Take Back Your Privacy: Part 1
10 Nov 2018
Every day, it seems, we're reminded about the worrying state of online privacy and security. Across the United States, the United Kingdom, the rest of Europe and beyond, look to the newspaper's Tech pages and there's doubtless another data breach, another millionaire past or present company founder in Silicon Valley being questioned by a news channel, the public or the US Congress about 'mistakes' being made and promises being broken, leaving billions of customers' trust hanging by threads.
You could say the concern for many arose or was exacerbated in the wake of Edward Snowden's NSA leaks – topped off by the Director of US National Intelligence, James Clapper, baldly lying to Congress when asked whether the NSA ever spied on hundreds of millions of US citizens. There's no two ways about it: he lied – lied to Congress under oath. And yes, that's perjury. But don't worry. If you weren't around for that fiasco, there's no rest for the wicked. Drama after drama has been filling the pages of newspapers for years, and has culminated in the likes of Facebook's recent Cambridge Analytica data scandal. Maybe we'll save that one for another day…
It's like the lesson is never learnt; the people in these positions of power never learn that that which threatens one of the most fundamental human rights – privacy – will inevitably be sniffed out, revealed to the public and brought to account.
If there's one positive to all of this, it must be that privacy is now being newly discovered in light of such injustice, and has found the voice of an increasingly informed (and affected) number of everyday people around the world. And I'm one of these people, become newly – and acutely – aware of a principle essential to democracy and happiness, for too long being attacked from all sides in this ever-accelerating technological age that's both exciting and worrying.
But let's count our blessings when we consider the one constant, which is this: for every government agency and social media company out there using today's technology to track our movements and form profiles, we have that same technology: such as strong encryption which we can use to defend our privacy.
So let's get down to it. In this three-part post I'll be delving into some of the tools that every privacy-conscious netizen needs to know about – the essentials. In Part 1, we'll be looking at a private alternative to Google search, and two of the champion open-source browsers: Firefox and Tor Browser. In Part 2, I'll be discussing a handful of the best browser add-ons. Finally, in Part 3, we'll wrap up with two of the best email providers, and my VPN of choice.
But before we go into these tools, every individual needs to think about what their personal risk profile is. What line of work are they in, what do they want to share, and what would they prefer to keep to themselves? The answer to these questions are and always will be different for everyone. Whether you're a journalist leaking sensitive documents and covering potentially volatile issues, needing a secure channel of communication with colleagues, or you're just a parent concerned about who might be able to see your family photos on Facebook – we all have things we want to remain private. And if you think none of this applies to you, think again:
Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. —Edward Snowden
These tools are made for anyone and everyone who values their privacy. Use them. Learn more about them. Share them. And most importantly, know them for the essential solutions they are for so many less fortunate people around the world seeking to defend themselves against the restless, prying eyes of corporation and state.
I'm going to bet that the first thing that comes to your mind when you think about online privacy is search engines. But then what? Well, most people will automatically think of Google. Here's the problem. Despite being able to return countless millions of relevant search results at breakneck speeds, they'll often be devoid of the one thing every search engine should uphold: neutrality. Google – and other search engines with the same business model – place the user in what's called a filter bubble: a search environment in which the results will depend on a personal profile that has been built up over time. And that's the catch. Most modern search engines will track users' searches – search terms as well as personally identifiable network information – in order to provide 'better' results. Really, this is Google's way of pushing you all the more quickly towards its lifeblood: advertisers. Anyone who values their privacy needs to carefully consider the trade-off which is at play here.
This is where our first great privacy tool is different. With DuckDuckGo, there is no trade-off. This is a company that prides itself on protecting users' privacy and has for years boasted an alternative search engine and philosophy – one which should be recognised as the gold standard. No wonder then that it's the default search engine in Tor Browser.
Much like the search engine situation, it's hard not to immediately think of Google Chrome when we're thinking of browsers, but again, there are a list of reasons you don't want to go near Chrome if you value your privacy. And before you protest that Chrome's okay, it even has a private 'Incognito' mode, just know that this mode does nothing to hide your IP address or browsing history.
