Can I live without surveillance?
June 10, 2013 7:09 PM Subscribe
Like many of us here, I am deeply disturbed by the recent revelations about the extent of the NSA's surveillance program. How can I lead a life without my telephone calls and internet activity being monitored by the government? More questions inside from an average boring American who has nothing to hide but wants to start living my technological life differently.
I am a Gmail user. I use Chrome for browsing the web. Verizon is both my cell phone and land line service provider. I rely on DropBox (which the leaked document says is the next service to be targeted by the NSA) for backing up my documents. What can I do to avoid my civil liberties being violated?
At least I'm not a regular on Facebook.
I am a Gmail user. I use Chrome for browsing the web. Verizon is both my cell phone and land line service provider. I rely on DropBox (which the leaked document says is the next service to be targeted by the NSA) for backing up my documents. What can I do to avoid my civil liberties being violated?
At least I'm not a regular on Facebook.
To address the issues immediately at hand: encrypt your communications. Familiarize yourself with public-key encryption and GnuPG. Encrypt your private data and do not store it in "the cloud". This will make it much harder for the government to snoop on your conversations.
Here's the problem with that. First, in order to encrypt your communications with others, they must also be willing to encrypt their communications. Unless you live in a social circle of tinfoil hats (which you don't; otherwise, you wouldn't be posting this message) most of your associates probably do not care enough about this issue to bother themselves with using encrypted communications. Second, the allegations of what the NSA is doing does not suggest that they are listening in on conversations--at least, not on a particularly massive scale. Rather, they are simply logging who you talk to and when you talk to them, but not what you say. Even if you encrypt your communications, the fact that you talked to someone and when you talked to them is still going to be something the NSA would track.
Some will tell you to stop using Gmail altogether. Using it may expose you to marginally greater risk, as your email then sits on Google's server, ready to be subpoenaed or snooped at any time. The thing is, email travels unencrypted through public networks, and so it can be logged and stored at any point along the way. I suppose by using Gmail you are making it easier for the snoopers though.
Another thing to watch out for is Chrome, which is Google's means to harvest your personal information. If you care about your privacy, do not use it.
All in all though, electronic communication networks are a big modern convenience and the best way to keep yourself from getting snooped is to avoid their use altogether. While you are at it, you had better stop using your credit cards and checking accounts too, as who knows what classified programs are harvesting all those records too. Then you had better not fly, or rent a car. Hey, how does life as a mountain man sound?
The next best thing is, as they say, to "write your congressman" and I honestly think that, as ineffectual as that is, it's a better idea than trying to unplug or encrypt yourself. Encryption is good to hide yourself from criminals. From the government? Not so much.
posted by massysett at 7:35 PM on June 10, 2013
Here's the problem with that. First, in order to encrypt your communications with others, they must also be willing to encrypt their communications. Unless you live in a social circle of tinfoil hats (which you don't; otherwise, you wouldn't be posting this message) most of your associates probably do not care enough about this issue to bother themselves with using encrypted communications. Second, the allegations of what the NSA is doing does not suggest that they are listening in on conversations--at least, not on a particularly massive scale. Rather, they are simply logging who you talk to and when you talk to them, but not what you say. Even if you encrypt your communications, the fact that you talked to someone and when you talked to them is still going to be something the NSA would track.
Some will tell you to stop using Gmail altogether. Using it may expose you to marginally greater risk, as your email then sits on Google's server, ready to be subpoenaed or snooped at any time. The thing is, email travels unencrypted through public networks, and so it can be logged and stored at any point along the way. I suppose by using Gmail you are making it easier for the snoopers though.
Another thing to watch out for is Chrome, which is Google's means to harvest your personal information. If you care about your privacy, do not use it.
All in all though, electronic communication networks are a big modern convenience and the best way to keep yourself from getting snooped is to avoid their use altogether. While you are at it, you had better stop using your credit cards and checking accounts too, as who knows what classified programs are harvesting all those records too. Then you had better not fly, or rent a car. Hey, how does life as a mountain man sound?
