If you’re late to this series, you may want to check out some introductory material in part 1.
Today I'll be discussing measures you can take to protect yourself from online threats. These threats include those from Trump’s government, like surveillance and loss of data, and those from non-governmental adversaries, like harassment and identity theft.
There have already been two excellent diaries posted on this topic. Read them here and here. I will be mostly expanding on points made in those diaries, as well as adding a couple of minor corrections and adding a significant suggestion or two of my own.
There are certain things all of us should be doing right now to protect our privacy and guard against surveillance.
In my opinion, the easiest of these is to improve your password protection. As the diaries cited above point out, you should use different passwords for each site you visit. And you should use passwords that are very difficult to crack. So how are you going to remember dozens of complicated passwords?
The answer is to use a password management service like Lastpass. These services will store all your passwords securely, and will even help you generate complex passwords. Another good solution I’ve only just started exploring is the Blur add-on for Firefox, Chrome, and similar browsers, which seems like it may be more secure in regards to encryption. Both of these have free and very cheap paid versions available.
Another basic security measure is to sign up with and use a VPN. Without getting into the technical details, a VPN routes your traffic through a third-party server so that it is difficult for attackers to see where or who you are. A VPN is essential if you will be connecting to the Internet through an open Wi-Fi network like those found in public places. Although there are variations, most are fairly easy to set up and the best offer plenty of support to help you get up to speed. When you choose a VPN, your two primary considerations are which country your VPN service is based in, and whether they log user traffic. You will obviously want to avoid companies based in the US, Russia, or China. And you will want to avoid services that log customer traffic, as access to those logs by an adversary would defeat the whole purpose of having a VPN. I use Shadeyou, based in Ukraine, mainly because of its very low cost and ease of setup, but I would not hesitate to recommend NordVPN, based in Switzerland, despite its much higher cost.
Speaking of open Wi-Fi networks, if you use a wireless network in your home, be sure that you are not using your router’s default username and password. Your router is “secure” by default, but that won’t help if its username is “admin” and its password is “password.”
The next step I would take may not be for everyone, but it’s not as difficult or scary as you might think. I’m talking about changing your computer’s operating system from Windows or Mac to Linux. There’s a reason why skilled hackers and others who want to stay hidden use Linux, and that is that it is inherently more secure than the big two systems. There are versions of Linux which are designed specifically for those used to traditional systems. Two examples are ZorinOS and PCLinuxOS. I will be devoting a future diary to how you can make this change and why you should. I promise it’s not as hard as you might be thinking. In fact, if you are using an Android device you are already using a modified version of Linux.
Another vitally important thing you should do is to encrypt your data. This has been covered in the other two diaries so I won’t belabor it here, but it is the only way to protect your information if your computer is ever stolen or confiscated. In a future diary, I will discuss how you go about doing this, and how to protect your data even if you are forced to give up your system password.
I also want to mentioned some good web browser add-ons everyone should be using. IMO the essentials are Adguard, HTTPS Everywhere, and Privacy Badger.
Adguard does what most adblocking add-ons do, but goes farther in helping prevent websites from installing malicious software and from tracking your activity. Many websites and ads are able to track not only who is visiting them, but what websites you visit after you leave them. Adguard provides some protection against that.
More protection is offered by the Electronic Frontier Foundation’s excellent Privacy Badger. This nifty add-on learns which website features are tracking or spying on you and stops them. Highly recommended.
The EFF is also responsible for https everywhere. HTTPS is simply a system used by websites to make sure that traffic to and from their sites is encrypted to prevent its interception by third parties. Unfortunately, not all of these websites use HTTPS by default. This add-on makes sure that when you go to these sites HTTPS is automatically enabled.
The EFF add-ons are not available for Internet Explorer or whatever Microsoft is calling it these days, but anyone who is still using that needs to stop for a variety of reasons.
Finally, although this is very basic indeed, you should avoid letting your browser preserve a history of where you have been. If anyone gains access to this history, they would not only be able to determine if you have visited “subversive” sites like Daily Kos, but also if you have visited any sites you would be embarrassed to have anyone else know about.
Now, as to what you should not do.
Stop using Facebook right now. I know that some will argue, and Facebook has been used by resistance organizers extensively, but if you’re at all worried about surveillance you need to just give it up. Facebook is ubiquitous and tracks you in ways you are probably not aware of. A Facebook presence is an absolute guarantee that you will attract unwanted attention from people you wish to avoid. Eliminating your Facebook presence is quite difficult, and Facebook tracks you even if you have never had an account with them. I will be going over ways to hide from them, and whoever might be watching them, in a future diary.
You should also avoid using browsers that track you, or make it easy to track you. The two biggest offenders are Internet Explorer and Chrome. Firefox is most people’s browser of choice, though I find it to have gotten too slow and clunky as it ages less than gracefully. My preference is for a lesser-known browser called Vivaldi, but there are many good alternatives. Just avoid anything developed by an organization that stands to make a profit by knowing what you do online.
And do not use normal e-mail services like gmail for resistance-related communications. The other two diaries I mentioned at the beginning of this post suggest some good alternatives. If you do use gmail for any reason, be sure to log out of your account when you’re done. Otherwise you stay logged into Google and all of your activity is tracked by them.
If interest continues in this series, I will be covering the topics mentioned above, as well as some advanced techniques like creating a “secret identity” online and a couple of posts about advanced security measures.
This diary has attempted to cover some of the most basic things you can do to protect yourself, but it is certainly not a definitive guide. Be sure to check out the other diaries I noted at the beginning of this post for more detailed explanations.
I’m hoping thiswill be a springboard for discussion in the comments section, and that others will suggest things I may have forgotten or correct things I may be wrong about. I will monitor the comments—if it takes me a while to respond to yours, remember that I’m old and slow. Thanks for reading.