Remember, Google's company mission is literally "to organise the world's information and make it universally accessible". Interpret that as you will. It shouldn't take long to realise that they'll stop at nothing to learn more about you, using any information they legally can to sell to any third party looking to buy.
Mozilla's Firefox, however, has built a reputation over the years for being not only an open-source browser, but one that is dedicated to protecting user privacy and security; standing up for the free internet and the values that come with it. It also claims to be 30% "lighter" than Chrome and use less memory storage. But, again, where Firefox really stands out is in its privacy options – blocking online trackers (we'll learn more about those soon) and retaining no browsing history. Firefox offers both the regular full Firefox Quantum browser, and a minimalist mobile alternative for the privacy-conscious: Firefox Focus.
If there are two recent events that illustrate Firefox's dedication to promoting user privacy and security, it has to be the announcement of their new partnership with ProtonVPN (a tool we'll learn more about in Part 3), as well as pledging to match all donations to the Tor Project. Speaking of which…
Ever heard of Tor? If the answer's yes, what's the first thing that springs to mind? Criminals? The spooky Dark Web and all things taboo? Well, there's a lot more to Tor than the average person realises. And this is the main challenge it faces – its current reputation amongst those who know no better. Understandably, it's associated with the dark side (or layer) of the Internet. But first and foremost, Tor is a force for good.
Onion routing was born in the US Navy in the 1950s and was an important networking tool used primarily for the purpose of protecting government communications. But it's come a long way since then, and the irony reveals itself when we consider current governments' frustration with its modern, civilian adoption.
So this is how Tor works (the simple version)… You pick up your smart phone or laptop and you open up the Tor Browser. Tor will establish a connection with a network made up of usually five 'nodes' (other computers or servers). The first node is you, and the last is the place you want to go, i.e. the website you want to visit.
Now, usually, if you want to visit a website, you can't simply connect directly to it from your device. First, data must travel from your device to your Internet Service Provider's server. Your ISP will then forward you on to the desired website. This creates the first and main problem. Put simply – and this is especially prevalent in the UK – your ISP has access to much more of your online activity than you'd like to think. A lot of people don't like this. Including me. I really don't like this. And if you value your privacy, neither should you. So what's the solution?
Tor does away with your ISP's server entirely and sets you up with three random servers between yourself and the website you want to visit. The first of these wonderful little helpers is called the Guard Relay – your first port of call. The second is the Middle Relay. The third and last server is called the Exit Node. And this is where you get to learn where Tor gets its name from! Tor stands for The onion router. What's with the weird name? Read on…
When you send data over the Tor network, it's encrypted with three layers of encryption. Let's use your username and password for that desired website as an example. Your username and password are typed in and sent from your home device to the Guard Relay, which could be anywhere in the world. The only layer of encryption the Guard Relay can decrypt – or unwrap – is the first layer. Once this is done, it sends your username and password with its two remaining layers to the Middle Relay. The pattern continues: the only layer the Middle Relay can decrypt is the second layer. Thanks, says Middle Relay, I'll take it from here. Middle Relay gets to work unwrapping the second layer. All done and sent on to the Exit Node. Now things get a little more serious. The Exit Node is the last step in the Tor network, so it's going to send your username and password on to the desired website once it's unwrapped the final layer of encryption – so at this point your details will be out in the open. This is why you should NEVER communicate sensitive information over the Tor network if your final destination – i.e., the desired website – isn't encrypted using HTTPS (always look for the little green padlock!)
So you can see that to get from A to B anonymously, your data is wrapped like an onion in multiple layers of encryption. Luckily for us, these layers are a hell of a lot tougher to pull away than the actual layers of an onion! The end result is that the website is receiving your data from a random server which can't be tied back to you.
Tor has become a lifeline for people from all walks of life. Journalists, IT professionals, law enforcement, activists, whistleblowers, business executives, politicians, the military and the blogger next door. The one thing all these users have in common is something that they want communicated privately and anonymously. Not so much to ask, is it? In some cases it is. But the point is it shouldn't be. Tor helps millions of people preserve a standard of privacy that can only be realised with a free and open Internet. And the best part? The more people who use and contribute to Tor, the better it becomes, due to increased numbers of those helpful servers – wherever they are in the world. Strength in numbers!