The Living Thing / Notebooks : Privacy (notes on how to have it)

tl;dr Andryou’s beginner-friendly privacy tools

Practival privacy; the twin to politics of privacy.

Technoprivacy is difficult and tedious for our monkey minds to get a handle on. However, it’s not too hard. The trick is, don’t get hung up on thinking you are some kind of secret agent who needs to hide from the NSA. You are no Osama bin Laden. To be fair, these days, even Osama bin Laden is not Osama bin Laden. Deal with state surveillance through political means if you are worried about the state stealing your information. (Or at least, work up gradually to truly paranoid privacy attitudes, and research more widely the tips here.)

Instead, for us normal people, the rule should be: Start by not giving your information away for free to everyone. And don’t simply give up because it’s too hard: That’s just doing what big business wants you to do..

That said, just because I’m talking about what our attitude should be as informed consumers of the addictive drug of single-serve online socialising, doesn’t mean I’m blaming Jane/Joe Public for not getting it right. As long as corporate social networks are permitted to harness their heady blend of plausibly-deniable social engineering on the vulnerable, we are all put at greater risk.

Case in point: A friend of mine just showed me his facebook profile public link before friending me; on open, public display to anyone who google him were pictures of his children, his home, his friends, dying relatives in hospital with confidential medical information and records in the background; With his well-intentioned handphone wielding he has voluntarily compromised the privacy, and credit-worthiness of a variety of bystanders.

This kind of thing is tricky. How do you stop friends with crappy privacy hygiene? Privacy is a weakest-link kind of concept, and as long as Facebook can rely on a reasonable fraction of the population voluntarily and unconsciously selling the rest out, we are all compromised. I know that everything I do in front of my aforementioned friend will be obediently tagged and put on public display for the use of not only facebook but any passing mobster, data miner or insurance company. The thing is, it is not sufficient if privacy-violating companies are able to get away with it if in principle experts could avoid some of the pitfalls; Social media is a habit-forming drug that potentially transmits ailments such as credit-score-risk, misinformation and confidential data breaches.

Is it consistence particularly consistence stance to regulate, say, alcohol tobacco and gambling but not social media usage?

This is leaving aside the question of companies who sell your information no matter what you do) or government-business alliances that accidentally leak your information.

Anyway, with blame for the abuse appropriately apportioned to the predators… let’s get back to what we, the victims, can do by taking what responsibility is available to us which is not so hard, for all that it should not be required of us.

Right now, if you are a typical internet user, you are walking around with no pants on online. Everyone can see your junk. You don’t need to wear a tinfoil hat to hide your junk, not if your anatomy is anything typical; you just need to put some pants on.

This enpantsing will be more tedious than we’d like, because the world is badly designed, but let’s start with what’s achievable, and work towards making it easier next time, eh?

How we could do it better now

So, some baby steps towards a healthier privacy regime. I am going to list some techniques that have aroused my attention. Later I will triage them according to how urgent is the priority of the privacy leak they plug and how onerous to handle; e.g. something like:

  1. first keep my credit card details out of the hands of the hands of the mafia, then
  2. keep gratuitous personal data out of the hands of unscrupulous corporations, next
  3. keep nude selfies and pony tail pics out of the hands of potential employers
  4. keep personal data out of the hands of prying foreign security agencies
  5. keep personal data out of the hands of prying local security agencies

These reflect my personal needs; if you are actually a person of specific interest to state security agencies, or a mafia credit card thief, you will probably have different ones.

Practically, first step, I would like to minimise the amount of information complete strangers get about me for free. For example, I would prefer the mafia not to be able to buy stuff with my credit cards, I’d prefer my personal relationships are not used sell crap to me, I’d prefer not to release those awkward photos from when I had a pony tail.

Broadly, some stuff I’d like to keep private, some stuff I’d like to share, and some stuff, I’m happy to share, but only for the right price or with the right organisation; I want to assign my personal information to the correct publicness categories, and at a better price point. And by “better”, I mean, “not selling off the foundations of functional democracy for all future times to unaccountable interests for a few dollars a year right now.” which seems a little steep for kitten pictures.

