Essential Tools for Everyday Encryption

What’s covered:
Desktop Encryption Software
File ShreddingDisk ScrubbingSecure Email Service Providers (what happened to Lavabit?), End to End Encryption and Extensions for existing email services providing encryption, P2P participation, Keyscrambling, using an Open NetworkWeb Tracking and Proxy servers deciphered and importantly Password Protection.

“What is surveillance, except control?” J. Appelbaum

In the wake of Edward Snowden and the shocking revelations of the U.S. government’s wholesale spying on its own citizens, Eds’ disclosures fuelled debates over mass surveillance, government secrecy, data collection and the balance between national security and information privacy.That is where the conversation began in 2013.

Still, you might be wondering, “Why does mass surveillance matter?”,.. “I only use the internet for convenience and communication”. Keep Reading.

Just last week the documentary screening of “Citizen Four” at New Notions Cinema, was pitched against the backdrop of controversy in the UK. It was impossible to prepare for both the real impact of Laura Poitras’ extraordinary documentary, recorded in real time, even for the desensitised, and the discussion that followed, unravelling the Investigatory Powers Act. The IP Parliamentary Bill passed in the UK, in November 2016, providing the security and surveillance services (GCHQ), and the police with unmatched intelligence gathering powers; the most sweeping surveillance powers in the western world. With little to no resistance from within Parliament or those outside, the government had to give only minor concessions to the privacy lobby.

Citizen Four (Edward Snowden) tweeted: “The UK has just legalised the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”

Ironically, the bill as been hailed as “world-leading legislation” that provides “unprecedented transparency and substantial privacy protection”. On the contrary privacy campaigners are claim that it will provide an international standard to authoritarian regimes around the world to justify their own intrusive surveillance powers.

So whether you’re an activist, an academic, a journalist or a regular happy go lucky ‘social media thumb-scroller’; you should and can protect yourself. This is not a complete, iron-clad, never-changing rule book. Rather, think of this as a general guide to discuss a few key concepts and introduce several tools that can help you keep the Internet relatively free and safe.

What does this mean for the ‘ordinary citizen’?

  1. individual web browsing activity can be collected by internet service providers,

  2. requires web and phone companies to store everyone’s web browsing history and customer communications,

  3. and obliges companies to decrypt data on demand and gives government security services the power to hack your computers, tablets, mobile phones and other devices to collect data communications in bulk,

  4. however to some extent, the new law merely legalises the current “customs and practices” as revealed by Citizen Four.

The new powers will be in force before 31st December 2016, with the European court of justice due to clarify its rulings on state surveillance shortly (the ruling could lead to parts of the new legislation being declared unlawful and in need of amendment).

This leads us to the question of, how we can protect our privacy and/or anonymity whilst online?…or at least take the correct steps to try. Almost everyone has or knows of someone who has ‘lost’ or had data stolen, email accounts hacked (worse still bank accounts emptied), personal files duplicated and downloaded or had that sweaty feeling of fear when you find out about ‘something’ and do notknow what to do with it or how to communicate it privately with a confidant.

There is a vast array of information online which can help inform you on the ‘how to’ and the following information attempts to expel the notion that the technology is overly complicated. These techniques can be successfully employed by everyone. However the sheer volume of information can be off putting, let alone the stigma of ‘advanced encryption technology’ in itself. Help is at hand, for every software available, there is a willing ‘youtube enthusiast’ willing to explain how to set it up and use it successfully. Here, we will discuss some options which are available for download, including Desktop Encryption SoftwareFile ShreddingDisk ScrubbingSecure Email Service Providers (what happened to Lavabit?), End to End Encryption and Extensions for existing email services providing encryption, P2P participation, Keyscrambling, using an Open NetworkWeb Tracking and Proxy servers deciphered and importantly Password Protection.

Desktop encryption software

Encrypting your computer’s drives, files or folders keeps your private data away from prying eyes, even if your computer is stolen. You’re also not just limited to the internal hard drive, external devices like flash drives and external hard drives can also be encrypted by disk encryption software. (Note: Windows and macOS both have integrated whole disk encryption programs – BitLocker and FileVault.) Below are some further examples of encryption software.

