Today I was reading my newsfeed and I came across a story from Forbes where Microsoft actually admits that they can not disable the automatic spying in Windows 10. Now that is quite alarming, but not surprising in this long trend of invasion of privacy. So it begs the question: Liberty or Safety? We have the NSA, which, unless you have had your head in the sand for a few years, you should know has been engaged in a mass data collection operation which Edward Snowden blew the whistle on. It’s no wonder over the years the rise of software, with an emphasis on anonymization and encryption, has taken off in the open source world. Even Apple has heard the cries of the people with a more secure system to encrypt data, known as a “trustless” system, where Apple itself doesn’t have the ability to get into mobile devices with iOS 8 or later – the same is true with Google (although I will touch on Google in a bit). The FBI last year blasted Google and Apple for thwarting law enforcement, with FBI Director James Comey saying:
“There will come a day when it will matter a great deal to the lives of people… that we will be able to gain access [to such devices] … I want to have that conversation [with companies responsible] before that day comes.”
It is Orwellian to suppose that the government should have access to all data whenever, sometimes for the flimsiest of reasons, under the blanket justification of “safety” – as evidenced by the developer of crypto.cat. Crypto.cat is an extension and web platform capable of running through even the Tor network and which can create chats and chatrooms encrypted end-to-end with a log deleted within minutes of when the connection closes. It also allows individuals to host their own servers with the source code.
But it is important to note any information on the cloud, whether it’s Google or Apple, is available to law enforcement. The protections I mentioned only apply to hardware. But Google also has a bigger issue: they collect almost as much data as the NSA on your daily cyber habits. So the government can learn everything they need to know, potentially without ever serving you an actual warrant. How can this happen? Simple, if you read Google’s policy you’ll realize you aren’t even the owner of your own stuff, and it basically spells out that they have the right to use it to market ads and such towards you. Google even got caught violating privacy laws and settings on your devices to gather more information on you.
Now I should note before going forward: my expertise is in computers, with a background in Linux, Windows, Mac, computer networking, and computer security specifically in the medical and dental fields. I tend to get upset at Android “fanboys” who hate on Apple, because there are a lot of privacy and security issues in the Android world you do not find in the iOS world. For example, it is estimated that 87% of all Android devices are vulnerable to cyber-attacks, and there is no frequent, fast, and reliable patching schema in place like iOS or even the Windows phone has. Android software support is so poor in my experience that it appears most new Android devices are left unsupported within 6 months to 1 year; 2 years if you’re lucky (but usually that is reserved for Google Nexus series phones).
But then we have the “scroogled” issue again. Google has access to almost every single bit of your life. Now the Windows phone, since it falls under the same Windows 10 platform, has the same problem. Apple still has the rights to your data; however it is to a much lesser extent. The evidence shows when you have a clear difference in the priorities of iOS users and Android users, iOS users simply care more about security and privacy than Android users. The Android fanboys are always the ones talking about “latest and greatest hardware,” however I am one of the many IT guy who simply doesn’t play favorites and asks the simple question: “how private and secure is the data?” I don’t play favorites when it comes to hardware; I simply use what is the best all-around for having to deal with HIPAA, and such in my day to day job.
Open Source to the Rescue
As I said before, I don’t play favorites on devices; I just use what’s best for the job I am doing. I have an Android tablet, an iPhone, a MacBook Pro, a Surface Pro 3, and the rest of my computers and devices are all running one of the several Linuxes I use – Xubuntu, Kali, Ubuntu, and Sophos UTM, to name a few. Ok, so maybe I favor Linux quite a lot more; but remember, Android is a flavor of Linux based on Debian Linux. Debian Linux also happens to be what Xubuntu/Ubuntu (which I frequently use) are based on as well. To fix the issues I mentioned with Android and being Scroogled, the answer however is quite an easy one. You just need to buy or make your Android phone what we call “Googleless.” What does that mean? Well, Google open sourced the code for Android, which means anyone has access to it, as well as to modify and “fork” the code into a new project – thus why the Free and Open Source Software (FOSS) Movement has been the unsung hero to so many. I will detail a few things one can try; however you should take note of a saying of mine: “when in doubt, don’t do it.”
Use Android? Go Googleless!
You can look up an alternative to the “vanilla” Android, called CyanogenMod, which is available for anyone to download and install. Some phones are presold with it installed, but since this is an open source project some phones and tablets will be better supported than others. But the other advantage is that updates for CyanogenMod are more frequent; even for some devices that are no longer even supported via mainstream updates. Now, I personally have not used this program, but several of my IT friends swear by it. I also like how it does not force the Google apps on you, but rather allows you to choose what to install. By default, it doesn’t even come with Google Play store preinstalled; you actually have to add that if you want.
