Most recently, we have the dismantling of privacy rules that protect our information from being wantonly sold off by our ISPs, even more in depth searching at US borders, large scale sweeping up of people and associated electronic devices at occurrences of civil unrest, and the looming spectre of net neutrality coming to an abrupt end by removing their classification as common carriers. In short, everyone is spying on my everything and, unfortunately, all of this seems to be trending in a bad direction over time.
Worse, a large number of people respond to this by saying that they have “nothing to hide”, while engaging in daily practices that refute this like blinds on their windows, passwords kept from the public and, maintenance of various other “private” data and situations. So, what’s a reasonably technical guy to do?
How do you protect your data?
There are a number of ways that you can attempt to solve this issue. Very often, the first solution that you’ll hear bandied about is “encryption”, which can mean a number of different things in a number of different situations. There are a few distinct angles from which to look at the issue, and they are not mutually exclusive.
Add encryption, but where?
When encryption is mentioned, there are a few states of encrypting data:
- Data at rest refers to data stored on some sort of medium. This would be the data stored on your laptop, cloud storage, USB drives, and so on.
- Data in motion means data that is being transmitted from one place to another, meaning when it is transferred over a transport medium, whatever this might be.
- Data in use covers data as it is being used by an application of some kind, i.e, an office-type tool, the operating system, a cloud service, etc.
When encryption is discussed, it needs to be appropriate and applicable to the type of data use that you are referring to.
Defense in Depth
Defense in depth is a common tenet of the security industry, and refers to overlapping layers of security, usually visualized as the layers of an onion. Each layer is a different layer of protection, with data typically represented at the very core. The idea of defense in depth is that the multiple overlapping layers all help to preserve security, and that the failure of any given layer will not result in a complete lapse of security since the other layers are still in place.
With these concepts in mind, let’s discuss a stack to help protect your personal privacy in a world of people trying to tear it down.
A Solution to Protect Your Data
Let’s look at this from the defense in depth and data-centric positions. Everyone strap in, as we’re about to quickly cover a lot of ground at a high level.
There are only a couple things you can do to protect data specifically; I’ll keep touching on this as we go along.
1. Encrypt all the things!
Anywhere that data is stored, it should be encrypted. This basically means that you should encrypt any storage media that you have control over, and you should try to control any of them that you feasibly can.
Specifically, you need to use strong encryption and you need to be in control of the keys. Using a cloud service provider to do encryption for you doesn’t really count here, even in the case where you control the keys. There have been several scenarios where such providers have been legally compelled to exploit flaws in their implementation to access data where they shouldn’t have been able to.
Ultimately, the method of encryption for stored data will depend on the device in question. In many cases, you need to worry about phones, laptops, and individual storage media (largely USBs). VeraCrypt, a project that replaced TrueCrypt when it died, is a great product for computer disk encryption.
Outside of the few outliers, phones are generally stuck with the encryption options they ship with, short of jailbreaking. You will want to ensure that this is enabled (Here’s how to encrypt an iPhone or an Android device).
2. Store Data in Places with Stringent Security Laws
You also need to think about where exactly your data is stored. Storing data inside of the US, or any of the other “Five Eyes” countries, may not be the best option. These countries have very extensive agreements on intelligence data sharing with each other, and some of the worst laws and regulations for safeguarding personal data.
Currently, Switzerland and Iceland are a few of the safer places to store data, but be sure to do your research as this is in a relatively consistent state of flux. Currently, neither of these countries are part of the EU, and both have stringent laws regarding data privacy.
From a browser perspective, you need to be careful which browsers to choose for privacy and security reasons. I tend to stick to the major browsers, both from a supportability/compatibility perspective, and from the standpoint of having some idea of what the browser manufacturers are up to, good or bad. This can limit you to variations of Internet Explorer, Chrome, and Firefox.
The other big consideration here is available browser plugins. This is a big thing that narrows your choices down quickly. IE has garbage plugin support. Chrome, while it has better support than IE, is still missing some key plugins. This really leaves you with Firefox. On top of good plugin support, Firefox also has a number of settings to tune its privacy features.
