Transcription edited by Kenli S.
Let’s start the first slide to put us in the theme. [James Bond theme music plays] This is to kind of put us in the spirit of the moment. [Music continues] Go to the next slide. Ok, I think we only had the royalty payment for about twelve seconds, so we may have violated that. Incidentally, for those of you, this is the book that’s out for sale. There’s still a few left, I’d be happy to autograph it because we had such a huge print overrun we’d like to get rid of them all. It’s actually pretty good, I must say. I wrote half of it and a constitutional attorney wrote the other half.
We’ve been talking about Libertarianism and obviously the way of thinking about life, and the internet really has the potential of being this marvelous libertarian, individual-oriented facility although it was invented by the US Defense Department, by DARPA, the Defense Advanced Research Projects Agency, back in the 1970s to be able to survive nuclear attacks by having every packet run everywhere else and nobody could control it.
We’ve come a long way since then because of course everything I’m talking about is public domain information. We have a scenario where literally; Big Brother knows who, where, what, how and now why we are searching the internet. I’m not going to spend too much time talking about Big Brother and all of the information that’s appearing in the papers today.
There’s another article today, if you read The Guardian, The New York Times, The Independent and it seems to be out of control, but in fact it goes back to the early–1952 when the then secret UK/US treaty created a massive international system of basically electronic monitoring and spying; focused on the NSA in the States and GCHQ in the UK, the Canadians, the Australians, the New Zealanders, etc. You can see there’s a pattern here. So we just have to assume obviously that everything is being monitored and it is on the internet, everything that you do.
This is a slide courtesy of the Washington Post and this is the latest of the several hundred different programs running at National Security Administration–Agency where they monitor Microsoft, Google, Yahoo!, Facebook, YouTube, Skype, AOL, Apple, etc. And they monitor everything. Email, chats, videos and so forth, photos, anything you list and post. And In fact, the process has been going on for some time in the latest generation.
Microsoft plugged into the NSA system back in 2007, Apple recently at the end of 2012. And that means that any information on their servers is immediately available to law enforcement security and again because of the goal of trying to look out for international terrorists and international terrorism.
And I think there is a certain philosophy in the United States federal government; that they want to know about everything, so they can sort through the mounds of documents to find the few items. I personally think that that is inappropriate for a variety of reasons, but more importantly; it’s just ineffective.
However, that’s the way it is and therefore you just have to assume from the standpoint of the government, anything you do on the internet is going to be monitored and even if you heavily encrypt all that does is delay the process. Maybe it costs 10 million dollars and six months to get the information, but it can be done.
So what I’m going to talk about instead is perhaps something that’s far more, in some ways, insidious, and that is the absolute process of converting “free lunches” (as in there is no such thing as a free lunch) to monetize the information that you’re inadvertently giving to all of the organizations on the internet that you use.
The reality is, of course, that everything that you do on the internet is essentially tracked: your email, your chat, your videos, your photos, not only by the government, but more importantly by the organizations themselves. I’m sure when you signed up for Gmail you did read the twelve pages, you did download the authorization you gave them, yes?
Yes, of course. I have done that, by the way, for many of them and I’m always amazed about the absolute agreement that we voluntarily give away in a contractual agreement. When we get something “free”, we give away something else that’s worthless: namely all of our privacy.
So we are going to talk about nine tips to claw back these things from the internet, it’s claw back your privacy, plus I have another six or so more.
Searching: Don’t use Google!
The first number one of all; is, don’t use Google! Google tracks everything! From the day that they started their first server in the 1960’s, any Google search that you have done is recorded. Where you went, what your IP address is (which reveals who you are, where you are located, etc.).
Instead use something else for Google searches. DuckDuckGo is great and also StartPage. I particularly like StartPage.com. This is a company based in the Netherlands. When you go to StartPage, it’s free. They also have commercial service so they can underwrite it.
StartPage does not record your IP address, it does not keep logs, it encrypts the communications channel to them, and then they go off and send the inquiry to Google. It comes back instantly and it’s displayed on your browser as if you’ve gone to Google, except you haven’t. And that is a tremendous advantage in terms of maintaining privacy.
DuckDuckGo is the second one. They are based in the States, in California and again it’s the same thing, another great organization. Not only do they use Google, they also look at six or seven other search engines simultaneously. So they are two slightly different services, they are both wonderful to use. So whenever I say “Google it” from now on in your mind think “StartPage it”.
Browsing: Use Firefox or Tor
The next item, tip number two, is use Firefox to browse. Whatever you do, don’t use Chrome. It’s another Google product and, needless to say, when you are using Chrome, your privacy is compromised and your information is sent back to Google.
