The Edward Snowden expose on NSA surveillance may have been a shocker to many. But it was also expected that the big data companies collect from users was bound to be misused. Karthik Subramanian lists some ways people can anonymise their data online
Agreed, it is a bit disconcerting that Big Brother has access to our private data without our declaration of consent. But it does not come as a very big shock to those who have been following the patterns of data collection over the past decade, especially since the emergence of personal data-driven social networks.
Companies such as Google, Amazon, Apple, Facebook, Microsoft and Twitter have been benefiting commercially from the personal data we provide. That has always been the quid pro quo for using the bulk of those services for free. So if not government agencies like the NSA, advertisers and marketers have always had access to what we do online.
The struggle for online privacy has been going on for a long time now. San Francisco-based organisation Electronics Frontier Foundation (EFF) has been leading what it calls “the first line of defense for civil liberties online”.
Among its many projects is “HTTPS Everywhere” — a web browser extension for browsers Firefox and Chrome (currently in beta) that basically encrypts all data that a person might generate while browsing the web. The project is a collaboration between EFF and The Tor Project, another important tool that whistleblower groups like Wikileaks and human rights organisations use as a means of finding secure ways of using the web.
When one uses the Tor Network, the data is relayed and re-routed through a network of computers, voluntarily set up by users across the world, and the data encrypted repeatedly so that any investigating agency will find it hard to track down. The Tor Network is itself a short form for “The Onion Router”.
Jacob Applebaum, the most recognised spokesperson for the Tor Project, calls it a network that is privacy-protected by design rather than by policy. What he means is that unlike the social networks that collect personal data, and store and provide a privacy cover by way of promises made in their policy statement, the Tor network by design does not store any traffic or personal data.
There is a catch though. The Tor Network can be as much misused for underground activities such as child pornography as it could be used proactively for activities such as those by whistleblowers against corporates and governments. In a video interview available on YouTube, Jacob says he is aware of it but does not mind it as it gives everyone a fighting chance. He says “privacy by policy” boils down to trust. Trust that may have been already belied in the wake of the Snowden revelations.
Through the Tor Network and using the Tor Browser, it is possible for one to gain access to the “Deep Web,” which includes a lot of data not indexed by search engines like Google or Bing.
There are many solutions available to anonymise one's data online, including some obvious solutions. Akash Mahajan, a coordinator for Null, an open community for IT security experts, says that the “Off the Record” feature, available even on Google Chat, would help encrypt the chat in such a way that after some time nobody can retrieve the message. He adds a caveat: “Obviously if one of the parties decides to take a screenshot of what was being typed, then there is a problem.”
On possible measures to secure conversations, he suggests, “In the current scenario with NSA taps, etc., a privacy-conscious individual might use some type of open source chatting server (Jabber/XMPP based), set up on a secured server, login to it over TLS/SSL and also authenticate who the other person is. All this just to ensure that no one can read/intercept what might be typed over chat.”
Nitesh Betala, another member of the Null community, says people sometimes don't realise the risks involved even in every day computing. Something as routine as leaving their Wi-Fi routers switched on through the day could provide seasoned hackers a window of opportunity to break in and snoop on their personal data.