Rough Estimate

View Original

How To Protect Your Data Online

A Complete Guide to Digital Privacy

Privacy on the internet might seem like an incredulous sentence nowadays. Asking for privacy on the internet today is like asking for a way to never be captured on public CCTV, or to fly abroad without using identification.

Gone are the days of the anonymous free exchange community. Now, Big Zucker is always watching, and expressing the wrong opinion can lead to censorship, banning, or even to less kind internet users looking to dox you – meaning the publication of your personal details in order to disincentivise you from further expressing said opinions.

To even want privacy is to be immediately ridiculed. Don't you know the NSA or the 14 Eyes affiliates are recording everything you do, collecting information from every country with a windows computer and tracking your every move? If that wasn't enough, Google is busy recording every detail about your life and feeding it to their super-intelligent AI, Deepmind, who is being groomed to one day take over the universe and upload our brains to the quantum hive mind.

It might feel like you’re wasting your time with privacy when you’re up against the most powerful government and company conglomerate in history. But that doesn’t mean that you have to make it easy for them. If government surveillance online was infallible, then cybercrime wouldn’t exist in the first place.

In the modern era, not taking precautions to protect yourself online is like leaving your front door unlocked with a big bag of your money in the front window. Everyone knows things like using longer passwords and two factor verification but most people will not go the extra step to secure their data.

Those who think they have nothing to fear might want to look at the spate of cybercrime just from the last few years. Facebook, Yahoo, JP Morgan, Wallmart, Home Depot, Whatsapp, and the US Department of Defence, are just some of the biggest hacks that have happened over the last few years. If you had details listed with any of these companies then they can be used by hackers to steal your money, dox your address, or commit fraud in your name.

Aside from illegal hacking, Silicon Valley appears to be conducting an organised information campaign in an attempt to defeat the great orange menace in the white house. This includes Amazon banning books, Apple doxing dissidents, and Paypal taking away livelihoods including credit cards and bank accounts. All in the name of political grandstanding.

Governments around the world are hardly any better. In most of Western Europe and Canada, you can now be hauled before a court for making jokes about sexual or racial minorities. Or any other protected groups that the identity commissars have decided need the law to protect them from hurt feelings. Although the United States has the first amendment for protecting freedom of speech, its local governments may find unsavoury ways of interpreting it. For example, New York City now has a law which states that a landlord can be fined up to $25,000 (£19,711) for “repeatedly” not using a transgender person’s pronoun of choice. And the 2017 PRISM program means that any data collected on you by the US government can be sold onto third parties with no consent needed.

If you live in a developing country where you are less likely to be prosecuted for violations of PC dogma, your actions online are probably tracked by armies of trolls employed at cyber-farms to report on any digital dissidents.

You're not doing anything wrong by taking precautions to protect yourself online. The police and government get their authority from the citizen body, not the other way around. When they abuse their power, people are in the right to defend themselves from it.

Without further adue, I'll here outline the complete guide to protecting your privacy online.

Please note. This is not a guide for journalists or asylum seekers at risk in authoritarian countries. Some of these tools may help, but a better option is to use TAILS (see a guide here) and doing jurisdiction-specific research. It’s also worth reading the UN’s safety guide for journalists, chapter 4, on Digital Security.

Rough Estimate receives no donations from any of the companies, organisations or sponsors listed below. This guide is not intended to condone illegal activity of any sort:



1: Wifi:

Encryption

The better encryption for wifi is WPA2 encryption. This is extremely important because any previous encryptions are very easy to hack for anyone who just reads an online guide about it. Set up WPA2 encryption here.

VPN

Use a VPN. In some countries like China or Iran they are essential. Nord, Vyper, and Express are the best but a little expensive. VPNs won’t protect you from all government surveillance because the government can usually track the data sent over the VPN connection, but they need a reason to do so in the first place. VPNs will hide your data from the government unless you’re doing something that gives them a reason to target you.

The above providers get around the data collection laws by being based in overseas territories like Panama and the British Virgin Isles. If you live in China there are faster and cheaper VPN options such as pgfast but that’s only recommended if you don’t care about your data being accessible to the Chinese government.

MAC Spoofing

The number one ways that governments and companies track your PC or phone is not through your IP address but through something called your MAC (Media Access Control) address. Your MAC address is simply a unique label that every device has. This is how your computer remembers Wifi connections and how public wifi limits you to a certain amount of data. Hackers also use it to monitor wifi traffic.

You can use a mac spoofing tool such as Technitium to temporarily change your mac address. Keep in mind it will void your warranty and forget your wifi networks.


2: Operating System:

Now this is a difficult one because for most people it's just convenient to use Mac or Windows. Both of them track you and both of them have exploits.

You can disable windows tracking with these apps. For Apple products, the best you can do is probably just disable location tracking. You can also manually disable many Windows features such as location tracking and network sharing.

Another important note is that the leaked documents from Vault 7 on Wikileaks revealed that the US government uses smart TVs and Amazon Alexas to spy on citizens and use algorithms to flag certain keywords. It goes without saying that you shouldn’t be using them if you’re interested in privacy.

TAILS

TAILS is a Tor based operating system for complete anonymity. Recommended for handling very sensitive information, See an installation guide here.

Linux

Many people prefer to use Linux based operating systems because of their flexibility when it comes to coding. Linux is open source which means hackers can exploit information more easily, but it has the advantage that exploits can also be fixed by the user. Fedora and Red Hat are popular, but Kali Linux is used by pen testers because many of the tools for hacking are already built in.