They and their subsidiaries use it to make your browsing experience friendlier. That is to say once they know what you want to see, they will kind of direct you to those things if they can, rather than to allow you to make your own free choices. And for most people that works, because most people tend to be happy with the selection that Google tends to recommends to them.
And so if you want to ultimately maintain a private browsing experience you should use Tor; and you can get Tor from the Electronic Frontier Foundation, a wonderful San Francisco-based libertarian organization which specializes in maintaining internet privacy. They provide this free service called Tor which loads onto your computer, you just download it, click it, and it instantly installs and encrypts everything and then they run a special version of the Firefox browser; which I’ll talk about later, but basically it doesn’t reveal lots of information in it and it provides secure services.
Now Tor was originally started, by the way, by a grant from the US Navy, but developed by people in MIT and they developed the service so that the people who are in the military outside of the United States could successfully go back to the US and talk with their loved ones or do other searching or whatever and not be concerned about people listening in.
It is used heavily by law enforcement; it is used heavily by media, it is used heavily by dissidents in China and hundreds of other countries, it is a free service that I can’t recommend it highly enough. So the winner is torproject.com, or you can go to eff.org for more information about Tor. It is what you call a VPN, a virtual private network.
Email: Encrypt it!
The next item, of course, tip number three is basically use email services that are encrypted. You want to use email in which the email itself is encrypted when you send it to or from your computer to their computer. And then you want to have it encrypted on the server and you want to make sure that this encrypted system cannot be easily accessed by other organizations.
If you use Gmail, for example, Gmail not only reads your email, but depending on who you are, they ship the contents of your email off to other organizations. So if you say in your email, “Gosh, I really like that new Ford Focus that’s available.” Then the next time you log onto Gmail there are all these ads for Fords for Ford dealers and how to buy Fords, isn’t that interesting?
And if you say other nasty words, there are 250 or more on the list of “interesting words” that other agencies want to know about, well then they ship it off to other people. So you probably don’t think about email being a postcard, but that’s effectively what it is. You’re dropping something in the mail and it’s being sent post office to post office, and anybody along the line can, and does, read it, and then makes copies of it and saves it.
So you’ll want to use encrypted email, if possible. We’ll talk a little bit more about that later. There are a number of services that are offering encrypted email, and some of them are quite expensive. Corporate encrypted email might be a thousand dollars per email account per year, but there are some services that are on the order of about $30-$40 a year, which give you high security.
Video calls: Switch to Jitsi
Now the other next tip is, try the alternative services for the kinds of services you use. For example, Skype; on that first chart I showed you, has been completely compromised, any Skype call that you make is not secure. So you can use a free version of Skype, which does encrypt the audio and video, and it’s called Jitsi.
You can go to jitsi.org and do your chatting through Jitsi. It is just like Skype, only encrypted and secure. It’s what Skype would have been or used to be when it first started. Video chatting, there are other options: video viewing, file storage; let’s just look at some of them. So for chatting, we also have some other examples; video chatting, there’s Goober, video viewing instead of using and uploading files to YouTube, which of course is also a subsidiary of Google, so anytime that you look at a YouTube file, it’s recorded; that information is recorded by Google and it’s available for sale to the Google customer base of advertisers. And then if you want to store a file on a server, somewhere that’s not your own, you want to use Tresorit, which is an interesting encrypted service for keeping your files safe.
Keep things to yourself
Tip # 5 is: Be Anti-Social. This of course comes naturally to libertarians, but for unlike all the progressors who want to share everything in their whole lives with everyone, that reminds me of the classic phrase, “Well if you have nothing to hide, why do you care about loss of privacy?” And my retort to that is, “Well I mean that’s probably what the KGB and the Gestapo used to say.
But more importantly, when you get into an elevator or a lift for our English friends, on the first floor you’re talking to someone and you go up and you’re talking to them on the elevator and the elevator goes up to the second floor and other people come in and what do you do? You stop talking; then you wait until they leave. Well those are perfect strangers, why do they care? So the answer is, I don’t think it’s anybody’s business, period. You have a right to an inalienable right as they would say in the U.S. to privacy.
So, the problem is any kind of social intercourse, particularly with Facebook, is particularly nasty. There is a program called suicidemachine.org, which will delete all of your materials. There are actually people out there who say, “You don’t want in this Face book anymore? Download our software.” And then of course you have to trust that it’s going to do that, but these are good, vetted programs.