The next best thing is, as they say, to "write your congressman" and I honestly think that, as ineffectual as that is, it's a better idea than trying to unplug or encrypt yourself. Encryption is good to hide yourself from criminals. From the government? Not so much.
posted by massysett at 7:35 PM on June 10, 2013
Response by poster: Massysett, I appreciate your thoughts, but to prevent a derail: I'm not a tinfoil hatter- just a technology ignoramus who is trying to understand what my options are. Would you recommend Firefox as a browser alternative?
posted by foxy_hedgehog at 7:51 PM on June 10, 2013
posted by foxy_hedgehog at 7:51 PM on June 10, 2013
A similar question was asked yesterday.
http://ask.metafilter.com/242556/Virtual-Bullproofing-my-Life
There were a number of good answers in there, including this sage and handsome one:
http://ask.metafilter.com/242556/Virtual-Bullproofing-my-Life#3520782
posted by jingzuo at 7:55 PM on June 10, 2013
http://ask.metafilter.com/242556/Virtual-Bullproofing-my-Life
There were a number of good answers in there, including this sage and handsome one:
http://ask.metafilter.com/242556/Virtual-Bullproofing-my-Life#3520782
posted by jingzuo at 7:55 PM on June 10, 2013
The focus of the recent disclosures about the NSA is the harvesting of meta-data. Not the content of communications, but the connections, locations, and durations. Who you were communicating with, when, for how long, and where each party was located.
Standard approaches to encryption won't obscure any of that information. It just obscures the content. So if you're concerned about what the G-Cloud can learn about you from meta-data, encrypting content won't help a whit.
posted by alms at 8:02 PM on June 10, 2013 [2 favorites]
Standard approaches to encryption won't obscure any of that information. It just obscures the content. So if you're concerned about what the G-Cloud can learn about you from meta-data, encrypting content won't help a whit.
posted by alms at 8:02 PM on June 10, 2013 [2 favorites]
Response by poster: Thanks, jingzuo- I did a search but didn't find that question. If others have resources that weren't mentioned in the previous post, I'd still love to hear them.
posted by foxy_hedgehog at 8:03 PM on June 10, 2013
posted by foxy_hedgehog at 8:03 PM on June 10, 2013
The easiest answer I can come up with is to be nondescript*. Don't stand out. Couch your communications in daily drivel. Talk about pets. Talk about your kids. Talk about tv shows in minute detail.
Don't communicate anything via email that you wouldn't want your mom to read at your funeral. Depending on your service**, email hasn't been secure at all for a long time now. Ask Sarah Palin.
Sure, mailing a bunch of sappy love letters to someone you barely know in the 1940's could be embarrassing, usually they were embarrassing to four or five people max. This isn't the same thing at all.
Wow, upon review I seem more paranoid than I actually am.
*Normally I'd put another word there, but you know.
**Sure, I'll stipulate that crpto to crypto emails can and should be secure, they just aren't. Not today.
posted by Sphinx at 8:03 PM on June 10, 2013 [2 favorites]
Don't communicate anything via email that you wouldn't want your mom to read at your funeral. Depending on your service**, email hasn't been secure at all for a long time now. Ask Sarah Palin.
Sure, mailing a bunch of sappy love letters to someone you barely know in the 1940's could be embarrassing, usually they were embarrassing to four or five people max. This isn't the same thing at all.
Wow, upon review I seem more paranoid than I actually am.
*Normally I'd put another word there, but you know.
**Sure, I'll stipulate that crpto to crypto emails can and should be secure, they just aren't. Not today.
posted by Sphinx at 8:03 PM on June 10, 2013 [2 favorites]
People are dancing around the real answer. The real answer is: almost nothing. You can't do anything to avoid the type of monitoring we're talking about other than avoiding internet or phone use. Well, you can advocate and vote for candidates who will dismantle the surveillance state.
Beyond that you take lessons from The Wire. What you want is exactly what drug dealers want, anonymous and unmonitored communication. You need to buy burner phones. Don't use them more than a few times. Don't use internet from your home, only from libraries and internet cafes. And so on.