  • TrueCrypt A powerful disk encryption program that supports hidden volumes, on-the-fly encryption, keyfiles, keyboard shortcuts, and more. TrueCrypt works with Windows 10, 8, 7, Vista, and XP, as well as with Linux and Mac operating systems.
  • VeraCrypt is an open-source utility. A virtual encrypted disk within a file, encrypted partitions or under Microsoft Windows (except Windows 8 or GPT) an entire storage device with pre-boot authentication. VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed. Recommend.
  • DiskCryptor is another free disk encryption programs for Windows. Allowing you to encrypt the system/boot volume as well as any other internal or external hard drive.

 

File shredding Programs

Software tools that permanently delete files on your computer. Deleting a file just hides it from the operating system. It isn’t really gone until that same space is overwritten by something else, ensuring that it can never be un-deleted with a file recovery program.

Below is a list of the best free file shredder software:

  • BitKiller is a super simple portable file shredder program. Just add specific files and folders to the queue, or drag and drop them there. Easy to use. One issue is once you’ve begun the process of shredding files, while there is a cancel button, you’re unable to click it. BitKiller can shred files in all versions of Windows including Windows 10. Recommend.
  • Securely File Shredder is file shredder program that installs really fast and works by drag and drop. You can add one or more files and folders to Securely File Shredder to completely obliterate them using any of the shredding methods listed here. Securely File Shredder works with Windows 10, 8, 7, Vista, and XP.
  • Freeraser is incredibly easy to use. Just drag a file or group of files to the bin and they’ll be forever erased from your computer. When running the Freeraser setup file, you can choose to install it like a standard program or run it like a portable one which means the files will install to a folder that you can use on a removable drive. You can use Freeraser in Windows 10 through Windows XP.4

Hard Disk Scrubbing

Hard Disk scrubbing has two basic parts. The first is the Hard Disk Free Space Scrubbing option, and the second is File Scrubbing (or File Shredding). When you scrub a hard disks free space you overwrite unused space that may have been previously in use by other files. Files that you deleted using the recycle bin, or through Windows can easily be recovered or undeleted using the proper utilities. The hard disk scrubber will ensure that these utilities can no longer restore files that were previously deleted on your system. File scrubbing can be used during your every day deleting of documents and files, while disk scrubbing can be used less often. You may scrub the disk if you used other means of deleting files.If you are getting rid of your computer you should scrub the free space. Even if you have formatted the drive and re-installed the OS, old data can still be recovered!! You should overwrite your free space before getting rid of any computer; otherwise, you leave yourself open to identity theft and other problems resulting from your old data winding up in the hands of an unauthorised party.Hard Disk Scrubber runs in Windows 2000 and newer versions of Windows. Highly recommend.

 

Secure Email Service Providers with End to End encryption

Did you know your daily e-mails are passaged through a deep espionage filter?

There are a number of encryption tools that offer encrypted email service.  One of the most well-known tools to send encrypted emails is PGP (Pretty Good Privacy), designed to protect users’ emails from snooping. The good news for non-techs like me, who are privacy-conscious Internet users hoping to use encrypted email communication without any hassle, is that there are various providers. Let’s look at Lavabit first.

 

Lavabit, Lavabit, where art thou Lavabit?

What was Lavabit?

Lavabit was founded by Texas-based programmers in 2004, citing privacy concerns about Gmail, Google’s free, widely used email service, and their use of the content of users’ email to generate advertisements and marketing data. Lavabit offered significant privacy protection for their users’ email, including asymmetric encryption. The strength of the cryptographic methods used was of a level that is presumed impossible for even intelligence agencies to crack.

What happened to Lavabit?

Lavabit received media attention in July 2013 when it was revealed that Edward Snowden was using the Lavabit email address ed_snowden@lavabit.com to invite human rights lawyers and activists to a press conference during his confinement at Sheremetyevo International Airport in Moscow. On August 8 2013, the US government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden’s email. On August 8, 2013, Lavabit suspended its operations, and the email service log-in page was replaced by a message from the owner and operator LadarLevison.

Why is Lavabit important?

