A practical guide to Internet security
CC-BY 2020-05-04 Fabian M. Suchanek
This guide explains in practical terms how to protect yourself against your 5 main adversaries:
  1. Yourself
    You yourself are the biggest danger to your data, because you may lose passwords, drop your laptop, or accidentally delete your data. This section explains how to backup your data, and how to use cloud storage services.
  2. Evil people
    Yes, there are evil people out there in the Web, and you better protect yourself against them. This section discusses secure passwords and two-factor authentication — something that even the non-paranoid people should have.
  3. Evil interlocutors
    Not all people whom you interact with on the Web are who you think they are. This section sensibilizes the reader to the threats of malicious Web pages, viruses, and fishy online shops.
  4. Companies
    Different from many other security guides on the Web, I will not argue that you definitively have to leave the big data collectors Google, Facebook, and the like. But if you are inclined to, you will find here (1) reasons in favor of leaving them, (2) alternatives to these services, and (3) an honest discussion of the weaknesses of these alternatives. This includes my experience with shutting down my Gmail account.
  5. Governments
    For most people, it is just paranoid to protect their communication against the government. However, if you have reasons to do it, or if you want to try it out, you will find here (1) an explication of the mainstream solutions, (2) a description of my experiences with them, and (3) a discussion of their applicability.

I reckon that this list of things to do may be overwhelming. If you just want a basic protection, you can read first the articles marked with a star. These are the really important ones.

Finally, a, disclaimer: I have no background in security! All I have in my favor is a single scientific publication in the domain. Thus, all of the below is provided as my personal opinion only, without guarantee for completeness or correctness. I would like to thank the numerous people who have cross-checked this text with their own experiences. I have integrated all of their feedback.

See this article as slide show

Protecting data against yourself

* Why this makes sense

We do not often realize it, but much of your life is nowadays digital:

Now do you remember the last time you were spied upon by the NSA? Or when your account was hacked and your credit card numbers were stolen? Probably not. But do you remember the last time you desperately tried to access an account of yours because you forgot the password? Or do you remember last time you accidentally overwrote a file? And do you know somebody who lost their pictures because they lost their camera? This is much more likely. Therefore, one of the first dangers for our data are actually we ourselves.

This is a serious thing: I have witnessed at least 7 cases in the past 4 years where people lost all their data because the laptop crashed or was stolen. In one such case, there was really no back-up. The entire digital life of that person was erased that way. She had a nervous breakdown, and stayed 3 days in hospital (seriously).

Another threat is ransomware — such as Cryptolocker or WannaCry. These are computer viruses that encrypt the information on your hard drive in order to extract ransom money from you. Therefore, the rule of thumb is:

Any important data should live in at least 2 different places.
When the data gets deleted in one place, it still exists in the other place. (Personally, I actually use 3 different places.) In the following I will elaborate on this principle for different types of data.

* Back up your data (1)

The easiest way to back-up your data is to use a cloud storage service. The most popular cloud service nowadays is probably Dropbox. In this solution, all your files are automatically backed-up on remote computers via the Internet. As an additional goodie, you can even go back in time: you can click on a file and see how the file was 1 hour ago, 1 day ago, or 1 week ago. Thus, even if you accidentally overwrite a file, or make changes that you regret, you can always come back to a previous version. Also, such a system will automatically back-up your pictures from your phone.

The most popular cloud service is Dropbox. However, maybe you do not want to share your data with that company (as we discuss below). Therefore, I actually recommend Sync.com instead. It uses end-to-end encryption and thus makes sure that only you have access to the data. Besides, it's also cheaper. From a user's perspective, both systems work the same: Just make a free account at either Dropbox or Sync.com, and have the system guide you. The system will make a new folder on your computer (called aptly “Dropbox” or “Sync”, respectively). Now comes the trick: move (not copy!) all your folders and files into that folder. Do not have the data outside the folder, thinking you'd copy it to the folder in order to make a back-up. Instead, all your important data should directly live inside this folder. In this way, it is automatically backed up.

Now here is the catch: Both Dropbox and Sync are free, but only up to 2 GB and 5 GB, respectively. That means that you can probably store all your documents there, but not your pictures or your music. To do that, you'd have to buy space, which comes at 50 EUR/year (Sync) or 100 EUR/year (Dropbox). That may seem expensive, but it is not: We are to used to getting everything for free on the Internet. However, behind all these free goodies are in fact thousands of servers that have to be maintained, cooled, replaced, and kept running — not to mention the software. It is only fair to pay for that.

Back up your data (2)

Another, more pedestrian way to backup your data is to copy your files and folders physically from your computer to a back-up drive. Nowadays, the method of choice is often a USB key. Such keys are available in any sizes from 4 GB to 512 GB, costing between 10 EUR and 100 EUR. To find out how much space you need, right click on your home folder and see how much space it takes on your hard drive. Once you have the USB key, just copy your entire home folder and all pictures to the key. In my experience, it is much easier to buy a large key and to copy everything, rather than to worry about which parts to copy and which parts to keep.

Then store the USB key in a safe place — ideally in a different building. This can be, e.g., at a friend's place, or in a locked drawer in your office. If you wish, you can protect the USB key with a password. Apple systems have a built-in capacity for this, as have some USB sticks. Repeat the back-up every few months. When you do that, the easiest way is usually to empty the USB stick first, and then just drag the entire home folder onto the USB key.

Back up your data (3)

Now here is for the geeky people. There exist a number of provider-independent tools to automatically backup your data. These fall into two classes.

Remote encrypted backup systems automatically copy your data to another computer. The most prominent software here is maybe Duplicity, but there are many others. Most of these solutions (but not all) are geared towards the Linux crowd. I have not tried them out.

GIT users have a darwinian disadvantage compared to SVN users. Two disadvantages compared to cloud storage users.
Then there are backup systems that are mainly geared towards software versioning. The most prominent ones are Subversion (SVN) and GIT. These systems require you to manually “commit” a changed file to the repository in order to back it up. This is useful for software projects, because if every intermediate change of a file were automatically mirrored to other computers (as it happens with standard cloud services), then the project would not compile for the other collaborators. In addition, the software versioning systems have a certain capability to resolve conflicts between concurrent modifications, which a cloud service does not provide. Hence, these systems are the state-of-the-art solution for software projects.

Between GIT and SVN, the choice is nowadays often GIT. I have tried them both, and the main difference I see is that GIT requires more steps than SVN to do the same thing. For example, in order to commit with GIT, I have to make sure that I use the -a option, so that the modified files are actually taken into account. Then I have to do a push — instead of just committing as I would with SVN. We have spent hours explaining to each other how to commit with GIT, or trying to figure out why a commit did not go through. I admit that I ended up just sending the files by email on more than one occasion. GIT may have its advantages, but I have not yet seen them in practice. I thus recommend SVN.

Some people use these software versioning systems also for writing scientific papers. However, in my experience, a cloud service is much easier to use. We do not make much use of the conflict resolution of SVN or GIT, because we tend to lock files anyway before we make modifications to them. Furthermore, in my opinion, the advantages of this feature fade in comparison to the problems that SVN or GIT produce. Forgotten commits, forgotten updates, forgotten adds, or tree conflicts (horror) have cost us hours of debugging. I recommend using cloud services instead, where all changes are just automatically pushed to the other machines.