That seems like an awful lot of work right? That's why the actual answer is what I said first: pretty much nothing.
(encrypting communications does nothing to prevent collection of metadata, fwiw.)
posted by Justinian at 8:22 PM on June 10, 2013 [8 favorites]
Beyond that you take lessons from The Wire. What you want is exactly what drug dealers want, anonymous and unmonitored communication. You need to buy burner phones. Don't use them more than a few times. Don't use internet from your home, only from libraries and internet cafes. And so on.
That seems like an awful lot of work right? That's why the actual answer is what I said first: pretty much nothing.
(encrypting communications does nothing to prevent collection of metadata, fwiw.)
posted by Justinian at 8:22 PM on June 10, 2013 [8 favorites]
I like that we managed to include "burner phones" as an answer -- sounds so bad-ass.
The truth is, everything you do online could potentially be very public. Whether it's AOL releasing users search histories for "academic purposes" or Google getting subpoenaed, the companies who have access to your data are already saving it. I wouldn't be concerned with the government spying on you -- unless you are doing something illegal, they probably don't care. And the data they have been collecting is restricted in what it shows. But I do care if people can Google my name and find that time I googled (x embarrassing thing). I am careful in that I don't use Chrome and have Firefox add-ons that limit things like tracking or prevent me from being logged into other websites with my Facebook account. Supposedly search engines like DuckDuckGo are supposed to be better for your privacy (but who really knows who to trust). But I am not going to go back to emailing myself crap and get rid of my Dropbox. I just won't pick anything too important in Dropbox.
I pray to god my search history never comes out -- do I do anything illegal? No. But do I have dorky embarrassing interests or personal issues I don't feel like sharing with the world? Yes. But everyone has baggage and we are all taking the same risk together. So I'd look at small steps to keep your real identity and your online identity as separate as possible, but you probably can't avoid the government.
posted by AppleTurnover at 8:52 PM on June 10, 2013
The truth is, everything you do online could potentially be very public. Whether it's AOL releasing users search histories for "academic purposes" or Google getting subpoenaed, the companies who have access to your data are already saving it. I wouldn't be concerned with the government spying on you -- unless you are doing something illegal, they probably don't care. And the data they have been collecting is restricted in what it shows. But I do care if people can Google my name and find that time I googled (x embarrassing thing). I am careful in that I don't use Chrome and have Firefox add-ons that limit things like tracking or prevent me from being logged into other websites with my Facebook account. Supposedly search engines like DuckDuckGo are supposed to be better for your privacy (but who really knows who to trust). But I am not going to go back to emailing myself crap and get rid of my Dropbox. I just won't pick anything too important in Dropbox.
I pray to god my search history never comes out -- do I do anything illegal? No. But do I have dorky embarrassing interests or personal issues I don't feel like sharing with the world? Yes. But everyone has baggage and we are all taking the same risk together. So I'd look at small steps to keep your real identity and your online identity as separate as possible, but you probably can't avoid the government.
posted by AppleTurnover at 8:52 PM on June 10, 2013
One small thing you can do: use SpiderOak as an alternative to DropBox. Your data is encrypted before it is sent to their servers, and they do not have your password. So it's impossible for them to decrypt your data and hand it over to the NSA. I guess the NSA could attempt to decrypt it themselves, but still that's a lot better than the alternatives.
posted by number9dream at 9:12 PM on June 10, 2013 [3 favorites]
posted by number9dream at 9:12 PM on June 10, 2013 [3 favorites]
alms sez: The focus of the recent disclosures about the NSA is the harvesting of meta-data. Not the content of communications, but the connections, locations, and durations. Who you were communicating with, when, for how long, and where each party was located.
The Guardian sez:
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
posted by jingzuo at 9:32 PM on June 10, 2013
The Guardian sez:
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
posted by jingzuo at 9:32 PM on June 10, 2013
You can possibly reduce, but not at all eliminate, the ability of various agencies to snoop you with relative ease.
