The ongoing NSA spying revelations have highlighted just how much we have sacrificed to the gods of technology and convenience something we used to take for granted, and once considered a basic human right – our privacy.
It is just not just the NSA – governments the world over have been racing to introduce legislation that allows to them to monitor and store every email, phone call and Instant Message sent or received, every web page visited, and every VoIP conversation made by every single one their citizens. Parallels with George Orwell’s dystopian world ruled by an all-seeing Big Brother have been bandied about a great by the press of late, but are unfortunately depressingly accurate.
All is not lost however, as encryption provides a highly effective way to protect your internet behavior, communications, and data. The main problem with using encryption is that its use flags you up to organizations such as the NSA for closer scrutiny.
Details of the NSA’s data collection rules can be found here, but what it boils down to is that data from US citizens is examined, and then discarded if found to be uninteresting to the NSA. Encrypted data on the other hand is stored indefinitely, until such time as the NSA can decrypt it. All data relating to non-US citizens can be kept indefinitely, but sheer practicality suggests that encrypted data gets special attention.
If a lot more people start to use encryption, then encrypted data will stand out less, and surveillance organizations’ job of invading everyone’s privacy will be made much lot harder. Remember – anonymity is not a crime!
How secure is encryption?
Following revelations about the scale of the NSA’s deliberate assault on global encryption standards and the on-going fiasco that is the Heartbleed Bug, confidence in encryption is not as high as it was just a few months ago, so let’s examine the current state of play…
Encryption key length
Key length is the crudest way of determining how long a cypher will take to break, as it is the raw number of ones and zeros used in a cypher. Similarly, the crudest form of attack on a cypher is known as a brute force attack (or exhaustive key search), which involves trying every possible combination until the correct one is found. While it is true that if anyone is capable of breaking modern encryption cyphers then it is the NSA, to do so would be a sizable challenge. With regard to a brute force attack, please consider the following:
- A 128-bit key cypher would require 3.4 x10(38) operations to reliably break
- In 2011 the fastest supercomputer in the word (the Fujitsu K computer located in Kobe, Japan) was capable of an Rmax peak speed of 10.51 petaflops. Based on this figure, it would take Fujitsu K 1.02 x 10(18) (around 1 billion) years to crack a 128-bit AES key by force
- In 2014 the most powerful supercomputer in the world is the NUDT Tianhe-2 in Guangzhou, China. Almost 3 times as fast as the Fujitsu K at 33.86 petaflops, it would ‘only’ take it around a third of a billion years to crack a 128-bit AES key. That’s still a long time, and is the figure for breaking just one key
- A 256-bit key would require 2(128) times more computational power to break than a 128-bit one
- The number of operations required to brute force a 256-bit cipher is 3.31 x 10(65), a number roughly equal to the number of atoms in the universe!
Until the recent Edward Snowden revelations, it was generally assumed that 128-bit encryption was in practice uncrackable through brute force, and would be for another for another hundred years or so (taking Moore’s Law into account). In theory this still hold true, but the sheer scale of resources that the NSA seems to throw at cracking encryption has shaken many experts’ faith in these predictions, and system administrators around the world are scrambling to upgrade cypher key lengths.
It should be noted that the US government uses 256-bit encryption to protect ‘sensitive’ data (and 128-bit for ‘routine’ encryption needs). However the method it uses is AES, which as we shall discuss below is not without problems.
While encryption key length refers to the amount of raw of numbers involved, ciphers are the mathematics used to perform the encryption, and it is weaknesses in these algorithms, rather than in the key length, that often leads to encryption being broken.
By far the most common ciphers that you will likely encounter are Blowfish and AES, which are used by OpenVPN. In addition to this, RSA is used to encrypt and decrypt a cipher’s keys, and SHA-1 or SHA-2 are used as a hash function to authenticate the data.
AES is now generally considered the most secure cipher for VPN use (and in general), and its adoption by the US government has only increased its perceived reliability, and consequently its popularity. However, there is reason to believe this trust may be misplaced.
Note that OpenVPN uses the OpenSSL library, and (depending on which version is used) may be vulnerable to the Heartbleed Bug.
AES, RSA, SHA-1 and SHA-2 were all developed and/or certified by the United States National Institute of Standards and Technology (NIST), a body that by its own admission works closely with the NSA in the development of its cyphers. Given what we now know of the NSA’s systematic efforts to weaken or built back doors into international encryption standards, there is every reason to question the integrity of NIST algorithms.
Although NIST has been quick to deny any wrong doing (‘NIST would not deliberately weaken a cryptographic standard’), and has invited public participation in a number of upcoming proposed encryption related standards in a move designed to bolster public confidence, the New York Times has accused the NSA of circumventing the NIST approved encryption standards by either introducing undetectable backdoors, or subverting the public development process to weaken the algorithms.
Any existing trust was pretty much destroyed by news that a NIST certified cryptographic standard – the Dual Elliptic Curve algorithm (Dual_EC_DRGB) had been deliberately weakened not just once, but twice, by the NSA.
That there might be deliberate backdoor in Dual_EC_DRGB had already been noticed before. In 2006 researchers at the Eindhoven University of Technology in the Netherlands noted that an attack against it was easy enough to launch on ‘an ordinary PC’, and Microsoft engineers flagging up a suspected backdoor in the algorithm. Despite these concerns however, where NIST leads, industry follows, and Microsoft, Cisco, Symantec and RSA all include the algorithm in their product’s cryptographic libraries, in large part due the fact that compliance with NIST standards is a prerequisite to obtaining US government contracts.
When you consider that NIST certified cryptographic standards are pretty much ubiquitous worldwide throughout all areas of industry and business that rely on privacy (including the VPN industry), this is all rather chilling. Perhaps precisely because so much relies on these standards, cryptography experts have been unwilling to face up to the problem – at least until Silent Circle, the company which closed its Silent Mail service rather than see it compromised by the NSA, announced in November 2013 that it planned to move away from NIST standards.
NSA attacks on RSA key encryption
One of the revelations that came out of the new information provided by Edward Snowden in September is that, “another program, codenamed Cheesy Name, was aimed at singling out encryption keys, known as ‘certificates’, that might be vulnerable to being cracked by GCHQ supercomputers.”
That these certificates can be ‘singled out’ strongly suggests that 1024-bit RSA encryption (commonly used to protect the certificate keys) is weaker than previously thought, and can be decrypted much more quickly than expected by the NSA and GHCQ. Once a certificate key has been decrypted, then all exchanges past and future will be compromised if non ephemeral key exchange is used (i.e. if, as is depressingly common practice, a single permanent private key is used to decrypt all data).
This means that many forms of encryption which rely on certificates and non ephemeral keys must be regarded broken, including SSL and TLS. This has huge implications for all HTTPS traffic.
The good news is that OpenVPN, which uses ephemeral (temporary) key exchanges, should not be affected. This is because with ephemeral key exchanges a new key is generated for each exchange, and there is therefore no reliance on certificates to establish trust. Even if an adversary were to obtain the private key of a certificate, they could not decrypt the communication. It is possible that a man in the middle (MitM) attack could target an OpenVPN connection if the private key has been comprised, but this would have to be specifically targeted attack. Unfortunately, OpenVPN uses the OpenSSL library, and may be vulnerable to Heartbleed.
Since news that the NSA (and GHCQ) can crack 1028-bit RSA encryption became public, some VPN providers at least have beefed up their key encryption to 2048-bits, or even up to 4096-bits.
Perfect Forward Secrecy
Another piece of good news is that solving this problem (even for SSL and TLS connections) is not difficult if websites implement perfect forward secrecy, a system whereby a new and unique (with no additional keys derived from it) private encryption key is generated for each session. (i.e. use of ephemeral key exchanges).
Although still in the minority, more companies are beginning to use ephemeral keys, and those which do are largely immune to the Heartbleed Bug.
The takeaway – or So is encryption secure?
It is becoming abundantly clear that to underestimate the NSA’s ambition or ability compromise all encryption is a bad mistake. However, it remains the best defence we have against them (and others like them), and to the best of anyone’s knowledge strong ciphers such as AES (despite out misgivings about its NIST certification) and OpenVPN (once patched against the Heartbleed bug) remain secure.
As Bruce Schneier, encryption specialist, fellow at Harvard’s Berkman Center for Internet and Society and privacy advocate says,
‘Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.’
It is also worth remembering that the NSA is not the only potential adversary, and most criminals and even government organisations have nowhere near as much ability to circumvent encryption as the NSA does.
The importance of end-to-end encryption
End-to-end encryption means that data (including communications data) is encrypted at your end, and decrypted only at the intended recipient’s end. The important point is that no ‘middle man’ who can access your unencrypted data is involved. Because a middle man can always be regarded as suspect, end-to-end-encryption should be seen as an absolute must if you care about security.
