Unfortunately, fundamentally there is a tradeoff between convenience and security. It is convenient to be completely insecure. It is inconvenient to be super-secure. (Example: Bruce Schneier's retort to how to create an airline system completely impervious to hijacking: "ground all the planes.")

These links have some good information about ways to be reasonably secure against government surveillance.

There is some disagreement about this, but I feel pretty strongly that one should be equally concerned about corporate surveillance since, as we have seen, corporate surveillance is just one national security letter / bad crypto implementation / subpoena / government mole employee / etc. away from being government surveillance.

But sadly, "normal human beings" today have every electronic communication they produce (or produced about them) slurped up into several government and corporate databases. Sorry, but that just happens to be the state of affairs.

Ultimately, in the spirit of Schneier's quote, the way to be most secure with electronics is to not use them. Which can be difficult in our era, as most seem to consider the location tracking device / video and audio eavesdropping device in their pockets essential to have on themselves at all times. This is why government surveillance is so difficult to escape -- we've all made ourselves ridiculously vulnerable to it (modulo some privacy nerds that have been shrieking about this stuff for decades).
posted by Noisy Pink Bubbles at 3:43 AM on January 20, 2014 [6 favorites]

These guys have some good apps. Their text messaging one is especially impressive and totally seamless to use: once installed you pretty much never need to think about it again.
posted by lollusc at 5:50 AM on January 20, 2014 [2 favorites]

You can be tracked in several different ways:
1) You log into something. If a government in the right jurisdiction finds out your user id, it can always take the legal route and go straight to the company to request information.
2) Through other tracking agencies. Ad agencies, credit monitoring agencies, your insurance company... all of these build up a catalog of information about you. I know several people who approach these companies the same as they would the government: after all, what's to stop the government from buying that data. Online, the bigger issue is probably advertisers tracking you. Cooking blocking software is an option. But you are also tracked through other ways. Most browsers can be "fingerprinted", and usually your installed font set is relatively unique. Check out Panopticlick, from the EFF.
3) Your IP address. There are some options, like using Tor, that help mask your IP. However, Tor works through the zebra method: if you have enough anonymous people together, its hard to pick out a single one. But this relies on many people using it. That kid at Harvard that called in a bomb threat to avoid his exam? He used Tor, but failed to remember that point.
4) You mobile phone. Tracking the location of phones isn't going away. And the metadata/data debate isn't really moving forward. Better to assume your phone location is being tracked, and look at encrypting your data.

Because of the way the internet is constructed, anonymity can be very very difficult. Instead, look for privacy. Use encryption whenever possible. Always use https.
Check out:
Lifehacker guide to making your online life more secure
Lifehacker encryption guide 2

Honestly, the private sector knows far more about you than the government.
posted by troytroy at 6:35 AM on January 20, 2014 [4 favorites]

Understand that most commercial hardware and software running today is likely fundamentally insecure by design. With enough will - definitely within the NSAs reach - and who knows how much is possessed by your average police, local govt, IRS office, or rogue/curious agents within those institutions - there is no real defense other than not using them.

All the layering of "apps" on top of insecure platforms is like putting kryptonite locks on doors made of cooked spaghetti.
posted by lalochezia at 11:42 AM on January 20, 2014

e.g. understand that encryption is no use if you have, for example, a keylogger, or plaintext interception.
posted by lalochezia at 11:44 AM on January 20, 2014

Suppose I want to use my phone and computer like a normal human being [...] but I want to minimize how much government agencies can learn about me.

This is not meant to be patronizing in any way - I'm not sure about your technical level - but what do you mean by "using my phone like a normal human being"?

If you mean that you want to carry a device with you at all times so that you can be reached at a phone number: to be able to do this, your phone must constantly talk to base stations and mobile towers, letting them know that "Hi my IMEI (=> phone number) is so-an-so, and here I am". This information is logged and can be recovered by "the government", so your phone's physical whereabouts can be reconstructed on a minute-by-minute basis to within a few hundred feet, probably. Also, the baseband software is fundamentally insecure, no matter what operating system or patches or apps are layered on top.