Archive your data

You might want to archive your data so that you can still access it 5, 10, or 20 years down the road. There are 2 challenges: (1) choosing the physical storing device and (2) choosing the file formats. As for the physical storing devices, they change roughly every 10 years: It used to be floppy disks, then it was CDs, then DVDs, then flash drives (USB sticks), and now the cloud. Whenever a new technology comes up, support for the older technologies fades out. There are today no more floppy drives. Furthermore, the devices themselves have a life span of about 10 years. After that time, they forget their data. Cloud companies, likewise, may cease to exist. The only way to keep your data alive despite these changes is to constantly copy it from the older technology to the newer one. This is in principle completely lossless, so there is no harm done apart from the manual effort.

The second challenge is to choose a file format. Generally, you should go for established, lossless, and open file formats. Lossy file formats are given in red in the table below. For more details, read my extensive guide on The Best File Formats for Archiving.

Media typeEstablished proprietary formats  Established open formats (go for these!)  Open browser formats
Text with formattingDOCX (Microsoft Word) HTML with Data URIs,
ODT (LibreOffice),
PDF (lossy in the sense that it does not allow modification),
TEX+PDF 		HTML with Data URIs
PresentationsPPTX (Microsoft PowerPoint)TEX+PDF, ODP (LibreOffice)SVG (not common for creating presentations)
SpreadsheetsXLSX (Microsoft Excel)ODS (LibreOffice)HTML (loses provenance)
MusicMP3¹ (with bitrate ≥ 256), FLACOGG+Vorbis/Opus (not yet established, supported by Wikipedia)
VideosMOVMPG¹, MP4+AVC¹ WebM+VP9 (not yet established, supported by Google and Wikipedia)
ImagesJPEG¹, PNG, SVGJPEG, PNG, SVG (all of them safe)
Structured dataTSV, YAML, XMLXML (safe)
Compressed dataZIP
¹ There are some patent litigations over these formats, but these are considered irrelevant by most common users.

Taking all of this into account, my proposal is:

  1. If you have files in plain text formats (TXT, JAVA, JSON, etc.): keep them.
  2. If you have files in established proprietary formats: keep them. I personally convert them (see Point 5), but it’s probably safe to just keep them.
  3. If you have files in established non-proprietary formats: keep them.
  4. If you have files in open browser formats: If you know what you're doing, keep them. Otherwise, convert them (see next point).
  5. If you have files in any other formats: keep then, but make a copy in an established non-proprietary format. This works as follows: Open the file by double-clicking it, and then choose “save as” or “export as”. This should offer different file formats to save to. If no established non-proprietary format is among the options, search for an online converting service on the Web. Upload your file there, and download it in the target file format. (There is a privacy risk here.)
  6. New files: create them in an established non-proprietary format. If you know what you're doing, you can also use an open browser format. In any case, give preference to lossless formats (the ones that are not in red).

Back up your pictures

Nowadays, pictures usually live on the phone or on the camera. They, too, need backup. There are several ways to achieve this:
  1. The most pedestrian way is to connect your camera or phone to your computer and to copy over all the pictures. With the iPhone, the simplest method is the Apple program Image Capture (called “Digitale Bilder” in German). Remember to include these pictures in the general back-up strategy of your computer.
  2. If you use a cloud storage service, the easiest way is to install the app of that service on your phone. The app will then automatically backup your pictures to the cloud.
  3. If you use an iPhone, and if you have set it up normally, then the iPhone will automatically back-up your pictures to iCloud (Apple's cloud storage service). If this is what you want, great! However, if you do not wish to share your pictures with Apple, you have to turn this feature off manually, and use one of the other methods.

Back up your email

Usually, it is a reasonable assumption that your email is safe at your email provider. You do not need an additional back-up. Just make sure that you do not forget the password (see next article).

You can still back up your email to your local computer, if any of the following applies:

If any of this applies, you can install a local email client. This is a program that stores your emails locally on your computer. You can then read and answer emails either in the online interface of your email provider (as before) or through the local program (which automatically backs up your emails).

On a Mac, I recommend Apple's built-in mail program. On all other systems, Mozilla Thunderbird is a very popular program. On the iPhone, I use Apple's built-in mail app, which does a very good job.

Back up your WhatsApp

There are three main ways to backup your WhatsApp chats. The first way is to have all your chats back up automatically to the cloud. This will be iCloud for Apple devices and Google Drive for Android devices. Then you can see your chat history in a file on your computer. An explanation of how that works is here. This solution is convenient, and should be enabled. However, if you care about protecting your data from Google or Apple (see Section Companies below), then this is not a good solution.

Alternatively, you can backup your WhatsApp chats by the “export” feature. This works as follows:

  1. In WhatsApp, go to the contact whose chat you want to backup (not to the conversation, to the contact).
  2. Click “export chat”, and then choose “email”. On Android devices, choose the “email chat” feature.
  3. This will create an email that has the chat as an attachment. Do not send this email anywhere! Just save it as a draft.
  4. Log in to your email account from your computer (or open your email client), find the draft, and save the attachment to your computer. Then delete the draft.
This type of backup also breaks the end-to-end encryption. However, at least the data is shared only with your email provider, and not with Apple or Google. Since the communication between a client and the email server is usually encrypted, you can be sure that the data remains between you and your email provider.

If you have a cloud service installed, you can also save the chat directly to that service. This keeps the end-to-end encryption, in the sense that your data is unencrypted only on your own devices.

Finally, your WhatsApp chats also are automatically backed up to your laptop if you back up your iPhone. There is software that can read the chats out of the backup. This also keeps the end-to-end encryption, in the sense that your data is unencrypted only on your own devices. However, I have not tried it.

WhatsApp is also available as a Web interface. However this Web interface just mirrors the content of your phone, and has no additional functionality other than allowing you to type on a larger keyboard. The desktop version of WhatsApp, likewise, just mirrors your phone and has no better backup facility than the phone app.

Finally, WhatsApp has a number of privacy issues, and I am therefore hesitant to recommend it.

Back up your Facebook

Some portion of our social lives happens nowadays on Facebook. Unfortunately Facebook offers no means to backup individual posts and chats. It stopped supporting the open XMPP protocol. The only way to save a chat is to open it, to scroll back in history, and to save the resulting Web page. The problem is that (1) this is cumbersome and (2) it does not work very well (the result is garbled).

Interestingly, you can download your entire Facebook data, which includes all chats and plenty of other information. You get a neat HTML file as shown to the right. At the same time, this method does not allow you to easily back up a single conversation.

In general, since Facebook chats are locked in, I recommend not to use them.

Back up your Signal chats

Some privacy-aware people use the Open Whisper Signal app to have encrypted chats. While this is a great feature, the app does not provide any way to backup your chats on iPhones (while this is possible on Android). To back up chats on iPhone, you have to install the Signal app for the desktop computer. Then you can just select a conversation, click into any message, and press CTRL+A followed by CTRL+C. This will copy the entire conversation into the clipboard. You can then paste it into a plain text document or a Word document. This works only for chats received after you installed the Signal desktop app, not retroactively! As a signal user comments: “If you can't back it up and restore it, does it really exist? :-)”

Back up your phone data

There are several pieces of data on your phone that you might want to back up in case you lose it:

* Back up passwords (1)

Maybe the most important thing is to back up your passwords. Most services (Dropbox, Facebook, etc.) have a button "I forgot my password". Then your password is sent to your email address.