Stop using services from US based companies, particularly the ones mentioned in the PRISM slides. Hushmail is an email service that's painless to use that you might find useful (note: you must log in at least every 20 days or else your email is held ransom until you upgrade to a premium account).
Not a ton you can do about your telephone communications (there are some things, but they are quite a bit of work and as long as you are calling someone who is using a US based provider it won't do you much good anyways).
If you decide to cancel your Verizon account (and switch to another provider that supplies information to the NSA), make sure you tell them why you are cancelling - they track that stuff.
But the short answer - no, you cannot live without surveillance (unless you want to live in the woods without a phone or a computer - I've done this in the past, it's not fun).
posted by el io at 10:01 PM on June 10, 2013
Stop using services from US based companies, particularly the ones mentioned in the PRISM slides. Hushmail is an email service that's painless to use that you might find useful (note: you must log in at least every 20 days or else your email is held ransom until you upgrade to a premium account).
Not a ton you can do about your telephone communications (there are some things, but they are quite a bit of work and as long as you are calling someone who is using a US based provider it won't do you much good anyways).
If you decide to cancel your Verizon account (and switch to another provider that supplies information to the NSA), make sure you tell them why you are cancelling - they track that stuff.
But the short answer - no, you cannot live without surveillance (unless you want to live in the woods without a phone or a computer - I've done this in the past, it's not fun).
posted by el io at 10:01 PM on June 10, 2013
It may very well be a good idea to break free from Google.
Some good alternatives:
Google search => Startpage (anonymized Google search).
Google maps => Bing maps
Google mail => Lavabit and a mail client
Chrome browser => Chromium (similar, but doesn't 'phone home' to Google)
posted by Too-Ticky at 12:07 AM on June 11, 2013 [3 favorites]
Some good alternatives:
Google search => Startpage (anonymized Google search).
Google maps => Bing maps
Google mail => Lavabit and a mail client
Chrome browser => Chromium (similar, but doesn't 'phone home' to Google)
posted by Too-Ticky at 12:07 AM on June 11, 2013 [3 favorites]
When you use the Internet, you have an IP address that, depending on your ISP's setup, gives your general or specific geographic location to the web server you get any page from, and is in the headers of your email. Your ISP can always match your Internet usage directly to you; they are required to keep records - I can't remember how long or how specific. They process all Internet requests, and can see pretty much all your content. If content/traffic is encrypted, with https:, sftp:, etc., they can see only the location it's going to. For the standard encryption methods, The US government, and others, may have backdoors.
When you use wireless ethernet connectivity, it is very easy for anyone in range of the wireless signal to see your traffic. For anything at all sensitive, use https: when on wifi. For example, if you're on wifi at, say, Starbucks, and log in to facebook or email (not resuming an existing connection) on http:, your password is capture-able. You say you don't care who reads your mail? Hacked email and facebook accounts create spam, lots of it, and are used by criminals for bad behavior on the Internet.
It's not just the recording of your phone use - mobile phones talk to cell towers regularly when they're on, and this information can give your not-very-specific geographic location. Your phone records list everyone you talk to or text. I don't know how long text messages are stored by providers.
Your banking records are probably visible as well - I'm basing this on guessing - but following the money is good information, so I assume the NSA is on it.
If I wanted to be less visible, I'd follow the suggestions above about alternate services, I'd get several wireless network adapters (the network adapter(s)in your computer have a globally unique MAC address) and use them in some planned way, I'd have a number of burner phones to use, and multiple email addresses for various uses, etc. I'd create personas for those email addresses. For instance, my dog has a gmail account and 2 magazine subscription, because I'd rather he get the junk mail. It's likely that my subterfuge is not very good, but if it fools a few marketers, that's all good.
I value my privacy, especially where marketing is concerned. I just hate being all tagged and labeled that way. But I don't do any of the stuff above, because it's a pain, and my lif eis pretty dull.
posted by theora55 at 8:28 AM on June 11, 2013
When you use wireless ethernet connectivity, it is very easy for anyone in range of the wireless signal to see your traffic. For anything at all sensitive, use https: when on wifi. For example, if you're on wifi at, say, Starbucks, and log in to facebook or email (not resuming an existing connection) on http:, your password is capture-able. You say you don't care who reads your mail? Hacked email and facebook accounts create spam, lots of it, and are used by criminals for bad behavior on the Internet.