Lavabit is believed to be the first techno firm who chose to suspend or shut down its operation rather than comply with an order from the United States government to reveal information or grant access to information. Silent Circle, an encrypted email, mobile video and voice service provider, followed the example of Lavabit by discontinuing its encrypted email services, citing the impossibility of being able to maintain the confidentiality of its customers’ emails. One year after the suspension of Lavabit, its founder Ladar Levison announced a specification for the Dark Internet Mail Environment (DIME). It is under development by the Dark Mail Alliance. In November 2015, Levison said that work on DIME was still progressing, although slower than he would like.  As of July 2016 Ladar has been working on DIME alone. I remain hopeful but I am still waiting.

Options for now:

ProtonMail

Developed by CERN and MIT scientists, the basic service is a free, open source and end-to-end encrypted mail provider that offers the simplest and best way to maintain secure communications to keep user’s personal data secure. ProtonMail is also available for iOS and Android Users. If you opt for a free account, you’ll get all of the basic features which includes the Two-factor authentication to access your encrypted email inbox. Note- Always remember your password to decrypt the email inbox. Once forgot, you cannot retrieve your encrypted emails.

Key Features:

Even if someone intercepts your communication, he/she cannot read your conversations because all emails you send or receive with other ProtonMail users are automatically encrypted end-to-end by the service. ProtonMail encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers, making it significantly more secure for those looking for an extra layer of privacy.

In addition, for communicating with non-ProtonMail email addresses i.e. Gmail users, all you need to do is:

  1. Create a message
  2. Just click the encryption button
  3. Set a random password
  4. Tell the recipient the password
  5. Once done, your encrypted email recipient will get a link to the message with a prompt to enter his/her same password in order to read it.

Another friendly feature that ProtonMail offers is Self-destructing emails. All you need to do is set an expiration date for an encrypted email you send, and it will get self-deleted from the recipient’s inbox once the date arrives.

Why is ProtonMail any different to Lavabit? And why Proton does not have to comply with American Laws?

ProtonMail is based in Switzerland, so it won’t have to comply with American courts’ demands to provide users data. Worst case, is if a Swiss court ordered ProtonMail to provide data, they will get only the heaps of encrypted data. The do not store the encryption keys.

Tutanota

What is Tutanota?

A German based encrypted email provider, Tutanota was founded at the end of 2011 with the idea of making secure email easier than extant options like PGP. It’s similar to Protonmail, but with increased everyday usability, a clean interface, features such as attachment encryption and support for different devices, offering iOS and Android apps.

How does their encryption work?

Tutanota encryption is done locally, on the client device, secured with a user’s own password (so that also needs to be strong, and our own devices need to defended from malware to ensure email security), before being uploaded and sent to the recipient via Tutanota’s servers, and then decrypted on the recipient’s device.

So is it secure?

Tutanota is not privy to users’ passwords (there’s no password reset option) so it says there is no way for it, as the email service provider, to be able to decrypt the data it’s sending. What does this mean? Tutanota cannot be strong-armed by governments to hand over data. Nor is it data-mining your emails to sell intel to advertisers.

Key Features:

  1. End-to-end encryption. That means if you encrypt some data, it’s always encrypted, i.e. in the browser, or in the app, and it cannot be decrypted except by the person this data was encrypted for.
  2. Uses standard encryption algorithms which are proven to be secure, RSA and AES which are both used for example in PGP or S/MIME or military systems.
  3. Tutanota users are automatically assigned an asymmetric key pair (one public, one private) when they register for the service — with the keys created on their client device, rather than on Tutanota’s servers, and again encrypted with their own password. Encryption keys are synced across user devices so users do not have to manually transfer them. Attachments and email subject lines are also encrypted as a matter of course by Tutanota.
  4. Free version of the product that offers up to 1GB storage, and premium paid versions. It also already offers a premium version for businesses that allows them use their own domain and plug into Outlook email. Very Useful.

Tutanota shifted its HQ to Switzerland as startups in parts of Europe where the political outlook is more conducive to safeguarding privacy are clearly seeing a business opportunity. Switzerland, for instance, enshrines a right to private communications, including email, in its constitution. German law means email providers cannot be forced to manipulate their software to implement backdoors. So Tutanota cannot deliver the emails [to governments] because Tutanota cannot read them. “Excellent!,..will have that!”  I hear you say.

Sign up for a free account now!

