I’ve never posted about privacy or data protection. Having lived in Mainland China, I have first hand experience of internet censorship though. No Facebook, Twitter or YouTube, that’s really annoying. News sites such as the BBC or New York Times are frequently blocked, unless you go around the great firewall with a VPN.
Since I moved to Hong Kong, these problems disappeared. I can enjoy ultra-fast internet and use cloud services. But, given the “bad” Chinese, I used services based in the United States. Surely, the country which always holds up freedom of speech wouldn’t dare screwing around with my data. How we were all wrong….
Since Mr Snowden talked to the Guardian we all know that the NSA and GCHQ are spying on us. The strategies seem to be different though. The NSA will obtain a secret court order issued by a secret court with secret judges (i.e. no oversight at all) to hijack your Google, Facebook, Yahoo, Apple or Dropbox account (especially if you’re a non-US citizen residing outside the US). The GCHQ on the other hand acts like a massive data-vacuum cleaner. They just collect all data going through the UK. And since the UK is situated on the outskirts of Europe it is a digital hub for glass fibre networks connecting Europe to North America, South America and even Africa and Asia. An ideal location for spying.
“I don’t care”, you might say. “I have nothing to hide so I’m not in any danger”. But this attitude doesn’t only show a total lack of interest about what’s going on around you, it’s also plain stupid. So if you fall in the latter two categories, just stop reading. This blog isn’t for you.
You have something to hide. All of us do. You might not be plotting a terrorist attack. But I’m sure you have “secrets” that you don’t want others to know. You don’t want the conversation you just had with your colleague about your stupid boss to become public. And you don’t want your mother-in-law to know what you just told your girlfriends, namely that she’s a real pain in the ass.
So we all have “secrets”. And nowadays we communicate these secrets not only verbally but also via emails or messaging apps. So whenever you use electronic means of communication you should make sure your stuff is reasonably well protected.
In this post and over the next few weeks I want to introduce some applications and recommendations to keep your privacy and communication safe.
The easiest way to keep your privacy is not using social media, messaging or cloud services at all. Even better: don’t use a computer or a phone. Just live like we did 100 years ago.
While that is a save option I don’t think anyone enjoying a digital lifestyle will go for it. So let’s start with a few general guidelines to make your digital life more secure.
1. Don’t put all eggs in one basket. It’s convenient to have a Gmail, Picasa and Google+ account. But you’re using the same company (which makes most of its money with advertising). So spread your risk. If you have a Gmail email address, how about using Flickr (owned by Yahoo) for your photos.
2. Don’t use your Facebook / Google login for other sites. Instead, create an account every time using a junk email address.
3. Use multiple email addresses from different service providers. Set up one “junk” email address which you will only use for registering for newsletters or to sign up for websites. Don’t use your real name for this email address.
4. Passwords: Use strong passwords! Your second name combined with your birth year is NOT a strong password. A strong password is something like “RuW23$%Yi8@”. If you have too many passwords to remember, consider buying a Password application that stores all your password encrypted on your phone or computer. But even in this case, you need one strong password to access the application. An easy way for a save password: Take your favourite book and open it on, say, page 75 (because you’re born in 1975, if you’re born in 1990 take page 90). Now use the first letter of the next 15 pages. That’s your password.
5. Surfing: When you surf the net, every website is constantly tracking you and collecting information. Make sure to either use “Private Browsing” and/or empty your history and cache on a regular basis.
6. Sending Emails is like sending a postcard. Everyone who intercepts it can read what’s in there. Get an SSL certificate to encrypt your emails and use encryption software to encrypt your emails. I will cover this topic in a future blog post.
7. Cloud computing has become HUGE over the last few years. For just a few dollars you can get a massive amount of storage on servers. Given the recent revelations by Mr Snowden you might want to check where those providers host their data. I wouldn’t be comfortable hosting my data on servers in China or Russia. And four weeks ago, I also added the U.S. and U.K. to that list. I will also cover this topic in a future blog post.
8. Encryption is a necessity! But there are different kinds. Services like Dropbox encrypt your data. But they hold the encryption key. So they can decrypt your data anytime. whenever you choose a cloud service, make sure the data is encrypted on your machine and send over an encrypted connection to the server. That way, only you can access your data.
9. Most messaging and chat applications like Whats App, Lime, Ping or WeChat are insecure. Plus, all your messages are stored on some servers. So assume that whatever you send through these messaging apps can be seen by whoever intercepts it. There are secure messaging apps out there which I will also present in a later blog post.