Get your hands (or your algorithm) off my data!

Big Brother is Watching you

I’ve never posted about privacy or data protection. Having lived in Mainland China, I have first hand experience of internet censorship though. No Facebook, Twitter or YouTube, that’s really annoying. News sites such as the BBC or New York Times are frequently blocked, unless you go around the great firewall with a VPN.

Since I moved to Hong Kong, these problems disappeared. I can enjoy ultra-fast internet and use cloud services. But, given the “bad” Chinese, I used services based in the United States. Surely, the country which always holds up freedom of speech wouldn’t dare screwing around with my data. How we were all wrong….

Since Mr Snowden talked to the Guardian we all know that the NSA and GCHQ are spying on us. The strategies seem to be different though. The NSA will obtain a secret court order issued by a secret court with secret judges (i.e. no oversight at all) to hijack your Google, Facebook, Yahoo, Apple or Dropbox account (especially if you’re a non-US citizen residing outside the US). The GCHQ on the other hand acts like a massive data-vacuum cleaner. They just collect all data going through the UK. And since the UK is situated on the outskirts of Europe it is a digital hub for glass fibre networks connecting Europe to North America, South America and even Africa and Asia. An ideal location for spying.

“I don’t care”, you might say. “I have nothing to hide so I’m not in any danger”. But this attitude doesn’t only show a total lack of interest about what’s going on around you, it’s also plain stupid. So if you fall in the latter two categories, just stop reading. This blog isn’t for you.

You have something to hide. All of us do. You might not be  plotting a terrorist attack. But I’m sure you have “secrets” that you don’t want others to know. You don’t want the conversation you just had with your colleague about your stupid boss to become public. And you don’t want your mother-in-law to know what you just told your girlfriends, namely that she’s a real pain in the ass.

So we all have “secrets”. And nowadays we communicate these secrets not only verbally but also via emails or messaging apps. So whenever you use electronic means of communication you should make sure your stuff is reasonably well protected.

In this post and over the next few weeks I want to introduce some applications and recommendations to keep your privacy and communication safe.

The easiest way to keep your privacy is not using social media, messaging or cloud services at all. Even better: don’t use a computer or a phone. Just live like we did 100 years ago.

While that is a save option I don’t think anyone enjoying a digital lifestyle will go for it. So let’s start with a few general guidelines to make your digital life more secure.

1. Don’t put all eggs in one basket. It’s convenient to have a Gmail, Picasa and Google+ account. But you’re using the same company (which makes most of its money with advertising). So spread your risk. If you have a Gmail email address, how about using Flickr (owned by Yahoo) for your photos.

2. Don’t use your Facebook / Google login for other sites. Instead, create an account every time using a junk email address.

3. Use multiple email addresses from different service providers. Set up one “junk” email address which you will only use for registering for newsletters or to sign up for websites. Don’t use your real name for this email address.

4. Passwords: Use strong passwords! Your second name combined with your birth year is NOT a strong password. A strong password is something like “RuW23$%Yi8@”. If you have too many passwords to remember, consider buying a Password application that stores all your password encrypted on your phone or computer. But even in this case, you need one strong password to access the application. An easy way for a save password: Take your favourite book and open it on, say, page 75 (because you’re born in 1975, if you’re born in 1990 take page 90). Now use the first letter of the next 15 pages. That’s your password.

5. Surfing: When you surf the net, every website is constantly tracking you and collecting information. Make sure to either use “Private Browsing” and/or empty your history and cache on a regular basis.

6. Sending Emails is like sending a postcard. Everyone who intercepts it can read what’s in there. Get an SSL certificate to encrypt your emails and use encryption software to encrypt your emails. I will cover this topic in a future blog post.

7. Cloud computing has become HUGE over the last few years. For just a few dollars you can get a massive amount of storage on servers. Given the recent revelations by Mr Snowden you might want to check where those providers host their data. I wouldn’t be comfortable hosting my data on servers in China or Russia. And four weeks ago, I also added the U.S. and U.K. to that list. I will also cover this topic in a future blog post.

8. Encryption is a necessity! But there are different kinds. Services like Dropbox encrypt your data. But they hold the encryption key. So they can decrypt your data anytime. whenever you choose a cloud service, make sure the data is encrypted on your machine and send over an encrypted connection to the server. That way, only you can access your data.

9. Most messaging and chat applications like Whats App, Lime, Ping or WeChat are insecure. Plus, all your messages are stored on some servers. So assume that whatever you send through these messaging apps can be seen by whoever intercepts it. There are secure messaging apps out there which I will also present in a later blog post.

Advertisements

Tags: ,

About Basti

I've been living and working for ten years in Greater China (Mainland China, Hong Kong). I'm working in the field of Product Design / Product Consulting and Manufacturing for accessories and wearable devices. My passions are travelling (especially China and Asia) and I used to ride a motorbike. Now, with two children, my hobbies switched to changing diapers, cleaning and feeding babies.

3 responses to “Get your hands (or your algorithm) off my data!”

  1. DWG says :

    While welcome your initiative to tell the user, I find that all trends are towards creating users that don’t know the risks and the working of applications and services any more. The more important it is to read articles as yours that educate the users and tell them the real risk involved in using the internet. Best is anyway to not use Facebook and similar services (resisted up to date to have a FB account).
    When talking about privacy, you mention that you used VPN but I wish that you elaborate a bit more about VPN’s, also for users that don’t live in China (as I do and I use it regularly).
    But reading your article, I thought you might find this application interesting for you, it’s the kind of password application you have been writing about storing your password with. How to get it:
    1. Just go on any search engine (If you are worried about your data, then don’t use Google as this one certainly logs all of the available data of yours) or go directly on sourceforge.net
    2. Search for Password Safe
    The good news: it’s free, It’s open source, it’s proven + good

    Safe surfing to you from Guangzhou

    • Basti says :

      I’ll cover VPN’s in the future for sure. My next article will be about a Dropbox alternative. Personally, I’m using 1Password. It’s available for the Mac at a whopping USD 50. But the apps for the iPhone / iPad are USD 7 and quite good. They also offer you to sync all passwords with iCloud or Dropbox so you can make sure that the NSA knows all your passwords at any given time….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: