Libertarian Web Admin: Property Rights vs. Privacy Rights

Facebooktwittergoogle_plusredditpinterestmail

Like many websites, Liberty Compass collects user data in the form of usage statistics and such.  Naturally, being a liberty-oriented website, the question of user privacy weighed heavily on the mind of the creator.

Initially, the method of choice for the collection of these statistics was the Google Analytics suite.  A recent email from a user offered up an alternative to the internet behemoth in the form of an open-source project called Piwik.  Delighted at the opportunity to do away with potentially privacy-compromising Google Analytics, I happily made the switch to Piwik.  In the ensuing email exchange, the more general topic of user tracking and privacy emerged.

As the reader is most likely aware, there are web browser add-ons designed to detect and block potentially privacy-compromising elements of web pages.  As it turns out, defeating most, if not all, of these add-ons from a web admin perspective is a trivial matter.  In other words, with a few simple changes, the admin can continue to track users even if they are using such privacy add-ons.  This came as quite a surprise to me, as I’m an intermediate web designer at best and a novice in the arena of privacy-conscious web design.  The revelation led me to the following dilemma: Whose rights prevail?  My property rights, as the website owner, or the user’s right to privacy?

My initial reaction was to err on the side of privacy.  After all, this whole question arose from the quest to protect the privacy of the users.  It felt unethical to circumvent the efforts of users who had gone to the trouble to protect their online privacy by using these browser add-ons.  I was already crafting a reply email explaining this gut reaction when it occurred to me that this is my website.  It is my property.  I have the best, most legitimate claim to its use and configuration.  It turns out that I want to have accurate statistical data pertaining to my website.

By way of an analogy, albeit a somewhat silly one, let us suppose that I were running a bakery on main street which was open to the public.  Suppose further that a subset of my customer base came in to the bakery wearing wide-brimmed hats in order to provide anonymity from my security cameras.  If I made an adjustment to my security cameras that enabled hat-penetrating x-ray mode, have I done anything unethical?  There is a sign on the front door clearly stating that I conduct video surveillance.  Perhaps it doesn’t say that I’m really good at it, but the sign is there nonetheless.  I would maintain that, as the property owner, it is my natural right to conduct my affairs on my property in the manner in which I see fit.

In the end, I made the changes to the website tracker and updated the privacy policy.  This is not to say that I don’t care about user privacy.  I only collect anonymous data, I don’t share, sell, or rent the data to third parties, and I’ve taken steps to eliminate third party content which may be tracking users, where feasible.  Just know that the reassuring little zero displayed on your privacy add-on may not be telling you the whole story, as I am.

Facebooktwittergoogle_plusredditpinterestmail

Privacy for the Wary Patriot

Facebooktwittergoogle_plusredditpinterestmail

In the age of warrantless mass surveillance, I feel that I not only have a right, but also a duty to defend my privacy against warrantless search and seizure.  I believe that a right that is not exercised is a right which has been lost.  Further, I reject the notion that one who has nothing to hide has nothing to fear.  When I read the text of the the fourth amendment to the United States Constitution, it is abundantly clear that no law, court decision, or insubstantial threat of terror justifies such surveillance.  Leaving aside the fact that the federal government claims monopoly power over decisions of Constitutionality, the unbiased mind must surely concede that such surveillance is a violation of the Constitution.  It is with great self-control that I resist a tenth amendment rant at this juncture.

Given that this warrantless surveillance is being perpetrated upon the people and that the protections afforded by the Constitution have heretofore proven inadequate to stem the tide of unconstitutional search and seizure, the duty to defend this fundamental human right has fallen upon the citizenry.  There are a few subsets of the American people who have sworn an oath to defend the Constitution: chiefly, the military and the political class.  It pains me to admit that it is from these oath-bound Americans that these egregious violations have originated, the latter more so than the former.  I regard it as my duty to make it as difficult as reasonably possible to become a victim of this violation of my fourth amendment rights.  This is why I regularly employ the free and platform independent methods that follow.

Web Browsing: Assume that all of your web browsing is being monitored.

The TOR Project offers a powerful browser bundle which allows users to browse the web anonymously from any platform.  It is a wonderful resource for individuals, journalists, activists, and more.  Just download and go.

The Electronic Frontier Foundation (EFF) has released Privacy Badger, a browser add-on that “stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.”  There is really no reason not to add this to your favorite everyday web browser.

Dynamic content in webpages can add depth and functionality previously unheard of, however there are security risks.  Flash and Java are notoriously vulnerable.  I strongly advise using browser settings or addons in order to make flash and java plugin content “click to play.”

Email: Assume that all of your email is being monitored.

I recently began using ProtonMail, a free, encrypted, web-based email provider based in Switzerland.  It has been built from the ground up with privacy and security as its top priorities.  ProtonMail is relatively new and doesn’t offer all of the convenience of major free email providers.  Even so, I’m attracted to it because of the vision of the project and the unique privacy features that it offers.  But at least they are unable to read your email, unlike those convenient competitors.  Nearly any platform which supports web browsing can support ProtonMail.  Smartphone apps are available for iOS and Android.