Turn off your smart phone
Next tip, you know every smart phone you have is in fact a spy phone, masquerading to be a smart phone. Smart phones track you completely and in many ways. If you have an Apple phone or any of the modern smart phones, the GPS system records every picture that you take, unless you’ve turned it off. So lots of people have discovered to their horror that they take pictures of their children and the latitude and longitude and altitude because smart phones know how high it is, as well; are then encoded into the picture header (anybody can look at that), and then they put them up on Facebook or whatever and so some child molester has easy pickings.
They can find out where the child lives, what bedroom they’re in, etc. etc. etc. And that’s because people don’t know that this service has been turned on as a feature and you have to turn it off yourself. And that’s one of dozens and dozens of services that smart phones tend to automatically provide you.
For example, there are apps, which are installed in smart phones and roughly half the apps don’t encrypt anything, so when they’re transmitted it’s public information. Half of them provide hidden tracking locations; they spy on where you are. Apple back in 2011 said that it would turn off the ability to track people without their knowing it and it provided this recommendation to apps and it still hasn’t happened for the apps in most cases.
Turn off Wifi
Tip #7 is: Turn off Wi-Fi when you’re wandering around in the streets because Wi-Fi when you walk by, if you’re using a smart phone with a cell phone access, well and then use it in cell phone mode and turn off the Wi-Fi until you want to use it. You walk past a Wi-Fi point it triggers all of the phone responses in the area and immediately you’re tracked and you know, “Oh there’s phone number so and so. It’s at that location and at that point.
So in England and London, several weeks ago, I was reading in the paper that as an experiment they’re installing; privately installing I mean it has nothing to do with governments, privately installing Wi-Fi detectors in trash cans throughout England; throughout London, so that when you walk by the trash can the Wi-Fi point says, “Aha! You have just walked by this trash can!”
Even if you’ve turned off your GPS tracking and then they send that back to some database and then maybe the next store you get to there’s a little delivery information in your cell phone that says, “For you only! Special deal! 10% off if you go into this store right now and buy those set of hiking boots” or whatever, right.
If you have to, of course, use Wi-Fi in unprotected Internet; like at say a Starbucks or equivalent, you want to use a VPN– a virtual private network again whenever you log in to the Internet; especially, when you read your email because it’s probably likely that the person next to you or maybe the person down the street has got one of those free programs that you can download– load on your computer and listen in an track everybody else’s computers that aren’t encrypted operating in the free Wi-Fi area.
Encrypt, Encrypt, Encrypt
So Tip #8 then is: Encrypt, Encrypt, Encrypt. Encrypt everything on your hard drives; there’s a free program, marvelous called True Crypt. Encrypt all of the services as much as you can with Impossible to crack passwords there is a lot of information on how to do that. And then, of course, nothing is entirely secure because a smart enough hacker who really wants to access your email will probably be able to do so, given enough time and money.
Tip #9: Use Virtual Private Networks such as TOR. So a virtual private network means that you log into their system. Many of them are free. Some of them are faster ones, of course, they are subscription oriented. Pay $50-$100 a year to paid ones (TOR is free) and you pop out from their network in another part of the world with another IP address and everything between your computer and that distant computer is secure and the distant computer doesn’t reveal who you are. So that’s a popular way to surf the internet.
Now here are a few more in summary, a few more in tips. You know when you go into a DNS server, it’s probably your settings on your computer probably set up so your DNS server automatically defaults to your local internet provider.
Or if you’re smart, you’ll use something like 184.108.40.206 which is Google; except that doesn’t work. So it turns out that there is an organization opendns.org, that has developed last year and encrypted DNS service. And you say, “Well wait a minute, why do I care? “Well when you type the name of the site you want to go to in a browser, the internet doesn’t know what that is, internet numbers are 220.127.116.11.19 right, they’re not names, people like names. So how does this system work? Well your browser first interrogates, goes to a local DNS server, and says, “Hi I’m trying to look up oxford.ac.uk”.
Right, the DNS looks it up from his table and says, “That’s really 207.196.3.” that was unencrypted, you just sent that stream open as a postcard, your ISP knows it, they record it, some of them keep it forever, anybody along the line knows it and records it. So you can go OpenDNS and you download the DNS crypt and it’ll automatically go to their service encrypted; it’ll keep records.
And that’s just another way of lowering… you know it’s none of anybody else’s business what you’re surfing! And then you can use Linux and not Windows or iOS; that’s critical of course. In 1998, there was a Canadian programmer who was meandering through the countless downloads that Microsoft constantly does to patch their operating system every week. You know, it could be every twenty minutes now for all I know, but then it was once a month or so, and he looked at a download, and he discovered that they didn’t strip off the programmers comments, which are in English.
