Stay away from prying eyes online

ONCE upon a time, there was a quaint idea that a conversation between two people was private.

In light of revelations that the US’s NSA and the UK’s GCHQ are able to intercept private emails and phone calls, as leaked by Edward Snowden, it’s hard to imagine that anything we do or say these days is truly private.

And it isn’t only the government you have to worry about. Google recently admitted that it “processes” personal emails sent over its servers, although it maintained they are still private – an issue of semantics that is currently working its way through the courts.

It doesn’t stop there – there are countless other parties who could stand to benefit from intercepting the vast amount of personal data accumulating on servers all over the world.

One question is: does it really matter? The answer is: it depends. There are many reasons for wanting to maintain your online privacy. Do you send passwords over Gmail? Does your business rely on sensitive contact lists? Do you want prospective employers to know about your membership to the Monster Raving Loony Party? Or do you simply like the idea that your data is your own, and feel that regardless of the national security implications, your private conversations should be just that. Most people would no more consent to having their daily communications and movements tracked and catalogued than they would to install a camera in their bedroom.

The truth is, if someone really, really wants to snoop on you, you’re basically screwed. Without physically removing the wiring to your laptop’s webcam and microphone, for example, there is very little you can do about the possibility of a dedicated organisation or individual using it to spy on you. That being said, unless you have a hobbyist bomb construction kit in your shed, the chances of this happening are infinitesimally slim. If you’re still worried, here are a few tips to keep your data away from prying eyes.


Privacy quick-fix rating: 6/10

Encryption is what people during WWII would have called a code or, more accurately, s cipher. So if h = 20 and i = 30 (the “key”) you could send a letter containing 2030 and your recipient would be able to understand your meaning: “hi”. Digital encryption works in much the same way, except that rather than a straight substitution (which can be intercepted and understood using statistical analysis), it uses complex algorithms to convert the message into a secure format. It is possible to use encryption to send emails that cannot be snooped upon. The trouble is, unless you have set up the encryption software yourself, and physically pass the “key” needed to open the files to your recipient by hand, at some point it has to make its way though a third party via a network.

A major player in encrypted emails was Lavabit, but after Snowden used the service to communicate from exile in Moscow, it shut down, with the owner saying outside intervention meant he could no longer offer a private service. This led to the other major player Silent Circle also closing its doors. Autistici and Inventati, which are based in Italy, still offer a range of free privacy-aware services including email.

Another alternative is Hushmail, which offers a basic free email account that takes an interesting approach to encryption. It allows you to encode your email with a question and answer, so the recipient must be able to answer the question in order to decode the encryption and read the message.


Privacy quick-fix rating: 8/10

Your movements are routinely tracked every time you connect to the internet on your phone. It may only be stored as “meta-data”, but that’s enough to plot a map of your GPS location. You can turn this off if you use Android by going to Settings > Location and Security, and unchecking “Use Wireless Networks”. Alas, iPhone users can’t easily do the same.

Digital photographs also contain a hidden timestamp in the file data, and photographs taken on smartphones include the GPS location the photograph was taken at. This may be very useful if you’re surveying a wildlife reserve, but not so much if you have relocated from an abusive relationship and post a photograph of your garden on Facebook. John McAfee (yes, the antivirus guy), who was a “person of interest” to the US police, was recently apprehended after Vice Magazine published a photograph of him in a magazine article titled “We Are With John McAfee Right Now, Suckers”.

On an iPhone, removing geotags from images can be done by going to Preferences > Export and un-tick the box that says “include location information in exported photos”.


Privacy quick-fix rating: 3/10

Another area that may be of concern is your internet browsing. The websites you visit say a lot about who you are, and if you operate in the business world, may give away sensitive information about your supply chain. The computer you use to connect to the internet can also be used to trace your location, a practice known as “traffic analysis”. One method to circumvent this is the use of the Tor browser. Simply put, Tor uses a network of computers to relay your request across the internet. So rather than directly making a request between your browser and a website, Tor will pass this request through various host computers over the world. At each stage the request is encrypted and each stop is only aware of the next destination and the one preceding it. It should be said that Tor is more for protecting anonymity than data, so you still need to be careful about sharing confidential information.


Privacy quick-fix rating: 1/10

A more esoteric approach to privacy online can be found in an emerging technology called Anonymouth. The reserve of the truly dedicated or paranoid, Anonymouth is related to the study of linguistic style called stylometry. Stylometry was recently used to help out the author Robert Galbraith as a pseudonym of JK Rowling, and may be of concern to people who have a public profile, but also operate anonymously. Anonymouth works by running a statistical analysis of your writing style, and removes stylist tics and giveaways, rendering your prose in a generic fashion.


Privacy quick-fix rating: 8/10

Your communications are also open to attack every time you log onto a local network. When you connect to your favourite hot-desking environment, for instance, a malicious party could use a process called “traffic sniffing” – the internet equivalent of wiretapping – to intercept your data.

A useful work-around for this is to install an add-on to your browser called Https Everywhere, which adds encryption to your data, making it far harder to track your internet usage.

It should go without saying that any connection you send payment details over is using the https:// protocol, rather than the more usual http:// (you will be able to see this in the address bar of your browser). The “s” stands for secure, and lets you know that any data you send will use encryption.


Privacy quick-fix rating: 10/10

Of course, if you’re trying to keep your actions secret from the US government, most of what I have discussed is about as useful as an umbrella in a swimming pool. However, if you care about your privacy, the techniques above can go some way to mitigating the effects of online surveillance.

Andrew MacKay is a freelance writer, web developer and WordPress instructor.