General

  • Don’t leave your computer unattended, because things like PoisonTap mean that anyone who can get to your USB port can log on to your websites.
  • Prism break is a chaotic list of solutions. Excellent reference, although it really needs to incorporate some idea of how popular their suggested solutions are; after all, most of these things are only of any damn use if your friends also use ‘em.
  • quick guide to the basics of encryption (or how about one with stick figures)

VPNs and encrypted networks

  • you can run your own, as per my running your own server
  • That one privacy guy’s big overview has a great list of, e.g. bandwidth, jurisdiction, and privacy advocacy.
  • tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP. Install Tcpcrypt and you’ll feel no difference in your every day user experience, but yet your traffic will be more secure and you’ll have made life much harder for hackers.

Black hat nonsense

You should be approximately aware of the nasty things that people can and will do to your computer.

Nasty USB port business

Poisontap, lanturtle usbarmory

Search engines

  • search engines in general
    • duckduckgo
    • disconnect anonymises other search engines from their servers
    • Advanced: run your own search anonymiser:

Browsers

I really need to tidy these up a bit and explain, because they are so simple and so useful.

  • firefox
    • Privacy badger is an open source non-profit low-configuration blocker of tracking advertisers
    • torbrowser
    • Adblock Edge, Ghostery, Disconnect, DoNotTrackMe, RequestPolicy
  • chrome
    • Ghostery disables most of the social media spyware.
    • Privacy badger (see above) also works for chrome
    • scriptsafe
    • HTTPS everywhere is vexing. Every browser should implement this functionality, of being secure by default instead of writing your passwords on the lawn in big letters anytime someone asks. That’s why it’s annoying that you have to install a plugin to make it work. And, worse, a horribly memory-hungry plugin.
    • adblock plus
  • safari
    • …?
  • Smartphones
  • Running your own server? See secure web servers.

Social networks

  • don’t use them

  • OK, in fact, not using them is harder than you’d like, because

    • The No network effect means that all your friends have forgotten how to manage their life without Facebook all up in their shit, and anyway
    • if you log in to one of these damn things even once you are surveilled in perpetuity by their ubiquitous browser tracking bullshit.
  • so, given that you are using social networks, minimise the risk

    • How to gain control over facebook

    • See also single site browsers.

    • Alex Yumashev’s uncited tip for mobile devices:

      use Facebook in mobile Safari, with an adblocker, and delete the iOS native app — helps a lot AND saves you from tons of ads and 3rd party cookie tracking. Not to mention wonders for the battery. I’m sure there’s a similar solution for Android.

  • and oh god if your friends start sharing pictures of you publicly for any reason, block them. We need to set up a new social norm around not selling each other downstream, until we can fix this clusterfuck.

  • Logins. Don’t login with facebook and google. There might be better alternatives in the future (e.g. persona). But for now, just don’t.

Synchronising files

See Synchronising files.

Chat

See chat.

Email

See email.

Password manager

You need one. See passwords.

Money

See transferring money.

Other tracking

OSs

https://www.qubes-os.org/doc/system-requirements/

BadUSB and other asinine bullshit

https://github.com/robertfisk/USG/wiki

Single site browsers

I use a Single site browser to access facebook because

  1. otherwise facebook would know even more about me than they do
  2. Facebook is a blackhole of timewaste that I don’t want to browse to by accident, so I should make it slightly more difficult for myself.

You can do this too.

How we could do it better later

OK, anyway, we shouldn’t all have to be digital privacy experts to survive in the 21st century; How could we change the rules so that we can focus on our day jobs?

(I give you permission to despair if you can do it amusingly, I’d prefer amusingly with hope

Slamming PGP and the model of human behaviour it assumes is a cottage industry:

Getting old school

Academic stuff to read to stay paranoid

Politics of privacy

See the quantified other.

Miscellaney