Protect your privacy and online communications enhancing your digital security
Edward Snowden and Wikileaks’ revelations showed the world how the American CIA, NSA and the UK GHCQ were exploiting American and English Internet service domains to spy on citizens around the world.
There is no reason to continue doubting the existence of a global communications interception system. In addition to the US and UK; Canada, Australia, and New Zealand are also involved, among others. The listed are known as the ‘5 Eyes’.
It is more than likely that government agencies in these countries are spying on people through smartphones, computers, televisions and even cars.
Not only by accessing the information stored in the devices, but also by converting them into microphones and activating the cameras when they consider it appropriate and having access to our most private moments. Most of this is considered unethical and immoral if not downright illegal.
We live in an Orwellian reality
The world’s leading powers store so much information about our Internet traffic that they are able to create a very accurate profile of us, our movements, habits, religious beliefs, political positions, relationships, and even sexual preferences.
We can think (erroneously) that all this espionage or mass surveillance does not affect us because we are not people of interest to be potential victims of any government agency. We don’t seem to mind Big Brother because we are not political leaders, activists, military or journalists. We have nothing to hide.
But it’s not like that.
Privacy is a natural human right. The argument is not whether it has something to hide, but whether we, as humans, have the right to be safe and secure in our personal space.
Nor do we have the ability to know the future. All this information can be used against us at any time and for the most absurd reason, you can imagine.
There are innumerable examples of how governments around the world, especially the ‘5 eyes’ have overstepped the limits and consider it important and necessary to gather as much data as possible about us … to protect us.
We live in the big data era, where information is stored in massive data silos for an indefinite period of time.
We must understand the internet as a real scenario (like our home or a street), where we can have real-life situations.
It’s not just that governments can violate our privacy, which is already serious. The biggest concern is that they can exploit vulnerabilities of massive-use digital devices and/or services and not properly report them which makes us all one step away from being at the mercy of cybercrime.
This could potentially allow cybercriminals to access and steal our private digital property, such as compromising our digital identities and even accessing our bank passwords or cryptocurrency wallets.
Unfortunately, digital security challenges are not only due to espionage promoted by states or cybercriminals.
As entrepreneurs, we must be aware of our responsibility for the security of our systems and the protection of our users’ information.
There are a lot of non-secure applications that we use daily which connect without the proper SSL encryption, allowing attackers to intercept our traffic and inject malicious JavaScript or HTML code.
Many of them lack alternative authentication options to help mitigate the risk of spoofing attacks or do not validate the authenticity of digital certificates received from a server or do not leverage an operating system’s own security features designed to limit the risk of attacks for memory corruption.
As users, we must take measures to minimize any infiltration to our privacy.
Fortunately, there are several tools you can start using today to improve your digital security for more internet and communications security and privacy.
Easy to implement steps to protect your privacy
For starters, you may want to use a search engine that does not track all your traffic like DuckDuckGo.com.
You can also use a VPN. A VPN (Virtual Private Network) is a computer network technology that allows a secure extension of the local area network (LAN) over a public or uncontrolled (the Internet) network. It allows the computer in the network to send and receive data over public networks as if it were a private network with all the functionality, security and management policies of a private network.
With a VPN you can choose the location of the IP address with which you want to connect making it possible to use different IPs for each connection. In addition, you may use DNScrypt or similar software to hide your DNS.
At flag6.io we have a list of the characteristics of several VPN to find the one that best suits your needs.
You can encrypt your email conversations using PGPmail.
PGP uses encryption keys to encrypt and decrypt a message that can be sent over a less than secure channel. You need to exchange PUBLIC keys with the person you are sending a message to (send them this as an attachment to an email) I suggest using Thunderbird and Enigmail. Enigmail is a security extension to Mozilla Thunderbird that allows you to write and receive email messages signed and/or encrypted with a set of PGP keys.
You may elect to use encrypted voice calls and chats programs such as Wicker, Telegram and Signal among others.
If you use a PC, you must have your virus scanner updated. Spyware, malware, and viruses are common if you are downloading files on a regular basis, therefore a virus scanner is a must.
If you use Mac, you could use Little Snitch to monitor your ongoing and outgoing computer traffic and control which programs are accessing the internet.
You should set up two-factor authentication (2FA) for all your accounts. Most commonly you can pair a password with your phone and a tool like Google Authenticator or Clef. Other more important services like banking can often allow you to get multiple factor authentication with 3 or more verifications (banking dongle, password, cell phone text message, etc.).
You must be cautious when using public networks.
Hotspots (particularly airports, hotels, coffee shops) are the most vulnerable places you can access the internet. While it might be convenient to use public wifi, you may be exposing yourself to a MITM attack. A man in the middle attack is where a person builds a bridge between your computer and the router you are connecting to, stealing the data packets you are sending to the router. Basically, the person will impersonate the router and then when you connect to the router, you are actually connecting to a malicious source.
Close your Dropbox account, use an encrypted self-hosted cloud storage and pay with cryptocurrencies (more on that in upcoming letters).
And last but not least: don’t use Facebook, or at least be careful on the personal information you upload and comments you make there.
These are just some easy steps for starters. They do not require much knowledge and you can carry out from today. To learn more you can consult this article.
Would you like to receive the Flag Theory Master Course in your email?