Ladies and Gentlemen, here it is. We’ve put a lot of effort into this, and it’s very long. We tried to think of every angle in terms of privacy, and the effort was worth it. Almost 13,000 words about how to protect your privacy online. There’s no need to read it at once, just check the index below and click on the parts that interest you.
- Encryption key leghth
- NSA attacks on key encryption
- Perfect Forward Secrecy
- The takeaway – or So is encryption secure?
- The importance of end-to-end encryption
- Cached DNS entries
- Flash Cookies
- Other web tracking technologies
- Great browser extensions you should use
- Block reported attack sites and web forgeries in Firefox
- Mobile browser security
- Encrypt your emails using GNU Privacy Guard
- PGP on mobile devices
- Encrypted Webmail
- Encrypt your Gmail
- Other email precautions
- VoIP with end-to-end encryption
- Secure your text messages, Instant Messaging and Chat
- Ditch the cell phone!
- Manually encrypt your files before uploading them to the cloud
- Use an automatically encrypted cloud service
- Use BitTorrent Sync Cloudless syncing
- Use Linux rather than a commercial OS
- Use a Virtual Machine
- Give Whonix a try
- Password protect your BIOS
- Secure your Flash Player settings
- Change DNS servers
- Use secure passwords
- Social networking
- Avoid all US based services
Edward Snowden's NSA spying revelations highlighted just how much we have sacrificed to the gods of technology and convenience something we used to take for granted, and once considered a basic human right – our privacy.
It is just not just the NSA – governments the world over have been racing to introduce legislation that allows to them to monitor and store every email, phone call and Instant Message sent or received, every web page visited, and every VoIP conversation made by every single one their citizens.
Parallels with George Orwell’s dystopian world ruled by an all-seeing Big Brother have been bandied about a great by the press of late, but are unfortunately and depressingly accurate.
All is not lost however, as encryption provides a highly effective way to protect your internet behavior, communications, and data. The main problem with using encryption is that its use flags you up to organizations such as the NSA for closer scrutiny.
Details of the NSA’s data collection rules can be found here, but what it boils down to is that data from US citizens is examined, and then discarded if found to be uninteresting to the NSA. Encrypted data on the other hand is stored indefinitely, until such time as the NSA can decrypt it.
All data relating to non-US citizens can be kept indefinitely, but sheer practicality suggests that encrypted data gets special attention.
If a lot more people start to use encryption, then encrypted data will stand out less, and surveillance organizations’ job of invading everyone’s privacy will be made much harder. Remember – anonymity is not a crime!
Following revelations about the scale of the NSA’s deliberate assault on global encryption standards, confidence in encryption is not as high as it was just a few months ago. So let’s examine the current state of play…
Key length is the crudest way of determining how long a cypher will take to break, as it is the raw number of ones and zeros used in a cypher. Similarly, the crudest form of attack on a cypher is known as a brute force attack (or exhaustive key search), which involves trying every possible combination until the correct one is found.
While it is true that if anyone is capable of breaking modern encryption ciphers it is the NSA, to do so would be a considerable challenge. With regard to a brute force attack, please consider the following:
- A 128-bit key cypher would require 3.4 x10(38) operations to reliably break
- In 2011 the fastest supercomputer in the word (the Fujitsu K computer located in Kobe, Japan) was capable of an Rmax peak speed of 10.51 petaflops. Based on this figure, it would take Fujitsu K 1.02 x 10(18) (around 1 billion) years to crack a 128-bit AES key by force
- In 2014 the most powerful supercomputer in the world was the NUDT Tianhe-2 in Guangzhou, China. Almost 3 times as fast as the Fujitsu K at 33.86 petaflops, it would ‘only’ take it around a third of a billion years to crack a 128-bit AES key. That’s still a long time, and is the figure for breaking just one key
- A 256-bit key would require 2(128) times more computational power to break than a 128-bit one
- The number of operations required to brute force a 256-bit cipher is 3.31 x 10(65), a number roughly equal to the number of atoms in the universe!
Until the Edward Snowden revelations, it was generally assumed that 128-bit encryption was in practice uncrackable through brute force. And would be for another for another hundred years or so (taking Moore’s Law into account).
In theory this still hold true, but the sheer scale of resources that the NSA seems to throw at cracking encryption has shaken many experts’ faith in these predictions, and system administrators around the world are scrambling to upgrade cipher key lengths.
If and when quantum computing becomes available, however, all bets are off. Quantum computers will exponentially more powerful than any existing computer, and will make all current encryption ciphers and suites redundant overnight.
In theory, this problem will be countered by the development of quantum encryption. However, at least for a while, access to quantum computes will be preserve of the most powerful and wealthy governments and corporations only. As we have seen, it is not in the interests of such organizations to democratize encryption.
For the time being, however, strong encryption is your friend.
It should be noted that the US government uses 256-bit encryption to protect ‘sensitive’ data (and 128-bit for ‘routine’ encryption needs).
However the method it uses is AES, which as we shall discuss below is not without problems.
While encryption key length refers to the amount of raw of numbers involved, ciphers are the mathematics used to perform the encryption. It is weaknesses in these algorithms, rather than in the key length, that often leads to encryption being broken.
By far the most common ciphers that you will likely encounter are Blowfish and AES, which are used by OpenVPN. In addition to this, RSA is used to encrypt and decrypt a cipher’s keys, and SHA-1 or SHA-2 are used as hash functions to authenticate the data.
AES is now generally considered the most secure cipher for VPN use (and in general), and its adoption by the US government has only increased its perceived reliability, and consequently its popularity. However, there is reason to believe this trust may be misplaced.
AES, RSA, SHA-1 and SHA-2 were all developed and/or certified by the United States National Institute of Standards and Technology (NIST), a body that by its own admission works closely with the NSA in the development of its cyphers.
Given what we now know of the NSA’s systematic efforts to weaken or built back doors into international encryption standards, there is every reason to question the integrity of NIST algorithms.
NIST has been quick to deny any wrong doing (‘NIST would not deliberately weaken a cryptographic standard’), and has invited public participation in a number of upcoming proposed encryption related standards in a move designed to bolster public confidence.
The New York Times, however, has accused the NSA of circumventing NIST approved encryption standards by either introducing undetectable backdoors, or subverting the public development process to weaken the algorithms.
Any existing trust was pretty much destroyed by news that a NIST certified cryptographic standard – the Dual Elliptic Curve algorithm (Dual_EC_DRGB) had been deliberately weakened not just once, but twice, by the NSA.
That there might be deliberate backdoor in Dual_EC_DRGB had already been noticed before. In 2006 researchers at the Eindhoven University of Technology in the Netherlands noted that an attack against it was easy enough to launch on ‘an ordinary PC’, and Microsoft engineers flagging up a suspected backdoor in the algorithm.
Despite these concerns however, where NIST leads, industry follows. Microsoft, Cisco, Symantec and RSA all include the algorithm in their products' cryptographic libraries, in large part due the fact that compliance with NIST standards is a prerequisite to obtaining US government contracts.
When you consider that NIST certified cryptographic standards are pretty much ubiquitous worldwide throughout all areas of industry and business that rely on privacy (including the VPN industry), this is all rather chilling.
Perhaps precisely because so much relies on these standards, cryptography experts have been unwilling to face up to the problem.
Perfect Forward Secrecy
One of the revelations that came out of the information provided by Edward Snowden is that “another program, code-named Cheesy Name, was aimed at singling out SSL/TLS encryption keys, known as ‘certificates’, that might be vulnerable to being cracked by GCHQ supercomputers.”
That these certificates can be ‘singled out’ strongly suggests that 1024-bit RSA encryption (commonly used to protect the certificate keys) is weaker than previously thought, and can be decrypted much more quickly than expected by the NSA and GHCQ.
In addition to this, the SHA1 algorithm widely used to authenticate SSL/TLS connections is fundamentally broken. In both cases, the industry is scrambling fix the weaknesses as fast as it can, by moving on to RSA-2048+, Diffie-Hellman, or Elliptic curve Diffie-Hellman (ECDH) key exchanges and SHA2+ hash authentication.
