Want Online Privacy? Here’s How (Hint: Don’t Google!)

Expert advice on computer security best practices

Felicia King Photo credit: Andy Roesgen

Is there anything you can still do on your computer without Facebook or Google or the NSA looking over your shoulder?

Yes, indeed, contends Felicia King.

Two things you need to know about Felicia King: Those IT guys at your company who miraculously fix your computer? She trains their bosses. She’s president of Southeast Wisconsin’s Quality Plus Consulting, she does a weekly tech radio show BreakfastBytes on the local NPR station, and she’s considered a leading Midwest computer consultant.

And the other thing? She’s one of the few carbon-based life forms left on the planet who will never join Facebook or use Google.

That said, she knows you can’t live without your best friend’s second cousin’s wedding updates, and that Android phones, for example, are automatically tied to Google.

So, can you do anything on the Internet these days without Facebook, Google, the NSA, et al, watching what you do?

First, the phones:

Windows Phones can be encrypted, patched, and fire-walled with the right add-ons, says King, but “Android phones provided by cell phone providers are a security disaster.”

The exception, she says, is the Android “BlackPhone,” which still allows you to use Google and Facebook, but has security written into its core DNA.

A step up from BlackPhone is Cryptophone, used by law enforcement, government types, and serious security-minded company executives. It’s not cheap — around $3,500 — but it blocks “stingrays,” those cellphone tower-mimicking devices that scoop up bulk data of any phone within the stingray’s reach.

It was Cryptophone users who first identified the stingray phenomenon last summer. King calls law enforcement’s use of stingrays “downright evil, a direct violation of the Fourth Amendment.”

King herself is a member of many sites that are privately-run and operated — and are not housed in the United States. Some are free and open to the public, others are paid. She points to the uncensored sharing network, https://share.naturalnews.com, which she says is housed outside of government control and is a place where your identity is not being sold to anyone.

King says anyone who encrypts their iPhone, then puts all their stuff in the iCloud, is just defeating themselves. “Apple and everyone that has access to that data still has it, and that includes the government.”

Cloud backups are only viable, she says, if you own the encryption keys. At that point, the data is encrypted at the client side before it leaves your system, and the provider has no way to decrypt your data.

As for sites like Facebook and Google, yes, you can keep them out of your business — to a point.

Socializing Without Suspicion

Facebook, obviously, tracks you when you’re on it. But what are you allowing Facebook to put on your computer — cookies — and what cookies are you allowing all the other websites you surf to put on your computer that Facebook can track?

King is a big fan of the free website “Tails,” “for hardcore anonymity,” to clean up those cookies. “Every time you boot up (with Tails), you’re clean, there’s no history, nothing.” And the free “Cookie Wall” does the same.

Even easier to use, says King, are the cookie management tools called “IE Cookies View” and “Mozilla Cookies View,” offered by the company Nirsoft.net. The applications allow you to selectively delete cookies.

“Here’s what really sucks,” says King. “You’ve got these legitimate websites, that you go to frequently, and you want those cookies, those are OK, but you don’t want this other garbage. If you go to Firefox or Internet Explorer, and ‘say delete all my stuff,’ that’s a nuclear option, and that’s not all that great.”

As for social media in general, King says there is an entire world that’s disconnected from government-owned, -reported, and -controlled space. Some of it is run through private servers and is invitation-only.

King herself is a member of many sites that are privately-run and operated — and are not housed in the United States. Some are free and open to the public, others are paid. She points to the uncensored sharing network, https://share.naturalnews.com, which she says is housed outside of government control and is a place where your identity is not being sold to anyone.

King calls it a “welcome online sanctuary” from corporate-and-government controlled media, where the goal, she says, is to watch and/or exploit you.

(Facebook did not respond to WhoWhatWhy’s request for comment.)

Searching Un-Spied

King points out that for the longest time — until January of this year — many search engines used http for data communication, which allowed anyone with the ability to sniff the traffic between you and your destination to see everything you were searching.

