Photo (cc) by Ryan Somma
With the recent revelations that the NSA and other agencies have been tapping into corporate streams of data that can provide them with massive amounts of private information about U.S. citizens, now is a good time to start thinking about how best to keep your private information private.
Not a big deal, you say? Well, whether you’re concerned about the government digging through your personal data or not, you should be concerned about protecting your privacy. According to the Department of Justice’s most recent National Crime Victimization Survey, “In 2010, 7 percent of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization.” That’s almost one in 10, with 76 percent of them experiencing direct financial loss as a result.
Imagine that statistic was for bank robberies or home break-ins. If 1 in 10 Americans had their bank accounts emptied or their home broken into, we’d all be living in fear. And yet, that’s happening every year to our personal information. Making that information harder for someone else to obtain is Step One in preventing identity theft.
And not all identity theft is of the “crime” variety. There’s a famous quote that I’m paraphrasing: “If you’re using a website and you can’t figure out what they’re selling, you’re what they’re selling.”
Many corporations make a living off of selling or processing your personal habits and preferences for marketers, retailers and government agencies, practically without your knowledge. Since you’re not being paid for this information, and (unless you speak legalese and love spending your afternoons reading “Terms and Conditions”) you’re not aware that it’s being taken and used in this fashion, I’d consider it “theft.” But since the government has yet to agree with me, the best way to prevent yourself being used in this fashion is to get a little more serious about your privacy.
In this article, we’ll focus on the things the NSA has reportedly been looking at. It’s reasonable to assume that if you can stop them from taking a peek at your private information, you’ll have stopped hackers and others, too. Fortunately, thwarting the efforts of a billion-dollar super-secret government spy agency is not that difficult. You just need to know which services to turn to.
It’s important to note that everything in this article is public knowledge. If you’re worried about terrorists reading it and figuring out how to thwart our government’s best efforts at finding them, don’t be. The terrorists already know this stuff. You, however, might not.
1. Your phone
If you’re looking to keep SMS messages secure and you have an iPhone, there’s a free app called Wickr that can help. The app uses end-to-end encryption without storing the keys for decryption on its servers. What that means is that when you send a message to someone else using Wickr, nothing you say can be read by anyone at Wickr. Because of that, there’s no stream of plain text messages going back and forth that the NSA or anyone else can siphon.
To make voice calls, the easiest option is Silent Circle, but you’re going to have to pay for the privilege — $20 to $29 per month to call other Silent Circle users, with an optional add-on to safeguard calls to everyone else. Joining Silent Circle also gets you secure chat, email and video calling.
UPDATE (6/20/13): Silent Circle contacted us to say they’ve lowered their pricing to $10 per month for their normal plan, $24 per month for their Out-Circle-Access plan.
If you’re an Android user, you have a few more options than iPhone users do. For text messages, there’s Gibberbot. Like Wickr, Gibberbot is free and promises more secure messaging.
And for calls, check out RedPhone. When calling someone who also has RedPhone, everything you say is encrypted, making it much more difficult for someone to listen in. Plus, it’s free and uses your data connection, not your cellular voice. So not only will your calls be secure, you won’t have to pay for the minutes either.
More Android apps to check out:
2. Your Dropbox
According to documents released by The Guardian and The Washington Post, Dropbox is “coming soon” to the NSA’s spy program. If that were to happen, documents, tax records or other private information in your Dropbox folder could be subject to government monitoring. Add to that Dropbox suffering security breaches in the past, and they’re just not safe enough for me. The solution? SpiderOak.
SpiderOak is just like Dropbox — there’s a folder, you put stuff in it, that folder syncs between computers and devices — but with one important difference: good encryption. Everything you put in your SpiderOak Hive (that’s what they call their syncing folder) is first encrypted on your computer using your password, then sent to the SpiderOak servers.
This means that even SpiderOak can’t read your data without your password; it looks like gibberish. So if someone (the NSA, a foreign government, or a hacker in Latvia) manages to get into SpiderOak’s servers, they won’t be able to see what you’ve stored there without breaking one of the world’s most advanced encryption algorithms (one the NSA trusts to secure its own data).
But SpiderOak can also back up any file or folder on your computer, sync any file or folder on your computer, and share any file or folder on your computer. This makes it a great one-stop-shop for all your syncing, sharing and backup needs.