 

Extensions for existing email services providing encryption

Two of the most common email service providers are Google and Yahoo however, their projects on secure end-to-end encrypted email have yet to see the light of day. That’s why some of us are starting to question how much Google and Yahoo really care about making this happen.

Gmail

Have you got Gmail?  It is possible to encrypt your Gmail account using an external extension for the Chrome software, which implements GPG into Webmail using the OpenPGP.js library. However, this project is no way affiliated with Google. Mymail-Crypt for Gmail aims to make OpenPGP encryption available and used by anyone.

How do I install this software? To get started, install Mymail-Crypt, then proceed to Extensions.

Tools -> Extensions -> under Mymail-Crypt click the options page.

Remember to give your public key to your friends, import theirs into the options page.

How does Mymail-Crypt work? In Gmail simply click encrypt to encrypt a mail you’re writing or simply click the decrypt to read a mail from a friend. Mymail-Crypt acts as a layer on top of your Gmail experience that allows you to seamlessly encrypt and decrypt messages.

Yahoo

What is Mailvelope? Mailvelope is a free and open source browser extension that allows you to send and receive encrypted email text and attachments when using webmail services. It relies on the same form of public key encryption as PGP; allowing you to encrypt, decrypt, sign and authenticate email messages and files using OpenPGP.

Why I chose Mailvelope as an example of an extension? It is probably the easiest way for webmail users to begin using end-to-end encryption. Mailvelope also relies on a form of public-key cryptography that requires each user to generate their own pair of keys.

Your correspondents do not have to use Mailvelope, but they do have to use some form of OpenPGP encryption.

It does not work on Android or iOS mobile devices

 

Most frequently asked question “What are keys?”

Basics

Public and Private Keys open PGP and therefore Mailvelope use public-key encryption, which means a key is split into two parts: public and private keys with different purposes:

Public Key: Used to encrypt a message. Is and should be available to everybody.

Private Key: Used to decrypt a message. Needs to be stored securely. Access is restricted by password.

Exchanging Keys: In order to send encrypted e-mails to a peer, you must have the public key of the recipient. Therefore, before secure communication can happen between two people, they must exchange their public keys with each other.

Your private key is extremely sensitive. Anyone who managed to obtain a copy of this key would be able to read encrypted content that was meant only for you. You will use your private key to decrypt messages sent to you by those who have a copy of your public key.

Your public key is meant to be shared with others and cannot be used to read an encrypted message. Once you have a correspondent’s public key, you can begin sending her encrypted messages. Only they will be able to decrypt and read these messages because they also have access to the private key that matches the public key you are using to encrypt them.

Similarly, in order for someone to send you encrypted email, they must obtain a copy of your public key. It is important to verify that the public key you are using to encrypt email actually does belong to the person with whom you are trying to communicate.

Open Network, The Onion Router

(sounds smelly) a short story about the open onion network Tor.

Tor is a free military grade software and open network for enabling anonymous communication. Lovely! Download it now! The name is derived from an acronym for the original software project name “The Onion Router”.

How does it work? Without being overly complicated, here it goes… Tor directs internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes, visits to Web sites, online posts, instant messages, and other communication forms. Tor’s use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. An adversary might try to de-anonymise the user by some means. One way this may be achieved is by exploiting vulnerable software on the user’s computer however attacks against Tor are an active area of academic research, welcomed by the Tor Project itself. Have a read about the XKeyscore revelations.

So what exactly is onion routing? By encrypting the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address, eliminating any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination.Tor is not meant to completely solve the issue of anonymity on the web. Instead, it simply focuses on protecting the transportation of data so that certain sites cannot trace back the data to a given location.

Who uses TOR? Tor enables everyone to use Internet, chat and send instant messages anonymously and is used by a wide variety of people for both licit and illicit purposes. However, Tor users also includes people who wish to keep their Internet activities private from websites and advertisers, people concerned about cyber-spying, users who are evading censorship such as activists and journalists. Tors’ anonymity function is “endorsed by the Electronic Frontier Foundation (EFF) and other civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists.

Web tracking and Proxy Servers Deciphered

When you sign up with an ISP, the traffic from your PCs and other devices goes to your ISP’s servers, which feed most of it – except various blocked websites – on to the internet. Your ISP, therefore knows where you are going online. You can track this process yourself using Trace Route or you can avoid this by using anonymous proxy servers. Your ISP will then know you visited the proxy server, but, if the anonymising is done properly, it won’t know where you went from there.

