2013-08-22

Surveillance, privacy (NSA, PRISM, ...) and encryption

It's been now a while that the "whistle-blower" Edward Snowden caused heated discussions about the NSA and it's PRISM program. Privacy since then got a big issue for many.

Some of my friends consider to close down their Facebook accounts, their Google Accounts and think of refusing many other internet activity.

That could be a good idea - if you want to have more spare time with your children, your family or your hobby - but to avoid being spied out they ignore a root problem:
  • Most of them use Windows: As long as you are using Windows and that machine somehow is connected to the internet you are at risk. As long as there is a feature in the operating system kernel to harvest your data that can be done already before encryption happens. Linux is Open Source and can be checked by everybody who understands the programming language (C). And indeed nations are interested in having an operating system that is secure so even the NSA has contributed code to Linux (SELinux). They want to spy out others but they are not interested in getting spied out themselves by others. ;-)
     
  • They don't refuse email: EMail is like sending a post card. Everybody (postman or IT guy) that sits between the sender and the receipient can see the content/text of the letter/mail.
    OK: Now, the more informed people are not thinking of using PGP. They usually find out after a while that while I can help them setting up their PGP encryption they need to have their peers also having the required software. While it is very easy to get started using PGP in Thunderbird using enigmail it might get a little more difficult to get Gpg4win to run smoothly not to talk about webmail <your favourite product here>. Oh, on Android you can use K-9 Mail and APG to send and read encrypted mails on the go.
    Apart from that even less people know that using PGP only the email content is encrypted, but not the header information like sender, recipient or subject. So when sending private encrypted mail it makes sense using a nonsense subject like "Thank you for the fish" ;-).
In many cases it is not a practical short-term solution to ditch Windows completely and switch to Thunderbird + encrypt all your mails. And you should also stop using your mobile phone (you can be tracked not only via GPS but also via antenna mast your mobile phone connects to). But as long as you don't do that and also do not encrypt any other data that you have saved somewhere in the cloud, it is quite irrelevant if you close down some of those accounts. Sincerely: Are you writing serious stuff in Facebook or Twitter that may really hurt your privacy if it would be made public for everybody?

There is always a tradeoff in having security and so is in having privacy. To avoid beeing hacked you can close down as many ports and sites as you want, but in the same time you loose access to features that might boost your productivity. We can be private and secure but then you wouldn't be able to use the benefits that the technical solutions offer.

Related posts: Pros and cons of cloud solutions, Administrator ethics, Social networking sites, Your holy machine, IT Dependencies.