There’s a free plan that offers 2 GB of data, plenty for storing tax returns, scans of important documents, photos, small videos, and other data that you would prefer was stored securely. If you need more space, they offer it for a fee. Prices are almost identical to Dropbox, starting at $10 for 100 GB.
3. Your social network
Unfortunately, there’s no good option here. You join social networks because you want to share things with others, or connect with people you know and see what they’re sharing. Typically, this includes things that you might use as password reset reminders on other sites: a pet’s name, your mother’s name, high school you attended, favorite sports team, etc. That means that if a hacker or the NSA can gain access to your social media profile (either directly with your password, or indirectly by pretending to be someone you know and friending you), they can probably find enough information to gain access to your accounts on other sites, as well.
While there are a few start-up social networks that offer more advanced encryption of your data, they’re complicated to install, and even more difficult to get everyone you know using them, too. For now, the best option is to assume that anything you post on Facebook, Google+, Twitter, Pinterest, etc., will eventually be read by everyone in the world. That way, it won’t matter much if someone gets access to your data, be that a government agency, a jilted ex-girlfriend, or simply a prospective or current employer.
To share more securely, use something like SpiderOak or a secure messaging program to share directly with those you trust.
4. Your credit cards
Yes, the NSA is probably looking at credit card transactions, too. So how do you get around exposing your purchase history? “I already know this; the answer is to use cash,” you’re probably thinking. But how do you shop online without using a credit card?
The answer, sort of, is Bitcoin. It’s a virtual currency (you give or receive Bitcoins, which are worth something in dollars), but if used correctly, it can provide almost complete anonymity when shopping online. And since you’re not typing your credit card information into a site that may or may not keep that data secure, there’s no risk that your account will be stolen by someone hacking the site.
The only catch is that there aren’t a lot of places that accept Bitcoins. In fact, you’d be hard-pressed to find ones that do. But if the currency takes off, it could become the “cash” of the Internet.
A more doable option? Buy prepaid gift cards from Visa, MasterCard or American Express with cash. Then use those to shop online. You’ll probably have to pay a few dollars extra when buying the card, but afterward you’ll be able to shop anywhere those cards are accepted without having the purchase data and your identification forwarded to a government agency. If the site where you used the card is ever hacked, you’ve got nothing to worry; by that time you’ll probably have already used the balance on the card and moved on to one with a different number.
5. Your Web history
Everything you search for on Google, and a good deal of your browsing activity, can also be snooped on by the NSA, according to news reports. The problem is your IP address. It’s the sequence of numbers that identifies your computer on the Internet, and can be traced back to you through your ISP (Internet service provider).
The answer? A virtual private network, or VPN. A VPN will sit between you and the websites you visit, encrypting and relaying information back and forth. So when you do a search on Google, the IP address Google records as having performed the search is that of the VPN, not you. Find a good VPN, one that’s easy to use, with a good price, limited or no logging of your activity and fast speed, and you’ll be much harder to track online. Just make sure you sign out of your Google, Facebook, and Twitter accounts before connecting to the VPN, or use your web browser’s private mode.
Here’s a list of VPNs to consider. If you just want me to pick one for you, check out IPVanish.com. They have software that makes them especially easy to use, can be set up on your computer, tablet or smartphone, have servers all over the world that you can connect to, and cost $10 for unlimited use (and it’s even cheaper if you pay for a year in advance).
Bonus: Some VPNs accept Bitcoin as payment, making for the ultimate in anonymous Web browsing. Not even the VPN has to know who you are.
While using a VPN at home is something you might consider to protect your privacy from the NSA, using a VPN at a public Wi-Fi hot spot or hotel network should be mandatory. Often, those networks are unsecured and almost everything you do can be “sniffed” out of the air by someone else connected to the same network. A VPN would protect you.
6. Your everything else
While I’ve tried to hit all the major areas you might want to protect, this is by no means a comprehensive list of everything you can do to keep your private information safe and secure. Entire websites could be devoted to the topic.
Websites like Security In-A-Box. They’ll teach you everything from creating good passwords and protecting your computer from hackers to remaining anonymous online and bypassing censorship. And it’s free. If you’re interested in protecting your data in this brave new world, I encourage you to check it out.