It's not just the recording of your phone use - mobile phones talk to cell towers regularly when they're on, and this information can give your not-very-specific geographic location. Your phone records list everyone you talk to or text. I don't know how long text messages are stored by providers.
Your banking records are probably visible as well - I'm basing this on guessing - but following the money is good information, so I assume the NSA is on it.
If I wanted to be less visible, I'd follow the suggestions above about alternate services, I'd get several wireless network adapters (the network adapter(s)in your computer have a globally unique MAC address) and use them in some planned way, I'd have a number of burner phones to use, and multiple email addresses for various uses, etc. I'd create personas for those email addresses. For instance, my dog has a gmail account and 2 magazine subscription, because I'd rather he get the junk mail. It's likely that my subterfuge is not very good, but if it fools a few marketers, that's all good.
I value my privacy, especially where marketing is concerned. I just hate being all tagged and labeled that way. But I don't do any of the stuff above, because it's a pain, and my lif eis pretty dull.
posted by theora55 at 8:28 AM on June 11, 2013
If you have something important (confidential) to say, use phone or internet only to plan a meeting with your audience. Turn off all electronics before leaving your house to go to your audience and speak the actual message. You should meet your audiences in various and at least semi-private places.
posted by WeekendJen at 2:28 PM on June 11, 2013
posted by WeekendJen at 2:28 PM on June 11, 2013
The bottom line is that you can't.
You can do certain things, as some posters above have described. But you need to crawl under a blanket with whoever you want to share (it) with, and whisper, while playing your stereo loudly in the background. Or some such. Realize that they don't care about you, the individual--why should they? You are not important, any more than an individual molecule is important to a hammer handle. They are mining for trends, and when the trends show certain things, they will decide to focus on one of the actors.
Of course, if you are doing things they are concerned about, then it doesn't much matter what you do. Eventually they will get to you. The Big Brother image is somewhat misleading. We aren't Winston Smith, we are members in a bait ball--a huge school of food fish swimming in deep water--and they are the porpoises. When they are hungry they will make us afraid, and we'll swim in tight circles while they feed.
Anyhow, they don't care and they won't read your stuff: if they do, it will be just some of the guys sitting around, entertaining themselves, waiting for shift change, and chances are they won't even bother looking at your name.
Okay, you could do the Jeremiah Johnson thing and head out to some wilderness somewhere, wear bark for clothes, and trap your food, but really, they probably would know you're there, and still wouldn't care.
posted by mule98J at 3:54 PM on June 11, 2013
You can do certain things, as some posters above have described. But you need to crawl under a blanket with whoever you want to share (it) with, and whisper, while playing your stereo loudly in the background. Or some such. Realize that they don't care about you, the individual--why should they? You are not important, any more than an individual molecule is important to a hammer handle. They are mining for trends, and when the trends show certain things, they will decide to focus on one of the actors.
Of course, if you are doing things they are concerned about, then it doesn't much matter what you do. Eventually they will get to you. The Big Brother image is somewhat misleading. We aren't Winston Smith, we are members in a bait ball--a huge school of food fish swimming in deep water--and they are the porpoises. When they are hungry they will make us afraid, and we'll swim in tight circles while they feed.
Anyhow, they don't care and they won't read your stuff: if they do, it will be just some of the guys sitting around, entertaining themselves, waiting for shift change, and chances are they won't even bother looking at your name.
Okay, you could do the Jeremiah Johnson thing and head out to some wilderness somewhere, wear bark for clothes, and trap your food, but really, they probably would know you're there, and still wouldn't care.
posted by mule98J at 3:54 PM on June 11, 2013
This thread is closed to new comments.
posted by SMPA at 7:30 PM on June 10, 2013 [2 favorites]