Photo credit: https://unsplash.com/photos/yekGLpc3vro

It seems appropriate that the author of ‘1984’ was a British citizen. George Orwell must have seen how easily the great British public’s lamb-like disposition toward its leaders could be exploited to create a police state.
— Heather Brooke

What is privacy? We naturally expect it, and yet few of us can really define it off the top of our heads. The Wikipedia entry on privacy reads as follows:

“The ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes…”

The right not to be subjected to unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries’ privacy laws, and in some cases, constitutions [emphasis added]. Almost all countries have laws which in some way limit privacy. An example of this would be law concerning taxation, which normally requires the sharing of information about personal income or earnings…”

However, few would agree, in our age of the Patriot Act and the constant sharing on social media that we have much privacy anymore on a day-to-day basis.

CCTV cameras are everywhere. Our emails and phone calls are tracked. Data providers mine our information to create profiles on which they try to push unwanted solicitations on us 24/7. Facebook, Google, and others scoop as much as they can, and sell it off to groups like Cambridge Analytica or just give it over to alphabet agencies around the globe. Additionally, the new Cloud Act and much other legislation accelerate the advent of our new oligarchic panopticon.

We are beset on all fronts, it seems, and the governments of the capitalistic world, on behalf of the 1%, want to make it worse — significantly worse. If you think I am overstating the case, then let me list the ways and areas where we are already legally snooped on by governments and corporations and you might get an idea of my perspective:

Emails, mobile calls, landline calls, social media profiles and comments, webcams (hijacking), CCTV, bank records, purchasing profiles (everywhere, online and offline), medical history, websites we visit, online purchasing, online comments, employment history, academic records, travel history, location tracking (cars, GPS, and mobile phones), social and professional organizational affiliations, political affiliations, and so on — this is a long list.

The situation we currently find ourselves in is one where a legal warrant is required for government authorities to access these areas of information, and this information can only be held for a short period of time.

Under new legislation being enacted by many governments in the West, some of which is already in place, a warrant is no longer required, the information will be held much longer, and this harvest will consist of all your online interactions and all your phone communications.

If this weren’t enough, it actually gets worse. Additional internal, non-legislative government initiatives link to this legislation and propose to remove an institutional protection that is inherent in government systems.

Currently, databases on various informational areas are held in separate data silos in separate government departments — information is not cross-referenced or linked, and specific procedural, legal, and internal operational rules prevent them from doing this.

That will no longer be the case under the new legislation planned for us.

However, all of this is academic, since data collection on this level has been occurring between the Five Eyes countries and the NSA since 2009, without any laws to establish it. And how they have managed this is chilling in its simplicity.

Legislation in the US, UK, Canada, New Zealand, and Australia (the “Five Eyes” Anglo countries) specifically forbids the collection of this level of information and metadata in each country by their intelligence services. For instance, the NSA can’t do this in the US; GCHQ can’t do it in the UK; the ASD can’t do it in Australia — you get the picture.

However, there is no legislation in any of these countries that prohibits holding and/or processing or profiling this data if you already hold it.

What has happened since 2009 is this: all five countries are linked via massive dedicated fiber-optic pipes and huge server farms, and they collect data for the other countries. GCHQ collects and processes all the data for the US with Canadian assistance, due to its sheer volume. The NSA does it for the UK and Canada. Australia does it for New Zealand, and New Zealand does it for Australia. Then, the NSA just pumps everything directly to GCHQ. GCHQ and CSIS in Canada pump the US data to the NSA, and the same for Australia and New Zealand.

So each intelligence agency in each country can legally process, store, and use all this data regardless of our awareness or opinions about it. It’s a simple exercise in data routing.

The new laws are a fig-leaf — nothing more. They have already been doing this for years, and the new laws are there for political reasons and to permit the expansion of the operational capacity in each country through larger official open-budget requests (easier to get than hidden ones as you can get more money).

Do you think your SIM cards in your phones are secure? Guess again…

In 2010, the NSA and GCHQ hacked the Gemalto network and stole all the encryption for their SIM cards. Gemalto makes half the SIM cards in the world, more than 2.5 billion cards per year. This means they don’t even need a warrant or a wiretap — they can just call the number of the phone they want, connect, and then remotely hack it and take everything whenever they want, no internet and no permission required.

All of the details are here, and we can thank a modern hero for exposing this — Edward Snowden.

It’s a fairly safe bet they did the same to other SIM manufacturers, but this is the only one we know about for a fact — they’re not in the habit of leaving loose ends lying around. They directly hacked the servers in the company building when they broke in and installed data-taps and malware on the machines inside the Gemalto building! Pretty brazen!

Facebook? Google? Amazon? EBay? YouTube? They have data taps on the servers in each company’s facilities— again, this is done in the same manner I outlined above. In other words, they suck up the data at the source.

How about data offshoring in a foreign country to get beyond their reach? Nope…

http://techcrunch.com/2015/01/02/offshoring-data-wont-protect-it-from-the-nsa/

All of these attacks on our freedoms are wheeled out with predictable regularity as soon as some terror attack occurs and the media whips people up into a frenzy of fear — so that we acquiesce to more snooping, more police powers, more removals of rights and freedoms.

