My Privacy Plan

Privacy Plan

(Photo via Sean MacEntee)

I’ve decided to come up with a privacy plan for myself. After hearing about the NSA’s surveillance scandals and now the details about Edward Snowden, the whistleblower behind the NSA surveillance revelations, I’ve been kicked into action.

These events has got me (and several million other people) spooked by who is capturing information about me, how they are capturing information about me and what are they are doing with that information.

It’s always been an issue, I just didn’t care.

The interview with Edward Snowden is especially interesting / frightening / thought-provoking, so I suggest you read that right now if you haven’t already. In the interview, Snowden says that “The greatest fear I have…is that nothing will change.”

My privacy plan is an attempt to take some action about this, as an exercise in getting a little privacy back in my online life, to better understand the issues for myself and to show Snowden that his actions have made a change (at an individual level at least).

Below is my initial privacy plan, that I will work through in the next few weeks. Many are taken from this excellent Security Stack Exchange Question: What are the implications of NSA surveillance on the average internet user?

(Interestingly, Edward Snowden himself when asked “Is it possible to put security in place to protect against state surveillance?” said the following: “You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place.” This may make this privacy plan futile at best.)

I’ve divided each action by Difficulty (easy, medium or hard) and Time (short, medium, long) to give an indication of how long I expect the action to take.

I’ll also add to this privacy plan as I find other useful suggestions or more suggestions are made to me, so please leave extra ideas and tips in the comments below.

Key: Action (Difficulty, Time).

1. Sign up to relevant pressure groups (easy, short)

If you live in the UK, you can support the Open Rights Group, who work to protect your privacy and voice your feelings on the matter to your local representatives. If you are a US citizen, you can support the Electronic Frontier Foundation, who are based in San Francisco and do similar work over there. Even just signing up to their mailing lists or reading around their sites to understand the issues is important.

2. Install HTTPS Everywhere (easy, short)

Produced as a collaboration between The Tor Project and the Electronic Frontier Foundation, HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure.

3. Install Adblock Plus (easy, short)

With every browsing session, there are multiple companies tracking your online activity and browsing history. There are hundreds of ad agencies tracking your every move, but with Adblock Plus you can easily disable all tracking, and browse the web truly anonymously. It has a pretty good data and privacy policy too.

4. Review my browser use (easy, short)

According to the EFF Surveillance Self Defense Guide, the web browser is a security hole that needs to be plugged. You need to take regular steps to clear out all the stuff it’s been storing, such as a history of the web sites you’ve visited and the files you’ve downloaded, cached copies of web pages, and cookies from the web sites you visit. In particular, it’s a bad idea to have the browser save your passwords for web sites, and it’s a bad idea to have it save the data you’ve entered into web forms. If your computer is seized or stolen, that information will be compromised.

5. Review web services I use and switch if necessary (hard, medium)

Of those services that were detailed in the NSA surveillance scandal, many of them are the web services and apps I and many other people use every day, hence going in the hard category for Difficulty. Google, Facebook, YouTube, Skype and Apple being the most notable. It’s going to take time to move over to new services that better protect my privacy, but there are a host of them out there for most of what I do online. For example, duckduckgo.com can replace google search, PGP can help with encryption, TorMail for personal email (I use Gmail at work – one other thing to consider).

6. Download and Use Tor (medium, short)

For information like a web search history, you can prevent that information from being linked back to you personally by confusing the point of origin. Using an onion routing service like Tor will help with this.

7. Use the Onion Browser on my mobile (easy, short)

As an extension to using Tor, Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy.

8. Run “host-proof” Web applications (difficult, long)

The server holds only encrypted data, and the client does encryption and decryption to read and write to the server. For example, if there’s some persistent information (i.e., a document) you don’t want a government to see, don’t let your service provider see it either. That means either use a service you absolutely trust (e.g., an installation of FengOffice or EtherPad that’s running off your SheevaPlug) or use encryption at rest, e.g., encrypt your documents with AES before you send them to Google Drive.

I’ll add to this privacy plan as more suggestions are made, so please leave extra ideas and tips in the comments below.

Update: There’s also some further discussion and advice around this post over on Hacker News.

Update #2: I’ve written a follow-up post on the politics of a privacy plan here.

 

21 thoughts on “My Privacy Plan”

  1. Other alternatives to Google, that I actually like more, are https://startpage.com or https://ixquick.com. For email I recommend https://countermail.com. And I recommend the browser add-on https://disconnect.me that works in many browsers, but I would recommend sticking to a totally open-source browser, like Firefox (if you love Chrome and can’t give it up, then use Chromium).

    Also, this needs to become a way of life. Remember that having your email stored outside of the US and safely encrypted doesn’t do much good if you’re constantly emailing people in the US that keep their email unencrypted on GMail. Get the word out, help your friends, family, and colleagues to move over to secure communications and services.

    We have to make it clear in no uncertain terms that this kind of spying is unacceptable, but whether or not the government changes, we have to change our habits.

    Reply
  2. Hello Ben, thanks a lot for the great explanation and compilation of tools.

    Do you care if I translate it to spanish and share it in my blog?

    Thanks again!

    Reply
  3. Why would you trust Tormail? Because it has the word “Tor” in it? It is not affiliated with the Tor-project in any way. There is no guarantee that it isn’t just a elaborate honeypot service for the gullible. There are much better privacy “aware” email providers if you search for them.

    Reply
    • Thanks for the heads up. TorMail was recommended in the Security Stack Exchange thread, but will take a look at other suggestions and update the post with a more suitable service.

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.