Lyberta.net

Freedom is what you do with what's been done to you

Fight for privacy

Last update: 31 Dec 2017

Adverse technologies

Strictly speaking, everything you say or do, all your information can be used against you. So why give them more opportunities? Today we are living in the world where many businesses give supposedly free service but actually make you sacrifice your privacy and information about you for data mining purposes.

Let’s start with simple things: so-called cloud technologies. They force you to give your data and then process it “in the cloud”. But you can’t actually know what’s happening with your data and most people don’t read fine print when signing up. That’s why these technologies are called service as a software substitute. It is important not to use such services and to do your computing locally on your machine.

Next, social networks. These nasty beasts use a human desire to be understood, warp it and make people give all the data about themselves without second thought. Ask yourself, are the people on your friend list actually your friends? Do you really find it important to share all the things you post with outside world? Would you be embarassed if 5-10 years from now someone would discover them? Whatever you post on the Internet stays in the Internet. There are many archive crawlers and all social network data stays for the sake of data mining. They use it to make a profile of you and target advertisements specifically to you. Everything you say, all your private messages, is harvested. Did you read Terms of Service when you registered? Do you notice that advertisements you see have relevance to what you’ve posted? Then you are already in the meatgrinder of Big Brother. You can’t remove what you’ve already posted, but you can “delete” your profile and stop this information leak from going further.

Securing your browser

Choosing the right browser

After recent events Mozilla Firefox became a useless piece of shit. This section will be rewritten.

Now that I covered the services which you know you use, there are things that are going under the covers. Did you know that Facebook spies on you even if you’ve never signed up for it? If you ever visit a page which has Facebook “like” button on it, your browser sends a requenst to load this button to Facebook servers which send back a cookie which contains a unique identifier which is then used to track you. And Facebook is only one of many companies who does that.

Fortunately, there is a technological solution to this. First, you need to get a free (as in freedom) browser. Internet Explorer, Edge, Google Chrome and Safari are out of question because they are all proprietary and Google Chrome is a one big spy machine. Google Chromium and its forks too because it is produced by Google and its code is enormous so it is difficult to audit what kinds of data it sends. We are basically left with Mozilla Firefox and it’s forks, for example, GNU IceCat.

Configuring it to be secure

While Firefox is one of the best free software browsers, it’s default settings leave a lot to be desired. So let’s change them to be more secure. Open the Privacy tab, and tick “Request that sites not track you”. This is a polite request to the sites but we’ll add more radical measures. Next, I suggest disabling cookies by default. This will break some sites, so if you are new, just disable third party cookies.

Next, the Security tab. By default Firefox sends URLs of the sites you visit to Google as a security measure to block malicious sites. We don’t want Google to know what sites we visit so uncheck “Block reported attack sites” and “Block reported web forgeries”. It’s also recommended to uncheck “Remember logins for sites” checkbox and instead use password managers such as KeePassX.

Finally, the Advanced Tab. By default Firefox sends various data to Mozilla. We don’t want it, so uncheck “Enable Firefox Health Report”.

EME

Now type about:config in the address bar. This will open advanced settings of the browser. Firefox has support for Extremely Malicious Extensions which is a Digital Restrictions Management system designed to spy on you and limit your freedom. We need to disable it completely. Set browser.eme.ui.enabled, media.eme.apiVisible and media.eme.enabled to false.

WebRTC

By default Firefox will leak your IP addresses via WebRTC. This is a great danger to your privacy. To stop the leak set media.peerconnection.enabled to false.

Search engines

Next, it is good time to stop leaking our data to search engines. As you use them, most of them will accumulate your search queries and again will track you. Strictly speaking, these are also services as a software substitute. However, there are currently no practical ways of using free software crawler and accumulating insane amount of data in order to search through it locally on your own computer. Threrefore, some compromises are needed to be made. There are a few search engines that advertise themselves as being privacy friendly. These are StartPage and DuckDuckGo. Again, there is no way for an outside observer to know happens to your search queries. You will have to trust them.

Addons

Now it it time to stop advertisement companies. In my experience, uBlock Origin is the best ad blocker. There is also AdBlock Plus but the company behind it operates a racket business called “unintrusive ads” which are still shown by default.

Ok, we stopped leaking our data to search engines and ad companies, it is time to do the same for various stat-gathering things. Many sites you those to track where users come from and how they use the site. So here go Privacy Badger. It doesn’t really require any configuration and work outs of the box. There is also Disconnect but uBlock Origin contains lists from it so you don’t need it.

