The principal of how to avoid this is pretty simple. Basically, use encryption everywhere you can, don’t load the extra stuff on websites, and limit the permission you give to things on your phone.

The technical requirements for this are a tad more advanced. But still not too bad. Hang with me on this one and I’ll break it down in (what I hope are) simple ways and then link offsite to more complicated areas for our power users out there.

It’s time to STOP BEING THE PRODUCT

I’m going to go the same route with this that I did in part 1. We’ll start off with emails and then head over to phones and finish off with computers.

The not so simple method of email encryption:

I’m not going to get too far into this one as it gets complicated fact. Basically, you create two keys known as a private/public key pair. The private key is kept by you and never shown to anyone. The public key is given to those who you want to be able to decrypt your message. Something encrypted by your private key can only be decrypted by your public key. Likewise, something encrypted with the private key can only be decrypted with your private key. What’s cool about this is it provides both privacy and certainty. Your emails are private and you know for sure (unless that private key was stolen) that the person sending the email is who they say they are. I’m not going to get into implementation here but I will say that my preferred route is using Thunderbird with the Enigmail addon. There are Outlook options too but Thunderbird handles this a tad better. Want to learn more? This link is a good place to start.

And your computer. Just switch to Linux… you know you want to. Joking aside, let’s dig in.

This is an interesting one. For the sake of not writing a book, I’m sticking with Windows as my example here. Sorry Mac/Linux users. Extra sorry to the Mac users… I’m not the hugest fan of Mac’s and skipped large sections of their security in my studies. Any of my Linux fans out there, I’m happy to lend a hand on securing your systems. Now then, the best approach here is to break this into three categories.

Encryption

Do you know what kind of data is the hardest to find? The kind of data that either never existed in the first place or can’t be proven to exist. Want to insure your data is nice and safe on your computer? Encrypt the disk. Not password protect your login or making a single encrypted folder. Encrypt the entire disk. Windows has a built-in tool called Bitlocker for their Professional and Enterprise levels. It encrypts the entire disk and works pretty well invisibly if your computer has what’s called a TPM chip or else asks you for a password before Windows will even boot. There is some controversy for whether the government has forced Microsoft to build a backdoor into Bitlocker so they can still get in but current evidence doesn’t support that. Another great option is the free program VeraCrypt. It does the same thing with more options (like even being able to hide encrypted volumes inside other encrypted space so they can’t be found unless you know they are there!). Bottom line though: unencrypted data can be grabbed and read with almost no effort by anyone who can physically access your device.

Just a quick note here… if you encrypt your data and lose the key/password, we are not responsible for that. If you aren’t sure what you’re doing, ask us. We’d be glad to help.

Anonymizing Services

This is another one of those sections which could be an entire post by itself. And actually, I’ve touched on it in other posts. But here’s the thing: using this blog as an example… we know you’re reading it, your ISP knows you’re reading it, and the government knows you’re reading it. And probably a ton of advertisers but we’ll hit on that in just a second. How do all of us know you’re reading the blog? Simple. We see the connection coming from your house/office/phone and ending up on our site. Nothing is hiding who you are. The most popular anonymizing service you can get is a VPN service (please do not buy the first thing that says VPN after reading this… 98% of them are scams). In simple terms, all of your traffic gets funneled through an encrypted connection to a remote server and then out to its destination. Now no one has a clue what you are doing online and the end destinations cannot tell its coming from you. Unless you picked a bad VPN service. As these services change, I will only say that you should talk to us if you need one and we will be happy to help at that point. There are also other services such as Tor, JonDonym, various internet proxies, and the like which all have the same end goal. VPN’s are the most common for their simplicity. One important thing to note however: if you only use these services when you need them, it’s pretty obvious to onlookers that you are attempting to hide something. If all you’re doing is downloading music illegally, you probably aren’t a big enough target for a nation-state to care about. If you are trying to overthrow the government… well, I’m not going to tell you how to stay hidden but I will say this won’t quite cut it.

Now, if anyone has a semi-legitimate reason to stay very hidden, I would love to discuss different means of doing so with them. I think security is very fun and take anonymity quite seriously.