A Proxy server can stop your ISP from logging your web visits, but they may still be logged. As explained above, your own web browser is keeping a history. You’re also being tracked by dozens of advertising services, including Google. You can block trackers with a browser extension such as Ghostery or the EFF’s Privacy Badger

Why use a Proxy server? Most people aren’t interested in proxy servers, but often end up using them.  There are two big problems with using free proxies. First, you may not know who’s running them. Second, they may be unreliable and slow.

However a VPN (virtual private network) will protect your traffic from snoopers who steal passwords – or worse. I also recommend them to people who are potential targets for other reasons. The traffic from your PC is automatically encrypted and sent to the VPN supplier’s server, so your ISP can’t see the final destination. The ISP’s records should only contain the VPN Company’s server addresses.

How to choose a VPN? The things to look for include the number of servers and where they are located, their privacy policies, the applications they support (Tor, BitTorrentetc), speed and price. Some have applications for different devices. For example, NordVPN has them for Windows, MacOS, iPhone, iPad and Android. Choose a VPN that is not UK-based, if your motive is the ‘snoopers charter’ and check that it does not log. If they don’t keep any logs, they can’t hand them over to anyone. VPNs do not protect you from phishing emails, keyloggers, and websites that try to install malware. A word of warning however, you may encounter problems using VPNs with Google’s geolocation, PayPal, and banking services etc in the interest of fraud detection.

What is finger print browsing? Surveillance agencies can give your PC a unique identifier based on variables such as screen resolution, browser version, extensions, fonts, time zone etc. Using a virtual PC, every session starts with a generic fingerprint. Less identifiable than the alternative.

My prediction is that VPNs will be the norm soon enough, for those who don’t want to attract undue attention and well when we all live in such a world where we are subject to hostile Wi-Fi hotspots (Try HotSpot Shield) and other online threats it would be a smarter choice to protect yourself.

Some software worth checking out though if you are getting serious about surveillance because your career relies on it, as much as your source relies on anonymity. GRC has a Forensics Page which checks whether you are being tracked by cookies. As an extra….. Virtual Box & VMware Workstation Player provide increased privacy, loading a virtual computer into your operating system and throws it away after each individual use (the only way to prevent finger print browsing).

 

Key Scrambling Software

What is it? Real-time Encryption… well the moment you begin typing.  KeyScrambler software encrypts each character instantly at the keyboard driver level in the Windows kernel, timing and location makes it difficult for keyloggers to bypass KeyScrambler’s protection. Your keystrokes remain encrypted as they travel through the perilous path in the operating system, where keyloggers can be physically or remotely installed on your computer using malware to intercept your keystrokes.

What is keylogging? Keystroke logging, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Keyscrambler software implements both standard symmetric-key encryption and asymmetric-key encryption. The strong encryption defeats even the most insidious kind of keylogging malware and brute force attempts.

Should a keylogger have wormed into your computer and escaped detection, KeyScrambler will still work, and the keylogger would have only a meaningless jumble of characters to record. I recommend combining Keyscrambler with a functional anti malware software.

Does this work online? In short yes. Everything you type in your browser is instantly encrypted: including online banking, shopping credentials, credit card numbers, search terms, Java, flash, PDF forms, browser dialogs, browser master passwords, email, Facebook, LinkedIn, Twitter . . . everything. Your crucial information is safe from keylogging on millions of websites and in all of the browser apps. The premium version does however also provide Microsoft Office Suite with encryption whilst you type. Awesome!

 

P2P Communication

What is P2P?

P2P communication system is a peer-to-peer distributed application in which the participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each participant from other participants. P2P users who desire anonymity usually do so as they do not wish to be identified as a publisher (sender), or reader (receiver), of information.

Why would I use this?

  1. Censorship at the local, organisational, or national level.
  2. Personal privacy preferences such as preventing tracking or data mining activities.
  3. The material or its distribution is considered illegal or incriminating by possible eavesdroppers.
  4. Material is legal but socially deplored, embarrassing or problematic in the individual’s social world.
  5. Fear of retribution (against whistleblowers, unofficial leaks, and activists who do not believe in restrictions on information nor knowledge).

