Essential internet privacy tips, 2017 edition
It doesn't take a lot of effort to minimize the amount of private information you share with web sites, online ad networks, and other third parties. Here's the 2017 update to the rules of the road for protecting your internet privacy.
Keep Google at arm's length
When tech journalist Dan Arel decided to get serious about protecting his online privacy, one of the first things he did was switch to a search service that promises not to collect any information about you. As he writes in a September 26, 2017, article on the Huffington Post, Arel gave DuckDuckGo a try, but he found StartPage was more effective. StartPage anonymizes Google searches, so you get the same results, minus the tracking.
The next Google product to get the boot from Arel was the Chrome browser, which is one of the many tools Google uses to collect personal information, along with Google Maps, your YouTube search history, and other Google properties. Arel chose the Firefox browser, which has a reputation for being faster than Chrome and an interface that's similar to Chrome's look. You can use Firefox's bookmark sync function to import your Chrome bookmarks to Firefox.
If you want to take your anonymous browsing to the limit, use the Tor browser, which is based on a version of the Firefox engine but adds identity-protecting features. One of Tor's anonymizing tools prevents an internet surveillance technique called traffic analysis that "infers who is talking to whom over a public network," according to the Tor Project. If the watchers know who you're communicating with and some context of the communication, they can determine your behavior and interests, and often your identity and location, even if your network connection is encrypted.
Three essential (and free) privacy-protecting browser add-ons
No matter what browser you're using, download and install the Electronic Frontier Foundation's Privacy Badger to block online trackers, the EFF's HTTPS Everywhere to ensure you're using an encrypted link to sites whenever one is available, and an ad blocker, whether it's Ublock Origin (which Arel recommends) or AdBlock Plus.
I've been using and recommending AdBlock Plus for many years, but some people dislike the service's Acceptable Ads program, as DigiDay's Ross Benes reports in a March 17, 2017, article. As I have stated in previous Weeklies, the company behind AdBlock Plus, Eyeo, took on the job of determining what constitutes an "acceptable" web ad, and charges only large web services to allow their ads meeting the Eyeo criteria to display in browser windows. Some in the ad industry call this "extortion." I find it an equitable compromise in the absence of any other reasonable alternative.
End-to-end encryption: Protection worth paying for?
Using a secure browser loaded with a handful of privacy-protecting extensions is sufficient protection for most of us, but if you conduct business on the internet -- particularly business involving financial transactions -- spending a few dollars a month for a virtual private network service can be a wise investment. In an October 2, 2017, article, PCMag's Max Eddy compares 10 VPN services. Here are three takeaways from Eddy's review:
Free VPN services tend to be slow, and they often come with other limitations, such as data transfer caps by the day or month. Also consider that the way "free" web services make money is by selling what private information they collect about you, which defeats the purpose of maintaining your privacy.
Arel selected the Mullvad VPN service, but he also uses three different free VPN services on occasion: OpenVPN, ProtonVPN, and RiseUp. I have used OpenVPN in the past, but I'm not familiar with the other VPN services.
Protecting your text messages and emails
The Signal private messaging app is one of two Arel recommends (the other is Wire). The folks behind Signal recently announced a private contact discovery service that lets users determine whether any of the people in their contact list are Signal users, without sharing their contacts with Signal. The service is described in a September 26, 2017, post on the Signal blog.
According to Signal, the company strives to be as "zero knowledge" as possible: the content of your communications is known only to parties directly involved, not to any third parties. That includes the platform the communication travels over. On the other hand, the secure online storage service SpiderOak decided recently not to use the term "zero knowledge" because the company's use conflicted with the established academic definition of "zero knowledge" as gleaned from Wikipedia:
“[A] method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any information apart from the fact that the statement is indeed true.”
Don't ask me -- I got lost at "prover."
What SpiderOak refers to as "No Knowledge" jibes with Signal's "Zero Knowledge" philosophy: The service provider doesn't know what the content is, who owns the content, and who it is shared with.
Arel also recommends the OnionShare secure file-sharing service, and both ProtonMail ($5 a month or $48 a year) and Tutanote ($12 a year) for private email.
Wrapping it up with some easy privacy best practices
"Technology" and "simple" don't usually go together. Still, there are some no-sweat actions you can take to reduce the amount of personal information you share with third parties. Here are five security steps that don't require a big investment in time or energy.
Sign out of accounts when you're not using them. Even though you haven't used Facebook, Google, or some other service for hours, the service may be keeping track of all your activities if you haven't signed out. Make it a practice to stay logged into services only while you're actually using them.
Set your browser to block third-party cookies and delete all cookies on exit. This is a one-time change that will do wonders to keep the trackers at bay. For instructions on accessing the cookie settings in Firefox, Chrome, Edge, Safari, and Opera, see the May 31, 2017 post by Comparitech's Chris Stobing.
Use two-factor authentication to protect your most-sensitive accounts. The EFF's September 22, 2017, Guide to Two-factor Authentication on the Web describes four different types of 2FA used commonly by sites. The service Two Factor Auth lists sites that do and do not support 2FA by category, such as Government, Finance, Retail, and Social.
Don't use public wi-fi. Like, ever. Okay, I admit that I sometimes sign into a public wi-fi network, but while signed in I refrain from logging into any sensitive accounts. As an alternative to trusting public hotspots, try using your phone instead of your computer. The cell network is much safer, and depending on your service, it may not be much slower than using a public wi-fi network.
Oh my God, not passwords again. Please anything but passwords. I'm as tired of writing about passwords as you are of reading about passwords. I'll say only one thing: The longer the passphrase, the stronger the passphrase. The rest I'll leave to the EFF's guide to Creating Strong Passwords.
