Easy Privacy and Security

Tuesday, June 2, 2015 @ 8:53 am

The goal of this post is to share easy (and free) things you could do to enhance your privacy, and to get people thinking about privacy.

Some may say: “I don’t care if they violate my privacy; I’ve got nothing to hide.”

Edward Snowden eloquently counters this with:

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

Edward Snowden

Over the past few months, I’ve made changes to the software/web apps I use and how I communicate with others, and I wanted to share them and how I did it.

It is worth noting (again) that everything I’ve done is free and required little learning.

Mobile Texting

This was very easy. All I needed to do was replace my built-in texting app on Android with TextSecure. For iOS users, install Signal. TextSecure and Signal are the same, just different names.

The app is completely free, doesn’t has ads, and is a fully functional texting app. One thing you can change to make it behave like a regular texting app is to disable the passphrase (I’ve done this).

The main difference between TextSecure/Signal and the default texting app is what you won’t notice: if you message a friend who also has TextSecure/Signal installed, your messages are automatically encrypted end-to-end (and also works over a data/WiFi connection just like WhatsApp). If you message a friend who doesn’t have it installed, it’s sent and received as a normal text message.

You are able to easily see which of your friends has TextSecure/Signal installed 🙂

Web Search

I still use Google for many things like images and maps. However, I’ve changed my browser’s default search engine to www.duckduckgo.com. It’s extremely feature-rich and customizable, and you can control how it searches right when you type your search query.

For example, if you want to look up a location on Google Maps, in DuckDuckGo just type in: cat island, japan !m

The !m will search Google Maps for “cat island, japan”. The !m is called a !bang command and there are tons available.

Type in cats !i, and boom, you’re searching Google Images for cats.

Another great search engine to look into is Startpage which uses Google’s engine but anonymizes the searches.

Browser Extensions

I’d like you to stop reading (for a bit) to install HTTPS Everywhere right now. It won’t break any sites or disrupt your browsing habits. All it will do is automatically make your browsing more secure (especially if you frequent public WiFi hotspots).

For those who are security enthusiasts, there is almost no end to the number of add-ons/extensions you can find and install for your Internet browser.

Notable ones are Adblock Edge, uBlock, Disconnect, Ghostery, NoScript, Privacy Badger, and Self-Destructing Cookies.

Feel free to check the other add-ons I mentioned, but note that they may cause some sites to break and do require some setting up.

Social Media

There really is no app or add-on that can increase your privacy on social media. The only thing that can help is having more self-awareness.

Disable automatic location tagging in your photos/messages/tweets, limit the visibility of your profile (up to you though), really explore the account settings (and I mean, really explore), and ultimately take a step back and read your own profile/posts.

Try Googling yourself (your real name, your usernames, email address, phone number) to see what others can see and know about you.

Email

Surprisingly enough out of the above, this is perhaps the change that is most difficult to make to my life.

Gmail has really spoiled us with their streamlined interface, access on the web and mobile devices, and the extremely generous 15GB of storage space where we rarely need to delete emails (anyone remember the good old days when Hotmail only gave people 2MB of space?)

Gmail and Shipments

Gmail does make things easy for you by automatically adding a “Track Package” button to emails regarding deliveries, or adding things to your calendar when it detects an event name, time, date and location. Now take a step back and look at how Gmail is doing this.

It’s basically reading your emails and analysing it for content to not only add features like what I mentioned, but it is also creating targeted ads on the words it finds.

I’d like you to take 12 minutes and watch this video which is a nice summary of privacy and emails:

If you sign up for a ProtonMail email account before Wednesday, June 17, 2015, you automatically get 1GB of free storage.

It is worth also noting Tutanota.de which is very similar to ProtonMail, free, and offers 1GB of storage (with the ability to expand this to 5GB for free if you enter into their video promotion).

Both allow you to send end-to-end encrypted emails with other users of the same service, as well as non-ProtonMail and non-Tutanota email addresses. Tutanota already has an Android/iOS app out; ProtonMail is developing mobile apps. Tutanota is open-source while ProtonMail uses a well-known framework to power its encryption of emails.

I have email accounts with both ProtonMail and Tutanota, and what I’ve decided to do was point specific accounts to my ProtonMail address:

  1. I updated my various retail/financial accounts (e.g. eBay, Amazon, PayPal, banks) that send me emails containing my home address to send them to my ProtonMail email address
  2. I updated my social media accounts to send email notifications to my ProtonMail email address (where I limited the types of email notifications I receive in order to stay under the 1GB storage limit)
  3. I updated my critical accounts (e.g. domain registrar, hosting provider) to my ProtonMail email address

I chose ProtonMail mainly to address the question: “Well, that’s all fine and dandy, but what if ProtonMail dies one day?” Comparing Tutanota and ProtonMail, I feel more comfortable with ProtonMail.

With my hybrid approach, while I still am using my Gmail account and enjoying the 15GB of space, I am also leveraging ProtonMail and actually having fun deciding which emails to delete to use as little storage space as possible.

This exercise revealed to me just how attached we are to our main email accounts and how it’s very difficult to migrate to another. While Google already probably knows more about me than me, at least I have some control over future correspondence and data.

More Privacy Recommendations

Visit https://www.privacytools.io/ for a full list of things that will help you become more private, but be warned that they do require learning, time, and getting used to. I personally do not use everything recommended on that site.

For example, I’m still using Windows while many privacy experts recommend Linux, Gmail for many of my emails, and services like Dropbox and Skype that are frowned upon by the privacy community. Sometimes it’s a choice between privacy and convenience.

The purpose of writing this post is not to freak anyone out or make people paranoid. The purpose was to share what was easy and free for me to do to enhance my privacy (and security) and to help make privacy a forethought again.

Over the past year, people have made great strides in making various privacy-focused tools and apps like the ones mentioned in this post more convenient and transparent. For example, ProtonMail and TextSecure/Signal handle authentication handshakes automatically and there is no need to exchange security keys. For the everyday user, it just works and that’s a wonderful thing.

Once we start using them more, privacy becomes mainstream. For example, if everyone used TextSecure/Signal, no one would appear out-of-the-ordinary to law enforcement or observers – anonymity through obscurity.

We have to really think. We’ve lost privacy, yes, but actually what we’ve also lost is the idea of privacy itself.

If you think about it, most of us here today probably remember what life was like before the Internet, but today, there’s a new generation that is being taught from a very young age to share everything online, and this is a generation that is not going to remember when data was private.

So [if] we keep going down this road, 20 years from now, the word ‘privacy’ is going to have a completely different meaning from what it means to you and I.

Andy Yen