When World Wide Web started in the 90s, it didn’t really bother about security and most data was transmitted in plain text. Today, however, things are not so naive, and it’s important to encrypt everything as much as you can. For that purpose we have HTTPS Everywhere. This one ensures that you are using encrypted HTTPS protocol instead of plain text HTTP one. It uses whitelist so you still have to take notice of what kind of protocol you’re using.

So far I’ve covered the extensions which are almost silent and don’t break the workflow, now it’s time for some hardcore ones. I’ve already said how Facebook “like” button works and previous addons use blacklist approach to block those, but this extension uses whitelist approach: uMatrix. It blocks all cross-domain requests by default. Many sites will look broken at first, but you will have a very good understanding how they work and what kind of nasty things each holds. I find it very refreshing.

Securing your messaging

Stuff you say in instant messages usually is important to be private. That is why ensuring that nobody eavesdrops you is critical. First, of course, it is impotant to choose an open protocol and XMPP fits this requirement just fine. Second, free client - Pidgin or Jitsi. Third, sending plain text is not an option, you have to use OTR. Jitsi supports it by default and there is a plugin for Pidgin. Finally, choosing a server. Again, the most secure option is running your own server. However, it is probably too hard for most people. I personally use Systemli.

There are several other free software projects that developed their own protocols such as Tox and Ring.

Securing your e-mail

E-mail is a very old technology and, again, was designed before many modern threats existed. However, it also has a rather tried-and-true encryption scheme - PGP. The free implementation of it is GNU Privacy Guard. To employ it conveniently, you need to use a local e-mail client and Mozilla Thunderbird with Enigmail addon fit this purpose just fine. Finally, you really shouldn’t use a free e-mail provider, such as Gmail, because it will read your unencrypted parts of e-mails and will use them to show you advertiments and to cooperate with law enforcement agencies. The only free e-mail provider I know that cares about privacy is ProtonMail. But the best solution is to have your own e-mail server. If you can’t have a 24/7 computer running in your home, you can try buying a hosting somewhere but be careful about the choice of the country.

Securing your connections

Your ISP is your enemy. It probably has DPI which it uses to track every site you visit, throttle your Internet speed and ensure that you won’t visit blocked sites. It also can (and in some countries does) collect all your traffic and analyze it about presense of some keywords. That is why it is critical to encrypt all your traffic and use an anonymizing relay to hide what you do from your ISP. And Tor is here for help. Make sure you are using it for all sensitive programs, such as your browser, and, if possible, make it a global proxy so all traffic will go through it.

Securing your operating system

Operating system is a software which usually manages the hardware and allows user programs to run. A malicious operating system can spy on the data such as passwords, credit cards numbers or private messages you are working with and can compromise all user software which is run on it. It is practically impossible to make a security audit of proprietary OS means that secure OS must be free software. There are 2 kinds of OSes satisfy this criteria and are relatively popular: GNU/Linux and BSD. Since everyone is allowed to mix and match different components of free software together, there are many flavors of these OSes in the world. They are called distributions. Most of them include some proprietary software, sometimes even during default install. FSF maintains a list of distributions that only contain free software. Nobody forces you to use only 100% free OSes but every proprietary program on your computer is a potential security risk. There is also Tails which advertises itself to be privacy-friendly, however, the default installer comes with binary blobs.

Securing your hardware

If the hardware is insecure then any software that is run on it will also be insecure. We don’t know what kinds of backdoors vendor may put into hardware but we do know about 2 of them: Intel Management Engine and AMD Platform Security Processor. These are sofisticated backdoors which allow attackers to obtain full access to your hardware and spy on anything you do. Put simply, do not buy hardware with IME or PSP in it. This means not buying recent Intel or AMD CPUs which control almost all of the market of X86 architecture. So which hardware can you buy? Free Software Foundation keeps the list of freedom respecting hardware under the name Respects Your Freedom. You can buy older hardware that was liberated at Ministry of Freedom, Vikings or Technoethical. Purism is also working on RYF certification. Buying other hardware may not immediately put you at risk, but hardware which requires proprietary software to operate may be presumed malicious.

Securing your mobile phone

There’s not much you can do. The modem alone is enough to track you so the winning move is not to have a mobile phone at all. But, there are compromises. Replicant is a 100% free (as in freedom) fork of Android. There are only a few supported deviced so you will pretty much have to buy a phone specifically for Replicant, for example through Technoethical. Another option is LineageOS. Not fully free, more supported devices, easier install. Finally, you can root your phone and remove all Google services and other proprietary apps to make the phone mostly free, but there could be backdoors in proprietary drivers.

Places to find more information