
Ask HN: Since CitizenFour, have you changed the way you conduct yourself online? - webjames
Ask HN: Since watching CitizenFour, or previously reading about the widespread surveillance conducted by governments - what changes have you made to how you conduct your life online? Have you adopted any new practices, or stopped or started using any new services?<p>It would be interesting to see what effect this has had on how people, especially technically included people behave and conduct themselves online. This could include technical solutions you have adopted or might include how you use, or view services which you previously trusted with your data.<p>Myself, I have switched my email provider away from one of the &#x27;big three&#x27;. I have started taking an interest in more &#x27;usable&#x27; applications of encryption and have started talking to people about the ramifications of the information brought to light by Snowden and others.
======
vorce
I changed some stuff, but it was when the reports came, not because of the
movie.

My changes:

\- Don't use gmail for private email. Self hosted it instead.

\- Switched to Firefox (from Chrome), changed my addons (https everywhere,
privacy badger and mublock).

\- Deleted my facebook account.

\- Tried to get my friends to use a self-hosted irc server + mumble instead of
skype - but that didn't last for long sadly.

\- Changed from google to duckduckgo, but I'm constantly using the !g command
anyway.

Sigh. I don't think any of this matters much anyway.

~~~
Fizzadar
>> Sigh. I don't think any of this matters much anyway.

This is exactly how I feel. I've reached the point where I assume the majority
of my online communication is "public" \- and use alternatives only when
necessary to achieve (as close as possible) to true privacy.

------
mikegioia
My take on this problem is that most people here do in fact value their
privacy and the fight for privacy. That's why Snowden articles rampaged this
site for so long. However, the divide comes when the decision to actually
change behavior arises.

We know what we can do for better online privacy:

    
    
       - Use tor for all internet activity
       - Pay cash for everything; do not own any credit cards,
         or use a service like Blur
       - Bank only with banks that don't share our data
       - Don't use a modern smartphone
       - Use PGP for all email
    

The list goes on and on, but who here does any of these things? Who wants to
sacrifice the convenience of paying with a credit card online and managing
their banking with Mint? The threat of privacy violations is not real to many
people right now. They either can't or don't extrapolate the ramifications of
losing their privacy in the future, or don't weigh the imposing risk as high
enough to alter behavior.

Have I changed the way I conduct myself online? Absolutely. I do four of the
five things I listed above but I could _never_ imagine a small percentage, let
alone a vast majority of people implementing them in their day to day lives.
That's the core of the problem that we need to solve first.

~~~
robotkilla
I ditched my phone about a year ago. This works for me because I use hangouts
for all calls and texts, but I'm not sure if this actually gives me more
privacy - now I just have my communication routed through google instead of
verizon. Regardless I love that I ditched the phone. Beyond privacy, spyPhones
are a scam.

~~~
mod
They cost too much, and the privacy issues are obvious--but I really love my
phone. I don't even use the phone/sms options very much, what I really love is
the data service & "computer" and what it gives me.

Spotify in my car, gps/maps when I'm out of town, google results, HN,
etc...I'd miss it sorely if I ditched it.

I could spent a lot of time and/or money setting all of that up in "offline
mode," essentially. Mp3s, some map software, wikipedia offline...but in the
end, we really can't trust pretty much any of the hardware available, so it
might check in on every open network or something.

I'd totally splurge for an anonymous plan, with a trusted data provider, and
open hardware platform.

Note: I did go 3 months with no phone a couple of years ago while I lived in
Costa Rica--but I was either on my PC or at the beach. Never wanted a phone.

~~~
robotkilla
i was just as tethered to my phone until I got rid of it. The fact that I
don't leave the house much puts me at an advantage.

------
Joeboy
I've started to despair a bit more about both technological and political
solutions. I'm trying to adjust to the idea that nothing that happens online
is private, and real privacy requires something more like tradecraft than mass
adoption of encryption technologies.

~~~
webjames
Disempowerment is a common theme here - it is the case that the 'general
public' (read majority non-technical) are concerned about the current and
future ramifications of this surveillance but feel disempowered because of how
widespread it is, and i think this is because it is difficult to make
reasonable changes in the immediate term to effect anything. This is of course
excluding publicising/talking about the issues from a political point of view.

If telecoms company A proved to be betraying the trust of its customers,
customers might find it reasonable to move their custom to telecoms company B
- however the issue is that if both telecoms company A and B are both guilty
of surveillance there is no feasible choice for the consumer.

The same can be said about political parties. If all major political parties
support mass surveillance there is no viable alternative to support.