Now what if you forget, lose, or change and forget the password of your email? You can give your email provider (Gmail, Yahoo, Hotmail, Fastmail, etc.) a second back-up email address — for example your address at work. When you forget the password of your private email address, you can then retrieve it at the work email address.

These are things that you should do anyway. For more advances techniques, read on.

Back up passwords (2)

If you want to back-up your password, another way is to write it on a piece of paper and store it in a secure place. This is a very safe and very simple technique.

The digital variant of this is to put your password into a file, and to encrypt the file with another password. Then you give the encrypted file to one friend, and the password for that file to another friend.

There are several encryption methods. Unfortunately, none of them is secure, widely used, and audited at the same time. Interesting options are the open source solutions AES Crypt and 7zip. Even then, however, you have to choose a long password, because otherwise it can be cracked.

Protecting data against evil people

* Why that makes sense

Imagine someone guessed your email account password. Look what they could do: They could So the email address is a really important hub in the entire digital ecosystem. Even if the chances are super low that someone wants to do you evil, the damage it can do is colossal. So better brace yourself.

According to a study by Symantec, 978 million people in 20 countries were affected by cybercrime in 2017. The most common cybercrimes experienced by consumers or someone they know include:

As a result, consumers who were a victims of cybercrime globally lost $172 billion, says the report.

To protect against such attacks, the general principle is:

All important data should be protected from intruders by at least two independent hurdles.
We now discuss this principle for different types of data.

* Choosing passwords

The main thing to do is to choose a safe password: it should contain letters, numbers, and special characters, and be at least 10 characters long. You can check how safe your password is in an online tool. Watch out: Enter a variant of your password, and not your real password! Otherwise, your password immediately ceases to be safe!

Any trick that you are thinking of right now to make a safe password is in all likelihood not safe (because thousands of people have already been thinking of the very same trick). Instead, safe standard ways are:

Another option is to use a password manager, such as Lastpass, KeePass, or 1Password. These services generate long random passwords, and then enter them automatically for you on Web pages. Personally, I dislike the idea of having to pass through a central app in order to access different services. What if I forget the master password? What if I want to access the services in an Internet café? What if the service is hacked? LastPass has indeed been hacked in the past. 1password, likewise, can unintentionally leak data about you on the Web. Basically, password managers bundle the risk in a single point of failure, and I personally do not use them.

* Use different passwords

It is a capital sin to re-use the same password across different services: If an evil person has access to one service, they can then access all the other services.

The easiest way to have different passwords is to incorporate the name of the service in some way into the password — for example by inserting the first letter of the service name into the password (“D” for Dropbox, “G” for Gmail, etc.). Assume that your basic password is “Sl,&t4atf!”. You can then generate the password for Dropbox as “Sl,&t4atf!D” and the password for Gmail as “Sl,&t4atf!G”. This is a basic technique, but it is not excellent: An attacker can still try variants of one password they stole. The best way is to really use different passwords.

* Two factor authentication

A password is still only a single barrier to the data. There should be two different barriers. Here is where two-factor authentication (2FA) comes into play. Imagine you enable 2FA on your Gmail account. When you then log in to Gmail, you have to give your password plus a number that is shown on your mobile phone. Thus, an evil person would need your password plus your mobile phone to log in. Now you may ask: why is that number any better than a second password? The answer is that the number actually changes every 30 seconds. Thus, the evil person really needs your phone physically.

Now it may be very inconvenient to enter that number every time. Therefore, you can switch the 2FA off on selected devices — e.g., on your computer at home.

There is nowadays no excuse to not set up two factor authentication on all services that support it.
Set it up now! You will find here a list of services that support it.

Apple

Once you enable two-factor authentication, and once you link your devices to your Apple id, any of them can (1) change the password and (2) generate security tokens. Thus, access to any of these devices (possession+passcode) allows messing around with the Apple account and the other devices. I therefore recommend disabling the “Find my Mac” option, which allows remote-erasing your Macbook if someone gains control of your iPhone.

SMS

Some services offer two-factor authentication by SMS. Researchers have shown that such SMS can be intercepted. It is also quite common that hackers just ask the phone operator to change the number to their phone — which the operators do. So if you are really into security, then you should disable two-factor-authentication by SMS.

Universal Second Factor

An alternative to two-factor authentication via the phone is the “Universal Second Factor” (U2F) protocol, which is developed by the FIDO alliance. To use this protocol, you have to buy a small USB stick (a “FIDO U2F compliant USB token”), and insert the stick into your computer each time you want to log in. In return, you do not need to type the numbers. This protocol is supported by Google, Fastmail, Dropbox, Github, Facebook, and others. The protocol works with Opera, Chrome, and Firefox. On 2018-05-09, Firefox and Google Web pages have become compatible in these matters.

* Fall-back options

Two factor authentication (2FA) requires you to use a code form your mobile phone when you log in. The danger is, of course that you may lose your mobile phone. Therefore, you should define a fall-back option for the 2FA. For example, Gmail allows you to set up your landline phone as a fall-back option. When you have to enter the code and you do not have your mobile phone, Gmail will call you with an automated message on the landline phone and give you the code.
Do not enable two factor authentication without defining a fall-back option!
The reason is that, with 2FA, your phone is like a password. We already discussed that a password needs backup, and hence so does the 2FA-capability of your phone.

If a service does not support a fall-back option, then an easy alternative is to use a friend's phone (preferably not the one you already gave the password to). Proceed as follows: When you set up 2FA, you are asked to photograph a bar code on the computer screen with your mobile phone. Have your friend photograph the bar code at the same time with his phone. This way, his phone will always show the same codes as yours.

Access passwords

Anybody who can see your laptop can see your data. To avoid this, you should define a log-in password. This can be done on a Mac or on a Windows machine. Of course, these passwords need backup.

The same is true for your phone. Anybody who has access to your phone (or, worse, steals it), can

Therefore, you should also define a password on your phone. This can be an access code, a password, a fingerprint, or a lock pattern. Generally, finger prints are safe and definitively easiest (even though there are some cases where they have been hacked). The number codes on an iPhone are also safe, because the phone does not allow more than a certain number of trials per hour. Furthermore, the iPhone can be configured so as to erase all dat after 10 invalid tries. This is a doubly edged sword, of course, if you have no backup. Passwords are definitively safe, but extremely cumbersome. Finally, the lock patterns are actually not very safe. Chances are your friends know your pattern because they have seen you drawing it. 60% of people can copy a lock pattern after having seen it from a distance of 1 meter.
There is no excuse for not having a pass code on your phone!

The good news is that the camera of the phone is usually still accessible without the pass code, so you do not risk missing a good picture opportunity.

Hard drive encryption

When your laptop is stolen, so is all data on it. So your laptop is actually just protected by “one factor” (the physical possession). You may think that the password protects you, but that is actually wrong. An evil person can just take the hard drive out of your laptop, plug it into another laptop, and gone is the password protection.

Therefore, if you are serious about data protection, you should encrypt your hard drive. On a Mac, that is simple: Just enable file vault. It is actually enabled by default nowadays. Just make sure that you backup your password. The only drawback of File Vault is that it takes a bit longer when you start your computer. Overall, however, I recommend File Vault.

File Vault will encrypt your hard drive when the computer is off. However, you can also tweak it to encrypt the hard drive when the computer is just closed or sleeping. This is cool when you travel. However, it comes at the cost of longer wake-up times (up to a minute).

On Windows machines, you need additional software for encryption, and I have not tried any of them. On Linux, full disk encryption is standard and can be enabled when setting up the computer.

