Last month, I attended an event by quintessenz, a Viennese association dedicated to data protection and privacy. The event “Yes we scan” was about ways how to protect yourself from NSA (and their friends) spying on you. In a quite technical talk, Dr. Matzinger, computer science lecturer at FH Burgenland, talked about tracking cookies, VPN tunnels, proxies, encryption and of course TOR. He talked about using three different browsers for work related surfing, private surfing and especially sensible content. He talked about routing all your Internet traffic through a proxy at home so your location cannot be tracked. And of course you should not use social network sites. At all.
Basically, I drew one conclusion from the talk: There is no practical way to protect yourself. All of these measures are fun if you have time and the technical knowledge to deal with it. They are interesting to explore if you are into information security or if it is your job to know all about it. But for the average user, it is just unrealistic to do all that. It is unrealistic until there are tools easy enough for dummy users, who do not want to spend hours figuring out how it works. Similar to the TOR browser bundle, but fast enough for everyday use. This probably is a market gap that someone hopefully fills soon.
Until then, the best way to protect yourself is to think about what you post online, what you put in your dropbox and maybe to spend the time figuring out how to encrypt your email. Or you could just do it like Russia’s federal guard service and just revert to paper communication.
Just a quick note, that Phil Wolff had a nice idea, following the recent NSA scandal.If the NSA has all the info already, why not offer this knowledge as a service? He calls it MyNSA.
I was just reading in Wolfgang Ernst’ book “Das Gesetz des Gedächtnisses” (“The law of memory”), published in the year 2000. It is basically about media and media theory in our digital age. But I found one passage that made me think about the current situation, with revelations that NSA and other governments spying on us. It stated, as one of the consequences of our digital age, that governments are afraid of losing control. And that made me think that maybe the fact that our governments want to spy on us is not just a bad sign. It is not just a sign that we all become more transparent and predictable and that everybody knows much more about each one of us than ever before. It is also a sign that we are becoming freer than before. Never before in the history of the world was it harder for governments to control how information is distributed. Never before was it harder for governments to control who is communicating with whom. No wonder they want to store and analyse everything we say. Because they are losing control! I believe this is also a good sign! We should defend this freedom and fight against any attempts to limit it!
If you failed to get enough information about all the NSA and Snowden stuff, I recommend the following sources:
- Any article by the Guardian
- Wikileaks Twitter account
- A nice summary by the Young Turks
- Even though implementation is mostly unrealistic, here are some measures you can take against government spying
We always assumed that secret services in our todays world could access our online communication if they wanted. ECHELON monitors phone calls for over half a century now, most of our emails are not encrypted and sent through any number of servers worldwide and several reports in recent years suggested that the NSA has significant powers to spy on us. However, the revelation in recent days of a vast data collection program by the NSA, that gives them unlimited access to basically all communication online, without any court order, is shocking nonetheless. Under the program called PRISM, major internet companies grant the NSA a direct interface to all user data, including emails, calls, chats, file transfers and video (and rumoured: credit card data). Companies in the program include Microsoft, Google, Yahoo, Facebook, YouTube, Skype and Apple. No court order or special request is required. And this is heavily used: Over 2.000 PRISM-based reports are generated every month.
In a first reaction after the publication of the programs existence, the White House stressed that this program is “just” targeted against non-US citizens and that no US citizens are surveilled. This is certainly not reassuring for all of us living outside the US since most of todays internet companies are based in the US. By the way, Dropbox is supposed to be added soon. So you might want to reassess your cloud storage strategy and at least add encryption to Dropbox or use providers such as SpiderOak.
In combination with major NSA efforts to operate and build data centers to automatically analyze data, this development is troublesome and should change everyones lax attitude towards online communication.
It seems like the NSAs UK counterpart GCHQ has access too!
TechCrunch has an interesting article suggesting that PRISM might not be as big as everybody feared.
According to a report by Bloomberg published today (in German on n24), Facebook is working on a new version of its mobile app, which will incorporate many more location-based features than before. Specifically, it will notify you if any of your friends are close-by. This is not a new concept, which for example has been out there in the form of the Highlight app or Google Latitude. However, these location-tracking apps do not have a wide user base due to privacy concerns and their battery-draining performance. Facebook adding such a feature is a big deal, considering their user base of one Billion people. Similar to Highlight and Latitude, the app would track the location of users in the background, even if the app is closed. Fortunately, Apple’s design guidelines require developers to get the explicit OK from users to track their location. However, many users might not be aware that once they turn tracking on, they are tracked all the time. For me as a user, this will be a great feature and I will use it. Often I think that it is absurd how many people we know in our city and how few we meet by chance. This could be a great social tool and with a large user base it could actually work. It is just important to be aware what is happening in the background and to turn it off if you really do not want to be tracked.