This is a system whereby a new and unique (with no additional keys derived from it) private encryption key is generated for each session. For this reason it is also known as ephemeral key exchange.
If PFS is used, then although one SSL key might become compromised, this does not matter very much because new keys are generated for each connection (and are often refreshed during connections). To meaningfully access communications, these new keys would also need also be compromised, a task arduous to the point of being effectively impossible.
Unfortunately, it is has become common practice (because it’s easy), for companies to use just one private encryption key, meaning that if this key is compromised then the attacker can access all communications encrypted with it.
The most widely used VPN protocol is OpenVPN. It is considered very secure, but one of the reasons for this is because it allows ephemeral keys to be used.
Unfortunately again, this is often not actually implemented by many VPN providers. If Perfect Forward Secrecy is not used, the OpenVPN connections should not be considered secure, no matter how otherwise strong the encryption used is.
It is also probably worth mentioning here that the HMAC SHA1 hashes routinely used to authenticate OpenVPN connections are are not a weakness, as HMAC SHA1 is much less vulnerable to collision attacks than standard SHA1 hashes
For example, you would need to break HMAC in order to reach the underlying hash in order to start collisions attempts on it. Mathematical proof of this is available in this paper.
It is becoming abundantly clear that to underestimate the NSA’s ambition or ability compromise all encryption is a bad mistake. However, it remains the best defence we have against them (and others like them), and to the best of anyone’s knowledge strong ciphers such as AES (despite misgivings about its NIST certification) and OpenVPN (if Perfect Forward Secrecy is used) remain secure.
As Bruce Schneier, encryption specialist, fellow at Harvard’s Berkman Center for Internet and Society, and privacy advocate famously noted,
'Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.'
It is also worth remembering that the NSA is not the only potential adversary, and most criminals and even government organizations have nowhere near as much ability to circumvent encryption as the NSA does.
The importance of end-to-end encryption
End-to-end (e2e) encryption means that data is encrypted by you on your own device and where you (and only you) hold the encryption keys (unless you choose to share them). Without these keys, an adversary will find it extremely difficult to decrypt your data.
Many services and products do not use e2e encryption, instead encrypting your data and holding the keys for you. This can be very convenient (allowing easy recovery of lost passwords, syncing across devices, etc.), but does mean that these third parties can be compelled to hand over your encryption keys.
A case in point is Microsoft. It encrypts all emails and files held in OneDrive (formerly SkyDrive), but it also hold the encryption keys. In 2013 it used these to unlock the emails and files of its 250 million worldwide users for inspection by the NSA.
Basically, services that encrypt your data on their servers, rather than you encrypting your own data on your own machine, should be strongly avoided.
An important limitation to encryption is that it does not necessarily protect users from the collection of metadata.
Even if the contents of emails, voice conversations, or web browsing sessions cannot be readily listened in on, knowing when, where, from whom, to whom, and how regularly such communications are made can tell an adversary a great deal. This is a powerful tool in the wrong hands (i.e. just about anybody).
For example, even if using a securely encrypted messaging service such as WhatsApp, Facebook will still be able to tell who you are messaging, how often you message, how long you usually chat for, and much more. With such information it would be trivially easy to discover that you were having an affair, for example…
Indeed, although the NSA does target individual communications, its primary concern is the collection of metadata. As NSA General Counsel Stewart Baker has openly acknowledged,
‘Metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.’
However, the reason I said ‘not necessarily protect users’ is that technologies such as VPNs and Tor can make the collection of metadata very difficult. For example, an ISP cannot collect metadata relating to the browsing history of customers who use a VPN to hide their online activities.
Do note, though, that many VPN providers themselves do logs some metadata, which should a consideration when choosing a service that will protect your privacy.
Please also note that mobile apps typically bypass any VPN that is running on your device, and connect directly to their publishers' servers. Using a VPN, for example, will not prevent the WhatsApp app sending metadata back to Facebook.
Use FOSS software
The terrifying scale of the NSA’s attack on public cryptography and its deliberate weakening of common international encryption standards has demonstrated that no proprietary software can be trusted. Even software specifically designed with security in mind.
It is now a proven fact that the NSA has co-opted or coerced hundreds of technology companies into building backdoors into their programs, or otherwise weakening security in order to allow the NSA access. US and UK companies are particularly suspect, although the reports make it clear that companies across the world have acceded to NSA demands.
The problem with proprietary software is not just that as sole developers and owners, companies can be fairly easily approached and convinced to play ball with the NSA, but that their source code is kept secret, making it easy to add to or modify in dodgy ways without anyone noticing.
The best answer to this problem is to use free open source software (FOSS). Often jointly developed by disparate and otherwise unconnected individuals, the source code is available to everyone to examine and peer-review, thereby minimizing the chances that it has been tampered with
Ideally this code should also be compatible other implementations, in order to minimize the possibility of a backdoor being built in.
It is, of course, possible that NSA agents have infiltrated open source development groups and introduced malicious code without anyone’s knowledge, and the sheer amount of code that many projects involve means that it is often almost impossible to fully peer-review all of it.
Still, despite these potential pitfalls, FOSS remains the most reliable and least likely to be tampered with software available, and if you truly care about privacy you should try to use it exclusively (up to and including using FOSS Operating Systems such as Linux).
Steps you can take to improve your privacy
So, with the proviso that nothing is perfect, and if ‘they’ really want to get you then it is probably worth assuming 'they' can, there are steps you can take to greatly improve your privacy.
Probably the first step to improving your privacy is to pay for things anonymously. Of course, when it comes to physical goods that need to be delivered to an actual real-life address, this isn’t going to happen (except for goods bought locally with cash).
Online services are a different kettle of fish however, and it is increasing common to find ones that accept payment through Bitcoin and the like. A few, such as VPN service Mullvad, will even take cash sent anonymously by post.
Bitcoin is a decentralized and open source virtual currency that operates using peer-to peer technology (much as BitTorrent and Skype do). The concept is particular revolutionary and exciting because it does not require a middleman (for example a state-controlled bank) to work.
Whether or not Bitcoins represent a good investment opportunity remains hotly debated, but is not the subject of this article, and is anyway outside of my area of expertise.
As a ‘crypto-currency’, Bitcoins can be bought, traded, invested and used to buy goods and services - just like any other form of money. Although nowhere near as widely accepted as ‘regular’ currency, this is changing fast, especially in the realm of on-line services such as VPN (in fact we have an article on 5 Best VPNs that accept Bitcoin!) that aim to improve users’ anonymity,
One important thing to understand is that Bitcoin is not inherently anonymous. The exciting thing is that with care it can be made so.
I have written a very detailed 5-part guide on Buying Bitcoins to pay for VPN anonymously. Most of the advice in it applies equally well paying for any online service anonymously. Below is a summary of the main points.
Buying Bitcoins Anonymously
Most Bitcoin traders are located in the US, and have US based bank accounts. This can make buying Bitcoins outside the States both a little involved, and location-dependent. However, the following methods are common ways to obtain Bitcoins anonymously.
For maximum anonymity:
- Use anonymous, disposable email addresses
- Create a new Bitcoin address (wallet) for each purchase – if you use the same address then one mistake will allow all transactions to be traced back to you
- Never reveal personal information, such as your real name, address, or phone number
- Use a mixer service – even if you use a more anonymous method of purchasing Bitcoins outlined below, it can’t hurt to launder it further (although this will cost a bit).
1. Buy Bitcoins non-anonymously then ‘clean’ them with a mixer service
Neither the cheapest nor the most anonymous method, this is the most convenient. It does nevertheless ensure a fairly high degree of anonymity. Using this method you do not actually buy your Bitcoins anonymously - you simply purchase them from an automated Bitcoin exchange (such as CoinBase), and then ‘launder’ them using a ‘mixer’ service such as Blockchain.info's shared send feature, which uses CoinJoin technology.