But with https, the contents of the search are not visible, even if the destination still is. She recommends the plugin tool for Firefox called “HTTPS Everywhere,” “PrivacyBadger,” or “AdBlockPlus.”

In addition, she advises using a VPN service in a country where you are not a resident, a country that has no mandatory retention laws, and a country with a strong legal support of privacy. And check to see if the VPN company retains logs of activity. She recommends “VyprVPN” and “Hide.me.”

King recommends other simple things to her clients: The longer the password, the better. And don’t cross-purpose your devices. A computer or phone that’s just used for work or accounting purposes should stay that way. No writing personal emails or checking football scores or doing games on them, and vice versa.

Sadly, she says, you have to presume that US providers have a backdoor built into everything and that NSA or FBI can force them to do anything.

As for Google? Try getting into the habit of using alternate search engines like StartPage or DuckDuckGo, which don’t track your searches.

(When asked for a comment by WhoWhatWhy, the press office at Google responded, “We are unable to accommodate your request at this time.”)

Caring about Sharing

Like Google and Facebook, Dropbox is another popular website that has King shaking her head. The company’s “pathologically one-sided” user agreement means “that all Dropbox employees can look at your stuff. You better encrypt it before you upload.”

Better yet, she says, file-sharing companies such as Mega, Spider Oak, and Wuala have designed their systems from the ground up so that they don’t know what your files are, and cannot read them. If you lose your encryption key, says King, “tough noogies!” But not even the government will be able to look at your files.

The Retired Librarian

Plenty of King’s security-minded clients are in the business world, but one is a retired librarian in southeast Wisconsin. “Ellen” didn’t want us to use her last name, but she says she’s not paranoid. She says her only motivation for turning to King ten years ago was just feeling “overwhelmed by all the options” when it came to computer security.

Ellen has two user accounts, one for day-to-day use, and the second one for administrative access use, to download patches and security software.

She follows King’s advice to update her operating system every two weeks, which sometimes takes 45 minutes at a time.

“I guess I feel like it’s worth it, “ says Ellen. “It’s like oil changes on the car, and tune-ups on the furnace.”

Over time, Ellen has realized that the spying eyes of thieving hackers aren’t all that different from the prying eyes of corporate websites. Some of her software alerts her to malware that exposes her to both hackers and corporate eyes.

King recommends other simple things to her clients: The longer the password, the better. And don’t cross-purpose your devices. A computer or phone that’s just used for work or accounting purposes should stay that way. No writing personal emails or checking football scores or doing games on them, and vice versa.

King herself says she’s got “seven layers of stuff protecting me. It’s not because I think I’m Fort Knox or because the information I have is so wonderful, it’s because I don’t want my stuff to stop working!”

If it all feels a little depressing to be constantly on guard, King reminds us of something that you’ve probably heard before, but bears repeating: Facebook, Google, Dropbox, and their ilk are not “free.”

The price you pay is your identity.

Google, in particular, increasingly horrifies King.

“They used to have a mantra of ‘don’t be evil,’ but that has changed. It’s quite obvious they want to be Skynet (of ‘The Terminator’). They have their own military robots, and have stated that they desire to create a profile on every human.”

Felicia King doesn’t plan on being one of them.

Related front page panorama photo credit: Cloud Computing (Perspecsys Photos / www.perspecsys.com / Flickr)

Where else do you see journalism of this quality and value?

Please help us do more. Make a tax-deductible contribution now.

Our Comment Policy

Keep it civilized, keep it relevant, keep it clear, keep it short. Please do not post links or promotional material. We reserve the right to edit and to delete comments where necessary.

print

8 responses to “Want Online Privacy? Here’s How (Hint: Don’t Google!)”

  1. Ilya Geller says:

    The problem is SQL.

