How to keep your info private, even from the NSA
Thwarting the efforts of a billion-dollar supersecret government spy agency -- or anyone who wants access to your personal information -- is not that difficult.
This post comes from Dan Schointuch from partner site Money Talks News.
With the recent revelations that the NSA and other agencies have been tapping into corporate streams of data that can provide them with massive amounts of private information about U.S. citizens, now is a good time to start thinking about how best to keep your private information private.
Not a big deal, you say? Well, whether you're concerned about the government digging through your personal data or not, you should be concerned about protecting your privacy. According to the Department of Justice's most recent National Crime Victimization Survey, "In 2010, 7% of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization." That's almost one in 10, with 76% of them experiencing direct financial loss as a result.
Imagine that statistic was for bank robberies or home break-ins. If one in 10 Americans had their bank accounts emptied or their home broken into, we'd all be living in fear. And yet, that's happening every year to our personal information. Making that information harder for someone else to obtain is Step One in preventing identity theft.
And not all identity theft is of the "crime" variety. There's a famous quote that I'm paraphrasing: "If you're using a website and you can't figure out what they're selling, you're what they're selling."
Many corporations make a living off of selling or processing your personal habits and preferences for marketers, retailers and government agencies, practically without your knowledge. Since you're not being paid for this information, and (unless you speak legalese and love spending your afternoons reading "Terms and Conditions") you're not aware that it's being taken and used in this fashion, I'd consider it "theft." But since the government has yet to agree with me, the best way to prevent yourself being used in this fashion is to get a little more serious about your privacy.
In this article, we'll focus on the things the NSA has reportedly been looking at. It's reasonable to assume that if you can stop them from taking a peek at your private information, you'll have stopped hackers and others, too. Fortunately, thwarting the efforts of a billion-dollar super-secret government spy agency is not that difficult. You just need to know which services to turn to.
It's important to note that everything in this article is public knowledge. If you're worried about terrorists reading it and figuring out how to thwart our government's best efforts at finding them, don't be. The terrorists already know this stuff. You, however, might not.
1. Your phone
If you're looking to keep SMS messages secure and you have an iPhone, there's a free app called Wickr that can help. The app uses end-to-end encryption without storing the keys for decryption on its servers. What that means is that when you send a message to someone else using Wickr, nothing you say can be read by anyone at Wickr. Because of that, there's no stream of plain text messages going back and forth that the NSA or anyone else can siphon.
To make voice calls, the easiest option is Silent Circle, but you're going to have to pay for the privilege -- $20 to $29 per month to call other Silent Circle users, with an optional add-on to safeguard calls to everyone else. Joining Silent Circle also gets you secure chat, email and video calling.
If you're an Android user, you have a few more options than iPhone users do. For text messages, there's Gibberbot. Like Wickr, Gibberbot is free and promises more secure messaging.
And for calls, check out RedPhone. When calling someone who also has RedPhone, everything you say is encrypted, making it much more difficult for someone to listen in. Plus, it's free and uses your data connection, not your cellular voice. So not only will your calls be secure, you won't have to pay for the minutes either.
More Android apps to check out:
2. Your Dropbox
According to documents released by The Guardian and The Washington Post, Dropbox is "coming soon" to the NSA's spy program. If that were to happen, documents, tax records or other private information in your Dropbox folder could be subject to government monitoring. Add to that Dropbox suffering security breaches in the past, and they're just not safe enough for me. The solution? SpiderOak.
SpiderOak is just like Dropbox -- there's a folder, you put stuff in it, that folder syncs between computers and devices -- but with one important difference: good encryption. Everything you put in your SpiderOak Hive (that's what they call their syncing folder) is first encrypted on your computer using your password, then sent to the SpiderOak servers.
This means that even SpiderOak can't read your data without your password; it looks like gibberish. So if someone (the NSA, a foreign government, or a hacker in Latvia) manages to get into SpiderOak's servers, they won't be able to see what you've stored there without breaking one of the world's most advanced encryption algorithms (one the NSA trusts to secure its own data).
But SpiderOak can also back up any file or folder on your computer, sync any file or folder on your computer, and share any file or folder on your computer. This makes it a great one-stop-shop for all your syncing, sharing and backup needs.
There's a free plan that offers 2 GB of data, plenty for storing tax returns, scans of important documents, photos, small videos, and other data that you would prefer was stored securely. If you need more space, they offer it for a fee. Prices are almost identical to Dropbox, starting at $10 for 100 GB.
3. Your social network
Unfortunately, there's no good option here. You join social networks because you want to share things with others, or connect with people you know and see what they're sharing. Typically, this includes things that you might use as password reset reminders on other sites: a pet's name, your mother's name, high school you attended, favorite sports team, etc. That means that if a hacker or the NSA can gain access to your social media profile (either directly with your password, or indirectly by pretending to be someone you know and friending you), they can probably find enough information to gain access to your accounts on other sites, as well.
While there are a few start-up social networks that offer more advanced encryption of your data, they're complicated to install, and even more difficult to get everyone you know using them, too. For now, the best option is to assume that anything you post on Facebook, Google+, Twitter, Pinterest, etc., will eventually be read by everyone in the world. That way, it won't matter much if someone gets access to your data, be that a government agency, a jilted ex-girlfriend, or simply a prospective or current employer.
To share more securely, use something like SpiderOak or a secure messaging program to share directly with those you trust.
4. Your credit cards
Yes, the NSA is probably looking at credit card transactions, too. So how do you get around exposing your purchase history? "I already know this; the answer is to use cash," you're probably thinking. But how do you shop online without using a credit card?