A case in point is Microsoft, who while they encrypt all emails and files held in SkyDrive, also hold the encryption keys, and used these to unlock the emails and files of its 250 million worldwide users for inspection by the NSA.
Basically, services that encrypt your data on their servers, rather than you encrypting your own data on your own machine, should be strongly avoided.
An important limitation to encryption is that it does not necessarily protect users from the collection of metadata. Even if the contents of emails or voice conversations cannot be readily listened in on, knowing when, where, from whom, to whom, and how regularly such communication is made can tell an adversary a great deal, and is a powerful tool in the wrong hands (i.e. just about anybody).
For example, even if using a securely encrypted end-to-end voice service such as Silent Circle, your ISP (and anyone else watching) will still be able to tell who you are making the call to, whether you are calling from your usual location, how often you call, how long you usually chat, and much more. With such information it would be trivially easy to discover that you were having an affair (for example)…
However, the reason we said ‘not necessarily protect users’ is that technologies such as VPN and Tor do make the collection of metadata very difficult. In the example above, if you always connected to a VPN service when using the internet, all a watcher could tell is that you are connected to a VPN server, not that that you are using Silent Circle, let alone where and when you are using it…
Although the NSA does target individual communications, its primary concern is the collection of metadata.
The Heartbleed Bug (change all your passwords now!)
OpenSSL is by far the most commonly used cryptographic library on the internet, used by banks, VPN companies, online storage services – basically almost everything that requires a secure internet connection, and it is estimated that over two thirds of the internet was affected by the bug which went unnoticed by the cryptographic community for almost a year and half.
Even worse, if a system has been compromised using the Bug there is no way to know about it, and given the huge amounts of resources the NSA has at its disposal to discover such cryptographic weaknesses, it is likely that it, at the very least, knew about the bug but didn’t bother to tell anyone.
By exploiting the bug an attacker can access users’ accounts, steal their passwords, and even access private SLL keys. Yup, disastrous is the word! Hopefully most websites and services using the vulnerable versions of OpenSSL (ones using older versions were not affected) have updated their OpenSSL libraries to patch the vulnerability, plus re-issued their SSL certificates as these may have been compromised. Unfortunately this may be a somewhat forlorn hope, as at the time of writing almost half of the servers believed to be vulnerable in the days immediately following the Heartbleed disclosure remain susceptible.
Being sure that companies have done this is difficult however, and so far . A number of online tools are available to test servers for vulnerability to Heartbleed, but as this report details, these may not be completely reliable.
The whole mess is compounded by the fact that many companies claim to have fixed the problem simply because they have patched the vulnerability, but have not changed their SSL certificates. This is a bit like putting a fancy padlock on a glass door, as if they have already been compromised and the attacker already has access to the SSL certificates, they will still have full access the server.
If you are unsure about whether a particular service has properly fixed the problem, the best thing you can probably do is to contact them and ask what the situation is.
Most of the fixing is a server-side issue, and there is nothing you can do as a user, but once fixed it is essential that you change your passwords immediately! If a server has been compromised at any time over the last year and half the attacker will have your password, and if you use that password on more than one site, they can use it to compromise even services that were unaffected by the Heartbleed Bug.
What this means is that by now you should change your all your passwords (although if you change your password before a site has completely fixed all Heartbleed issues then it is still potentially vulnerable to hackers).
See our section in this Guide on how to make your passwords more secure. Ideally you should use a different password for every service and website you use (at least the important ones), so a password manager program may be the best solution.
One final note is that websites which have had the foresight to to implement Perfect Forward Secrecy are largely unaffected by the Heartbleed Bug, even if using a compromised version of OpenSSL.
Use FOSS software
The terrifying scale of the NSA’s attack on public cryptography and its deliberate weakening of common international encryption standards has demonstrated that no proprietary software can be trusted; even software specifically designed with security in mind. It is now a proven fact that the NSA has co-opted or coerced hundreds of technology companies into building backdoors into their programs, or otherwise weakening security in order to allow the NSA access. US and UK companies are particularly suspect, although the reports make it clear that company’s across the world have acceded to NSA demands.
The problem with proprietary software is not just that as sole developers and owners, companies can be fairly easily approached and convinced to play ball with the NSA, but that their source code is kept secret, making it easy to add to or modify in dodgy ways without anyone noticing.
The best answer to this problem is to use free open source software (FOSS). Often jointly developed by disparate and otherwise unconnected individuals, the source code is available to everyone to examine and peer-review, thereby minimizing the chances that it has been tampered with. Ideally this code should also be compatible other implementations, in order to minimize the possibility of a back-door being built in.
It is of course possible that NSA agents have infiltrated open source development groups and introduced malicious code without anyone’s knowledge, and the sheer amount of code that many projects involve means that it is often almost impossible to fully peer-review all of it. Still, despite these potential pitfalls, FOSS remains the most reliable and least likely to be tampered with software available, and if you truly care about privacy you should try to use it exclusively (up to and including using FOSS Operating Systems such as Linux).
Steps you can take to improve your privacy
So with the proviso that nothing is perfectly foolproof, and if ‘they’ really want to get you then it is probably worth assuming they can, there are steps you can take to greatly improve your privacy.
Pay for stuff anonymously
Probably the first step to improving your privacy is to pay for things anonymously. Of course, when it comes to physical goods that need to be delivered to an actual real-life address, this isn’t going to happen (except for good bought locally with cash). Online services are a different kettle of fish however, and it is increasing common to find ones that accept payment through Bitcoin and the like. A few, such as VPN service Mullvad, will even take cash sent anonymously in the post.
Bitcoin is a decentralized and open source virtual currency that operates using peer-to peer technology (much as BitTorrent and Skype do). The concept is particular revolutionary and exciting because it does not require a middleman (for example a state controlled bank) to work.
Whether or not Bitcoins represent a good investment opportunity remains hotly debated, but is not the subject of this article. We sill say however that last year’s investment bubble following the financial crisis in Cyprus has calmed down somewhat, and while the value of a Bitcoin remains high, it is a great deal more stable than it was.
As a ‘crypto-currency’, Bitcoins can be bought, traded, invested and used to buy goods and services; just like any other form of money. Although nowhere near as widely accepted as ‘regular’ currency, this is changing fast, especially in the realm of on-line services such as VPN (in fact we have an article on 5 Best VPNs that accept Bitcoin!) that aim to improve users’ anonymity,
One important thing to understand is that Bitcoin is not inherently anonymous. The exciting thing is that with care it can be made so.
Buying Bitcoins Anonymously
Most Bitcoin traders are located in the US and have US based bank accounts, which can make buying Bitcoins outside the States both a little involved, and location dependent. However, the following methods are common ways to obtain Bitcoins anonymously.
For maximum anonymity:
- Use anonymous, disposable email addresses (such as those supplied by Tor Mail)
- Create a new Bitcoin address (wallet) for each purchase – if you use the same address then one mistake will allow all transactions to be traced back to you
- Never reveal personal information such as your real name, address, or phone number
- Use a mixer service – even if you use one of the more anonymous methods of purchasing Bitcoins outlined below, it can’t hurt to launder it further (although this will cost a bit).
1. Buy Bitcoins non-anonymously then ‘clean’ them with a mixer service
Neither the cheapest nor the most anonymous method, this is the most convenient, and does nevertheless ensure a high degree of anonymity. Using this method you do not actually buy your Bitcoins anonymously; you simply purchase them from an automated Bitcoin exchange (such as CoinBase), and then ‘launder’ them using a ‘mixer’ service such as Blockchain.info Shared Send.
A mixer service basically anonymises your Bitcoins by swapping them with multiple other users, making it very difficult (but not impossible for a determined investigator) to follow the chain back to you. Services such as this are, of course, not free (Blockchain.info for example charges a 0.5% fee).
Many automatic exchanges require you to prove your real world identity, in which case it is easy to determine that you have purchased Bitcoins (but not what happens to them after that if you mix them).
2. Use pre-paid credit cards
This method is somewhat location dependent, but in most areas it is possible to buy pre-paid ‘gift’ credit cards over-the-counter, which can then be used to buy Bitcoins anonymously if the transaction is performed through disposable email addresses etc. Alternatively, you can just use the card to buy an on-line service directly!
3. Buy locally with cash
The website LocalBitcoins.com lets you find Bitcoin sellers who live near you. Once you have found a seller you are happy with, it is up to you to contact them and to arrange a meeting.
Prices are generally higher than those on Mt Gox, and you should pay attention to the feedback to ensure the seller is highly scored (it works much like the feedback system on eBay).
4. Buy from an individual seller online
#bitcoin-otc uses a quite involved feedback system, which it is well worth spending the time to understand, and you will need to hash out the payment method with the seller. A list of IRC client can be found here.
Other anonymous payment methods
In addition to pre-paid credit cards and good old cash, there are plenty of alternative crypto-currencies out there. Bitcoin is by far the most popular and stable crypto-currency, but others are available. A full list of these is available here, and some of the pros and cons of the ‘top 5’ are outlined in this article.
