Resist Mass Surveillance! Secure Your Online Communication (Part 1)
Resist Mass Surveillance! Secure Your Online Communication
(Part 1)
It seems that we are all vulnerable in the online world. It could be the threat from the security services of nation states or an unethical corporation seeking to collect all of your private data for various nefarious and undemocratic purposes. It could be a LGBT+ person trying to protect the communications of their community from a repressive regime that could see them put in prison (or worse). It could be the Trans* person, afraid of being thrown out onto the streets if their parents discovered their true gender identity. It could also be a sex worker, looking to protect their non work identity from sexual predators. There are many reasons we require privacy.
Many people choose to put a lock upon the door of their house, install curtains on their windows and wear clothes on their body (at least in public). Why do people choose to do these things? Because those choices empower us to have agency and reveal only what we consent to be revealed. Privacy is a fundamental human right and is a necessary component of democracy, free speech and personal freedom. There is no such thing as “digital” or “online” rights, only human rights.
The current situation online is becoming ever more bleak with the extensive commercialisation and militarisation of the internet. We are all under surveillance online from either government, criminal or corporate entities and those from a gender/sexuality minority are especially vulnerable. However, there are direct actions you can take right now to protect your privacy and the privacy of those you care for.
Queerzone3000 encourages you to get involved in the struggle for a free, open and secure internet in anyway you can. Whether it be through participation in a democratic process or by supporting and developing free and open source software or simply helping people in your community learn to use technology that respects their freedom.
Disclaimer: Never completely rely on any technology in life threatening circumstances. The following tools can be useful in many situations, but they are not completely foolproof. To give an extreme example, there’s no point encrypting your hard drive with a super long password if you’re going to be physically assaulted until you reveal it. Be safe, be careful and know what you’re up against. This approach is called Threat Modelling.
Keep your software up to date!
Updating your operating systems
Ensuring your systems are up to date is one of the most important things you can do to ensure your security. Operating sycomputerstem vendors such as Microsoft, Apple or Ubuntu regularly push updates to fix bugs and critical security problems in your system.
Failure to update software fast enough is a common cause for people being hacked. Known vulnerabilities are kept in various open databases and are easy to execute remotely through phishing or targeted malware.
Unfortunately there are cases where software software vendors do not act in an ethical way and do not endeavour to update their software at all. Examples of this include the versions of Android shipped by most phone manufacturers (e.g. Samsung) and the firmware shipping on the majority of commercial home routers.
In cases such as these, we recommend free and open source software alternatives to your current software such as Lineage OS (a work in progress free software version of Android) and OpenWrt or libreCMC for home routers.
Use strong and secure unique passwords!
Use a password manager: KeepassX
Using strong and unique passwords is crucial for securing your computer and services you use. Many people tend to rely on the same, easy to crack passwords for many of their most critical services. For example, think of your primary email address. If someone cracked the password for that account then they would potentially have the ability to perform password resets on many of your other accounts.
You must also bear in mind, that is not necessarily a human being trying to guess your passwords but more often an automated piece of software capable of making thousands of guesses a second and access huge lists of commonly used passwords. Such software can also be fed known information about you to increase the chance of a successful guess. This is why using your date of birth and mother’s name in a password is such a bad idea. This is called a brute force attack.
However, there is software that has been developed to help you create secure passwords. KeePassX (Mac OSX, Linux) and KeePass (for Windows) is a cross platform free software application that can generate long and complex passwords and store them locally on your computer in an encrypted database. This means you only need to remember one master password to unlock the database. Subsequently entering the passwords is as simple as copy and pasting from KeepassX into your browser.
The Electronic Frontier Foundation maintains a detailed guide to using KeepassX: How to: Use KeePassX
There is also an Android implementation of Keepass called KeePassDroid (Google Play Store, F-Droid).
Note: There are various proprietary cloud (i.e. stored on someone else’s computer) based password managers such as LastPass, however these are not free software are a more vulnerable to hacking than a local password database.
Your encrypted KeepassX Database (a .kdb or .kdbx file) can be synced to your various devices using software such as Syncthing or ownCloud (a free software version of Dropbox).
Add a second layer of security to your online logins
Two-factor authentication just means having a second piece on information as well as your password to login. This is usually implementing by generating one-time passwords (OTP) on your mobile devices which can be used in conjunction with your normal password to make your login more difficult to hack.
If you’ve ever done online banking, you will have used two-factor authentication whether by providing a bit of personal information (could be guessed) or by using a small device to generate a code (much more secure) to log in. You can also enable two factor on many major services such as Google and Facebook. We recommend you do this if you can but bear in mind it will usually entail linking your phone to your account’s identity (with Facebook or Google, it probably is already).