Really sensitive data

Some data is really sensitive, and you really do not want it to get into other people's hands. This can be: If such data gets into the hands of other people, it can be used against you: to embarrass you, to impersonate you, or to blackmail you.

Therefore, you should protect such data by at least 2 factors (e.g., possession of the laptop + File Vault). If you are not sure how to get the second factor (or if you need a third one), you can encrypt the files in question with the open source solutions AES Crypt or 7zip. Then, make sure that the data never leaves the protected space.

Really sensitive data should never live outside protected spaces.
In particular, such data should generally not reside on unencrypted memory sticks, in emails, or on other people's computers.

Sending sensitive data

Facebook uses a scan of your id to fight against fake accounts
Universities, travel agencies, and employers often ask you to send them a scan of your passport by email, so as to prove your identity. The trouble is that this email can be read not just by the receiver. It can be read by employees of the Email provider, and by third parties with whom the Email provider collaborates. It can also be read by unrelated malicious individuals.

Now anybody who gets hold of that email can use that passport scan to also “prove” that they are you. That person can do everything that you are using your passport scan for: universities, travel agencies, and employers. Beyond that, a scan of your passport can be used for anything that can be done online where the only protection is that scan of the passport:

All of this means that it is not safe to send your passport by email. The same applies to all types of sensitive information (see previous article). Here are safe ways to send your passport or any other sensitive information, ordered by increasing difficulty:

Protecting data against evil interlocutors

* Why that makes sense

In the previous section, we have discussed hackers, i.e., people who maliciously interfere with your affairs without your knowledge. In the present section, we discuss people with whom you communicate, interact, or do business. The main danger in such situations is that the person with whom you communicate may not be the one you think he is.

This can be dangerous in several situations:

The general rule is the following:

Any serious interaction on the Web should only happen if the identity of your partner has been confirmed by a trusted third party.
Most notably, it is not sufficient that the interlocutor himself affirms his identity. You need an external party that certifies the identity of your partner. We now discuss this principle for different types of interactions.

* Extended validation

An extended validation certificate shows the name of the company with a green lock in the address bar of the browser (as shown in the picture). This means that the identity of the Web page owner has been certified by a third party. Such Web pages are generally serious and safe to use.

In the ideal case, all sensitive interaction on the Web (paying, entering passwords, downloading software, etc.) would happen only on pages that have extended validation certificates. In the real world, however, only a minority of pages have these certificates. The only exception are banks:

Before doing anything on the Web page of your bank, you have to make sure the page has an extended validation certificate.

For all other sensitive interactions, you should at least expect a green lock. A green lock (without the name of the company in green) does not guarantee that the Web page is really the page of the company it claims to be. It just assures that (1) you are really connected to the Web site that is shown in the URL bar and that (2) any data you enter is encrypted on its way to that site.

(The virus scanner may have a “Web Shield” that disrupts the green address bar. If you do not see any green address bar in any browser, try disabling the Web Shield for trusted connections.)

Downloading software

If you download software that is offered on the Web, that software can do nearly anything on your computer: send your data to a third party, erase it, or encrypt it for ransom money. Therefore, you have to be careful before downloading anything. It is not sufficient that the Web page of the software says that the software is safe. Any Web page can say anything. You have to find a trusted third party (e.g., a reputable computer magazine) that recommends the software.

The following are generally indicators of safe downloads:

Watch out: It is not sufficient if the software is a standard program that is widely used and known. You also have to make sure that the program you download is actually that standard program — and not some other program that mimics the true one. Therefore, you have to check also the source where you download the program from.

Geeky people will know that they can, in addition, compare the hash code of the downloaded program (like the MD5 sum or sha256) to the hash code advertised on the page. Personally, I am not geeky enough for this. Note that in any case the page that advertises the hash code has to be trustworthy.

Email attachments

Email attachments can contain computer viruses. The general rule is to never open an attachment from a person whom you do not know.

Apart from that general rule, safe attachments are:

That said, some files masquerade as harmless TXT or JPEG files by having a double extension (such as file.txt.exe). Watch out.

Online purchases

Particular attention has to be paid when you purchase something online. Make sure to choose only reputed online shops:

There are also Web portals that allow you to buy from private sellers. The best known systems are Ebay and leboncoin. Personally, I have had more trouble than benefits from such systems, and I gave up on them completely.

Online payments

Whenever you make an online payment with your credit card, you have to make sure that the service that receives your credit card number is really the one you want to give it to. You should never enter your credit card number on a Web page that does not have the green lock in the address bar in your browser. In the ideal case, you would want that, in addition, the address bar shows the name of the company with a green lock. However, this additional security is often not available, and you have to make do without.

Some people use Paypal to avoid giving their credit card number directly to the merchants. Personally, I have used it for years, but in the end I do not think it is worth it. To me, it was just an additional service that collects data about me, and it seemed that Paypal benefitted more from me than I from Paypal. Thus, I do not recommend it.

In Germany, the service “SOFORT Überweisung” has recently become popular. However, it is under critique, because it requires transmitting your PIN and TAN numbers to that service to make a payment. This, in turn, allows the service to see how much money you have on your account, and to make a profile of your recent transactions. Therefore, a court declared (DE) that this mode of payment may not be the only one that a Web shop offers. With this, I recommend to not use this service.

Personally, I use credit cards for paying online. Fraudulent charges can usually be objected to. Credit cards also usually come with an insurance, so that you do not have to pay the damages you suffer, or at least not in full. In the worst case, getting a new credit card is easy. I never had any experience with fraud, though.

* Online acquaintances

Some people use online forums, social media, or partnership sites to get to know people. While there is nothing wrong with that, you usually cannot be sure that the other person is whom they say they are.

Therefore, never do any of the following without having established a real-life friendship with that person:

Always first insist on meeting the person in a public place before doing any of the above.

* Virus Scanners and Software Updates

All of the above are good strategies, but it is better to have a general safety net. This safety net is provided by virus scanners. A virus scanner (also called anti-virus) is a software that runs on your computer and protects against malicious software.

If you are running Windows 8 or any newer version of Windows, then Microsoft's built-in virus scanner (called Windows Defender) is generally good enough. It is installed automatically, and you do not need to do anything.

If you are running a Mac, you should install a virus scanner. There are around half a dozen reputable virus scanners available. Many of them are also for free. Watch out, though: The free virus scvanner “Avast” was caught selling your browser history to Google and others. I personally use Avira, but any other one will be just as good.

There is no excuse for not having a virus scanner installed on your computer.

A related topic is to make sure that all your software is always up to date. Nowadays, most software does this automatically. Just be sure to not obstruct such processes, and be sure to react if some software says it wants an update. On an iPhone, the App Store icon will show a red number if there is something to update. Click on it, and tell it to update everything. Likewise, the Settings icon will show a red number if there is an update of the operating system to do. If you see such a red number, tap on “Settings”, then on “General” and then on “Software update”.

Fishy Web pages

Web pages can entice you to give personal details, to install software, or to buy certain things. As discussed above, you should engage in such interaction only if you can establish the identity of your interlocutor through a trusted third party. Particular attention is due on fishy Web pages such as:

Such pages are generally untrustworthy.

However, surprisingly, the majority of viruses does not come from these pages, but rather from ordinary pages: in the health domain, in the technology domain, or in the domain of games (DE). The reason is that hackers sometimes succeed in installing harmful advertisements on such pages.