We have written an extensive guide to buying and paying for VPN (although the same principles apply to any service of course) anonymously using Bitcoins, starting here.
Anonymise your internet use
One of the most effective ways to anonymise your activity and protect your data is to use either a VPN service or Tor religiously. Both these methods hide your true IP address and encrypt your internet connection. We go into a great deal more depth on how Tor works, and the differences between the two in this article, but to summarize…
A Virtual Private Network helps to ensure privacy by creating an encrypted tunnel between your computer and a remote VPN server.
Example setup without VPN: Home PC -> ISP -> Internet
Example setup with VPN: Home PC => ISP => VPN server -> Internet
Once data has entered the VPN tunnel (=…=) it is hidden from view by encryption protocols so that no-one, not even your Internet Service Provider (ISP), can ‘see’ it. The only computers that can see the data are the ones at each end of the VPN tunnel (bearing in mind the comments we made regarding encryption at the beginning of this guide).
Because the VPN server can see all data going into and out-of the tunnel (and trace it back to you), it is vital to choose a VPN provider you trust, and who keeps no logs of your internet activity. If you are concerned about privacy then you should never pick a VPN provider who keeps logs, and the comments below assume a no logs service. Providers we particularly like that are good for keeping no logs are Mullvad, AirVPN and Private Internet Access (although the fact that PIA is US based has introduced considerable uncertainty to this recommendation).
- As long as your VPN provider is trustworthy and keeps no logs, VPN is a very secure and anonymous means of surfing the internet
- It is also good for securing connections at public WiFi hotspots, and for evading firewalls used to censor the internet
- It is a lot faster than Tor (although there will be a small hit to your internet speeds)
- It is very good for P2P filesharing, and ‘spoofing’ IPs in order to stream geo-restricted media content (e.g. Hulu).
- It relies on trusting your VPN provider, and is therefore not as secure as Tor
- It costs money (typically between $7 to $10 per month, with substantial discounts for bulk purchases). Many VPN providers accept Bitcoin payments.
- It is obvious to observers that you are using VPN.
Tor (originally The Onion Router)
Tor is an anonymity network that supplies free software which lets you use the internet anonymously. We go into more detail on how it works here, but basically you connect though a number of randomly selected nodes (at least three), with the data being re-encrypted each time. This means that although each node knows who is connecting to it, and who it connects to, no node knows the whole route (circuit).
The final link in the chain, the one that connects you to the internet, is known as an exit node, and is one of the biggest weaknesses of the system. Nodes are run by volunteers, and those running exit nodes are vulnerable to prosecution over the behaviour of other Tor users who have used the system for illegal purposes (including piracy and much worse), as the IP of the offenders can been traced to the exit node’s IP address.
This has led to a fairly small number of public exit nodes being available, and has meant that restrictive governments such as China, who monitor these nodes, have been able to block access to many of them. There are still plenty of nodes around however, but it does mean that Tor users in some countries my need to reconnect to a number of different nodes before they find one that has not been blocked.
The other big problem with Tor is that it is very slow, as users’ data is routed through a number of servers randomly located anywhere in the world before connecting to the internet.
- Very secure and anonymous (in fact it is generally considered the most secure and anonymous way to access the internet available, and is therefore suitable for political dissidents and the like)
- It is also good for securing connections at public WiFi hotspots and for evading firewalls used to censor the internet (although see comments blocked exit nodes above)
- Slow (often very)
- Restrictive countries can make finding unblocked public exit nodes a pain
- Not good for P2P downloading and streaming from spoofed IPs – not only are network speeds too slow for this to be practical, but doing so slows down the system even more for other users. In addition to this, volunteers running the exit nodes may be held accountable for your copyright violations, so it is considered very rude
- It is obvious to observers that you are using Tor, and some websites (such as PayPal) may refuse to play ball
For most people who are not doing anything too illegal, and who are not in life threatening situations, VPN is much faster and more flexible than Tor, while providing plenty of privacy and security. Those in life threatening situations are better off using Tor (although if it is their own government that is the danger, simply using a no logs VPN service located outside their country’s jurisdiction and political influence may work just as well).
For the really paranoid out there, it is possible to route a VPN connection through Tor, or an OpenVPN connection through an SSL or SSH tunnel (in order to hide its use). More details about these methods can be found here.
A final note regarding Tor is that it makes the anarchic and entirely unregulated Silk Road style marketplaces possible (such as Silk Road 2.0), as the online black market exists entirely within the Tor network (and therefore has no need for vulnerable exit nodes). Although supposedly set up on libertarian ideals, much of the actively on these marketplaces is highly illegal, so if you are curious then you will have to investigate further on your own.
Other ways to stay anonymous online
VPN and Tor are the most popular ways to maintain anonymity and evade censorship online, but there are other options. Proxy servers in particular are quite popular, although in our opinion they are inferior to VPN.
Secure your browsing
It’s not just the NSA who are out to get you: advertisers are too! And they are willing to use some very sneaky tactics to follow you round the web and piece together a profile of you in order to sell you stuff (or sell this information to others who want to sell you stuff)…
Most people who care are aware of HTTP cookies, how to clear them, and that most browsers now have a Private Browsing mode that not only prevents the browser from saving your internet history, but also blocks these cookies. It is therefore a good idea to always surf using Private Browsing, but this alone is not enough to stop you being tracked across the internet, as your browser leaves many other traces as it goes…
Cached DNS entries
In order to speed up internet access, your browser caches the IP address it receives from your default DNS server (see the section on changing your DNS server later).
In Windows you can see what DNS information has been cached by typing ‘ipconfig
/displaydns’ at the command prompt (cmd.exe)
- To clear the DNS cache in Windows,open the command prompt window and type:
ipconfig /flushdns [enter]
- To clear the cache in OSX 10.4 and under, open Terminal and type: lookupd -flushcache
- To clear the cache in OSX 10.5 and above, open Terminal and type: dscacheutil -flushcache
A particularly insidious development is the widespread use of the use of Flash cookies, which are not always blocked when you disable cookies in your browser (although modern browsers do block them), and which can track you in a similar manner to regular cookies. These can be located and can manually deleted from the following directories:
- Windows: C:\Users\[username]\AppData\Local\Macromedia\Flash Player\ #SharedObjects
- OSX: [User directory] /Library/Preferences/Macromedia/Flash Player/#SharedObjects
[User directory] /Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/
A better tactic however, is to use the CCleaner utility (available for Windows and OSX), which not only cleans out pesky Flash cookies, but also a host other rubbish that is slowing your computer down and leaving traces of your internet activity behind. To do this CCleaner needs to be properly configured, a process we describe in our article on the subject.
Thanks to growing awareness of Flash cookies, including the so-called ‘zombie cookies’ (bits of persistent Flash code which respawn regular cookies when they are modified or deleted), and the fact that most modern browsers include Flash cookies as part of their regular cookie control features, the use of Flash cookies is declining (although they still represent a serious threat).
We have a detailed article on Flash cookies, the dangers they pose, and how to prevent them available here.
Other web tracking technologies
Unfortunately there is far too much money to be made by internet companies to take this user backlash against tracking lying down, and a number of increasingly devious and sophisticated methods have been developed.
Browser Fingerprinting – the way in which your browser is configured (especially the browser plugins used), together with details of your Operating System, allows you to be uniquely identified (and tracked) with a worryingly high degree of accuracy. A particularly insidious (and ironic) aspect of this is that the more measures you take to avoid being tracked (e.g. using the plugins listed below), the more unique your browser fingerprint becomes.
The best defense against browser fingerprinting is to use as common and plain vanilla an OS and browser as possible, but this leaves you open to other forms of attack, and reduces day to day functionality of your computer to such an extent that most of us will find the idea impractical. We discuss browser fingerprinting in detail in this article.
Interestingly, the recently released Privacy Badger browser plugin from the Electronic Frontier Foundation promises that it will add protection against fingerprinting, although how this will work we have no idea. Once it has been implemented and we have had a chance to test it out, we will update this section.
HTML web storage – built into HTML5 (the much vaunted replacement to Flash) is Web storage (also known as DOM (Document Object Model) storage). Even creepier and much more powerful than cookies, web storage is a way analogous to cookies of storing data in a web browser, but which is much more persistent, has a much greater storage capacity, and which cannot normally be monitored, read, or selectively removed from your web browser.
Web storage is enabled in all browsers by default, but in Firefox and Internet Explorer it can be turned off. Firefox users can also configure the BetterPrivacy addon to remove web storage automatically on a regular basis, or you can use the Click&Clean addon, while Chrome users can use the Click&Clean extension or, alternatively, the versatile Google NotScripts extension (but this requires a high degree of configuring). Remember that using these addons will increase you browser fingerprint uniqueness. More details, including instructions on how to web storage off in Firefox and IE are available in our article here.
