Even though government surveillance is nothing new - just think of Caesar's spies in the Roman Empire, or the KGB in the former Soviet Union - the Snowden revelations made us realize how much it was a part of our modern lives, too. The fact that agency staff could witness private moments of our lives whenever they liked, even if were up to nothing wrong, was a sobering realization to say the least. Being a good citizen, it seems, doesn't qualify one anymore for being excluded from monitoring so in this post we are looking at techniques that can help you protect your Internet privacy in the face of mass surveillance.
Before getting started, it's important to make it clear that it's not only the US government that snoops on its citizens en masse. Mass surveillance is a worldwide phenomenon and equivalents of the NSA can be found in many countries across the globe.
The recent FinFisher scandal on WikiLeaks, for instance, exposed a long list of countries whose governments use the well-known surveillance technique. FinFisher customers include agencies from Australia, Bahrain, Bangladesh, Belgium, Bosnia-Herzegovina, Estonia, Hungary, Italy, Mongolia, Nigeria, Netherlands, Pakistan, Singapore, Slovakia, Qatar, South Africa and Vietnam.
Needless to say, the Internet is an indispensable means in the hands of governments to gather confidential information about people's life. It lets them monitor your calls, read your emails, chat conversations and documents, view your photos, watch your videos, and check your updates on social media, if they want.
So how do you protect your confidential files and information in such an environment? Let's explore some crucial techniques that can help you in this regard.
To the question "Is encrypting my email any good at defeating the NSA surveillance?", in an article published in The Guardian, Edward Snowden replied the following:
"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on." Why is it so? What way can encryption protect your private emails, chat conversations, financial docs, photos, etc, even from the NSA? And what do the "properly implemented" and "strong crypto" terms mean? Let's explore it.
The basic idea of encryption is to turn plain text information into a format that makes it impossible for unauthorized parties to read it. This is achieved with the help of an algorithm, that is, a pattern with which characters in the original information get altered.
For instance, to use a very simple example, you want to encrypt your social security number that reads: 983789254. Let's say your simple algorithm replaces digit with a corresponding letter based on the letter order in the alphabet (1=a, 2=b, etc). So the encrypted string looks like this:
ihbcghibed While it won't deceive a seasoned hacker, or someone working for the NSA, you get the idea.
However, modern encryption software tools that employ super complex government-grade patterns, can easily turn your confidential files into character strings that are basically impossible to decode. That's what Snowden was referring to as "strong crypto".
So how does a real, encrypted file may look like? Let's have a look at it.
Let's say, you have a confidential Excel document, called "Passwords", that contains your usernames and passwords for various sites. In its normal, plain text format, it's very easy to view and compromise the sensitive information contained in it.
However, if you encrypt the file, the information contained in it gets transformed into unreadable characters, like this:
jVPpN1dY7r0URO0DI7EJtlxy6kq6iDXIf04TMhKQHdmOtrhWiQQDPDAVJClC3JrKDM4IygoJJBIait0e (Amazon login) jvVJM1gn1uuRcapUd/bnUGOzBRsDFvmmpY08aiZctDrH0DrFM0F3E0airy22iucI1J1iB/Yi5Zn91Kli (Facebook login) opZb3ytp1ckqLH+N1JgBWVqUB+pPdz+tvsUcr4YxbUIvYuTBdVXGCSZLwDkx+jxu+L7sceftBh6lrqp5 (PayPal login) 8h2s+0/J+fSca3SqkldtSvGkZN6IAqzHmOdzVe11orjb19Uv29LoRy1SvOw= (Gmail login)
As you can see, the encrypted format leaves no room for guessing what the original file was about. If your confidential files are protected with a strong algorithm modern encryption tools employ, they could take hackers decades to decrypt them because of the thousands of millions of character combinations they would need to try against your encrypted data.
Encryption can't only protect your text files, such as, documents, emails, text messages, etc, but also your photos, videos, or audio files. Please follow these steps to encrypt your sensitive emails.
Steganography is a little known, yet very powerful technique that can play a crucial part in protecting your privacy.
To easily understand what it does, let's keep using the previous example of trying to hide your social security number from prying eyes.
As you could see, encryption already did an excellent job by turning your SSN into an unrecognizable format. But what if I say that you could even hide your SSN in your favorite Xmas song? Who could ever suspect that such an innocent file as a Xmas song stores your social security number?! That's what steganography does. With its help you can embed a confidential file into an ordinary file to distract the thief's attention. In other words, an encrypted file can still be detected, but a file hidden with steganography can't.
Even better, you can directly hide your encrypted SSN in the Xmas song for added security! If that sounds too good to be true, let me demystify how steganography works and how you can use it to hide your confidential financial files, emails, and other sensitive data in innocent looking carrier files.
Steganography works as follows: common computer files (text, image, sound, HTML files) contain less important bits of information, or space that can be filled with other type of data. Even if you replace those bits the change in the original file remain unnoticeable. Steganography replaces those less important and unused bits with bits of the information you want to hide.
Let's say you want to embed your social security number into a holiday photo you took last year in Spain.
An image contains millions of pixels. If your steganography software replaces, say, every 200th pixel of the bright blue sky on your photo with a less bright shade and uses those bits to accommodate the characters of your social security number, people looking at the photo won't be able to notice the difference. This is how you can embed your confidential financial information, personal details, passwords, sensitive emails, or even images in innocent looking carrier files.
To get started with steganography, follow these steps.
3 Tracks Erasing
The last technique I'd like to recommend you start implementing is the secure, permanent erasure of all your Internet tracks.
Why is it not sufficient to clear your history the way you always do? Why did I say "secure, permanent erasure"?
It was because when you clear your history tracks from your favorite browser, Windows does not shred the sensitive information contained in the history files. Instead of overwriting the confidential information with random information, the operating system simply removes the file references (so that they seem to be gone) and moves the deleted history files to the free space of your hard drive.
The problem is that it's very easy to recover deleted history files from the free space using free tools available on the web. If unauthorized parties access your computer, they can view the URLs of sites you visited, the pictures you viewed and the videos you watched on the sites, or even the docs you opened in the browser. Learn more about the issue from this tutorial.
To permanently and securely remove your online traces, you need to overwrite the confidential information stored in the history files with a privacy protection tool. Follow the simple steps in this tutorial to make sure that your Internet activities can't be tracked by unauthorized parties.
Implementing the techniques listed in this post will significantly increase your Internet privacy in the face of mass surveillance and hacker activities. Encryption turns your plain text information into unreadable, or unintelligent data, steganography hides your encrypted confidential files in innocent looking carrier files and a privacy protection software erases all your Internet and computer activity traces for good.