Anonymity and privacy are not about closing the door when you go to the bathroom. For the individual, they might be about personal autonomy, political liberty or just protecting yourself in the digital world.
For the enterprise, employee privacy mitigates the risk of social engineering attacks, even blackmail. The more an attacker can learn about key people within an organization, the more targeted and effective they can make their attacks. Educating employees about how to protect their privacy, therefore, should be a core part of any security awareness program.
You can take specific, concrete steps to protect your privacy or that of your organization’s employees, but they require energy, time and some technical know-how.
Privacy vs. anonymity
The universe believes in encryption, a wise man once opined, because it is astronomically easier to encrypt than it is to brute force decrypt. The universe does not appear to believe in anonymity, however, as it requires significant work to remain anonymous.
We are using privacy and anonymity interchangeably, and this is incorrect. An encrypted message may protect your privacy — because (hopefully) no one else can read it besides you and your recipient — but encryption does not protect the metadata, and thus your anonymity. Who you’re talking to, when, for how long, how many messages, size of attachments, type of communication (text message? email? voice call? voice memo? video call?), all this information is not encrypted and is easily discoverable by sophisticated hackers with a mass surveillance apparatus, which is most these days.
A final thought before we dig into specific technical tools: “Online” is now a meaningless word. Meatspace and cyberspace have merged. We used to live in the “real world” and “go online.” Now we live online, and things like geotracking of cell phones, facial recognition in public physical spaces, and so forth mean no amount of “online anonymity” will help you if your meatspace self is not also anonymous, which is nearly impossible these days.
Here are some steps to being completely, absolutely, but not really, only a little bit anonymous.
1. Use Signal
You may have heard the mantra, “Use Signal, use Tor,” and while this one-two punch combo is a great start, it won’t take down your opponent. Signal is the best-of-breed encrypted messaging app that lets you send text messages and voice memos as well as voice calls and audio calls. It looks and feels just like any other messaging app but under the hood uses encryption that, to the best of our knowledge, not even the National Security Agency can brute-force.
What about the metadata? Any network-level adversary can tell that you’re using Signal, for starters, and if your adversary is the U.S. or Five Eyes, then they have mass surveillance access to all Signal traffic and know who is talking to whom, when and for how long.
The makers of Signal are well aware of these technical limitations and are researching ways to push the boundaries of what’s possible. Metadata-resistant communication is an unsolved, cutting-edge technical research problem.
Bottom line: Signal is the most secure, easy-to-use messaging app available to date, and offers marginally more anonymity than any other app. Do not rely on it for strong anonymity, however. In fact, it’s questionable whether anything provides strong anonymity these days, which brings us to Tor…
2. Use Tor
Tor is the largest, most robust, and most effective metadata-resistant software project, and the Tor Project does great work in the space, but the technical limitations of how much anonymity Tor can achieve have been evident to researchers for some time. No clear fix or replacement looms large on the horizon.
The Onion Router, better known as Tor (which is not an acronym by the way; the initial-caps spelling is a shibboleth to identify outsiders) is optimized for low-latency web browsing, only supports TCP (not UDP, sorry torrenteers), and won’t work when accessing many larger websites, as they block access via Tor.
Tor does not offer guaranteed, complete anonymity, even for web browsing, but it is the best thing we’ve got at the moment. Like so many things in life (and the internet), Tor is dual use. The same technology journalists use to research stories anonymously is also used by criminals to do bad things. When you hear folks badmouthing the scary “Dark Web” and suggesting “someone should do something,” remind them that just because bank robbers drive cars on the highway doesn’t mean we propose banning cars or highways.
The Tor Browser should be your go-to choice for mobile usage. The Brave browser also offers a Tor option. There’s an official Tor Browser app for Android devices and OnionBrowser offers a Tor Project-endorsed but unofficial app for iOS.
3. Don’t expect anonymity from VPNs
VPNs are not anonymous. There is literally nothing anonymous about using a VPN. No anonymity here. Did we mention VPNs don’t offer anonymity? Just wanted to make sure we’re clear on this point.
Since everyone expects VPNs on a list of anonymity tools, we’re going to debunk the idea instead. All a VPN does is move trust from your ISP or, if you’re traveling, your local coffeeshop or hotel or airport WiFi network to someone else’s server. There are many legitimate security reasons why using a VPN is a great idea, but anonymity is not on that list. Anywhere. Not even at the bottom.