ETags – part of HTTP, the protocol for the World Wide Web, Etags are markers used by your browser to track resource changes at specific URL. By comparing these changes in these markers with a database, websites can build up a fingerprint which can be used to track you. They can also be used to respawn (Zombie style) HTTP and HTML5 cookies, and once set on one site, used by associate companies to also track you.
Unfortunately this kind of cache tracking is virtually undetectable, so reliable prevention is very hard. Clearing your cache between each website you visit should work, as should turning off your cache altogether. Unfortunately these methods are arduous, and will negatively impact your browsing experience. The Firefox add-on Secret Agent prevents tracking by ETags, but, again, will likely increase your browser fingerprint (or because of the way it works, maybe not). For more details see here.
History stealing – Now we start to get really scary. History stealing (also known as history snooping) exploits the way in which the Web is designed, allowing a website you visit to discover your past browsing history. See our article for a fuller explanation of how it works, but the bad news is, a) this information can be combined with social network profiling to uniquely identify you and, b) it is almost impossible to prevent.
The only good news here is that social network fingerprinting, while scarily effective, is not reliable, and if you mask your IP address with a VPN (or Tor) then you will be going a long way towards disassociating your real identity from your tracked web behavior.
Great browser extensions you should use
Pioneered by Firefox, all modern browsers now support a host of extensions, many of which aim to improve your privacy while surfing the internet. Here is a list of our favorites that we don’t think anyone should be without:
- AdBlock Plus (Firefox, Chrome, Opera, Android) – this fantastic and must-have extension blocks all manner of adverts, even Facebook ads and those embedded within YouTube videos (here in the UK it even blocks 4oD ads!). In addition to this, it warns you when visiting known malware hosting websites, and disables third party tracking cookies and scripts. Unlike NoScript (see below), AdBlock Plus is very easy to use while still remaining powerful. By default, AdBlock Plus allows ‘some not intrusive advertising’. This can be turned off (Add-ons -> Extensions -> AdBock Plus -> Filter preferences), or you can install AdBlock Edge for Firefox, a fork of AdBlock Plus that removes this ‘feature’
- Disconnect (Firefox, Chrome, Safari, IE) – replacing popular Ghostery as our favorite anti-tracking and anti-cookie extension thanks to its up-to-date database of tracking cookies, page load optimization, secure WiFi encryption and analytics tools, Disconnect blocks third party tracking cookies and gives you control of over all a website’s elements. It also prevents social networks such as Google, Facebook and Twitter from following you so they can collect data as you surf elsewhere on the internet
- HTTPS Everywhere (Firefox and Chrome) – another essential tool, HTTPS Everywhere was developed by the Electronic Frontier Foundation, and tries to ensure that you always connect to a website using a secure HTTPS connection, if one is available. This is fantastic, but do remember the reservations about how SSL is commonly implemented that we made earlier, and that it has almost certainly been cracked by the NSA
- Better Privacy (Firefox) – as noted in the section on Flash cookies above, this extension blocks this new kind of cookie
- Honorable mention: NoScript (Firefox) – this is an extremely powerful tool that gives you unparalleled control over what scripts are run on your browser. However, many websites will not play game with NoScript, and it requires a fair bit of technical knowledge to configure and tweak it to work the way you want it to. It is easy to add exceptions to a whitelist, but even this requires some understanding of the risks that might be involved. Not for the casual user then, but for web savvy power-users, NoScript is difficult to beat. ScriptSafe for Chrome performs a similar job. Reader’s tip: ‘I would recommend adding that even if you don’t want to bother messing with white lists in Noscript, you should still install the extension and choose to allow all scripts globally. This still provides some needed protection without hindering your browsing experience.’ (Thanks twlph!)
In addition to these extensions, most modern browsers (including mobile ones) include a Do Not Track option. This instructs websites to disable tracking and cross-site tracking when you visit them. While it is defiantly worth turning this option on, it should be remembered that implementation is purely voluntary on behalf of website owners, and so no is guarantee of privacy.
Note that this list is not exhaustive of all the great privacy related browser extensions out there, and there are good articles about other extensions for Firefox and Chrome. We also have an article on how you make Firefox even more secure by changing setting in about:config.
Also, as noted above, you should be aware that using any browser plugin increases your browser uniqueness, which makes you more susceptible to being tracked by browser fingerprinting. Unfortunately there is little practical most of us can do about it (although the EFF promise to add Fingerprinting protection to Privacy Badger).
Block ‘reported attack sites’ and ‘web forgeries’ in Firefox
These setting can be very useful for protecting you against malicious attacks, but do impact your privacy by sharing your web traffic in order to work. If the tracking issues outweigh to benefits for you, then you might want to disable them.
Mobile browser security
The above extension list concentrates on desktop browsers, but as we access the internet more and more from our smart phones and tablets, it becomes just as important to protect our browsers on these platforms as well. Unfortunately, most mobile browsers have a great deal of catching to do in this regard, but many Firefox extensions (including the excellent AdBlock Plus) will work on the mobile version (Disconnect is not available, but Ghostery makes a very good alternative). Private Browsing, Do Not Track, and advanced cookie management are becoming increasingly common on all mobile browsers however, which a good thing.
Use a search engine that doesn’t track you
Most search engines, including Google (in fact particularly Google), store information about you, including:
- Users IP address
- Date and time of query
- Query search terms
- Cookie ID – this cookie is deposited in your browser’s cookie folder, and uniquely identifies your computer. With it, a search engine provider can trace a search request back to your computer
This information is usually transmitted to the requested web page, and to the owners of any third party advertising banners displayed on that page. As you surf around the internet, advertisers build up a (potentially embarrassing or highly inaccurate) profile of you, which is then used to target adverts tailored to your theoretical needs.
In addition to this, governments and courts around the world regularly request search data from Google and other major search engines, which is usually duly handed over.
Google Transparency Report on the number of User Data Requests received, and the number (at least partially) acceded to.
There are however some search engines that do not collect user’s data. DuckDuckGo in particular has grabbed the headlines of late, with its popularity shooting through the roof following the NSA spying revelations (daily searches on DuckDuckGo jumped from the 2 million it had built up over the last four and a half years, to 3 million in just 8 days!).
An added benefit of using a search engine that does not track you is that it avoids the ‘filter bubble’. Most search engines use your past search terms (and things you ‘Like’ on social networks) to profile you, so they can return results they think will interest you. This can result in only receiving search returns that agree with your point of view, locking you into a ‘filter bubble’ where you do not get to see alternative viewpoints and opinions because they have been downgraded in your search results.
Not only does this deny you access to the rich texture and multiplicity of human input, but it can also be very dangerous as it can confirm prejudices and prevent you from seeing the ‘bigger picture’.
Search Engines that don’t track you
- DuckDuckGo – the best known alternative search engine, and one we have examined in some detail here, DuckDuckGo pledges not to track it users. Each search event is anonymous, and while it could in theory be tracked, there is no profile attached that can be accessed by infiltrators. DuckDuckGo says that it would comply with ordered legal requests, but as it doesn’t track users, ‘there is nothing useful to give them’. In use we have found DuckDuckGo to be very good, and through the use of ‘bangs’, it can also be made to search most other popular search engines anonymously too
- StartPage (formerly Ixquick)– searches many popular search engines simultaneously and anonymously, giving a star to results each time they are in the top ten of a search engine result. Ixquick promises not to store or share any personal information, or use any identifying cookies
- Gibiru – provides basic Google search engine results, but separates your query from your IP with the use of proxy servers. In addition to this, Gibiru deletes all records within seconds of performing a search, so ‘there is no profile data to sell, package or give away via partnership, request or subpoena’
- YaCy – the above search engines rely on trusting the search engine providers to maintain your anonymity. If this really worries you, then you might like to consider YaCy, a decentralized, distributed search engine built using P2P technology. This is a fantastic idea, and one that we really hope takes off, but for now it is more of an exciting curiosity than a fully-fledged and useful Google alternative.
Clear your Google History
This is something everyone should do if they are concerned with the information Google is keeping on them. It won’t stop someone who is deliberately spying on you and harvesting your information (such as the NSA), but it will help stop Google profiling you. Even if you plan on changing to one of the ‘no tracking’ services listed above, most of us have built up a substantial Google History already, which anyone reading this article will likely want deleted.
To clear your history, simply sign into your Google account and go to www.google.com/history, where you will see a list of searches that you have make recently. Select which items (or use the checkbox at the top to select all items on that page) you want removed, and hit ‘Remove Items’.
To turn Search History off, click on the gear icon on the top right, and select ‘Settings’…
Secure your email
Most email services do provide a secure SSL encrypted connection between start point and email servers, and email servers and end point, and Google has even led the way in fixing the weakness in the way in which SSL is commonly implemented.
