Going Indie. Step 1: Securing Privacy
In a world of global mass surveillance and multinational corporations owning what we share and like, the need for an open, independent web has never been greater. It is about time to take back control, reclaim our digital future and rebuild a web for everyone.
This is the first article of a two-part series on digital citizenship. Part one is about online privacy and how to protect it, the second part will focus on how we can build and promote tools that enable an open, independent, and resilient web.
Invasion of the Data Snatchers
Global surveillance is real and it’s not going anywhere.
On January 20th, 2017, we all witnessed one of the most worrying political events in recent history. A nationalist authoritarian became the 45th president of the United States of America and is now in charge of the most comprehensive, most aggressive, and most intrusive mass surveillance apparatus ever created (sorry, Stasi). The new U.S. administration is presumably going to further strengthen the power of their intelligence agencies and broaden its mass surveillance activities. The “law and order candidate” also heavily attacked the free press and already suspended the protections of the Privacy Act “for persons who are not United States citizens”, which many see as a first step to undermine the data transfer framework of the EU–US Privacy Shield. And today, US congress voted to overturn privacy rules from late last year, which effectively means cellphone providers are now allowed to sell people’s browsing and app activity without asking their permission.
But also across Europe, privacy rights and freedom of speech are increasingly under attack: A recent report by Amnesty International documents a dangerously disproportionate, ever-expanding security state. The UK, France, Germany and many other states have widened the power of their intelligence services to collect and store phone and internet connection data — often even without judicial authorization. May it be for fear of terrorism, for fear of economic backlash — or simply for fear of losing control: Everywhere around the world, democratic governments as well as authoritarian regimes prepare for cyber warfare and start collecting every bit of data they can grasp with increasingly sophisticated tools.
What’s so deeply worrying about this development is that the idea of a fundamental right to privacy is slowly eroded. With every new leak, we accept ever more that there seems to be nothing we can do about it, anyway. And if we have nothing to hide, surveillance will only be a threat to those who deserve to be observed, right? But who decides which individuals are to become a target? Who sets the moral standards which define what is wrong and what is right? What happens if a new government that adheres to racist ideologies or simply doesn’t care about anything else than their own wealth, gets handed over the keys to the surveillance kingdom?
But it is not only governments — a whole industry is collecting user data at a scale beyond imagination. And while some of us may be fine with paying for services with personal data, I doubt that most users realize just how much freedom and control is taken away from them and how far-reaching the measures taken by the data economy already are.
The data you produce every day, may it be by browsing the web or actively participating on social media platforms, already tells so much about who you are as an individual. It really is not only some data, it is you — just like the furnishings, books, pictures, and little mementos in your apartment tell a story about your life. Even more so: Based on Facebook Likes, modern algorithms already can predict personality traits more accurately than close friends and family members. Facebook is also routinely running all your personal photos through artificial intelligence algorithms to identify faces and automatically adds tags. While this definitely improves accessibility for blind people, it is also quite useful for user profiling and thus: ad targeting. If you want to get an idea of the sheer scale of Facebook’s tracking efforts and what it does with the data, this article by Vicki Boykis is a must-read: What should you think about when using Facebook?
Billions of internet-connected devices upload our most personal data into the cloud where it can be accessed by corporations and governmental services. We have lost control. So the need to act is as real and urgent as ever. Not only if you are part of a minority, if you care about free speech, or simply want to keep things like your health records private, you need to take action.
Protect Ya Neck
Protecting your privacy is not a crime and does not make you suspicious, especially if more and more people start to protect themselves. Privacy is a universal right that needs to be protected because it protects you from suffering injustice. That’s why it is also part of the Universal Declaration of Human Rights:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Article 12, Universal Declaration of Human Rights
So how can we — as global web citizens — protect our privacy?
Encryption is the only effective way to protect your communications and browsing data at the moment and actually works quite well. So a good starting point would be to install an end-to-end encrypted messaging app like Signal or Wire on your smartphone to keep your private messaging and phone or video calls secure.
Next up is email. Remember: Email was not really designed with any privacy or security in mind, so basically all unencrypted messages can be read. The NSA, for example, is able to “listen to whatever emails they want” through tapping into central network points. (And they might also not be very impressed by that cute confidentiality notice in your signature.) Email can be encrypted with PGP [1 / 2 / 3] or S/MIME. Alternatively, you can create an account at an encrypted email service like Protonmail (based in Switzerland) or Tutanota (from Germany). If you’re running your own email server, consider delivering mail over Tor’s hidden onion services.
Another promising tool is Keybase. Keybase is a public directory of people and also offers a command line client including Tor support and a free, open source security app. With the app, you can connect and chat with other Keybase users and even exchange files through public and private folders — and everything is encrypted.
For safer browsing, especially when you access the internet via public or hotel WiFi, consider the use of Tor and its Tor Browser (a modified version of Firefox) or a VPN service like Mullvad. If they are used in the right ways, both Tor and using a VPN provide good protection against traffic analysis and prevent the sites you visit from learning your physical location. Tor Browser even helps to protect you from browser fingerprinting, a technique where available features and certain properties of your browser like installed plugins or a list of system fonts are used to create a unique fingerprint of your system.
The Electronic Frontier Foundation offers further useful guidance and tools for safer online communications on their surveillance self-defense website, for example Privacy Badger, a browser plugin that blocks spying ads and invisible trackers.
What measures you take to protect your privacy is totally up to you, of course. It also depends on the level of security you need: Journalists, lawyers, activists, scientists will all surely need more protection to operate freely than “normal” users who just want to buy some clothes online. But still, we must not go on like nothing happened. Changing some of your habits and protecting yourself will have a small impact, but it has an impact. First on you, then on others. So get involved but also make sure to talk to friends and relatives about the topic. You’ll be surprised how less they really know — and thus care.
Change Is the Law of the Web
The way the web works in the future will be influenced by forces of all kinds. If some of those forces want to undermine privacy and other basic civil rights, it is up to us to act as a counterbalance. It is up to us in which direction the web evolves and which forces are being emphasized. If we want to protect everything we have come to love about the free, independent web, we need to act now. In fact, we will need to develop the web further, but in the right direction. This includes that we understand, that we as web citizens are part of something that is far bigger than us, yet it still can be influenced and shaped in a positive way. As Tim Berners-Lee points out, “it has taken all of us to build the web we have, and now it is up to all of us to build the web we want.”
And while protecting our communications data is a good first step towards a more secure and independent online experience, taking back control over our data eventually means reconsidering the way we create and consume content online. So the second part of this series will highlight concepts and ideas about how we can build and promote a new set of tools which enable an open, independent, and resilient web. A web for everyone.
Header image shows a distorted version of John Trumbull’s painting “Declaration of Independence” that depicts the presentation of the draft of the Declaration of Independence to Congress. Original image is in the public domain, retrieved via Wikimedia Commons