
Edward Snowden Explains How to Reclaim Privacy - etiam
https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/
======
oneJob
"Edward Snowden Explains How to Fix the Internet"

Much love for Snowden. He is a personal hero of mine. I think he should be a
personal hero of yours. I think we should have statues of the guy.

Just as Snowden didn't want the story to be about him, to be a personality
piece, when he released the trove of information which shook the privacy world
to its core, I think he'd agree that any response to this new information
should not be focused on or directed toward what he personally endorses by
virtue of him as a 'personality'.

Unfortunately, the conversation has largely focused on the
technical/technology dimension, while the policy and political dimensions have
not seen the same engagement by their respective members. In fact, Snowden has
been used by political parties as a proxy piece in disagreements regarding
East-West relations. And if technology is the answer, then the general public,
almost by definition, does not have a place in the discussion.

~~~
bmelton
> I think we should have statues of the guy.

We sort of had at least one, but then the New York Parks Department covered it
up, and later removed it altogether.

There's a certain irony in the picture of it happening, wherein the state
worker steps on the eagle statue to put a muzzle over the Snowden statue.

[http://brokelyn.com/wp-content/uploads/2015/04/ed-snowden-
st...](http://brokelyn.com/wp-content/uploads/2015/04/ed-snowden-statue.jpg)

------
arm
Wholeheartedly agree with this section:

“ _Lee: Do you think people should use adblock software?

Snowden: Yes.

Everybody should be running adblock software, if only from a safety
perspective … We’ve seen internet providers like Comcast, AT&T, or whoever it
is, insert their own ads into your plaintext http connections. … As long as
service providers are serving ads with active content that require the use of
Javascript to display, that have some kind of active content like Flash
embedded in it, anything that can be a vector for attack in your web browser —
you should be actively trying to block these. Because if the service provider
is not working to protect the sanctity of the relationship between reader and
publisher, you have not just a right but a duty to take every effort to
protect yourself in response._”

Not even just ads being injected by ISPs, but even ads as they’re being used
by the website owners themselves (in general) are a vector for malware, as has
been shown time and time again¹.

――――――

¹ —
[https://news.ycombinator.com/item?id=10517932](https://news.ycombinator.com/item?id=10517932)

------
privacy101
What I don't get about Tor is that if your adversary can see all Internet
packets, all the time, wouldn't it be trivial for them to find the real source
and destination of a Tor packet using it's meta-data (size,timestamp,etc...)?
For example, a packet of size X was sent from host 1 to host 2 and immediately
after, a similarly sized packet was sent from host 2 to host 3, etc... I think
of Tor more like a tool to avoid a specific server from finding who you are,
and not the government.

~~~
hiq
There is always a trade-off between usability / efficiency and security, and
this trade-off has to take into account the attacker model.

Tor is a low-latency network by design, so right from the start it gives up
some security to be more usable instead. That probably still works against
many attackers, including some state agencies, although not the most powerful.

We should also keep the bigger picture in mind. Sure, if the NSA really wants
to know everything about you, it's going to keep a record of your outgoing
packets, and match it with packets from exit nodes to have all your metadata.
But how much is it going to cost? How does it scale? I think we can assume
that if everyone were to use Tor, mass surveillance would be at least far more
costly. Each new user adds noise in the correlation measures.

I can also argue that if you use Tor from your home or any location that is
associated to you in any way, you're not really trying to avoid target
surveillance by your government.

~~~
imglorp
It's everyone's civic duty to contribute to the noise and to increase the
expense to all state actors.

~~~
programmarchy
Is it also our civic duty to pay the taxes to these state actors? Asking
because this tactic seems a bit like striking at the branches, rather than the
root.

~~~
pdkl95
> rather than the root

So run for office. I would certainly vote for someone who was against this
crap.

> It's everyone's civic duty to contribute to the noise

That's a tactic. While it may be useful, a _strategy_ that works to gain
political influence is better in the long-run.

~~~
programmarchy
> So run for office.

No thanks. In my experience, participation inside the political machinery is a
waste of time, about as useful as joining the KKK to influence its members to
stop lynchings. I think non-violent direct action is a more effective
strategy.

~~~
pdkl95
I agree that direct action is almost certainly necessary (and likely to be
more effective). That's no reason not to pursue all options; working within
the system is can be done in parallel.

------
SimplyUseless
Summary of key discussions:

==========================

If you're just an average user concerned about your privacy

1) Use Tor when browsing.You don't have to use Tor all the time (it does slow
things down considerably and some sites will also block Tor traffic). But if
you are looking at or for something that you feel is sensitive, then either
set up your browser to work with Tor or use the Tor browser.

2) Use an ad-blocker. Says Snowden: "As long as service providers are serving
ads with active content that require the use of Javascript to display, that
have some kind of active content like Flash embedded in it, anything that can
be a vector for attack in your web browser – you should be actively trying to
block these."

3) Use a password manager. It doesn't matter how many surveys and reports come
out that tell people to use different passwords and complex passwords, a huge
percentage of us maintain borderline idiotic approaches. The simple answer is:
get a password manager. It will protect you.

4) Use two-factor authentication. Many services such as Gmail, Twitter,
Dropbox, Hotmail, and Facebook offer this now for no charge. So even if your
password does get exposed, you still have a backup such as a text message to
your phone to secure your information.

5) Use apps that protect your information. Snowden suggests the smartphone app
Signal, which encrypts both your phone calls and texts. It's free and easy to
use. Although of course, following a high-profile argument with the FBI, it
would appear that Apple's messaging service is also pretty secure (although
Snowden would probably have doubts).

6) Use the HTTPS Everywhere browser plug-in. This comes from the Electronic
Frontier Foundation (EFF) and will try to force all browser communication to
be encrypted.

7) Encrypt your hard drive. This is comparatively easy these days but you have
to be careful to do two things: one, have a longish phrase to make it
worthwhile; and two, make damn sure you remember that phrase. There will be a
slowdown in performance but nothing too bad if you have a modern machine.

8) Be smart with your security questions. Stop using your mother's maiden name
for everything. Likewise your first school. The key is to mix things up as
much as possible so if someone does get into one of your accounts, they can't
use the same information to get in everywhere else.