Protecting yourself against companies

What the big companies know about you

If you want to know what Google knows about you, go to the Google Dashboard and log in. It will show all the data Google has collected about you.

If you use Google services regularly, then Google knows

The situation is similar for Facebook and Dropbox. The Target supermarket chain made headlines when it knew that a young girl was pregnant before her father knew. It is also similar for a number of other services, albeit generally to a lesser degree.

Now there are people who are horrified by this, and there are people who are OK with this. People who are horrified say: You would never want to share all of this with your best friend; then why would you want to share it with Google? People who are OK with this say: I have been using these services for years now and I have never noticed any discomfort from it; so it's mainly an imaginary problem.

I have been thinking about this issue for quite some time now, and I can understand both sides. Therefore, I do not want to strongly argue that you have to protect your data from Google and the like. I will just tell you what you can do if you decide to reduce your flow of data to these companies.

What the companies deliver in return

Despite all the agitation about privacy, the life of the average citizen does not get any worse of he shares his data with Google. On the contrary, in comparison to other companies, Google offers exceptionally good service: Its search engine is vastly superior to any competitors (except maybe Bing); its email was the first to offer huge storage space for free (and others took years to jump on the train); its two-factor authentication is flawless (unlike most other services, Google offers independent fall-back options for every factor); it pioneered email analysis for events and bookings; and its Web interface is admirably clutter-free (contrary to the interfaces of most other providers).

The same is true of Facebook: It's just great to have all your friends in one place. It is extremely convenient to get updated when they marry, move, or graduate. Also, you don't have to take care to update your address book anymore: everybody just updates their own address. Finally, almost everybody is on Facebook. That's just extremely convenient.

Dropbox, likewise, is the top dog in the area of cloud storage: Its service works across all platforms, and on all mobile devices; it is super-easy to use; it has two factor authentication with independent fall-back options; and it allows going back to any version of a file during the last 30 days. These are features that only few of its competitors offer in all of their breadth.

Finally, all these services are free, which is admittedly a clear advantage. Alternative products are usually for pay. Furthermore, the alternatives are usually advertised by privacy-aware people and magazines as software of equal value. However, this is clearly not always the case. Most of the alternatives have clear drawbacks, which become obvious only when you use the software for a few weeks. I do actually use the alternatives, and I will point out their weaknesses.

Why it makes sense to protect yourself

As I said, I will not argue for you to leave the big companies. However, if you are rather inclined to do it, here are arguments that can substantiate your position: Maybe the most important argument is that companies can get hacked. It hasn't happened to Google, but it has happened to Yahoo, Ebay, Adobe, Target, Sony, and many other companies. It also happened in a different way to Facebook. You can check yourself if you are concerned. In such a case, your data is out in the open. The applications are manifold: Daniel Solove has compiled an exhaustive list of privacy risks. The Teaching Privacy Project has a list of example cases and suggestions. You will also find alternative providers here.

Again, the decision is yours. If you want to un-google your life, here is how to do it.

Change cloud storage

Dropbox, Apple's iCloud, and Google Drive remain the most popular cloud storage services. At the same time, you are sharing with these services all your personal files and photos. In the case of Chinese iCloud users, the data may also be shared with the Chinese government. If you do not wish to do that, then you have to move to end-to-end-encrypted cloud storage services. These are systems that encrypt the data before it is sent to the cloud.

I have written extensively about different encrypted cloud storage systems elsewhere. A table of comparison is attached below. Here, I just note that the outcome of my study was that Sync.com is the best alternative.

Sync.com offers all the same comfort as Dropbox, but it encrypts your data end-to-end. This means that even they cannot access the data. It is also slightly cheaper. The drawbacks of Sync.com in comparison to Dropbox are:

All in all, I am happy with Sync and I recommend it. Full disclosure: I get 1 GB for free for every new account opened through my recommendation. So far, I got 1200 GB. Here is the full comparison:

Provider Two factor Versioning Encrypted Qualis Webinterface Comments
Dropbox yes yes no A+ yes
AeroFS yesnot a cloud storage
Box US yes 25 versions no A
Evernote yes no
Frostbox yesfor social networks only
OneDrive yesno
SmartBoxyesfor file sharing
Synologyyes Administrational thing
Tresorit yesyesyesA- yes
Zetta.net yesyes no
Cloudsafe shut down
Wuala shut down
SpiderOaknoyes yes
Sync.comyes yes yes A yes
OwnCloudno no no requires own server
Meganono yes
An additional criterion, which I did not check, is whether the software is open source. Most of the above services are not. An open-source solution is Cryptomator, which sits on top of a conventional cloud provider (such as Dropbox). It does not have a Web interface, though.

Before closing your cloud storage

Before closing your old cloud storage at Dropbox, Google Drive, or Apple's iCloud, you have to make sure that you download all data that is stored in that service but not on your hard drive.

Google Drive, e.g., allows you to create and store documents online. If you want to move away from Google Drive, you have to download these documents: Open them, click “File”, and then “Download as”.

I had Dropbox and closed it (see image). Dropbox provided an extremely good service even during the break-up.

Change email provider

The business model of free email providers is: They provide you free services, and in return, you give them their data, so that they can sell you advertisements. If you wish to break away from that model, you have to switch to an email service that you pay for. The price is usually around 20-50 EUR per year.

There are numerous email providers. Things you may want to look out for are:

After an extensive search of alternative providers, I found that Fastmail worked best for me. Fastmail has a very clean interface, it provides its service well, and it is very frank about its own capabilities. I have never regretted the move. Things that Fastmail does not offer are:

All in all, I recommend Fastmail. However, Fastmail is certainly not the only option. In particular, I seriously considered Mailbox.org.

The migration of email to the new provider is usually not a problem: All email providers support the IMAP protocol, and you can just import the old mails into the new service. Make sure that your new provider supports this option.

Before closing your email account

Your email account is your digital identity. Therefore:
Before closing your old email account, make sure that all services that depend on it have been updated!
These are banks, social network accounts, iPhone/Android accounts, and cloud storage accounts. If you do not do that, you will lose access to these accounts!

You also have to update all your friends. I recommend keeping the old email account for some months, forwarding the emails to the new account, and adding a vacation auto-reply saying that your email address has changed. If, after some months, you still receive email to the old address, you have to manually write to the senders and ask them to update their address book.

You can keep all other Google products (Google Drive etc.) even if you close down your Gmail account (see picture).

Get back your data from Google

Google offers a large number of products, which each collect data about you. You may want to opt out of some of these services (or all).

Before you move away form Google, you may wish to get the data that Google collected about you. Fortunately, Google makes this admirably simple: You just go to the download page and download your emails, calendar data, GPS traces, Web searches, etc. Note that even if you don't know right now how to use this data, it's still a good idea to download it. Storage space is cheap these days, and it's better to keep something that could be of value rather than throwing it away.

Ditch Skype and Zoom

Skype is an application that allows users to place voice calls, video calls, and conference calls — either via the Internet or to a landline. The 2013 mass surveillance disclosures revealed that Microsoft had granted intelligence agencies unfettered access to supernodes and Skype communication content [Wikipedia]. This includes the audio and the video of Skype calls. The list of security flaws of Skype is long. Furthermore, by using Skype, you are sharing your contact list with Microsoft. Apart from this, I hate the interface of Skype. It takes ages to start up. The initial screen shows all kinds of status updates that I do not care about. The chat window is hard to find, and sometimes chat messages arrive without me noticing it. And finally, on Windows, it takes several steps to make sure that Skype is really off.

