Privacy in practicse

18/06/2020

Do you have something to hide?

What we do on the Internet can be tracked more closely than ever before in human history. We voluntarily make our most private information available to large California companies, and with it, to the U.S. intelligence service. Google, Facebook, Twitter as well as Microsoft here are just a few examples of those companies.

The business model of these companies may surprise the uninitiated: after all, we don't pay anything for using Facebook, for example. However, Facebook turnover in 2019 was more than US $ 70 billion, and at least in the light of history, the trend doesn't seem to be changing. So these big corporations make their money with our data, so your previous faceposting or uploading an image to Instagram also makes money for Facebook. The earnings model is cleverly used to sell our data to advertisers and thereby generate a large turnover.

Privacy is your fundamental right!

In fact, it is even so serious that it was decided to write it down in the 1966 UN Declaration of Human Rights. It doesn't appear to have slowed down the IT giants. If you're more interested in this topic, it's a good idea to get started with that link.

So how do you protect yourself?

It seems that we are faced with a difficult task. We are like little figures, at the mercy of the huge Internet. However, there are several tools and means to improve privacy. Let's go through a few of them.

E-mail.

E-mail has been and unfortunately remains the default plain text because of the fact that it was used as a means of correspondence in academia between universities. When you send an email from Gmail to Outlook, the message goes online in plain language for anyone to read. When sending from a Gmail address to Gmail, Google's servers provide encryption, but there is no information about privacy protection.

An easy way to avoid using Google in email is with Protonmail. Protonmail operates in Switzerland and is therefore outside the scope of EU and US law. Messages sent between Protonmail accounts are automatically encrypted and the user does not even have to think about it. The service can also send an encrypted email to a "non-protonmail" user, in which case the message is encrypted and the password is delivered to the recipient separately to read the message.

A slightly more difficult way to encrypt your emails is PGP, but it again works with any email program and is the so-called standard for email encryption.

Search engines

"Search Google" or how did it go now? However, you don't always have to Google the information. Examples of privacy-sensitive search engines: duckduckgo and startpage. The great thing about Startpage is that it buys a search index from Google, so it gives you Google's accuracy in search results without sacrificing privacy.

However, don't get me wrong: Startpage does sell search results to advertisers. However, the search results sold are limited to selling "session-specific" search: That is, if the service sees you searching for jazz music, for example, it will sell that search information without knowing who was searching for it. Startpage also does not receive cookie information about the user, i.e. it is not possible to track users across sites the way Google does.
You can read more about this: https://www.startpage.com/en/privacy-policy/?t=default

But when I want to disappear completely on the internet ...

The complete destruction of the online presence is very difficult, almost impossible, and this already conflicts with the basic idea of the Internet as a network that unites humanity. However, there is Tails os, which is a completely bootable operating system that can be booted from a memory stick and yes, it is built for the above purpose. Tails, for example, is used by journalists around the world to protect their privacy against states. Edward Snowden also used tails os to leak information to reporters, so it's not a useless thing. By default, Tails protects its user identity and recycles all of its data over the Tor network.

There are also numerous VPN services that hide the IP address of the device you are using and encrypt the traffic, but these are paid services.

What exactly are we learning?

Privacy is not necessarily a memory of the old days; it takes little study and effort to achieve it. You should also keep in mind proportionality when considering privacy protection: It may not make sense to spend energy on the complete elimination of oneself from the internet if the goal is a normal and good quality life. However, it's also worth keeping in mind why big companies want our data so badly.

Unfortunately, there is no simple overarching solution and everyone must find their own way of working in the wonderful world of the Internet.

However, tools and knowledge are available. We at –°ybersecurityhouse want to help protect the privacy of our customers.

Best information security regards

Antti Silenius