However, all this is no good if the email service is simply handing over your information to an adversary (as Google and Microsoft have been doing with the NSA). While it seems that smaller email providers have not (yet) been affected, it is likely that as the NSA and other national government surveillance organizations extend their reach, this will change.
The answer to this problem lies in end-to-end email encryption, where the sender encrypts the email, and only the intended recipient can decrypt it. The biggest problem with using an encrypted email system is that you cannot impose it unilaterally – your contacts, both recipients and senders, also need to play ball for the whole thing to work, and while trying convincing your granny to use PGP encryption will likely just lead to bafflement, trying to convince your customers might make many of them very suspicious!
It should also be noted that email encryption does not encrypt everything. The email addresses of sender and recipient, date and time of sending, and the e-mail’s subject line are not encrypted; just the body and any attachments. As we briefly discussed earlier, metadata such as this can still be very damaging in the wrong hands.
Another point worth bearing in mind if you are worried about NSA spying is that, probably even more than encrypting other aspects of your internet use, encrypting your email is pretty much asking for the NSA to store your emails ready for decryption when they are able to do so.
Encrypt your emails using GNU Privacy Guard
There are plenty of end-to-end email encryption programs out there, the most famous of which is Pretty Good Privacy (PGP, which was once open source and free, but is now the property of Symantic). The Free Software Foundation has taken up the open source OpenPGP banner however, and with major funding from the German government has released GNU Privacy Guard (also known as GnuPG or just GPG).
Following the OpenPGP standard and fully compatible with PGP, GnuPG is a free and open source alternative which is available for Windows, OSX and Linux. Although the basic program uses a simple command line interface, more sophisticated versions are available for Windows (Gpg4win) and Mac (GPGTools). Alternately, EnigMail adds GnuPG functionality to the Thunderbird and SeaMonkey email clients. We have written a full guide to setting up GnuPG in Windows using Gpg4win, available here.
PGP on mobile devices
Android users should be pleased to know that GnuPG: Command-Line from the Guardian Project is available from the Play Store., and although we have not tried them, mobile users wanting a more user-friendly experience may want to give K-9 Mail (a well-regarded email client with PGP support built-in) combined with Android Privacy Guard (Android), or iPGMail (iOS) a try. A good guide for getting GPG working on Android is available here.
For a while, Hushmail was considered the go-to service for secure webmail, as it offered PGP encryption in a web based service. However, in 2007 a backdoor was used by the owners to capture emails of three accounts, which were then handed over to the Canadian Courts. As Hushmail CTO Brian Smith said in refreshingly honest blog post,
‘[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.’
It should be noted that any web-based service can in theory be compelled to modify their system to capture users’ decryption keys (as Hushmail did), and Hushmail itself recommends using non web-based services such as GnuPG or PGP Desktop if stronger security is needed.
Encrypt your Gmail
It is however possible to encrypt your Gmail using the free FireFox extension Encrypted Communication (we’ve written a guide about how to use it) which provides 256-bit AES end-to-end encryption. Once the extension is installed, just write your email, right-click anywhere in the text of the message and select ‘Encrypted Communication’ to encrypt it. You will be asked to enter a password, which the recipient will need to know (along with having the extension running on their Firefox) to decrypt the message. Of course, you should transmit this password to the recipient using a different communication method than email (in person is best, but encrypted VoIP or messaging should be fine – see below)!
Even more secure is Mailvelope, which provides full end-to-end OpenPGP encryption over web email services such as Gmail, Hotmail, Yahoo! and GMX using Firefox or Chrome. We have a full guide to using it available here.
Note that there are other extensions available which seem to offer similar functionality and which we often see recommended on the internet, but which should be avoided. Both SafeMail for Chrome and Enlocked (multiplatform) send your email to their servers for decryption, which means that it at least as vulnerable as mail sent to Hushmail (i.e. they do not offer end-to-end encryption). Furthermore, the SafeMail decryption page is not even SSL encrypted!
Other email precautions
We will discuss encrypting files and folders elsewhere, but it is worth briefly noting here that if it is just files you wish to protect, these can be encrypted before sending them by regular email.
It is also possible to encrypt stored emails by encrypting the email storage folder using a program such as TrueCrypt (discussed later). This page explains where Thunderbird stores emails on different platforms (for example).
Secure your conversations
The first thing we have to make clear here is that regular phone calls (landline or mobile) are never secure, and cannot be made so. It’s not the just the NSA and GCHQ; governments everywhere (where they have not already done so) are keen on recording all citizens’ phone calls. Unlike emails and internet use etc. that can be obfuscated (as this article is trying to show), phone conversations are always wide open.
Even if you buy anonymous and disposable ‘burner phones’ (behavior which marks you out as either worryingly paranoid or engaged in highly criminal activity), a lot of information can be gathered through the collection of metadata, and it is also totally pointless unless the people you are calling are equally paranoid.
VoIP with end-to-end encryption
If you want to keep your voice conversations completely private, then you need to use VoIP with end-to-end encryption (except of course when talking in person).
VoIP (Voice over Internet Protocol) allows you to talk (and usually also make video calls and Instant Message (IM)) over the internet. Allowing cheap or free calls anywhere in the world, VoIP services have become extremely popular, with Skype becoming a household name. Unfortunately, Skype (now owned by Microsoft) has perfectly demonstrated the problem with most such services (which is a very similar problem to that with email) – that VoIP connections to and from a middleman may be secure, but if the middleman just hands over your conversations to the NSA (as happened with Skype) or some other government origination, this security is next to meaningless.
So, as with email, what is needed is end-to-end encryption where an encrypted tunnel is created directly between the participants in a conversation, and no-one else.
Good Skype alternatives
- Jitsi (Windows, OSX, Linux, Android (experimental)) – this free and open source software offers all the functionality of Skype, including voice calls, video conferencing, file transfer and Chat, but can encrypt it all with ZRTP. The first time you connect to someone it can take a minute or two to set up the encrypted connection (designated by a padlock), but is afterwards transparent. As a straight Skype replacement, Jitsi is difficult to beat
- RedPhone (Android) – this free and open source Android only app provides end-to-end encryption of voice calls. Unlike normal VoIP apps however, it lets you use your normal phone number and the normal system dialer, so operation is almost invisible, except that when you connect to someone else with RedPhone installed, you are given to option to encrypt the call
- Silent Circle – is a popular commercial suite of encrypted communications software comprised of Silent Phone (iOS, Android), Silent Text, (iOS, Android), Silent Eyes (Windows VoIP),
and Silent Mail(iOS, Android, Outlook for Windows, Mac Mail). The service costs $10 per month, but the software itself is open source and has been audited by the American Civil Liberties Union to ensure it contains no ‘backdoors’. Reassuringly (in a way), the makers of Silent Circle recently closed their ‘Silent Mail’ service following the abrupt shutting down of Lavabit, in order to ‘prevent spying’.
Secure your text messages, Instant Messaging and Chat
Admittedly this section has a lot of cross-over with the previous one on VoIP, as many VoIP services (such as Jitsi) also have chat/IM functionality built-in, and the issues are more or less the same. However, as there are some great dedicated encrypted IM applications out there, we decided they deserved a section of their own.
- Pidgin + OTR (Windows) – Pidgin is a popular free and open source IM client that lets you chat to users on AIM, Google Talk, MSN, Yahoo and many more. OTR (Off-the-road) is a plugin that combines AES encryption, perfect forward secrecy, and the SHA-1 hash function to ensure strong encryption for IM sessions. As with GnuPG for emails, initial setup is a bit of a pain, but once done operation is seamless (we now have a detailed guide for this).
- Addium (OSX) –is a free and open source messaging client for Mac that also lets you talk to friends on lots of different networks. Even better, Addium comes with OTR support built-in!
- TextSecure (Android, iOS) – sister app to Whisper System’s RedPhone, free and open source TextSecure replaces your Android’s default text app with one that encrypts texts to other TextSecure users, and encrypts all local messages so that if your phone is stolen they will remain secure. TextSecure has now been incorporated into alternative Android OS CynagenMod, expanding its userbase by around 10 million.
- Chatsecure (was Gibberbot) (Windows, OSX, Linux, iOS, Android) – developed by the Guardian Project, this app is available on all major platforms, supports chatting on a whole host of different IM services, and has OTR built-in. It is still a little buggy and no-frills, but has great potential.
Our article ‘Secure alternatives to WhatsApp‘ goes into greater detail about secure mobile hat apps.
Ditch the cell phone!
While we are on the subject of phones (sort of), we thought we should also mention that when you carry your phone, your every movement can be tracked. It’s not just things like GPS and Google Now (which works uncannily well at predicting what you want by storing just about every piece of data about you) on Smartphones – even the most modest cell phone can be easily tracked by the phone towersit uses to work. The only solution, if you really don’t want to be tracked, is to leave your phone at home (or buy one of these). Incidentally, the Google Now service only works effectively if Goggle History is turned on (see above).
