Yesterday I installed the Firefox (and Chrome) extension, HTTPS Everywhere. This free add-on from the Electronic Frontier Foundation automatically forces a secure HTTPS connection in place of a regular HTTP connection, when HTTPS is available.
Just now I belatedly downloaded the TOR Browser Bundle. Been meaning to do that for a long time.
Although they each got to work quickly and without fuss, in both cases, I found myself plunged into a world of geekery and confusion. (Do you want to “use the SSL Observatory?” Shall we “check certificates even if TOR isn’t available?” No installation needed; just extract! “… only advanced users should need to modify their torrc file directly.”)
Now, although I’m by no means a geek, I do have longstanding credentials as a paranoid privacy nut. When I originally wrote this, I listed all the privacy protections already on this system, then I had to take the list out because it got insanely long-winded.
Besides all those add-ons & such, I’m also pretty fearless about just punching buttons and seeing what happens. (“Hey, what’s the worst it could do? Cause my computer to turn inside out and explode into a time warp?”) So you’d think I’d find this stuff at least a little bit easy. Nope! It’s still way over my head!
Online privacy protections suffer four big problems:
1. They’re time-consuming and confusing. Even the ones that install and work effortlessly will bombard you with questions about which you have no clue and ask you to set settings you can’t possibly understand.
2. You have to trust that they’re doing what they say (even if they’re open source, because how many of us can actually read source code?) and the whole point of this exercise is that you shouldn’t be so trustful. Alternatively, with some of them, like NoScript, you can clearly see what they’re doing — and occasionally what they do is make it impossible to do what you want to do on your computer.
3. There are some things you can’t adequately protect against (e.g. the infamous “metadata.”)
4. What’s protected today could be compromised tomorrow and it would be a while before we knew. (We also have to use the privacy protectors properly to avoid compromising ourselves, but that’s another issue.)
Oh, and there’s a fifth problem, hinted at in my deleted list of Stuff I’ve Already Done: there are so many possibilities for privacy-protection add-ons and methods that … how the heck do you even begin to choose which five or 10 or 15 you should use?
Post-Snowden, good folks have made marvelous attempts at boiling down and clarifying the best available privacy protections.
I already linked to the lovely Prism-Break site — which gives about as good and clear an outline as you could wish: proprietary baddies on the left, open-source (or at least free) alternatives on the right. Just what you need in any category (operating systems, browsers, chat, VOIP, etc.).
The above are all really helpful and, as far as possible in the confusing world of e-data security, brilliantly organized and spelled out. I recommend them. You won’t go wrong by following most of their recommendations.
When you have a free week or so, that is. And assuming you’re either significantly computer literate or as
idiotic fearless as I sometimes am about “just punching the button to see what happens.”
Again, as with yesterday’s screed, I’m not saying, “Oh, this is too hard or too dangerous; we should all just give up.”
On the contrary. I just think there’s a huge need for some of this stuff to be presented in small, non-geeky bites. I’d like to propose we here at the Living Freedom blog try this:
Let’s pick five very useful programs and have a “Privacy Protection of the Week” feature, each week featuring a different browser extension or program.
Then, everybody who can will go ahead and install that protector. Right then. Without putting it on the “to do sometime before the heat-death of the universe” list.
Let’s stay away from the ones most people would stumble over (“You really MUST install Linux, then encrypt everything with GPG!”) But one-by-one let’s feature a useful privacy protector, explain what it does and why it’s a good idea to have it, tell where to get it and how to use it, then maybe some of you geekier members of the Commentariat could answer questions from people who are still uncertain or confused.
Even this could get a little tricky. Obviously some things work only on Firefox and IE users are just stuck, or some things install completely differently on Windows than Mac or Linux. Some things are strictly for smartphones (and I know nada about smartphones), others more old-fashioned.
But I’m asking. If you don’t have a lot of privacy protection on your computer and the whole business seems overwhelming, what kind of EZ protection would you like to have? And you guys who are already privacy gods, which EZ programs or extensions do you think we could walk through in a “Privacy Protection of the Week”?