By Nick Pearson
Aug 8, 2013
Start by switching to an alternative search engine, using an alias on Facebook, and supporting allied nonprofits.
The PRISM scandal confirmed our worst fears when it comes to state-level surveillance of the Internet, with the revelation that the NSA has created "backdoors" into major online services such as Google, Facebook, and Yahoo. These backdoors allegedly give intelligence agencies around the world access to user emails, Facebook posts, search queries, web history, and more, with little or no judicial oversight. For many, PRISM represents a violation of the 4th Amendment and is a sign that the government is heading down an increasingly totalitarian route when it comes to Internet surveillance.
Using a false Facebook name is common in parts of Europe.
But while the debate over PRISM continues to rage, the question remains: What can you do to take better control of your personal information and reclaim your online privacy? Staying completely anonymous online is incredibly difficult, but there are numerous tools and best practices you can use to gain a large degree of control over who has access to your personal data.
Remember, a lot of this stuff will mean sacrificing convenience for privacy, so some of these suggestions may take a bit of time and effort. In the end, you have to find the balance that works best for you.
1. Use a search engine that respects your privacy
With the two biggest search engines—Google and Bing—caught up in the PRISM scandal, how can you avoid search queries ending up on the NSA's servers? There are two main ways. First, you can still use Google and Bing without logging into your account, which means your searches won't be linked to your account. However, your queries will still be tracked via cookies, which are small files that get stored on your browser when you access a website. Cookies are typically used by Google to track your search habits and deliver personalized search results and advertisements.
Of course, if these alternatives become very popular, then it's reasonable to assume the NSA will be interested in monitoring them also.
2. Set boundaries for Facebook
Facebook has become an important part of our social lives and has become the de facto platform to upload pictures, join online groups, and share personal information. But Facebook retains records of user activity for commercial use, and also provides data to the NSA, according to documents leaked by former security contractor Edward Snowden.
If you're worried about the security of your information stored with Facebook, the easiest solution is to deactivate your account. But if this is too extreme, then focus on limiting the amount of personal information made available to potential snoopers. In short, don't submit any information you're not comfortable sharing with the world.
Due to the supposed existence of "Dark Profiles" (which allegedly track and store data on Internet users who aren't even on Facebook), some believe the best way to minimize the impact of Facebook on your privacy is to supply the platform with false information, rather than deactivating your profile. At a basic level, this can mean simply changing your name (using a false Facebook name is common in parts of Europe), and can extend to supplying false information about your location and the things you "Like."
3. Pick a privacy-conscious email provider
Finding web-based alternatives to Gmail, Yahoo Mail, and Hotmail is thankfully easier than finding alternatives to social networks. Some of the more notable privacy-orientated email platforms include RiseUp, GuerillaMail, Rediff and HushMail (although HushMail has faced some controversy in the past). Just remember that if you email someone with a Gmail, Hotmail, or Yahoo address, then that email will end up on those companies' servers and will be subject to privacy risks there.
The other option is to encrypt your emails using a tool such as Pretty Good Privacy or GNU Privacy Guard. Encryption is an effective way to secure the contents of your emails. But it can be slightly complicated to set up and whoever receives your encrypted emails will need to use software to decrypt the contents. For more about email encryption, take a look at this guide by the Electronic Frontier Foundation.
3. Protect your IP address
An Internet Protocol address, or IP address, is an identifier assigned to a device such as a laptop or smartphone that's connected to a network of devices that uses the Internet Protocol for communication (i.e., "the Internet"). Any website or service you connect to will usually be able to see your IP address. This will tell them roughly where in the world you are located.
Some people who are serious about online privacy will combine a VPN with TOR, creating multiple layers of protection.
Your Internet Service Provider, or ISP, also tracks your IP address, which is linked to your account and therefore your home address. By tracking the IP address, your provider will typically know what websites you've connected to and when you connected to them. It will also know when you've sent emails and who received them. This information is what we usually call "metadata." In Europe it is currently mandatory for all ISPs to store this information on their customers. In the United States, things are more complicated. There are no mandatory data retention laws for ISPs. But—as this document revealed a couple of years ago—most ISPs in the U.S. voluntarily retain customer metadata anyway, in order to help law enforcement. But there are a few services you can use to enhance the security of this information.
One of the most popular ways to protect your IP address is The Onion Router, or TOR, a free-to-use anonymization tool. TOR works by rerouting your Internet traffic via different "nodes" set up all over the world. This masks your IP address and makes it appear as if you're accessing the Internet from a different location. TOR is generally considered very secure. However, it does have some vulnerabilities, as traffic can be monitored at exit nodes, which anyone (including the NSA) can do. Also, your Internet speed will take a hit.
After TOR, a commercial Virtual Private Network, or VPN, is probably the most popular way to shield your IP address (full disclosure: I work for the VPN company IVPN). A commercial VPN company sets up its own servers in different locations across the world and lets customers reroute their traffic via these servers, so it appears that their traffic is coming from a different location.
There are lots of VPN companies out there and many of them—especially the bigger ones—do not offer a genuine privacy service, because they log metadata in the same way an ISP does. But there are also plenty of VPNs that take privacy seriously. The main benefit of a commercial VPN over TOR is that you can expect much faster connections. The main drawback is that you have to trust that the VPN company is actually protecting your privacy. Some people who are serious about online privacy will combine a VPN with TOR, creating multiple layers of protection.
4. Support online activism
If you care about protecting online freedoms and privacy, you may find organizations that work on these issues worth supporting. As shown by the successful protests against SOPA, ACTA, and CISPA—acts that would have limited Internet freedoms—online activism can sway the opinion of legislators who often have little understanding of how the Internet works.
For more information on online privacy check out the Electronic Frontier Foundation, the Open Rights Group, EPIC and the ACLU.
Nick Pearson is the founder and CEO of IVPN. He has 15 years experience in information security with experience across telecommunications and government sectors.