A mixer service basically anonymizes your Bitcoins by swapping them with multiple other users, making it very difficult (but not impossible for a determined investigator) to follow the chain back to you. Services such as this are, of course, not free (Blockchain.info for example charges a 0.5% fee).
Many automatic exchanges require you to prove your real-world identity, in which case it is easy to determine that you have purchased Bitcoins (but not what happens to them after that, if you mix them).
2. Use pre-paid credit cards
This method is somewhat location-dependent, but in most areas it is possible to buy pre-paid ‘gift’ credit cards over-the-counter. These can then be used to buy Bitcoins anonymously if the transaction is performed through disposable email addresses etc. Alternatively, you can just use the card to buy on-line services directly!
3. Buy locally with cash
The website LocalBitcoins.com lets you find Bitcoin sellers who live near you. Once you have found a seller you are happy with, it is up to you to contact them and to arrange a meeting.
Prices are generally higher than those on CoinBase etc., and you should pay attention to feedback in order to ensure the seller is highly scored (this works much like the feedback system on eBay).
4. Buy from an individual seller online
#bitcoin-otc uses a quite involved feedback system, which it is well worth spending the time to understand, and you will need to hash out the payment method with the seller. A list of IRC clients can be found here.
In addition to pre-paid credit cards and good old cash, there are plenty of alternative crypto-currencies out there. Bitcoin is by far the most popular and stable crypto-currency, but others are available. A full list of these is available here, and some of the pros and cons of the ‘top 5’ are outlined in this article.
Do be sure to check out my extensive guide to buying Bitcoins and paying for VPN services anonymously, starting here.
Virtual Private Networks (VPNs) and the Tor network are the most popular technologies for staying private while surfing the internet. They hide what you get up to on the internet from your ISP (and therefore the government), and can hide your true identity from websites you visit and services your use.
On the face of it, these two technologies appear to serve a similar purpose. In reality, however, they are very different technologies, and while there is some overlap, their primary use-cases are very different.
VPNs are a suite of technologies that:
- Provide privacy by hiding your internet activity from your ISP (and government)
- Allow you to evade censorship (by school, work, your ISP, or government)
- Allow you to “geo-spoof” your location in order to access services unfairly denied to you based on your geographical location (or when you are on holiday)
- Protect you against hackers when using a public WiFi hotspot
- Allow you to P2P download in safety.
In order to use VPN you must first signup for a VPN service, which typically cost between $5 – $10 a month (with reductions for buying 6 months or a year at a time). A contract with a VPN service is required to use VPN.
I have written an extensive VPNs for Beginners guide aimed at discussing all major issues related to VPNs in detail. Please consult this for further information.
It is important to note, however, that although a VPN can provide a high level of privacy (if a good no-logs service is used), it does not provide anonymity. This is because, at the end of the day, a VPN provider can* always know what you get up to on the internet. It is for this reason that privacy, not anonymity. If you require true anonymity then you need…
The Tor network
Tor provides a very high degree of true anonymity, but at the cost of day-to-day internet usability. When using Tor:
- Your internet connection is routed through at least 3 random “nodes” (volunteer run servers)
- These nodes can be located anywhere in the world
- The data is re-encrypted multiple times (each time it passes through a node)
- Each node is only aware of the IP addresses “in front” of it, and the IP address of the node “behind” it
- This should mean that at no point can anyone know the whole path between your computer and the website you are trying to connect to (even if some nodes along the path nodes are controlled by malicious entities).
Tor is free. and the real beauty of the system is that you do not have to trust anyone. It is designed so that no-one can discover your true identity.
It can also make quite a handy anti-censorship tool, but many repressive government go to great lengths to counter this by blocking access to the network (to varying degrees of success).
Using Tor and VPN together
It is possible to use Tor and VPN together to provide meaningful security benefits. For a discussion about this, plus some suggested VPNs that support such configurations, please see 5 Best VPNs when using Tor.
Tor vs. VPN
Tor a vital tool for that tiny subset of internet users who really require the maximum possible anonymity. VPNs, however, are a much more practical privacy tool for day-to-day internet use.
For a detailed look at Tor, plus a full discussion on its pros and cons versus using a VPN, please see my Tor Network Review.
VPN and Tor are the most popular ways to maintain anonymity and evade censorship online, but there are other options. Proxy servers in particular are quite popular, although in our opinion they are inferior to VPN.
It’s not just the NSA who are out to get you: advertisers are too! And they are willing to use some very sneaky tactics to follow you round the web and piece together a profile of you in order to sell you stuff (or sell this information to others who want to sell you stuff)…
Most people who care are aware of HTTP cookies, how to clear them, and that most browsers now have a Private Browsing mode that not only prevents the browser from saving your internet history, but also blocks these cookies. It is therefore a good idea to always surf using Private Browsing, but this alone is not enough to stop you being tracked across the internet, as your browser leaves many other traces as it goes…
In order to speed up internet access, your browser caches the IP address it receives from your default DNS server (see the section on changing your DNS server later).
In Windows you can see what DNS information has been cached by typing ‘ipconfig/displaydns’ at the command prompt (cmd.exe)
- To clear the DNS cache in Windows,open the command prompt window and type: ipconfig /flushdns [enter]
- To clear the cache in OSX 10.4 and under, open Terminal and type: lookupd -flushcache
- To clear the cache in OSX 10.5 and above, open Terminal and type: dscacheutil -flushcache
A particularly insidious development is the widespread use of the use of Flash cookies, which are not always blocked when you disable cookies in your browser (although modern browsers do block them), and which can track you in a similar manner to regular cookies. These can be located and can manually deleted from the following directories:
A better tactic however, is to use the CCleaner utility (available for Windows and OSX), which not only cleans out pesky Flash cookies, but also a host other rubbish that is slowing your computer down and leaving traces of your internet activity behind. To do this CCleaner needs to be properly configured, a process we describe in our article on the subject.
Thanks to growing awareness of Flash cookies, including the so-called ‘zombie cookies’ (bits of persistent Flash code which respawn regular cookies when they are modified or deleted), and the fact that most modern browsers include Flash cookies as part of their regular cookie control features, the use of Flash cookies is declining (although they still represent a serious threat).
We have a detailed article on Flash cookies, the dangers they pose, and how to prevent them available here.
Unfortunately there is far too much money to be made by internet companies to take this user backlash against tracking lying down, and a number of increasingly devious and sophisticated methods have been developed.
The way in which your browser is configured (especially the browser plugins used), together with details of your Operating System, allows you to be uniquely identified (and tracked) with a worryingly high degree of accuracy. A particularly insidious (and ironic) aspect of this is that the more measures you take to avoid being tracked (e.g. using the plugins listed below), the more unique your browser fingerprint becomes.
The best defense against browser fingerprinting is to use as common and plain vanilla an OS and browser as possible, but this leaves you open to other forms of attack, and reduces day to day functionality of your computer to such an extent that most of us will find the idea impractical.
We discuss browser fingerprinting in detail in this article.
In addition to browser fingerprinting, other form of fingerprinting are becoming more common. The most prominent of these is canvas fingerprinting, although audio and battery fingerprinting are also possible.
HTML web storage
Built into HTML5 (the much vaunted replacement to Flash) is Web storage (also known as DOM (Document Object Model) storage). Even creepier and much more powerful than cookies, web storage is a way analogous to cookies of storing data in a web browser, but which is much more persistent, has a much greater storage capacity, and which cannot normally be monitored, read, or selectively removed from your web browser.
Web storage is enabled in all browsers by default, but in Firefox and Internet Explorer it can be turned off. Firefox users can also configure the BetterPrivacy addon to remove web storage automatically on a regular basis, while Chrome users can use the Click&Clean extension or, alternatively, the versatile Google NotScripts extension (but this requires a high degree of configuring). Remember that using these addons will increase you browser fingerprint uniqueness. More details, including instructions on how to turn web storage off in Firefox and IE are available in my article here.
Part of HTTP, the protocol for the World Wide Web, Etags are markers used by your browser to track resource changes at specific URLs. By comparing these changes in these markers with a database, websites can build up a fingerprint which can be used to track you. They can also be used to respawn (Zombie style) HTTP and HTML5 cookies, and once set on one site, used by associate companies to also track you.
