You yourself are the biggest danger to your data, because you may lose passwords, drop your laptop, or accidentally delete your data. This section explains how to backup your data, and how to use cloud storage services.
Yes, there are evil people out there in the Web, and you better protect yourself against them. This section discusses secure passwords and two-factor authentication — something that even the non-paranoid people should have.
Not all people whom you interact with on the Web are who you think they are. This section sensibilizes the reader to the threats of malicious Web pages, viruses, and fishy online shops.
Different from many other security guides on the Web, I will not argue that you definitively have to leave the big data collectors Google, Facebook, and the like. But if you are inclined to, you will find here (1) reasons in favor of leaving them, (2) alternatives to these services, and (3) an honest discussion of the weaknesses of these alternatives. This includes my experience with shutting down my Gmail account.
For most people, it is just paranoid to protect their communication against the government. However, if you have reasons to do it, or if you want to try it out, you will find here (1) an explication of the mainstream solutions, (2) a description of my experiences with them, and (3) a discussion of their applicability.
I reckon that this list of things to do may be overwhelming. If you just want a basic protection, you can read first the articles marked with a star. These are the really important ones.
Finally, a, disclaimer: I have no background in security! All I have in my favor is a single scientific publication in the domain. Thus, all of the below is provided as my personal opinion only, without guarantee for completeness or correctness. I would like to thank the numerous people who have cross-checked this text with their own experiences. I have integrated all of their feedback. The current version of this text is 2018-05-08.
Protecting data against yourself
* Why this makes senseWe do not often realize it, but much of your life is nowadays digital:
- All your pictures: vacations, evenings out, trips, or weddings
- All your emails, including those from your friends, your exes, your pen-friends, and your colleagues.
- Finally, all the documents on your computer: texts your wrote, that book that you started but never finished, tax documents, diaries, or scanned documents
Now do you remember the last time you were spied upon by the NSA? Or when your account was hacked and your credit card numbers were stolen? Probably not. But do you remember the last time you desperately tried to access an account of yours because you forgot the password? Or do you remember last time you accidentally overwrote a file? And do you know somebody who lost their pictures because they lost their camera? This is much more likely. Therefore, one of the first dangers for our data are actually we ourselves.
This is a serious thing: I have witnessed at least 7 cases in the past 4 years where people lost all their data because the laptop crashed or was stolen. In one such case, there was really no back-up. The entire digital life of that person was erased that way. She had a nervous breakdown, and stayed 3 days in hospital (seriously).
Another threat is ransomware — such as Cryptolocker or WannaCry. These are computer viruses that encrypt the information on your hard drive in order to extract ransom money from you. Therefore, the rule of thumb is:
Any important data should live in at least 2 different places.When the data gets deleted in one place, it still exists in the other place. (Personally, I actually use 3 different places.) In the following I will elaborate on this principle for different types of data.
* Back up your data (1)The easiest way to back-up your data is to use a cloud storage service. The most popular cloud service nowadays is probably Dropbox. In this solution, all your files are automatically backed-up on remote computers via the Internet. As an additional goodie, you can even go back in time: you can click on a file and see how the file was 1 hour ago, 1 day ago, or 1 week ago. Thus, even if you accidentally overwrite a file, or make changes that you regret, you can always come back to a previous version. Also, such a system will automatically back-up your pictures from your phone.
The most popular cloud service is Dropbox. However, maybe you do not want to share your data with that company (as we discuss below). Therefore, I actually recommend Sync.com instead. It uses end-to-end encryption and thus makes sure that only you have access to the data. Besides, it's also cheaper. From a user's perspective, both systems work the same: Just make a free account at either Dropbox or Sync.com, and have the system guide you. The system will make a new folder on your computer (called aptly “Dropbox” or “Sync”, respectively). Now comes the trick: move (not copy!) all your folders and files into that folder. Do not have the data outside the folder, thinking you'd copy it to the folder in order to make a back-up. Instead, all your important data should directly live inside this folder. In this way, it is automatically backed up.
Now here is the catch: Both Dropbox and Sync are free, but only up to 2 GB and 5 GB, respectively. That means that you can probably store all your documents there, but not your pictures or your music. To do that, you'd have to buy space, which comes at 50 EUR/year (Sync) or 100 EUR/year (Dropbox). That may seem expensive, but it is not: We are to used to getting everything for free on the Internet. However, behind all these free goodies are in fact thousands of servers that have to be maintained, cooled, replaced, and kept running — not to mention the software. It is only fair to pay for that.
Back up your data (2)
Another, more pedestrian way to backup your data is to copy your files and folders physically from your computer to a back-up drive. Nowadays, the method of choice is often a USB key. Such keys are available in any sizes from 4 GB to 512 GB, costing between 10 EUR and 100 EUR. To find out how much space you need, right click on your home folder and see how much space it takes on your hard drive. Once you have the USB key, just copy your entire home folder and all pictures to the key. In my experience, it is much easier to buy a large key and to copy everything, rather than to worry about which parts to copy and which parts to keep.
Then store the USB key in a safe place — ideally in a different building. This can be, e.g., at a friend's place, or in a locked drawer in your office. If you wish, you can protect the USB key with a password. Apple systems have a built-in capacity for this, as have some USB sticks. Repeat the back-up every few months. When you do that, the easiest way is usually to empty the USB stick first, and then just drag the entire home folder onto the USB key.
Back up your data (3)Now here is for the geeky people. There exist a number of provider-independent tools to automatically backup your data. These fall into two classes.
Remote encrypted backup systems automatically copy your data to another computer. The most prominent software here is maybe Duplicity, but there are many others. Most of these solutions (but not all) are geared towards the Linux crowd. I have not tried them out.
Then there are backup systems that are mainly geared towards software versioning. The most prominent ones are Subversion (SVN) and GIT. These systems require you to manually “commit” a changed file to the repository in order to back it up. This is useful for software projects, because if every intermediate change of a file were automatically mirrored to other computers (as it happens with standard cloud services), then the project would not compile for the other collaborators. In addition, the software versioning systems have a certain capability to resolve conflicts between concurrent modifications, which a cloud service does not provide. Hence, these systems are the state-of-the-art solution for software projects.
Between GIT and SVN, the choice is nowadays often GIT. I have tried them both, and the main difference I see is that GIT requires more steps than SVN to do the same thing. For example, in order to commit with GIT, I have to make sure that I use the -a option, so that the modified files are actually taken into account. Then I have to do a push — instead of just committing as I would with SVN. We have spent hours explaining to each other how to commit with GIT, or trying to figure out why a commit did not go through. I admit that I ended up just sending the files by email on more than one occasion. GIT may have its advantages, but I have not yet seen them in practice. I thus recommend SVN.
Some people use these software versioning systems also for writing scientific papers. However, in my experience, a cloud service is much easier to use. We do not make much use of the conflict resolution of SVN or GIT, because we tend to lock files anyway before we make modifications to them. Furthermore, in my opinion, the advantages of this feature fade in comparison to the problems that SVN or GIT produce. Forgotten commits, forgotten updates, forgotten adds, or tree conflicts (horror) have cost us hours of debugging. I recommend using cloud services instead, where all changes are just automatically pushed to the other machines.
Archive your dataYou might want to archive your data so that you can still access it 5, 10, or 20 years down the road. There are 2 challenges: (1) choosing the physical storing device and (2) choosing the file formats. As for the physical storing devices, they change roughly every 10 years: It used to be floppy disks, then it was CDs, then DVDs, then flash drives (USB sticks), and now the cloud. Whenever a new technology comes up, support for the older technologies fades out. There are today no more floppy drives. Furthermore, the devices themselves have a life span of about 10 years. After that time, they forget their data. Cloud companies, likewise, may cease to exist. The only way to keep your data alive despite these changes is to constantly copy it from the older technology to the newer one. This is in principle completely lossless, so there is no harm done apart from the manual effort.
