Privacy FAQ

Welcome to the f/privacy FAQ.

Preamble

Proudly ripped this FAQ off from a non-privacy-friendly site!


Why should I care about privacy?

You already do. Everyone has some expectation of privacy. We don't want to indiscriminately share every single aspect of our lives with everyone else.

But as we move more of activities online, there is an ever increasing portion of our lives which is being recorded by corporations and governments, and these records can be used to our disadvantage, at any time, now or any-time in the future. Essentially, we're now in an information arms race. But unlike other historical analogies that might be cited, the scale of our storage and processing capabilities are immense and extremely powerful, and that changes the game.

On a personal level, simple private bits of our lives which we take for granted are being collected and stored indefinitely. Things like:

  • watching an anti-capitalist video
  • discussing overthrowing the state
  • calling an overseas comrade
  • entering your bank account password
  • text messages to your lover
  • sending your financial records to an accountant
  • seeking help for depression
  • writing about your drug use
  • your online search and browsing history (yes, all of it)

Whether it's a moment of indiscretion, or just an unfortunate circumstance is irrelevant. Imagine that information in the hands of:

  • a boss who wants to lower your wages
  • a political opponent
  • law enforcement agencies
  • a disgruntled neighbor
  • a blackmailer
  • data mining advertising companies
  • the town gossip
  • your college administrators

But the implications on a societal level are even more dire. Various States' over-reaching surveillance efforts combined with developments in big-data dramatically shift the playing field in favor of those who can access information which is unavailable to the rest of us. These activities allow governments to:

  • engage in insider trading and corporate espionage to ensure perpetual economic dominance
  • co-opt and exploit all new scientific breakthroughs, regardless of their origin or originally intended use
  • blackmail and coerce anyone who isn't walking the party line

Whether you trust the current administration with this power is not the issue. The question is, are you also trusting of all future administrations? Unless the answer is yes, our society must engage in a discussion in order to adopt appropriate policies which promote a sustainable solution in our new world of big-data. Until then, we need to hang on long enough for our rather dysfunctional social systems and governments to evolve adequately. By individually using privacy technologies, we help to protect everyone's privacy.

Why do I care about privacy if I don't have anything to hide?

If you wear clothes, use passwords, close doors, use envelopes, or sometimes speak softly, then you do have something to hide; you're just having trouble understanding that you already do care about privacy. Here are some references to help you understand why everyone, especially honest hard-working people, needs privacy.

Where can I find intellectual discussion on electronic privacy/freedom issues?

What can I do to protect my Privacy?

Keeping your privacy isn't an absolute, all-or-nothing, venture. There are various compromises we make many times a day, when we are willing to give up some privacy in exchange for convenience. Other times, we don't even realize that we have compromised our privacy. But the point is that we must retain some control over how information about us is collected and used. Privacy is a human right which is intimately linked with our many notions of freedom. Like any Human Right, those who would abuse it need to held accountable for their actions.

To this end, there are some measures you can take immediately to help preserve privacy:

  • Use encryption routinely (see the various technical measures, below). This doesn't prevent spying, but it makes it quite a bit harder, and slows the erosion of privacy by making encryption the norm, not the exception. Encrypt information at rest (eg, VeraCrypt), and information in transit (eg, HTTPS Everywhere).
  • Support groups that protect your digital rights (see below). These groups are the most organized digital advocates in existence. But they need your moral support and donations to do their job.
  • Voice your opinion against groups that are willingly selling out your right to privacy from under you. Facebook, Google, Reddit, Twitter, Yahoo, Skype, and others are giving your information away to governments and for corporate profit. Avoid large IT services that you don't trust; If they can't resist the temptation to work against your best interests, then you certainly don't want to feed them with revenue and data.
  • Educate your neighbors/friends/colleagues on why they should care. US mainstream media is pretty lame, these days, so you need to help your fellow citizens around the world understand what is at stake. We're all going to have to get off our butts or apathy will prevail.
  • Support good independent journalism. Whether a blog, The Guardian, or your local newspaper, a free-press is a necessary part of the Democratic process.
  • Get out from behind the computer, and join a local civic group. The US political system is broken, and it isn't going to fix itself anytime soon; it will keep getting worse with every day that goes by. The options are to change it from within the framework, or work from the outside... but it needs to change, and that's only going to happen if enough people wake up. Perhaps join /r/restorethefourth

What's the story with NSA mass-surveillance?