Secure your Cloud storage
As internet speeds increase, server level storage becomes cheaper, our internet devices smaller (thus having reduced on-board storage), and the different devices we use to access the internet more plentiful, it is becoming increasingly clear that cloud based storage is the future.
The problem of course is ensuring that files stored in the ‘the Cloud’ remain secure, and here the big players have proved themselves woefully inadequate – Google, Dropbox, Amazon, Apple and Microsoft have not only been actively working in cahoots with the NSA, but in their ToC’s reserve the right to investigate your files and hand them over to the authorities if they receive a court order.
To ensure that your files are secure, there are a number of basic approaches you can take (note that the options discussed below are far from the only ones available, as this is a highly competitive market space where many new and innovative solutions are appearing all the time)…
Manually encrypt your files before uploading them to the cloud
The simplest and most secure method is to manually encrypt your files using a program such a
TrueCrypt. This has the advantage that you can carry on using your favorite Cloud storage service, no matter how inherently insecure it is, as you hold all the encryption keys to your files.
The downside compared to services such as SpiderOak and Wuala (see below), is that you don’t get access to your files on the go.
Syncing files on your desktop is quite easy however, as you can place your encrypted folder in your Cloud storage folder.
Instructions for doing this using TrueCrypt and Dropbox can be found here.
If you are in the market for a good Dropbox alternative, you may like to check out BestVPN’s sister website BestBackups, for news and reviews of the best and the rest when it comes to cloud storage services.
Use an automatically encrypted cloud service
These services automatically encrypt files before uploading them to the Cloud (we have no truck with any service that encrypts files server-side, as these are always vulnerable to being decrypted by the service provider). Any changes to files or folders are synced with local decrypted versions before being secured and sent to the Cloud.
Both SpiderOak and Wuala have iOS and Android apps, so you can easily sync across all your computers and mobile devices. This convenience comes at a small security price, as both services briefly store your password on their servers to authenticate you and direct you to your files. Wuala also uses this password to encrypt and decrypt your files when using a mobile device, although this is somewhat compensated for by Wuala uploading different segments of your files to different servers, making it impossible for them to identify which data belongs to which user. In both cases the passwords are deleted once a session is finished.
- SpiderOak (2GB free, $10/m 100GB) – available for all major platforms, SpiderOak offers a ‘zero knowledge’, secure, automatically encrypted cloud service, which uses a combination of 2048 bit RSA and 256 bit AES to encrypt your files
- Wuala(5GB free, plans from €2/m 20GB to €160/m 2TB) – available for most major platforms and also offering 2048 bit RSA and 256 bit AESencryption (with SHA-256 hashes for integrity checks), Wuala’s service is very similar to that of SpiderOaks, but with a slightly different approach to security (see above).
Because of its high profile, we feel that Kim Dotcom’s Mega service deserves a special mention, particularly as it offers a very generous 50GB encrypted space for free. Mega uses your web browser to encrypt files before uploading and decrypt them after downloading, which is great for convenience (and an Android app is available, with an iOS one on the way), but is not as secure as the other methods outlined here.
Our feeling therefore, is that while it is worth paying attention to how Mega deals with its security issues, it is probably best avoided for the time being. It is also worth pointing out that Kim Dotcom’s involvement ensures the service receives the highest possible level of scrutiny from security, law enforcement and copyright enforcement bodies the world over.
Use BitTorrent Sync Cloudless Syncing
The free BitTorrent Sync service is now in public beta phase (i.e. it is available to the public, but is still considered experimental). Designed more or less as a Dropbox replacement, BitTorrent Sync synchronizes files and folders across devices, but does so without storing them in ‘the Cloud’.
You chose a folder that you want to share, and BitTorrent Sync gives you a secret for it. You can then link that folder to a folder on another device (with BitTorrent installed on it) using the secret. Any number of additional folders can be added in a similar fashion, and all files are transferred using a securely encrypted (256-bit AES) P2P protocol.
BitTorrent Sync is free, easy to use, and is currently available for Windows, OSX , Linux and Android (with an iOS app in private alpha stage). A limitation of the system is that as it is not a cloud service, it cannot be used as an extra drive by portable devices with limited storage, but on the plus side you are using your own storage, and so are not tied to Cloud providers’ data limits (or charges).
Encrypt your local files, folders and drives
While the focus of this document is on internet security, an important aspect of securing your digital life is to ensure that locally stored files cannot be accessed by unwanted parties. Of course, it is not just about local storage; as we have already noted you can also encrypt files before emailing them or uploading them to Cloud storage.
Update 17 June 2014: in a move that is as surprising as it is baffling, the devs behind TrueCrypt have pulled the plug on the popular full-disk encryption program. Conspiracy theories abound, and while some developers seek to fork the software, Phase II of the audit goes ahead. For more details on the story see here and here. Until the audit is complete, we strongly suggest avoiding TrueCrypt, and migrating TrueCrypt containers to other programs, such as to Diskcryptor for Windows users, or Dm-crypt/LUKS and bwalex/tc-play (a free TrueCrypt Implementation based on dm-crypt) for Linux users.
While other solutions are of course available, the king of local encryption is undoubtedly the powerful free/donationware, open source program TrueCrypt(available on Windows, OSX and Linux). TrueCrypt can be used to create encrypted volumes on your computer, to encrypt entire disks, to create hidden volumes, and even to create an entire hidden operating system (using 256-bit AES, or any of a number of user specified encryption schemes). What makes Truecrypt so powerful and easy to use is on-the-fly encryption, which allows you to work with files as you would on normal, unencrypted files, without the hassle of continually encrypting and decrypting them. Once a volume is mounted (using a password), then operation is transparent, with TrueCrypt keeping temporary files in RAM. and generally cleaning up after itself once a session is finished. For ultimate security, you can encrypt the drive your operating system is installed on, which will ensure that all the little system files and other bits of junk that OS’s tend to create remain secure. Of course, if you forget your password then you won’t be able to boot into your system! TrueCrypt will also even let you create a container with hidden Operating System in it (see below)! TrueCrypt allows you to create hidden volumes, which provides’ plausible deniability’ as it is impossible to prove that a second volume exists. This is great in situations where guilt must be proven, but also means that if this is not the case (e.g. in repressive countries where innocence must be proven), it is impossible to prove a hidden volume does not exist either (which may result in imprisonment or torture based on the assumption that it does exist!). We have written a post on this subject examining the issue in more depth.
Auditing the code The first phase of a crowdfunded project to properly audit TrueCrypt’s code has now been completed, and the results are somewhat worrying. ‘iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas,’ but some very sloppy code was discovered that ‘did not meet expected standards for secure code.’ This is hardly encouraging given the massive resources that the NSA deploys to uncover just such weaknesses, and leads us to worry that these flaws have already been discovered by them. Nevertheless, TrueCrypt remains the best encryption method available, and was enough to see off the police in the David Miranda incident.
Mobile options Cyrptonite brings TrueCrypt and EncFS to Android, including allowing users to access TrueCrypt containers (if you experience problems, a command line version of TrueCrypt is included with the app). EDS Lite is another good option that does more or less the same. Unfortunately there is no TrueCrypt compatible app or alternative available for iOS devices that we are aware of.
Alternatives to Truecrypt If the the auditing results for TrueCrypt or the implications of ‘plausible deniability’ worry you, there are a couple of other highly regarded encryption programs available: eCryptfs (Enterprise Cryptographic Filesystem) (Linux) – looks like TrueCrypt (which uses encrypted containers) as it creates a folder that transparently decrypts/encrypts all files placed into out of it seamlessly and on the fly, but differs as each file is encrypted separately, and if you unmount the folder you end up a number of singly encrypted files (i.e. it provides per-file encryption) Tomb (Linux) – a FOSS script that creates encrypted folders using LUKS AES/SHA-256 encryption Do note however that neither of these have been audited in any way.
Use antivirus, anti-malware and firewall software
Just quick note: BestVPN has a sister site dedicated to anti-virus software – BestAntivirus.com. If you would like to choose an antivirus package that best fits your needs, please take the time to check it out! Now, back to the guide…
It almost goes without saying, but as this is an ‘ultimate guide’ we’ll say it anyway… always use anti-virus software and make sure that it is up-to-date!
Not only can viruses really screw up your system, but they can let hackers enter it, giving them access to all your (unencrypted) files and emails etc., webcam, passwords stored in Firefox (if no master password is set), and much more. Keyloggers are particularly dangerous as they can be used to access bank details and track pretty much everything you do on your computer.
It is also worth remembering that not just criminal hackers use viruses! The Syrian government, for example, launched a virus campaign known as Blackshade, aimed at ferreting out and spying on political dissidents.
Although most people are aware they should be using anti-virus software on their desktop computers, many neglect their mobile devices. While there are less viruses targeting mobile devices at present, smart phones and tablets are sophisticated and powerful computers, and as such are vulnerable to attack by viruses, and should therefore be protected.
