and help protect against mass surveillance. Compare TunnelBear with similar services like Mullvad and several other privacy tools to see which are best suited for your needs. Just keep in mind VPN’s aren't perfect and they’re not anonymous. Neverthe less some have spent a great deal of time comparing them.
Towards Better Digital Security
Here are some additional things to try if you want to improve your privacy and better secure your digital life. A strong dose of paranoia will help you stay safe, so don’t be afraid to experiment and find the techniques which work best for you.
- Know even iPhones may be cracked.
- Subscribe to the EFF newsletter.
- Try the Privacy App from DuckDuckGo.
- Use Keybase to encrypt Git repos.
- Enable Do Not Track in your browser.
- Opt Out of NAI consumer tracking.
- Consider using Haven for Android.
- Understand why SMS is easily hacked.
- Avoid untrusted USB charging stations.
- Move place to place while working.
- Do your part to spreadprivacy.com.
- Read The Intercept and Zero Hedge.
- Consider donating to freedom.press.
- Follow Ed Snowden on Twitter.
- Encrypt and lock files with OpenPGP.
- Monitor your NIC with Little Snitch.
- Implement HSTS on your websites.
- Peek inside any Suspicious Package.
- Learn to spoof your MAC address.
- Investigate the Apple SIM protection.
- Try out ethvpn with OpenVPN.
- Store secure notes with BitWarden.
- Scan browsing privacy with Panopticlick.
- Try Privacy Badger to block trackers.
- Silence censorship with Streisand.
- Use Tails for privacy on-the-go.
- Understand hackers with AutoSploit.
- Practice
#offsec
with Kali Linux.
Don’t just take it from me. If you really want to learn the importance of privacy take it from an OG hacker, Kevin Mitnick, who lays it all out in his book The Art of Invisibility.
And if all this seems like overkill that may change once you start owning your private keys. Just keep in mind the safer you become the more suspicious you will look.
The quieter you become, the more you are able to hear.
N.N.