Three Steps You Can Take to Protect Yourself From Online Spying

Illustration for article titled Three Steps You Can Take to Protect Yourself From Online Spying

The recent PRISM scandal has validated both the general public's growing unease with federal law enforcement agencies, and many of the fringe element's accusations about Big Brother's online behavior. Whether or not it's legal under the PATRIOT Act, just knowing that the government can rummage through your online life doesn't sit well with many folks. Here are some simple and effective ways of keeping your digital identity anonymous and your data your own.

Illustration for article titled Three Steps You Can Take to Protect Yourself From Online Spying

Encrypt Everything

Encryption has been around as long as the written word. In fact, written language itself is a form of encryption, albeit with a widely understood and publicly available decoding key (ie the ability to read Mandarin or Portuguese or English). Private data encryption, on the other hand, encodes the information on a hard drive, memory stick, cloud locker, or other storage medium so that without the proper "key" (that hopefully only the sender and intended recipient have access to), all the data appears as gibberish (same as trying to read Mandarin).

Encrypting your drives, both local and remote, is a really easy way to shield your personal data from prying eyes. Both Windows and Mac OS have built-in encryption systems known as Bitlocker and FileVault, respectively. On Mac:

  1. Security and Privacy
  2. FileVault
  3. Turn on FileVault.

For Windows 7 Ultimate or Enterprise and Windows 8 Pro or Enterprise users with computers running Trusted Platform Module chip:

  1. Control Panel
  2. System and Security
  3. BitLocker Drive Encryption
  4. Turn on BitLocker

If your system isn't equipped with a TPM chip, Bitlocker can't help you. TrueCrypt, an open-source full-disk encryption program that hides your data on a virtual encrypted drive, and DiskCryptor, which can use any combination of AES, Twofish, and Serpent algorithms, however they aren't nearly as picky about your hardware.

Plus they're both free and you can use them to encrypt your cloud lockers and mobile drives with them as well. I mean, services like Dropbox and, um, just Box already encrypt the data on their servers, but it's still readable to the service's employees and, consequently, law enforcement. Using TC or DC to generate a virtual drive to store files within the cloud service would prevent that.

Illustration for article titled Three Steps You Can Take to Protect Yourself From Online Spying

Surf Safely

Google's homepage sees roughly 20 billion traffic hits every month, according to Comscore, and every one of those searches is potentially up for federal scrutiny with the right court order (*snicker*) or just whenever some NSA analyst feels like it. Doing so is easy for law enforcement because Google logs user search data (along with massive troves of voice data). DuckDuckGo, on the other hand, does not. And with no data to store, there's no data to hand over to the Feds.


If you simply can't live without your Google Doodles, but also don't want to leave behind a trail of digital breadcrumbs during your surfing sessions, take a look at Tor. Short for "The Onion Router," Tor was originally developed by the Office of Naval Research as a means of protecting sensitive naval communications (say, the exact coordinates of our Pacific carrier fleet) from electronic eavesdropping. Since 2006, however, the program has been developed and maintained by the nonprofit Tor Project with funding from everyone from the State Department to the National Science Foundation and its user base is similarly diverse. The military still uses it, as well as civilians, journalists, whistleblowers, tipsters, hackers, and anybody else with something to hide on the Internet (read: all of us).

Tor works by encrypting the original message and destination information multiple times, like the layers of an onion, before sending the packet through a randomly selected series of relays (similar to proxy servers) around the Internet until it reaches the destination server. Every relay removes a layer of onion/encryption until the last relay sends over the decrypted message. Every communication back and forth between the originating and destination computers follows this protocol and each follows a different route through the digital ether so that eavesdroppers cannot guess where the decrypted message is coming from.


This form of electronic spying is known as "traffic analysis" and can be used to infer who you know, what your online habits are, where you're from, and all sorts of stuff. That's what makes it so valuable to legitimate law enforcement efforts and so skeevy to private citizens. And since traffic analysis only looks at the message header information (source, destination, file size, etc), encrypting the message itself does nothing.

And if you are on a public computer, the browser-based HideMyAss proxy service allows for both free anonymous web surfing and more extensive encryption and VPN (virtual private network) services for a monthly fee. Of course, HideMyAss isn't the only VPN game in town. For more information on how to use VPNs, take a look at VPNs: What They Do, How They Work, and Why You're Dumb for Not Using One.

Illustration for article titled Three Steps You Can Take to Protect Yourself From Online Spying

Use Common Sense

Don't stay logged in to your accounts if you're just randomly surfing the web. Also, use your browser's incognito function whenever possible. This helps reduce law enforcement tracking, though it's more useful against criminal snooping. The same is true for two-factor authentication. It's a given for protecting your accounts from hackers but doesn't do much to thwart Uncle Sam's snooping. Instead, minimize what you share on the Internet, duh. If it's not there, it can't get leaked, stolen, spied on, or otherwise messed with. I understand that sharing every little minute asinine detail of your life is commonplace nowadays, but look at what happened to those dumb criminals posting their exploits on FB or the Rich Kids on Instagram. They shared way too much information and paid for it. Don't be a schmuck like those guys, lock down your Facebook privacy settings instead:

  1. Go to Settings (the little gear in the upper right corner)
  2. Select Privacy Settings from the dropdown menu
  3. Select Security from the left menu
  4. Turn on everything: secure browsing, login notifications, the code generator, and app passwords. Clear out any Trusted Devices you no longer use.

And, this should go without saying, but clear your browser history and cookies regularly. Run routine virus scans to catch trojans, key loggers, and their ilk. Don't download email attachments from people you don't know. Generally, be smart about what you share online—and who you're sharing it with—and you'll be fine. [PC World - Forbes - GigaOm - Tor Project - Wikipedia - Top Image: mtkang, encryption: m00osfoto, surfing: Pavel Ignatov, common sense: ollyy]



I must be the most boring person on Earth.

Here's a fun exercise: Read up on what the NSA does. Then, take a good look at your emails, browsing history, and social networking account(s) and decide what the NSA would find interesting. Let me know, because when I look at mine, I begin to hope that some analyst has put me on a "boring as dog shit baking in the sun" list so they never waste their time (and my taxpayer dollars) looking again.