Virtual Box

For those who don’t want to stop using the convenience of Windows but want the option of other private OSs might consider using Virtual Box. This is a virtual machine that can set up another Operating System on your computer which prevents the rest of your machine from being corrupted if something goes wrong.


3. Security:

What a lot of people don’t realise is that the number one reason people get hacked is by simply not installing updates on their phones or computers. Those updates are often there to fix exploits, so make sure you keep your software up to date (unless you’re already in a dangerous situation, see UN safety guide chapter 4).

It’s important to note that it is practically unrealistic to encrypt all your data, and you will likely attract attention to yourself from the authorities. So a better option is to selectively choose which data you want to keep secret.

Have I been pwned?

The first thing you should do is go to this website, haveibeenpwned.com and type in your email address to see if it has been leaked onto any hacker websites.

If it has you should immediately change any passwords for the sites that it’s been leaked from.

Anti-Virus

Get a good anti-virus like Avast, Malwarebytes, or Norton Security and get the paid version for actual internet monitoring.

Password Managers

Get a password manager which can generate secure passwords and store them so that you don’t have to rely on memory and can link it to your other devices. Last Pass is the one I recommend but there are alternatives like 1Password.

Encryption

You can use Veracrypt to properly secure sensitive files on your computer if it gets hacked or falls into the wrong hands. Other tools used by journalists to encrypt hard disks are Filevault for Mac, and TrueCrypt or BitLocker for Windows.

Bleachbit is the software used to permanently get rid of files, made famous by Hillary Clinton’s magical email disappearing act.

Other Measures:

Cover your webcam and microphone with electrical tape. This might sound paranoid to some, but Mark Zuckerberg himself does this, which means that it’s probably not a crazy idea. Webcams and microphones can be hacked like anything else on your computer.

C-Cleaner is another good tool that can clean the junk from your PC and get rid of cookies that might be tracking your browser.

4. Browser:

Don't use Google. They track everything you do, coordinate data from other accounts, and use it to manipulate search results. Brave browser is built for privacy and has pretty much all the same features as Google Chrome. If you still use Google apps like Youtube you can set up Brave so that it clears the cookies when you exit.

Tor is the infamous browser that is used to access deep web servers. It uses a proxy relay network and can be used for security. While useful for doing anything particularly sensitive the extra security means it’s rather slow for most people. And doesn’t work in China at the time of writing.

5. Search Engine:

DuckDuckGo is the best privacy based search engine that I can find and works well with Brave browser. It also comes with an add blocker that is useful for stopping tracking cookies.

6. Email:

Protonmail is a very good email service that is built around privacy and offers free and paid options. It is difficult for people to change email because of the inconvenience, but it’s worth the effort to not have all your communications monitored.

Thunderbird, enigmail are cryptography based emails for secret communication recommended by the UN’s Safety Guide for Journalists.

There are other options for extra security like PHP encryption that Edward Snowden talks about using. But this requires learning some code and is slightly too complicated for most people.

7. Sharing:

Cloud services in general are a bad idea when it comes to privacy. If you upload things to it then whoever owns the service is able to monitor it.

You can use Onion share which is a Tor based cloud service that allows anonymous sharing.

Other alternatives for sharing large files is WeTransfer. Which is not built for privacy specifically but is not linked to other accounts and can allow you to send large files directly to email.

For writing you can use Open Office to avoid using Microsoft word or Google Docs. And Apple maps can be a good alternative to Google maps, or you can simply make sure you’re signed out while using it.

8. Phone:

Your phone is one of the easiest ways for others to track and monitor your communications, and collect data on you.

For secure calls, you can use a secure app called Signal which encrypts calls and is recommended by Edward Snowden, among others. Other available communication tools are Qtox for video calls.

For messaging, if you’re serious about security, the UN’s Safety Guide for Journalists recommend OTR, cryptocat, pidgin, and adium.

For people who just want to avoid surveillance, an app called Telegram is useful, although it is not fool-poof when used against actively authoritarian regimes. The app is outside of the Silicon Valley tech conglomerate and has not suffered a data breach comparable to WhatsApp or its other competitors.

Other useful tools can be getting an antivirus app like Avast on your phone for extra security. And using the app version of a password manager like LastPass.

Disabling permission to use your microphone and location tracking on your phone is recommended. Simply turn them on if you really need to use them and off again when you don’t.



9. Payments:

This is a difficult topic because depending on which country you live in, anonymous bank accounts may be illegal, mostly due to money laundering concerns. So do your own research before venturing into this one.

For real anonymity with payments you need to use a cryptocurrency like Bitcoin or Ethereum.

There are other sites like Sticpay and Solid Trust Pay that allow you to create a payment account which you can send payments through. Though they require you to upload ID to use certain features.

10. Extra Measures

Try to stay anonymous online. There’s a negative association with anonymous social media accounts, but generally the less information available about you online the better - so try to use social media sparingly.

When it comes to signing up for things, it’s better to use a fake name, email address, home address, and possibly card details if you’re not sure about the security of the website.

The fact is that many websites do not store information securely and even those that do can still be hacked.

Fake email generator.

Fake credit card generator.

Fake address generator.

If you need to contact someone over social media but are afraid it might be monitored you can use, Privinote which creates url links with messages that automatically self-destruct.

This article is regularly updated with relevant links and info. Please note the date of the article to be sure that provided information is current.


John Martin