Have you ever been browsing the Internet and seen a screen like this:

…or this:

This is your browser telling you that it can’t be sure of who’s on the other end of your data transaction. SSL (the encryption technology used whenever you type in a URL that starts with https://) ensures that your data is transmitted securely between two endpoints. But what if the endpoint that you think is, say, Facebook, is really just someone pretending to be Facebook? We call this a “man-in-the-middle attack,” and it’s the most significant threat to the security of your data in transit across the Internet.

Certificates are what make sure that the endpoint is who you think it is. A certificate is a key set that is assigned to (e.g.) a Web server by a certificate authority (CA) — a company that is trusted to assign certificates only to the authorized owner of a domain name. Your computer comes pre-programmed (by your OS vendor or Web browser vendor) with a list of valid CAs, and using digital signatures, your computer can verify that the certificate a Web server presents to you was signed by a valid CA.

If all this is confusing, no worries: the tl;dr version of this is: If you see a screen like the one above, your computer wasn’t able to confirm that the endpoint is valid because it didn’t present a valid certificate. You should understand that if you tell your computer to proceed anyway, your information may be going to a hacker (whether or not that hacker has a badge). If the site you’re trying to access is a bank, your e-mail account, or pretty much anywhere else that asks for a password, financial information, or anything else you might want private, don’t proceed and contact the owner of the Web site.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

Text messages are an awesome way of communicating with friends and family. They’re short, to the point, and you don’t end up stuck on the line for 30 minutes hearing about someone’s bad break-up.

But, they’re prime targets for government interception. First, they’re small, so they’re easy to store en masse. While a minute of phone conversation might take up a few hundred thousand kilobytes, a text message with metadata would take up around 0.2 kilobytes. Second, text messages are easily searchable. While computers have difficulty turning voice into searchable text, text messages are already text, making it easy for the government to search for anything from “Allahu Ackbar” to “I think that the Patriot Act is un-American.” And, like phone calls, text messages are great ways to build databases of who your “associates” (read: friends and family) are, as well as your location information calculated by the cell towers.

There are a ton of services that offer to send your text messages using encryption, generally for free. Here are a few that I found (and for which I have no association and get no commission):

• WhatsApp (free, all major devices)
• Black SMS (free, iPhone only)
• Seecrypt (as discussed yesterday, also good for calls — $3/month)

If you know of other good services please post in the comments and I’ll update the thread.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

News broke yesterday that the NSA secretly collects call data from all major U.S. providers. We all, perhaps, expected this, but The Guardian released proof, in the form of a leaked FISA court order, that en masse collection of the source and destination of every call, the IMEI of cell phones involved in the call, location information, etc. is logged by the government, without requiring you to be on some kind of list. So much for no searches without cause, eh?

Skype used to be a great alternative as it encrypted the data being transmitted, but at this point, it is nearly certain that Skype (now owned by Microsoft) has included back doors in the software to allow for government interception. Now we must turn to other providers who allow for encryption to be used from end to end (when making Internet-to-Internet calls, at least).

Here are a few that I found (and for which I have no association and get no commission):

• SilentPhone ($49/month — ouch)
• VSee (Internet-to-Internet only, free)
• Seecrypt (calls to people with mobile app only, $3/month)

If you know of other good services (especially ones that let you call landlines) please post in the comments and I’ll update the thread.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

We’ve done a few posts so far about how to secure your data in transit over the Internet (still more to come on that… promise!). But, none of that protects your data from a thief who steals your laptop, whether or not that thief has a badge. The U.S. has taken the position, for example, that at the border, Customs can search through your hard drives based on nothing more than a hunch. “Must protect the children! Child pornography,” they say. “Must protect the economy! Industrial espionage,” they say. “TERRORISTS,” they shriek. But, behind all this hyperbole, they offer no explanation as to why any child pornographer, intellectual property thief, or terrorist with an I.Q. above room temperature would literally walk their digital contraband across the border rather than send it via the Internet from the convenience of their cave in Pakistan (or wherever “the enemy” hides these days).