Ad/Tracker Blocking

This is arguably the most important thing here. All other tracking out there pales in comparison to the services which hound you across the internet. I’ve mentioned cookies before. To state it somewhat broadly, say Google gets a tracking cookie in your browser. Now every site you go to from there which has Google’s services see that cookie and know who you are (specifically who you are if you are logged into something like gmail. Otherwise, they know it’s the same computer). Many people have adblockers which block some of the cookies. But there are also 3rd party scripts, invisible pictures, remote DNS queries… the list goes on. And yes, I did say invisible pictures. While perhaps the least known tracking method, they are quite useful. Basically, it’s a tiny, invisible picture which will be rendered slightly differently by every computer depending upon the exact hardware within the computer. How your computer renders it is then scored. While you might be blocking other tracking methods, every site you go to with this picture knows exactly who you are when they see your unique score. Interesting huh? This is called canvasing. So how do you beat all of this? Let’s break down a few of the options.

1. First off, and this would seem somewhat intuitive but people still often miss the connection… Google is basically the king of tracking. If you really want privacy, you should pick a browser which doesn’t send all of your browsing habits back to Google. To make matters worse, Google might stop letting you block ads on Chrome unless you’re a business-level user. My recommendation? I love Firefox. If you would rather a Chrome feel with minimal effort but decent results for privacy, Brave is for you. Even nicer, both of these exist for Linux and Mac (oh hey, I didn’t completely forget about you Mac users).

2. Plugins. Whoo. If you opted for Brave, ignore this section. There are quite a number of different plugins people float around but there are really only three I’ll mention: Ublock Origin, CanvasBlocker, HTTPS Everywhere, and uMatrix. I’ll come right out and say that last one isn’t for everyone. Lets break this down a bit:

HTTPS Everywhere. As the name suggests, this plugin forces a HTTPS connection if one is possible. Nowadays, it isn’t needed as much. But every now and then, you see a website which lets you access it over both HTTP and HTTPS and will not automatically send you to the safer (encrypted) HTTPS side. This plugin will always connect you via HTTPS if the option is available. Again, no configuration needed.

uMatrix. This is where you really start sacrificing convenience for privacy. uMatrix functions much the same as uBlock Origin where you are allowing or blocking areas from loading. Many websites will break if you use this plugin but you have the option of granularly allowing content to load. For example, note flyspy.co in the picture on the left. You’ll see the same in Ublock Origin. The difference is that rather than an all or nothing block/allow, I can select if I only want the scripts to run but to not let the cookies exist (ps: flyspy is what we use for analytics. Chosen to protect your privacy. You can see our privacy policy here). Or maybe you don’t want my super cool fonts to load so you block the css for fonts.gstatic.com. Again, this will break sites until you allow the base areas to load which are needed for functionality. Many find that uMatrix is more effort than they want to put out.

3. Even though Firefox is geared towards privacy, not all defaults create full privacy. You wouldn’t think it, but did you know opening Firefox full screen can compromise your privacy? It tells websites what size your monitor is. While not exactly saying who you are, it builds a piece of the profile to determine who is on the site. FFprofile is a site you can go to for a secure Firefox profile. It will walk you through how secure you want to make it (a very small subset of sites stop working if it’s the most secure settings). Once made, it walks you through how to start using it. The process isn’t too bad. You’ll type “about:support” without the quotes into your search bar in Firefox. This opens the support page where you’ll see a “open directory” button. Hit that button to open up a window showing the files in your profile, close firefox, and then replace the existing profile files with the newly downloaded ones from FFprofile. You might want to simply copy the existing files to your desktop rather than delete them… if you don’t like the new profile, you can just remove the new files and drag the old back in. Much easier than having to start from scratch.

4. This is more of a general purpose, blanket area. Again, VPN’s are good for helping to mask who you are. If you’re using Ublock Origin and uMatrix, however, you probably aren’t letting in the services which would track you (your ISP and government can still see what you are doing though). Further options you might look into are running virtual machines. VMware and VirtualBox both have free programs for this. If you are going to run a persistent virtual computer (in other words, you are actually installing an operating system and it will keep any changes you make), it’s best to encrypt the whole virtual machine. If you want a simple virtual machine which you turn on and off as needed but don’t need changes saved, Tails is built for privacy and comes ready to go as a virtual machine. You might also download the free program BleachBit and give it a run every now and then. It’s designed to clear out temporary files, junk, and cookies. Just be careful on which boxes you tick off so don’t lose something important (for example, best not to wipe the entire computer with it…).

5. Another good idea is to user a different search engine than google.com. After all… it’s google. Try duckduckgo or startpage. They both serve good results without classifying you to a tiny bubble (google on shows you information it thinks you should see in particular). In fact, Startpage serves you Google’s exact searches without that “bubble” through a deal they brokered with Google. In turn for giving Google a piece of the ads profit for the first three search results, Google gives them access the Google’s search index. Though I think I still prefer duckduckgo. All that said, some searches are still best performed on Google to find what you are looking for. Just try to limit your use on it.