Google and Facebook are "the Harvey and Irma of journalism." So says British journalist Sir Harold Evans. AlterNet's page views and revenues took a big hit when the two journalism giants tweaked their secret algorithms in an attempt to block hate sites and fake news. Many other progressive sites have been affected likewise. AlterNet executive editor Don Hazen is reduced to pleading for help from readers.
News outlets are only some of the millions of businesses that rely on Google and Facebook for their success, yet a small change to a proprietary -- and secret -- algorithm by one of the two internet behemoths can put them out of business in no time. That's power. And unaccountable, to boot. I'm just sayin'.
The problem with the First Amendment's speech protections is that they were intended to protect speakers from repression by the government. Tim Wu, Professor of Law at Columbia Law School, writes in a September 2017 paper on the Knight First Amendment Institute site that the First Amendment "presupposes an information-poor world, and it focuses exclusively on the protection of speakers from government."
Speech is no longer scarce. Listener attention is. Google and Facebook are in the business of reselling people's attention. With the rise of filter bubbles, we're constantly fed information that merely echoes and amplifies our existing beliefs.
According to Wu, the internet has made it easier to "weaponize speech as a tool of speech control.... [C]heap speech may be used to attack, harass, and silence as much as it is used to illuminate or debate." The First Amendment is ill-equipped to combat speech intended solely to suppress other speech.
This leads Wu to consider alternative legal protections to guard against misuse of speech. Wu points out that political speech must remain protected, but the free-speech battles most at issue today involve commercial speech, such as "the right to resell patient data." The first option is to broaden the interpretation of the First Amendment's speech protections, but Wu points out the limitations of this approach.
Could the "state action" the First Amendment requires be expanded via "accomplice liability"? Wu cites several cases that support such a possibility. Another option is to view Facebook, Twitter, Google, and other "major speech platforms" as state actors for First Amendment purposes, though Wu concludes doing so would likely introduce more problems than it solves.
Wu concludes that the best approach to protecting the weaponization of speech and the flood of "unwanted speech" is through existing and new legislation. He highlights the shortcomings of a Fairness Doctrine for social media similar to the regulation of broadcast media of an earlier age, but he admits that such an action by Congress may be the most reasonable and effective solution to a problem that poses a serious threat to our democracy.
Motivated in large part by recent happenings in Catalonia, Xnet has published a "Basic how-to guide for preserving fundamental rights on the internet." The guide is intended for "activists, journalists, and citizens whose fundamental freedoms and rights on the Internet are being restricted by state powers or authoritarian governments." I would think that's just about all of us.
Topics include how to access sites that are arbitrarily blocked by state actors, how to encrypt your mobile device, and how to overcome attempts by government and others to monitor your online communications. In the past, I've noted that not everyone requires these types of privacy precautions, but with each passing day, they get closer to becoming everyday tools for your average, ordinary internet user.
Immigration courts must now consider the ability of defendants to pay. The decision of the U.S. Court of Appeals for the Ninth Circuit in Hernandez v. Sessions, published on the ACLU site, finds that the district court did not err in ruling that, when determining a bond, immigration officials must consider the financial ability of the defendant to obtain a bond, as well as alternative conditions of release.
As Vivian Yee of the New York Times writes in an October 3, 2017, article, the U.S. Supreme Court is hearing a case, Jennings v. Rodriguez, that will determine whether immigrants facing deportation have the right to have their detention reviewed by a judge. At present, some people are being detained for years without a hearing, according to Yee. As more people face potential deportation, the question of whether constitutional protections apply to them becomes more pressing.
Speaking of the rise in immigrant detention, the Trump Administration (cough-hack) set up a hotline called Victims of Immigration Crime Engagement (VOICE) intended to support victims of crimes committed by "removable aliens." Splinter's Daniel Rivero and Brendan O'Connor report in an October 3, 2017, article that the hotline is being used to "lodge secret accusations against acquaintances, neighbors, or even their own family members, often to advance petty personal grievances."
The government states explicitly that the hotline is not meant for reporting crimes. Yet by analyzing transcripts of calls received by the hotline, Rivera and O'Connor found the calls rarely involve any serious crime or dangerous activity at all, as originally intended. Nor are the callers victims of such crimes. Instead, the calls usually are an attempt to report a petty offense or identify someone the caller believes is merely in the country illegally.
Fake news comes to the Supreme Court. During arguments about gerrymandering before the U.S. Supreme Court this week, Justice Samuel A. Alito, Jr., questioned a lawyer arguing against the current politicized system of setting districts, citing the results of a study that found the existing process had little effect on partisanship. Dana Milbank of the Washington Post writes in an October 3, 2017, article (on Flipboard) that the justice got it all wrong.
Alito said he was citing a study published in the 2000s, when in fact the information he quoted was taken from a much earlier version of the research that used data from the 1970s through the 1990s. The scientist who authored both studies points out that the results of the most recent research from the last two "election cycles" shows the detrimental impact of gerrymandering on the fairness of election results.
As I wrote in the December 6, 2016, Weekly, the current totalitarian regime is engaged in a full-scale attack on our right to vote. Milbank wonders whether the five Republican nominees on the court will "defend their patrons by allowing this perversion of democracy to continue."
There's this old computer-industry term that keeps floating through my head as I ponder the outcome of the current political/technological situation: "Fix on failure." That's when a programmer or hardware designer stops hunting for flaws in their designs and simply waits for something to go wrong. Then the person either effects repairs or junks the product and starts over.
Well folks, we're racing headlong toward a Dumpster-fire democracy and a through-the-guardrail-into-the-abyss technological landscape. Is it too soon to start thinking about what kind of a world we'll be able to build out of the ashes? Something to think about until the next Weekly, which will be shorter than this one, I promise!