Mac users are famously bad for not installing ant-virus software, citing the ‘fact’ that OSX’s Unix architecture makes virus attacks difficult (this is hotly contested by the way), the fact that most hackers concentrate on Windows because most computers use Windows (true), and the anecdotal evidence of many Mac users who have gone for years without using anti-virus software yet never experienced any problems. However as events last year demonstrated, Macs are not immune to viruses, and anyone serious about their security should always use good anti-virus software.
Free vs. paid-for antivirus software
The generally agreed consensus is that free antivirus software is as good at preventing viruses as paid-for alternatives, but paid-for software provides better support and more comprehensive ’suites’ of software that are designed to protect your computer from a range of threats (combining antivirus, anti-phishing, anti-malware and firewall functions for example). Similar levels of protection are available for free, but require the use of various different programs. Also, most free software is for personal use only, and businesses are usually required to pay for a license.
Some good anti-virus software:
- Windows – the most popular free antivirus programs for Windows are Avast! Free Antivirus and AVG AntriVirus Free Edition, although plenty of others are also available. A good review of commercial options can be found here
- OSX – Avast! Free Antivirus for Mac and ClamXav are well regarded, although other free good options are available. In fact, the free software is better regarded than paid-for options, so we just recommend using them
- Android – again, there are a number of options, both free and paid for. We’ve used Avast! for ages now and find it works well, is free, and includes a firewall
- iOS – Apple is still somewhat in denial about the fact iOS is as vulnerable as any other platform to virus attack, but VirusBarrier is now available from the app store
- Linux –the usual suspects: Avast!, Kaspersky and AVG Free are all available for Linux, work very well, and are free.
In addition to actual viruses, computers (Windows in particular) are vulnerable to various other forms of malicious code known as malware. Users of non-Windows systems shouldn’t worry too much about this (and anti-virus software should deal with any problems), but Windows users should consider using an anti-malware program alongside their regular antivirus software. Windows versions Vista and up ship with the anti-malware program BitDefender built-in, or Spybot Search and Destroy , Windows Malicious Software Removal Tool, and Malwarebytes (all free) can be used instead.
A personal firewall monitors network traffic to and from your computer, and can be configured to allow and disallow traffic based on a set of rules. In use they can be a bit of pain, but they do help ensure that nothing is accessing your computer, and that no program on your computer accessing the internet, that shouldn’t be.
The biggest problem with using a firewall is determining which programs are ‘ok’, and which are potentially malicious (perfectly legitimate Windows processes can, for instance, appear pretty obscure), but once set up they become fairly transparent in use.
Some good firewall programs
- Windows – versions Vista and up have a firewall built-in, which is quite good and is very easy to use, but only screens incoming traffic. For many this will be perfectly sufficient, but those wanting a more robust solution might want to consider commercial anti-virus suites which include a firewall as part of the package, or Comodo Firewall Free and ZoneAlarm Free Firewall 2013, which are good free options
- OSX – versions 10.5 and up have a basic firewall built-in, which like that in Windows only monitors incoming traffic. If you want to monitor outgoing traffic, Little Snitch ($25) is a great program
- Android – as noted above, the free Avast! For Android includes a firewall
- iOS – the only iOS firewall we are aware of is Firewall iP, which requires a jailbroken device to run
- Linux – there are many firewall programs and dedicated firewall distros available, but for a simple and straight forward Linux firewall you might want to give Smoothwall a try.
Miscellaneous security hints and tips and tricks
Use Linux rather than a commercial OS
As we noted near the beginning of this Guide, no commercial software can be trusted not to have a back-door built into it by the NSA . A more secure solution to Windows or OSX is Linux, which is free and open source (although some builds incorporate components which are not). In addition to it being far less likely that Linux has been compromised by the NSA, it is a much more stable and generally secure OS than its commercial rivals.
Unfortunately, despite great strides made in the right direction, Linux remains less user friendly than either Windows or OSX, and less computer literate users may struggle with it. If you are serious about privacy however, Linux really is the way forward, and one of the best things about it is that you can run the entire OS from a Live CD, without the need to install it. This not only makes it easy to try out different Linux distros, but also adds an extra layer of security when you access the internet.
Ubuntu is very popular due to the fact that it is one of the easiest Linux distros to use, and thanks to this popularity there is a great deal of assistance available for it from an enthusiastic Ubuntu community. It therefore makes a good starting point for those interested in a using a much more secure Operating System.
Use a Virtual Machine
An additional level of security can be achieved by only accessing the internet (or only accessing the internet for certain tasks) using a ‘virtual machine’. These are software programs that emulate a hard drive onto which an Operating System (such as Windows or Linux – VMing OSX is tricky) is installed, effectively emulating a computer in software while running your normal OS.
The beauty of this approach is that all files are self-contained within the Virtual Machine so that, for example, the ‘host’ computer cannot be infected by viruses caught by the VM (which is why such a set-up is popular among hardcore P2P downloaders). The Virtual Machine can also be entirely encrypted, and even ‘hidden’, using programs such as TrueCrypt (see above).
Because Virtual Machines are emulating hardware, then running another whole OS on top of your ‘standard’ OS, there are substantial overheads in terms of processing power and memory use. This means that VMs tend to be somewhat slow and cumbersome, although using a very light Linux distribution such as Puppy can help, as does installing the VM on a separate hard drive to your main OS.
Give Whonix a try
Whonix works inside a VirtualBox Virual Machine, and ensures that DNS leaks are not possible, and that ‘not even malware with root privileges can find out the user’s real IP’.
It consists of two parts, the first of which acts as a Tor gateway (known as Whonix Gateway), while the second (known as a Whonix Workstation) is on a completely isolated network which routes all its connections through the Tor gateway. This isolation of the workstation away from the internet connection (and all isolated from the host OS inside a VM), makes Whonix highly secure.
Password protect your BIOS
Full-disk encryption using TrueCrypt is a great way to physically secure your drives, but for this to be properly effective it is essential to set strong passwords in BIOS for both starting up and modifying the BIOS settings. It is also a good idea prevent boot-up from any device other than your hard drive.
Secure your Flash Player settings
The Flash Player is inherently a very insecure piece of software (see also Flash Cookies), but despite the gains made by HTML5, it remains an important part of most people’s internet user experience. It is therefore a good idea to check its settings, and turn off most of them off (paying particular attention to the Camera and Mic settings!).
Many security related browser plugins disable Flash by default, which a good thing, but does not help when you actually want view the Flash content. Be careful however to only allow Flash on trusted websites. The Flash Player Settings Manager has moved from being online to being accessed locally, and the easiest way to open it is to right-click on some Flash content (e.g. a YouTube video) and select ‘Global Settings…’.
Change DNS servers and secure your DNS with DNSCrypt
Although we are used to typing easy-to-understand and remember domain names into our web browsers, these domain names are not the ‘true’ addresses of websites. The ‘true’ address, as understood by a computer, is a set of numbers known as an IP address. To translate domain names to IP addresses, for example www.bestvpn.com to its IP address of 184.108.40.206, the Domain Name System (DNS) is used.
By default this translation process is performed on your ISP’s DNS servers, which ensures your ISP has a record of all websites you visit. Even when using a VPN service (highly recommended), possible DNS leakage may result in your ISP handling this DNS translation instead of your VPN provider (as should happen).
Fortunately, there are a number of free and secure public DNS servers, including OpenDNS and Comodo Secure DNS, although we prefer the non-profit, decentralized, open, uncensored and democratic OpenNic (which we discuss here). We recommend changing your system settings to use one these instead of your ISP’s servers, and have instructions of how to do this in Windows 7 (along with a guide on how to detect and block DNS leaks when using a VPN) available here.
DNS was not built with security in mind and it is vulnerable to a number of attacks, the most important of which is a ‘man-in-the-middle’ attack known as DNS spoofing (or DNS cache poisoning), where the attacker intercepts and redirects a DNS request. This could, for example, be used to redirect a legitimate request for a banking service to a ‘spoof’ website designed to collect account details and passwords for unsuspecting victims.
This has prompted the chaps at OpenDNS to develop DNSCrypt, a lightweight program that encrypts ‘all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks’. Using Curve25519 elliptical-curve cryptography, DNSCrypt is available for Windows, OSX and Linux, and although in ‘preview release’ stage, is considered stable. The only issue is that OpenDNS is run by a private company (which is why we prefer OpenNic), but it is currently the only program of its kind available.
Use secure passwords
Okay, we have all been told this often enough to make us want to pull our hair out – we should use long complex passwords, with combinations of standard letters, capitals and numbers… and we should use a different such password for each service we use… arrgh! Given that many of us find remembering our own name in the morning challenging, this kind of advice can be considered next to useless.
Fortunately, help is at hand!
