(Please note massive oversimplification ahead. I know these are not the most accurate ways to put the subject in question in writing. Thank you.)
Matt asked what we can do or what I recommend.
Those two seemingly identical questions can have multiple answers, none quite right for everyone.
Let me start by saying that (a) I have not kept current on privacy/encryption -- that is a big thorny field in and of itself, if you want to even get just a glimpse, I recommend Bruce Schneier's blog (https://www.schneier.com); for example, right now, as I look on his site, one of the top stories is how someone found FBI Director James Comey's "secret" Twitter account, from crumbs lying here and there (https://www.schneier.com/blog/archives/2017/03/finding_fbi_dir.html, https://gizmodo.com/this-is-almost-certainly-james-comey-s-twitter-account-1793843641). Another good article in his blog is about why privacy is important (https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html) and why questions like "if you have nothing to hide, why do you care?" are the wrong way to look at things.
I also want to mention that, (b) while my work is fixing mistakes other(s) made, I have quite a lot of friends in fields like encryption, privacy etc, from all kinds of places (academia [we're close to Harvard, MIT, etc], business [Akamai and Google employ an awful lot of folks, for example, and lots of ISPs have big offices around here], government, military [which (sub)contracts with many of the aforementioned companies], banking industry etc). No one agrees on which software or method is safe or even best.
And finally, (c) even if some subset agreed, they probably won't be able to tell you, because of Non-Disclosure Agreements.
One approach, by people who have security clearances, or at least were interviewed multiple times by places like the FBI (background checking) or CIA etc, is do nothing -- they already spilled all the beans to the feds, the important thing for the feds being that there is *nothing* for you to hide from the feds, which leads to next to zero blackmailing. If no one can blackmail you, they can't control you. An awful lot of my friends are exactly on this bandwagon. Mind you, that does not mean that an HMO would not just kill to have their data so they could charge two or three times what they charge another person.
Another approach is to look as much as possible as someone else. Please pay attention here because the details are what matters, and we're not talking about protection from virus/malware, we're talking about *personally* identifying you. If you bought a smartphone or tablet, or even a computer and did not change *anything* to personalize it -- if all your fonts are what came with the machine, you installed no or very few software packages etc, your equipment will look just like tens of thousands of *other* identical machines, particularly if you apply all the updates/upgrades and security patches. If within 2-5 days of a security patch appearing you let the machine install it (like most OSs do automatically), your machine will look almost identical to many others.
Sadly, that's not what people do -- they put a lot of fonts, delete and/or load apps and software, change the locations the software is installed "so it's easier for them to remember/use" etc. All of that makes their machines "unique". And it can be seen from anyone's website as you connect to them.
I'd also like to point out that the "Internet" as we understand was designed and implemented mostly to prevent attacks from breaking it -- attacks meaning either physical attacks (like bombing a city, or cutting cables) or virtual attacks (Denial of Service Attacks, for example), so a major design point was never privacy per se, but resilience and availability, which makes the entire thing route around problem areas and try to deliver your packets.
With that in mind, VPN (Virtual Private Networks) are just a way to encrypt *your* traffic to and from a safe place, say your office, so others can't easily eavesdrop on the *content* of the messages, but might be able to look at the routing, that is which computers are connected talking to each other.
The Onion Router Project (TOR) is not so much worried about protecting the *contents* of your message (although they end up being hard to mess with), but it's worried about protecting the *routing* data from prying eyes, so people (mainly investigators/governments) can't easily find out who is connected/talking to who. They typically route your messages thru something like several thousand machines, each of them only knowing who they got the package from and who they are supposed to send it to, but no much else.
Assembling the info back together is quite an awful lot of work. Think of it as you want to open this door in front of you, and you have a million keys to try -- it might take you a while, and a cop might show up and ask what the hell you are doing while you're at it. But gosh darn it, if one of the first 10 tries opens the door, or you happen to be handy picking locks, you won't need any of the keys.
Encryption *has* its problems.
For example, right now, if I go to https://panopticlick.eff.org and click the "Test Me" button, it will tell you my browser is unique, with 17.75 bits of info, and even the info that is mostly common (for example, one in every 64.28 computers have exactly the same fonts I do), one in two computers share my language setting (English) etc. but the combination of all the data makes it unique.