The second challenge is to choose a file format. Generally, you should go for established, lossless, and open file formats. Lossy file formats are given in red in the table below. For more details, read my extensive guide on The Best File Formats for Archiving.
|Media type||Established proprietary formats||Established open formats (go for these!)||Open browser formats|
|Text with formatting||DOCX (Microsoft Word)||HTML with Data URIs,|
PDF (lossy in the sense that it does not allow modification),
|HTML with Data URIs|
|Presentations||PPTX (Microsoft PowerPoint)||TEX+PDF, ODP (LibreOffice)||SVG (not common for creating presentations)
||Spreadsheets||XLSX (Microsoft Excel)||ODS (LibreOffice)||HTML (loses provenance)
||Music||MP3¹ (with bitrate ≥ 256), FLAC||OGG+Vorbis/Opus (not yet established, supported by Wikipedia)
||Videos||MOV||MPG¹, MP4+AVC¹ ||WebM+VP9 (not yet established, supported by Google and Wikipedia)
||Images||JPEG¹, PNG, SVG||JPEG, PNG, SVG (all of them safe)
||Structured data||TSV, YAML, XML||XML (safe)
Taking all of this into account, my proposal is:
- If you have files in plain text formats (TXT, JAVA, JSON, etc.): keep them.
- If you have files in established proprietary formats: keep them. I personally convert them (see Point 5), but it’s probably safe to just keep them.
- If you have files in established non-proprietary formats: keep them.
- If you have files in open browser formats: If you know what you're doing, keep them. Otherwise, convert them (see next point).
- If you have files in any other formats: keep then, but make a copy in an established non-proprietary format. This works as follows: Open the file by double-clicking it, and then choose “save as” or “export as”. This should offer different file formats to save to. If no established non-proprietary format is among the options, search for an online converting service on the Web. Upload your file there, and download it in the target file format. (There is a privacy risk here.)
- New files: create them in an established non-proprietary format. If you know what you're doing, you can also use an open browser format. In any case, give preference to lossless formats (the ones that are not in red).
Back up your picturesNowadays, pictures usually live on the phone or on the camera. They, too, need backup. There are several ways to achieve this:
- The most pedestrian way is to connect your camera or phone to your computer and to copy over all the pictures. With the iPhone, the simplest method is the Apple program Image Capture (called “Digitale Bilder” in German). Remember to include these pictures in the general back-up strategy of your computer.
- If you use a cloud storage service, the easiest way is to install the app of that service on your phone. The app will then automatically backup your pictures to the cloud.
- If you use an iPhone, and if you have set it up normally, then the iPhone will automatically back-up your pictures to iCloud (Apple's cloud storage service). If this is what you want, great! However, if you do not wish to share your pictures with Apple, you have to turn this feature off manually, and use one of the other methods.
Back up your emailUsually, it is a reasonable assumption that your email is safe at your email provider. You do not need an additional back-up. Just make sure that you do not forget the password (see next article).
You can still back up your email to your local computer, if any of the following applies:
- You plan to change email provider and want to make sure you have everything locally.
- You want to write emails also when you are offline (e.g., in the train).
- You use an email provider that deletes the mail if you do not log in regularly.
- You distrust the email provider.
- You want to use end-to-end encryption to protect yourself against companies and governments — an issue that we discuss below.
Back up your WhatsAppThere are three main ways to backup your WhatsApp chats. The first way is to have all your chats back up automatically to the cloud. This will be iCloud for Apple devices and Google Drive for Android devices. Then you can see your chat history in a file on your computer. An explanation of how that works is here. This solution is convenient, and should be enabled. However, if you care about protecting your data from Google or Apple (see Section Companies below), then this is not a good solution.
Alternatively, you can backup your WhatsApp chats by the “export” feature. This works as follows:
- In WhatsApp, go to the contact whose chat you want to backup (not to the conversation, to the contact).
- Click “export chat”, and then choose “email”. On Android devices, choose the “email chat” feature.
- This will create an email that has the chat as an attachment. Do not send this email anywhere! Just save it as a draft.
- Log in to your email account from your computer (or open your email client), find the draft, and save the attachment to your computer. Then delete the draft.
If you have a cloud service installed, you can also save the chat directly to that service. This keeps the end-to-end encryption, in the sense that your data is unencrypted only on your own devices.
Finally, your WhatsApp chats also are automatically backed up to your laptop if you back up your iPhone. There is software that can read the chats out of the backup. This also keeps the end-to-end encryption, in the sense that your data is unencrypted only on your own devices. However, I have not tried it.
WhatsApp is also available as a Web interface. However this Web interface just mirrors the content of your phone, and has no additional functionality other than allowing you to type on a larger keyboard. The desktop version of WhatsApp, likewise, just mirrors your phone and has no better backup facility than the phone app.
Finally, WhatsApp has a number of privacy issues, and I am therefore hesitant to recommend it.
Back up your FacebookSome portion of our social lives happens nowadays on Facebook. Unfortunately Facebook offers no means to backup individual posts and chats. It stopped supporting the open XMPP protocol. The only way to save a chat is to open it, to scroll back in history, and to save the resulting Web page. The problem is that (1) this is cumbersome and (2) it does not work very well (the result is garbled).
Interestingly, you can download your entire Facebook data, which includes all chats and plenty of other information. You get a neat HTML file as shown to the right. At the same time, this method does not allow you to easily back up a single conversation.
In general, since Facebook chats are locked in, I recommend not to use them.
Back up your Signal chatsSome geeky people use the Open Whisper Signal app to have encrypted chats. While this is a great feature, the app does not provide any way to backup your chats on iPhones (while this is possible on Android). The best way I have found is to take screenshots of the conversations, and to back them up along with the phone pictures — truly not ideal.
Back up your phone dataThere are several pieces of data on your phone that you might want to back up in case you lose it:
- calendar data. The calendar on your phone should generally be synchronized with the calendar on your computer and the calendar of your email provider. The protocol for this purpose is called CalDAV.
- contact data. As with calendar data, your contacts should generally be synchronized with the contact list that you have with your email provider. The protocol is CardDav.
- text messages. This is much harder. For Android, there exist apps to automatically backup your SMS. For iPhones, you can either backup the entire phone content on a computer (using iTunes), or else use the Apple Messages app on your computer. It automatically synchronizes the text messages to your computer.
* Back up passwords (1)Maybe the most important thing is to back up your passwords. Most services (Dropbox, Facebook, etc.) have a button "I forgot my password". Then your password is sent to your email address.
Now what if you forget, lose, or change and forget the password of your email? You can give your email provider (Gmail, Yahoo, Hotmail, Fastmail, etc.) a second back-up email address — for example your address at work. When you forget the password of your private email address, you can then retrieve it at the work email address.
These are things that you should do anyway. For more advances techniques, read on.
Back up passwords (2)If you want to back-up your password, another way is to write it on a piece of paper and store it in a secure place. This is a very safe and very simple technique.
The digital variant of this is to put your password into a file, and to encrypt the file with another password. Then you give the encrypted file to one friend, and the password for that file to another friend.
There are several encryption methods. Unfortunately, none of them is secure, widely used, and audited at the same time. Interesting options are the open source solutions AES Crypt and 7zip. Even then, however, you have to choose a long password, because otherwise it can be cracked.
Protecting data against evil people
* Why that makes senseImagine someone guessed your email account password. Look what they could do: They could
- read all email you have ever written or received (including bank statements, mails to your boyfriend, from your ex)
- see all pictures attached to emails that you sent or received
- send emails in your name (e.g., to your students, colleagues, or clients)
- gain hold of basically all other online accounts. It suffices to tell, e.g., Facebook that you forgot your password. The password reset email is then sent to your email address, and the evil person can get hold of your Facebook account.
- post messages in your name on Facebook
- lock you out of your Facebook account (by changing the password)
- lock you out of your email account
- close your email account
- close your Facebook account
- mess up your blog
- buy things in your name from Amazon
The general principle is:
All important data should be protected from intruders by at least two independent hurdles.We now discuss this principle for different types of data.
* Choosing passwordsThe main thing to do is to choose a safe password: it should contain letters, numbers, and special characters, and be at least 10 characters long. You can check how safe your password is in an online tool. Watch out: Enter a variant of your password, and not your real password! Otherwise, your password immediately ceases to be safe!
Any trick that you are thinking of right now to make a safe password is in all likelihood not safe (because thousands of people have already been thinking of the very same trick). Instead, safe standard ways are:
- Take a sentence (for example: “So long, and thanks for all the fish!”), and to take the first letter of each word with punctuation (“Sl,&t4atf!”). Note that this approach does not work if everyone chooses the same sentence, as it sadly happens in real life.
- Generate a sequence of random words, such as “car hope wash free”. Note that these words have to really random (and here is how to do that). This works because passwords can usually be nearly arbitrarily long, and can also contain spaces. So no need to remember crumbled characters or to type %-signs on a keyboard. Just remember the random words.
- Generate a really random password, for example here or with the Unix tool pwgen. You have to write it down somewhere, though.