Highlights from main-stream news media (sources fully listed):

QuickStart Concepts: The Big Three

  • Security: the resilience of a platform to exploit. Security of an OS is that OS's ability to resist/defeat being exploited or malwared by a state-level, corporate, or individual adversary. Technology like (in the Linux world) Mandatory Access Control (MAC; AppArmor, SELinux, etc), the grsecurity patchset, PAX memory protections, package hardening (RELRO, stack canary, position independent executables, etc), and in some use cases with the proper setup virtualization (Virtualbox/KVM/Qemu) are all designed to enhance the security of the OS.

  • Privacy: the control of who is entitled to see a given piece of information. In computer terms, it refers to the confidentiality of information exchanged between your computer and another (where only the parties you wish to see that information actually see it), and/or the sanctuary provided by software on your computer in terms of protecting the data you generate on that computer. Windows 10 is not a sanctuary and aims to share this data with Microsoft so they can profit off of your data generation; Linux has at least the intent of providing a sanctuary for the data you generate (so long as it remains on your computer). More precisely, we know Linux has this intent because it is FOSS and we can examine its code; be careful however to consider any proprietary blobs used in your distro as the code cannot be verified for the intent of honoring your privacy (most often used for proprietary firmware). Privacy is power- power to control the bubble of your mind, and the power to limit the control others have over your life.

  • Anonymity: is the state of having data you've sent out into the world disassociated from your person; disassociated from your IP. Tor aims to provide anonymity by technology rather than by policy. Anonymity does not necessarily strive to enforce who sees the data down the line- merely that the data cant be traced back to the originator of the data (or the person who's trying to retrieve data).

As a final note on the big 3, Security itself does not necessarily provide you with Privacy or Anonymity. However, I believe that one must have reasonable Security if they are to have a reasonable expectation of managing Privacy or Anonymity. This is why various Linux hardening technologies are mentioned here- they are necessary for the subject of this wiki (Privacy) to have a reasonable chance at success.

Additional Technical Concepts

  • MITM: Man in the Middle. Generally a term used referring to an attack, a MITM is exactly what it sounds like. An adversary gets in the middle of your connection and either gathers information passively or actively attempts to trick you into revealing information that might be useful/profitable for him. They might send you to a bogus webpage to get login credentials as an example. This subject can get very complicated (and I am no expert), so I'll leave this one here.

  • Evil ISPs: Barring electronic condoms like a VPN or Tor, the ISP has a top-down view on everything you do, and can do dirty stuff like inject ads, sell your data to third parties for profit, etc. This data would also be useful for governmental agencies on their perpetual boogeyman hunt. If the House passes this bill (and Trump will almost certainly sign it), the ISP must be seen as an adversary to be hidden from in all ways possible.

QuickStart for Privacy Technologies

Technical measures: - You may not be able to do all of these, but do what you can. You can change your browser home-page, right?

What happens to my web traffic with different technologies?

  • HTTP: a connection made to a website that is not concealed (encrypted) in any way. A person with the ability to monitor this connection (an ISP for example) can see everything you see, read all the text you send, etc.

  • HTTPS: a connection made to a website that uses SSL (secure socket layer) encryption. A person with the ability to monitor this connection will be able to tell where you go (i.e. Google), but not what you do on that site. It provides you privacy from others, but not from the site itself (obviously Google would still know what you search for, etc).

  • VPN: Virtual Private Networks allow you to move your trust from your computer to the VPN provider. An ISP can normally see what IPs you connect to, what DNS queries you make, etc. A VPN allows you to setup an encrypted "tunnel" from your computer to the VPN server. This prevents anyone on your local network as well as your ISP from having any idea what you do online (other than that you connect to a VPN). Technically, the VPN could be snooping on your actions, but at least with a VPN you have more options than the 1-2 ISPs available in most areas; this puts pressure on the VPN providers to serve your interests (else they could lose your business). VPNs are also great for protecting against snooping on Open Wifi (i.e. Starbucks), various MITM attacks foisted upon you by local attackers, etc; for this reason, they are often used in the corporate world.

