FAQ: Privacy in the Internet Age
How do I ensure privacy while using the internet?
There is no privacy in the internet.
Why do you think that?
First, there are some other big companies whose business model relies on collecting as much information about anyone as possible.
On top of that, the NSA monitors the whole internet. They force companies to install back-doors in their servers and software and to hand out encryption keys, so that they can read encrypted traffic. They influence standardization bodies to standardize weak encryption schemes and are actively searching for vulnerabilities in software so that they can circumvent any protection a user might use. See for example this wikipedia article for more scary details.
But it's OK because the NSA fights terrorism, right?
I'm no terrorist, so I've nothing to worry about, right?
There is a reason why privacy is important. Are you really sure, that there is nothing in your life you wouldn't like your neighbours, your employer, your friends or anybody else to know?
But the NSA are the good guys, they woudn't do anything against me.
Probably you are right. But there are two main problems.
The first one is that the NSA had about 1000 system administrator with full access to the systems and many more employees with access to top secret information. Snowden accessed the system in a non authorized way to inform the public, other employees spied on their spouses. It is highly improbable that no one ever sold something to criminals.
The second problem is that the NSA weakens deliberately the security of computer systems as mentioned above. This makes it more easy for common cyber criminals to break in.
To make this a bit clearer take the common example of a company hacked and user data stolen. Only a little bit exaggerated one has to ask the following questions. Was it the NSA? Has somebody inside the NSA sold some helpful information to criminals? Did criminals find on their own a back-door implemented for the NSA? Or did they use a vulnerability, which was known already by the NSA? In other words could the NSA have prevented the crime but preferred to keep quiet so that they could target the system on their own? Or was it just a criminal and the NSA had no involvement whatsoever?
What can I do to restore my privacy again?
There are two general direction to improve privacy.
One is political. Make it clear to your politicians that privacy is important to you.
The other one is technical. If the NSA is really after you, there is nothing you can do. But if you are like the huge majority of internet users just a collateral damage, you can make NSA's life more difficult. That means that hopefully they leave you alone.
What exactly can I do on the technical front?
Here are some measures to increase your privacy.
- If possible use the encrypted https protocol instead of the http protocol which is easily readable by anyone interested. The browser plug-in HTTPS-Everywhere might help.
- Control cross-site requests for example with the RequestPolicy plug-in for firefox.
- Control the https traffic by pinning certificates for example with the CertPatrol plug-in for firefox.