Another option is to use a password manager, such as Lastpass, KeePass, or 1Password. These services generate long random passwords, and then enter them automatically for you on Web pages. Personally, I dislike the idea of having to pass through a central app in order to access different services. What if I forget the master password? What if I want to access the services in an Internet café? What if the service is hacked? LastPass has indeed been hacked in the past. 1password, likewise, can unintentionally leak data about you on the Web. Basically, password managers bundle the risk in a single point of failure, and I personally do not use them.
* Use different passwordsIt is a capital sin to re-use the same password across different services: If an evil person has access to one service, they can then access all the other services.
The easiest way to have different passwords is to incorporate the name of the service in some way into the password — for example by inserting the first letter of the service name into the password (“D” for Dropbox, “G” for Gmail, etc.). Assume that your basic password is “Sl,&t4atf!”. You can then generate the password for Dropbox as “Sl,&t4atf!D” and the password for Gmail as “Sl,&t4atf!G”. This is a basic technique, but it is not excellent: An attacker can still try variants of one password they stole. The best way is to really use different passwords.
* Two factor authenticationA password is still only a single barrier to the data. There should be two different barriers. Here is where two-factor authentication (2FA) comes into play. Imagine you enable 2FA on your Gmail account. When you then log in to Gmail, you have to give your password plus a number that is shown on your mobile phone. Thus, an evil person would need your password plus your mobile phone to log in. Now you may ask: why is that number any better than a second password? The answer is that the number actually changes every 30 seconds. Thus, the evil person really needs your phone physically.
Now it may be very inconvenient to enter that number every time. Therefore, you can switch the 2FA off on selected devices — e.g., on your computer at home.
There is nowadays no excuse to not set up two factor authentication on all services that support it.Set it up now! You will find here a list of services that support it.
AppleOnce you enable two-factor authentication, and once you link your devices to your Apple id, any of them can (1) change the password and (2) generate security tokens. Thus, access to any of these devices (possession+passcode) allows messing around with the Apple account and the other devices. I therefore recommend disabling the “Find my Mac” option, which allows remote-erasing your Macbook if someone gains control of your iPhone.
SMSSome services offer two-factor authentication by SMS. Researchers have shown that such SMS can be intercepted. It is also quite common that hackers just ask the phone operator to change the number to their phone — which the operators do. So if you are really into security, then you should disable two-factor-authentication by SMS.
Universal Second FactorAn alternative to two-factor authentication via the phone is the “Universal Second Factor” (U2F) protocol, which is developed by the FIDO alliance. To use this protocol, you have to buy a small USB stick (a “FIDO U2F compliant USB token”), and insert the stick into your computer each time you want to log in. In return, you do not need to type the numbers. This protocol is supported by Google, Fastmail, Dropbox, Github, Facebook, and others. The protocol works with Opera, Chrome, and Firefox. On 2018-05-09, Firefox and Google Web pages have become compatible in these matters.
* Fall-back optionsTwo factor authentication (2FA) requires you to use a code form your mobile phone when you log in. The danger is, of course that you may lose your mobile phone. Therefore, you should define a fall-back option for the 2FA. For example, Gmail allows you to set up your landline phone as a fall-back option. When you have to enter the code and you do not have your mobile phone, Gmail will call you with an automated message on the landline phone and give you the code.
Do not enable two factor authentication without defining a fall-back option!The reason is that, with 2FA, your phone is like a password. We already discussed that a password needs backup, and hence so does the 2FA-capability of your phone.
If a service does not support a fall-back option, then an easy alternative is to use a friend's phone (preferably not the one you already gave the password to). Proceed as follows: When you set up 2FA, you are asked to photograph a bar code on the computer screen with your mobile phone. Have your friend photograph the bar code at the same time with his phone. This way, his phone will always show the same codes as yours.
Access passwordsAnybody who can see your laptop can see your data. To avoid this, you should define a log-in password. This can be done on a Mac or on a Windows machine. Of course, these passwords need backup.
The same is true for your phone. Anybody who has access to your phone (or, worse, steals it), can
- make phone calls
- see your emails
- write emails from your account
- use the two factor authentication
- access banking apps
- see and share the pictures you took
There is no excuse for not having a pass code on your phone!
The good news is that the camera of the phone is usually still accessible without the pass code, so you do not risk missing a good picture opportunity.
Hard drive encryptionWhen your laptop is stolen, so is all data on it. So your laptop is actually just protected by “one factor” (the physical possession). You may think that the password protects you, but that is actually wrong. An evil person can just take the hard drive out of your laptop, plug it into another laptop, and gone is the password protection.
Therefore, if you are serious about data protection, you should encrypt your hard drive. On a Mac, that is simple: Just enable file vault. It is actually enabled by default nowadays. Just make sure that you backup your password. The only drawback of File Vault is that it takes a bit longer when you start your computer. Overall, however, I recommend File Vault.
File Vault will encrypt your hard drive when the computer is off. However, you can also tweak it to encrypt the hard drive when the computer is just closed or sleeping. This is cool when you travel. However, it comes at the cost of longer wake-up times (up to a minute).
On Windows machines, you need additional software for encryption, and I have not tried any of them. On Linux, full disk encryption is standard and can be enabled when setting up the computer.
Really sensitive dataSome data is really sensitive, and you really do not want it to get into other people's hands. This can be:
- embarrassing pictures of yourself or others
- files that contain passwords
- scans of your passport
- confidential information that you store for other people, such as their letters about very private matters, their pictures, or their passwords
Therefore, you should protect such data by at least 2 factors (e.g., possession of the laptop + File Vault). If you are not sure how to get the second factor (or if you need a third one), you can encrypt the files in question with the open source solutions AES Crypt or 7zip. Then, make sure that the data never leaves the protected space.
Really sensitive data should never live outside protected spaces.In particular, such data should generally not reside on unencrypted memory sticks, in emails, or on other people's computers.
Protecting data against evil interlocutors
* Why that makes senseIn the previous section, we have discussed hackers, i.e., people who maliciously interfere with your affairs without your knowledge. In the present section, we discuss people with whom you communicate, interact, or do business. The main danger in such situations is that the person with whom you communicate may not be the one you think he is.
This can be dangerous in several situations:
- You buy an article on the Web, you pay, but you never receive the merchandise. Afterwards, the merchand is nowhere to be found.
- You get to know someone on the Web, you get closer with that person, you share intimate pictures of yourself, and the person then threatens to publish them.
- You receive an email from someone asking for help, you get in touch, send them money, and then the person disappears.
- You see an interesting app on the Web, download it, and catch a keylogger. A keylogger is a computer virus that logs everything you type, and sends it to a third party. Most notably, a keylogger can spy out the passwords that you use.
The general rule is the following:
Any serious interaction on the Web should only happen if the identity of your partner has been confirmed by a trusted third party.Most notably, it is not sufficient that the interlocutor himself affirms his identity. You need an external party that certifies the identity of your partner. We now discuss this principle for different types of interactions.
* Extended validationAn extended validation certificate shows the name of the company with a green lock in the address bar of the browser (as shown in the picture). This means that the identity of the Web page owner has been certified by a third party. Such Web pages are generally serious and safe to use.
In the ideal case, all sensitive interaction on the Web (paying, entering passwords, downloading software, etc.) would happen only on pages that have extended validation certificates. In the real world, however, only a minority of pages have these certificates. The only exception are banks:
Before doing anything on the Web page of your bank, you have to make sure the page has an extended validation certificate.
For all other sensitive interactions, you should at least expect a green lock. A green lock (without the name of the company in green) does not guarantee that the Web page is really the page of the company it claims to be. It just assures that (1) you are really connected to the Web site that is shown in the URL bar and that (2) any data you enter is encrypted on its way to that site.
(The virus scanner may have a “Web Shield” that disrupts the green address bar. If you do not see any green address bar in any browser, try disabling the Web Shield for trusted connections.)
Downloading softwareIf you download software that is offered on the Web, that software can do nearly anything on your computer: send your data to a third party, erase it, or encrypt it for ransom money. Therefore, you have to be careful before downloading anything. It is not sufficient that the Web page of the software says that the software is safe. Any Web page can say anything. You have to find a trusted third party (e.g., a reputable computer magazine) that recommends the software.
The following are generally indicators of safe downloads:
- A green address bar with the name of the company with a green lock. If such pages offer their own software, then you know at least that the software you download stems really from that company. This does not make the software safe in itself, but it is a positive signal.
