Privacy Protection

From Competendo - Digital Toolbox
Jump to: navigation, search
A simple electronic network between peace groups in Serbia and Croatia with a connecting server in Germany empowered peace activists in 1991 from both countries to communicate without censorship and control. The ZaMirNET is an early example, how IT may become a civil involvement. It shows, that thanks IT we might easier and deeper exchange. On the other hand the broad use of communication technology may work to control and to direct communication. Censorship, data acceleration, interruption of communication between individuals and groups are a concern of companies and governments since ever.
Privacy.jpg

In times, where a lot of communication takes places electronically, we have to rethink our care for privacy. Currently most communication data might be stored and analized through those who are not the addressee. For maintaining privacy we need to use specific tools that make surveillance less possible or even impossible.

Beyond this defensive motivation there could be another reason for showing interest for technical tools for protection. Privacy means not only to defend ourselves against nosey pencil pushers. Through a privacy-aware attitude civil actors contributes to more quality of communication and shape spaces of confidentiality.


Introductions Into Privacy and Tracking


General Data Protection Regulation (GDPR)

The European regulation is enforcing citizens' rights and therefore regulating the tasks of data collecting businesses and organizations (entities). It is not affecting private persons.

  • A short introduction in the regulation and the tasks provided by European Commission
  • For more background: Watch the documentary about the development of the regulation:



Videos

Learn more about privacy:

  • Do Not Track: ARTE's videos introduce into the world of Big Data in German, English, French



Passwords

Some words about passwords: Principles & Criteria, Password Manager, Saving Passwords in Browsers, Checks

Principles & Criteria

  • The longer your passwords the better.
  • At least: One capital letter, one number, 6 letters
  • No dictionary words and publicly available information about yourself
  • Consider using a phrase
  • Different passwords for different services
  • Update them regularly

Password Manager

The best electronic tool does not help, when your password is written in an email that is saved in an online email account. Here it can easily be read out. Therefore passwords should better be stored in a more safe place in digital wallets. If you use them, you need only to know one password for accessing the database of such a software. And you might copy and paste them into a form without anibody seeing the password when looking over your shoulder.

Saving Passwords in Browsers (not)

  • If you safe passwords in browsers, use a master password (activate it in the settings).
  • Do not allow websites to "save my password" or "keep me logged in"
  • If you are using FireSync or another online sync tool for storing passwords,be aware that such services could be a security gap.

Check

Is your email part of one of the big leaks? Is your password unique or as well compromitted? These two tools help you to check:

Virtual Keyboards

You know them from mobile devices as screen keyboards. But they might also prevent keyloggers from tracking your keystrokes. Virtual Keyboards are on board in Linux, Win, MacOS


File and Disk Encryption

Encrypt single files or complete disks.

Disk Encryption

...makes it complicated or impossible to read hard disks without authorization.

  • Encryption may be activated in Android in the system settings.
  • Standard software is included in Linux which allows you to activate encription during the installatlion process of your system.
  • In some Windows versions you might chose Bitlocker as an encryption tool.
  • In MacOS the standard program is FileVault.
  • Open source solution: VeraCript

File Encryption


Lock & Screensaver

In case, that you would need to leave your computer unattended.

When you use your computer in cafés and you are on the toilet, make sure that your device is saved from nosey neighbors. A screen saver password locks your computer when the screen saver is on. Or,

  • when going to the toilet, use the lock command.

Internet Traffic Encryption

Personal Router, VPN

Between your computer and the internet is a connection. In cafés, Hotels, or in some public spaces you get it for free through Ethernet (internet cable) or WiFi. Please consider, that this is not confidential. The guy on the reception may even track your browser history if he uses the right programs and you don't care about traffic encryption or browsing encryption.

Personal router

Also the access to your personal home router should be encrypted in order to prevent uninvited guests in your home network.You turn it on by accessing the configuration menu and adding a password (the option will be found under the item wireless security and WPA/WPA2. And after doing this, you could also change the router access password, replacing the standard password (which is too often simply admin.

VPN

A technology that helps you to surf and email save in critical environments and countries with a strong surveillance policy. This technology builds an encrypted connection to a server in a trustful environment. Therefore you access the internet through this trustful server, not directly through your hotel WiFi. VPN clients are included in Linux and MacOS. A VPN server needs to be set up, often you need to buy a license from one provider.