The answer, sort of, is Bitcoin. It's a virtual currency (you give or receive Bitcoins, which are worth something in dollars), but if used correctly, it can provide almost complete anonymity when shopping online. And since you're not typing your credit card information into a site that may or may not keep that data secure, there’s no risk that your account will be stolen by someone hacking the site.
The only catch is that there aren't a lot of places that accept Bitcoins. In fact, you'd be hard-pressed to find ones that do. But if the currency takes off, it could become the "cash" of the Internet.
A more doable option? Buy prepaid gift cards from Visa, MasterCard or American Express with cash. Then use those to shop online. You'll probably have to pay a few dollars extra when buying the card, but afterward you’ll be able to shop anywhere those cards are accepted without having the purchase data and your identification forwarded to a government agency. If the site where you used the card is ever hacked, you've got nothing to worry; by that time you'll probably have already used the balance on the card and moved on to one with a different number.
5. Your Web history
Everything you search for on Google, and a good deal of your browsing activity, can also be snooped on by the NSA, according to news reports. The problem is your IP address. It's the sequence of numbers that identifies your computer on the Internet, and can be traced back to you through your ISP (Internet service provider).
The answer? A virtual private network, or VPN. A VPN will sit between you and the websites you visit, encrypting and relaying information back and forth. So when you do a search on Google, the IP address Google records as having performed the search is that of the VPN, not you. Find a good VPN, one that's easy to use, with a good price, limited or no logging of your activity and fast speed, and you'll be much harder to track online. Just make sure you sign out of your Google, Facebook, and Twitter accounts before connecting to the VPN, or use your Web browser's private mode.
Here's a list of VPNs to consider. If you just want me to pick one for you, check out IPVanish.com. They have software that makes them especially easy to use, can be set up on your computer, tablet or smartphone, have servers all over the world that you can connect to, and cost $10 for unlimited use (and it's even cheaper if you pay for a year in advance).
Bonus: Some VPNs accept Bitcoin as payment, making for the ultimate in anonymous Web browsing. Not even the VPN has to know who you are.
While using a VPN at home is something you might consider to protect your privacy from the NSA, using a VPN at a public Wi-Fi hot spot or hotel network should be mandatory. Often, those networks are unsecured and almost everything you do can be "sniffed" out of the air by someone else connected to the same network. A VPN would protect you.
6. Your everything else
While I've tried to hit all the major areas you might want to protect, this is by no means a comprehensive list of everything you can do to keep your private information safe and secure. Entire websites could be devoted to the topic.
Websites like Security In-A-Box. They'll teach you everything from creating good passwords and protecting your computer from hackers to remaining anonymous online and bypassing censorship. And it's free. If you're interested in protecting your data in this brave new world, I encourage you to check it out.
More on Money Talks News
With the government and corporations giving every American a colonoscopy at every given moment, all I know is that if I had a Time Machine I'd jump in and push the damn button for 1967...life was much more simpler then.
Peace to all~
Other than the computer I'm typing this on, I try to keep my life simple and uncomplicated. Items 1, 2, and 3 don't apply to me, as my phone is a '60s rotary dial phone in my kitchen, I don't know what a dropbox folder is, and I've never had anything to do with social networking. (occasional replies to MSN articles is as close as I get)
I agree with Prometheus about 1967. (even though I wasn't even born then) I still try to lead a less stressful life as well. I find not owning a cell phone helps a lot. No facebook, no twitter, no hashtags, no in-car apps, etc. to worry about.
I have experienced attempted identity theft once, as someone in Canada once pirated my credit card info while the wife and I were visiting. The link to the 'Security-In-A-Box' site seems interesting, at least the part about computers, so at least I was able to get something out of this article.
if they want to know they will find a way to find out the key is to make it worthless for them to try
in other words you dont have anything they can steal like at all.
Beware of the "Cookie Monster". Those small "Cookie" files that contains information stored on your computer and communicates with Lord knows who on the outside (my computer had over 1000 Cookie files in Internet Explorer "Cookie" folder.
I simply do not allow cookies to be stored on my computer. And since some websites do require "Cookies" to view or navigate the site, I delete and now have my browser schedule deleting Cookies after leaving the site.
Otherwise use common sense and be careful. When I use my computer (and especially a public computer), I keep in the back of my mind that doing business on the computer; nothing is secret anymore.
As an answer to the people requesting for a "one button" solution and others that are looking for a easy solution without the need for special "geek" qualities - such as ourselves -, i'd suggest to look into the software we currently use, which is Provost CYPHR. It is a "one-click" solution for creating single-file strong encrypted archives that can be distributed over insecure networks or services. It works a bit (when opened) like an e-mail reader with text and file attachments. There are a few more professional products, but this one was the one we liked best, regarding price and reputation of the developer.
I've written a blog about our quest for smarting out the pirates ;-) at
CYPHR can be found here:
Both JFK and Robert Kennedy hated J. Edgar Hoover, who was head of the FBI at the time. They were going to force him to retire when Hoover requested a meeting with them.
Hoover showed JFK a manila folder with "dirty pictures" in it; they came from his secret files. JFK said, "What are you going to do with this Edgar?"
Hoover said, "That depends on you Mr. President". Hoover died in office, nine years later.
"If you're using a website and you can't figure out what they're selling.."
It's obvious to me this article is selling a false sense of security.
Copyright © 2013 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.
ABOUT SMART SPENDING
LATEST BLOG POSTS
If your wallet is running on empty but you still have more shopping to do, we've got you covered. Here are 10 cool kid gifts that won't break the bank.