Key Features:

  1. Easily accessible anonymous P2P networks are seen by some as a democratisation of encryption technology, giving the general populace access to secure communications channels already used by governments.
  2. Some of the networks commonly referred to as “anonymous P2P” are truly anonymous, in the sense that network participants carry no identifiers. Others are actually pseudonymous: instead of being identified by their IP addresses, participants are identified by pseudonyms such as cryptographic keys.
  3. Each participant in the MUTE network has an overlay address that is derived from its public key. This overlay address functions as a pseudonym for the participant, allowing messages to be addressed to it.
  4. Messages are routed using keys that identify specific pieces of data rather than specific participants; participants remain anonymous.

The term anonymous is used to describe both kinds of network because it is difficult—if not impossible—to determine whether a participant that sends a message originated the message or is simply forwarding it on behalf of another participant. Every participant in an anonymous P2P network acts as a universal sender and universal receiver to maintain anonymity.

Why does P2P rely on Participation?

If a participant was only a receiver and did not send, then neighbouring participants would know that the information it was requesting was for itself only, removing any plausible deniability that it was the recipient (and consumer) of the information. Thus, in order to remain anonymous, participants must also ferry information for others on the network.

Always read the terms and conditions of agreement before signing up.

 

Important Password Protection

Be sure to use a password manager. One of the main things that gets people’s private information exposed are data dumps. Credentials may be revealed, even if you no longer use that service, you may well use the password elsewhere. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud. Be smart with your security questions. The key is to mix things up as much as possible so if someone does get into one of your accounts, they can’t use the same information to get in everywhere else.

 

KeePassX

What is it? And how does it work? KeePassX saves different information e.g. user names, passwords, URLs, attachments and comments in one single database.The password generator is very customisable, fast and easy to use. Especially someone who generates passwords frequently will appreciate this feature. The interface is also user friendly.  Highly Recommend.

If you prefer, you can use an online random password generator for example, passwordsgenerator.net and back them up in an encrypted format to hard disk or external hard drive.

To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method.

  1. Do not use the same password, security question and answer for multiple important accounts.
  2. Use a password that has at least 16 characters, (I recommend 20 characters) use at least one number, one uppercase letter, one lowercase letter and one symbol.
  3. Do not use the names of your families, friends or pets in your passwords.
  4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers.
  5. Do not use any dictionary word in your passwords.
  6. Do not use two or more similar passwords which most of their characters are same, for example, ilovefreshflowersMac, ilovefreshflowersDropBox, since if one of these passwords is stolen, then it means that all of these passwords are stolen.
  7. Do not let your Web browsers (FireFox, Chrome, Safari, Opera, IE) store your passwords, since all passwords saved in Web browsers can be revealed easily.
  8. Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.
  9. It is recommended that you change your passwords every 10 weeks.
  10. It’s recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this or use a password manager.
  11. Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.
  12. Do not store your critical passwords in the cloud.
  13. Use two-factor authentication. Many services such as Gmail, Twitter, Dropbox, Hotmail, and Facebook offer this now for no charge. So even if your password does get exposed, you still have a backup such as a text message to your phone to secure your information.

 

 

For Smartphone users

The first step that anyone could take is to encrypt their phone calls and their text messages is to give a secure messaging service such as Signal a go. Signal is available for iOS and Android, and unlike a lot of security tools, is very easy to use. Other services including ChatSecure, WhatsApp and Apple’s iMessage also encrypt messages. You cannot make a smartphone private because you’re always being tracked by the cellular network. However, you can turn off Wi-Fi and Bluetooth when you’re not using them which can be used to track you and it is possible use a VPN remotely for web access. Remember, many smartphone apps request permissions enabling them to track you. And always be smart when using social media.

Best wishes in the new age of surveillance. Hopefully this has been an easy exercise for you to follow and the resources and tools provided here help you to protect your right to privacy. The last words are from Edward Snowden who appeared via ‘telepresence robot’ at TED2014 to address surveillance and Internet freedom. The right to data privacy, he suggests, is not a partisan issue, but requires a fundamental rethink of the role of the internet in our lives — and the laws that protect it. “Your rights matter, because you never know when you’re going to need them.”

Aaron Guthrie