- A software recommended by a reputable computer magazine (and preferably downloaded via a link from their site).
- Apps in the Apple iPhone App Store, if they have a large number of positive user comments. It is hard to fake a large number of positive user comments.
Watch out: It is not sufficient if the software is a standard program that is widely used and known. You also have to make sure that the program you download is actually that standard program — and not some other program that mimics the true one. Therefore, you have to check also the source where you download the program from.
Geeky people will know that they can, in addition, compare the hash code of the downloaded program (like the MD5 sum or sha256) to the hash code advertised on the page. Personally, I am not geeky enough for this. Note that in any case the page that advertises the hash code has to be trustworthy.
Email attachmentsEmail attachments can contain computer viruses. The general rule is to never open an attachment from a person whom you do not know.
Apart from that general rule, safe attachments are:
- Plain text files (TXT). These are completely safe.
- Plain pictures in JPEG or PNG format (not: Word documents).
- PDF files. Some PDF readers have vulnerabilities, but if you use a standard PDF viewer that is up to date, you are reasonably safe. However, do not click on links in the PDF, and do not allow files to be extracted.
Online purchasesParticular attention has to be paid when you purchase something online. Make sure to choose only reputed online shops:
- Amazon and online shops of similar standing
- Online booking sites such as booking.com, hotels.com, and other reputed pages.
- Online shops with a green address bar that shows the name of the company with a green lock.
- Shops of reputed brands that exist also in brick-and-mortar versions in real life (H&M, Zara, Air France, etc.). Just make sure that you land on the real page, and not on some fake page. Unfortunately, these shops do not use green address bars. Therefore, the best you can do is to search the shop on Google or your preferred search engine. Often, the shop site is known to your search engine and highlighted in the results.
There are also Web portals that allow you to buy from private sellers. The best known systems are Ebay and leboncoin. Personally, I have had more trouble than benefits from such systems, and I gave up on them completely.
Online paymentsWhenever you make an online payment with your credit card, you have to make sure that the service that receives your credit card number is really the one you want to give it to. You should never enter your credit card number on a Web page that does not have the green lock in the address bar in your browser. In the ideal case, you would want that, in addition, the address bar shows the name of the company with a green lock. However, this additional security is often not available, and you have to make do without.
Some people use Paypal to avoid giving their credit card number directly to the merchants. Personally, I have used it for years, but in the end I do not think it is worth it. To me, it was just an additional service that collects data about me, and it seemed that Paypal benefitted more from me than I from Paypal. Thus, I do not recommend it.
In Germany, the service “SOFORT Überweisung” has recently become popular. However, it is under critique, because it requires transmitting your PIN and TAN numbers to that service to make a payment. This, in turn, allows the service to see how much money you have on your account, and to make a profile of your recent transactions. Therefore, a court declared (DE) that this mode of payment may not be the only one that a Web shop offers. With this, I recommend to not use this service.
Personally, I use credit cards for paying online. Fraudulent charges can usually be objected to. Credit cards also usually come with an insurance, so that you do not have to pay the damages you suffer, or at least not in full. In the worst case, getting a new credit card is easy. I never had any experience with fraud, though.
* Online acquaintancesSome people use online forums, social media, or partnership sites to get to know people. While there is nothing wrong with that, you usually cannot be sure that the other person is whom they say they are.
Therefore, never do any of the following without having established a real-life friendship with that person:
- Send money
- Send intimate pictures of yourself. Also be aware that video chats can be recorded.
- Agree to meet in a non-public place.
* Virus Scanners and Software UpdatesAll of the above are good strategies, but it is better to have a general safety net. This safety net is provided by virus scanners. A virus scanner (also called anti-virus) is a software that runs on your computer and protects against malicious software.
If you are running Windows 8 or any newer version of Windows, then Microsoft's built-in virus scanner (called Windows Defender) is generally good enough. It is installed automatically, and you do not need to do anything.
If you are not running Windows 8 or newer, you should install a virus scanner. There are around half a dozen reputable virus scanners available. The good thing is that they are for free. I personally use Avira, but any other one will be just as good.
There is no excuse for not having a virus scanner installed on your computer.
A related topic is to make sure that all your software is always up to date. Nowadays, most software does this automatically. Just be sure to not obstruct such processes, and be sure to react if some software says it wants an update. On an iPhone, the App Store icon will show a red number if there is something to update. Click on it, and tell it to update everything. Likewise, the Settings icon will show a red number if there is an update of the operating system to do. If you see such a red number, tap on “Settings”, then on “General” and then on “Software update”.
Fishy Web pagesWeb pages can entice you to give personal details, to install software, or to buy certain things. As discussed above, you should engage in such interaction only if you can establish the identity of your interlocutor through a trusted third party. Particular attention is due on fishy Web pages such as:
- Porn pages
- Web pages that offer products at lower prices even though they are usually more expensive
- Web pages that have excessive advertisements, blinking messages, pop-up messages, or pop-up windows
Such pages are generally untrustworthy.
However, surprisingly, the majority of viruses does not come from these pages, but rather from ordinary pages: in the health domain, in the technology domain, or in the domain of games (DE). The reason is that hackers sometimes succeed in installing harmful advertisements on such pages.
Protecting yourself against companies
What the big companies know about youIf you want to know what Google knows about you, go to the Google Dashboard and log in. It will show all the data Google has collected about you.
If you use Google services regularly, then Google knows
- all your emails
- all your Web searches: for the new lawn mower, for the anti-baby pill, for these strange red dots on your legs, for vegetarian restaurants, and for all the other things you have ever searched for
- your exact location at every moment in the past years (if you are logged in with Google Maps)
- the people you interact with
- the restaurants you have visited, the flights you have taken, the hotels you have booked
- based on this: your home address, your work address, your sexual preferences, your travel habits, your social circle, and your income.
Now there are people who are horrified by this, and there are people who are OK with this. People who are horrified say: You would never want to share all of this with your best friend; then why would you want to share it with Google? People who are OK with this say: I have been using these services for years now and I have never noticed any discomfort from it; so it's mainly an imaginary problem.
I have been thinking about this issue for quite some time now, and I can understand both sides. Therefore, I do not want to strongly argue that you have to protect your data from Google and the like. I will just tell you what you can do if you decide to reduce your flow of data to these companies.
What the companies deliver in returnDespite all the agitation about privacy, the life of the average citizen does not get any worse of he shares his data with Google. On the contrary, in comparison to other companies, Google offers exceptionally good service: Its search engine is vastly superior to any competitors (except maybe Bing); its email was the first to offer huge storage space for free (and others took years to jump on the train); its two-factor authentication is flawless (unlike most other services, Google offers independent fall-back options for every factor); it pioneered email analysis for events and bookings; and its Web interface is admirably clutter-free (contrary to the interfaces of most other providers).
The same is true of Facebook: It's just great to have all your friends in one place. It is extremely convenient to get updated when they marry, move, or graduate. Also, you don't have to take care to update your address book anymore: everybody just updates their own address. Finally, almost everybody is on Facebook. That's just extremely convenient.
Dropbox, likewise, is the top dog in the area of cloud storage: Its service works across all platforms, and on all mobile devices; it is super-easy to use; it has two factor authentication with independent fall-back options; and it allows going back to any version of a file during the last 30 days. These are features that only few of its competitors offer in all of their breadth.
Finally, all these services are free, which is admittedly a clear advantage. Alternative products are usually for pay. Furthermore, the alternatives are usually advertised by privacy-aware people and magazines as software of equal value. However, this is clearly not always the case. Most of the alternatives have clear drawbacks, which become obvious only when you use the software for a few weeks. I do actually use the alternatives, and I will point out their weaknesses.
Why it makes sense to protect yourselfAs I said, I will not argue for you to leave the big companies. However, if you are rather inclined to do it, here are arguments that can substantiate your position:
- The information you share with online service providers gives them a window into your private life. 100 Facebook “Likes” are enough to predict your personality traits better than your spouse can do it. This allows Facebook to accurately predict depression, political orientation, self-monitoring, impulsivity, values, sensational interests, field of study, substance use, physical health, social network characteristics, and other online activities. You may not want a company to know these things. For example, Facebook allows advertisers to target ads by gender, age, education level, relationship status, “mother type” (“soccer”, “trendy”, etc.), by whether the user wants to buy a car, age of car, how much money the user will spend next year, balance on the credit card, types of clothing, heavy buying of alcohol, pain relief buyers, type of preferred restaurants, receptivity to online insurance offers, likely moving soon, or type of vacation. Facebook knows all of this about you.
