Digital Privacy 101
Most privacy experts agree that there are essentially two things that can protect the privacy of individuals in today’s digital world: policy and technology. This largely explains the key role of lawyers and technologists in this particular advocacy.
Posts like this one will zero in on the technology side of the discussion, and will feature software available out there—and more importantly, free—that people can use to safeguard their privacy online. At the outset, I wish to make it clear that I am in no way affiliated with the organizations or individuals who developed these programs. Suffice to say, my endorsement generally proceeds from the fact that I also use them, and they are recommended by people whose expertise on this subject I respect greatly. At the end of the day, I leave it to you, dear reader, to carry out your own research should you wish to try out any of the software listed below.
You have the likes of Apple’s Safari and Google’s Chrome. And then you have Tor—an online browser that maintains the confidentiality of your online activities. It keeps your identity secret, protects your Web traffic from Internet surveillance, and can also be used to bypass Internet filters (read: censorship). To do this, the Tor software hides your IP address from the websites you access while also hiding the websites you access from third parties who might be monitoring your traffic. This is very useful for circumventing online filters so that you can access content from (or publish content to) websites that would otherwise be restricted in your area or organization. Although Tor also tries its best to encrypt communications into and throughout its network, this protection does not extend to websites that are accessible through unencrypted channels (i.e., websites that do not support HTTPS). Finally, one important detail to remember when using Tor is that the anonymity it provides comes with a price: speed. The program’s way of keep your identity secret almost always means your browsing experience will be slower than if you connect directly to the Internet using other browsers. [HOW TO USE (Mac Users)]
People who often chat online would find Jitsi quite handy. It is a cross-platform, free, and open-source software for Instant Messaging (IM), Voice over IP (VoIP) and video chat that provides reliable end-to-end encryption for text chats using Off-the-Record (OTR) protocol. It is compatible with many popular IM and telephony services (e.g., Jabber, Facebook Messenger, AIM, ICQ, MSN, Yahoo! Messenger, etc.), which means that, in your desire to communicate securely, you can actually use your existing accounts. Your communication would be inaccessible to third parties, such as government or corporate surveillance platforms, including those who operate the chat services themselves (e.g., Facebook, Google, etc.). Unfortunately, the protection it offers for voice chats is considered “experimental”, at best. Users are also forewarned that, while Jitsi will protect the content of conversations, service providers can still monitor certain metadata about these conversations. Thus, if you want protection that include even metadata, you should consider a trusted, independent service provider. [HOW TO USE (Mac Users)]
VeraCrypt is a free and open-source software that encrypts your sensitive data. Think of it as an electronic safe wherein you can safely store your files. To fulfill its function, VeraCrypt will encrypt your data with a password. Anyone who does not have that password will be denied access to your data. And yes, that means including you, should you be foolish enough to forget your password (NOTE: There is no way to recover a lost password!). What is cool about this program is that it supports both standard encrypted volumes and hidden volumes. This means that, apart from encrypting your data, it also creates hidden or secret storage spaces that allows you to hide extremely sensitive or important data. That way, even if you are forced to divulge or disclose your password, and your data is decrypted, there is still an additional layer of protection available, at least for you most important data. One file note regarding this program: VeraCrypt leaves traces on devices and where it is used. These traces do not reveal the content of your encrypted data. However, they would alert other parties that VeraCrypt was used on your computer or device. [HOW TO USE (Mac Users)]
Thunderbird + Enigmail + GnuPG
Mozilla Thunderbird is a free and open source email client that allows you to exchange and store email for multiple accounts with multiple service providers. An email client lets you download and manage your emails from one or more accounts even without the benefit of an online browser. Think Microsoft Outlook, and you get the idea. Enigmail and GnuPG, on the other hand, improve the security and privacy of your email communications by adding support for OpenPGP end-to-end encryption to Thunderbird.
They also allow you to sign your messages digitally and verify the digital signatures of others. When using programs like Thunderbird, remember that it makes a copy of your messages (sent and received) available on your computer. You should also take steps to protect those files. Also, Thunderbird won’t protect you from malicious attachments or malicious links. The responsibility of not opening unsolicited attachments and of exercising caution when clicking on links remains with you. When I decided to use Thunderbird with these plug-ins/add-ons, I read literature different from that I feature in the following think. I recall that it wasn’t an easy task, but I was finally able to make it work. [HOW TO USE (Mac Users)]
If you are a Windows or Linux user, and/or are interested to know more about the programs featured in this post (except Signal), do check out the Security In a Box Project. In 2009, this project was implemented by the Tactical Technology Collective and Frontline Defenders in order to respond to the growing digital security and privacy needs of human rights defenders. They developed software guides and security strategies that can be used to increase people’s online protections, particularly those dealing with sensitive information. In my previous work, I had the opportunity to meet a fellow privacy advocate from Tactical Tech.
That wraps up Digital Privacy 101, for now. Until next time and the next batch of privacy-enhancing tools.