By Jemima Kiss
The Guardian
Consumers worried about their internet privacy in the wake of the online snooping revelations have the option of using some alternatives to the likes of Google and can try to use more secure forms of communication – if, that is, individuals believe maintaining their online security is worth it.
What services could be affected by Prism?
According to the National Security Agency documents seen by the Guardian, a programme called Prism has been used to gather information from users of Google, Facebook, Apple, Microsoft, Yahoo, AOL, PalTalk and Skype since as early as 2007. Services affected are likely to have included Google’s search, Gmail and YouTube, Yahoo’s email and Flickr photo services, Microsoft’s now defunct Hotmail email service, and Apple’s mail and music products.
How do I work out how exposed I am?
There are tools available to help visualise how consumer data, as well as activity online and on mobile phones, are tracked. Online privacy initiative Me & My Shadow allows users to select the services and platforms they use, and maps the risks associated with that activity. It also suggests alternative tools and masks to hide online activity.
How can I anonymise my online activity?
There are straightforward search tools, such as Duck Duck Go and the Firefox browser extension Priv3, which won’t track your search history. Click&clean will clear your internet history, too.
The more heavyweight option is to mask your IP address, the unique identification number of every device that connects to the internet, and there are three main choices:
The Onion Router, or TOR, is free and will disguise your IP address, but can be complex to set up. Another option is to use a different server or proxy, which can be done by changing individual access settings on your machine. The third option is to subscribe to a VPN service.
A “virtual private network”, such as BolenVPN or Astrill VPN, will encrypt and anonymise your information for upwards of $10 per month. For the ultimate in internet armour, there’s even a complete secure operating system called Whonix.
Rik Ferguson, vice-president of security research at Trend Micro, said the complexity of something like Tor is not likely to be relevant for most web users: “Unless you’re conducting research for humanitarian projects where you feel there may be inappropriate government-level interests, it is too much effort to go to.
“Most of the material you are looking at are public resources, material made available to the general public, so it’s just not relevant for the general public’s use of the internet.”
How can I stop my information being tracked and used by ad networks?
The browser add-on Ghostery visualises who is following you across the web, such a ad targetting tools, and will block them. Collusion for Firefox creates a real-time map of the information you are leaving across the web. There is a swathe of tools to mask identity, location and personal information specific to other services such as the Please Don’t Stalk Me Twitter app, which shows an alternative location, Sharemenot , which stops Facebook ‘likes’ being recorded until you click on them and Adblock Plus stops certain elements on a page being downloaded.
What about social networks?
Social networks are by their nature intended to be at least partly public. Consumer awareness is relatively high about how Facebook, among others, uses the personal data of its users.
The advice always given on social networks is if you are not happy shouting out the information in the middle of a crowded shopping centre, don’t put it online.
There may be a resurgence of interest in European social networks, which could include Friends Reunited, though many social networks in Europe have been either subsumed or overtaken by localised Facebook versions.
How can I protect my email?
Email should be thought of as a digital postcard. “If you’re not doing the equivalent of putting that information in an envelope then you are not taking steps to help maintain your confidentiality.”
Ferguson says Google has always been explicit about the content of email being automatically scanned to display relevant ads, though scanning by the security services might be more unsettling for users; when you break up with your partner, it’s no coincidence that ads for online dating appear.
One way of stepping up email security is to use encryption keys, and though it is effective it is quite unwieldy, Ferguson explains. gnupg.org provides a service based on creating two encryption keys. One is public and one private, and the user gives the public key to anyone who wants to send them an email. Another is Trend Micro’s Email Encryption tool, similar email encryption software that originated as a project at Bristol University. It uses the same principle of two keys, but the public key is effectively the email address and the tool can be used with web-based email as well as desktop email clients.
What is the risk from continuing to use Google, Facebook and the rest?
Professor Muttukrishnan Rajarajan, professor of security engineering at City University London, says there’s a balance between risk and convenience when using services online. Most consumers are aware that big corporates retain their personal data. “If you really want to have some value from the web, you are bound to give information away because there’s a tangible economic benefit for you.”
In reality, Muttukrishnan says, authorities are obliged to monitor and police the internet, and their minimal resources are focused mostly on aggregating trends and general behaviour in the population.
He explains that granular examination of individuals would be likely to be retrospective, if that person had been flagged as a security threat. “It’s more about patterns in activity that are evolving globally so I’m sceptical that this is threatening the privacy of individual users. Policing the internet is the same as policing the roads. It is part of the critical national infrastructure,” he says, so a policy similar to stop and search is realistic.