  • Proxies: A proxy server is (as wikipedia defines it) an intermediary server between you and a service (website, server, etc). Go to startpage or searx.me, search for something, then choose "Proxy" for one of the results. Startpage/searx.me will go to that webpage as an intermediary and fetch the info you've requested, then in turn will send it to you. The benefit is that the website has no idea you requested the data- all it sees is the request by startpage/searx.me. There are probably a million more uses for a proxy, but this is the ELI5 version.

  • TOR/Onion Routing: Tor is software designed to protect your anonymity, and can in certain cases protect your privacy from certain players in a network chain. Say you open Torbrowser and go to a website (let me leave DNS out of this for now... ELI5 remember). Tor will wrap that request in layers of encryption (like an Onion, hence being called the Onion router). The request will be sent to the entrance node of the your Tor chain where it strips off a layer. The entrance node has no idea what your request is or where its ultimately headed- it only knows the IP it received a packet from (yours) and the next IP its to forward it to (one of the Tor relays). Once the first relay receives the packet, it strips a layer off; the relay doesnt know your IP nor what the final destination is- it only knows where it got it from (the entrance node IP) and where its going (the next relay in the chain). This goes on until a relay forwards the packet/request to an Exit node. The Exit node strips off the last layer revealing the raw packet/request; the Exit node knows the final destination/website/service and if it happens to be an http site it can even see all the information being sent/exchanged. However, the Exit node again has no idea who originated the request- it knows only the relay node IP that sent it the request. This process works in reverse (of sorts) to get the data back to you. Obviously given its use of encryption, it can be used to defeat snooping of anyone on the network before the Exit node though obviously a compromised/honeypot Exit node could be watched and data gleaned. Remember, HTTPS can help protect your privacy even from a snooper on the Exit node.

Are there good search engines with reasonable privacy policies?

Relevant technologies:

Other tips:

  • DuckDuckGo has a well formed and reasonable privacy policy. Suggested that you take advantage of the (linked) secure version. DDG is also available as a hidden Tor node at 3g2upl4pq6kufc4m.onion
  • Ixquick is a European federated search engine with an acceptable privacy policy
  • Startpage is a European anonymizer for Google search with an acceptable privacy policy
  • Yacy is an open-source distributed search engine. But you should use a VPN or Tor since it doesn't support HTTPS.

Conventional search engines are centralized, so an interested party (NSA, a corporation, etc.) can learn much just from monitoring the searches/results. Unfortunately, you have no option other than to trust that the search engine company is really adhering to their privacy policy. Since surveillance efforts often come with gag-orders, you can't be completely sure what companies are doing with your information, regardless of what they say publicly. But companies with reasonable privacy practices appear to be:

Yacy is a distributed search engine. Anyone can run an instance and take part in building/sharing a global index. It also means that no single party is in charge of the results, so the information you get back may have less bias. But accuracy is a tricky thing, so you should evaluate for your own purposes. P2P means that no-one controls the engine, and watching who is searching is much more difficult... unless you happen to be doing deep packet inspection (DPI) on a large portion of ISP traffic. This is, quite possibly, what the NSA is doing. Since Yacy doesn't support HTTPS, you should certainly use a VPN or Tor when using it to improve your privacy.

What can I use for secure chat?

Look at Off-the-Record messaging. Here's a tutorial on getting it to work using Pidgin. Mac users can use it via Adium.

I'm looking for a reliable VPN service.

There are a lot of options for VPNs, and ultimately you have to choose where to place your trust. Some criteria you may want to consider are as follows: Where are their servers hosted? Ideally they will be outside your home country (though international law is complex). Do they accept credit cards, bitcoin and (most importantly) cash in the mail? Do they also have an open-source VPN client that blocks DNS leaks and shuts down the connection if the VPN breaks (very important). Do they have clients for iOS and Android devices. r/privacy, in general, seems to like Private Internet Access, as well as Mullvad. Do note, however, that according to Jacob Appelbaum VPN traffic is flagged at an infrastructure level, and subsequently stored in bulk. Therefore, consider your threat model when looking at VPNs (ex. Wifi sniffers vs law enforcement vs NSA).