So, suppose on one hand I have this medical file with only a "browser fingerprint" (about a 32-digit number), and on the other hand, I just happened to have your name, address etc *and* your exact browser fingerprint. All of a sudden, it does not matter to me if I am interacting with you thru VPN or TOR, it's very likely you are the person I'm looking for, and if I get just a few more bits of information, I might seal the deal. It's as if I did not *need* the keys to "decrypt" your front door anymore, because you left your front curtains open and I can read the titles of your books which are visible to me thru binoculars. More or less.
For even more information, please see https://panopticlick.eff.org/about, https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy and Wikipedia also has an article about TOR.
It should go without saying that one should NOT have Flash installed at all, if you don't NEED Java, remove it, and you should limit the availability of java script for use by websites -- the last one is becoming difficult to do, many websites will not function correctly without java script enabled. (As you can see here, it's even difficult to *mention* the language properly without convoluted ways, most properly coded websites will strip it to sanitize their inputs.)
Some of my friends claim (I have not checked that for their "truthiness", like Stephen Colbert said) that the very act of using VPN or TOR can actually *attract* attention from the feds. Hard to say.
Ideally, we should curtail what kind of useful things people could *do* with our info, for example, by whacking the insurance companies over their collective heads and telling them: you are a *licensed* operation, and you lose your license if you start surcharging for certain diseases and pre-existing conditions. Tell some countries in Europe that you need to *hide* the fact that your grandma died of cancer or diabetes and they look at you funny, like you've grown 3 heads.
Sometimes I think we should charge people for abusing their powers -- for example, recently, radio stations around here started broadcasting advertising over the mechanism that is supposed to tell the listeners which radio station and song/singer we are tuned to. Isn't that just great? Now instead of paying attention to driving, they want us to know the latest discount the local tire store has for you! But wait! There is more! Call now! Operators are standing by! Maybe if the people involved with the ads had to pay for the car accidents, they wouldn't be so keen on using this "cheap" channel that "no one is using yet" -- that might have killed email spam, telemarketers etc, just like it almost killed people faxing you ads, but that requires judges to have a clue or two.
Cheers,
-- Paulo.
Matt asked what we can do or what I recommend.
Those two seemingly identical questions can have multiple answers, none quite right for everyone.
Let me start by saying that (a) I have not kept current on privacy/encryption -- that is a big thorny field in and of itself, if you want to even get just a glimpse, I recommend Bruce Schneier's blog (https://www.schneier.com); for example, right now, as I look on his site, one of the top stories is how someone found FBI Director James Comey's "secret" Twitter account, from crumbs lying here and there (https://www.schneier.com/blog/archives/2017/03/finding_fbi_dir.html, https://gizmodo.com/this-is-almost-certainly-james-comey-s-twitter-account-1793843641). Another good article in his blog is about why privacy is important (https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html) and why questions like "if you have nothing to hide, why do you care?" are the wrong way to look at things.
I also want to mention that, (b) while my work is fixing mistakes other(s) made, I have quite a lot of friends in fields like encryption, privacy etc, from all kinds of places (academia [we're close to Harvard, MIT, etc], business [Akamai and Google employ an awful lot of folks, for example, and lots of ISPs have big offices around here], government, military [which (sub)contracts with many of the aforementioned companies], banking industry etc). No one agrees on which software or method is safe or even best.
And finally, (c) even if some subset agreed, they probably won't be able to tell you, because of Non-Disclosure Agreements.
One approach, by people who have security clearances, or at least were interviewed multiple times by places like the FBI (background checking) or CIA etc, is do nothing -- they already spilled all the beans to the feds, the important thing for the feds being that there is *nothing* for you to hide from the feds, which leads to next to zero blackmailing. If no one can blackmail you, they can't control you. An awful lot of my friends are exactly on this bandwagon. Mind you, that does not mean that an HMO would not just kill to have their data so they could charge two or three times what they charge another person.
Another approach is to look as much as possible as someone else. Please pay attention here because the details are what matters, and we're not talking about protection from virus/malware, we're talking about *personally* identifying you. If you bought a smartphone or tablet, or even a computer and did not change *anything* to personalize it -- if all your fonts are what came with the machine, you installed no or very few software packages etc, your equipment will look just like tens of thousands of *other* identical machines, particularly if you apply all the updates/upgrades and security patches. If within 2-5 days of a security patch appearing you let the machine install it (like most OSs do automatically), your machine will look almost identical to many others.