- Much (not all) of the information about you is sold by so-called data brokers, and feeds background checks for credit scores, insurance fees, and hiring decisions. Thus, your data serves to make decisions that affect you. Even if you have “nothing to hide”, the problem is that you do not know what the decision maker knows. For example, your social media data is used to establish your credit score.
- If you have a personal issue (planning a divorce, having a medical problem, having an uncommon sexual preference, being under-age and pregnant), you do not want advertisements about this situation to appear on all Web pages that you visit. Google has a policy about this for users, app providers, and sellers. However, personal issues can still influence the ads you see. Therefore, the safest way to avoid such ads is to make sure that the industry does not know about your problem in the first place.
- Through advertisements, feed updates, and search results, the services create a Web environment that is tailored to your perspective. You can see this in your internet searches and in your Facebook news feed: For liberals: when did you last see an article about the benefits of Donald Trump in your newsfeed? For conservatives: when did you last see an argument that religion segregates humanity? These things exist, and they are shared and read by others, but not by you. Maybe you want to escape this filter bubble and see neutral information instead.
- Some people treat data that is so sensitive that the law forbids to share it with any other people. These are, e.g., lawyers, doctors, high-rank politicians, or psychologists. These people cannot use services that can read their data.
- Some people (such as activists, politicians, jurors, or judges) may want to pass laws against Google, sue Google in court, or campaign against Google. If these people share their data with Google, then Google can use that data to (1) anticipate what these people want to do or (2) blackmail these people. These possibilities were evoked in a recent verdict. It is not given that Google would actually do it (and in fact they agreed not to), but it is clear that the accumulation of data gives Google at least hypothetically undue power over politicians as individuals — and thus ultimately over our legal system.
- Some people may not be in a vulnerable position right now, and Google may not be doing anything evil with the data right now — but both can happen in the coming 30 years. The data that is shared today is still there in 30 years. As David Solove argues, “insecurity is the injury of being placed in a weakened state, of being made more vulnerable to a range of future harms”. The information that you provide does not expire. Even if you’re OK now with people seeing a picture of you partying, you may no longer be OK with it in 10 years. But the picture is still there.
- Apple, Dropbox, Facebook, Google, and others publish extensive transparency reports. Still, you may distrust the links between these companies and the government — e.g., the links between Google and the government.
- Sometimes, the data may just leek. In 2017, the name, birthdates, home addresses, telephone numbers, suspected religious affiliations, ethnicities and political biases (gun control, abortion and stem cell research) of 60% of the entire US population leaked to the public. It was collected by a company hired to support the Republican election campaign.
- You become vulnerable to blackmail. General Motors once sought to spy upon and then blackmail the author of a book that was critical of its cars. This was in 1970. Imagine how much easier this is today. Such concerns are indeed raised in the context of the latest browser add-on scandal.
- In many court cases, the decision depends on the trustworthiness of the plaintiff and the defendant. In some cases, the main strategy of one party is to discredit the other party. Think, e.g., of the case against Dominique Strauss-Kahn, which was decided because the defendant succeeded in finding fishy details in the life of the plaintiff. Thus, any information that is out there about you can be used against you.
Again, the decision is yours. If you want to un-google your life, here is how to do it.
Change cloud storageDropbox, Apple's iCloud, and Google Drive remain the most popular cloud storage services. At the same time, you are sharing with these services all your personal files and photos. In the case of Chinese iCloud users, the data may also be shared with the Chinese government. If you do not wish to do that, then you have to move to end-to-end-encrypted cloud storage services. These are systems that encrypt the data before it is sent to the cloud.
I have written extensively about different encrypted cloud storage systems elsewhere. A table of comparison is attached below. Here, I just note that the outcome of my study was that Sync.com is the best alternative.
Sync.com offers all the same comfort as Dropbox, but it encrypts your data end-to-end. This means that even they cannot access the data. It is also slightly cheaper. The drawbacks of Sync.com in comparison to Dropbox are:
- You cannot recover your password, because even they don't know it. So make sure you back it up.
- There is no fall-back option for the two-factor authentication, so you have to use the trick explained above.
- The software is currently not available for Linux.
- Since most people use Dropbox for sharing folders, you may still have to keep Dropbox if you want to keep sharing. Note: this applies only to “active sharing”, where you collaborate on some files with your partner. You can always receive “passive sharing” (such as photos and the like) from Dropbox, even if you have no Dropbox account.
All in all, I am happy with Sync and I recommend it. Full disclosure: I get 1 GB for free for every new account opened through my recommendation. So far, I got 1200 GB. Here is the full comparison:
|AeroFS||yes||not a cloud storage|
|Box US||yes||25 versions||no||A|
|Frostbox||yes||for social networks only|
|SmartBox||yes||for file sharing|
|OwnCloud||no||no||no||requires own server|
Before closing your cloud storageBefore closing your old cloud storage at Dropbox, Google Drive, or Apple's iCloud, you have to make sure that you download all data that is stored in that service but not on your hard drive.
Google Drive, e.g., allows you to create and store documents online. If you want to move away from Google Drive, you have to download these documents: Open them, click “File”, and then “Download as”.
I had Dropbox and closed it (see image). Dropbox provided an extremely good service even during the break-up.
Change email providerThe business model of free email providers is: They provide you free services, and in return, you give them their data, so that they can sell you advertisements. If you wish to break away from that model, you have to switch to an email service that you pay for. The price is usually around 20-50 EUR per year.
There are numerous email providers. Things you may want to look out for are:
- Two factor authentication. This is a must.
- The ability to use your own domain (if you want to)
- Compatibility with your phone calendar and contacts. This is really convenient, don't lose out on it.
- No advertisements
After an extensive search of alternative providers, I found that Fastmail worked best for me. Fastmail has a very clean interface, it provides its service well, and it is very frank about its own capabilities. I have never regretted the move. Things that Fastmail does not offer are:
- Parsing your emails to add meetings to your calendar (these underlined dates). However, Apple's mail program (and the iPhone mail app) will do it for you.
- The chat function was discontinued in 2016.
The migration of email to the new provider is usually not a problem: All email providers support the IMAP protocol, and you can just import the old mails into the new service. Make sure that your new provider supports this option.
Before closing your email accountYour email account is your digital identity. Therefore:
Before closing your old email account, make sure that all services that depend on it have been updated!These are banks, social network accounts, iPhone/Android accounts, and cloud storage accounts. If you do not do that, you will lose access to these accounts!
You also have to update all your friends. I recommend keeping the old email account for some months, forwarding the emails to the new account, and adding a vacation auto-reply saying that your email address has changed. If, after some months, you still receive email to the old address, you have to manually write to the senders and ask them to update their address book.
You can keep all other Google products (Google Drive etc.) even if you close down your Gmail account (see picture).
Get back your data from GoogleGoogle offers a large number of products, which each collect data about you. You may want to opt out of some of these services (or all).
Before you move away form Google, you may wish to get the data that Google collected about you. Fortunately, Google makes this admirably simple: You just go to the download page and download your emails, calendar data, GPS traces, Web searches, etc. Note that even if you don't know right now how to use this data, it's still a good idea to download it. Storage space is cheap these days, and it's better to keep something that could be of value rather than throwing it away.
Ditch SkypeSkype is an application that allows users to place voice calls, video calls, and conference calls — either via the Internet or to a landline. The 2013 mass surveillance disclosures revealed that Microsoft had granted intelligence agencies unfettered access to supernodes and Skype communication content [Wikipedia]. This includes the audio and the video of Skype calls. The list of security flaws of Skype is long. Furthermore, by using Skype, you are sharing your contact list with Microsoft.
Apart from this, I hate the interface of Skype. It takes ages to start up. The initial screen shows all kinds of status updates that I do not care about. The chat window is hard to find, and sometimes chat messages arrive without me noticing it. And finally, on Windows, it takes several steps to make sure that Skype is really off.
There is a free and simple alternative to Skype that does not even require an account. The technology is called WebRTC, and it is built-in into most browsers. Firefox Hello used to be one of the providers, but it is being shut down in favor of alternative WebRTC providers. There are indeed several such providers. They offer the service for free: you just go to their Web page, open a new conversation, and send the link to that conversation by email to your interlocutor(s). The interlocutors click on the link and join the conversation. The best thing about it is that no login or account is required — neither for you nor for your interlocutors. I have tried OpenTokRTC and it works great. I have therefore closed my Skype account.