Unlike Tor, which bounces your traffic through three Tor nodes spread across the internet, making it very difficult, but not impossible, for an adversary to see what you’re doing, a VPN simply shifts your traffic from your ISP (at home) or coffee shop WiFi (on the road) to the VPN’s servers. That means the VPN provider can see all your traffic. That means that an adversary that gains control of the VPN’s servers, by hacking them or by serving the VPN provider with a court order, can also see all your traffic.
VPNs are great. Use them. The good ones are way more trustworthy than your dodgy local coffeeshop WiFi network, but they offer zero anonymity.
4. Use zero-knowledge services
Google can read every email you send and receive. Office 365 scans everything you write. DropBox opens and examines everything you upload. All three companies — among many others — are PRISM providers, per the Snowden documents, meaning they cooperate with mass surveillance programs. If Google can see it, so can folks in Washington. You have no privacy on any of these services.
Of course, you could encrypt everything before using Gmail or before uploading your vacation photos to DropBox. If you care about privacy, and can figure out how to use PGP, you probably should. On the other hand, though, you could also choose to use service providers that advertise zero-knowledge file storage.
While you can never fully trust that a service provider hasn’t been backdoored, DropBox-alternative SpiderOak, based in the U.S., advertises zero-knowledge file storage. Protonmail, based in Switzerland, advertises zero-knowledge email and claims that it’s mathematically impossible for them to hand over your email to a third party.
We don’t endorse any of these providers, and you should do your homework before entrusting anything important to them. However, the field of zero-knowledge file storage is an encouraging sign, and one worth keeping an eye on.
5. Be careful what you post online
Privacy is about autonomy, the notion that you choose to share what you want to share and to keep private what you
want to keep private. If there’s something going on in your life you don’t want the entire world to know about, then posting about it on social media — for the entire world to see — may, ergo, not be the best idea.
There’s a striking generational gap on this topic. Older generations cringe at the idea of airing their dirty laundry in public, while the generation that grew up with a cell phone welded to their palm thinks over-sharing is normal. There’s a time and place for everything. Deliberate sharing of things you want to the world to see clearly has value.
Consider also that sharing a particular detail about your life may not appear sensitive on its own but taken in aggregate with many other shared personal details can build up a picture that you might hesitate to put onto a hostile internet.
Publishing on social media today is more permanent than chiseling hieroglyphics in stone. Take a step back and consider the whole picture of what you’re sharing.
6. Check those app permissions
Mobile apps, for both iOS and Android, tend to request way more permissions than they actually need and are frequently caught extracting personal details from users’ phones and transmitting those details back to the app maker in highly inappropriate ways.
Does that random app really need access to your microphone? (What for? Is it going to record everything you say?) What about your location? (Why? Is it going to track your location?) Your address book? (Does that app really need to know who all your friends are? What for?)
Neither Android nor iOS make it especially easy to do so, but dig through your settings and turn off unneeded permissions with extreme prejudice.
7. Use an ad blocker
In the olden days of glorious yore, advertisements were a one-to-many broadcast. An advertisement today bears no relationship to your grandpa’s ads. Now one-to-one advertising networks watch you to better target ads at you.
Tracking your every move online and, increasingly, in meatspace, is the business model of huge chunks of Silicon Valley. Google and Facebook are two of the largest players in this space, and they track you all across the web and into meatspace, even if you don’t have an account with either (though most of us do), and even if you aren’t logged in.
Installing an ad blocker is no magic cure, but a paper-mache sword is better than nothing at all when the enemy hordes invade. The Brave Browser blocks ads and trackers by default. AdBlock has a good reputation, and other extensions are worth exploring, such as the Electronic Frontier Foundation’s excellent Privacy Badger extension. You can also sinkhole ad network DNS requests at your local router level.
8. Dump your home assistant
If you value your privacy and anonymity, for the love of the dogs chuck your home assistant (Amazon Echo, Google Home, etc.) and your snitch-in-a-box (Amazon Ring) into the trash. These always-on digital snoops are poisonous to privacy and anonymity, and there is no meaningful way to make them less privacy-invasive.
Ubiquitous deployment of such “assistants” makes clear the collective action problem: It doesn’t matter if you choose not to purchase and install one of these devices. If all your neighbors own them and use them, then your privacy is toast. If everyone else in your neighborhood has a Ring recording everything that happens, then your movements in meatspace will also be recorded and tracked.
The technical tips we’ve provided here offer little more than a band-aid on a gaping wound. Use them, but be under no illusion that they will do much to protect your privacy.