I first wrote about TrueCrypt only 4 days after founding this blog. TrueCrypt is the gold standard, publicly-vetted (but not open-source) full disk encryption software package. Full disk encryption means that the entirety of your computer is unreadable without a password. This is our — we, the people’s — best defense against government prying into our personal documents, family photos, communications with friends, and really, our everything in this day and age. If done properly, full disk encryption cannot be broken even by the government (and again, if the government were able to unscramble it, they would never admit to it or waste such a valuable secret to spy on random citizens).

Please have a look at TrueCrypt’s Web site, read through their documents (they’re not very long), and protect your computer by utilizing it.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

Sometimes, electronic transactions are the only practical method of payment. Making a purchase at Amazon.com or holding open a bar tab will be frustrated if you have no plastic. You can still complete these transactions without creating a log that can be tied back to you thanks to prepaid debit cards that you can purchase virtually anywhere these days.

At my local Walgreens, you can grab $200 cards for $205.95, which works out to a 3% fee or the cost of about 2 ATM transactions. You can also find these guys at banks, money services companies (Western Union), and department stores (Kmart, Walmart). Terms vary, and you can find better or worse deals than Walgreens has to offer. In addition to holding on to some of your privacy, you also reap the benefit that a fraudster can’t clean out your bank account if that Internet retailer you just shopped at gets hacked, and there won’t be any surprise recurring fees from any merchants — by the time recurring fees would hit your card, it’s empty. A beautiful thing.

Prepaid cards can also be turned into Bitcoin, an untraceable (if done right) Internet currency that is starting to gain significant acceptance at Web-based merchants. Bitcoin works by using a peer-to-peer transaction database and strong encryption that allows only the present “owner” of the money to send it to someone else. The “owner” of the money is identified only by a string of random numbers (think like a debit card number, except there’s no name on the card). How to use Bitcoin is beyond the scope of what I can fit into a brief blog post, but the Wiki article is a great place to start if you’re interested.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

I love putting things on credit and debit cards. It’s more convenient than dealing with change and ATM trips, and it organizes my business expenses for tax purposes at the end of the year.

But, when I go through my statements at year-end to find tax deductable expenses, I find that I can basically pinpoint exactly where I was for pretty much every day of the year based on my purchases. In addition to the location information, credit card companies have detailed information on your spending patterns.

Will your credit card company sell your spending pattern data? Who knows, but when last year during my deposition for my lawsuit against stop-and-frisk, the attorney for the city asked me to list my credit cards, it became abundently clear that all of this data is just waiting to be abused. (The idea that someone suing the city for abuse should have to bend over and expose his private information in order to have a shot at justice is offensive and wrong, but I digress…)

So, I shall endeavor to use cash whenever possible (tomorrow’s post will allow you to keep your privacy for those when times cash is not an option). To keep track of business expenses, I’ll be using my smartphone to take a picture of receipts rather than holding onto crumpled up, faded pieces of paper. And I’ll save my local small businesses the ~3% they pay to run credit cards rather than see that money go to the banks. Win win win.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

So many companies exist solely to gather your personal information and sell it to others: nosy neighbors, your employer, and most definitely the government (you might be surprised how much of Equifax and other consumer reporting companies’ business comes from the government). The information can consist of your address and other contact info, how much you paid for your house, public debt information, links to your family, and other intrusive details that you may simply prefer not to share with the world. But, it may seem like there are so many places on the Internet that have your data that going around and asking them to take down your data would be futile (or worse, be ignored by the data providers).

Actually, there are only a few big sources for data, and most of the vast quantities of data providers are simply resellers, and further, all of the big online data companies have opt-out policies that allow you to remove your listing from public view. A few clicks of some forms, sometimes with a copy of an ID attached (black out your ID card number before sending!), and you’ve disappeared from a large portion of the Internet — both the big databases and the resellers alike.

Here’s where to go:

• Intellus
• Spokeo
• WhitePages
• PeopleSmart
• MyLife (find your profile and then e-mail privacy@mylife.com to ask for removal)

Happy removing!

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

When you send data across the Internet, in order to get where it needs to go, that data will likely pass through a dozen or more other computers before it gets to the proper destination. These computers belong to various telecoms, Internet Service Providers, and corporate routers, and any one of those computers can read everything you’re sending. Additionally, if you’re connected to the Internet using a wireless network, anyone within a few hundred feet of you can also read everything you’re sending. If the government wanted to snoop on you, all they need is to compel one of the many device owners to save a copy of your data, or, easier yet, sit outside your home and collect the data that you’re sending through the air. Many sources suggest that the U.S. government collects the Internet traffic of ordinary Americans en masse by putting data collection devices at telecoms.