Maps AppGoogle provides a very good map app on the phone. However, it will try to entice you to sign in with your account. Once that is done, it starts collecting data about your locations. Fortunately, there are good alternatives to Google Maps.
Apple's own Maps app is decent, and better than its reputation. Personally, however, I use an app based on OpenStreetMaps. This is a project that aims to collaboratively build a map of the world that is free for everyone to use. While OpenStreetMaps is in itself not an app, there are a number of apps that use its data. The disadvantage of such apps is that the search function is usually not as good as Google's. The coverage, however, has so far been very good in all places that I have been to. Furthermore, these apps have an additional advantage: They usually allow you to download the map. This means that you can navigate around without Internet connection — and thus without roaming charges. This works because the GPS geolocation on your phone is always available free of charge. Furthermore, you can actually contribute to the OpenStreetMaps project and add points of interest that are missing.
There are several apps based on OpenStreetMaps (search “offline maps” in your app store). I have not tried all of them; I am using MapsWithMe, and it does its job just fine.
Change search engineThere are dozens of competitors for Google's search engine out there. While their results were previously much worse than Google’s, that has changed recently. The most popular alternatives are:
- Bing is Microsoft’s search engine. It is as commercial as Google.
- A French search engine with a very responsive and appealing interface. Zero tracking.
- The oldest privacy-aware search engine. Offers more verticals than Qwant (maps, currency conversion, etc.).
- Uses Google’s search results (= very good results), but anonymizes them before sending them to Google (= privacy is kept). Very slow.
Check privacy settingsBoth Google and Facebook allow you to fiddle with their privacy settings. Both have also recently put this feature more to the front. I recommend that you take a look at these settings:
- Who can see what you post
- Who can see your pictures
- Whether Google/Facebook is allowed to use your data for advertising
To check this, log in to Google or Facebook, head to the settings, and search the item “privacy”. It may take 15 minutes or so to go through the settings, but it's definitively worth it. Then do the same with other services you may be using.
This is useful in particular since there are companies that scan public social profiles for a variety of services. This includes “employment background screenings, insurance claims investigations, corporate due diligence, and Government services” (Social Intelligence Corp.).
Change browserThere is a big war about which Internet browser is the best. However, in my opinion, this war is mainly fought by the providers, not by the users. From a user's perspective, most browsers are more or less the same. Maybe one browser is a bit faster than the other, or one has a feature that the other one doesn't have, but all of this will change anyway with the next update. As for privacy: Generally, most browsers collect some data. At the same time, all browsers allow you to switch off the data collection if you fiddle with the privacy settings.
I also came to distrust browser reviews by professionals. These are usually based on a number of minuscule differences between the browsers, such as whether a test page loaded in 0.01 seconds or in 0.02 seconds. These are irrelevant for everyday use and change anyway with the next update. Furthermore, the reviews usually do not discover the weaknesses that the browsers have in everyday use: They will report, e.g., that Firefox allows synchronization across several devices. That's great! However, search engines and add-on preferences are not synchronized, so that you have to set them up all over again on each device. Firefox also allows setting up custom search engines. Wonderful! However, no review tells you that it's a pain to edit them. Opera also allows you to specify custom search engines. That's great! But it doesn't allow any default search engine beyond those that have a contract with Opera. Safari is the fastest browser. Great! But it is no longer updated for Windows. Chrome doesn't suffer from any of these weaknesses. Yay! But with Chrome you're mainly giving the market leader still more market share.
As for the specific browsers: There are 3 main “engines”, and most popular browsers sit on one of them.
- Microsoft's Edge Browser and Internet Explorer sit on Microsoft’s Trident engine. The Internet Explorer is traditionally seen with little sympathy, because it has been slow to adopt Web standards. The Edge browser is a trimmed-down version of the Internet Explorer that still has to prove itself.
- Mozilla Firefox and its derivatives sit on the Gecko engine. This engine is developed as open source, which gives it some sympathy points. The Firefox browser is generally considered a vanilla solution: It is stable, it performs well, and it does not collect as much data. Beyond this, there are a number of variations of Firefox that are explicitly geared towards more privacy, among others TOR.
- Google's Chrome browser and the Opera browser sit on the Chromium engine Blink. Chromium is an open source project. Google Chrome collects some data about yourself, but you can disable all of these features. Chrome is generally regarded as fast and stable. Opera is also fast and stable, and has often been the front-runner in innovative features. However, both browsers are driven by a commercial model. Chrome is closely linked to Google services by default. Furthermore, Google has a hand in the open source project, which has led to confusion in the past. Opera does not allow the user to specify a different search engine as default search engine. It also collects private data through its VPN.
- Apple has developed its own Safari browser. However, this browser has been discontinued on Windows.
Personally, I use Firefox, but I have no firm recommendation.
Change browser settingsNo matter which browser you choose, it has an item called “privacy” in its settings (search for it on the Web if you cannot find it). The privacy settings allow you to erase your history, tell Web sites not to track you, to forget passwords that you stored, or to remove cookies (see next article).
It makes sense to have a look at these settings. However, be aware that changing these settings will also change your browsing experience. For example, if you switch off cookies, then some Web sites may no longer work. The present guide summarizes my own trade-off between privacy and comfort. Thus, if you just follow what is written here, you will be mostly fine.
One thing you might want to do is uninstalling Adobe Flash from your system. This is a software that is used in your browser to display videos. However, it has attracted criticism for security problems and privacy problems. Adobe itself has announced the end of the format for 2020.You can read here how to uninstall it.
Clear cookiesA cookie is a small piece of data that a Web site can store on your computer. This piece of data continues to live even when you close your browser. It allows the Web site to recognize you next time you visit. Thereby, cookies allow Web pages to collect data about your behavior.
You can disallow cookies, but then many Web pages will not work anymore. The trade-off that I recommend is to tell the browser to erase cookies when the browser is closed. The screenshot to the right shows how to do this in Firefox.
You can also tell Web sites not to track you (see setting at the top), but I am not sure how effective that option is in practice.
Log out of GmailGoogle sells ads to Web pages (even if these Web pages have nothing to do with Google). In return, Google gets to place a cookie on your computer when you visit such a page. Thus, Google knows that you visited that page. If you ever log in to your Google account on that same computer without deleting your cookies, Google can connect the pages you visited with your Google account.
The same is true of Facebook: Each “Like” button on a Web page is connected to Facebook. Thus, if you visit a page with a Like button, Facebook gets notified. It also places a cookie on your computer. If you log in to Facebook while the cookie is still alive, Facebook can connect the pages you visited with your account.
Thus, the best thing to do is to use Google, Gmail, and Facebook in a different browser. In all likelihood, you will anyway have several browsers installed on your computer. You can just use one browser for your main activities, and another one for your Facebook, Gmail, or Google sessions. In any case, be sure to log out of any session when you no longer need it, and delete cookies regularly.
Use privacy pluginsEven if you are not logged in, Facebook and Google can create a profile of you. Since every “Like” button and every Google ad sends a data point to these companies, they can build an anonymous profile of you. You would think that you could destroy the continuity of this profile by erasing the cookies. However, this is not true: First, the Faebook cookies are active even if you are logged out. Second, the companies build a digital fingerprint of your browser configuration. This fingerprint is unique enough to recognize you even if you delete all cookies. You can try it here. This way, the company can build the anonymous profile of “the person who reads this type of news at this time of the day and usually logs in to these Web pages”. If you then once sign in to Google or Facebook, they can make the link.
The same is true not just of Google and Facebook. An average Web page calls more than a dozen advertisement, statistics, and tracking services. Since the same service is implanted on different Web pages, the service can track you across pages.
If you want to guard against this, you can use privacy add-ons such as Disconnect.me, AdBlockerPlus, uBlock-Origin, or PrivacyBadger. These filter the Web pages you visit to rid them of tracking data and/or advertisements. At the same time, most Web pages rely on ads for their financing, so this is something to be kept in mind. The privacy add-ons may also act as a VPN. Opera has a built-in ad-blocker. On other browsers, I have used AdBlockerPlus, and it does what it should: It removes the ads from the Web pages. However, AdBlockerPlus gets paid from advertisers to unblock certain advertisements — which has attracted criticism. PrivacyBadger is proposed by the Electronic Frontier Foundation, a rather serious group. Different from the other services, it automatically learns which services track you. Thus, it does not have to rely on someone blacklisting or whitelisting services for you. I have tried it, and it blocks around a dozen tracking services per Web page, which is intellectually satisfying. Even more intellectually satisfying is Disconnect.me, which tells you how much traffic you saved by removing the trackers. In Firefox, the basic service of Disconnect.me is already included. Finally, uBlock-Origin is an open-source project that also blocks advertisements and user tracking. It is generally well-received by the community. Paradoxically, Google has also developed an add-on that opts you out of Google’s data collection. As for myself, I use uBlock-Origin, but I have no strong opinion on these tracking blockers.