    SQL, Structured Query Language is a programming language designed for managing data held in relational database, and was intended to manipulate and retrieve the data. SQL structures EXTERNAL questions in the sense that it was designed to convert (in)correctly formulated EXTERNAL questions into the right ones.
    SQL works with (usually manually) structured data; where the structured data refers to information with a high – but never absolute! – degree of organization, such the database is easily searchable by simple, straightforward search engine.
    SQL structures queries which have nothing in common with the data itself! Actually SQL operates with EXTERNAL descriptions of the data – this is the reason why everybody on Internet collects all possible to the data EXTERNAL details. For instance, Google is interested to know the color of your socks because Google can sell that EXTERNAL detail to advertisers.

    I, however, discovered and patented how to structure any data without SQL, the queries – INTERNALLY: Language has its own INTERNAL parsing, indexing and statistics and can be structured INTERNALLY. (For more details please browse on my name ‘Ilya Geller’.)
    For instance, there are two sentences:
    a) ‘Pickwick!’
    b) ‘That, with the view just mentioned, this Association has taken into its serious consideration a proposal, emanating from the aforesaid, Samuel Pickwick, Esq., G.C.M.P.C., and three other Pickwickians hereinafter named, for forming a new branch of United Pickwickians, under the title of The Corresponding Society of the Pickwick Club.’
    Evidently, that the ‘ Pickwick’ has different importance into both sentences, in regard to extra information in both. This distinction is reflected as the phrases, which contain ‘Pickwick’, weights: the first has 1, the second – 0.11; the greater weight signifies stronger emotional ‘acuteness’; where the weight refers to the frequency that a phrase occurs in relation to other phrases.

    SQL cannot produce the above statistics – SQL is obsolete and out of business.
    I INTERNALLY structure data: being structured information, advertisements search for you by themselves, based on your profile of structured data, within your own computer; you stay absolutely passive, invisible on Internet, you only receive information, don’t search for it. That guarantees you 101% privacy.

    I killed the commercial motivation to spy on Internet. Google and all other search engines – Bing, Amazon, eBay, etc.- are over and dead.

    The Era of Absolute Privacy is coming!

  2. CB Terry says:

    While these tips are fairly good, some things confuse me.

    She recommends using a Windows phone? Seriously?
    And she doesn’t mention Custom ROMs for Android
    while specifically stating Carriers’ OS’s are terrible?

    Nor a mention of TOR & USB Bootable Security Distributions.
    The truth is that security is pretty complex; if you don’t
    know about many of the things in the article, trusting a
    one stop, turn key solution is foolish.

    • TheIsherClub says:

      @cbterry:disqus, Thank you for your comment.

      It gives me the chance to open a debate on how much “complex” security is.

      Firstly, I believe, when we refer to security in here, we are all talking about privacy protection.

    • TheIsherClub says:

      @CB Terry, thank you for your comment.

      It gives me the chance to contribute to the debate on how “complex” security is and how much it impacts our real life.

      First, I believe that when we refer to security here, we are actually talking about privacy protection.

      Second, what do we mean by protecting our privacy?

      I believe we mean we want to maintain the right to choose with whom and when we want to share information we possess.

      As William Shakespeare said, during our lives we play several “parts”: we have at least one public life, which defines the kind of information we want to share publicly; we have a professional life; we have a private life where we share different information with our inner circle; and we have one or more secret lives where we share certain other information with people who may be, or most of the time are not, part of our other lives.

      In view of this, what does it mean to protect our privacy? It means that what we say in one of our discrete “lives” stays within that sphere.

      Assuming that, obviously, we live all of these lives in this Internet era, how does this impact our day-to-day life?

      Well, we live with our family in one building, but we go to work in another building (most of us) and we have our affairs in another city.

      We keep things separate. Because if we use the same building for all purposes, we have family and affairs in the same neighbourhood, and so far and so forth, the ability to protect our privacy is compromised.

      That is why we have several e-mail addresses, too.

      Information is power and money.

      When we subscribe to an online service, we are giving out some of our information, and it is very difficult nowadays to guarantee that this online counterpart will not share this information with someone else.