Zoom, likewise, is an application for video conferences. Its list of security flaws and questionable privacy policies is long. It requires an account and installing a software, which are both intrusive operations.

The alternative to these services is a protocol called WebRTC. It has a number of advantages:

There are several WebRTC providers. They offer the service for free: you just go to their Web page, open a new conversation, and send the link to that conversation by email to your interlocutor(s). The interlocutors click on the link and join the conversation. No login or account is required — neither for you nor for your interlocutors. I have tried JITSI and it works great (see Wikipedia article). I have therefore closed my Skype account, and I recommend WebRTC whenever someone proposes Zoom.
Try   JITSI

Maps App

Google provides a very good map app on the phone. However, it will try to entice you to sign in with your account. Once that is done, it starts collecting data about your locations. Fortunately, there are good alternatives to Google Maps.

Apple's own Maps app is decent, and better than its reputation. Personally, however, I use an app based on OpenStreetMaps. This is a project that aims to collaboratively build a map of the world that is free for everyone to use. While OpenStreetMaps is in itself not an app, there are a number of apps that use its data. The disadvantage of such apps is that the search function is usually not as good as Google's. The coverage, however, has so far been very good in all places that I have been to. Furthermore, these apps have an additional advantage: They usually allow you to download the map. This means that you can navigate around without Internet connection — and thus without roaming charges. This works because the GPS geolocation on your phone is always available free of charge. Furthermore, you can actually contribute to the OpenStreetMaps project and add points of interest that are missing.

There are several apps based on OpenStreetMaps (search “offline maps” in your app store). I have not tried all of them; I am using MapsWithMe, and it does its job just fine.

Change search engine

There are dozens of competitors for Google's search engine out there. While their results were previously much worse than Google’s, that has changed recently. The most popular alternatives are:
Bing
Bing is Microsoft’s search engine. It is as commercial as Google.
Qwant
A French search engine with a very responsive and appealing interface. Zero tracking.
DuckDuckGo
The oldest privacy-aware search engine. Offers more verticals than Qwant (maps, currency conversion, etc.).
Startpage
Uses Google’s search results (= very good results), but anonymizes them before sending them to Google (= privacy is kept). Very slow.
I have tried all of them, and I am currently tending towards DuckDuckGo.

Check privacy settings

Both Google and Facebook allow you to fiddle with their privacy settings. Both have also recently put this feature more to the front. I recommend that you take a look at these settings:

To check this, log in to Google or Facebook, head to the settings, and search the item “privacy”. It may take 15 minutes or so to go through the settings, but it's definitively worth it. Then do the same with other services you may be using.

This is useful in particular since there are companies that scan public social profiles for a variety of services. This includes “employment background screenings, insurance claims investigations, corporate due diligence, and Government services” (Social Intelligence Corp.).

Change browser

There is a big war about which Internet browser is the best. However, in my opinion, this war is mainly fought by the providers, not by the users. From a user's perspective, most browsers are more or less the same. Maybe one browser is a bit faster than the other, or one has a feature that the other one doesn't have, but all of this will change anyway with the next update.

I also came to distrust browser reviews by professionals. These are usually based on a number of minuscule differences between the browsers, such as whether a test page loaded in 0.01 seconds or in 0.02 seconds. These are irrelevant for everyday use and change anyway with the next update. Furthermore, the reviews usually do not discover the weaknesses that the browsers have in everyday use: They will report, e.g., that Firefox allows synchronization across several devices. That's great! However, add-on preferences are not synchronized, so that you have to set them up all over again on each device. Opera allows you to specify custom search engines. That's great! But it doesn't allow any default search engine beyond those that have a contract with Opera.

The most popoular browsers are:

Safari
Safari is Apple's browser, and it ships with all Apple computers, tablets, and phones. Since iOS 14, it is possible to use other browsers as well on iPad and iPhones. However, Safari does not run on PCs. Thus, it is generally not an option for people who (also) use Windows machines.
Internet Explorer
The Internet Explorer is Microsoft's first browser. It is no longer maintained, and should thus be removed from any system.
Edge
The Edge Browser is Microsoft's newer browser. It generally has less features than Chrome and Firefox, and exists thus, well, at the edge.
Firefox
Firefox is generally the darling of all privacy-aware users. It is open source, and developed by a non-profit organization with the explicit goal to foster a free and privacy-aware Internet.
Chrome
Chrome is the main player on the browser market, and not without reason: In terms of features, it generally has a small lead before Firefox (which is maybe no wonder, given that it is developed by one of the largest companies on Earth, Google). The main problem with Chrome is that the link with Google: It collects some data about yourself, and sends it to Google. Worse, when you sign in to some Google Website, Chrome automatically signs you in into the browser, so that all your browsing history is associated to your Chrome profile. If you allowed synchronization (or enable it at a later point), all that data goes to Google.

Change browser settings

No matter which browser you choose, it has an item called “privacy” in its settings (search for it on the Web if you cannot find it). The privacy settings allow you to erase your history, tell Web sites not to track you, to forget passwords that you stored, or to remove cookies (see next article).

It makes sense to have a look at these settings. However, be aware that changing these settings will also change your browsing experience. For example, if you switch off cookies, then some Web sites may no longer work. The present guide summarizes my own trade-off between privacy and comfort. Thus, if you just follow what is written here, you will be mostly fine.

One thing you might want to do is uninstalling Adobe Flash from your system. This is a software that is used in your browser to display videos. However, it has attracted criticism for security problems and privacy problems. Adobe itself has announced the end of the format for 2020.You can read here how to uninstall it.

Clear cookies

A cookie is a small piece of data that a Web site can store on your computer. This piece of data continues to live even when you close your browser. It allows the Web site to recognize you next time you visit. Thereby, cookies allow Web pages to collect data about your behavior.

You can disallow cookies, but then many Web pages will not work anymore. The trade-off that I recommend is to tell the browser to erase cookies when the browser is closed. The screenshot to the right shows how to do this in Firefox.

You can also tell Web sites not to track you (see setting at the top), but I am not sure how effective that option is in practice.

Log out of Gmail

Google sells ads to Web pages (even if these Web pages have nothing to do with Google). In return, Google gets to place a cookie on your computer when you visit such a page. Thus, Google knows that you visited that page. If you ever log in to your Google account on that same computer without deleting your cookies, Google can connect the pages you visited with your Google account.

The same is true of Facebook: Each “Like” button on a Web page is connected to Facebook. Thus, if you visit a page with a Like button, Facebook gets notified. It also places a cookie on your computer. If you log in to Facebook while the cookie is still alive, Facebook can connect the pages you visited with your account.

Thus, the best thing to do is to use Google, Gmail, and Facebook in a different browser. In all likelihood, you will anyway have several browsers installed on your computer. You can just use one browser for your main activities, and another one for your Facebook, Gmail, or Google sessions. In any case, be sure to log out of any session when you no longer need it, and delete cookies regularly.

Use privacy plugins

Even if you are not logged in, Facebook and Google can create a profile of you. Since every “Like” button and every Google ad sends a data point to these companies, they can build an anonymous profile of you. You would think that you could destroy the continuity of this profile by erasing the cookies. However, this is not true: First, the Faebook cookies are active even if you are logged out. Second, the companies build a digital fingerprint of your browser configuration. This fingerprint is unique enough to recognize you even if you delete all cookies. You can try it here. This way, the company can build the anonymous profile of “the person who reads this type of news at this time of the day and usually logs in to these Web pages”. If you then once sign in to Google or Facebook, they can make the link.