Do you browse the Internet? Use only Open Sourced software
As I mentioned before, Google is Scroogling you, and Microsoft isn’t getting any better either. Obviously one should stop using Google Chrome and Internet Explorer. I highly recommend Mozilla Firefox – whether it’s for Mac, Windows, or Linux. But if you are using Google’s Chromium, which is Google’s open sourced version of Chrome, minus Google’s proprietary code, you are perfectly fine. This is because Chromium is open sourced like Mozilla Firefox, meaning people can review the code. I have some extra tips and tricks for you to even further protect you online by installing a few Firefox addons:
- Adblock Plus: Does as the name says: blocks ads. Ads are the #1 way of tracking you online. It also removes them from cluttering your browsing experience. It can also block malware sites and social media buttons (scroll down on the page that comes up as soon as it is installed).
- Adblock Plus Element Hiding Helper: Companion to the above but for text ads.
- HTTPS Everywhere: Created by my favorite non-profit, the Electronic Frontier Foundation. It forces your browser to use an encrypted connection.
- Mozilla Lightbeam: Not necessary, but if you want to better understand how your data is collected and shared, install this extension. It will track data and plot its connections on a network diagram. Really helps you understand how little privacy you have online.
- Cryptocat: An open sourced extension for Firefox, Chrome, iOS, Android, and Tor Browser. Highly recommended if you want secret, encrypted, and even anonymized (via Tor) chats 1 on 1 or in a group. When the chat is closed logs are scrubbed.
Those are the main extensions I recommend that won’t interfere with daily use of the browser for average users.
For additional security on the web, even though it is not open source, I would recommend installing Malware Bytes Anti Exploit. It is a free edition – make sure to uncheck the trial while installing it. Malware Bytes creates several layers of security around your browser to keep bad things from crawling out of the browser into the rest of the computer (it works well with Chrome and Internet Explorer as well).
So you want privacy on the Internet?
If you want to browse the internet completely anonymous you can use I2P or Tor. I personally use Tor more, since it is the most popular vehicle to going on the internet anonymously. Of course, I do advise you to read the Tor Project’s advice on changing browsing habits for it to be 100% effective. This is not your everyday browser. It allows access to the Deepweb, where it can get pretty dark at times. This is the area of the internet where you can find the overt failures of international gun control and the War on Drugs.
For the ultimate way to be anonymous on the internet, you can use a special version of Linux called Tails . Tails incorporates Tor from the ground up into all the networking. Plus is a full-fledged “Live” Operating System running on a flash drive. It’s as simple as installing it to a flash with a tool like Rufus, and then booting the computer from the flash drive. The advantage of a “Live” Linux is that no data is saved unless you explicitly tell it do so. So each time you boot it is completely clean, and each time you close, nothing is saved by default to the computer or to the flash drive.
The other part of remaining anonymous online means using money that isn’t actually tied to your name. I prefer doing as many transactions as possible with Bitcoin. Microsoft accepts it for my Xbox Live, Newegg.com takes it for computer parts, and I even get my hot sauce from a small company called Pex Peppers. It is much more secure than a credit card. This is due to the spending nature of Bitcoin. It is more similar to cash than a credit card, despite the actual spending/receiving process being more similar to that of an email.
Encrypt! Encrypt! Encrypt!
Both Mac and Windows don’t enable encryption by default (on Windows it is only available in Pro or higher versions). This means if I merely remove your hard drive and plop it into my computer, I wouldn’t even need your password. But this isn’t just limited to files locally on your computer, but also to files stored in the cloud. I know people say the cloud isn’t the most secure; while that may be true, you can take extra precautions to prevent that. For example, my favorite tool available for Mac, Windows, and Linux to encrypt all my files is called VeraCrypt. What it does is allow you to create a ‘container’ to put files in. You can encrypt whole drives, partitions, and whatever with this tool; then use it to open the container with your password, keyfiles, or however you chose to lock the container. I personally encrypt with a Triple Encryption with a Whirlpool hash, and that should give even the NSA a bit of trouble getting in for a few months. I use this for all my most sensitive documents stored locally and in the cloud. All are in their own separate containers.
In conclusion, I hope this article gives some insight into the privacy issues we face in the modern world, while also making us think more clearly about what we do online, and what we do to protect ourselves online.