      That being said, if we want to protect our “privacy” we need to keep things separate. This comes at a cost.

      There is no such a thing as a little more privacy in here, a little less privacy in there, because the Internet does not forget, and whatever information we put out there will stay there indefinitely.

      In other words, if we need to keep some information private for the duration of our lifetime, we’d better keep things separate. Otherwise, it is no different than posting everything for the public on Facebook.

      So I agree with @CB Terry when he says we can use USB-stick distribution for one time access to Internet, rather than trying to use a distro attempting to fit all our needs.

      It is similar to the question: is it better to rent a car when we go to meet our mistress in our own neighbourhood, or shall we use the family car?

      I also agree with @CB Terry in his doubts regarding Microsoft phones, for a range of reasons:

      1. Microsoft has stopped development of its mobile platform,

      2. Microsoft OS is a proprietary phone, we have no idea what it is inside.

      I personally though, disagree with the use of TOR, as we know by now that the biggest exit nodes are financed by the US government, and we know that by controlling the exit nodes, you can trace the actual users.

      Finally, I have reservations regarding particular solutions offered to protect the privacy of our phone conversations (BlackPhone and Cryptophone), although I may be biased, because I am focused on providing solutions to protect the privacy of individuals while they offer solutions to corporate users, for the following reasons:

      a. I do not trust anyone. As a consequence, I only trust open source community-developed software. While BlackPhone is open source, it is not community-developed, and Cryptophone is none of the above.

      b. As explained, there is a need to keep things separate. In my opinion, a secure phone should only do one thing: secure calls. If I allow it to place also non-secure phone calls (both of the proposed solutions do), if I allow it to surf the Internet or access other services, or even if I allow it to install new programs or updates, I am jeopardizing its ability to protect my privacy.

      c. They use servers–if not to exchange the keys, then to hold the OTA updates, to allow voice traffic, etc. They may be the most trustworthy people in the world, but if they use any kind of server whatsoever, my privacy is at risk. So, no thanks.

      Examples?

      Well, the last post on the Blackphone website discusses how smart they were on fixing a bug that was exposing all Android phones in receiving corrupted SMS messages. This bug has been out since, I think, 2008, and they fixed it in 2015. Seriously?

      My opinion is that such phones should not connect to a GSM network AT ALL!

      So, again, I agree with @cbterry:disqus when he discusses special open source community-developed distros developed with the specific idea in mind to provide the highest level of security in protecting the privacy of our calls, and that is exactly what we do.

    • CB Terry says:

      That.

  3. (Comment by @sm3ghead) Uninst fb.
    Or, disable cookies, install UBlock Origin for Firefox on PC; Crystal for IOS.

  4. Westcoastdeplorable says:

    https://www.ixquick.com is my search engine of choice because it doesn’t record your IP address! Another great idea is to download CCleaner from piriform.com The free version works just fine and it’s a great idea to run their software just before shutting down your PC because it removes all your history. Of course Malwarebytes has helped me remove unwanted viruses many times. Their free version works just fine, but the paid version will automatically scan your system at pre-set times convenient to you.
    Last piece of advice, Google is more evil than even Ms King describes and my advice is to stay away from Google itself and anything else they own, including the ever-popular youtube. If you must use any of their properties just make sure you don’t log in. Better not to even have a log in with them.

  5. blackdreamhunk says:

    thank you for the info

  6. icthelite says:

    With all the news about how easy it was to eavesdrop and track Hillary Clinton with her own email server one has to wonder why wasn’t she smart enough to know this was going on. I mean, she was part of this problem for awhile yet she sets up her own private email server and doesn’t have it encrypted?
    I have been looking for this information ever sense stories of how folks are so easily hacked through the social media sites.
    What I’m wondering now is what good does it do to have my computer encrypted if the people I contact do not have their computers encrypted also?

  7. Title

    […]usually posts some quite exciting stuff like this. If you are new to this site[…]