And my God, that’s, that’s like a mortal sin that you cannot recover from. This reveals all the secret information, what every line of code does to your competitors. So he goes over to the crypto-module, and the crypto-module is the module in your computer that says, when Microsoft says, “I’m God. I’m root server. Unlock. I’m gonna take over your operating system and fix it, patch it, turn it into a next improved and make it all safe.”
Well, there are two keys in that crypto server; they are normally called Cryptokey 1 and Cryptokey 2. And he was looking at the comment line and he said, hmm, that’s interesting. The first key is called Company Key, and the second key is called NSA Key. Hmm, wonder what that means? Well, it’s obvious what that means.
To get permission to export this highly encrypted technology, both Apple and Windows had to provide back doors into every machine. Which means at any time that the Government wants to; it can download, turn on your camera, turn on your microphone, do keystroke captures, and send the material back when you’re using these operating systems that have been approved for export with highly encrypted information in them.
Under the US Commerce Department’s control, these highly encrypted systems come under the so-called Munitions Act, and they’re considered under the same rules and regulations as shipping off bazookas, or worse.
So, Linux is an open-sourced system, it doesn’t do that, there aren’t any back holes, so I would recommend, you know, using Linux, if one wants to. Then, it gets even more interesting, it turns out that just because your browser doesn’t have a serial number, it doesn’t reveal who you are, and you now go on through a virtual private network, and hidden everything, ha-ha!
Your browser is different from my browser. And it’s different from everybody else’s browser, and how to prove that is go to panopticlick.eff.org, and they will tell you out of the millions of browsers that they’ve looked at how unique your browser is compared with everybody else’s.
Now, of course, to be anonymous, you want your browser to look like everybody else’s, right? So you’d like your browser to look, if there, if there are a hundred million browsers operating, you’d like yours to be, every other one be just like yours. You’d be a needle in a haystack. However, typically, your browser will reveal that you’re one in ten million, one on fifteen million, one in twenty million. And, based on the operating system, the time of day you call in, the time settings, the language you’re using, what software you’re running, etc, you’re unique.
And it’s not hard to track you, and lots of these websites subscribe to third-party companies, or three of them, which then transfer the data automatically. So if you log into Amazon, for example, or maybe others beside Amazon, and they’re part of these private corporate systems, they will capture the information, and when you log onto another website, they will share the information instantly. And so you have a database built up across multiple websites, and if you logged into one of those sites with an email address, that’s also associated.
So you have, you have literally hundreds of pages worth of information based on the browser you use. Now what’s nice about using TOR, is TOR loads its own browser into your…it starts, it launches it automatically on your, on your computer. It’s a version of Firefox. It’s a plain, simple browser. It turns off things like flash, you never want to run flash; it reveals lots of stuff.
As an aside, by the way, you probably don’t want to run Adobe’s pdf program, Adobe Reader, anymore, I just found this out a few weeks ago. Every time apparently you log into, you open an Adobe file, the Adobe Reader reports back to Adobe the file you opened, and who wrote it, and what computer it’s on, and the time of day, and the location…that’d be pretty nice, you can use a freebie system like Nitro, Nitro.org, I think. You can replace that.
I would install a firewall, like Zone Alarm, or Komodo. They’re both free. And fire alarms, firewalls are important because they obviously block unexpected outputs going in and out. Before I loaded, uh, I was just running programs on my computer, something…and not doing anything, something like twenty-five programs were open running and communicating. I said, “My God, what are they doing?!” They’re all waiting for updates, they’re all saying information.
And, you know, with these firewalls you can shut them down, you can turn off the things that aren’t important. I would go to GRC.com. They check firewall leaks that are marvelous. A guy by the name of Gibson developed a computer program company for 25 years, free services, tens of millions of computers have gone to it, and he tests your computer for you and tells you whether it’s secure or not in terms of ports. And the last things, of course, if you’re really ultra-paranoid about privacy.
Use the Post Office. Mail it. You know, there is thing called the post office, it still exists. They’re lovely people. They love to see you. You can…it’s a very physical interaction, you can get this little sticky thing, you can put it on your tongue in some countries, lick it and reconnect with, uh, the horsey population. Put it on an envelope. Off it goes, and it’s much safer.
So, having said that, there are lots of smart phones, of course, in this room, all of which are actively reporting all of us, we should say just, you know, be happy and try to minimize, obviously, what’s out there waiting to bite at you, and there are lots of ways of doing that. Thank you very much.
See more videos from the Lausanne Conference
This is a transcription of Terry Easton’s talk at the ISIL 2013 World Conference.
Transcription edited by Kenli S.