Relevant technologies:

Other tips:

What is a good secure email service that respects my privacy?

US government pressures have forced a number of secure email services such as Lavabit and Silent Circle to cease operations rather than betray user trust. Other services like Hushmail continue to operate, but are demonstrated to have been compromised. It is unlikely that any hosted email service located in the US or run by a US company can actually provide secure email, given the current political climate.

PRXBX.com has an excellent list of privacy conscious email providers. PrivacyTools.IO has another. Note there are two sections for browser-based and hosted email options. Web-based email is more vulnerable to exploits due to its JavaScript, server-side implementation so SMTP-based email is stronger.

Hosting your own email server on a physical box or via Virtual Private Server (VPS) is a way to maintain email privacy. It requires some technical knowledge, but is quite doable, especially if you can find a number of individuals who will work together to make it worthwhile. Local hosting permits you to control the hardware, software, and all access but requires above average computer/networking knowledge, time, and an appropriate ISP connection. VPS means that you are putting your trust in someone else, but offers high bandwidth, uptime, and low monthly costs on average.

Approach all hosted email services with caution. They're not going to tell you that they have installed back-doors into their email systems for surveillance. Their cooperation with government entities comes via gag-clauses which forbid them to acknowledge that their relationship.

In general, if the service is free (no cost) to you, then the company is making revenue in another manner such as selling advertising, etc (exceptions include Autistici and RiseUp). Please read the Terms of Service (TOS) and Privacy Policy closely to learn more about how the company is generating revenue to be sure that your information is not the product being sold. For more information on privacy and security, please see the The EFF's SSD Project on Protecting Your Email Inbox.

It may make sense to come at this from another angle and secure your emails rather than attempt to find a trusted email provider. Enigmail uses openPGP to secure your emails with encryption

Lastly, you might also check out decentralized messaging via bitmessage, or I2P-Bote.

How do I use Tor to browse the web anonymously?

The Tor Project is free software and an open network that helps you maintain privacy by defending against network surveillance. It works by distributing your communications across a network of volunteer relays all around the world: thereby preventing somebody who is watching a portion of the Internet from learning what sites you visit. It is an invaluable tool for circumventing restrictive government censorship.

Relevant technologies:

Other tips:

I want to start using encryption for my emails and/or my data. Where do I start?

  • Open Source Crypto, accept no substitutes.
  • Gnu Privacy Guard for email and/or data. Works on a public/private key system.
  • VeraCrypt for full-disk-encryption. Note: licensing issues exist.
  • DiskCryptor GLD'd FDE software from ex-Truecrypt developers.
  • Tomb is an excellent Truecrypt replacement for Linux users based on standard tools such as LUKS.

Can I secure my phone?

Unfortunately, any mobile app is almost always running on a standard platform (Android or iOS) in which the user is unlikely to have the ability to audit all the code or even to obtain root access. This creates an insurmountable vulnerability, since you are forced to trust someone else like a handset manufacturer, online service provider, or telecom agency. Some US Telecoms have been granted retroactive immunity from government prosecution while simultaneously being constrained by gag-clauses; this renders their advertised data operations meaningless. Strong privacy safeguards on mobile devices are impossible due to the locked down nature of the OS. Additionally, mobile devices share "metadata" which may compromise much of the privacy you might think you obtained through use of a "secure" application. Also, cell phones have RTOS code running on a second processor in the baseband unit which is independent of the primary OS.

The participation of Apple, Microsoft, and Google in mass surveillance activities makes their use particularly suspect. iPhones already perform hardware tracking without explicit consent. And over 100 million smartphones contain software which has been reported to have rootkit and keylogger functionality.