Another problem is the so-called “referrer”: If you go from Web site A to Web site B, the browser will tell B that you came from A. This has repercussions for privacy. There are plugins to disable this.
Change social networkIn the ideal case, the privacy-aware user would leave Facebook behind: it does not support open protocols, it offers no convenient way of downloading individual chats, it collects lots of personal information, and it uses this information for commercial purposes.
However, let's face it: none of the Facebook alternatives ever took off. I tried Diaspora, but I could not even import my address book. I would have to add all my friends one by one. Also, none of my friends is there anyway. As much as I like the idea, Diaspora is just not a reasonable Facebook alternative at this time.
Thus, I cannot recommend an alternative to Facebook at this time.
Mainstream MessengersOne of the most popular messenger programs is WhatsApp. The service uses end-to-end encryption, and the advantage is that most of your friends will already have WhatsApp. It's also relatively easy to backup. The disadvantages are:
- WhatsApp shares your phone number and contact list with Facebook.
- The meta-data (whom you communicate with) is still out in the open, and shared with Facebook.
- WhatsApp makes your status message, and your online status publicly available, so that anybody who knows your phone number can see when and how much you chat.
Google Hangout and Facebook messenger suffer from similar problems: They allow the company to trace when and with whom you communicate. Every single time you use the app, you are giving the company a datapoint about yourself: at what times you are awake, who are your contacts, with whom you chat most, etc.
Privacy-oriented servicesOther services, such as Threema, Signal, and Telegram, are more privacy-oriented. Even Apple’s iMessage falls into this group, because Apple does not make money with user data. (They make enough money from selling overpriced iPhones.)
The Electronic Frontier Foundation maintains a score chart that shows the security of each of these services. The OpenWhisper Signal app is often highlighted, because it is open source, and recommended by Edward Snowden. It also allows encrypted phone calls. However, Signal is difficult to backup.
Apple's iMessage is integrated into the SMS application of the iPhone: whenever you send an SMS to another iPhone user, the message is automatically sent as an end-to-end encrypted message. This is indicated by a blue bubble (instead of a green one). Apple implemented this encryption in 2011, two years before the rest of the world cared about end-to-end encryption. iMessage also allows for voice-over-IP calls, i.e. end-to-end encrypted phone calls that work over the data connection (the service is called FaceTime or FaceTime Audio). The chats can be synchronized to any Apple product (Mac, iPad, etc.), while still remaining end-to-end encrypted. For this purpose, you have to enable “Messages in iCloud” on all devices. At the same time you have to disable “Keychain” and “iCloud backup”, because otherwise the encryption key will most likely be stored in your iCloud, too (and the iCloud is not end-to-end encrypted). When the messages are synchronized in this way with Mac, are stored as XML files on your hard drive. Thus, they can be backed up very easily.
The problem with all of these systems is that they are bound to a single service provider. This means that a user of one service cannot chat to a user of another service. By using one such platform, you are basically limiting your conversations to people who also use it. This is unlike email, where a Gmail user can of course email a Yahoo user.
XMPPThere is an open protocol for messengers, called XMPP. This protocol allows users to chat across different service providers. It also has an add-on for end-to-end encryption (called OMEMO), which offers the highest level of protection. The Electronic Frontier Foundation advertises this protocol, and shows how to install XMPP clients on Mac, iPhone, PC, and Android devices.
With XMPP, you can chat with people who also use XMPP-compatible messengers — no matter which provider they use. For example, you can chat with Skype users. Thus, XMPP is truly service provider independent. It also works across different devices (including desktop computers). Furthermore, it works with and without end-to-end encryption, depending on whether the other person's device supports encryption or not. Finally, it's open source. See here for an exhaustive argumentation in favor of XMPP.
The trouble with XMPP is two-fold: First, there is currently no XMPP messengers that allows you to backup your data. Second, the backup may not even be needed, because there are too few people who use XMPP anyway.
ComparisonIf you wish to find a messenger that suits your needs, here is an overview.
|Messenger||E2E encrypted||Private||Backupable||Video||Provider independent|
Windows 10Microsoft's new operating system, Windows 10, is a story of its own. By default, it sends a lot of data to Microsoft, more than you would reasonably expect. You will find guides on the Web about how to switch these features off.
iPhoneHere are some settings to check on the iPhone:
- The iPhone tracks your location. To switch that off, go to Settings > Privacy > Location Services > System Services > Frequent Locations.
- In Settings > Privacy, you can see which app can access which data. Go through these items, and make sure they correspond to your preferences.
- The iPhone can be located if it is lost. That is useful. To switch that on, go to Settings > iCloud > Find My iPhone
There may be similar settings on Android phones.
Keep track of accountsI can only warmly recommend making a list of all the online accounts that you have: banks, email, social media, online shops, mailing lists, etc. Of course, such a list is really sensitive data, and should be protected as such.
Such a list allows you to keep track of where your data is. It is also an unavoidable asset if you plan to change email address or phone number, and need to see which other accounts depend on them. The list also allows you to close accounts that you no longer need. Since I started tracking them, I closed 230 (two hundred thirty) of them. The main trick here is that you can use most services also without logging in: many booking Web sites, shopping Web sites, postal Web sites, etc. work just as well if you have no account there. You can just close your account there, and shop anonymously.
Protecting yourself against the government
Why this makes senseThere are a number of cases where it is obvious that it makes sense to protect your data from the government:
- If you are just generally averse to the idea of your government collecting data about yourself, for example because hundreds of American police officers are known to have used confidential databases to dig dirt on journalists, ex-girlfriends and others.
- If you want to become politically active, and would become vulnerable if the government knew about your private life. Politics is a murky business, even in democratic countries.
- If you deal with high security data for one government, and do not want another government to know about it.
If you live under an oppressive regime, and are opposed to it. China, e.g., sets up a comprehensive surveillance system that gives each citizen a “social credit score” — based on people's interactions on social media, shopping habits, and online behavior. If you have a low score, you may be refused a public office, lose access to public welfare, won't get a bed in overnight trains, and your children won't be allowed into more expensive private schools. This system will become mandatory by 2020. Yes, really.
Also note that a government may be benevolent now, but may become malicious in the future.
- Finally, even the hypothetical possibility of being subjected to pressure may already influence the way we think and act — this is known as the chilling effect.
- personal problems that you have to keep absolutely secret
- business secrets that the competition may not know
- activity that is (moral but) illegal in your country
- communication with whistle-blowers
- personal traits that are despised by society. Think of being gay in Texas. Or being atheist in Bangladesh.
In such cases, you need the government-level protection that the present section explains. Again, I do not want to argue that you absolutely have to protect yourself, but if you want to, here is how.
National Security LettersThe United States have a particularly ingenious system of spying on their citizens: The NSA can request that a service provider (such as Google) turns over data about a particular client. At the same time, the NSA can issue a so-called National Security Letter. This letter prohibits the service provider to tell anybody that they had to turn over the data. Thus, the service provider cannot publicly complain about the intrusion. They also cannot let the client know. All they can do is publishing how many security letters they have received. For the big companies, these are in the thousands per year.
The lesson from all this is that if you want to be serious about protecting your data, you cannot choose any service provider that is based in the US.
If you wish: Use a VPNA VPN is a software that encapsulates all your traffic from your computer in a secure tunnel. This avoids that malicious agents (including governments) can see your traffic. As a drawback, VPNs slow down your traffic considerably (at least in the free versions that I have tried). Furthermore, the traffic is already encrypted if you use Web pages with a green lock. The only thing that malicious agents can see is the page that you connect to.
Now if you have to protect yourself against the government knowing which pages you visit, then a VPN is a must. A VPN is also often the only way to access Web pages that your government blocks. You can see here a list of options. Otherwise, do a Web search. For myself, however, I have concluded that VPNs are an overkill. For any sensitive interaction, I use only Web pages with a green lock, and I am OK with the risk that malicious agents can see which pages I connect to. For sensitive Web browsing, I use TOR.
