in post

Resisting the normalization of surveillance by demonstrating that we care

In the coming weeks the UK will pass the most stringent and far reaching surveillance law in any western nation.  In the US, millions of people are alarmed about the possible implications of electing to the highest office a demagogic xenophobe with a muddled right wing agenda. Other countries too have been tightening up their surveillance laws, using the danger of terrorism as excuse.  In response to this massive assault on our privacy, it is our duty to resist surveillance, either through political means, or by demonstrating as individuals that we care about our privacy and will do all that we can to protect it. In fact, we will deliberately make life difficult for security and law enforcement agencies to collect information on us.

Personal computer and phone security is a very complex field.  To lock down these systems requires both diligence and extensive technical knowledge.  But if our point is merely to put up a few hurdles to impede the course of mass surveillance, there are some very simple methods that ordinary computer and phone users, with minimal technical literacy, can adopt.

Several countries' surveillance laws call for the long-term retention of records on the browsing habits of all users, regardless of whether they are under any suspicion.  Savvy privacy-conscious users like to purchase VPN services or implement relay-proxy services like Tor browser. Such services hide browsing habits from an ISP, anyone else who may be watching, or whoever may wish at a later date to obtain access to browing data.  No VPN service or even Tor can guarantee complete privacy, but they certainly make snooping more difficult.  Update, March 2017: In the flurry of articles and posts following new US legislation on privacy laws, it has been pointed out that a VPN itself may function like an ISP, and the business model of some VPN companies may be based on the sale of browsing data in a similar way to a classic ISP.

Implementing and using a VPN can be expensive or tricky to configure, however, the latest versions of Opera Browser come with a VPN service built-in (though not automatically activated). Turning it on involves a simple change in the settings.  In my experience, it's quite fine to use Opera's VPN all the time. It does not slow down ordinary web browsing, as does Tor (and even Tor is bearable).

Occasionally a site may also express surprise about one's location, but does not normally bar one from entering it. Opera, built upon the same backbone as Google Chrome,  has some other nice features: an ad-blocker, easy cookie control, a news reader, and support for many browser extensions. Using Opera's cookie controls, it is possible to leave cookies only for often used sign-in services and open all other links in private windows. In a private window, cookies are saved only for the browser session. Cookies are of value to users only when we need to log in to a service or preserve site customizations. Their other uses are simply to track us, usually for advertising.

Our email systems are under assault both by governments and by criminals. Our defense, besides use of methods like 2-factor authentication, is strong encryption. Most modern email systems encrypt mail while it is in passage, however they may retain the mail on their servers. Those who are most concerned about their security use systems like GPG,  whereby only the intended recipient can actually read the mail.  Such security is difficult to set up.  However, new services are beginning to find ways to make this easier.  One of these is Protonmail.  Accounts there are free up to 500 MB.   The mail servers are in Switzerland and the company itself is not able to decrypt the mail that it stores.

Privacy on phones is no less important than on computers.  They contain information about where we have been, who we communicate with, and the contents of our communications.  Many governments require phone services to retain metadata (which numbers we have dialed or received calls from, location data, etc.) over the long term. The phone companies or call and message providers can be required by secret courts to hand over their data.  In 2016 the government struggled to force Apple to open an iphone belonging to a terrorist.  The struggle was unsuccessful because Apple had removed its own ability to unlock the phone.  However data stored either by Apple or by various messaging companies is often obtainable by court order.  In the case of Whatsapp, only metadata is available, but this in itself is extremely valuable to law enforcement agencies. One alternative to mainstream messages services is ultra-secure.  This is Signal - available on both IOS and Android.  The service provides both voice and text service. Its popularity has boomed following the Trump election.

If we are truly concerned about our security and privacy there is much more that we can do, such as encrypting hard drives, creating strong and unique passwords for each online service, and being careful about many aspects of using computers, cellphones and social media.  It isn't my purpose in this post to cover the entire complex field of security, which is anyway something of an arms race. There are many resources to consult on the web, and I'm certainly not the expert.

My purpose is rather to point out a few easy ways in which to demonstrate to governments who wantonly pass and enforce ever more stringent surveillance laws that we as ordinary citizens care about our privacy and will intentionally make life harder for agencies that attempt to spy on us.