Menu
email provider final.jpg

Avoiding Online Surveillance: Tips & Tricks

Tactical Tech Team Jul 17, 2013

If you’re worried about the privacy of your online activities, be they website browsing, chats, voice calls, emails or cloud storage, there’s no need to fear. For several years, software developers and privacy advocates have been inventing new tools and tactics for ordinary citizens, journalists, activists and human rights defenders to secure their online activities and control the information they share.

No IT tool or resource is perfect, nor can they guarantee you 100 percent privacy or information security online. Furthermore, you should only use tools which correspond to your own analysis of which information you need to keep private, which varies from person to person. All the same, it is better to use free and open-source software tools, since their security credentials and weaknesses can be independently verified, and you can therefore rely on the technology itself, rather than just what the developer says, and while they may not guarantee perfect information security, they can make surveillance or invasion of privacy much more difficult.

The following is a short list of alternative tools and platforms that will help keep your private information more secure. We’ve also provided links to step-by-step hands-on guides for their installation and use, where possible.

Browser:

Mozilla Firefox – Secure Web Browser

Some popular browsers, such as Safari, or Internet Explorer, are not open-source, meaning that their code cannot be analyzed and the security they claim to offer can’t be independently verified. Other browsers that are partially open-source, such as Google Chrome, could still be used to gather information about your activities by linking them to your Google account.

Mozilla Firefox is a free, open-source web browser which was developed by a non-profit organization that has a commitment to protecting user privacy. Furthermore, its privacy features can be enhanced through a number of add-ons.

Tor Browser Bundle – Anonymous and Secure Web Browser

Whenever you visit a website or communicate (such as via email) through a web browser, traces of your activities are left behind in the form of your IP address, which is like the postal address of your computer, as well as through other means such as the cookies that may be sent to your browser. This means that many websites can track your visit and build a profile of you based on your activities.

If you want your browsing activities and location to be anonymized, we recommend you use Tor Browser. Tor is designed to increase the anonymity of your activities on the Internet. It disguises your identity and protects your online activities from many forms of Internet surveillance by directing your internet traffic through a network of proxies. Tor can also be used to bypass Internet filters.

Email Provider: RiseUp

Many commercial email providers, such as Google or Yahoo, collect a huge amount of user information that can be handed over to third parties such as advertising companies and governments. Furthermore, some do not offer users an encrypted connection (known as HTTPS or SSL) by default, meaning that emails are sent in ‘plain text’ are readable by malicious hackers, Internet Service Providers and others with access to the networks as they travel between users’ devices and the email provider’s servers.

Riseup is a collectively-run organization dedicated to providing private and secure email and hosting services for individuals and organizations committed to political and social justice.

Although Riseup is a secure email service managed by trustworthy advocates of Internet privacy and security, an unusual email service may attract unwarranted attention. It might make more sense in some situations to blend in by using a popular email service in your country. The goal is to make this decision without compromising your minimum security requirements.

Email Client: Mozilla Thunderbird with Enigmail and GPG

Mozilla Thunderbird is a free and open-source email client for receiving, sending and storing emails. You can manage multiple email accounts through a single program. Enigmail and GnuPG will give you access to authentication, digital signing and encryption to ensure the privacy and security of your email communication.

Online Collaboration: Crabgrass

Social networking sites and online collaboration platforms such as those provided by Facebook and Google are major sources of information for governments or other individuals engaging in large- or small-scale surveillance and intelligence gathering, which may invade your privacy.

Crabgrass is an online platform designed for social networking, group collaboration and network organizing. Its group collaboration tools include private wikis, task lists, a file repository, and decision making tools.

Search: DuckDuckGo

Many popular web search engines, such as Google or Bing, collect and aggregate data about your web searches and may pass them on to third parties. They may also link them to any other services you use from the same provider, such as your Google Mail, Google Plus, Microsoft Outlook or Skype accounts, creating a detailed profile of your online activities.

DuckDuckGo is a web search engine that does not pass on search requests to third parties or store any information about users.

Video Chat: Jitsi

Some voice and video chat services store logs of your calls and chats and may hand them over to third parties. In the case of Microsoft’s Skype, this has been a relatively regular practice.

Jitsi is a free, open-source software tool which allows for encrypted text chats with OTR form XMPP, Google Talk, Facebook, Yahoo, AIM, ICQ and many other accounts. Furthermore, it facilitates encrypted voice and video calls when using voice and video call accounts such as Google Talk.

Private Chat:

Adium and OTR

Adium is a free and open-source client that lets you organize and manage your different Instant Messaging (IM) accounts using a single interface. The Off-the-Record (OTR) plug-in designed for use with Pidgin ensures authenticated and secure communications between users that also use Off-the-Record plug-ins.

Pidgin and OTR

Many instant messaging service providers, such as Google (Gtalk), Facebook (Facebook Chat), Yahoo (Y! Messenger) and others store logs of your conversations with your contacts and could hand them over to third parties. It’s recommendable to use these chat accounts with an IM client that allows you to encrypt your chats, so that they can only be read by their intended recipients.

Pidgin is a free and open source client that lets you organize and manage your different IM accounts using a single interface. OTR plug-in designed for use with Pidgin ensures authenticated and secure communications between users that also use Off-the-Record plug-ins.

Private Chat – Mobile: Gibberbot

Gibberbot is a free and open-source application for Android devices, created by the Guardian Project, that lets you organize and manage your different IM accounts using a single interface. It uses OTR software that ensures authenticated and secure communications between clients including Gibberbot, ChatSecure, Jitsi and Pidgin. Gibberbot can also add a layer of anonymity and protect your communications from many forms of Internet surveillance by connecting through Orbot, which allows your smartphone’s internet traffic to be routed through the Tor network.

Private Call – Mobile:

RedPhone

Specifically targeted groups, such as human rights defenders, journalists and activists may be subjected to ‘tapping’ of their calls by adversaries with direct or indirect access to the cellular phone network.

RedPhone is a free and open-source software application that encrypts voice communication data sent between two devices that run this application. However, it also becomes easier to analyze the traffic it produces and trace it back to you through your mobile number. RedPhone uses a central server, which is a point of centralization and thus puts RedPhone in a powerful position (of having control over some of this data).

OStel.co

Open Secure Telephony Network (OSTN) and the server provided by the Guardian Project, ostel.co, currently offers one of the most secure means to communicate via voice when used with the CSipSimple app. When using CSipSimple, you never directly communicate with your communication partner. Instead all of your data is routed through the Ostel server. This makes it much harder to trace your data and find out who you are talking to. Additionally, Ostel doesn’t retain any of this data, except the account data that you need to log in.

A longer version of this article appears at alternatives.tacticaltech.org. For more resources, see securityinabox.org and myshadow.org/#.


For more surveillance state coverage, see:

As the NSA Follows You, We Follow the Money, by Emily Masters

Glenn Greenwald Reflects on Meeting Snowden, by Glenn Greenwald

Under the Gaze, by Nicholas Powers

New Poster Series: Edward Snowden, by the Indy Staff

For a PDF version of this issue, click here.