Post Snowden/NSA leaks - what have you done?
Post Snowden and NSA leaks we know we live in a world where computing paranoia is potentially very justified. What computing, internet and security habits have you changed?
I've found this really difficult, the cloud has made our computing needs so simple and convenient. I'm appalled by the information we have learned about the NSA, GCHQ and presumably many other governments being as much a part of the threat landscape as malware and hacking. It's taken me a few weeks to think through what I would like to do and the implications. For example it means a change in backup and sharing documents strategies. I'll start with 1password as this is their forum but I hope it is ok to mention other changes and other people to list their changes.
1password - switched from Dropbox sync to a synced folder (on my Mac) and iTunes sharing. The new wifi sync is clunky, and I'm plugging my iPhone and iPad into iTunes anyway, see iCloud. Works great:-) Although I found it a pain to setup as I couldn't find the keychain or opvault file anywhere until I turned on Folder Sync.
iCloud - turned off nearly all iCloud sharing (contacts, calendar, documents, findmyiphone etc), only Photostream is left on as I share loads of pics with my family as we live overseas. Contacts, Calendar and any data are synced via iTunes. This was a pain to implement, you need to export data from the apps as vCards and calendar_export before turning off iCloud, not the archive formats which are tied into iCloud. I backed up then deleted all iCloud data in each and every app before turning each off.
Dropbox - is going to be deleted and replaced with either SpiderOak or Wuala, both of which allow client side encryption. Likely Wuala as they are based in Switzerland, Germany and France. I don't keep anything really sensitive in here but it is fine for sharing documents and as an offsite backup of less sensitive data.
Webhosting - I have a few domains all with email. I'm currently with Dreamhost but it is due for renewal soon so I will be looking to move to a Swiss based host, possibly infomaniak or hostpoint. Swiss? They seem to have the strictest data laws from what I can read.
Browser - I use Chrome, and will be sticking with it using encrypted sync data. Firefox is notionally an alternative but from hacking contest and security reviews I have seen it would appear that Chrome is the most secure, and there is no sync to a mobile browser. It's hard to find anything definitive on this so please don't flame if you love Firefox:-)
VPN - I signed up for Cloak a while back, and like it a lot. I run it at all times, even on trusted networks such as my home network.
Firewall - in addition to the OS X firewall I also installed Little Snitch. It's a bit of a pain to use, but has a good reputation for controlling internet connections.
Backup - in the end I don't think I have to change much. I use TimeMachine on my Mac as well as keeping an offsite SuperDuper clone. I backup 1Password and some other key data to my server, into encrypted DMG files, and have multiple offsite backups of the server. I don't encrypt any of my backups, apart from the sensitive data mentioned before, as it is just adding another potential difficulty during a backup restore and the backups are kept in a relatively secure location.
Additionally:
I have notified any of the above that I have stopped using their services and why.
Renewed my subscription to the Electronic Frontier Foundation.
Written to the UK prime minister and my local MP.
Singed a few of the relevant online petitions.
I spent a whole week trying to get linux running on my MBP but it is such a pain to install and maintain and it's missing killer apps like 1Password :-> that I have stuck with OS X. Linux can be done but for my needs is less convenient, so again if you love it, more power to you:-)
Keep reading on the subject.
I'm not sure how effective any of the above is, but I think I am taking steps in the right direction. It's not really tackling the root problem which is overstepping governments and I feel bad penalising good companies for their governments actions, but I feel it is the best way forward for my democratic freedoms and data security.
What do you think? What have you done?
Comments
-
1password - switched from Dropbox sync to a synced folder (on my Mac) and iTunes sharing. The new wifi sync is clunky,
1PW 4.0.3 from the Mac App Store and 4.3 on iOS devices. I'm loving what the 1PW team has cooked up for us. It's a fantastic release and I've found the WiFi Sync to be very easy to use. One just needs to be sure and have both devices on the exact same WiFi network. The ability to easily reset the sync password to reauthorize iOS devices is handy too. IMNSHO, the new WiFi sync is much less 'clunky' than iTunes Sync.
