In the age of warrantless mass surveillance, I feel that I not only have a right, but also a duty to defend my privacy against warrantless search and seizure. I believe that a right that is not exercised is a right which has been lost. Further, I reject the notion that one who has nothing to hide has nothing to fear. When I read the text of the the fourth amendment to the United States Constitution, it is abundantly clear that no law, court decision, or insubstantial threat of terror justifies such surveillance. Leaving aside the fact that the federal government claims monopoly power over decisions of Constitutionality, the unbiased mind must surely concede that such surveillance is a violation of the Constitution. It is with great self-control that I resist a tenth amendment rant at this juncture.
Given that this warrantless surveillance is being perpetrated upon the people and that the protections afforded by the Constitution have heretofore proven inadequate to stem the tide of unconstitutional search and seizure, the duty to defend this fundamental human right has fallen upon the citizenry. There are a few subsets of the American people who have sworn an oath to defend the Constitution: chiefly, the military and the political class. It pains me to admit that it is from these oath-bound Americans that these egregious violations have originated, the latter more so than the former. I regard it as my duty to make it as difficult as reasonably possible to become a victim of this violation of my fourth amendment rights. This is why I regularly employ the free and platform independent methods that follow.
Web Browsing: Assume that all of your web browsing is being monitored.
The TOR Project offers a powerful browser bundle which allows users to browse the web anonymously from any platform. It is a wonderful resource for individuals, journalists, activists, and more. Just download and go.
The Electronic Frontier Foundation (EFF) has released Privacy Badger, a browser add-on that “stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.” There is really no reason not to add this to your favorite everyday web browser.
Dynamic content in webpages can add depth and functionality previously unheard of, however there are security risks. Flash and Java are notoriously vulnerable. I strongly advise using browser settings or addons in order to make flash and java plugin content “click to play.”
Email: Assume that all of your email is being monitored.
I recently began using ProtonMail, a free, encrypted, web-based email provider based in Switzerland. It has been built from the ground up with privacy and security as its top priorities. ProtonMail is relatively new and doesn’t offer all of the convenience of major free email providers. Even so, I’m attracted to it because of the vision of the project and the unique privacy features that it offers. But at least they are unable to read your email, unlike those convenient competitors. Nearly any platform which supports web browsing can support ProtonMail. Smartphone apps are available for iOS and Android.
Another alternative is Pretty Good Privacy (PGP). Specifically, GNU Privacy Guard (GPG) is the PGP implementation that I use. PGP can not only be used to encrypt data and communications so that they are secure from prying eyes, but it also provides a mechanism to sign data and communications so that you can be sure that a file or an email really came from the party from which it appears to have come. Like the above, free PGP implementations can be found for nearly any platform.
File and Cloud Storage: Assume that everything stored in the cloud is being monitored.
Anything that I store in the cloud that I don’t consider public is encrypted. My current favorite file encryption platform is VeraCrypt, the successor to the now defunct TrueCrypt. It offers up to three different layered encryption schemes and a selection of different hashing algorithms. Sensitive data that I want to keep backed up in the cloud (on multiple cloud providers) is encrypted with this free, cross-platform tool.
Passwords and User Names: Assume that any of them can be compromised.
A critical mistake that many people make is to use the same user name and password combination for everything that they use. A chain being only as strong as its weakest link, if one password is compromised, then they all are. Always use a different user name and password combination for everything.
A password manager provides the convenience of needing to remember only one password while granting the security benefit of having unique user names and passwords for everything else. I employ KeePass Password Safe to store all of my unique user names and passwords. KeePass saves all of your user names and passwords in an encrypted database. Save this database inside of a VeraCrypt container for extra protection.
Additionally, KeePass offers a password generator that can generate customizable random combinations of characters. If a web site allows a 20 character password comprised of upper and lower case letters, numbers, and special characters, KeePass can generate random passwords for that. 12 character max length alpha numeric? KeePass has you covered. I set the password generator to the maximum allowable length and whatever character set is supported. This feature-rich password manager provides expiration timers to help to remind you to change your passwords regularly, folders to organize passwords, and more.
Text and Instant Messaging: Assume that all of your text and instant messages are being monitored.
I like Telegram Messenger. It requires practically no setup and provides secure, end-to-end encryption. Telegram is free and available for all mobile devices and computer operating systems. It supports both individual and group chats and has a beautifully simple user interface. It has come to my attention that Telegram “rolls their own encryption,” which is a terrible idea. I switched to WhatsApp until Facebook, their parent company, decided to share WhatsApp user data with the Facebook family of companies. See the last paragraph of this official WhatsApp FAQ page. I’ve since switched to Signal. Endorsed by Edward Snowden and others, it seems to be the gold standard of private, encrypted instant messaging.
In Conclusion: We all have a Constitutionally protected right to privacy. It is the individual’s choice whether this right is exercised and protected or forgotten and lost. Of course, it doesn’t hurt that these practices also help make you a harder target for credit and identity theft. A few small changes to your online routine can yield big dividends in terms of online security and privacy.
Further Reading: I recommend looking through EFF’s Surveillance Self-Defense pages for additional guides and information.