Another alternative is Pretty Good Privacy (PGP).  Specifically, GNU Privacy Guard (GPG) is the PGP implementation that I use.  PGP can not only be used to encrypt data and communications so that they are secure from prying eyes, but it also provides a mechanism to sign data and communications so that you can be sure that a file or an email really came from the party from which it appears to have come.  Like the above, free PGP implementations can be found for nearly any platform.

File and Cloud Storage: Assume that everything stored in the cloud is being monitored.

Anything that I store in the cloud that I don’t consider public is encrypted.  My current favorite file encryption platform is VeraCrypt, the successor to the now defunct TrueCrypt.  It offers up to three different layered encryption schemes and a selection of different hashing algorithms.  Sensitive data that I want to keep backed up in the cloud (on multiple cloud providers) is encrypted with this free, cross-platform tool.

Passwords and User Names: Assume that any of them can be compromised.

A critical mistake that many people make is to use the same user name and password combination for everything that they use.  A chain being only as strong as its weakest link, if one password is compromised, then they all are.  Always use a different user name and password combination for everything.

A password manager provides the convenience of needing to remember only one password while granting the security benefit of having unique user names and passwords for everything else.  I employ KeePass Password Safe to store all of my unique user names and passwords.  KeePass saves all of your user names and passwords in an encrypted database.  Save this database inside of a VeraCrypt container for extra protection.

Additionally, KeePass offers a password generator that can generate customizable random combinations of characters.  If a web site allows a 20 character password comprised of upper and lower case letters, numbers, and special characters, KeePass can generate random passwords for that.  12 character max length alpha numeric?  KeePass has you covered.  I set the password generator to the maximum allowable length and whatever character set is supported.  This feature-rich password manager provides expiration timers to help to remind you to change your passwords regularly, folders to organize passwords, and more.

Text and Instant Messaging: Assume that all of your text and instant messages are being monitored.

I like Telegram Messenger.  It requires practically no setup and provides secure, end-to-end encryption.  Telegram is free and available for all mobile devices and computer operating systems.  It supports both individual and group chats and has a beautifully simple user interface.  It has come to my attention that Telegram “rolls their own encryption,” which is a terrible idea.  I switched to WhatsApp until Facebook, their parent company, decided to share WhatsApp user data with the Facebook family of companies.  See the last paragraph of this official WhatsApp FAQ page.  I’ve since switched to Signal.  Endorsed by Edward Snowden and others, it seems to be the gold standard of private, encrypted instant messaging.

In Conclusion: We all have a Constitutionally protected right to privacy.  It is the individual’s choice whether this right is exercised and protected or forgotten and lost.  Of course, it doesn’t hurt that these practices also help make you a harder target for credit and identity theft.  A few small changes to your online routine can yield big dividends in terms of online security and privacy.

Further Reading: I recommend looking through EFF’s Surveillance Self-Defense pages for additional guides and information.

Facebooktwittergoogle_plusredditpinterestmail

FBI Wants Backdoor in Encryption Because ISIS? Nope.

Facebooktwittergoogle_plusredditpinterestmail

As we continue to hear that the FBI wants to sabotage encryption, the latest given reason being ISIS, we should keep sight of a few facts.  The terrorists don’t hate America for its freedom.  The hatred and terror attacks are blowback from Washington’s Middle East policy.  In order to mitigate this threat, might it not be prudent to begin with ceasing to make the problem worse?

In order to mitigate the ISIS threat, we should look not at weakening encryption, but at the toxic foreign policy being perpetrated around the world.  As the US and its allies continue to rack up civilian casualties from airstrikes, (see this, this, and this just in the past few days) continue to maintain troop presence, and continue economic sanctions in the region, it is no wonder that Washington is the object of so much Middle Eastern animosity.  As the younger generation grows under hardship and heartache, their attitudes toward the West are all but assured.  Stopping all of this would prove to be a great first step in mending the widening rift.

Should FBI Director James Comey be successful in getting his wish for an encryption backdoor, that would pose an enormous risk to companies and individuals who would then be using flawed encryption products.  Not only must we guard against the run of the mill hacker, let’s not forget that we live in a time of state-sponsored hacking.  As the recent OPM data breach reminds us, we’ve got our hands plenty full without intentionally poking holes in the security products that we use.  Regardless, should the backdoor come to pass, what’s to stop our adversaries from using an encryption scheme that hasn’t been compromised?  Washington would have a hard time convincing the likes of Russia and China to go along with Comey’s scheme.

Startlingly, it has been suggested that encryption be banned in the United States as a possible solution to the “problem” of use of encryption by ISIS.  I’m shocked that anyone would even suggest such a thing.  We already know that big brother is watching.  Frankly, what we know is probably only the tip of the iceberg.  Pile on top of that risks of credit and identity theft and a host of others and the result is a pretty bleak picture in terms of protecting sensitive information.  Let’s not forget the daunting task of enforcing such a measure, which would fall on the people, be it in the form of taxes or in the form of higher consumer prices as technology companies are forced to carry out the fool’s errand.

Facebooktwittergoogle_plusredditpinterestmail