Unfortunately this kind of cache tracking is virtually undetectable, so reliable prevention is very hard. Clearing your cache between each website you visit should work, as should turning off your cache altogether. Unfortunately these methods are arduous, and will negatively impact your browsing experience. The Firefox add-on Secret Agent prevents tracking by ETags, but, again, will likely increase your browser fingerprint (or because of the way it works, maybe not). For more details see here.
Now we start to get really scary. History stealing (also known as history snooping) exploits the way in which the Web is designed, allowing a website you visit to discover your past browsing history. See my article for a fuller explanation of how it works, but the bad news is, a) this information can be combined with social network profiling to uniquely identify you and, b) it is almost impossible to prevent.
The only good news here is that social network fingerprinting, while scarily effective, is not reliable. If you mask your IP address with a VPN (or Tor) then you will be a long way towards disassociating your real identity from your tracked web behavior.
Pioneered by Firefox, all modern browsers now support a host of extensions, many of which aim to improve your privacy while surfing the internet. Here is a list of my favorites that I don’t think anyone should be without:
- AdBlock Plus (Firefox, Chrome, Opera, Android) – this fantastic and must-have extension blocks all manner of adverts, even Facebook ads and those embedded within YouTube videos (here in the UK it even blocks 4oD ads!). In addition to this, it warns you when visiting known malware hosting websites, and disables third party tracking cookies and scripts. Unlike NoScript (see below), AdBlock Plus is very easy to use while still remaining powerful. By default, AdBlock Plus allows ‘some not intrusive advertising’. This can be turned off (Add-ons -> Extensions -> AdBock Plus -> Filter preferences), or you can install AdBlock Edge for Firefox, a fork of AdBlock Plus that removes this ‘feature’
- Disconnect (Firefox, Chrome, Safari, IE) – replacing popular Ghostery as our favorite anti-tracking and anti-cookie extension thanks to its up-to-date database of tracking cookies, page load optimization, secure WiFi encryption and analytics tools, Disconnect blocks third party tracking cookies and gives you control of over all a website’s elements. It also prevents social networks such as Google, Facebook and Twitter from following you so they can collect data as you surf elsewhere on the internet
- HTTPS Everywhere (Firefox and Chrome) – another essential tool, HTTPS Everywhere was developed by the Electronic Frontier Foundation, and tries to ensure that you always connect to a website using a secure HTTPS connection,if one is available. This is fantastic, but do remember the reservations about how SSL is commonly implemented that we made earlier, and that it has almost certainly been cracked by the NSA
- Better Privacy (Firefox) – as noted in the section on Flash cookies above, this extension blocks this new kind of cookie
- Honorable mention: NoScript (Firefox) – this is an extremely powerful tool that gives you unparalleled control over what scripts are run on your browser. However, many websites will not play game with NoScript, and it requires a fair bit of technical knowledge to configure and tweak it to work the way you want it to. It is easy to add exceptions to a whitelist, but even this requires some understanding of the risks that might be involved. Not for the casual user then, but for web savvy power-users, NoScript is difficult to beat. ScriptSafe for Chrome performs a similar job. Reader’s tip: ‘I would recommend adding that even if you don’t want to bother messing with white lists in Noscript, you should still install the extension and choose to allow all scripts globally. This still provides some needed protection without hindering your browsing experience.’ (Thanks twlph!)
In addition to these extensions, most modern browsers (including mobile ones) include a Do Not Track option. This instructs websites to disable tracking and cross-site tracking when you visit them. While it is defiantly worth turning this option on, it should be remembered that implementation is purely voluntary on behalf of website owners, and so no is guarantee of privacy.
Note that this list is not exhaustive of all the great privacy related browser extensions out there, and we have articles on our favorite extensions for Firefox and Chrome. We also have an article on how you make Firefox even more secure by changing setting in about:config.
Also, as noted above, you should be aware that using any browser plugin increases your browser uniquenes s, which makes you more susceptible to being tracked by browser fingerprinting. Unfortunately there is little practical most of us can do about it (although the EFF promise to add Fingerprinting protection to Privacy Badger).
These setting can be very useful for protecting you against malicious attacks, but do impact your privacy by sharing your web traffic in order to work. If the tracking issues outweigh to benefits for you, then you might want to disable them.
The above extension list concentrates on desktop browsers, but as we access the internet more and more from our smart phones and tablets, it becomes just as important to protect our browsers on these platforms as well. Unfortunately, most mobile browsers have a great deal of catching to do in this regard, but many Firefox extensions (including the excellent AdBlock Plus) will work on the mobile version (Disconnect is not available, but Ghostery makes a very good alternative). Private Browsing, Do Not Track, and advanced cookie management are becoming increasingly common on all mobile browsers however, which a good thing.
Most search engines, including Google (in fact particularly Google), store information about you, including:
- Users IP address
- Date and time of query
- Query search terms
- Cookie ID – this cookie is deposited in your browser’s cookie folder, and uniquely identifies your computer. With it, a search engine provider can trace a search request back to your computer
This information is usually transmitted to the requested web page, and to the owners of any third party advertising banners displayed on that page. As you surf around the internet, advertisers build up a (potentially embarrassing or highly inaccurate) profile of you, which is then used to target adverts tailored to your theoretical needs.
In addition to this, governments and courts around the world regularly request search data from Google and other major search engines, which is usually duly handed over.
Google Transparency Report on the number of User Data Requests received, and the number (at least partially) acceded to.
There are however some search engines that do not collect user’s data.DuckDuckGo in particular has grabbed the headlines of late, with its popularity shooting through the roof following the NSA spying revelations (daily searches on DuckDuckGo jumped from the 2 million it had built up over the last four and a half years, to 3 million in just 8 days!).
An added benefit of using a search engine that does not track you is that it avoids the ‘filter bubble’. Most search engines use your past search terms (and things you ‘Like’ on social networks) to profile you, so they can return results they think will interest you. This can result in only receiving search returns that agree with your point of view, locking you into a ‘filter bubble’ where you do not get to see alternative viewpoints and opinions because they have been downgraded in your search results.
Not only does this deny you access to the rich texture and multiplicity of human input, but it can also be very dangerous as it can confirm prejudices and prevent you from seeing the ‘bigger picture’.
- DuckDuckGo – the best known alternative search engine, and one we have examined in some detail here, DuckDuckGo pledges not to track it users. Each search event is anonymous, and while it could in theory be tracked, there is no profile attached that can be accessed by infiltrators. DuckDuckGo says that it would comply with ordered legal requests, but as it doesn’t track users, ‘there is nothing useful to give them’. In use we have found DuckDuckGo to be very good, and through the use of ‘bangs’ (see our article), it can also be made to search most other popular search engines anonymously too
- StartPage (formerly Ixquick)– searches many popular search engines simultaneously and anonymously, giving a star to results each time they are in the top ten of a search engine result. Ixquick promises not to store or share any personal information, or use any identifying cookies
- Gibiru – provides basic Google search engine results, but separates your query from your IP with the use of proxy servers. In addition to this, Gibiru deletes all records within seconds of performing a search, so ‘there is no profile data to sell, package or give away via partnership, request or subpoena’
- YaCy – the above search engines rely on trusting the search engine providers to maintain your anonymity. If this really worries you, then you might like to consider YaCy, a decentralized, distributed search engine built using P2P technology. This is a fantastic idea, and one that we really hope takes off, but for now it is more of an exciting curiosity than a fully-fledged and useful Google alternative.
To turn Search History off, click on the gear icon on the top right, and select ‘Settings’…
This is something everyone should do if they are concerned with the information Google is keeping on them. It won’t stop someone who is deliberately spying on you and harvesting your information (such as the NSA), but it will help stop Google profiling you. Even if you plan on changing to one of the ‘no tracking’ services listed above, most of us have built up a substantial Google History already, which anyone reading this article will likely want deleted.
