Monday, July 22, 2013

How to keep your info private (even from the NSA)

OFF THE WIRE
Thwarting the efforts of a billion-dollar super-secret government spy agency -- or anyone else who wants access to your personal information -- is not that difficult.
This post comes from Dan Schointuch from partner site Money Talks News.
With the recent revelations that the NSA and other agencies have been tapping into corporate streams of data that can provide them with massive amounts of private information about U.S. citizens, now is a good time to start thinking about how best to keep your private information private.
 Not a big deal, you say? Well, whether you're concerned about the government digging through your personal data or not, you should be concerned about protecting your privacy. According to the Department of Justice's most recent National Crime Victimization Survey, "In 2010, 7% of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization." That's almost one in 10, with 76% of them experiencing direct financial loss as a result.

Imagine that statistic was for bank robberies or home break-ins. If one in 10 Americans had their bank accounts emptied or their home broken into, we'd all be living in fear. And yet, that's happening every year to our personal information. Making that information harder for someone else to obtain is Step One in preventing identity theft.

And not all identity theft is of the "crime" variety. There's a famous quote that I'm paraphrasing: "If you're using a website and you can't figure out what they're selling, you're what they're selling."

Many corporations make a living off of selling or processing your personal habits and preferences for marketers, retailers and government agencies, practically without your knowledge. Since you're not being paid for this information, and (unless you speak legalese and love spending your afternoons reading "Terms and Conditions") you're not aware that it's being taken and used in this fashion, I'd consider it "theft." But since the government has yet to agree with me, the best way to prevent yourself being used in this fashion is to get a little more serious about your privacy.

In this article, we'll focus on the things the NSA has reportedly been looking at. It's reasonable to assume that if you can stop them from taking a peek at your private information, you'll have stopped hackers and others, too. Fortunately, thwarting the efforts of a billion-dollar super-secret government spy agency is not that difficult. You just need to know which services to turn to.

It's important to note that everything in this article is public knowledge. If you're worried about terrorists reading it and figuring out how to thwart our government's best efforts at finding them, don't be. The terrorists already know this stuff. You, however, might not.

1. Your phone If you're looking to keep SMS messages secure and you have an iPhone, there's a free app called Wickr that can help. The app uses end-to-end encryption without storing the keys for decryption on its servers. What that means is that when you send a message to someone else using Wickr, nothing you say can be read by anyone at Wickr. Because of that, there's no stream of plain text messages going back and forth that the NSA or anyone else can siphon.

To make voice calls, the easiest option is Silent Circle, but you're going to have to pay for the privilege -- $20 to $29 per month to call other Silent Circle users, with an optional add-on to safeguard calls to everyone else. Joining Silent Circle also gets you secure chat, email and video calling.

If you're an Android user, you have a few more options than iPhone users do. For text messages, there's Gibberbot. Like Wickr, Gibberbot is free and promises more secure messaging.

And for calls, check out RedPhone. When calling someone who also has RedPhone, everything you say is encrypted, making it much more difficult for someone to listen in. Plus, it's free and uses your data connection, not your cellular voice. So not only will your calls be secure, you won't have to pay for the minutes either.

More Android apps to check out:
2. Your Dropbox
According to documents released by The Guardian and The Washington Post, Dropbox is "coming soon" to the NSA's spy program. If that were to happen, documents, tax records or other private information in your Dropbox folder could be subject to government monitoring. Add to that Dropbox suffering security breaches in the past, and they're just not safe enough for me. The solution? SpiderOak.

SpiderOak is just like Dropbox -- there's a folder, you put stuff in it, that folder syncs between computers and devices -- but with one important difference: good encryption. Everything you put in your SpiderOak Hive (that's what they call their syncing folder) is first encrypted on your computer using your password, then sent to the SpiderOak servers.

This means that even SpiderOak can't read your data without your password; it looks like gibberish. So if someone (the NSA, a foreign government, or a hacker in Latvia) manages to get into SpiderOak's servers, they won't be able to see what you've stored there without breaking one of the world's most advanced encryption algorithms (one the NSA trusts to secure its own data).

But SpiderOak can also back up any file or folder on your computer, sync any file or folder on your computer, and share any file or folder on your computer. This makes it a great one-stop-shop for all your syncing, sharing and backup needs.

There's a free plan that offers 2 GB of data, plenty for storing tax returns, scans of important documents, photos, small videos, and other data that you would prefer was stored securely. If you need more space, they offer it for a fee. Prices are almost identical to Dropbox, starting at $10 for 100 GB.

3. Your social network
Unfortunately, there's no good option here. You join social networks because you want to share things with others, or connect with people you know and see what they're sharing. Typically, this includes things that you might use as password reset reminders on other sites: a pet's name, your mother's name, high school you attended, favorite sports team, etc. That means that if a hacker or the NSA can gain access to your social media profile (either directly with your password, or indirectly by pretending to be someone you know and friending you), they can probably find enough information to gain access to your accounts on other sites, as well.

While there are a few start-up social networks that offer more advanced encryption of your data, they're complicated to install, and even more difficult to get everyone you know using them, too. For now, the best option is to assume that anything you post on Facebook, Google+, Twitter, Pinterest, etc., will eventually be read by everyone in the world. That way, it won't matter much if someone gets access to your data, be that a government agency, a jilted ex-girlfriend, or simply a prospective or current employer.

To share more securely, use something like SpiderOak or a secure messaging program to share directly with those you trust.
Who's Gathering Data on Your Child?