Top 18 Tips to Improve Online Privacy From NSA Surveillance

The_Day_We_Fight_Back_-_banner

Big Brother is Watching

Big Brother is watching. But we already knew that, didn’t we?

It’s been about half a year now since Edward Snowden announced to the world the depth of the NSA surveillance. We all knew that we were being watched to some extent, that the internet was never really as anonymous as we pretended it to be. None the less, the depth of the NSA surveillance and the co-operation of the major corporations that we have entrusted with our private information has come as a shock to us all.

Desire for Privacy

Why do you care unless you have something to hide?

Keys-iconI hear this all the time. For some reason people equate a desire for privacy with the need to hide secrets.

At your house, you probably have blinds on 90% of the windows and even if they are usually open, their is comfort in the ability to close them at will. There isn’t a huge desire to share our personal lives and what goes on inside our homes with every neighbor and stranger passing by. This doesn’t mean we have something to hide, it’s just not always the version of us we want to announce to the world.

A desire for online privacy is like having blinds on your windows. I am not doing anything illegal but that does not mean I want every search term, email and conversation I have had archived and categorized, as sometimes it’s not the perfect public persona I want the world to see.

[hr]

18 Tips to Improve Your Privacy with Free Services and Open Source Software

Hide Your Browsing

1. Use an HTTPS Proxy Server or HTTPS Everywhere Plugin

Hidemyass-Logo-NewA secure proxy server will allow you to encrypt all your browsing traffic between you and the proxy server. This means that any “hops” you make between yourself and the internet (such as your ISP, or work) will not be able to read the traffic going on.

Find a free HTTPS proxy server at https://hidemyass.com/proxy-list/

https_everywhere_new_logoAn alternative to an HTTPS Proxy Server based service is to use a browser plugin called “HTTPS Everywhere” which will automatically use the SSL version of any website you visit (if available!). Please note this plugin is not 100% fool proof security because it just takes advantage of existing SSL functionality and doesn’t automatically enable it on 100% of the internet.

https://www.eff.org/https-everywhere

2. Use an SSH Tunnel

putty ssh tunnelAn SSH Tunnel is a proxy server taken 1 step further. In this we create an encrypted Telnet connection to a remote server and are able to funnel any “SOCKS5” enabled traffic through our connection.The benefit to this next step over an SSL proxy is that we can proxy more then just HTTP traffic and can hide even more of what we are browsing as

In order to do this, we of course need a remote server/computer willing to accept SSH connections from us, which generally means you need to own a server somewhere.

A great place to find a dirt cheap VPS is at LowEndBox which is a VPS sales tracker focused on low budget VPS solutions. There are often deals where you can get a VPS for less then a few dollars a month.

After that, we install Putty or Kitty and create your ssh tunnel.

3. Use a VPN Service

The limitation of an SSH tunnel is that we can only route traffic which specifically supports proxy traffic through it. If we have some random applications we want to mask the behavior of we may not be able to do so.

A VPN service essentially replaces the entire network on your computer with a new virtual network. Your applications don’t notice the difference, but all outgoing network traffic is re-routed through a secure/encrypted connection to a 3rd party server. This allows you to not only browse and access the internet free of prying eyes, but also anonymizes your traffic for all software you use.

Ovpntech_logo-s_REVISEDAgain, we can use a budget VPS we can use it to run a VPN server using the open source VPN solution OpenVPN.net.

If you don’t want to manage your own server, there are plenty of premium VPN services. I personally recommend PrivateInternetAccess.com due to their low pricing and strong quality of service.

4. Use TOR to Anonymize Your Browsing

The one big glaring issue with all the proxy/vpn services we have discussed is that we are connecting our traffic through a single endpoint. How do we know if we can trust that end point? We know that many major corporations are freely handing over data to the NSA so how can we know a VPN provider isn’t doing the same?

Tor_project_logo_hqwww.torproject.org attempts to remedy this situation by creating a peer-to-peer proxy network. Users on the network essentially create a web of proxy tunnels where your traffic gets routed from point to point to point before retrieving (or serving) the information. The route your traffic takes is anonymous, you only ever know who your “neighbours” are and no information is stored that can uniquely identify you as a specific user requesting data.

Clean Up Your Web Presence

5. Take Password Security Seriously

keepassIt makes life so much easier to just use the same password everywhere, but if one location gets hacked or leaks that password out, your accounts all across the net are compromised as a result. You should use a different password on every website you visit and your password should be a true string of random characters including letters numbers and special characters.