In Firefox, NoScript and PrivacyBadger are good plugins to use for both privacy and security. In addition to these, Panopticlick from EFF lets you test out your browser privacy settings, and makes sure you’re not leaking anything that you didn’t know about.
A note about browser plugins: You need to be very careful when choosing them, as some of the supposed security and privacy plugins are actually selling personal information that has been harvested from its users.
With email, you have a few things to worry about. While I don’t encrypt the text of my email as a matter of course, I do like to have the capability to do so, if needed. I also need to know that my email is stored in an encrypted fashion on disk.
As discussed above, you need to be sure that this data is stored in a reasonably safe location, from a legal perspective. Really, you have two choices here: run your own mail server, or choose a hosting company that provides all of these services. Ultimately, either of these options will cost money.
ProtonMail is a good choice for many. Yes, you can spin up your own service, and make a fairly safe and secure go of it, but running your own infrastructure is a ton of work.
ProtonMail is encrypted at rest, in transit, and at use. It has a reasonable set of nice features, such as no logging and encrypted message support, and the service is open source and hosted out of Switzerland. The folks that run ProtonMail are also launching a beta VPN product, a topic which we will come back to shortly.
Standard messaging applications—whether instant messenger, texting, or video calls—are full of potential security holes, and they are largely owned by a relatively small set of companies. Some of them—SMS texting, I’m talking to you—are so wildly insecure, it’s embarrassing. Additionally, a few of these “free” hosted services are actually mining your messaging content in order to better target ads at you. Okay if you like that sort of thing, but not great for those concerned with privacy.
Fortunately, there is a reasonable solution in the Signal product by Open Whisper Systems. Signal provides end-to-end encryption for voice, chat, and video traffic, as well as encryption on the local device, and enables self destructing messages.
Choice of operating system is another major sticking point. As with browsers, there are really only a few major choices, without straying into the realms of the weird. You need a standard set of tools to carry out common tasks, although more and more of them are trending toward online tools.
Ultimately, you need to be able to use a reasonable set of software tools, and be able to talk to the hardware that you use regularly. Basically: Windows, OS X, or Linux. The choice here for me is easy: Linux.
A few years ago, it was much more difficult to use Linux as a dedicated platform. But these days, not so much. You can pick up almost any laptop, throw Debian or the fork of your choice on it (Ubuntu is mine), and away you go. I have made an attempt every now and then to switch to a RedHat derivative, but I find the support for hardware and software tools lacking.
From a host perspective, there are a few things that you’ll need to button down. Many work almost exclusively on laptops these days, but all of this is applicable across a variety of devices.
Disk encryption is one of the primary host concerns, specifically full disk encryption. On a Windows OS, doing this might be difficult due to the way that Windows 10 sets itself up across multiple partitions. FileVault for OS X is a bit more solid. A good solution for Linux is to encrypt it with LUKS, the disk encryption tool that ships with most distributions.
In addition to encrypting the disk on install, you will also want to set a couple options in the EFI/Bios settings; namely passwords for power on and for accessing the storage media. These are common to most desktops and nearly all recent laptops, and will prevent the device from booting up without entering both passwords.
Additionally, the storage media password will prevent the media from being accessed without entering your password, even when removed and inserted into another device. With these on and the disk encrypted, you should feel reasonably confident that the device won’t be accessed without your consent in some fashion.
Cameras and Fingerprint Readers
Two additional hardware-centric devices to deal with are fingerprint readers and cameras. Several recent cases have dealt with the fingerprint unlock feature that has become common on mobile devices. Particularly disturbing are court rulings that allow for not turning over passcodes for such devices, but compel you to use the fingerprint unlock features. In one particular case, a warrant was written allowing law enforcement to force the fingerprint-unlocking of every device located at the premises that fell within the scope of the warrant. So, as inconvenient as it might be, you may not want to use fingerprint unlocking. Considering that many laptops, tablets, etc, come equipped with fingerprint readers, this ruling will likely extend to them, as well.
