PC Security in the Prism Age

The lengths I go to protect my - and other people's - privacy

In the light of the Guardian's Prism coverage, I've been making some changes.

I've long suspected that the level of surveillance was something like that, but it's one thing to suspect, and another to see the evidence.

Combined with general hacking, PI snooping and press intrusions into privacy, I sometimes feel we might as well all walk around naked. Look, should I just save everyone some time and hand over my entire life history to some random journalist or government official? Maybe you'd like some measurements and naked pics while I'm at it?

Anyway. Some months ago I built myself a particularly restrictive firewall using Iptables. Or, as restrictive as is practical – major websites use so many different servers to dish up their content it's ridiculous. It's almost as if they want to destroy privacy, or something. I also have another, more advanced firewall in development that would somewhat fix the multi-server problem but I haven't had much time to work on it lately. Besides, every time I drill down into some aspect of IT, I seem to find some glaring security hole or other. I'm probably trying to build a fortress out of balsa wood. In the process of building my own firewall I discovered that the previous firewall I'd been using has what looks to me very much like a security flaw. It's a relatively well-known firewall, too (though currently considered obsolete, so probably no need for anyone to panic). If I get round to properly testing it, I'll try to do something about it. Then there's that possible rendering error in Firefox I've been meaning to investigate.

I've also added extra code to various programs I use so they can use secure variants of FTP, and ensured my email client is using encrypted transmission. With large-scale internet snooping via major internet companies now confirmed, use of the Google Analytics web tracker conflicts with my pro-privacy stance – so I've removed it from this site. Unfortunately, that leaves the comment system and search bar, which conflict with both a privacy stance and an anti-client-side-webscripting stance. Ah well. It would be a bit unreasonable to expect me to write my own alternatives, wouldn't it? Use of NoScript should disable any tracking possible via those methods anyway.

Given the increasing effectiveness of brute-forcing methods, I've also had one of my periodic change-all-the-passwords! moments. Passwords for web access, FTP, email, SSH, etc, all changed to random strings and known only to me.

I also finally got round to setting up Tor again, so I can browse around without revealing my real IP address – at least to website owners, anyway. I have a strong suspicion it doesn't stop the NSA (and it appears that to some extent I share this opinion with computer security experts). When I first researched Tor some years ago, it seemed to me that an ideal strategy for an intelligence service to adopt in defeating the privacy it offered would be to set up their own Tor nodes. Perhaps we have the NSA to thank for Tor connections being so much faster these days compared to the early years. I should probably think about setting up PGP for emails, though no-one ever emails me, so perhaps that would be a waste of time.

One thing that strikes me about all this is that when it comes to IT, it's not at all easy to protect your privacy. I find it's time-consuming and requires a bit of thought and learning, and I'm not a total noob in these matters. Remember, too, that this is just one more layer of security/privacy measures I've taken (see this article for an example of how much time and thought I put into these things) – the time taken to acquire and apply the totality of this knowledge must act as a quite a barrier for someone who doesn't take much of an interest in computers.

Popping on my devil's advocate hat and robes for a moment, doesn't it seem a little unfair that the computer geeks* should have a natural privacy advantage over the non-geeks? It's strange, too, as back in the good old days of the internet people with IT knowledge seemed almost to be in competition with each other to pour good quality information into the public domain. These days, there seems to be a lot more of the slightly trickier, reserved, less helpful approach more common to, well, just about every other field of expertise.

*And people who can afford to buy good quality IT expertise, of course.

Image credit