To clear your history, simply sign into your Google account and go to www.google.com/history, where you will see a list of searches that you have make recently. Select which items (or use the checkbox at the top to select all items on that page) you want removed, and hit ‘Remove Items’.
Most email services do provide a secure SSL encrypted connection between start point and email servers, and email servers and end point, and Google has even led the way in fixing the weakness in the way in which SSL is commonly implemented.
However, all this is no good if the email service is simply handing over your information to an adversary (as Google and Microsoft have been doing with the NSA). While it seems that smaller email providers have not (yet) been affected, it is likely that as the NSA and other national government surveillance organizations extend their reach, this will change.
The answer to this problem lies in end-to-end email encryption, where the sender encrypts the email, and only the intended recipient can decrypt it. The biggest problem with using an encrypted email system is that you cannot impose it unilaterally – your contacts, both recipients and senders, also need to play ball for the whole thing to work, and while trying convincing your granny to use PGP encryption will likely just lead to bafflement, trying to convince your customers might make many of them very suspicious!
It should also be noted that email encryption does not encrypt everything.
The email addresses of sender and recipient, date and time of sending, and the e-mail’s subject line are not encrypted; just the body and any attachments. As we briefly discussed earlier, metadata such as this can still be very damaging in the wrong hands.
Another point worth bearing in mind if you are worried about NSA spying is that, probably even more than encrypting other aspects of your internet use, encrypting your email is pretty much asking for the NSA to store your emails ready for decryption when they are able to do so.
There are plenty of end-to-end email encryption programs out there, the most famous of which is Pretty Good Privacy (PGP, which was once open source and free, but is now the property of Symantic). The Free Software Foundation has taken up the open source OpenPGP banner however, and with major funding from the German government has released GNU Privacy Guard (also known as GnuPG or just GPG).
An overview of how the OpenPGP standard works
Following the OpenPGP standard and fully compatible with PGP, GnuPG is a free and open source alternative which is available for Windows, OSX and Linux. Although the basic program uses a simple command line interface, more sophisticated versions are available for Windows (Gpg4win) and Mac (GPGTools). Alternately, EnigMail adds GnuPG functionality to the Thunderbird and SeaMonkey email clients. We have written a full guide to setting up GnuPG in Windows using Gpg4win, available here.
Android users should be pleased to know that GnuPG: Command-Line from the Guardian Project is available from the Play Store., and although we have not tried them, mobile users wanting a more user-friendly experience may want to give K-9 Mail (a well-regarded email client with PGP support built-in) combined with Android Privacy Guard (Android), or iPGMail (iOS) a try. A good guide for getting GPG working on Android is available here.
For a while, Hushmail was considered the go-to service for secure webmail, as it offered PGP encryption in a web based service. However, in 2007 a backdoor was used by the owners to capture emails of three accounts, which were then handed over to the Canadian Courts. As Hushmail CTO Brian Smith said in refreshingly honest blog post,
‘[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.’
It should be noted that any web-based service can in theory be compelled to modify their system to capture users’ decryption keys (as Hushmail did), and Hushmail itself recommends using non web-based services such as GnuPG or PGP Desktop if stronger security is needed.
It is however possible to encrypt your Gmail using the free FireFox extension Encrypted Communication (we’ve written a guide about how to use it) which provides 256-bit AES end-to-end encryption. Once the extension is installed, just write your email, right-click anywhere in the text of the message and select ‘Encrypted Communication’ to encrypt it. You will be asked to enter a password, which the recipient will need to know (along with having the extension running on their Firefox) to decrypt the message. Of course, you should transmit this password to the recipient using a different communication method than email (in person is best, but encrypted VoIP or messaging should be fine – see below)!
Even more secure is Mailvelope, which provides full end-to-end OpenPGP encryption over web email services such as Gmail, Hotmail, Yahoo! and GMX using Firefox or Chrome. We have a full guide to using it available here.
Note that there are other extensions available which seem to offer similar functionality and which we often see recommended on the internet, but which should be avoided. Both SafeMail for Chrome and Enlocked (multiplatform) send your email to their servers for decryption, which means that it at least as vulnerable as mail sent to Hushmail (i.e. they do not offer end-to-end encryption). Furthermore, the SafeMail decryption page is not even SSL encrypted!
We will discuss encrypting files and folders elsewhere, but it is worth briefly noting here that if it is just files you wish to protect, these can be encrypted before sending them by regular email.
It is also possible to encrypt stored emails by encrypting the email storage folder using a program such as TrueCrypt (discussed later). This page explains where Thunderbird stores emails on different platforms (for example).
The first thing we have to make clear here is that regular phone calls (landline or mobile) are never secure, and cannot be made so. It’s not the just the NSA and GCHQ; governments everywhere (where they have not already done so) are keen on recording all citizens’ phone calls. Unlike emails and internet use etc. that can be obfuscated (as this article is trying to show), phone conversations are always wide open.
Even if you buy anonymous and disposable ‘burner phones’ (behavior which marks you out as either worryingly paranoid or engaged in highly criminal activity), a lot of information can be gathered through the collection of metadata, and it is also totally pointless unless the people you are calling are equally paranoid.
If you want to keep your voice conversations completely private, then you need to use VoIP with end-to-end encryption (except of course when talking in person).
VoIP (Voice over Internet Protocol) allows you to talk (and usually also make video calls and Instant Message (IM)) over the internet. Allowing cheap or free calls anywhere in the world, VoIP services have become extremely popular, with Skype becoming a household name. Unfortunately, Skype (now owned by Microsoft) has perfectly demonstrated the problem with most such services (which is a very similar problem to that with email) – that VoIP connections to and from a middleman may be secure, but if the middleman just hands over your conversations to the NSA (as happened with Skype) or some other government origination, this security is next to meaningless.
So, as with email, what is needed is end-to-end encryption where an encrypted tunnel is created directly between the participants in a conversation, and no-one else.
Good Skype alternatives
- Jitsi (Windows, OSX, Linux, Android (experimental)) – this free and open source software offers all the functionality of Skype, including voice calls, video conferencing, file transfer and Chat, but can encrypt it all with ZRTP. The first time you connect to someone it can take a minute or two to set up the encrypted connection (designated by a padlock), but is afterwards transparent. As a straight Skype replacement, Jitsi is difficult to beat
- RedPhone (Android) – this free and open source Android only app provides end-to-end encryption of voice calls. Unlike normal VoIP apps however, it lets you use your normal phone number and the normal system dialer, so operation is almost invisible, except that when you connect to someone else with RedPhone installed, you are given to option to encrypt the call
- Silent Circle – is a popular commercial suite of encrypted communications software comprised of Silent Phone (iOS, Android), Silent Text, (iOS, Android), Silent Eyes (Windows VoIP), (iOS, Android, Outlook for Windows, Mac Mail). The service costs $10 per month, but the software itself is open source and has been audited by the American Civil Liberties Union to ensure it contains no ‘backdoors’. Reassuringly (in a way), the makers of Silent Circle recently closed their ‘Silent Mail’ service following the abrupt shutting down of Lavabit, in order to ‘prevent spying’.
Admittedly this section has a lot of cross-over with the previous one on VoIP, as many VoIP services (such as Jitsi) also have chat/IM functionality built-in, and the issues are more or less the same. However, as there are some great dedicated encrypted IM applications out there, we decided they deserved a section of their own.
- Pidgin + OTR (Windows) – Pidgin is a popular free and open source IM client that lets you chat to users on AIM, Google Talk, MSN, Yahoo and many more. OTR (Off-the-road) is a plugin that combines AES encryption, perfect forward secrecy, and the SHA-1 hash function to ensure strong encryption for IM sessions. As with GnuPG for emails, initial setup is a bit of a pain, but once done operation is seamless (we now have a detailed guide for this).
- Addium (OSX) –is a free and open source messaging client for Mac that also lets you talk to friends on lots of different networks. Even better, Addium comes with OTR support built-in!
- TextSecure (Android, iOS) – sister app to Whisper System’s RedPhone, free and open source TextSecure replaces your Android’s default text app with one that encrypts texts to other TextSecure users, and encrypts all local messages so that if your phone is stolen they will remain secure. TextSecure has now been incorporated into alternative Android OS CynagenMod, expanding its userbase by around 10 million.
