Security & Privacy

17 UNUM 17—

If there’s one throughline in all of my work, it’s the concept of systems. The world we live in is a mesh of interlocking & extremely complex systems, often entirely disparate & opaque. No single person can describe how a city block works, let alone an entire city, or country, or anything.

In the increasingly complex world, citizens aren’t the only ones struggling to keep track of it. Over the past 15 years, there has been a drastic push towards surveillance, even on the national level. Just look at the Patriot Act, Prism, the NSA, & you’ll see what I mean.

Not only are there far more systems in place for governments, agencies, & special interest groups to monitor our every move, there are more & more systems allowing you to do it yourself. All your emails, connected calendars, Facebook updates, text messages, any sort of online presence at all is a trove of information that can be used to track down & hone in on your location, activities, ideas, & personality. 

Scroll through your Facebook ad preferences sometime & just see what they know about you.

Even more than that, more & more technology is coming out to make it easier than ever to spy on the average citizen. Most of you reading this have an internet-connected camera & microphone on you at all times.

Or look at Amazon’s new Echo smart home device. They just announced recently that over two-hundred & fifty thousand people have asked Alexa to marry them. Well isn’t that sweet? It also says that not only is Amazon recording, monitoring, & logging everything you say, but that it’s tracking that data & making patterns. Technology!

Of course I’m not advocating for you to unplug & move to the woods (this is a blog, after all). 

I’m saying we should be smarter about it.

Why should I be more secure?

You’ve heard about Snowden & the NSA, but why does this affect you? You’re no revolutionary. You’ve got nothing to hide, right?
Wrong.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
— Edward Snowden

Do you know how many laws there are in the United States? That’s okay, neither does the US government. As law professor James Duane notes, “…the Congressional Research Service cannot even count the current number of federal crimes. These laws are scattered in over 50 titles of the United States Code, encompassing roughly 27,000 pages.”

So how are you meant to keep up with it? You aren’t. That’s not to say that laws are kept intentionally opaque (but maybe…) but that’s far more than anyone could keep up with. It’s entirely possible you’re in violation of a federal law right now. 

Like 18 U.S.C. §1865 & 36 C.F.R. §2.15(a)(4) which makes it illegal to let your pet make a noise scaring wildlife in a National Park. Or 10 U.S.C. §2674(c)(3) & 32 C.F.R. §234.7(c) which states it is illegal to make an unreasonable noise at the Pentagon. Or maybe just 40 U.S.C. §8103(b) which makes it illegal to damage any lamps, or sinks, or pipes, or remove any stones or gravel or sand in Washington D.C.

“Okay, there are some bullshit laws. I’ll be careful about my unreasonable sounds.”

Oh, but it’s so much more than that, my good-natured compatriot.  In addition to the drastic increase in surveillance, the past few years have been a whirlwind of social change. Think about the legalization of gay marriage. Or the recent decriminalization of marijuana around the country. 

Citizens need to be able to break laws. Not just in a “rules are meant to be broken” sort of way, but on a basic fundamental level, as a means of altering the government. If we didn’t, America would still have slavery, women wouldn’t be able to vote, hell we wouldn’t even have the Bill of Rights if we’d just stuck to the constitution. 

“Fair point. But I’m still not trading government secrets. Isn’t security hard?”

The main conflict in privacy comes between security & effeciency. Most layers of security will somehow decrease the usability of whatever device your instituting it on. That doesn’t mean it’s hard, & it definitely doesn’t mean its not worth doing.

You should be careful of your security for the same reason you lock your door at night, for the same reason you hide your PIN & SSN, for the same reason you wear a seatbelt.

Now then, let’s get started.

A Two-Front War

There are two sides to this battle: Hardware & Software. I’m going to touch on both.

Hardware:

So, I’m going to assume you have a cell phone & a computer you want to protect. Here’s what to do to keep them safe.

  • Use a password on your phone & computer.

I know it’s really in fashion to use your fingerprint as your password on phones (& soon computers too!) but don’t. Use a real password, preferably not just four digits, as that can be cracked without effort. I know biometrics seem like the best option, but they’re far from it. For one, police can force you to use your fingerprint to unlock something, but cannot ask for your password. True fact.

  • Encrypt your memory.

Encryption is essential. Think of it like taking all the data on your device, & randomizing it for anyone that doesn’t have the key. Plain & simple, it shuts down attacks right away, making it impossible to progress without the key. 

On iPhone, your device is encrypted when you enable a passcode. For Android, when you have a password set up, go to Settings >Security >Encrypt Phone. You can encrypt both the internal storage as well as any portable media you have connected (like an SD card).

On your Mac, go to settings & turn on Firevault. For PC, I recommend VeraCrypt. You can encrypt only certain, secure files, or the entire drive. Best of all, it’s open source so you know they’re honest. This works on Mac & Linux too!

Software:

  • Use a VPN, for all browsing.

VPN stands for Virtual Private Network. Essentially, it re-routes all your internet traffic through secure channels to prevent prying eyes like your ISP, the NSA, etc from seeing your browsing history, downloads, & more. I recommend PIA, & have used them for years. Make sure it’s set to start at launch & automatically connect.

  • Use a password manager.

Your passwords right now probably suck. Have any duplicate passwords, or worse, one that you use for everything? A password manager makes that a thing of the past. You create a master password to lock your account, & the manager stores any & all logins & passwords for you. They can generate 2 factor authentication codes (more on this next!), & generate random passwords. You should use this to create 25+ character random strings for all your accounts, & never remember a new password again. I like 1Password.

  • Use two-factor authentication.

2 factor authentication, also called 2FA, is a security process that goes a long way to protecting your accounts. On whatever service you have 2FA enabled on, entering your password will send a text message or email code to you to enter within a time limit. Or, you can use codes generated by your password manager. That way, even if someone were to get access to your Gmail or Facebook password, they still wouldn’t be able to access the account without your phone.

  • Messaging Apps

This is more of a philosophy segment than specific advice, but think about how much information is readily available about you online. Ever “Facebook Stalk” someone to try & figure out who they are? If that’s public, imagine the sort of information that someone could gather with even more access. Any time you tag yourself as somewhere, post a photo, share a message, that information is readily available to be databased & recalled by anyone who’s looking. 

Of course, the most secure thing to do would be to stop using social media, but I doubt many of you would consider that. I clearly wouldn’t. Just be conscious of what you post.

Text messaging & email however, are skywriting. We like to think of that information as totally secure & private, but it’s barely more secure than publicly posting. You can use services that encrypt your messages, like the excellent Signal messenger, or ProtonMail for email. Both are highly recommended, & another step to keep your data safe.

  • Use HTTPS everywhere.

This browser extension allows you to only connect to websites with an encrypted HTTPS connect, thereby reducing the amount of data you share with them drastically. 

  • Use BoxCryptor to encrypt your Google Drive or Dropbox accounts.

This allows you to upload & share encrypted files, preserving your encryption from your hard drive to the internet.

I know this is a lot, but especially with the new administration coming in, it is best to be protected. There are plenty of ways for you to revise how you interact with the internet. & they will all lead to a better society, much like vaccinating yourself. 

For those of you who do have government documents, President Obama just commuted Chelsea Manning’s sentence, so maybe whistleblowing can have a place in this country.

 - Ian Battaglia


Aurora.

Steam.