Lastly, cameras are ubiquitous in laptops and mobile devices these days (not microwaves though), and may be a target for remote surveillance. Yes, this may sound a bit tinfoil-hatty, but it is a concern. Numerous items of malware that can access cameras have cropped up, and several privacy cases have come to light around unauthorized remote camera use, even people spying on schoolchildren.
There are many small stick-on devices made to cleverly cover cameras, and flip out of the way when they are needed, all while looking fashionable. A less expensive option is to cut the adhesive bit off of a sticky note, and trim it to size that works out well for your camera. It’s easily removable, doesn’t leave residue behind, and can be easily replaced.
The chief concern that most people have from a network perspective is the security of the communications medium—the topic almost always come back to this. On a hotel wifi, hooked up in the Starbucks, or sitting in the workplace, people are often concerned about others eavesdropping on them. The common answer to this? Use a Virtual Private Network (VPN) connection to encrypt your communications.
There are a HUGE number of possibilities for a VPN service, from low cost or free no-frills setups to spendy commercial services with all the bells and whistles. One decision to make is whether to build or buy.
A very brief round of googling will find you instructions on how to create your own VPN running on any number of cloud services, many of them built on Amazon Web Services (AWS). Building your own VPN has the advantage of you holding all of the control over how it runs.
You can dump logs, change IP addresses all the time, and any of a number of technical tweaks can be made at your whim. If you build on one of the cloud services, you will be burying your traffic among all of the other bits originating from that particular vendor. On the down side, you only have whatever frills that you build into it yourself, and you probably won’t want to pay for too many endpoints, so you’ll be stuck with your traffic exiting from a few (or one) specific geographic location.
If you go with a VPN service, you have almost the exact opposite problem. You probably have very limited control over how the service itself works and the features that you can use, but you may get some neat bells and whistles. Some of the commercial VPN services have endpoints all over the world, and you can make your traffic come from wherever you want. Want to watch some country-restricted content? No problem, just configure your VPN client.
With a commercial service, you do have to be concerned with what the folks running it are doing. Are they logging all of your traffic, and selling the logs off? In that case, you just shelled out $50 a month trying to avoid ISP spying only to end up right back in the same spot. There are a number of guides on the internet that can help you choose a safe and secure VPN service that won’t do bad things with your data. If you want a good place to ask a community of people that has been using VPNs for several years, and is really worried about being traced back, ask the pirates.
Ultimately, I went with a cheap OpenVPN setup in AWS. If you keep the traffic down to a reasonable level, you can run it on a very small system and stay inside the free tier, in which case it costs you nothing and you have full control over it. Additionally since this is OpenVPN, you can easily use it on your mobile devices. You can also have the entirety of the network traffic piped through it for your house, thus ensuring the privacy of your internet activities from your ISP.
A note on VPNs: Using one is by no means a silver bullet, but it’s a good start. You should also be sure to use secure protocols wherever available (HTTPS), and you can potentially use other mechanisms as well, such as Tor.
Are these measures good enough?
Are all the above measures a good enough solution to protect your personal privacy? This largely depends on what it is that you’ve been up to.
If you’re worried about general privacy and protecting your data from an ISP or other such companies, yes, this is likely a solid set of solutions.
If you’re worried about protecting your data from law enforcement, border patrol, and other similar agencies, probably yes. Beware, however, that not cooperating with law enforcement-type agencies may have consequences, such as being denied entrance to the country as planned.
If you have gained the attention of the NSA and/or other intelligence-agency types, I wish you the best of luck. If you have done something of sufficient magnitude to get the attention of those that have effectively unlimited resources and the will to use them, you have a much more worrisome set of issues.
Unfortunately, taking what might seem like extreme steps to protect your data is likely the new normal. This is one of those “genie out of the bottle” situations, and we are unlikely to see it reversed to any great extent any time soon. So don your tinfoil hat, protect all your data as best as you are able, and we will all hope for the best.
[Originally posted to https://blog.komand.com/privacy-stack-to-protect-your-data]