A recent Reuters story about an interview with Facebook’s Chief Security Officer Joe Sullivan revealed that Facebook is scanning user profiles for criminal behavior, focusing on sexual predators. By comparing several parameters like friend status, age, mutual friends and relationship between users, a monitoring software determines how likely it is that a Facebook user is a sexual predator. If there is a positive match, a Facebook employee gets a warning and checks the information manually. If the monitoring result seems likely, the police is informed. This actually led to the arrest of a thirty-something man who talked with a 13 year old girl on Facebook about sex and planned to meet her the next day. Because of the fast reaction of Facebook this man was arrested before anything else could happen.
This raises the obvious question if it is ok for Facebook to scan our data. No one knows if the age of a Facebook user is correct. Maybe the girl was actually a 60 year old, fat man … On the other hand finding criminals before they do any (more) harm cannot be a bad thing either.
I, for one, do not want to think if what I write might look criminally relevant to somebody before I post something on Facebook! I hope as much is done to educate 13 year olds on not doing something stupid as to monitor if they do.
Twitter recently released their first transparency report, outlining how often in the first half of 2012 government or copyright holders requested Twitter account information and how often this information was produced. The majority of information requests (679) came from the United States but also a significant number came from Japan (98). US requests were followed in 75% of the cases while in Japans case only 20% of the requests were fulfilled. Interestingly, only 3 requests to remove a Twitter account by court orders were received (Greece and Turkey) but none of them was followed!
In total, Twitter received in the first half of 2012 as many requests as in all of 2011, which is a much bigger increase than overall Twitter growth (which was at about 20% in the US).
All in all, these numbers do not surprise me that much, taking all of the 140 million active users into account. And it is reassuring that Twitter does not seem eager to give out user data (Twitter already took a stand for an Occupy Wall Street protester at the beginning of this year).
Twitters transparency report is a perfect example on how to build users trust: by making the companies actions transparent. They should be a glowing example for other web companies who basically store all the information of our lives online.
If you are interested in what Facebook sends if they get a subpoena for a user, you can see an example online (it’s 62 pages of Facebook data …).
This story reminds us that we should think before we post something on Facebook. An Australian 17 year old posted a picture of a pile of cash to Facebook after helping her grandmother to count her money. Just hours afterwards, two robbers with masks, a knife and a club turned up at the house of the girl. Luckily, neither the girl nor the cash was there anymore and nobody got hurt. They just took a “small amount of cash” and left. This incident caused the local police to issue a warning about being cautious when posting something to social media.
The only real possibility how this could have happened is that this girl has some really shady people in her friends list. Not only is it your responsibility to choose what to post online but also whom you be-friend. This shows that not only criminals can be caught by the fotos they post online but criminals can get a good idea of whom to rob next.
Yes, there are still some people out there who refuse to join Facebook. And they refuse for good reasons, such as their personal privacy. However, it seems like Facebook has grown so big already, that staying off of it won’t protect your privacy as much as you think. According to a recent publication at the University of Heidelberg / Germany, it is possible to determine with an accuracy of at least 85% (!) if two people know each other, even if both are not on Facebook! Using machine learning methods, which analyze common friends of members as well as email contacts, scientists could deduct common friends of non-members and guess if two non-members know each other. And this does not even factor in such questionable practices as uploading cellphone contacts to social networks!
This is a quite significant finding, which shows that social networks like Facebook have become so ubiquitous that they have significant information about us, even if we never agreed to that. In many cases we cannot decide anymore what happens with our data, our “friends” or social networks decide for us!
Last October an Occupy Wall Street protester was arrested for “disorderly conduct” in New York City. As part of his prosecution Twitter received a court order, requiring it to hand over 3 months of Twitter data to the court. The prosecutors obviously hoped that he sent some infringing direct messages since usual Twitter messages are public anyway. It wouldn’t have surprised anyone if Twitter would have handed over the data without complaining. However, recently the company refused! And not only that, the amazing part is that they did this because they state that the data belongs to their users! Thus, the court has to ask the user to hand over the data (who is not very willing either). This is an astounding development, given that generally Internet companies make their privacy policies stricter so they can do whatever they want with their users data.