The same is true not just of Google and Facebook. An average Web page calls more than a dozen advertisement, statistics, and tracking services. Since the same service is implanted on different Web pages, the service can track you across pages.

If you want to guard against this, you can use privacy add-ons such as Disconnect.me, AdBlockerPlus, uBlock-Origin, or PrivacyBadger. These filter the Web pages you visit to rid them of tracking data and/or advertisements. At the same time, most Web pages rely on ads for their financing, so this is something to be kept in mind. The privacy add-ons may also act as a VPN. Opera has a built-in ad-blocker. On other browsers, I have used AdBlockerPlus, and it does what it should: It removes the ads from the Web pages. However, AdBlockerPlus gets paid from advertisers to unblock certain advertisements — which has attracted criticism. PrivacyBadger is proposed by the Electronic Frontier Foundation, a rather serious group. Different from the other services, it automatically learns which services track you. Thus, it does not have to rely on someone blacklisting or whitelisting services for you. I have tried it, and it blocks around a dozen tracking services per Web page, which is intellectually satisfying. Even more intellectually satisfying is Disconnect.me, which tells you how much traffic you saved by removing the trackers. In Firefox, the basic service of Disconnect.me is already included. Finally, uBlock-Origin is an open-source project that also blocks advertisements and user tracking. It is generally well-received by the community. Paradoxically, Google has also developed an add-on that opts you out of Google’s data collection. As for myself, I use uBlock-Origin, but I have no strong opinion on these tracking blockers.

Another problem is the so-called “referrer”: If you go from Web site A to Web site B, the browser will tell B that you came from A. This has repercussions for privacy. There are plugins to disable this.

Change social network

In the ideal case, the privacy-aware user would leave Facebook behind: it does not support open protocols, it offers no convenient way of downloading individual chats, it collects lots of personal information, and it uses this information for commercial purposes.

However, let's face it: none of the Facebook alternatives ever took off. I tried Diaspora, but I could not even import my address book. I would have to add all my friends one by one. Also, none of my friends is there anyway. As much as I like the idea, Diaspora is just not a reasonable Facebook alternative at this time.

Thus, I cannot recommend an alternative to Facebook at this time.

Messengers

Mainstream Messengers

One of the most popular messenger programs is WhatsApp. The service uses end-to-end encryption, and the advantage is that most of your friends will already have WhatsApp. It's also relatively easy to backup. The disadvantages are:

Google Hangout and Facebook messenger suffer from similar problems: They allow the company to trace when and with whom you communicate. Every single time you use the app, you are giving the company a datapoint about yourself: at what times you are awake, who are your contacts, with whom you chat most, etc.

Privacy-oriented services

Other services, such as Threema, Signal, and Telegram, are more privacy-oriented. Even Apple’s iMessage falls into this group, because Apple does not make money with user data. (They make enough money from selling overpriced iPhones.)

The Electronic Frontier Foundation maintains a score chart that shows the security of each of these services. The OpenWhisper Signal app is often highlighted, because it is open source, and recommended by Edward Snowden. It also allows encrypted phone calls. However, Signal is not easy to backup. It is also centralized, which means that it can be blocked, as it has indeed happened.

Apple's iMessage is integrated into the SMS application of the iPhone: whenever you send an SMS to another iPhone user, the message is automatically sent as an end-to-end encrypted message. This is indicated by a blue bubble (instead of a green one). Apple implemented this encryption in 2011, two years before the rest of the world cared about end-to-end encryption. iMessage also allows for voice-over-IP calls, i.e. end-to-end encrypted phone calls that work over the data connection (the service is called FaceTime or FaceTime Audio). The chats can be synchronized to any Apple product (Mac, iPad, etc.), while still remaining end-to-end encrypted. For this purpose, you have to enable “Messages in iCloud” on all devices. When the messages are synchronized in this way with Mac, are stored as XML files on your hard drive. Thus, they can be backed up very easily.

The problem with all of these systems is that they are bound to a single service provider. This means that a user of one service cannot chat to a user of another service. By using one such platform, you are basically limiting your conversations to people who also use it. This is unlike email, where a Gmail user can of course email a Yahoo user.

XMPP

There is an open protocol for messengers, called XMPP. This protocol allows users to chat across different service providers. It also has an add-on for end-to-end encryption (called OMEMO), which offers the highest level of protection. The Electronic Frontier Foundation advertises this protocol, and shows how to install XMPP clients on Mac, iPhone, PC, and Android devices.

With XMPP, you can chat with people who also use XMPP-compatible messengers — no matter which provider they use. For example, you can chat with Skype users. Thus, XMPP is truly service provider independent. It also works across different devices (including desktop computers). Furthermore, it works with and without end-to-end encryption, depending on whether the other person's device supports encryption or not. Finally, it's open source. See here for an exhaustive argumentation in favor of XMPP.

The trouble with XMPP is two-fold: First, there is currently no XMPP messengers that allows you to backup your data. Second, the backup may not even be needed, because there are too few people who use XMPP anyway.

Comparison

If you wish to find a messenger that suits your needs, here is an overview.
MessengerE2E encryptedPrivateBackupableVideoProvider independent
Whatsapp yesno yes yes no
FB Messenger optional no yes yes no
Google Hangout no no ? yesno
Threema yes yes ? yesno
Signal yes yes hard yesno
Telegram optional yes ? nono
iMessage yes yes yes yesno
XMPP+OMEMO yes yes no noyes
Personally, do not use messengers much. I sometimes use iMessage, because it's installed anyway and it ticks most of the desiderata.

Windows 10

Microsoft's new operating system, Windows 10, is a story of its own. By default, it sends a lot of data to Microsoft, more than you would reasonably expect. You will find guides on the Web about how to switch these features off.

iPhone

Here are some settings to check on the iPhone:

There may be similar settings on Android phones.

Keep track of accounts

I can only warmly recommend making a list of all the online accounts that you have: banks, email, social media, online shops, mailing lists, etc. Of course, such a list is really sensitive data, and should be protected as such.

Such a list allows you to keep track of where your data is. It is also an unavoidable asset if you plan to change email address or phone number, and need to see which other accounts depend on them. The list also allows you to close accounts that you no longer need. Since I started tracking them, I closed 230 (two hundred thirty) of them. The main trick here is that you can use most services also without logging in: many booking Web sites, shopping Web sites, postal Web sites, etc. work just as well if you have no account there. You can just close your account there, and shop anonymously.

Protecting yourself against the government

Why this makes sense

There are a number of cases where it is obvious that it makes sense to protect your data from the government: Now these may be rather abstract reasons for the average Western citizen. However, you may also want to consider extra protection, if you are dealing with any of the following:

In such cases, you need the government-level protection that the present section explains. Again, I do not want to argue that you absolutely have to protect yourself, but if you want to, here is how.

National Security Letters

The United States have a particularly ingenious system of spying on their citizens: The NSA can request that a service provider (such as Google) turns over data about a particular client. At the same time, the NSA can issue a so-called National Security Letter. This letter prohibits the service provider to tell anybody that they had to turn over the data. Thus, the service provider cannot publicly complain about the intrusion. They also cannot let the client know. All they can do is publishing how many security letters they have received. For the big companies, these are in the thousands per year.