The Free and Open Source software KeePass allows you to safely and securely generate and save strong passwords for every site you visit. You will only ever need to remember your password to get into KeePass and from there you can copy and paste your strong password into the sites/services you use.

6.Use Temporary Email Services

Every site and service you join wants your email address and ends up spamming you newsletters. Some of the less reputable sites even go so far as to share your email information with others or sell it to spammers. Stop giving it away so easily! If you are joining a new service and just need a temporary email account you will never need again then just use a temp email service.

GMLogo-original

Guerilla Mail – Let’s you create temporary email accounts that are active long enough to activate your links and move on with your life. If they get spammed as a result, you don’t need to worry about it yourself!

7. Fake Account Info that is Not Necessary

I can’t count the number of times I have signed up for some kind of site or service where they ask for every little detail about me including my full address even though it’s absolutely not necessary for what I am signing up for! I’m not suggesting go wild with fraud on this one. A paid service legitimately needs billing information for their records, but there are tons of sites out there just trying to farm the data to spam you later on when it’s not necessary for what you’re registering for.

fakenamegenerator.com lets you automatically generate fake but valid enough information to pass authenticity checks by the server.

Avoid Free Online Services With Plaintext Data Storage

8. Email Services Like Gmail and Hotmail are Not Secure

Ever wonder why Google is so happy and willing to give you 15GB of free email space? Your emails are being stored in plaintext and are being used to harvest information about you in order to deliver targetted online ads. Not only that but it’s known that the big software giants are freely sharing their data with the NSA. So if you are hosting your email with Gmail or Hotmail, the NSA likely has free carte blanc access to your emails!

hushmail logoConsider either hosting your own email service (use your budget VPS from above!) or using a secure email service such as hushmail.com.

Or, continue using your gmail account but use PGP Encryption when emailing or receiving sensitive data.

9. Free Cloud Storage Solutions Are Not Secure

I love cloud storage. I use it often since I have 4 computers in my life that I go between on a regular basis. But… Cloud Storage is most definitely is not secure. Much like the above, the free storage space provided by Dropbox, Google and Microsoft is free for a reason. Your files are being used to harvest data and are quite likely accessible via agreements with the NSA.

spideroak-logo-cloudWhat can we do to fight back?

  • Encrypt Cloud Storage files with TrueCrypt
  • Use secure Cloud Storage solutions such as spideroak.com or wuala.com that encrypt your data before storing.
  • Use OwnCloud on your VPS to run your own personal cloud storage service.

10. Google Search is Tracking You

Have you ever noticed how Google Search Engine and the Chrome browser always want you to be logged in? Well… One good thing about being logged in is that your search terms are hidden from 3rd party websites. That is great, but that doesn’t mean your search data is not being tracked and saved by Google themselves. Of course they are, that is their business.

circleduckshadesIf you use a proxy and do not keep yourself logged into Google or Chrome then it limits the ability for Google to track what you are doing online to you specifically.

Alternatively, you way may want to drop Google entirely for a search engine that doesn’t track your usage, such as DuckDuckGo.

Clean Up Your Computer

Yes. Tin-foil hat category, but if Microsoft is partnered with the NSA, does that not mean that our Windows driven computers might be phoning home with all sorts of personal details?

11. Incognito Browsing

Use the “Private” (Firefox) or “Incognito” (Chrome) mode on your browser to prevent it from saving any history / cache files to your disk. Otherwise your browsing history just sits there for months and months to be accessed!

12. Create a TrueCrypt Drive to Store Sensitive Information

truecrypt_flurry_icon_by_flakshack-d4jjwdoTrue Crypt is a great piece of free open-source software allowing you to encrypt folders or entire drives with high end encryption. Although you can encrypt entire your entire file system with this software, I personally prefer just creating encrypted volumes which can be opened and turn into an encrypted drive. The reason for this is that the encrypted volume is not just open every time you are on your computer and is only opened when needed and can be closed immediately after.

If you want to get extra tin-foil hat, try creating a network adapter-less Virtual Box instance inside a TrueCrypt volume! The Virtual Box VM will act as a black box and ensure our information is not leaked upon the Volume being opened into other parts of the OS or out to someone over the internet.

More ideas? Try using portable versions of apps / browser that keep all their data contained to a folder and place these in your TrueCrypt folder.