Sadly, that's not what people do -- they put a lot of fonts, delete and/or load apps and software, change the locations the software is installed "so it's easier for them to remember/use" etc. All of that makes their machines "unique". And it can be seen from anyone's website as you connect to them.
I'd also like to point out that the "Internet" as we understand was designed and implemented mostly to prevent attacks from breaking it -- attacks meaning either physical attacks (like bombing a city, or cutting cables) or virtual attacks (Denial of Service Attacks, for example), so a major design point was never privacy per se, but resilience and availability, which makes the entire thing route around problem areas and try to deliver your packets.
With that in mind, VPN (Virtual Private Networks) are just a way to encrypt *your* traffic to and from a safe place, say your office, so others can't easily eavesdrop on the *content* of the messages, but might be able to look at the routing, that is which computers are connected talking to each other.
The Onion Router Project (TOR) is not so much worried about protecting the *contents* of your message (although they end up being hard to mess with), but it's worried about protecting the *routing* data from prying eyes, so people (mainly investigators/governments) can't easily find out who is connected/talking to who. They typically route your messages thru something like several thousand machines, each of them only knowing who they got the package from and who they are supposed to send it to, but no much else.
Assembling the info back together is quite an awful lot of work. Think of it as you want to open this door in front of you, and you have a million keys to try -- it might take you a while, and a cop might show up and ask what the hell you are doing while you're at it. But gosh darn it, if one of the first 10 tries opens the door, or you happen to be handy picking locks, you won't need any of the keys.
Encryption *has* its problems.
For example, right now, if I go to https://panopticlick.eff.org and click the "Test Me" button, it will tell you my browser is unique, with 17.75 bits of info, and even the info that is mostly common (for example, one in every 64.28 computers have exactly the same fonts I do), one in two computers share my language setting (English) etc. but the combination of all the data makes it unique.
So, suppose on one hand I have this medical file with only a "browser fingerprint" (about a 32-digit number), and on the other hand, I just happened to have your name, address etc *and* your exact browser fingerprint. All of a sudden, it does not matter to me if I am interacting with you thru VPN or TOR, it's very likely you are the person I'm looking for, and if I get just a few more bits of information, I might seal the deal. It's as if I did not *need* the keys to "decrypt" your front door anymore, because you left your front curtains open and I can read the titles of your books which are visible to me thru binoculars. More or less.
For even more information, please see https://panopticlick.eff.org/about, https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy and Wikipedia also has an article about TOR.
It should go without saying that one should NOT have Flash installed at all, if you don't NEED Java, remove it, and you should limit the availability of java script for use by websites -- the last one is becoming difficult to do, many websites will not function correctly without java script enabled. (As you can see here, it's even difficult to *mention* the language properly without convoluted ways, most properly coded websites will strip it to sanitize their inputs.)
Some of my friends claim (I have not checked that for their "truthiness", like Stephen Colbert said) that the very act of using VPN or TOR can actually *attract* attention from the feds. Hard to say.
Ideally, we should curtail what kind of useful things people could *do* with our info, for example, by whacking the insurance companies over their collective heads and telling them: you are a *licensed* operation, and you lose your license if you start surcharging for certain diseases and pre-existing conditions. Tell some countries in Europe that you need to *hide* the fact that your grandma died of cancer or diabetes and they look at you funny, like you've grown 3 heads.
Sometimes I think we should charge people for abusing their powers -- for example, recently, radio stations around here started broadcasting advertising over the mechanism that is supposed to tell the listeners which radio station and song/singer we are tuned to. Isn't that just great? Now instead of paying attention to driving, they want us to know the latest discount the local tire store has for you! But wait! There is more! Call now! Operators are standing by! Maybe if the people involved with the ads had to pay for the car accidents, they wouldn't be so keen on using this "cheap" channel that "no one is using yet" -- that might have killed email spam, telemarketers etc, just like it almost killed people faxing you ads, but that requires judges to have a clue or two.
Cheers,
-- Paulo.