~~~
rubyfan
Interesting theme on despair. I think it goes a little deeper - perhaps people
feel disenfranchised by establishment politics as well. It gets worse if you
assume Teleco A-Z are always watching; you could go the Tor route or GPG or
Wickr or Telegram - but ultimately the level of espionage being carried out
and for so long makes you wonder if any of the privacy solutions are for real.
Sounds a bit paranoid but as we've seen the onion peeled back by Snowden it is
quite clear.

I can imagine some will feel censored to a degree. There is some stigma to
knowing about privacy and technology. Try talking to a lamen even casually and
you might as well be wearing a tin foil hat. Even @moxie's recent thread on HN
echoes that.

------
teekert
After reading Glenn Greenwald's book, I supported
[https://protonmail.ch/](https://protonmail.ch/), an encrypted email service
based in the EU (Switzerland -edit: no it is not, should have said "Europe"-).
It's currently in beta, I'm waiting for custom domain support and apps. The
complete focus on "but Americans are protected" as an excuse for the NSA
spying makes me actively seek out local services that are privacy aware. I use
Telegram with encrypted chats for many conversations now. I found this service
as an alternative to digital ocean: Transip.nl. I do wonder how my rights are
when I pick an Amsterdam based data center for my droplet though. I know MS
actively protected user data from Ireland which is good, whatever their
reasons are. I also switched to using mobile websites in mobile FF instead of
installing many intrusive apps. Mobile responsive website are often as good as
apps and better for sharing links.

~~~
schappim
Switzerland is not in the EU.

~~~
teekert
Correct. But at least it is "local" and not GCHQ/NSA oriented.

------
SCHiM
I've always browsed in a sandbox only, since the revelations however I also
bought a couple of vps and now tunnel my traffic through one of the servers.
This is a very cheap measure, 15$ a month, that probably increases your
privacy but also attracts more attention to yourself. A more inconspicuous
solution is probably a public vpn service, but those servers are not under
your control and you won't be able to make sure that the service does what the
advertisements promise.

I don't bother much with email encryption or pgp, I've written down email as a
loss in the privacy department and don't bother with trying/hoping my emails
are private. So my gmail/hotmail/yahoo inboxes are for fluffy stuff only that
doesn't really matter.

Mostly if I need to securely communicate with someone it will be on a private
irc server where everybody has his/her own certificates and I can check to see
if the server is untouched etc.

~~~
webjames
"NSA has VPNs in Vulcan death grip" [http://arstechnica.com/tech-
policy/2014/12/nsa-has-vpns-in-v...](http://arstechnica.com/tech-
policy/2014/12/nsa-has-vpns-in-vulcan-death-grip-no-really-thats-what-they-
call-it/)

This again leads to the disempowerment issue, each measure seems to have been
systematically either compromised or weakened. I look forward to new solutions
such as the Dark Mail Alliance. The issue i have is that any solution needs to
be very 'consumer friendly' as unless both parties are using a secure system
taking extra measures is almost pointless. eg. i take steps to chose an email
provider who doesn't share their data, or is outside of the NSA/GCHQ
jurisdiction but then i have to send an email to an @gmail address i know that
those steps i have taken are compromised by the other party.

~~~
SCHiM
Yes, that's exactly why I don't expect email to be secure!

Even if you were to completely own your own infrastructure for the first two
hops (your computer and router). And manage all those services yourself you'd
still be exposed the moment your email needed to be forwarded to a user who
hasn't gone through those steps.

As for the death grip. This is pure speculation on my part, but if they can
decrypt/de-cloak your traffic it's probably because they
hacked/infiltrated/bribed the services as opposed to breaking the crypto. So
here's me hoping that my setup is relatively safe even if it's not anonymous.

------
higherpurpose
I started using TextSecure with my closest friends, but not after the
documentary, after the first Snowden revelations.

I'm also very cautious about using non-HTTPS sites these days, or using sites
with broken HTTPS. I sent my bank an email about their poor HTTPS
configuration as well.

I also intend to use EFF's CA for all my future sites, regardless of what type
of site it is and whether it actually "needs" HTTPS or not.

I'm much more careful about what I share through Gmail/Hangouts. I use 2FA for
Gmail now, but I know it's useless against the NSA, because Google defaults to
SMS-based 2FA (and the wireless networks are completely owned by the NSA),
regardless of whether you chose SMS or Authenticator 2FA. It's mainly to
protect against other "regular" hackers.

I plan to start using FIDO-ready hardware tokens this year, and I won't change
my phone until the new ones have strong support for local fingerprint
recognition/FIDO.

I try to use as few Microsoft services as possible:
[http://www.theguardian.com/world/2013/jul/11/microsoft-
nsa-c...](http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-
collaboration-user-data).

