[For the purposes of getting this out as quickly as possible, I’ll assume you’re all using Google Chrome as your default browser. If not, you can download it easily by googling Chrome. Good luck.]
[EDIT: If anyone has suggestions or corrections, or anything that might make this guide more comprehensive, your input would be more than appreciated. Thanks, Rob]
Alright, so as you all know the new metadata retention laws have passed the senate, so it’s in all our best interests as members of a democratic society who value our freedom of speech to find out how we can communicate privately and without the intrusion of government/corporate surveillance.
To that end, I’m compiling the following short guide to online privacy, which will be by no means comprehensive but rather a starting point for interested parties.
Whether we are involved in criminal or illegal activity or not, we still have a basic right to privacy as human beings, and we must exercise that right if we wish to keep it.
So, where do we start?
VIRTUAL PRIVATE NETWORKS
A VPN, or Virtual Private Network, is a group of computers connected over a public network. A VPN extends a private network across a public network, such as the internet.
A VPN service basically provides a secure connection to another location. A good VPN service can’t be intercepted due to the technologies involved, and there are several options for no logs, no info VPN’s.
The above options all provide no logging/tracking, and will actively try to stop law enforcement from trying to get any logs (which don’t exist). Most VPN providers have a downloadable client which is quite easy to use. Just log in, select where in the world you wish to appear from, and then you’ll have pretty good quality un-monitored internet.
The other main benefit is that you appear from a random pool of IP addresses that are not related to your ISP when you visit websites, making it harder to track who you are.
[Many thanks to James Harris for the above information]
BROWSER OPTIONS & EXTENSIONS
There are a few very easy steps to securing your browsing that can be done in-browser, along with some extensions and apps that do the legwork for you.
Firstly we’ll go over a few simple mouse-click changes you can perform in the settings tab in Chrome, which you can find by clicking the three horizontal bars in the top-right corner of your browser.
If your Google account is connected with chrome your data will automatically synchronise and update to google’s servers. Considering Google’s involvement with the NSA it’s wise to disable this feature.
You can do so by selecting “Disconnect your Google Account” under the “Sign In” heading.
If instead you see a box that says “Sign in to Chrome”, you’re not synchronised and have one less thing to worry about.
The next thing you’ll want to do is scroll down to the bottom of the Settings page and click “Show advanced settings…”
The first heading that appears should be “Privacy”. While you’re here, click “Clear browsing data”, check all the boxes and choose “Obliterate the following items from: the beginning of time”.
You’ll have to reinput any passwords and form data after performing this action.
Underneath this heading there is a list of check-boxes. You’ll want to uncheck the second box, “Use a protection service to help…”, and the third box “Predict network actions…”
The last item on the list you’ll want to check, “Send a “Do Not Track” request with your browsing traffic.”
Click on “Content settings”, and under “Cookies”, check the box that says “Block third-party cookies and site data”.
Scroll down to “Plug-ins”, and under this heading choose “Do not run plugins by default”.
The next important heading is “Location”, here you’ll want to select “Do not allow any site to track your physical location”
Under “Notifications”, choose “Ask when a site wants to show desktop notifications.”
Under “Automatic downloads”, select “Do not allow any site to download multiple files automatically.”
Once you’ve done the above, click “Done” to save your changes.
Now, on to the extensions.
HTTPS Everywhere is an extension that automatically shunts your connection from a non-secure http format to a secure https connection wherever possible. You can find it here.
Ghostery allows you to disable trackers from many companies such as Facebook, Google and Apple, just remember to opt out of their option to send data to their servers, which you should be asked to do during setup. You can find it here.
ScriptSafe allows you to choose which active scripts you trust and enable or disable them on the fly, get it here.
CryptoCat is probably the most useful active app we’ll use, as it allows encrypted chat over Facebook and other IM services. To use it with Facebook, install the app and open it from the apps tab in your Chrome bookmarks toolbar, it should be on the far left, then choose the “Facebook” tab.
Remember that in order for the chats to be encrypted, both parties need to be using encrypted chat. If only one of you has CryptoCat/Adium/another service installed, the chats will not be secure.
