May 222020
 

Maybe you don’t care whether or not your movements on the Internet are being watched because you’re “not doing anything wrong”. If so, I won’t pick a quarrel with you. After all, why should you draw your curtains at night? Haven’t they seen a naked man/woman before?

Or maybe you will agree that the idea of being watched while sitting on the toilet is disagreeable, but if that is what it takes to put a few drug dealers behind bars, it’s an idea you can live with, even though you realise that if there’s one thing drug barons can do better than just about anybody else except other big-time criminals, it’s to protect their privacy. After all, they can buy all the expertise they need.

So, no, I won’t argue with you. You will hear more than you can bear about privacy in months to come. Covid has unleashed an army of young talented developers who are now all clicking away at their keyboards to satisfy governments’ and industry’s vast demand for ways and means to monitor our actions and influence our attitudes. If that’s fine with you, I repeat, I won’t argue… except to remind you of one thing:

There are investigative journalists out there, sticking their necks out to dig up the dirt we need to know about so that we don’t go off and elect the likes of Trump and Bolsonaro again and again and again. There are tens of thousands of human rights activists and their lawyers and honest judges who risk being stuffed into jails without trials or killed for defending their co-citizens. These people’s privacy must be protected at all cost! How can we help? By defending our own privacy so that their defended privacy doesn’t stick out like a row of sore thumbs.

I’m so very far from being an expert in this field that I would urge you to leave this page at once to go and read somebody else’s advice. But I haven’t found any comprehensive self-help guidance to direct you to. The Privacy Rights Clearing House, for instance, provides very sound insight at the general level, but the bottom line there, as I understand it, is that we should all stay away from the Internet in any way, shape, or form.

True, you can find valuable practical snippets on sites like this one from Kaspersky, but bear in mind that here Kaspersky is also trying to sell us its own products.

So I will do my best to indicate how we can protect our privacy from various kinds of intrusion. Of course, if you run a business, you should probably invest in professional services not only to protect your data but also to minimise your vulnerability to malware.

Your device’s location gets shared

The good news is that your device’s GPS is not telling anybody where you are.

The bad news is that the apps that have access to your GPS might do just that. And commercial use is made of the information.

So you should disable location access for the apps on your phone, and you should disable location storage in your Google or Apple account. PCMag outlines how to do so.

You should consider whether you absolutely need to use Facebook, and if you really do, you ‘d better hone your privacy settings there. Kaspersky tells you how.

Websites you visit share more information about you

You prevent this if you use a VPN service.

Doing so not only hides your IP address; it encrypts the re-routing of your internet traffic. So whatever information the websites or ISPs have stored will be illegible to them.

There are many free VPN services, and even more websites that compare them. Take a look.

“Free” always comes at a cost:

  • You don’t want “speed throttling”.
  • You want a large data allowance.
  • You want to cover all the devices you use.
  • For normal privacy protection, you don’t need access to many countries.

So as not to excceed my data allowance, I try to remember to turn off VPN when video streaming (legally).

Another advantage of VPN is that it also protects you against hackers when you are away from home. But if you yourself are engaged in serious criminal activity, the web service can hand over your identity to law-enforcement.

Many repressive regimes consider political opposition “terrorism” and some unnamed countries penalise whistle blowing. If you are from or living in such a country you might opt for a VPN service in a country that is not likely to pander to, for instance, the Saudi or Israeli governments.

You do not need to use a VPN to block cookies and adverts. There are other ways of doing that. Some browsers do so and there are plugins or “extensions”, such as Ghostery.

Your browser

If you use VPN, your browser isn’t a big issue. But if you turn off VPN …

I would not use Chrome or Safari, and Opera has been sold to a Chinese group.

On Android devices I currently recommend Brave. For computers, consult e.g. Wired or Digital Trends. If you use Firefox, you should at least learn how to fine-tune the browser’s security and privacy settings.

Messaging

WhatsApp is owned by Facebook and its main source of income is based on users’ contact lists. I put to you that Facebook’s track record is less than respectable. Signal is widely recommended. and is pretty impressive in terms of privacy.

Contacts, calendarsand email are our weekest point!

If you, like me, let Google or Apple manage your contacts and calendar, not to mention your email, you really have a problem. We have a problem. Or rather, our contacts have a problem. A lot of other apps on our phones will have access to the contacts, not least Facebook. Yes, Google and Apple enccrypt our email, but not end-to-end.

Oh dear, oh dear.

There is no way I am going to take my contacts and calendar back to a paper notebook. The blessing of having all my devices synchronised cannot be exaggerated. But what if I regularly meet with political refugees from, say, Saudi Arabia or with Russian political activists opposed to Putin… Yes, what then? If the Saudi or Russian authorities are seriously tracking them, my writing in my calendar that I’ll be having lunch with them at so and so time/place and their phone numbers in my contact list may endanger them.

How do I know what Google hands over to state prosecutors who may or may not be hounding people from minority groups and other disadvantaged areas?

What I need is an email service (and local client) that provides end-to-end encryption and that also stores and synchronises a contact list and a calendar.

I googled “privacy alternative to gmail and contacts” (without the quotes). You’d be surprised by the number of hits. Three of the top five, including two from VPN service providers (and they should know) all coincided pretty well in their conclusions. (NordVPN, RestorePrivacy and PureVPN).

As far as I can judge, only one of the email clients they recommend also provides a contact list and calendar: Tutanota. Now, I don’t much like the name, but I do like the look of it. The hitch is, of course, that all email sent from this email service gets encrypted. So you won’t want to use it to ask your dentist for an appointment. But you could use it to communicate with Saudi refugees and with good friends, not to mention if one of them is a married colleague with whom you are having an affair. You would, in other words, leave your dentist’s number on your visible contact list and move your shrink to your private list, using only Signal to communicate with him/her.

So this is as far as I get without using PGP, which many email clients do allow, but which is a little too cumbersome for most of us – and it still leaves us with an unprotected contact list and calender.

The last word has not yet been written, never will be. But for the moment, if you really make an effort, you can still communicate pretty safely online.