Protecting Your Privacy

So, what can we do? Can we protect ourselves? Can we do anything? Shall we all just shrug our shoulders, give up, and ignore this, or crawl into a bunker with lots of tinned food, bottled water, and a tinfoil hat?

Well, actually, there are a few things you can do, and they are all legal (for now).

This article details basic ways to protect your privacy — phone and internet:
http://www.cnbc.com/2015/06/22/ten-low-tech-ways-to-protect-your-privacy-online.html

Change your SIM card — did you know that if you buy a prepaid SIM from a retailer/supplier there is no legal requirement to give your own name and address? The customer form is for marketing and data capture for the telecoms only — nobody else. You don’t have to tell them anything true if you don’t want to; there are no penalties.

Use a random street address with a fake name and buy a new prepaid SIM, sign the form, and walk out with your card. When you put it in your phone, they will be tracking the equivalent of an individual as real as Donald Duck!

The only (slight) downside is that you have to change your number and let everyone know — and please remember: don’t use things like Facebook, Google, or anything on the net with your real name and/or details with this new phone number/SIM as that will defeat the entire purpose of what you just bought the SIM for!

There are other tactics that I use (as an old techie) that are pretty simple and inexpensive.

When you use the internet use a VPN on your pc. A VPN (Virtual Private Network) is a way to encrypt your internet access to protect it from snooping of any kind — government, corporate, or otherwise. It creates an uncrackable encrypted connection to the internet, usually through a VPN provider. For any potential snooper, it appears you are on a different computer or network, or even in a different country!

Some sample VPN providers:

  1. NordVPN
  2. Private Internet Access
  3. Ivacy

They are very reasonably priced for a year, and absolutely superb for security and reliability — and that is my professional opinion as a former senior networking and security professional.

Use a VPN that does not keep customer or IP logs

The three listed above keep NO customer payment or network user logs, so there is NOTHING for the authorities to seize or analyze and track if they do come sniffing around. A bonus is almost all of them will take payment in crypto!

  1. You can also enable your VPN on your phone — most services allow you to use it for up to five devices at the same time for the price of one subscription.
  2. Rotate your VPN connector POPs frequently (a few times a day) and flush DNS each time.
  3. When you open up your browser, press the Ctrl+Shift+N keys together on the keyboard and a new window with a little guy in shades and spy hat will pop up– this is “incognito” mode, and this feature stops your history from being saved when you visit sites.
  4. Stay away from social media — it is a waste of time and energy, and most importantly, social media leaves you wide open to surveillance and profiling. If you have to use Facebook or Twitter for work, then use fake personas linked to encrypted emails — like a spare ProtonMail address — with zero links to your real name/ID/clearnet persona.
  5. Enable extensions like WebRTC Block, Adblock Plus, Popup Blocker (strict) and set a “do not track request” in your browser (advanced settings usually).
  6. Set up 2 IDs/personas/emails –
  7. A vanilla clearnet one, like Gmail or any other mainstream provider. Keep all your mainstream IDs and personas here if you need to: bank, social media, shopping, et cetera.
  8. An encrypted one with NO links/identifiers with the clearnet one — use ProtonMail for encrypted email (it’s free).
  9. If you are worried about cell phone snooping try CoverMe — the Android/iOS app encrypts voice and text. It charges per use but routes your calls via dummy/burner numbers to make you even more untraceable.
  10. Download DNScrypt to hide your DNS routing (free app).
  11. Download a good keylogger blocking app — KeyScrambler is the one I use.
  12. Set your search engine to something like DuckDuckGo or StartPage — no logs are kept and there are no links to US corpations.
  13. Don’t use Dropbox but SpiderOak — it’s safer, more secure, and no government visibility.
  14. Rotate your passwords and store them safely offline via paper copies and USB sticks. You can buy a thumbprint lockbox on eBay for about $100. Keep one at home in a safe place and put a duplicate offsite.
  15. Deploy Canary tokens (do a search on these) on important files as tripwires so that you know when someone is looking at things you would rather they didn’t.
  16. Very important: search “how to disable remote desktop” if you use Windows to prevent remote desktop hijacking — and keep it disabled.
  17. Use Tor for all your non-mainstream browsing requirements — with Tails OS if you are so inclined.
  18. Use Pretty Good Privacy for email as an option — the best one for Windows is Gpg4win.

Crypto Precautions

I am sure you have heard this many times before, but do not store coins that you are not actively trading on exchanges, or your PC, or phone — security is far from optimal.

A few minor transaction fees are worth it for peace of mind

Best of all is to use a hardware wallet: Trezor and Ledger. Keep the paper and USB keys in your thumbprint lockbox that I mentioned earlier.

PROTECT your keys — public and private — don’t keep them on your PC, and don’t give them out to anyone — transactions only (and even then, make sure to check it’s not a phishing exercise). The same policy applies with your keys as with your passwords — paper + USB in an offline location, like a lockbox, and keep more than one in a different location, off-site.

Additional reading

LEAVE A REPLY

Please enter your comment!
Please enter your name here