Watch out for VPN services that are for free. Their business model may be to use the data that the VPN gathers (the list of URLs that you visit) for marketing purposes. This is the case, e.g., for the built-in VPN of the Opera browser for iPhone, which reserves the right to use the data for limited marketing purposes.
If you wish: Use TORThe TOR browser is a Web browser that makes sure that no-one can track you. It does so by routing your queries over the TOR network. If you are dealing with highly-sensitive material, I recommend using this browser.
At the same time, TOR is not for everyday usage. The TOR network is several times slower than the other browsers, because it routes the queries differently. Furthermore, some online services will refuse to work if they notice that you try to sign in from TOR. Thus, this browser is not really an everyday alternative.
Encrypted cloud storageEnd-to-end encryption means that your data is encrypted at your device, and decrypted only at the recipient's device. Not even the service provider in the middle can see the data.
I already discussed end-to-end encrypted cloud storage before, and I repeat my recommendation for Sync.com. This service protects your data reasonably against any undesired access — from hackers, from companies, as well as from governments.
Phone and SMSGovernments may have access to phone and SMS data. In particular, they may have access to the meta-data: who called whom when. This may seem completely irrelevant, and yet it is not. If, e.g., you first call a gynecologist, and then an abortion clinic, it is pretty clear what is going on even if the content of the calls is unknown. The Electronic Frontier Foundation illustrates this in a number of examples. A study from Stanford, likewise, shows that many personal pieces of information (pregnancy, etc.) can be deduced by automated means just from the meta data.
Apart from that, it is apparently not difficult to hack into the phone network itself. Then, hackers can intercept and even send SMS to your phone. Researchers have demonstrated this in order to hack two-factor authentication per SMS.
To protect yourself against such advances, you have to use encrypted chats or encrypted sms instead of classical SMS. Some of these services allow voice calls, too; see next article.
Encrypted messengersI discuss different messengers above. Here, I focus on the security aspects. The first desideratum is obviously end-to-end encryption, which most messengers offer nowadays (see above). The most popular of the end-to-end encrypted services is WhatsApp. While the communication is indeed encrypted, the service has a number of weaknesses:
- The meta-data and the contact list is shared with Facebook.
- WhatsApp is a centralized service that can be blocked by governments (as it happened twice recently in Brazil).
- WhatsApp is bound to your mobile phone and your mobile number. If you lose or change any of these, you will have to move your account.
- WhatsApp is closed source, meaning that we do not know what the app really does. I believe, though, that this is more a theoretical concern: the security of an open source apps is unknown as well if no-one has audited it. And even if someone audited it for us, we have to make sure that what we install is what they checked.
- Whatsapp does not by default notify you if your correspondent changes their phone number (and thus their cryptographic key). This could theoretically allow attackers to snoop messages. It is debated to what degree this is a security problem. Switch on security notifications in Whatsapp -> Settings -> Security -> Notifications.
For these reasons, many security-minded folks (among which Edward Snowden) recommend Signal — an end-to-end encrypted open source messenger. The messenger is indeed great, but suffers from the following two weaknesses:
- The conversations cannot be backed up.
- The system is still centralized, which means that it can be blocked, as it has indeed happened.
In this light, the Electronic Frontier Foundation recommends XMPP. This model has several advantages. In particular, it is completely provider independent. There are two protocols for encryption: OTR and OMEMO. OTR is the more established one. However, what people rarely tell you is that OTR works only if both parties are online at the same time. You cannot send messages when one party of offline. That problem is solved by the OMEMO protocol. It is based on the Signal protocol, and should make everybody happy. However, it is so far poorly supported. Furthermore, the protocol does not offer voice calls. If you really want to try it out, you will find OMEMO compatible clients here.
As for myself, I do not use messengers. For any serious or larger encrypted conversation, I would use PGP.
Proprietary encryptionThe final piece of art is end-to-end encrypted email. There are a number of email providers, such as ProtonMail and Tutanota, that are built for just that. In these services, any email is encrypted on the sender's machine, sent through the servers, and decrypted on the receiver's machine. Thus, even the provider cannot see the content of the messages.
The problem with such approaches is that they work only between account holders of the same service. Emails to other people are sent unencrypted. Alternatively, emails to other people are sent by an encrypted link, which the recipient can access with a password that the sender and the receiver agreed upon. The receiver can reply in the same manner, but this amounts in fact to creating a guest account with the system. Thus, the solution is provider-dependent.
In general, such systems are closed, and not interoperable with solutions from other providers. Unless, that is, if they offer PGP (see next article).
Encrypted emailWe used to say that emails are like postcards: they can be read by anyone in transit. Today, that is no longer true: Most email providers encrypt the email in transit with a technique called TLS (transport layer security). This includes Gmail. Now the trouble is that the email provider itself can still read the mails (and thus the NSA, if the service is located in the US). To prevent this, we need end-to-end encryption.
There are two methods for service-independent end-to-end encrypted email: SMIME and PGP. The first relies on a central validation architecture, which could theoretically be infiltrated by governments. This is a rather hypothetical scenario, but if we talk government, then it is unreasonable to not go all the way. Hence, PGP.
In practice, PGP is a software that is somehow attached to your email program. When you write an email, PGP encrypts it. When you receive an email, PGP decrypts it. This is indeed the way it works when you use an email client on your laptop or desktop computer. The integration is seamless: you just click the little lock if you want your email to be encrypted. The Electronic Frontier Foundation shows how to install PGP on a Mac (with Apple's mail program or Thunderbird) and on a Windows machine (with Thunderbird).
So far, so good. Things get a lot trickier when you wish to use PGP in the online interface of your email provider (e.g., at https://gmail.com). For this, you need a browser plug-in called Mailvelope. It works well, but the limitations are:
- you can only write an encrypted mail on a computer where the plug-in is installed with your key. So you cannot write an encrypted email in an internet cafe.
- the same applies for reading encrypted mail. If you receive an encrypted email, then you are not able to decrypt it without the plug-in. It is just garbled text.
- since your email provider cannot decrypt the mail either, you cannot search inside encrypted emails.
- with the plug-in installed, you have to enter your password each time you read an encrypted email.
- with the plug-in installed, writing an encrypted email requires around 30 seconds more of clicking, choosing, dragging, and typing than writing an unencrypted email.
PGP on the phoneEncrypting email is also possible on the smart phone. I have tried out several iPhone apps for reading and writing encrypted emails. My general impression is that the more expensive they are, the better they work:
- Free apps
- I tried several free apps, and the ones I tried did not work well. They were buggy or complicated to handle, or crashed.
- This app installs like a keyboard. To encrypt, you choose the PGPEverywhere keyboard, which opens a little window in which you can type. Then you click “encrypt”, and the tool copy-pastes the encrypted content right where the cursor is in the main window. This is a quite elegant solution, because it works in any app without changing between apps. However, it is tedious to type anything else than a few lines into the pop-up window. Therefore, you can also write the message in the PGPEverywhere app, and the copy-paste it into the mail program. For decryption, there are two methods: you can either copy the encrypted content to the clipboard, and then open the app, which will automatically decrypt the message. Otherwise, you can “share” the encrypted file with the app, which will automatically decrypt it as well.
- This app works similarly to PGPEverywhere, but without the keyboard extension. For encryption, you have to open the app, write the email there, and then transfer what you wrote into the mail app. This takes a few clicks more than usual. However, it works generally well. To decrypt an email, you have to select the content of the email, copy it, open the PGP app, click “decrypt”, and give your fingerprint. This is quite cumbersome and takes around 20 seconds. Compared to PGPEverywhere, the use is a bit more pedestrian (more clicks are needed).
- Canary Mail
- The royal solution: Canary Mail is an entire email client app. You can use instead of your normal email app (Mail, Gmail, Fastmail), but with any email service provider (Gmail, Hotmail, Fastmail, etc.). You can read and send normal email, but you can also read and send PGP encrypted email. All emails to people whose keys you have are automatically encrypted with PGP. Vice versa, all PGP enrypted emails that you receive are automatically decrypted. The catch? The app is 10 EUR (10 USD). The app is also not as 100% streamlined as the Apple Mail app.
Most of these apps do not allow you to import all keys of your contacts from a keyserver (or they allow it, but don't do it properly). Thus, PGP encryption remains cumbersome on mobile devices. However, it is the best there is right now. With more privacy awareness among clients, there will be more privacy awareness among service providers, and thus eventually better services. Until then, we make do with what we have.