I haven't managed to move off Windows yet, but I might in a few years time.
What most people don't realize is that Microsoft gives NSA "back doors" on a
daily basis. It's all the zero-day vulnerabilities they share with them
_months_ before Microsoft gets around to fixing them. That's time in which the
NSA can exploit those vulnerabilities. And now, unfortunately, Apple is going
to do the same (technicaly giving them to the DHS...but I think we all know
those are going to the NSA, too).

[http://bloomberg.com/news/2013-06-14/u-s-agencies-said-to-
sw...](http://bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-
with-thousands-of-firms.html)

~~~
webjames
I'm keeping my eye on EFF's developments on their CA.

It's hard to totally avoid Microsoft/Google etc absolutely, but by not buying
into them completely at least it's security through obscurity.

------
Theodores
_So a few people have moved to a few different services that provide more
privacy._

The truth is that the King has always been able to have anything intercepted
ever since the first letter was written. Way before 9/11 GCHQ/NSA had things
pretty covered and they certainly had capabilities to fully bug anyone of
actual interest. You know these people even have your school reports if they
want to dig back that far?

What has changed is that one can talk about security matters without sounding
like a conspiracy theorist. That is about it for me.

------
nitai
This is something I thought about it for a long time, too. I've been following
this for years and was always suspicious about all the "free" services and
what their motivation is behind it all.

Here is a list of apps/extensions I use:

\- Firefox with disconnect.me, HTTPS everywhere, Adblock.

\- Never EVER use Google for search. Always use DuckDuckGo.

\- Deleted my Facebook account. \- Never ever use Skype (I refuse anyone who
wants to use skype) There are other alternatives.

\- Whenever possible I use a VPN (mine it privateinternetaccess)

\- Never use any storage services like Dropbox, OneDrive, GDrive, etc.

Now that being said, I struggle with some "habits" and alternatives. These
are:

\- Google Apps, especially email. There is a reason why it works and so many
people use it. I've tried Thunderbird, Apple Mail, Airmail, Outlook, etc. But
somehow always go back to gmail :-(

On another note, I wonder what people use for an operating system?!?

I myself use MacOS X. I run many servers, all of them are Ubuntu Servers. I
love Linux. However for a desktop app, I need to be productive and fast. Every
time I want to switch to Linux I find some app that is not working and I need
to use a VM for that.

Is it even worth considering a switch of operating systems? Too paranoid?

------
geographomics
No, there's nothing I can do about it, and I'm highly unlikely to be a person
of interest under the mass surveillance programme, so why bother?

~~~
webjames
Glen Greenwald gave a TED talk about a similar point of view.
[http://www.ted.com/talks/glenn_greenwald_why_privacy_matters...](http://www.ted.com/talks/glenn_greenwald_why_privacy_matters?language=en)

~~~
geographomics
Glenn makes a compelling case, and I agree with him on most points, but this
false equivalency highlights the difference between the claimed and actual
risks of automated surveillance, to most people:

> _because I want to be able to just troll through what it is you 're doing
> online, read what I want to read and __publish whatever I find interesting_
> __

One thing the mass surveillance programme does not do is publish 'interesting'
personal data that passes through it. The risk of one's private communications
reaching a wider audience than, rarely, the occasional analyst (who is bound
by secrecy laws) is close to zero.

The vast majority of people are more at risk of having their laptops stolen,
accounts hacked/phished, online presence stalked, and so on by other members
of the public rather than the security services. It's much more important to
protect against that, than be disproportionately concerned about an invisible
omnipresence to which their everyday activities are a trifling insignificance.

------
arfliw
I don't think I've changed a single thing since Snowden first started leaking
stuff. That's not intentional and I'm not advocating that, I just haven't. I
don't want the government reading my shit but at the end of the day, I guess I
don't have anything I care about hiding enough to go to the trouble of hiding
it.

------
FLUX-YOU
\- I haven't changed anything about my habits. There's probably 10+ years of
stuff already available to them anyway. A change of habits is probably a
significant event when studying someone's timeline.

\- I did start looking into some ways to communicate more securely/anonymously
if I really needed to do that but I am not confident teaching others to do the
same (so talk in person with your phones in the fridge!).

\- I ordered a couple of Schneier books and the Glenn Greenwald book and I'm
going to try the Matasano challenges and start studying secure practices to
hopefully become a more security-minded developer.

\- I will probably not live in the USA for any longer than I have to, but I
need more skills and experience before I can really change countries but
frankly I have no idea where I would go that would be safe.

~~~
mod
What's your goal in leaving the USA?

Your rights are more likely to be infringed by the NSA--you're not "protected
as an American" to whatever extent that remains or might be reinstated.

If it's for privacy--you'll have less of it.