Using burner phones makes it worse: from network analysis of other people's phones, it is easy to reconstruct a pattern of contact and figure out that this set of different numbers all belong to one person. Now you're a high priority suspect.

Or did you mean you wanted to keep other aspects of your life away from casual snooping eyes? You can reduce some casual online exposure by regularly purging cookies, using https instead of http, blocking scripts and Flash, and so on. But if you have someone interested in tracking you (as opposed to passively trawling all the information that's floating around), between your phone, credit cards, and network usage, you should assume they can get whatever they want.
posted by RedOrGreen at 12:12 PM on January 20, 2014

Use the "airplane mode" button as a battery-life-extender feature, ie leave your hypothetical phone off-grid during the 99% of the time that you're not directly using it. Not super secure, but simple and easy, and considerably improves battery life.
Switching off the GPS receiver unless actually using it also improves battery life.
posted by anonymisc at 2:04 PM on January 20, 2014

I don't carry a phone at all. That was more "Suppose one..."

That's what RedOrGreen is saying: Suppose one carries a phone: if so, one is very easily trackable, and there is no reliable way to carry a cell phone on your person and not be somewhat vulnerable. However, people above have given good advice for protecting your mobile data, if not for concealing your location.

Suppose one has no mobile phone, and uses exclusively a land line? Well, those security concerns are obviously somewhat different. Not having owned a regular phone in well over a decade, I couldn't begin to tell you what to do for securing that.
posted by like_a_friend at 2:06 PM on January 20, 2014

There are a few things that you can do that will probably make your communications considerably more private without costing you much effort, though they certainly won't make you totally un-snoopable or render you invulnerable to a determined attack by a government agency, but they'll give your routine communications some security. This isn't an exhaustive list by any means and I'll be watching this thread carefully to see what I'm not doing.

First off, get a VPN. There are lots out there, but I use Private Internet Access because it's cheap, fast, and doesn't log your activity. It has versions for your smartphone (but more on that later). This will encrypt your internet activity, hide what type of activity it is, and prevent people from knowing what servers (i.e. what websites) you are accessing. It's easy to use, you just install the client and let it run in the background. Generally speaking if the little icon in the System Tray is green, you're good.

Next, secure your passwords. Definitely never save any of your passwords in your browser or on any sites. To clear all of this out you will want to log out of everything and clear all your cookies. Delete any credit card information that you can from online merchants as well – in general it's more secure to enter it manually every time (assuming that you're doing it over a secure connection – otherwise, don't do it) than to let it sit on a server you don't control.

Get a password manager; there are several, I use KeePass because it's free, open-source, standalone, and can work offline. It has smartphone apps as well. I keep the main version installed on my laptop, the app version on my phone, and the standalone version on my USB key. I keep my phone and my laptop synched by having my archive in a DropBox folder – a minor security concession that I'm comfortable with because the archive is encrypted and my master password is very strong.

Once you have a password manager that you like, it's time to change all your passwords. Any decent password manager will have a password generator in it, and you can use this to make unique, strong, random passwords for all your accounts. Changing all your passwords is a pain, but you'll only need to do it once. (You should still change passwords occasionally, especially for important accounts [email, facebook, paypal, bank, etc] but unless something goes wrong you won't have to go nuclear again.) Much better! Also, now you'll never need to remember or type a password again (except your master).

Those two things will do a lot for your desktop. What about mobile communications? Well, you're already covered with the VPN and the password manager, as far as that goes. Your internet access is effectively encrypted and anonymized, and your passwords are as safe as they're going to be. However, you're going to want to turn off your GPS except when you actually need it. Of course even with that your smartphone can be made to broadcast your GPS location without your consent, and even if you use a dumbphone (all of which, I think, have "Emergency 911" GPS tracking which could be used the same way if someone wanted to badly enough) you can still be tracked by your position on cell towers but that's slightly more of a PITA.

That's about as much as I do – a little bit more actually. There's definitely a convenience (and a monetary) price, but it's small. It's not a comprehensive strategy (there is no comprehensive strategy) but it will improve things quite a bit and is easy to get used to. Looking forward to reading the rest of this thread and hearing what other people recommend.
posted by Scientist at 3:53 PM on January 20, 2014 [1 favorite]

This thread is closed to new comments.