This Facebook connectivity will expire on April 15th, so this is only going to be usable for two weeks-ish from now. The non-Facebook aspect of the app should be fine to use after that date however so it’s still worth getting.
OTHER GENERAL ADVICE & HELPFUL LINKS
While these services and tweaks will go some way to anonymising your activity online, they are not magic bullets. If you are discussing anything private, don’t do it online, and if you have to do it by phone, use Wickr, an app which automatically destroys your comms after they’ve been sent. You can get that from the AppStore/GooglePlay.
A better option than using Google Chrome is to use the Tor Browser. You can find the browser and comprehensive info on how to use it and set it up here.
Remember to regularly check your privacy settings on social media sites, and uncheck all data collection, whether it’s search history, cookies, autofill, anything at all that requires data to be save. It may be less convenient when you have to type a full word into the searchbar, but it’s a small price to pay for privacy. By doing this, you’re also lessening advertisers abilities to target you based on your browsing habits.
If you want real privacy the only way to get it now is to meet face to face somewhere isolated and soundproof, and to disable all electronic devices by removing their power sources. Even that isn’t necessarily foolproof.
What the above changes will accomplish is to make your metadata harder to collect and store. You should consider changing your internet service provider to a company that upholds good privacy standards, for example iiNet.
Don’t trust providers, buy your devices directly from the manufacturer when you upgrade and remember to disable any location trackers and cookie storage etc upon purchase.
If you have extremely sensitive information, use an “air gapped” machine, i.e. a computer that has no network capability and has never been connected to the web, or even better, don’t digitise it.
All of that said, none of us have too much to worry about.
These actions are statements indicating that we are recognising and exercising our basic human rights, and that we include the right to online privacy under that heading.
READER ADVICE AND COMMENTS
[This section will be interactive, it will be updated as new information is received. If you want your suggestions taken down, please notify me by private message or via the comments section. Again, thankyou all for your input, it truly is invaluable.]
Peter Gibson suggests that we don’t use the TOR browser on our computer systems. Instead, he recommends Tails. This is a Linux distribution using TOR that runs from a disk, and ensures that there are no leaks or tracking from your computer. Also, nothing (backdoors, trojans, etc) can be saved or installed on the disk. For extra security, he recommends using a VPN with Tails. He says that if your computer is forensically analysed at a later stage, there will be nothing to show. You could also use Tails at an Internet cafe, but Peter warns to be aware of security cameras. He suggests to make sure you’re using the latest version of Tails, as it is continually being upgraded to cover new risks to online privacy.
David and Joseph Thomas recommend that we use Firefox instead of Google Chrome, David says it has an easy opt out feature for data collection. Joseph recommends using IxQuick for your searches, an engine that claims to be the ‘worlds most private’ search engine.
Johnnydadda has indicated that he believes that computers built pre-2008 are unlikely to have backdoors built into their hardware. That said, as we cannot review every machine and determine whether there are backdoors present or not, it’s best to do your own research on this if you’re planning to purchase an older machine for privacy purposes.
Network settings -> Connections -> Internet Protocol (TCP/IP) -> Properties.
Change preferred and alternate DNS.
IP addresses for OpenDNS name server.
An Open Letter Against Data Retention: An old post of mine written before the legislation passed, updated to reflect the current situation. Send it to your MP’s, and edit/chop/change as you see fit.
Electronic Frontiers Australia, a national resource on privacy rights and opportunities for activism.
Surveillance-Self Defense, a comprehensive guide to online privacy from the Electronic Frontier Foundation
PRISM Break, opt out of programs like XKEYSCORE, PRISM and TEMPORA
Privacy.net, up to date information on internet privacy
Privacy International, an organization that investigates and provides information on global surveillance and methods to protect your privacy
PGPi, information and downloads related to PGP encryption
Electronic Frontier Foundation, an organization dedicated to upholding users rights on the web, lots of in depth information about current events and news related to online privacy
Privacyrights.org, another organization dedicated to upholding users rights to privacy online
TheGuardian NSA Files, information on dragnet surveillance and Snowden’s leaks
TheGuardian Online Privacy, aggregate news stories related to the topic of online privacy from around the world, often features useful guides to protecting your privacy
This article was originally posted on the author’s blog, which you can find here.