0 -
I just want to say a word about this:
Browser - I use Chrome, and will be sticking with it using encrypted sync data. Firefox is notionally an alternative but from hacking contest and security reviews I have seen it would appear that Chrome is the most secure, and there is no sync to a mobile browser. It's hard to find anything definitive on this so please don't flame if you love Firefox:-)
Chrome is probably a bit more secure from targeted hacking, but NSA generally doesn't do that unless you are a really juicy target. The problem with NSA is their dragnet and their ability to coax corporations to hand over data or even access to data.
Regarding the dragnet, both browsers are equally secure (actually, all of the normal browsers are equally insecure against that).
Regarding NSA's ability to get data from corporations, I'd say that because of Google's sync services built into Chrome and their general "want-to-collect-all-data" into their own data centres compared to none such in Mozilla's case I would actually prefer Firefox (or Opera) rather than Chrome in that instance.
As a footnote I'd mention my total and complete hypocrisy in this matter: I use three instances of Google Apps, I use Google Analytics, Adsense, used Reader and many other Google services. :)
0 -
@Niklas I know what you mean about Google, it is hard to avoid them as they have some great services.
0 -
anyone use TorBrowser?
0 -
@charlie98 I have TorBrowser on my iPad. My understanding of Tor is that it is good for anonymisation, but not necessarily more secure (if the exit node is compromised) and it is pretty slow so I hardly use it. Why do you ask?
0 -
I thought I would update my post as I've done a U-turn. I used this setup for about a week and carried on reading about and thinking about the implications. A few related things came into my thought space. First, a video with Larry Brilliant who runs Google.org. (Sorry I can't link as it is in the subscribers only area of http://singularityhub.com/) He talks a lot about openness and the benefits of massive and open data sets. Secondly was the new features of Apple iWork that allow realitime collaboration on a live document (rather than the usual locked approach of a document whilst one person is editing). Thirdly, a trip to the UK and chatting to loads of people, they just don't know much about this subject and/or don't care.
So what? I still believe Snowden is a hero and he has essentially given up his life to make us aware. I believe what the NSA and GCHQ have done, and continue to do, has severely overstepped the mark in many ways. But I no longer believe that locking everything down is the key.
My thinking now is that open data, open intellectual property, sharing and collaboration are better in general to move all our lives forward, both personally and in terms of dealing with some of the serious issues that our planet now faces. Opening up data and tools to everyone, to my way of thinking, redresses the balance against the NSA and other spy agencies. If we all have what they have then they have no power. And trying to protect data like social security numbers, date of birth, mothers maiden name, contact details, who I know etc etc is a waste of time, it's already out there to buy if you know where to look. Perhaps when more companies are aware that such data is commonly available they will stop relying on it as a method of security.
The genie is already out the bottle in many of these areas, and as uncomfortable as it is for us personally and in terms of running businesses, there is no going back. Society and work are changing. There are many benefits to moving forward openly. Essentially, Snowden has made me realise that we need to be more open in many areas. Good security using products like 1Password, VPNs and 2 factor authentication is still critical to our general online security against many threats but in terms of the paranoia against government that has turned out to be justified, we need to embrace it's revelations to defeat it and move forward. Hiding in a cave just doesn't help.
Just thought I would share that:-)
0 -
@MikeMcFarlane A financial advisor that I follow had mentioned that he used Tor as well as a number of other products in an effort to keep his information off the US government's radar. Given that there are some very detailed discussions about security and encryption in particular on this forum I was just curious. Personally I also found Tor to be slow so I questioned if anonymity was worth the response time hit and concluded it wasn't.
I disagree with the notion that Snowden is a hero. His was a political act that, while confirming our suspicions, will actually escalate worldwide cyber warfare technologies. In the US all you have to say is "national security" and everyone, courts and Congress included, accept the good intentions of the government. History will judge what those intentions really were, we simply have to carry on wondering with no resolution in sight. /end politics
0 -
ran across this today - Ten Steps You Can Take Right Now Against Internet Surveillance
Use Tor. "Tor Stinks", this slide leaked from GCHQ says. That shows much the intelligence services are worried about it. Tor is an the open source program that protects your anonymity online by shuffling your data through a global network of volunteer servers. If you install and use Tor, you can hide your origins from corporate and mass surveillance. You'll also be showing that Tor is used by everyone, not just the "terrorists" that GCHQ claims
0 -
Interesting article.
I've read of people running a VPN within a VPN then through TOR to get anonymity and security, and that was pre NSA. Where does it end?
0