Privacy and the Internet

It is getting more and more difficult to have a private conversation online these days. I’m not talking about the need for privacy so something criminal can be planned, but the simple act of being able to talk confidentially with someone and have a reasonable expectation that nobody else can listen in on your conversation or read your emails. As time goes by, the ability to have secure and private access to the internet becomes more difficult, governments and companies such as Google and Facebook want access to our communications, that information is then sold to other companies. The fact is, you should never post something online that you are not happy for the whole world to see, just because you believe it to be private, just for the person you want to see it, does not make it so.

privacySo what can be done to improve the security of your communications? For a start you need to communicate using ‘end to end encryption’ What is that, you ask? It means your communication is encrypted on your computer or phone before being sent to whoever you want to see it. The computer or phone of the receiver then decrypts the message. Nobody in the middle, not your ISP (internet service provider) or anyone else, has access to your communication. Even the service you use to send the encrypted message can not read your messages, even if they try to look, all they will see is a scrambled and meaningless string of numbers and letters. The next important point is that any service you use for secure communication must use ‘open source’ software. Open source means the original software code is freely available for anyone to see and modify. It also means that if a bug is found in the software, it can be quickly fixed and updates made. It is not possible to hide a deliberate mistake in the software that can give access to your messages, for instance, to hackers, ISP or government. For this reason I would not use WhatsApp, it uses end to end encryption but it is ‘closed source’ not open source, the original code can not be seen or corrected, except by WhatsApp and it is owned by Facebook, a company that lives on collecting data about its users.

There are some simple steps you can take to improve the privacy of your email and chats. The first is to sign up for a ProtonMail email account, it is based on open source software and uses full end to end encryption, you can access it through your web browser and on your phone through an App. For chat there are two options I like, one is free the other is not. The first is Signal, it is a free App for your phone, again it is open source and offers end to end encryption. The second option is Threema, also an App for your phone, it isn’t free but it has some features I personally like. While ProtonMail doesn’t need the person you are emailing to also have an account both Signal and Threema do require the person you are communicating with to be using the same software. It is how their systems work.

Those are simple steps you can take to improve the privacy of your communications and for 99% of the time are more than adequate. If you are interested or curious to try something new and don’t mind following a few simple steps, there is an extra layer of security you can add to your communications. Most people will use ProtonMail on their PC or phone, Signal and Threema are for phone use too. But the system to run the PC will probably be Microsoft Windows operating system or the Apple operating system. Signal and Threema run on Android, IOS operating systems etc. The issue is that those operating systems are controlled by the companies that created them, Android is owned by Google and open source, Google updates it but how often does the maker of your Android phone send you those security updates? Both MS Windows and Apple IOS are actively targeted by hackers and they regularly find security weaknesses to exploit and get access to the computers running them. We are trusting Microsoft, Apple and Google to fix those weaknesses as quickly as possible and not to deliberately leave secret access points into the operating system so governments can have a browse through your computer or phone whenever they wish. Most people don’t want to stop using MS Windows or Apple IOS for their regular computer needs, I understand that. But let’s imagine you are working on a highly confidential project that needs to really be as secure as possible, or maybe someone in China who needs full and open access to the internet and communication which really as secure as possible. This is where a ‘Live Operating System’ comes in very useful. A Live OS is a complete bootable computer installation including operating system which runs in a computer’s memory, rather than loading from a hard disk drive; the USB itself is read-only. It allows users to run an operating system for any purpose without installing it or making any changes to the computer’s configuration. Live operating systems can run on a computer without secondary storage, such as a hard disk drive. Today, most people run a Live OS from a USB memory stick, CD or DVD. There is a Live OS that is built from the ground up with security in mind, it is called Tails is open source, concentrates on encryption and making you anonymous on the internet. Using Tails will not change or effect your Windows or IOS installation, You plug the memory stick into your USB and the computer starts from that and when you shut down the PC and remove the USB stick, the next time you start your PC, it starts as normal. What are the advantages of using Tails OS? All work you do, documents created and conversations are kept secure and encrypted, you can create documents that you can save to a memory stick and only you will be able to read them. Tails OS connects you to the internet through the Tor network and keeps you anonymous. If you don’t mind getting a bit technical, it is worth taking the time to read and understand how Tor works and the different ways you can use it. Countries such as China try to block Tor but there are built in ways to get around the block.

In this time of threat to privacy and loss of confidentiality, steps need to be taken by those who want to protect their communications from mass surveillance. You can take some simple steps such as use ProtonMail, Signal or Threema and if you need an extra layer of of security and don’t mind getting a bit technical then use Tails OS with its built in connection to the Tor network.