The lesson from all this is that if you want to be serious about protecting your data, you cannot choose any service provider that is based in the US.

If you wish: Use a VPN

A VPN is a software that re-routes all your traffic through an intermediate server, using an encrypted connection. In this way, several pieces of information are hidden: Your Internet provider cannot see what Web pages you access (because all it sees is that the traffic goes to the intermediate server), your internet provider cannot see the traffic itself (because it's all encrypted), malicious agents cannot observe or interfere your traffic when you are on public wifi (because all they see is encrypted traffic to the intermediate server), the Web page you visit cannot see your IP address (because it just sees the address of the intermediate server), and the Web page you visit cannot see your location.
The Avast Antivirus program advertises its VPN service
As a drawback, VPNs slow down your traffic considerably (at least in the free versions that I have tried). Furthermore, the traffic is already encrypted if you use Web pages with a green lock. The only thing that malicious agents can see is the page that you connect to.

Now if you have to protect yourself against the government knowing which pages you visit, then a VPN is a must. A VPN is also often the only way to access Web pages that your government blocks. You can see here a list of options. Otherwise, do a Web search. For myself, however, I have concluded that VPNs are an overkill. For any sensitive interaction, I use only Web pages with a green lock, and I am OK with the risk that malicious agents can see which pages I connect to. For sensitive Web browsing, I use TOR.

Watch out for VPN services that are for free. Their business model may be to use the data that the VPN gathers (the list of URLs that you visit) for marketing purposes. This is the case, e.g., for the built-in VPN of the Opera browser for iPhone, which reserves the right to use the data for limited marketing purposes.

If you wish: Use TOR

The TOR browser is a Web browser that makes sure that no-one can track you. It does so by routing your queries over the TOR network. If you are dealing with highly-sensitive material, I recommend using this browser.

At the same time, TOR is not for everyday usage. The TOR network is several times slower than the other browsers, because it routes the queries differently. Furthermore, some online services will refuse to work if they notice that you try to sign in from TOR. Thus, this browser is not really an everyday alternative.

Encrypted cloud storage

End-to-end encryption means that your data is encrypted at your device, and decrypted only at the recipient's device. Not even the service provider in the middle can see the data.

I already discussed end-to-end encrypted cloud storage before, and I repeat my recommendation for Sync.com. This service protects your data reasonably against any undesired access — from hackers, from companies, as well as from governments.

Phone and SMS

Governments may have access to phone and SMS data. In particular, they may have access to the meta-data: who called whom when. This may seem completely irrelevant, and yet it is not. If, e.g., you first call a gynecologist, and then an abortion clinic, it is pretty clear what is going on even if the content of the calls is unknown. The Electronic Frontier Foundation illustrates this in a number of examples. A study from Stanford, likewise, shows that many personal pieces of information (pregnancy, etc.) can be deduced by automated means just from the meta data.

Apart from that, it is apparently not difficult to hack into the phone network itself. Then, hackers can intercept and even send SMS to your phone. Researchers have demonstrated this in order to hack two-factor authentication per SMS.

To protect yourself against such advances, you have to use encrypted chats or encrypted sms instead of classical SMS. Some of these services allow voice calls, too; see next article.

Proprietary encryption

The final piece of art is end-to-end encrypted email. There are a number of email providers, such as ProtonMail and Tutanota, that are built for just that. In these services, any email is encrypted on the sender's machine, sent through the servers, and decrypted on the receiver's machine. Thus, even the provider cannot see the content of the messages.

The problem with such approaches is that they work only between account holders of the same service. Emails to other people are sent unencrypted. Alternatively, emails to other people are sent by an encrypted link, which the recipient can access with a password that the sender and the receiver agreed upon. The receiver can reply in the same manner, but this amounts in fact to creating a guest account with the system. Thus, the solution is provider-dependent.

In general, such systems are closed, and not interoperable with solutions from other providers. Unless, that is, if they offer PGP (see next article).

Encrypted email

We used to say that emails are like postcards: they can be read by anyone in transit. Today, that is no longer true: Most email providers encrypt the email in transit with a technique called TLS (transport layer security). This includes Gmail. Now the trouble is that the email provider itself can still read the mails, as well as third parties with whom the email provider collaborates. The email can also be read by unrelated malicious individuals (as well as the NSA, if the service is located in the US). To prevent this, we need end-to-end encryption.

There are two methods for service-independent end-to-end encrypted email: SMIME and PGP. The first relies on a central validation architecture, which could theoretically be infiltrated by governments. This is a rather hypothetical scenario, but if we talk government, then it is unreasonable to not go all the way. Hence, PGP.

In practice, PGP is a software that is somehow attached to your email program. When you write an email, PGP encrypts it. When you receive an email, PGP decrypts it. This is indeed the way it works when you use an email client on your laptop or desktop computer. The integration is seamless: you just click the little lock if you want your email to be encrypted. The Electronic Frontier Foundation shows how to install PGP on a Mac (with Apple's mail program or Thunderbird) and on a Windows machine (with Thunderbird).

So far, so good. Things get a lot trickier when you wish to use PGP in the online interface of your email provider (e.g., at https://gmail.com). For this, you need a browser plug-in called Mailvelope. It works well, but the limitations are:

So it's feasible, but it's cumbersome.

PGP on the phone

Encrypting email is also possible on the smart phone. I have tried out several iPhone apps for reading and writing encrypted emails. My general impression is that the more expensive they are, the better they work:
Free apps
I tried several free apps, and the ones I tried did not work well. They were buggy or complicated to handle, or crashed.
PGPEverywhere
This app installs like a keyboard. To encrypt, you choose the PGPEverywhere keyboard, which opens a little window in which you can type. Then you click “encrypt”, and the tool copy-pastes the encrypted content right where the cursor is in the main window. This is a quite elegant solution, because it works in any app without changing between apps. However, it is tedious to type anything else than a few lines into the pop-up window. Therefore, you can also write the message in the PGPEverywhere app, and the copy-paste it into the mail program. For decryption, there are two methods: you can either copy the encrypted content to the clipboard, and then open the app, which will automatically decrypt the message. Otherwise, you can “share” the encrypted file with the app, which will automatically decrypt it as well.
oPenGP
This app works similarly to PGPEverywhere, but without the keyboard extension. For encryption, you have to open the app, write the email there, and then transfer what you wrote into the mail app. This takes a few clicks more than usual. However, it works generally well. To decrypt an email, you have to select the content of the email, copy it, open the PGP app, click “decrypt”, and give your fingerprint. This is quite cumbersome and takes around 20 seconds. Compared to PGPEverywhere, the use is a bit more pedestrian (more clicks are needed).
Canary Mail
The royal solution: Canary Mail is an entire email client app. You can use instead of your normal email app (Mail, Gmail, Fastmail), but with any email service provider (Gmail, Hotmail, Fastmail, etc.). You can read and send normal email, but you can also read and send PGP encrypted email. All emails to people whose keys you have are automatically encrypted with PGP. Vice versa, all PGP enrypted emails that you receive are automatically decrypted. The catch? The app is 10 EUR (10 USD). The app is also not as 100% streamlined as the Apple Mail app.

Most of these apps do not allow you to import all keys of your contacts from a keyserver (or they allow it, but don't do it properly). Thus, PGP encryption remains cumbersome on mobile devices. However, it is the best there is right now. With more privacy awareness among clients, there will be more privacy awareness among service providers, and thus eventually better services. Until then, we make do with what we have.