Our last post covered how local governments can track you walking on the streets. It doesn’t get much better for other modes of transportation. Consider:

• Do you drive? Mind the license plate readers (pictured) tracking you and putting you in a database every time you pass by. This man submitted a FOIA request for the records collected on his car and found that his location had been logged (and photographed!) 112 times.
• On the highway? If you use E-ZPass, SunPass, or any other prepaid toll system, each trip you make is logged. They can potentially even use this data to show how fast you were going by timing your passage between two points.
• Taking a train? Bought your ticket on your credit card? Or worse, bought a fare card (Metrocard, etc.), which records every swipe?
• Taking an airplane? lol 🙂 You know the deal already.

All of these pieces of what the NSA would call “metadata” can be pieced together. You buy a fare card on your credit card, and they know who you are. You swipe it at a turnstyle, and there’s a camera there being recorded and retained. Your entire journey can be watched, and as facial recognition increases, their ability to have a computer follow you from camera to camera increases.

Scary, isn’t it?

What can you do? The #1 lesson here seems to be pay in cash. It’s much harder to track your every step if you don’t broadcast your entry into the dragnet with a credit card swipe. On the road there are nifty little license plate covers designed to make your plates harder to photograph (an example I found on Google). But remember, we should be fighting against these systems before they’re implemented. 🙂

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

In 2006, I accepted a contract to work as a technical consultant for the NYPD’s Counterterrorism Division. I soon found out that I was to be working on a project known as the Lower Manhattan Security Initiative, which was, at the time, a fairly reasonable security measure: link together the cameras near the stock exchange, a sensitive, non-residential area of downtown Manhattan, for monitoring by the police. We built them a beautiful operations center to do just that, and my contract ended. [Note: While my contract required non-disclosure, all of the information posted herein can be found by searching through news reports. The NYPD is quite proud of their surveillance.]

Of course, fast forward, and the NYPD has now persuaded dozens of private building owners in lower Manhattan to send them 1,000+ camera feeds and has expanded the project to midtown, an area significantly more residential. With the midtown project likely completed, the NYPD would now have 3,000 cameras accessible to them in their command center, giving them the ability to follow you around the city as you travel on foot. These cameras are, of course, recorded, so that the police can go back in time (allegedly for 30 days) to watch you walk around the city. This was especially useful for watching “hot chicks,” whom the officers would regularly review for “suspicious activity.”

New York is not alone. London actually did it first, and you can expect that many large cities have implemented some form of centralized camera monitoring. Many don’t have a problem with it: you’re in public, after all. But personally, I find it a bit creepy that the city can not only watch me live, but go back in time and watch me. Add this to the subway cameras, and you can track someone pretty much the entire time they’re outside.

What to do?

Well, awareness is half the battle. Know that the camera attached to the deli across the street may not be just to watch to make sure you didn’t steal a bag of Cheetos, but may be the police state keeping tabs on you. The rest of the battle is fighting these initiatives when they are proposed. What seemed like a fairly innocuous proposal to watch the financial centers has now expanded, and surely will continue to expand. Be aware that every “reasonable” tool will be twisted until it is nothing like the original.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

If you’ve done everything else we’ve suggested, but still are uber-paranoid that some sort of hacker, government or otherwise, is leeching data from your computer, there’s one way to find out for sure: packet sniffing.

Packet sniffers, also known as protocol analyzers, record and identify all traffic travelling through a network interface, such as your wireless card. When traffic leaves your computer, it is broken up into chunks called “packets,” and this software will make a list of each packet, its “metadata” (date/time, source, destination, port number, etc.), and optionally, the full contents of the packet. If someone is taking data from your machine, you’ll see it.

There is but one gold standard in packet sniffing, and has been for as long as I can remember: Wireshark (formerly known as Ethereal). It’s cross-platform, free, and awesome.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

Ever go to a Web site, see things start to blink on your computer, and know that you probably just got some kind of epic computer virus? It happens every once in a while. There’s hope.

First, every Mac user tells me that Macs don’t get viruses, so fine, you guys are on your own. The first stop for a PC user should be Windows Defender (pre-Windows 7) / Microsoft Security Essentials (Windows 7+), which are free anti-malware apps put out by Microsoft. They’re very easy, they fix most malware, and did I mention, free?