Low tech solutions
Here are a couple of ideas which will vastly improve the security of your passwords, and take almost no effort whatsoever to implement…
- Insert a random space into your password – this simple measure greatly reduces the chance of anyone cracking your password. Not only does it introduce another mathematical variable into the equation, but most would-be crackers assume that passwords consist of one contiguous word, and therefore concentrate their efforts in that direction
- Use a phrase as your password – even better, this method lets you add lots of spaces and use many words in an easy to remember manner. Instead of having ‘pancakes’ as your password, you could have ‘I usually like 12 pancakes for breakfast’ instead, to immensely increase your security
- Use more than 4 numbers in your PIN – where possible, use more than four numbers for your PINs. As with adding an extra space to words, this makes the code mathematically much harder to break, and most crackers work on the assumption that only 4 numbers are used.
High tech solutions
Where mortals fear to tread, software developers jump in with both feet! There are a plethora of password management programs available, but our pick of the bunch are:
- Firefox password manager – the password manager built into Firefox is one of the easiest ways to store your passwords for each website you visit, and it works very well. Do be aware however that you should set a master password to prevent just anyone peeking at your passwords in Firefox’s options dialogue. In addition to this, it is probably a god idea to back up your Firefox passwords every now and again
- KeePass(multi-platform)– this popular free and open source password manager will generate complex passwords for you and store them behind AES or Twofish encryption. It is a shame that KeePass doesn’t integrate with your browser, but it is possible to import saved Firefox passwords into it. KeePass itself is Windows only, but KeepassX is an open source clone for OSX and Linux, as are iKeePass for iOS and Keepass2Android for Android
Social networking, where you are encouraged to share every random though that comes into your head, photos of what you had for dinner, and word-for-word details of your relationship meltdown, can by and large be considered the antithesis to concepts such as privacy and security.
While, for example, Facebook can be considered ‘worse’ than Twitter in terms of privacy, as it sells every detail of your life to profiling-hungry advertisers and hands all your private data over to the NSA, all social networks are inherently about sharing information, and all commercial ones make a profit through harvesting your personal details, likes, dislike, places you visit, things you talk about, people you hang out with (and what they like, dislike etc.), and selling them.
By far the best way to maintain your privacy on social networks is to avoid them altogether, and to delete all your existing accounts. However not only can this be tricky (it is unlikely for example that you will be able to remove all traces of your presence on Facebook), but for an increasing number of us these social networks, where we chat, share photos and otherwise interact with our friends, are a primary reason for using internet, and play a central role in our social lives. In short, we aren’t willing to give them up.
Below then are some ideas for trying to keep a modicum of privacy when social networking, for those (i.e. most of us) who insist on using them.
- Self-censorship – simply put, if there are things you don’t want (or that shouldn’t be) made public, don’t post details about them on Facebook! Remember that once posted it is very difficult to retract anything you have said, especially if it has been re-posted (or re-tweeted etc.) In addition to this, remember that the authorities monitor social networking sites and services, so planning big illegal raves, or joking about bombing your local airport, are very bad ideas
- Keep private conversations private – it is all too common for people to discuss intimate details of a planned dinner date, or conversely to have personal rows using public channels. Remember that things like Message (Facebook) and DM (Twitter) exist, and use them. It won’t hide your conversations from advertisers, the law, or the NSA, but it will at least keep potentially embarrassing interactions away from friends and loved ones (who probably really don’t want to hear certain things anyway!)
- Use aliases – despite what the likes of Facebook try to insist upon, there is nothing stopping you from using a false name. In fact, in this world where employers almost routinely check their staff’s (and potential staff’s) Facebook pages, using at least two aliases – a sensible one with your real name which is designed to make you look good to employers, and another where friends can post wildly drunken pictures of you, is almost a must. Remember that it is not just names you can lie about; you can also happily fib away about your date of birth, interests, gender, where you live, or anything else that will put advertisers and other trackers off the scent. On a more serious note, bloggers living under repressive regimes should always use aliases (together with IP cloaking measures such as VPN) when making posts that may threaten their life or liberty
- Keep checking your privacy settings – although Facebook is notorious for continually changing the way its privacy settings work, and for making their privacy policies as opaque as possible, it is worth regularly checking the privacy settings on all social networks to make sure they are as tight as possible (for example by ensuring that posts and photos are only shared with Friends, not Friends of Friends or ‘Public’). A good idea in Facebook is to ensure that ‘Review posts friends tag you in before they appear on your time line’ (under Privacy Settings -> Timeline and Tagging) is set to ‘On’, to help limit the damage ‘friends’ can do to your profile .
- Use Diaspora instead – Diaspora is a nonprofit, open source, user-owned, distributed social network that is based upon the free Diaspora software It is constructed of a network of nodes (called pods) hosted by volunteer individuals and institutions, and which act as personal web servers. Users of the network can host a pod on their own server or create an account on any existing pod of their choice, and from that pod can interact with other users on all other pods. As of March 2014 there are more than 1 million Diaspora accounts, and although it is a still very much a work in progress (and you will need to convince your friends to join on the network – always the biggest hurdle when moving away from Facebook), Diaspora is the most complete open source Facebook alternative available.
Avoid all US and UK based services
The scope of the NSA’s PRISM spying program is quite frankly staggering, and Edward Snowden’s revelations clearly demonstrate it has the power to co-op any US based company (including for information relating to non US citizen and pretty much anybody else in the world) and to monitor all internet traffic that passes through the US’s internet backbone.
While other countries’ governments’ seem desperate to increase their own control over their citizen’s data, nothing (including China’s attempts at internet surveillance) matches the scale, sophistication or reach of PRISM.
It is therefore a very good idea, if such things worry you (as they should), to avoid all dealings with US companies where you are concerned about your privacy. To suggest that every US company may be complicit in handing every user’s personal information over to a secretive and largely unaccountable spying organization might sound the stuff of paranoid science fiction fantasy, but as recent events have proved, is terrifyingly close to the truth…
Note also that due to provisions in both the Patriot Act and the Foreign Intelligence Surveillance Act (FISA), US companies must hand over user’s data even if that user is a non-US citizen, and the data has never been stored in the US.
In addition to this, the UK’s GHCQ is in bed with the NSA and carries out some particularly heinous spying projects of its own (‘They [GCHQ] are worse than the US’, Edward Snowden). Indeed, all members of the English speaking ‘Five Eyes‘ spying alliance (US,UK, Canada, Australia and New Zealand) share information between their security organizations and use each other to spy on their own citizens (to bypass national laws prohibiting this), and so companies based in these countries should also be similarity avoided.
Is privacy worth it?
As we come to the end of this guide, we think this question is worth considering. Not only will almost all the measures outlined above mark you out for special attention by the likes of the NSA, and add extra layers of complexity and effort to everyday tasks, but much of the cool functionality of new web-based services relies on knowing a lot about you.
Google Now is an excellent case in point. An ‘intelligent personal assistant’, this software’s ability to anticipate what information you require is uncanny. It can, for example remind you that you need to leave the office to catch the bus ‘now’ if you want to get home at your usual time, as well as providing navigation to the nearest bus-stop, and alternative timetables should you miss it. Google’s new, and possibly game-changing Google Glass system makes heavy use of Google Now technology, which relies on storing and curating large amounts of information about your habits, likes, dislikes, browsing history, where you like to drink, and much more.
In other words, some of the most exciting and interesting developments in human-computer interaction rely on a full-scale invasion of our privacy, and to box yourself in with encryption and other privacy protection methods is to reject the possibilities afforded by these new technologies.
We mainly pose the question ‘is privacy worth it’ as food for thought. Privacy comes with a cost, and it is worth thinking about what compromises you are willing to make, and how far you will go, to protect it. In our view privacy IS vitally important, as everyone has a right not to have almost every aspect of their lives recorded, examined and then judged or exploited (depending on who is doing the recording), but it has to be recognized that maintaining privacy is not easy (and can never be completely guaranteed) in the modern world.
Of course, what most of us probably want is the ability to share what we want with our friends and with services that improve our lives, without worrying this information is being shared, dissected and used to profile us for dubious ends. While this is not likely to happen soon, if more people make even fairly basic efforts to improve their security, it would make both government agencies’ and advertisers’ jobs much more difficult, to the point that it could even force a change of approach.
It may take a bit of effort, but as we hope we have demonstrated in this Guide, it is entirely possible and not too cumbersome to take steps that greatly improve your privacy while online. Nothing is foolproof, but there is no reason to make the work of those who would invade aspects of your life that you should rightfully consider yours and yours alone, easy.
Privacy is a precious but endangered commodity, and by implementing at least some of the ideas we have covered you not only help to protect your own privacy, but also make a valuable contribution to conserving it for everyone. After all, if everyone encrypted their online life, where would the NSA be then?
Final note: If you are interested in further exploring the ideas and issues raised in this Guide, a good place to start is the almost exhaustive set of links available at Opentrackers.org.