A “Virtual Private Network” (VPN) is a way of securely getting information from one point to another across the Internet. All data between the two points is securely encrypted, so no one other than the end point can understand your data even if they have access to it. Those computers between you and the endpoint will only see scrambled data, and unscrambling it is roughly impossible (if the government were able to unscramble it, they would never admit to it or waste such a valuable secret to spy on random citizens). When the other end of the VPN connection receives your data, it decrypts it and forwards it on to wherever it needs to go — your mail server, your favorite porn site, etc. The whole process is transparent and incredibly easy to use.

Companies implement VPNs all the time to ensure that their employees can access file servers, e-mail, and the like from home without eavesdropping. But, there are plenty of VPN services available for personal use at low (~$10/month) or no cost. This protects all of your wireless traffic from eavesdropping, and it protects you from en mass data collection by governments with “black boxes” sitting at your local Verizon office. It also makes it significantly harder to spy even with a warrant. Without a VPN, the government can simply serve a warrant on your ISP to demand that they capture your data. With a VPN, they’d have to serve the warrant on the VPN provider, and if your VPN provider is half way around the world in a country that looks down on compliance with warrants issued by foriegn countries, this becomes infeasible. [Edit: VPNs are also great for stoping those pesky copyright trolls, who sue people for file sharing, so long as your VPN provider is in a foreign country.]

A few VPN providers that offer reasonable prices and have reasonable reviews (and for which I have no association and get no commission):

• VPNReactor (free basic account, $9.99/mo. pro account)
• Hide My Ass ($11.52/mo., cheaper annually)
• IPVanish ($10/mo., cheaper annually)

While VPNs provide protection against “local” threats, be aware that you still shouldn’t do things like send credit card or social security numbers without using additional protection. This is because once your data reaches the other end of the VPN, it is decrypted and sent on to its final destination without protection. This also means you must trust your VPN provider, since they will be handling your data. For how to protect credit card info, against the potential for VPN providers to eavesdrop, and other spying that is still possible (although made greatly difficult — remember the goal isn’t necessarily to make the spying “impossible,” but simply “difficult,” to encourage the government to utilize its power only when it actually has reason to do so) with VPNs, come back tomorrow. 🙂

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.

Imagine if the government were to pass a law requiring every American to carry around a GPS monitor that would at all times report your location back to the government. The government “wouldn’t be allowed” to use these records without a warrant, of course, and the government would simply keep these records on-file for 18 months, after which they would be “destroyed.”

There would be outrage, protests, lawsuits, calls for impeachment and revolution, etc. etc. etc.. The good news is that this will never happen; the bad news is that it won’t happen because the government already has this data since any American who carries a cell phone has his or her location constantly recorded by his or her cell phone company.

Your cell phone provider can (and does) estimate your location by the measuring your signal strength from nearby cell towers. The stronger the signal, the closer you are, and because multiple towers likely reach you, triangulation is possible and your location can generally be determined within about a few dozen yards.

Data Retention for Major U.S. Cell Phone Providers

Your cell phone provider constantly records this data and keeps it on file for a year or more, depending on your provider. So if you’ve attended the Communist Meetup Group, cheated on your spouse, or really enjoy strip clubs, your cell provider already knows that, and can tell you exactly when it happened.

The solution to this is both simple and mind-blowing: turn off your phone. In addition to the privacy benefits, you’ll perhaps gain the benefit of becoming re-connected with the real world. Except if you work for very specific jobs, you have no obligation to be accessible to the world 24/7/365. The world will indeed go on without you, and “emergencies” will solve themselves just as they did before the advent of cell phones.

Many phones also have an airplane mode which may or may not be helpful. (Who’s to know whether all transmissions have actually ceased? I once had a phone that would occasionally receive text messages, much to my surprise, after enabling flight mode!) Most phones (including iPhones) can be turned off by holding the power button for several seconds and following the on-screen instructions.

So, pick a time when you’re off-the-grid and every day, “disappear” for a while.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.