Relevant technologies:

  • IM/Voice Encryption: Signal (Android/iOS), Silent Circle ($$$)
  • There is a good review of the strengths and weaknesses of SilentCircle and RedPhone (now part of Signal) here. Further, Mullvad's VPN client (mentioned above) also runs on Android phones. So between, for example, Signal and Mullvad you could have a comparatively secure phone with Signal securing messages and calls and Mullvad securing the data. However, bear in mind that nothing (short of putting it in a Faraday cage) can stop the phone from reporting its location to cellphone towers and this in and of itself can compromise your privacy. Cell phones are one of the hardest pieces of technology to use while also maintaining privacy.

Other tips:

  • Assume your device can and will be compromised, completely, if lost or stolen.
  • Be careful about keeping things on the phone you want to keep private. * Consider not using banking applications while mobile. * Pay close attention to application permissions. They're arcane but they matter. * Consider enabling Disk Encryption if you have ICS (note: this only encrypts the ''/data'' partition) * Use Signal to protect your messages and calls with end-to-end encryption when you communicate with other Signal users. On Android, Signal can be used to replace the native SMS/MMS app and Signal's local message DB can be encrypted with a passphrase. You can also set a time period after which Signal "forgets" the passphrase, providing an additional protection mechanism in case the phone is lost or stolen. * Open source is your friend. ( LineageOS, F-Droid , List of Open source Android software ) * Turn off all google data syncing (wireless network passwords, gmail, calendar, contacts, etc.) * Consider using open source software to power your phone. * Meego was an option, especially Nokia's version which was Debian based, but Nokia sold out to Microsoft. Mozilla's boot2gecko is an option and should be fairly privacy-friendly. * You can run Debian in a chroot environment on Android, but this still requires running the full Android stack. Here is a step by step guide.

What can I do to my web browser to help with privacy and security?

Relevant technologies:

Other tips:

  • Use a modern, updated, Open Source web browser such as Firefox (which is generally preferred by free software advocates), or Chromium (which is considered to have more robust security measures).
  • Disable third-party cookies in Firefox under Preferences->Privacy->Use custom settings for history->uncheck Accept third-party cookies.

Useful guides?

What is the difference between libre, FOSS, closed source, GNU, etc? Why does it matter? Can I help restore privacy even if I use Windows and other closed source?

  • Libre is a word used in replacement of "free" is "free software" as people often associate "free" as having to deal with price while "libre" is used only to refer to freedom so the mistake can't be made.
  • GNU is an operating system consisting of several tools like gcc, emacs, etc. The only part of it that isn't finished is the kernel, Hurd. Today it is used with the Linux kernel (GNU/Linux) but there are distributions based on the GNU userland and BSD kernel as well as the unfinished Hurd kernel.
  • FOSS means free and open source software
  • Closed source software means you're not given any freedom and are left to trust that the software only does what it's supposed to do. Good example being proprietary software that likes to phone home and report on it's usage along with other personal information.

The wording conventions matter as they convey different meanings. Free Software is a philosophy while Open Source refers to a development methodology and in fact was created in spite of "Free Software" so sell the idea to businesses. They both have the same goals but for different reasons. For example MS goes on about supporting Open Source software but has never mentioned Free Software because of the ideas behind it.

If you use Windows there is plenty of free software available. Plenty of people use free software like GPG, Tor, as well as Firefox and Chromium (Chrome without the proprietary bits) with many privacy related extensions. The problem with Windows though isn't the software as a lot of it is either available or can be ported but to Windows but the OS itself (same applies to any proprietary OS). You have to trust that they care about your privacy and won't do things that put it at risk.

There are 4 freedoms that characterize any software released as 'Free Software' or under the GNU license.

Freedom-0: To run the program as you see fit. Have control your own computer. (If you don't have source code, you have no control)

Freedom-1 To help yourself to study the source code, and change it to do what you want (Adapt the Software)

Freedom-2 To help your neighbor by distributing copies to others This is necessary on ethical & moral grounds Take control of your computer collectively (psycho-social resource)

Freedom-3 To help build your community To publish a modified version so others can benefit from your contributions with modified code

Privacy and free software are intimately linked. Especially freedom 1. If you run a program and you can't study it (read the source code) you really have no idea how it works. It is sort of like a car with a hood that doesn't open. You have no idea if there is a GPS tracking device or car bomb in there and you couldn't check if you wanted too. Secondly if you don't have the freedom to modify the program even if you were to find some malicious code or a bug or a backdoor you can't fix it.