- Chatsecure (was Gibberbot) (Windows, OSX, Linux, iOS, Android) – developed by the Guardian Project, this app is available on all major platforms, supports chatting on a whole host of different IM services, and has OTR built-in. It is still a little buggy and no-frills, but has great potential.
Our article ‘Secure alternatives to WhatsApp‘ goes into greater detail about secure mobile hat apps.
While we are on the subject of phones (sort of), we thought we should also mention that when you carry your phone, your every movement can be tracked. It’s not just things like GPS and Google Now (which works uncannily well at predicting what you want by storing just about every piece of data about you) on Smartphones – even the most modest cell phone can be easily tracked by the phone towersit uses to work. The only solution, if you really don’t want to be tracked, is to leave your phone at home (or buy one of these). Incidentally, the Google Now service only works effectively if Goggle History is turned on (see above).
As internet speeds increase, server level storage becomes cheaper, our internet devices smaller (thus having reduced on-board storage), and the different devices we use to access the internet more plentiful, it is becoming increasingly clear that cloud based storage is the future.
The problem of course is ensuring that files stored in the ‘the Cloud’ remain secure, and here the big players have proved themselves woefully inadequate – Google, Dropbox, Amazon, Apple and Microsoft have not only been actively working in cahoots with the NSA, but in their ToC’s reserve the right to investigate your files and hand them over to the authorities if they receive a court order.
To ensure that your files are secure, there are a number of basic approaches you can take (note that the options discussed below are far from the only ones available, as this is a highly competitive market space where many new and innovative solutions are appearing all the time)…
The simplest and most secure method is to manually encrypt your files using a program such a . This has the advantage that you can carry on using your favorite Cloud storage service, no matter how inherently insecure it is, as you hold all the encryption keys to your files.
The downside compared to services such as SpiderOak and Wuala (see below), is that you don’t get access to your files on the go.
Syncing files on your desktop is quite easy however, as you can place your encrypted folder in your Cloud storage folder. .
If you are in the market for a good Dropbox alternative, you may like to check out BestVPN’s sister website BestBackups, for news and reviews of the best and the rest when it comes to cloud storage services.
These services automatically encrypt files before uploading them to the Cloud (we have no truck with any service that encrypts files server-side, as these are always vulnerable to being decrypted by the service provider). Any changes to files or folders are synced with local decrypted versions before being secured and sent to the Cloud.
Both SpiderOak and Wuala have iOS and Android apps, so you can easily sync across all your computers and mobile devices. This convenience comes at a small security price, as both services briefly store your password on their servers to authenticate you and direct you to your files. Wuala also uses this password to encrypt and decrypt your files when using a mobile device, although this is somewhat compensated for by Wuala uploading different segments of your files to different servers, making it impossible for them to identify which data belongs to which user. In both cases the passwords are deleted once a session is finished.
SpiderOak (2GB free, $10/m 100GB) – available for all major platforms, SpiderOak offers a ‘zero knowledge’, secure, automatically encrypted cloud service, which uses a combination of 2048 bit RSA and 256 bit AES to encrypt your files
- Wuala (5GB free, plans from €2/m 20GB to €160/m 2TB) – available for most major platforms and also offering 2048 bit RSA and 256 bit AES encryption (with SHA-256 hashes for integrity checks), Wuala’s service is very similar to that of SpiderOaks, but with a slightly different approach to security (see above).
Because of its high profile, we feel that Kim Dotcom’s Mega service deserves a special mention, particularly as it offers a very generous 50GB encrypted space for free. Mega uses your web browser to encrypt files before uploading and decrypt them after downloading, which is great for convenience (and an Android app is available, with an iOS one on the way), but is not as secure as the other methods outlined here.
Our feeling therefore, is that while it is worth paying attention to how Mega deals with its security issues, it is probably best avoided for the time being. It is also worth pointing out that Kim Dotcom’s involvement ensures the service receives the highest possible level of scrutiny from security, law enforcement and copyright enforcement bodies the world over.
The free BitTorrent Sync service is now in public beta phase (i.e. it is available to the public, but is still considered experimental). Designed more or less as a Dropbox replacement, BitTorrent Sync synchronizes files and folders across devices, but does so without storing them in ‘the Cloud’.
You chose a folder that you want to share, and BitTorrent Sync gives you a secret for it. You can then link that folder to a folder on another device (with BitTorrent installed on it) using the secret. Any number of additional folders can be added in a similar fashion, and all files are transferred using a securely encrypted (256-bit AES) P2P protocol.
BitTorrent Sync is free, easy to use, and is currently available for Windows, OSX , Linux and Android (with an iOS app in private alpha stage). A limitation of the system is that as it is not a cloud service, it cannot be used as an extra drive by portable devices with limited storage, but on the plus side you are using your own storage, and so are not tied to Cloud providers’ data limits (or charges).
While the focus of this document is on internet security, an important aspect of securing your digital life is to ensure that locally stored files cannot be accessed by unwanted parties. Of course, it is not just about local storage; as we have already noted you can also encrypt files before emailing them or uploading them to Cloud storage.
Update 17 June 2014: in a move that is as surprising as it is baffling, the devs behind TrueCrypt have pulled the plug on the popular full-disk encryption program. Conspiracy theories abound, and while some developers seek to fork the software, Phase II of the audit goes ahead. For more details on the story see here and here. Until the audit is complete, we strongly suggest avoiding TrueCrypt, and migrating TrueCrypt containers to other programs, such as to Diskcryptor for Windows users, or Dm-crypt/LUKS and bwalex/tc-play (a free TrueCrypt Implementation based ondm-crypt) for Linux users.
Just quick note: BestVPN has a sister site dedicated to anti-virus software – BestAntivirus.com. If you would like to choose an antivirus package that best fits your needs, please take the time to check it out! Now, back to the guide…
It almost goes without saying, but as this is an ‘ultimate guide’ we’ll say it anyway
…always use anti-virus software and make sure that it is up-to-date!
Not only can viruses really screw up your system, but they can let hackers enter it, giving them access to all your (unencrypted) files and emails etc., webcam, passwords stored in Firefox (if no master password is set), and much more. Keyloggers are particularly dangerous as they can be used to access bank details and track pretty much everything you do on your computer.
It is also worth remembering that not just criminal hackers use viruses! The Syrian government, for example, launched a virus campaign known as Blackshade, aimed at ferreting out and spying on political dissidents.
Although most people are aware they should be using anti-virus software on their desktop computers, many neglect their mobile devices. While there are less viruses targeting mobile devices at present, smart phones and tablets are sophisticated and powerful computers, and as such are vulnerable to attack by viruses, and should therefore be protected.
Mac users are famously bad for not installing ant-virus software, citing the ‘fact’ that OSX’s Unix architecture makes virus attacks difficult (this is hotly contested by the way), the fact that most hackers concentrate on Windows because most computers use Windows (true), and the anecdotal evidence of many Mac users who have gone for years without using anti-virus software yet never experienced any problems. However as events last year demonstrated, Macs are not immune to viruses, and anyone serious about their security should always use good anti-virus software.
The generally agreed consensus is that free antivirus software is as good at preventing viruses as paid-for alternatives, but paid-for software provides better support and more comprehensive ’suites’ of software that are designed to protect your computer from a range of threats (combining antivirus, anti-phishing, anti-malware and firewall functions for example). Similar levels of protection are available for free, but require the use of various different programs. Also, most free software is for personal use only, and businesses are usually required to pay for a license.
- Windows – the most popular free antivirus programs for Windows are Avast! Free Antivirus and AVG AntriVirus Free Edition, although plenty of others are also available. A good review of commercial options can be found here
- OSX – Avast! Free Antivirus for Mac and ClamXav are well regarded, although other free good options are available. In fact, the free software is better regarded than paid-for options, so we just recommend using them
- Android – again, there are a number of options, both free and paid for. We’ve used Avast! for ages now and find it works well, is free, and includes a firewall
- iOS – Apple is still somewhat in denial about the fact iOS is as vulnerable as any other platform to virus attack, but VirusBarrier is now available from the app store
- Linux – the usual suspects: Avast!, Kaspersky and AVG Free are all available for Linux, work very well, and are free.
