Digital Deadbolts Part 2: How to Protect your Security and Privacy Online
Hello readers! This is the first article in a series of articles I'm doing in collaboration with digital-issues advocacy group OpenMedia. You can also read this article on their website. Enjoy!
Last week, I talked about some different methods that you can and should use to protect your privacy and security online.
One of the key takeaways from that discussion is that each of you need to assess your own specific security requirements. A good deadbolt will stop most people from entering your home without your consent, but it won’t stop a skilled individual with a set of lockpicks, and it certainly won’t stop a battering ram. Likewise, the tools I discussed last week will protect most of us from most threats we face online, but they won’t necessarily stop sophisticated hackers with sophisticated tools.
Most of the time, you don’t need to worry about sophisticated attacks. Higher profile targets are people like journalists, dissidents, and political activists, who are less able to count on their data being safe, or their communications being private.
While investigating the Panama Papers, the International Consortium of Investigative Journalists knew that they couldn’t take any chances with their digital security. There are a number of groups that would be interested in compromising that investigation, including powerful politicians, big business, and criminals. Such parties are formidable adversaries, and may have the ability to hack into email servers, or demand e-mail content from service providers via warrant.
So even with basic digital diligence, not everyone will be able to fend off hackers. In such cases, we need to go the extra mile with digital security practices. Once again, let’s dig in.
(Note: The technologies we’re discussing today are inherently more complicated than those mentioned in part one. They take more time and know-how to set up, and specifics may vary depending on the particular product being used. In the interest of keeping this article a reasonable length, I won’t go into any details of set-up. However, links have been provided for further reading!)
Use a Virtual Private Network (VPN)
If you are concerned about your ISP or government actors looking at your internet traffic, you can turn to software tools that will help you anonymize your traffic. A VPN, or Virtual Private Network, allows a user to encrypt their device’s traffic and route it through another machine on the internet (a VPN server), making it difficult for an observer to figure out where the traffic originates.
You may be most familiar with VPNs for their ability to let you view websites from different countries with content restrictions. That's part of the reason that companies like Netflix have begun blocking VPNs – as a way to prevent the circumvention of geoblocking. But VPNs can also be used by citizens in nations with Internet censorship to access news and websites which might otherwise be blocked by government firewalls. A VPN can also sometimes be used to circumvent your throttling (by your ISP) of specific services, such as streaming video sites or gaming.
VPNs are not a perfect privacy solution – they can only so much. You'll want to select a VPN provider that does not retain activity logs. Log data such as IP addresses could indicate what you accessed, and later be appropriated by hackers or government actors. Also, browsing the web while connected to the VPN doesn’t prevent the websites you visit from identifying you through the use of tracking cookies.
VyprVPN, ExpressVPN, and TunnelBear are all VPN services that keep minimal or no logs on user activity.
Use PGP
Transport-level encryption (like HTTPS) keeps hackers from intercepting connections over the web. But what happens if someone actually breaks into your account? What if authorities obtain legal access to your email service provider? Encrypted connections don’t help in either of these scenarios. That’s why the aforementioned journalists who broke the Panama Papers story used PGP to make sure that the content of their emails was encrypted; not just in transit, but at all times.
PGP encryption (short for Pretty Good Privacy) works in tandem with your mail client: whether that’s Thunderbird, Outlook, Apple Mail, or Gmail’s web interface. PGP encrypts data before it’s even transmitted, and only the intended recipient has the key to decrypt it.
PGP has a much steeper learning curve than anything else on this list. Additionally, it’s a system that only works if it has been set up in advance by you and your correspondents, requiring both parties to install PGP software. That said, once it’s set up, it’s incredibly simple to use. And it’s an essential tool for anyone who needs to be absolutely sure that an email can’t be read by anyone but the intended recipient. EFF has a primer for PGP as well as guides for setting it up on Windows and Mac OS X.
Encrypt Your Hard Drive
Do you have sensitive documents? You may (rightfully so) be concerned about sending or storing sensitive them on a cloud-based service. As mentioned in the section about PGP, online services can be hacked, or their contents forcibly divulged by lawful warrants. The obvious alternative is to store files locally, but the disadvantage is that local devices – like laptops or USB thumb drives – can be stolen.
Having a password lock on a computer is a critical first step, and will protect it briefly. But if anyone gains physical access to your computer for long enough, the files are still readily accessible by a few different means. The ironclad solution is to use software that encrypts your disk. When a disk is encrypted, its contents can’t be read without a key or passphrase.
It’s pretty simple to encrypt your computer’s startup disk, and most operating systems now come equipped with an option to turn on disk encryption. Just be aware that if you ever lose your passphrase or key, your data will be inaccessible for good – make sure to remember that key and do regular backups! External drives are fairly easy to encrypt. Free software VeraCrypt (which owes its lineage to the now-discontinued TrueCrypt) is a good cross-platform solution for disk encryption.
If you feel up to using full boot-disk encryption, certain Windows editions come with Microsoft BitLocker, while Mac OS X ships with FileVault.