Next on the list is to check your HOSTS file. A HOSTS file is a file that overrides DNS, which basically means that when you type in a domain name, you might actually end up somewhere else (generally, right where your attacker wants you). Run Notepad as an administrator (right click and click Run As Administrator), and open up C:\Windows\system32\drivers\etc\hosts. There should only be 2 lines that don’t start with a “#”, and both of them should end with “localhost.” If you see more than that in there, chances are, you have an issue. There are potentially legit (but somewhat rare) reasons your host files may be modified, so in order to make your changes reversible, instead of deleting lines, just add a “#” to the beginning of the undesired lines.

Last, the tool most pros will use to find bad things on your computer is called HijackThis (Note: Not for use at TSA checkpoints!). HijackThis is a brilliant piece of software that lists almost everywhere on your system that a virus can hide. The downside is that it take a bit of tech expertise to know what to remove — but Internet forums and/or that nerdy family member who knows the Interwebs can set you straight. Once you know what you want to remove, you just click on the item in HijackThis and select Fix, and the problem will be removed.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

There are two good privacy-related reasons to archive (take offline and store somewhere on your local computer) your e-mail:

1. If it’s not online, the government can’t request it. Perhaps the NSA has already intercepted it, but if they haven’t, or if another agency wants it but doesn’t have the clout to make the NSA produce it, you’re now in control — not Google or whoever your mail host is.
2. The government thinks your old/read e-mail isn’t constitutionally protected. The DoJ has argued that e-mails that are read, or e-mails that are 180+ days old, are no longer subject to privacy if you leave them sitting on the server. This is obviously fucking absurd, but the idea still hasn’t been officially shot down because last time it was tried, the government withdrew its request rather than fight for it.

How to do it? If you use a corporate mail server such as Exchange server, you can set up personal storage folders (.pst files) using Outlook. Move your e-mail there, and they’re offline (assuming your company hasn’t retained them). Gmail user? Try this article on for size.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

You know those, “If you forget your password, answer these questions to get into your account” things? That always ask you in what city you were born, what your mother’s maiden name was, etc.? Well, think about it for a second: assuming you answer those questions honestly, what are the odds that other people also know or can look up that information? There you were coming up with some kind of uber-complex string of characters for your password, which can be bypassed by searching for your mom’s marriage announcement.

This is how a lot of celebrity account hacks happened. Nude pictures of Scarlett Johannsen are on the ‘net thanks to password questions.

The solution is to make the answer to your password question a password in itself. Simply pick a new password, and use that for your password question. If that makes things too hard to remember, even something as simple as adding an arbitrary word before/after the real answer will make things significantly more secure. “New York” and “Smith” become “New York Blue” and “Smith Blue,” or “Alligator New York” and “Alligator Smith.” Easy to remember, unlikely to guess.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

Many people don’t like the idea of having their home address so easily searchable on the Internet. It used to be that if you wanted a way to receive mail without giving up where you live, you got a post office box, which is ok but let’s face it, there’s not much worse in this world than having to go to the post office.

I love to travel (hence the origins of this blog), and for me, I also would like to be able to receive my mail even when I’m not home. Rather than burdening my friends, I use one of the many services out there that receive mail on your behalf and, at your request, scan your mail and e-mail it to you, forward your mail to you, or simply drop it in the shredder if you don’t want it.

The services range in price from about $20 for the basics, and it’s the easiest way to get your address off the Google while still maintaining communication with those who still find it necessary to send paper. Two that I’ve used that I’ve been happy with (and receive no commission from) are:

• Earth Class Mail (more expensive but choice of address in a bunch of major cities)
• Mailbox Forwarding (less expensive but choice of address in only 3 cities)

One cool tip: with the check deposit feature that most banks have in their mobile apps, if you receive a check, you don’t have to request it be forwarded to deposit. Just request that they scan the item and then either print and endorse, or if you’re extra fancy, you can endorse using any graphics program and use the app to take a picture of your screen. It actually works.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.