UPDATE: The developers of True Crypt have ceased development as of version 7.1. According to security audits, it is believed that this final version is unexploitable and safe to use (despite therebeing a number of bugs, not necessarily affecting the security of your encrypted drives). Any versions newer than 7.1 are forks of the original project and should be viewed skeptically, since a number of people out there are trying to capitalize on the project and use it to exploit unsuspecting users.

For more information, and a list of alternatives please visit:

https://www.comparitech.com/blog/information-security/truecrypt-is-discoutinued-try-these-free-alternatives/

13. Install a Trustable Firewall and Monitor Outgoing Connections

721px-Pfs-logo-vector.svg

Usually when we think of a Firewall we think of blocking connections from getting in. What about the unwanted connections being made from your computer out to the internet? What applications on your computer are phoning home??

Try cutting the cord with Windows Firewall and installing a strong full featured open-source firewall such as PFSense.

14. Erasing Data Does Not Actually Erase It

eraserlogoWhen you erase a file on your computer it does not actually fully erase it. It is just marking the blocks as deleted and allowed to be used for space in the future. Who knows what content you once deleted thinking it was safely vanished that still lurks on your HDD’s?

Even if you 0’d out the data, there is technology out there that is capable of reading the remnants of magnetism left on the HDD to tell what used to be written there! Scary stuff.

Eraser is a free Windows based tool that is designed to rid your free/deleted HDD space of it’s data once and for all. It uses a complex algorithm in which deleted sectors get re-written to with opposing sets of data over and over to ensure that any possible trace of the data is gone for good.

Mobile Device Privacy

Your cell phone data is being tracked by the NSA.

15. Protect Your Phone Calls With Encrypted VOIP

redphoneRed Phone is a Free and Open Source application for Android that provides end to end encryption for your phone calls using VOIP. The limitation is of course that both parties will need to use the application, but for matters you wish to hide that is a small price to play.

Unfortunately I am not aware of a completely free alternative for iOS but you may want to check out Silent Phone.

16. Protect Your Text Messaging with Encrypted Text Services

textsecureUse TextSecure Private Messenger (Android) to text back and forth using end to end encryption. Again, same with the VOIP, all parties involved in texting will need to use the application to receive or send encrypted texts.

iOS users may want to check out the alternative Chat Secure which does the same thing for iPhone/iPad devices!

17. Use Secure Mobile Browsers for Private Browsing

The limitation in configurability of most mobile browsers makes it difficult to slap a proxy or VPN onto our phones for secure browsing. However, it’s possible to bring the anonymous power of the TOR network to your cellphone with these great apps.

orweb browserOrweb: Private Web Browser is a TOR network enabled browser for Android mobile devices. Simply download the app and appropriate plugins and you’ll be able to browse anonymously and circumvent any restrictions / surveillance.

An alternative for iOS users is Onion Browser.

 18. Your Cellphone Shares Your Location

Detailed location data is tracked by cellphones around the world.

Can you partially prevent this by disabling your GPS when not in use. However, remember that whenever you use your device (calls, texts, data) your phone is connecting to nearest cell phone tower. As such, your location can be triangulated, even without GPS tracking on. If location tracking worries you the best thing to do is simply leave your phone at home when going out somewhere you don’t want shared.

 

Derek Eatough
Derek Eatough

I am a Software Developer from Winnipeg, Canada. I am a strong supporter of open source, community-driven development, and believer in digital rights to freedom of expression and privacy.

Articles: 22

4 Comments

  1. “use your budget VPS from above”, yah because those guys would never turn your data over if asked by the nsa. also I have heard much talk that the nsa has broken https encryption, and if not forcing any one of the certificate issuers to issue a false one should not be to hard for our friends in black.

    • Both good points and the VPS issue was touched on in #4 – TOR section. With any kind of 3rd party service (VPN / Tunnels / etc) we can never be too sure whether that entity is co-operating with the NSA or how easily they will hand over their data. We have seen some give it up freely, and some other companies shut-down to protect their client’s interests. These kind of services add a layer of obfuscation for casual privacy needs, but if you legitimately have something to hide (or are extra tin-foil hat sensitive) then using TOR networks for internet is probably your best bet.

      Interesting comments on https. I know that the openssl vulnerabilities blew a gigantic hole in internet security but hadn’t read anything more then that about ssl vulnerabilities.

Comments are closed.