Browsing

SSL, TOR, Search, Surf History and Cookies, Tracking, Sync

SSL

SSL holds back those who would like to read the content of the websites you visited by encrypting the content during the transport from server to client. In example, when you fill out an online form. Or for finding out, which news you received in your Inbox or which password you are using in order to access your emails.

  • You are using SSL transport encryption always when the URL of a page begins with https://. Always try to choose https if it is available.
  • In Firefox, Chrome and Opera you might activate the plugin HTTPS-everywhere. Then you automatically access through SSL, if a website offers this technology.

TOR

TOR-Project provides browsers that hide your access data. For the servers, that you are addressing and the men in the middle between you and the website you are seen as someone else with a different IP address than your existing address. This technology works as well, when you have no VPN-connection but need to surf confidential.

Search

Clear Surf History and Cookies

Cookies are files left on your computer that track you. Unfortunately we need these for some things like webmailers or access to other webpages with a log in. But you might influence which kind of cookies might be accepted and when it will be deleted.

  • You might use the option "empty cache/delete cookies" by hand.
  • Try, if you may do what you want to do while blocking cookies in general. If not, then at least activate in your browser preferences: "Keep local data only until you quit your browser"

Block Tracking

  • Explain your browser that in general it should not track your behavior by activating the "Do Not Track" function. Some websites care for that.
  • A smart Firefox or Chrome plugin like Ghostery gives control over how your data is collected and used on sites and in ads. As well the Firefox Add-on Lightbeam

Sync

  • If you are using FireSync or another online sync tool for storing passwords, bookmarks or content,be aware that such a service could be a security gap.


Communication

Clouds, Trustworthy apps on your mobile device, Messengers, Text Collaboration

Clouds

  • Check, if your connection to the cloud is encrypted. This is the case if the URL to the cloud space starts with https://
  • Check, if the providers are encrypting the cloud space, i. e. if they could have a look on your data or not.
  • Take care, that they don't share meta-data and connect it with other services the providers are offering.
  • The open source alternative to the big corp clouds are decentral services, which might be installed on your server or on the server of a webhoster you are trusting. Nextcloud is one of the most acknowledged open source alternatives.
  • Cryptpad has high encryption standards and might be used anonymously

Trustworthy apps on your mobile device

Your mobile phone provider and network providers track you through account data, bill data, your personal SIM-number (IMSI), the number of your device (IMEI) and, if governments come into the game, as well more things (i.e. they block the access to your number during demonstrations). Additionally app programmers try to offer you apps for free, that have the only one reason - to spy. Or why does your pocket lamp app require access to your contacts? Depending from your surrounding and activity, you should take these technical feasabilities into account.

  • Really confidential talks require to turn off your mobile phone, best to put it in the minibar.
  • Save your device with a password.
  • Encrypt your device with the onboard solutions

Messengers

  • Signal: Snowden approved. Works only with mobile devices with SIM slots (smartphones) with self-destructing messages.
  • Telegram: Safe, when you use "private chats". Works with smart phones as well as with tablets. Includes self-destructing messages. Servers in Russia.
  • Threema: Not free, but safe. Servers in Switzerland.
  • Jitsi: For traditionalists.

Text Collaboration

  • Etherpad: A safe alternative to working together through googledoc can often be a simple and accessible tool like an Etherpad. But only when you generate a random link and only those, that should know the link know it. Open an Etherpad
  • CryptPad, a privacy-by-design solution.


Email

General, Providers, Encryption

General

  • By default, email is the less safe messanging system (just as problematic like SMS). Today, messengers like Signal or Threema are encrypting content during the whole transport from author to addressee. In this sense, they could be the better choice for confidential texts.
  • Transport encryption means the encrypted transport between you and the email server and between email server and addressee. This is the case when the link in your browser starts with https:// In an email client like Thunderbird, you need to activate SSL/TLS in the account settings.
  • End-to-en encryption: Only the end users might read the text and not the intermediaries. If you want to encrypt your emails in this very safe way, you would need to install specific encryption modules in your email program. See more: Email Encryption
  • Set up an email for each of your social network accounts: One for facebook, one for vk. If their database will be hacked, the hackers may not access all of your emails. Don't use there your real email.
  • Using gmail might be a risk, as it connects diverse accounts, reads through your content and might cooperate with your government.

Providers

We are not offering a completed list or promoting certain providers. However, these two could be worth considering due to their very strong privacy features:

  • POSTEO has servers in Germany and costs 1€/month
  • PROTONMAIL is located in Switzerland and offers a basic free package.