One of the key takeaways from that discussion is that each of you need to assess your own specific security requirements. A good deadbolt will stop most people from entering your home without your consent, but it won’t stop a skilled individual with a set of lockpicks, and it certainly won’t stop a battering ram. Likewise, the tools I discussed last week will protect most of us from most threats we face online, but they won’t necessarily stop sophisticated hackers with sophisticated tools.
Most of the time, you don’t need to worry about sophisticated attacks. Higher profile targets are people like journalists, dissidents, and political activists, who are less able to count on their data being safe, or their communications being private.
While investigating the Panama Papers, the International Consortium of Investigative Journalists knew that they couldn’t take any chances with their digital security. There are a number of groups that would be interested in compromising that investigation, including powerful politicians, big business, and criminals. Such parties are formidable adversaries, and may have the ability to hack into email servers, or demand e-mail content from service providers via warrant.
So even with basic digital diligence, not everyone will be able to fend off hackers. In such cases, we need to go the extra mile with digital security practices. Once again, let’s dig in.
(Note: The technologies we’re discussing today are inherently more complicated than those mentioned in part one. They take more time and know-how to set up, and specifics may vary depending on the particular product being used. In the interest of keeping this article a reasonable length, I won’t go into any details of set-up. However, links have been provided for further reading!)
Use a Virtual Private Network (VPN)
If you are concerned about your ISP or government actors looking at your internet traffic, you can turn to software tools that will help you anonymize your traffic. A VPN, or Virtual Private Network, allows a user to encrypt their device’s traffic and route it through another machine on the internet (a VPN server), making it difficult for an observer to figure out where the traffic originates.
You may be most familiar with VPNs for their ability to let you view websites from different countries with content restrictions. That's part of the reason that companies like Netflix have begun blocking VPNs – as a way to prevent the circumvention of geoblocking. But VPNs can also be used by citizens in nations with Internet censorship to access news and websites which might otherwise be blocked by government firewalls. A VPN can also sometimes be used to circumvent your throttling (by your ISP) of specific services, such as streaming video sites or gaming.
VPNs are not a perfect privacy solution – they can only so much. You'll want to select a VPN provider that does not retain activity logs. Log data such as IP addresses could indicate what you accessed, and later be appropriated by hackers or government actors. Also, browsing the web while connected to the VPN doesn’t prevent the websites you visit from identifying you through the use of tracking cookies.
VyprVPN, ExpressVPN, and TunnelBear are all VPN services that keep minimal or no logs on user activity.
Use PGP
Transport-level encryption (like HTTPS) keeps hackers from intercepting connections over the web. But what happens if someone actually breaks into your account? What if authorities obtain legal access to your email service provider? Encrypted connections don’t help in either of these scenarios. That’s why the aforementioned journalists who broke the Panama Papers story used PGP to make sure that the content of their emails was encrypted; not just in transit, but at all times.
PGP encryption (short for Pretty Good Privacy) works in tandem with your mail client: whether that’s Thunderbird, Outlook, Apple Mail, or Gmail’s web interface. PGP encrypts data before it’s even transmitted, and only the intended recipient has the key to decrypt it.
PGP has a much steeper learning curve than anything else on this list. Additionally, it’s a system that only works if it has been set up in advance by you and your correspondents, requiring both parties to install PGP software. That said, once it’s set up, it’s incredibly simple to use. And it’s an essential tool for anyone who needs to be absolutely sure that an email can’t be read by anyone but the intended recipient. EFF has a primer for PGP as well as guides for setting it up on Windows and Mac OS X.
Encrypt Your Hard Drive
Do you have sensitive documents? You may (rightfully so) be concerned about sending or storing sensitive them on a cloud-based service. As mentioned in the section about PGP, online services can be hacked, or their contents forcibly divulged by lawful warrants. The obvious alternative is to store files locally, but the disadvantage is that local devices – like laptops or USB thumb drives – can be stolen.
Having a password lock on a computer is a critical first step, and will protect it briefly. But if anyone gains physical access to your computer for long enough, the files are still readily accessible by a few different means. The ironclad solution is to use software that encrypts your disk. When a disk is encrypted, its contents can’t be read without a key or passphrase.
It’s pretty simple to encrypt your computer’s startup disk, and most operating systems now come equipped with an option to turn on disk encryption. Just be aware that if you ever lose your passphrase or key, your data will be inaccessible for good – make sure to remember that key and do regular backups! External drives are fairly easy to encrypt. Free software VeraCrypt (which owes its lineage to the now-discontinued TrueCrypt) is a good cross-platform solution for disk encryption.
If you feel up to using full boot-disk encryption, certain Windows editions come with Microsoft BitLocker, while Mac OS X ships with FileVault.
Final thoughts
Some of you may feel that the tools I’ve outlined are above and beyond what you need for your own personal security. That’s okay! Every individual or organization needs to assess their own risk level. As the Panama Papers have shown us, such tools are essential for enabling great work to be done without fear of interference. While some will protest that only the guilty have something to hide, the fact is that for the free press to function, complete secrecy is sometimes necessary. Moreover, everyone has something they'd rather keep secret; the ability to have private moments, thoughts, and communications is critical for democracy, and free expression.
As Edward Snowden once wrote:
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
Combination lock by frbird via VectorStock