If you want to try a GNU/Linux distro that contains 100% free software the GNU project maintains a list of distros that use only free software.

What secure methods can I use to keep up with friends/family, share photos, remember birthdays, etc? What can replace Facebook?

  • If possible get them to use public key encryption for emails . See above
  • Diaspora may be a good alternative to facebook. It allows you to choose where your data is stored, with whom and it can post to facebook too. Also FOSS
  • Friendica is another FOSS alternative to Facebook.
  • Identica is to twitter as diaspora is to facebook. Again FOSS

How can I share and download files anonymously?

  • I2P has a built in self contained bittorrent system that is slowly gaining more users and content.
  • Freenet Share, Chat, Browse. Anonymously. On the Free Network.

I'm really really really paranoid. Is there anything else I can do to keep my information private?

Extreme privacy takes more work, but there are some more things you can do to keep privacy:

A straightforward and unbreakable method of encryption is to use a one time pad (OTP). This requires you to exchange the pad apriori, and from then on, you can then transmit your encrypted messages until you've used up the OTP. Obviously, the initial OTP exchange must be secure, and could be face-to-face, or via secure transport of physical media such as a flash drive.

The program onetime is an open-source program commonly found in the repositories of many Linux distributions. It can be compiled from python sources if desired. And as OTP encryption is very straightforward, a competent programmer could even write a OTP encryption program from scratch pretty quickly if desired. OTP encryption can also be done with pencil and paper, and there are many implementations.

Even if you can't exchange a one-time-pad with your communications partner, there are a few other steps you can take to greatly improve the privacy of your communications.

  • Use a computer which is not linked to your person (e.g., buy a used machine from a random individual seller with cash)
  • Completely reformat/repartition and only use a FOSS OS (e.g., Linux, OpenBSD)
  • Do not ever hook it up to a network
  • Originate all secure files from this secure machine by encrypting them and transferring them to a networked machine using a USB stick acting as an air-gap. To decrypt something, reverse the process.
  • Do not ever encrypt/decrypt data on a networked machine
  • Do not ever use an IP linked to your person for sensitive data
  • Bruce Schneier has written a few tips on using an air-gap.

Privacy friendly dns

Should I use the hardware encryption on my hard-drive (or SSD, USB, etc.)?

You are probably better off using software encryption with hardware acceleration support instead of using encryption provided by the drive,

  • The encryption of the hard-drive either has an integrated chip for encryption or somehow uses the processor, (like a fakeraid controller). If you need to recover data from the drive, you may be out of luck if you use the encryption provided by the ssd because the new host doesn't offer the functionality. With dm-crypt, this is highly unlikely.
  • You never know how the your drive really handles encryption. It may be flawed, either by accident or on purpose. Since the data is well-hidden behind the controller, you have no way to check this. For your CPU instructions, you can easily check if pure software and hardware acceleration yield the same results, just do test-cases once with and once without AES-NI, results should be the same. You can also directly access the encrypted data on the storage media. There may still be something hidden but it is much less likely Since you can audit the encryption at multiple points.

How do I securely delete my hard drive?

  • DBAN is a good option
  • Also consider Secure Erase as it will use the ATA erase command to securely wipe a drive, including sectors that have been marked as bad which DBAN or other software tools can not do.
  • Note that SSDs are extremely difficult to fully erase. For very private data, a hard drive is one of the few instances in which SSDs are inferior

How can I delete an account at website X?

Two resources to help you with finding out how to delete accounts on various platforms are JustDelete.Me, which is unfortunately no longer kept up to date and the more actively developed JustDeleteMe Contrib

Some accounts are easy to delete, some require extremely personal information to do so, and some are impossible, so consider simple obfuscation as an alternative to deletion on some online services. In addition, some accounts may be simply 'deactivated' rather than fully deleted, meaning your information is still stored in a database (fortunately simply changing and overwriting this data can solve the problem in some cases).

Additional information