In addition to actual viruses, computers (Windows in particular) are vulnerable to various other forms of malicious code known as malware. Users of non-Windows systems shouldn’t worry too much about this (and anti-virus software should deal with any problems), but Windows users should consider using an anti-malware program alongside their regular antivirus software. Windows versions Vista and up ship with the anti-malware program BitDefender built-in, or Spybot Search and Destroy , Windows Malicious Software Removal Tool, and Malwarebytes (all free) can be used instead.
A personal firewall monitors network traffic to and from your computer, and can be configured to allow and disallow traffic based on a set of rules. In use they can be a bit of pain, but they do help ensure that nothing is accessing your computer, and that no program on your computer accessing the internet, that shouldn’t be.
The biggest problem with using a firewall is determining which programs are ‘ok’, and which are potentially malicious (perfectly legitimate Windows processes can, for instance, appear pretty obscure), but once set up they become fairly transparent in use.
- Windows – versions Vista and up have a firewall built-in, which is quite good and is very easy to use, but only screens incoming traffic. For many this will be perfectly sufficient, but those wanting a more robust solution might want to consider the very professional Glasswire. There are also a number of free options such as Comodo Firewall Free and ZoneAlarm Free Firewall 2013, which are good.
- OSX – versions 10.5 and up have a basic firewall built-in, which like that in Windows only monitors incoming traffic. If you want to monitor outgoing traffic,Little Snitch ($25) is a great program
- Android – as noted above, the free For Android includes a firewall
- iOS – the only iOS firewall we are aware of is Firewall iP, which requires a jailbroken device to run
- Linux – there are many firewall programs and dedicated firewall distros available, but for a simple and straight forward Linux firewall you might want to give Smoothwall a try.
As we noted near the beginning of this Guide, no commercial software can be trusted not to have a back-door built into it by the NSA .
A more secure solution to Windows or OSX is Linux, which is free and open source (although some builds incorporate components which are not). In addition to it being far less likely that Linux has been compromised by the NSA (which isn’t to say the NSA hasn’t tried), it is a much more stable and generally secure OS than its commercial rivals.
Unfortunately, despite great strides made in the right direction, Linux remains less user friendly than either Windows or OSX, and less computer literate users may struggle with it. If you are serious about privacy however, Linux really is the way forward, and one of the best things about it is that you can run the entire OS from aLive CD, without the need to install it. This not only makes it easy to try out different Linux distros, but also adds an extra layer of security when you access the internet.
Ubuntu is very popular due to the fact that it is one of the easiest Linux distros to use, and thanks to this popularity there is a great deal of assistance available for it from an enthusiastic Ubuntu community. It therefore makes a good starting point for those interested in a using a much more secure Operating System.
An additional level of security can be achieved by only accessing the internet (or only accessing the internet for certain tasks) using a ‘virtual machine’. These are software programs that emulate a hard drive onto which an Operating System (such as Windows or Linux – VMing OSX is tricky) is installed, effectively emulating a computer in software while running your normal OS.
The beauty of this approach is that all files are self-contained within the Virtual Machine so that, for example, the ‘host’ computer cannot be infected by viruses caught by the VM (which is why such a set-up is popular among hardcore P2P downloaders). The Virtual Machine can also be entirely encrypted, and even ‘hidden’, using programs such as TrueCrypt (see above).
Because Virtual Machines are emulating hardware, then running another whole OS on top of your ‘standard’ OS, there are substantial overheads in terms of processing power and memory use. This means that VMs tend to be somewhat slow and cumbersome, although using a very light Linux distribution such as Puppy can help, as does installing the VM on a separate hard drive to your main OS.
Whonix works inside a VirtualBox Virual Machine, and ensures that DNS leaks are not possible, and that ‘not even malware with root privileges can find out the user’s real IP’.
It consists of two parts, the first of which acts as a Tor gateway (known as Whonix Gateway), while the second (known as a Whonix Workstation) is on a completely isolated network which routes all its connections through the Tor gateway. This isolation of the workstation away from the internet connection (and all isolated from the host OS inside a VM), makes Whonix highly secure.
Full-disk encryption using TrueCrypt is a great way to physically secure your drives, but for this to be properly effective it is essential to set strong passwords in BIOS for both starting up and modifying the BIOS settings. It is also a good idea prevent boot-up from any device other than your hard drive.
The Flash Player is inherently a very insecure piece of software (see also Flash Cookies), but despite the gains made by HTML5, it remains an important part of most people’s internet user experience. It is therefore a good idea to check its settings, and turn off most of them off (paying particular attention to the Camera and Mic settings!).
Many security related browser plugins disable Flash by default, which a good thing, but does not help when you actually want view the Flash content. Be careful however to only allow Flash on trusted websites. The Flash Player Settings Manager has moved from being online to being accessed locally, and the easiest way to open it is to right-click on some Flash content (e.g. a YouTube video) and select ‘Global Settings…’.
Although we are used to typing easy-to-understand and remember domain names into our web browsers, these domain names are not the ‘true’ addresses of websites. The ‘true’ address, as understood by a computer, is a set of numbers known as an IP address. To translate domain names to IP addresses, for example www.bestvpn.com to its IP address of 220.127.116.11, the Domain Name System (DNS) is used.
By default this translation process is performed on your ISP’s DNS servers, which ensures your ISP has a record of all websites you visit. Even when using a VPN service (highly recommended), possible DNS leakage may result in your ISP handling this DNS translation instead of your VPN provider (as should happen).
Fortunately, there are a number of free and secure public DNS servers, includingOpenDNS and Comodo Secure DNS, although we prefer the non-profit, decentralized, open, uncensored and democratic OpenNic (which we discuss here). We recommend changing your system settings to use one these instead of your ISP’s servers, and have instructions of how to do this in Windows 7 (along with a guide on how to detect and block DNS leaks when using a VPN) available here.
DNS was not built with security in mind and it is vulnerable to a number of attacks, the most important of which is a ‘man-in-the-middle’ attack known as DNS spoofing(or DNS cache poisoning), where the attacker intercepts and redirects a DNS request.
This could, for example, be used to redirect a legitimate request for a banking service to a ‘spoof’ website designed to collect account details and passwords for unsuspecting victims.
This has prompted the chaps at OpenDNS to develop DNSCrypt, a lightweight program that encrypts ‘all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks’. Using Curve25519 elliptical-curve cryptography, DNSCrypt is available for Windows, OSX and Linux, and although in ‘preview release’ stage, is considered stable. The only issue is that OpenDNS is run by a private company (which is why we prefer OpenNic), but it is currently the only program of its kind available.
Okay, we have all been told this often enough to make us want to pull our hair out – we should use long complex passwords, with combinations of standard letters, capitals and numbers… and we should use a different such password for each service we use… arrgh! Given that many of us find remembering our own name in the morning challenging, this kind of advice can be considered next to useless.
Fortunately, help is at hand!
Here are a couple of ideas which will vastly improve the security of your passwords, and take almost no effort whatsoever to implement…
- Insert a random space into your password – this simple measure greatly reduces the chance of anyone cracking your password. Not only does it introduce another mathematical variable into the equation, but most would-be crackers assume that passwords consist of one contiguous word, and therefore concentrate their efforts in that direction
- Use a phrase as your password – even better, this method lets you add lots of spaces and use many words in an easy to remember manner. Instead of having ‘pancakes’ as your password, you could have ‘I usually like 12 pancakes for breakfast’ instead, to immensely increase your security
- Use more than 4 numbers in your PIN – where possible, use more than four numbers for your PINs. As with adding an extra space to words, this makes the code mathematically much harder to break, and most crackers work on the assumption that only 4 numbers are used.
