Skip navigation

Category Archives: privacy

On The Media discusses discusses the origins of the Patriot Act in the panic of 9-11, and whether or not a continuance of the Patriot Act is really a good thing for the nation in the Bill That Nobody Read.

They also talk with American University law professor Stephen Vladeck about the lack of oversight in government surveillance programs as well as how other surveillance laws such as Executive Order 12333, and Section 702 of FISA will persist no matter what happens to Patriot Act. Check it out in no not beyond the Thunderdome but Surveillance Beyond The Patriot Act.

Brief but informative video on metadata and privacy from Privacy International.

Ricochet is a peer-to-peer instant messaging system that utilizes the Tor network in order to anonymize your communications. Your login is your hidden service address, and contacts connect to you (not an intermediate server) through Tor. The rendezvous system makes it extremely hard for anyone to learn your identity from your address. I downloaded it and checked out the interface and it looks clean, well designed, and easy to use. An other great tool from our local cypherpunks.

The UK snuck language into the Computer Misuse Act that would essentially exempt GCHQ, police, and other intelligence officers (the US by proxy) from legal consequences for hacking into computers and mobile phones. Despite requests from Privacy International the UK government quietly passed the changes as secondary legislation in an other bill. Privacy International notes that the change “grants UK law enforcement new leeway to potentially conduct cyber attacks within the UK.” Certainly there is a degree of CYA going on here on the part of the UK.

A few years ago in an effort to reduce my digital foot print I closed all my Gmail and other mail accounts. I started using a friends email domain for my email until I got my own domain. I’ve yet to invest the time and money to host my own email server, something I’d like to do at some point, but getting off Yahoo and Gmail was a good first step towards controlling my own privacy. In retrospect, I think any one with a passing interest in digital privacy would have to say, “Well played, Google. Well played.” When they introduced GMail in 2005 Google offered what then seemed like a hugeantic amount of storage (1 gig). While the other guys were cracking down on size limits and cluttering up the inbox with fancy themes and ads Google was offering more storage and a stripped down, minimal interface. The choice was clear to me and virtually everyone I knew. We dropped Hotmail like a hot potato and went for Gmail. It even became a point of fashion to have one. Anyone still using Hotmail was looked at with amused disgust. In any case 2005 was a world away from the growing awareness about digital privacy and what exactly corporations do with all our data. Now, Gmail just seems like a honey pot designed to draw us in with massive storage sizes and minimal ads in exchange for Google being able to comb through our email to sell whatever booty they find within it. As Benjamin Mako Hill writes in his blog on his website it doesn’t matter whether or not you yourself use Gmail because most of your friends do. The result of this ubiquity is that no matter how hard you try to avoid it Google still has a lot of your email correspondence. Hill notes that about at third of the email in his inbox is from Gmail users!

Hill writes, “Despite the fact that I spend hundreds of dollars a year and hours of work to host my own email server, Google has about half of my personal email! Last year, Google delivered 57% of the emails in my inbox that I replied to. They have delivered more than a third of all the email I’ve replied to every year since 2006 and more than half since 2010. On the upside, there is some indication that the proportion is going down. So far this year, only 51% of the emails I’ve replied to arrived from Google.”

I imagine my numbers are similar given how many of my contacts use Gmail. The TL;DR of this is that Google realized, much like other social media platforms such as Facebook, Twitter, and LinkedIn, that the more ubiquitous the service the larger your dragnet. Even privacy savvy folks like myself can’t avoid being caught unless we stop using this service which is ultimately impractical. What interests me most about this is how email is still thought as somehow different or less worthy of privacy than postal mail. What if postal mail was still a dominant form of communication and Google operated a competing mail service but was storing copies of all our letters? Even to me that idea seems far more chilling and yet it is the same thing.

Great list of pro-privacy tools”>here.

The Pew recently updated their 2013 study on privacy perceptions post-Snowden. The studys hows that Americans continue to worry about private and state surveillance, and that there’s a great, unfulfilled market demand for privacy protection and services that respect privacy. Read the whole study here.

* 91% of adults in the survey “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies.

* 88% of adults “agree” or “strongly agree” that it would be very difficult to remove inaccurate information about them online.

* 80% of those who use social networking sites say they are concerned about third parties like advertisers or businesses accessing the data they share on these sites.

* 70% of social networking site users say that they are at least somewhat concerned about the government accessing some of the information they share on social networking sites without their knowledge.

* Yet, even as Americans express concern about government access to their data, they feel as though government could do more to regulate what advertisers do with their personal information: 80% of adults “agree” or “strongly agree” that Americans should be concerned about the government’s monitoring of phone calls and internet communications. Just 18% “disagree” or “strongly disagree” with that notion.

* 64% believe the government should do more to regulate advertisers, compared with 34% who think the government should not get more involved.

* Only 36% “agree” or “strongly agree” with the statement: “It is a good thing for society if people believe that someone is keeping an eye on the things that they do online.”

Mozilla took further steps towards digital privacy when announced a five-year partnership to make Yahoo the default US search engine the Firefox browser on mobile and desktop. In December, Yahoo will roll out an enhanced new search function for Firefox users that will also natively support Do Not Track functions. Alternative search options, such as DuckDuckGo, Bing, and Google among others, will also continue to be supported. Its an interesting move for both companies. I’m curious to see how this pans out giving Yahoo’s notoriously withering touch.

Modern technology has given the powerful new abilities to eavesdrop and collect data on innocent people. Surveillance Self-Defense is EFF’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices. Click here to get started!

Ever since 2013, the Electronic Frontier Foundation has been outing email providers that did not encrypt their customers’ email. Providers have increasingly turned to STARTTLS, a simple email encryption extension that encrypts users emails with out a lot of complicated technical steps. You can test if your email service or the service you are sending to uses STARTTLS here. According to the EFF, ISPs in the US and Thailand have been caught sabotaging STARTTLS, interrupting the negotiation between mail-servers to prevent the encryption bit from being turned on, leaving millions of peoples’ email open to snooping by crooks, governments, spies and really anyone who can.

“In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1 By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.”  (Jacob Hoffman-Andrews/EFF)

Read the rest of the article here. This is a perfect example of the silent private-public partnership that creates an environment where surveillance can flourish.