The Electronic Frontier Foundation maintains a detailed guide to using two-factor authentication: How to: Enable Two-factor Authentication
We recommend the Android and iOS app FreeOTP to do two-factor authentication (Google Play Store, F-Droid, Apple App Store).
Use free and open source software!
What is free and open source software?
Free software, (also known as Open Source software) is everywhere. Around 95% of the websites you visit are running on free software. If you have an Android phone, you are using free software (see below). Many of the applications you use are written in a language that is free software.
Originally conceived by Richard Stallman in 1982, the concept of free software is based upon the idea that the user should have certain freedoms in creating and modifying the software they use. This is enshrined legally in licences such as the GPL or the BSD licence.
The four freedoms as defined by the Free Software Foundation are:
- The freedom to run the program as you wish, for any purpose (freedom 0).
- The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
- The freedom to redistribute copies so you can help your neighbour (freedom 2).
- The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
In practice, this means that free software generally respects your privacy and has much better security than proprietary software such as Windows or OSX as anyone can examine and fix the code. It is almost always free as in cost, free of advertisements and developed by an international community of developers.
Some examples of free software that you can install on your devices today include:
Signal Private Messenger – A messaging app for iOS and Android that provides end to end encrypted messages and voice calls over WiFi and mobile data.
LibreOffice – An excellent office suite that includes applications that are similar to Microsoft Word, Excel and Powerpoint.
Firefox – An extensible web browser that respects your privacy and conforms to modern web standards.
GIMP – An image manipulation and photo editing program that’s similar to Adobe Photoshop.
Audacity – A simple yet powerful audio recorder and editor.
Shotcut – A video editor similar (and superior) to Apple’s iMovie or Windows Movie Maker.
VLC – A multimedia player that can play almost any audio or video file imaginable.
Hedgewars – A fun game involving battling hedgehogs, reminiscence of Worms for the Playstation
There are also entire operating systems comprised of free software. Linux is currently the most popular and although installing Linux is beyond the scope of this article, we recommend the following distributions that are all based upon Ubuntu:
Ubuntu MATE – A lightweight desktop based upon a classic Linux paradigm.
Elementary OS – An extremely attractive desktop, similar in feel to Apple’s OSX.
Linux Mint – A polished desktop OS that uses a traditional “Start” menu and bottom panel similar to Microsoft Windows.
Note: The website Prism Break maintains a list of free software replacements for common proprietary applications and services that respect your privacy. PRISM is the name of one of the international mass surveillance programs created by the NSA and revealed by the whistleblower Edward Snowden.
Level Up Your Web Browsing
Tweak your existing browser for extra privacy and security
Web Browser Extensions
HTTPS Everywhere is a browser extension that forces sites to use encrypted HTTPS connections (when available) as opposed to unencrypted HTTP traffic. A HTTPS connections is indicated as a green padlock in your URL bar and in the domain name e.g. https://duckduckgo.com/. Without HTTPS, anyone can read the traffic being sent between you and a web server, so make sure you are connected securely with the Green Padlock before sending sensitive information over the internet. HTTPS everywhere also forces third party resources to connect using encryption where possible.
uBlock Origin is a free and open source ad-blocker that will block almost all online advertising. It does this by detecting the code of the advert when you load a page using an open community developed blacklist. Using an ad-blocker gives you the ability to consent to view advertising as opposed to being forced to view them. Ad-blocking makes the web a lot cleaner, faster and safer (as adverts can be used to run malicious code). You can always disable ad-blocking on a site by site basis if you have any problems.
Note: Our preferred ad-blocker is uBlock Origin as it does not include an “acceptable ads” anti-feature where certain companies pay to not have their content blocked.
Privacy Badger is designed to block only the web content that attempt to track you across the web. The more you use it, the better it gets at blocking third party tracking and cookies. It blocks third party tracking more intelligently than a conventional ad-blocker but can also be used alongside them. Privacy Badger can occasionally break parts of a web page as it is still under development “click to deactivate Privacy Badger on this site” if you have problems on a specific page.
Alternate Web Search Engines
Duck Duck Go
A alternative search engine to Google that has a policy of not tracking it’s users.
Startpage
A search engine that proxy’s all your searches to Google through their server, partially anonymising your search.
Note: We recommend using the free and open source Firefox browser by Mozilla but Google’s Chrome browser has a reasonable security record but does include proprietary tracking components.
Last Updated 13/01/17
Please do contact us if you have any suggestions or corrections for this project. If you’re struggling to implement any of these tools, we suggest you primarily seek help within the project’s own communities. If you need assistance doing this, let us know.
You can also fork the project or submit pull requests on our Github page.
Further Links
Glen Greenwalk TED Talk “Why Privacy Matters”
EFF Surveillance Self Defence Guides
Prism Break – List of free and open source software alternatives.