------
iterationx
I started using Twister over Twitter.

~~~
danieldk
I though you were joking until I searched it:

[http://twister.net.co/](http://twister.net.co/)

Do you know anything about the number of users?

~~~
iterationx
There's interesting people on there, but I couldn't tell you how many.

------
searanger
[http://www.pbs.org/wgbh/pages/frontline/united-states-of-
sec...](http://www.pbs.org/wgbh/pages/frontline/united-states-of-
secrets/#united-states-of-secrets-\(part-one\)) and part two and citizenfour
are all must watch... from some of the comments many have not seen all of
these.

------
searanger
No I have not changed a thing. I've always assumed that they were watching
everything. Why else would cell phone providers suddenly not charge for
services like gps? Or the fact that Microsoft lost its monopoly case against
Netscape. How is providing something free a monopoly case? It doesn't exist to
protect businesses.

------
ncza
I use Tor and block third party requests by default for my random browsing.
It's good enough.

------
sonium
I started using MEGAsync instead of Dropbox. As a non-american I think this is
one of the few ways I might be able to change things. Maybe the recent
pressure from payment processors means that it works?

------
locusm
Depends who is asking.

~~~
hachre
haha!!!

------
aburan28
I changed my habits long before CitizenFour when I discovered hadoop/big data
and zeroday exploits

------
nathanb
The biggest change I made is not talking online about how I protect myself
from surveillance. This thread is probably innocuous. But if I were watching
one of you already, I would be very interested in hearing what you had to say
about how you protect yourself, particularly if you did me the favor of
analyzing its weak points for me.

------
JanezStupar
I live under assumption that what has been uncovered by Snowden is true since
the early 2000's.

I assume that for the last ten years all my online identities are pseudo-
anonymous in the very best case and that all my communications meta data and
content is logged and has been, is or is going to be scrutinized by TPTB. And
that should anyone be interested, my full profile along with all my social
network is or can be made available.

------
icantthinkofone
No. I have no need to. There are better things to do with my time.

It's like saying I won't drive my car on the street because the police are
watching you. But the police are looking for bad guys, not me. I'm not a bad
guy.

I see so many people trying to block the police from doing their work finding
bad guys. They don't want road checks for drunk drivers but then complain when
a drunk driver kills someone. They don't want license plate scans for
criminals and drug trafficking yet complain when they aren't caught.

They don't want the NSA scanning internet traffic and email yet complain they
didn't catch the Boston bombers and others ahead of time while actively
protesting the same thing.

I fear people like Snowden more than anything else.

~~~
mikegioia

        They don't want road checks for drunk drivers but then
        complain when a drunk driver kills someone. They don't
        want license plate scans for criminals and drug trafficking
        yet complain when they aren't caught.
    

I think the problem here is not that people don't want police to do those
things, it's the belief that the power, once granted, will be abused. Drunk
driving checks to catch drunk drivers are a good thing, but what about when a
cop forces you out of your car because he didn't like your attitude? License
plate scans are also good for catching criminals, but what about if the police
store the data forever and tie it to personal IDs of people? Would you want
the police to have a record forever of everywhere you've gone?

This is the problem with saying you have no need to. You assume you have
already thought of every possible case when in fact, that's impossible to do.
The most important part in the fight for personal privacy is in protecting the
freedoms we have from potential abuse.

~~~
icantthinkofone
You can come up with all kinds of "what ifs" while forgetting our (in the US)
system of checks and balances which protestors forget about and want to
circumvent by creating vigilante groups to take care of matters on their own.
Anything can be made open for abuse but you are assuming no one is watching
and will do nothing about it.

Funny. Just a few minutes ago, I was watching NBC News story about the 3
teenage kids who went to Syria on their own. The family lawyer complained
that, since the government is watching all the social media they posted on,
why didn't they alert the family so this could be stopped?

To which all of HN would reply, "But ... but ..."

------
sebastianconcpt
Citizenfour is suspiciously well produced. And Edward Snowden is extremelly
good. This all is probably the stage in which we realise of this and all is
simply going according to the agenda.

"THE conscious and intelligent manipulation of the organized habits and
opinions of the masses is an important element in democratic society. Those
who manipulate this unseen mechanism of society consti- tute an invisible
government which is the true ruling power of our country. We are governed, our
minds are molded, our tastes formed, our ideas suggested, largely by men we
have never heard of. This is a logical result of the way in which our
democratic society is organized. Vast numbers of human beings must cooperate
in this manner if they are to live together as a smooth- ly functioning
society." ~ Edward L. Bernays, Propaganda (1928), Chapter 1 - Organizing the
Chaos

~~~
Joeboy
Is there a particular covert agenda that you see Citizenfour as promoting?

