SAN FRANCISCO — There are three simple steps you can take to limit what Google, the National Security Agency and other data-collecting entities can learn about you, computer-networking expert Lisa Lorenzin explained at the BSides SF hacker conference here yesterday (April 19).
“They’re easy to do,” Lorenzin said. “They don’t make your life complicated. Anyone can turn them on.”
The first, she said, is to use HTTPS Everywhere, a free browser plug-in from the Electronic Frontier Foundation that creates encrypted connections to any website that allows them. It runs in Google Chrome, Mozilla Firefox (including Firefox for Android) and Opera.
The second, Lorenzin explained, is to use the privacy-enhancing DuckDuckGo search engine instead of Google’s search engine.
“Stop giving Google this information,” she said. “If you’re not adding your data to their vast stores of collected information, then the government can’t be getting it from them.”
Users can’t be sure that DuckDuckGo won’t comply with a government request for information, Lorenzin said, but the company does state that it doesn’t keep logs of user searches, which is a start.
The third step is to use private-browsing mode.
“Every major browser has the option of incognito mode or private-browsing mode,” she said. “This isn’t going to protect you from someone watching you make these requests [online], but … it’s going to stop some of this information from being tied together in these databases.”
There are other steps that more technically minded Internet users can take, Lorenzin explained, ranging from using end-to-end-encrypted chat services such as Cryptocat to running your own email server, but the three first steps are something everyone should do, she said.
“How much you can do depends on how far you’re willing to go,” Lorenzin said. “These three things cost nothing. They’re not hard. Just do it.”
Lorenzin also said that everything any individual could do, whether easy or complicated, would address only bulk data collection, such as what the National Security Agency gets from intercepting search queries passing through overseas servers, or what the FBI gets after it presents an Internet service provider with a search order.
Targeted surveillance against predetermined individuals or organizations, in which the FBI or NSA will use hacker tools and tricks to gather data, are much more difficult to defend against.
“I want to make very, very clear that I am not talking about removing yourself from targeted surveillance,” she said. “Quite frankly, if they’re targeting you, then you’re f—ed.”
But, Lorenzin explained, trying to limit the amount of data available about yourself makes things less easy for the organizations mining the traffic sent across the Internet every day.
“I’m not trying to find a perfect solution,” she said. “I’m just trying to get better.”