Where mortals fear to tread, software developers jump in with both feet! There are a plethora of password management programs available, but our pick of the bunch are:
- Firefox password manager – the password manager built into Firefox is one of the easiest ways to store your passwords for each website you visit, and it works very well. Do be aware however that you should set a master password to prevent just anyone peeking at your passwords in Firefox’s options dialogue. In addition to this, it is probably a god idea to back up your Firefox passwordsevery now and again
- KeePass (multi-platform) – this popular free and open source password manager will generate complex passwords for you and store them behind AES or Twofish encryption. It is a shame that KeePass doesn’t integrate with your browser, but it is possible to import saved Firefox passwords into it. KeePass itself is Windows only, but KeepassX is an open source clone for OSX and Linux, as are iKeePass for iOS and Keepass2Android for Android
Social networking, where you are encouraged to share every random though that comes into your head, photos of what you had for dinner, and word-for-word details of your relationship meltdown, can by and large be considered the antithesis to concepts such as privacy and security.
While, for example, Facebook can be considered ‘worse’ than Twitter in terms of privacy, as it sells every detail of your life to profiling-hungry advertisers and hands all your private data over to the NSA, all social networks are inherently about sharing information, and all commercial ones make a profit through harvesting your personal details, likes, dislike, places you visit, things you talk about, people you hang out with (and what they like, dislike etc.), and selling them.
By far the best way to maintain your privacy on social networks is to avoid them altogether, and to delete all your existing accounts.
However not only can this be tricky (it is unlikely for example that you will be able to remove all traces of your presence on Facebook), but for an increasing number of us these social networks, where we chat, share photos and otherwise interact with our friends, are a primary reason for using internet, and play a central role in our social lives. In short, we aren’t willing to give them up.
Below then are some ideas for trying to keep a modicum of privacy when social networking, for those (i.e. most of us) who insist on using them.
- Self-censorship – simply put, if there are things you don’t want (or that shouldn’t be) made public, don’t post details about them on Facebook! Remember that once posted it is very difficult to retract anything you have said, especially if it has been re-posted (or re-tweeted etc.) In addition to this, remember that the authorities monitor social networking sites and services, so planning big illegal raves, or joking about bombing your local airport, are very bad ideas
- Keep private conversations private – it is all too common for people to discuss intimate details of a planned dinner date, or conversely to have personal rows using public channels. Remember that things like Message (Facebook) and DM (Twitter) exist, and use them. It won’t hide your conversations from advertisers, the law, or the NSA, but it will at least keep potentially embarrassing interactions away from friends and loved ones (who probably really don’t want to hear certain things anyway!)
- Use aliases – despite what the likes of Facebook try to insist upon, there is nothing stopping you from using a false name. In fact, in this world where employers almost routinely check their staff’s (and potential staff’s) Facebook pages, using at least two aliases – a sensible one with your real name which is designed to make you look good to employers, and another where friends can post wildly drunken pictures of you, is almost a must. Remember that it is not just names you can lie about; you can also happily fib away about your date of birth, interests, gender, where you live, or anything else that will put advertisers and other trackers off the scent. On a more serious note, bloggers living under repressive regimes should always use aliases (together with IP cloaking measures such as VPN) when making posts that may threaten their life or liberty
- Keep checking your privacy settings – although Facebook is notorious for continually changing the way its privacy settings work, and for making their privacy policies as opaque as possible, it is worth regularly checking the privacy settings on all social networks to make sure they are as tight as possible (for example by ensuring that posts and photos are only shared with Friends, not Friends of Friends or ‘Public’). A good idea in Facebook is to ensure that ‘Review posts friends tag you in before they appear on your time line’ (under Privacy Settings -> Timeline and Tagging) is set to ‘On’, to help limit the damage ‘friends’ can do to your profile .
- Use Diaspora instead – Diaspora is a nonprofit, open source, user-owned, distributed social network that is based upon the free Diaspora software It is constructed of a network of nodes (called pods) hosted by volunteer individuals and institutions, and which act as personal web servers. Users of the network can host a pod on their own server or create an account on any existing pod of their choice, and from that pod can interact with other users on all other pods. As of March 2014 there are more than 1 million Diaspora accounts, and although it is a still very much a work in progress (and you will need to convince your friends to join on the network – always the biggest hurdle when moving away from Facebook), Diaspora is the most complete open source Facebook alternative available.
The scope of the NSA’s PRISM spying program is quite frankly staggering, and Edward Snowden’s revelations clearly demonstrate it has the power to co-op any US based company (including for information relating to non US citizen and pretty much anybody else in the world) and to monitor all internet traffic that passes through the US’s internet backbone.
While other countries’ governments’ seem desperate to increase their own control over their citizen’s data, nothing (including China’s attempts at internet surveillance) matches the scale, sophistication or reach of PRISM.
It is therefore a very good idea, if such things worry you (as they should), to avoid all dealings with US companies where you are concerned about your privacy. To suggest that every US company may be complicit in handing every user’s personal information over to a secretive and largely unaccountable spying organization might sound the stuff of paranoid science fiction fantasy, but as recent events have proved, is terrifyingly close to the truth…
Note also that due to provisions in both the Patriot Act and the Foreign Intelligence Surveillance Act (FISA), US companies must hand over user’s data even if that user is a non-US citizen, and the data has never been stored in the US.
In addition to this, the UK’s GHCQ is in bed with the NSA and carries out some particularly heinous spying projects of its own (‘They [GCHQ] are worse than the US’, Edward Snowden). Indeed, all members of the English speaking ‘Five Eyes‘ spying alliance (US,UK, Canada, Australia and New Zealand) share information between their security organizations and use each other to spy on their own citizens (to bypass national laws prohibiting this), and so companies based in these countries should also be similarity avoided.
As we come to the end of this guide, we think this question is worth considering. Not only will almost all the measures outlined above mark you out for special attention by the likes of the NSA, and add extra layers of complexity and effort to everyday tasks, but much of the cool functionality of new web-based services relies on knowing a lot about you.
Google Now is an excellent case in point. An ‘intelligent personal assistant’, this software’s ability to anticipate what information you require is uncanny. It can, for example remind you that you need to leave the office to catch the bus ‘now’ if you want to get home at your usual time, as well as providing navigation to the nearest bus-stop, and alternative timetables should you miss it. Google’s new, and possibly game-changing Google Glass system makes heavy use of Google Now technology, which relies on storing and curating large amounts of information about your habits, likes, dislikes, browsing history, where you like to drink, and much more.
In other words, some of the most exciting and interesting developments in human-computer interaction rely on a full-scale invasion of our privacy, and to box yourself in with encryption and other privacy protection methods is to reject the possibilities afforded by these new technologies.
We mainly pose the question ‘is privacy worth it’ as food for thought. Privacy comes with a cost, and it is worth thinking about what compromises you are willing to make, and how far you will go, to protect it. In our view privacy IS vitally important, as everyone has a right not to have almost every aspect of their lives recorded, examined and then judged or exploited (depending on who is doing the recording), but it has to be recognized that maintaining privacy is not easy (and can never be completely guaranteed) in the modern world.
Of course, what most of us probably want is the ability to share what we want with our friends and with services that improve our lives, without worrying this information is being shared, dissected and used to profile us for dubious ends. While this is not likely to happen soon, if more people make even fairly basic efforts to improve their security, it would make both government agencies’ and advertisers’ jobs much more difficult, to the point that it could even force a change of approach.
It may take a bit of effort, but as we hope we have demonstrated in this Guide, it is entirely possible and not too cumbersome to take steps that greatly improve your privacy while online. Nothing is foolproof, but there is no reason to make the work of those who would invade aspects of your life that you should rightfully consider yours and yours alone, easy.
Privacy is a precious but endangered commodity, and by implementing at least some of the ideas we have covered you not only help to protect your own privacy, but also make a valuable contribution to conserving it for everyone.
After all, if everyone encrypted their online life, where would the NSA be then?
Final note: If you are interested in further exploring the ideas and issues raised in this Guide, a good place to start is the almost exhaustive set of links available at Opentrackers.org.