I saw an unclassified release from the FBI that Islamic terrorists are using Telegram to coordinate and transfer funds. Unfortunate legislation in the UK was recently passed that eliminates many privacy protections online for their country.
To ban privacy and encryption is no less a problem than to ban arms, because both technologies serve as a leash upon would-be tyrannical governments. For sure, terrorists will use every advantage they can get. But that does not mean innocent people like us must digitally take off our body armor because terrorists can use the same.
IMHO, privacy should be protected under the 4th amendment and the 1st amendment, no matter where our data lives. Unfortunately, Supreme Court precedents allow serving companies with court orders to produce customer data, which often happens without notice to said customer. Even if companies have a policy to voluntarily notify the customer, judges often issue gag orders to prevent them from doing so, especially if the judge believes that notice could “impede the investigation.”
This knowledge that I may be doxxed and physically and financially threatened chills my 1st amendment rights to speak openly about what I believe in certain public fora. That is why I spend more and more time learning about how to protect my privacy.
Privacy is like body armor. It’s my right to protect myself online, just like it is my right to protect myself on the street. It makes certain things more uncomfortable, but I willingly do it because I value my privacy more.
Although the FBI points out Telegram, this is likely only because Telegram can and does leak information to the FBI. According to a November 2020 internal training document obtained via FOIA, Telegram will disclose phone numbers and IP addresses “to relevant authorities,” although they have no access to message content (unless there is a mole in the chat).
Instead, I recommend Signal, which does not even have access to IP addresses and phone numbers. I think that lack of access is the strongest guarantee of privacy, since a warrant or subpoena can’t return information that the company can’t get. Further, Signal’s source code is available for anyone to check, and independent security experts continually verify that its privacy guarantees are maintained.
If you use Apple services, beware of iCloud backups in apps like iMessage and WhatsApp. These can be turned over if Apple is served a search warrant.
Aside from the usual tips about not clicking in emails that look suspicious while claiming authority and trust, whom you choose for email may affect your privacy as well. There is a reason why doctors and banks only notify you via email that a message with personal info is waiting for you if you log into their site. It’s because email is not secure and can be snooped on. Never give sensitive information via email, and if you do, you should invalidate it immediately and change it if you can.
Likewise, I am in the process of changing my email provider from Google to Proton. I suspect that Google with its business model is more interested in having access to my data than it is interested in keeping my emails private. It also is subject to American anti-privacy government control laws. Proton, in contrast, builds its entire product line with privacy as its primary selling point, and is based offshore. In addition, Proton allows you to encrypt emails you send if your addressee has also configured email encryption, and all Proton email accounts have that configured by default. Remember James O’Keefe, the visionary journalist who founded Project Veritas? He uses a Proton email account.
It is usually not the web browser itself that gets compromised, but rather the information standard web browsers reveal to Google Analytics and Facebook trackers, and they resell that information.
One thing you can do to mitigate tracking online is to install anti-tracking extensions into your browser, but that is something I am not as familiar with. There is a simpler solution: use a privacy-oriented browser like Brave, and change your search engine to something besides Google (I use Brave Search). Browsers like this will identify and stop trackers it knows about from working. Sometimes they even skip over tracking redirects and take you directly to the site you wanted to see, improving speed and privacy at the same time.
For even more privacy, you can set your browser to automatically delete all cookies every time you quit the browser. Many trackers rely on storing identifiers and history information inside your web browser. Some of these can’t be turned off without breaking the web site. But if you clear your cookies frequently, that makes it harder for trackers to identify your browsing patterns, since you have broken their database connection between your browsing sessions. You will have to put in your login data more frequently, but ads will become more generic, and it will be harder to identify you as a single user on the internet. Alternatively, you can use a short-lived incognito session for sites like Facebook and Youtube that you are especially worried about.
Also, although most websites and browsers support HTTPS to encrypt your web traffic, the names of the sites you visit are not encrypted by default. It’s part of how basic internet works, and it is called DNS. Any man in the middle can see all the web addresses you visit.
One way to stop this snooping is to use DNS over HTTPS (DoH), or the similar DNS over TLS (DoT), which takes some know-how to configure. I didn’t have time to learn that myself yet, so I used a simpler, shotgun approach: the Tor network (Brave has both an incognito and a Tor mode).
Tor is not for every website, since it is slow and frequently blocked. But it does an excellent job of hiding what you are doing online, and it usually routes your traffic through other countries around the world. It’s like encrypted DNS and free VPN at the same time, with no central governing authority. If one Tor node goes down, other Tor nodes replace it automatically.
This is the way decentralized internet was supposed to work. Unfortunately, big players took over the market and now most web sites and services are hosted through Cloudflare, Google, Amazon, and Microsoft, which are all in cahoots with the government. Regular people like us can reclaim our control over our data by embracing peer-to-peer small-guy networks whenever possible, and encrypting wherever we can.
This digital privacy movement is very much like the original conception of 2A. Rather than have a slow, centralized authority deciding when to use violence, that power should be distributed to the people, who can react faster and in their own interests. If individuals misuse that power, then courts can dis-empower them by locking them up after jury trial by their peers. Likewise in true peer-to-peer networking, knowledge about bad actors can be distributed and the bad guy penalized. But most of all, the power is in the user’s hands, not the government or pseudo-government monopolies.