
Improve Your Privacy in the Age of Mass Surveillance - DyslexicAtheist
https://iotdarwinaward.com/post/improve-your-privacy-in-age-of-mass-surveillance/
======
blackbrokkoli
I like the article, but I wish the trend of presenting US-law as universal
standard would stop. IMO it would really help fighting the "well there's
nothing I can do anyways"-stance of many, many people (regarding their
rights).

Example: The german agency for loan credibiltiy (Schufa) got the hammer put
down on them a few years ago for using zip-codes in their credibility
calculation - it's not impossible to fight on a society-level, too, given said
society is motivated and informed!

~~~
greglindahl
"Redlining" is illegal in the USA, too:
[https://en.wikipedia.org/wiki/Redlining](https://en.wikipedia.org/wiki/Redlining)

~~~
blackbrokkoli
Interesting, I didn't know that!

I'm not an expert in any way so it was probably a bit inappropriate to just
assume what the author stated to be true - however, I don't want to focus on
the discussion whether, how and where Redlining is existing in the US, because
I notice this trend a lot.

Another, (hopefully less controversial) example:

Recently, I read an /r/askreddit thread titled "What sucks most about getting
old?"(paraphrasing here) and literally about _two third_ of the top level
answers were something along the lines of "how much medicare cost/ how you
can't have that much nice things because of doctor's appointments". Hint: It's
not getting old what sucks here and neither it have to be that way.

I'm not saying that other countries are flawless, or even that they're better,
but it's usually prefaced with "Well here in India" or "As a citizen of
Belgium" \- Americans just seem to assume their experience is valid for
everyone.

~~~
greglindahl
Well, people have been complaining about that continuously for the 30+ years
I've been on the Internet, so have fun complaining, but you're not going to
get anyone to change.

And it's clear from context: Almost everyone who does that is from the USA.

------
joering2
Few tricks to deal with those "if you have nothing to hide you shouldn't be
concerned about surveillance" folks:

1\. Tell them its not about hiding something, but its all about that you don't
have anything to share with them. If they argue against (why?), ask them their
favorite color and counter-argue trying to convince them to start liking some
other color instead. Hopefully eventually they see stupidity of such
discussion.

2\. If 1 doesn't work, then hand them over a piece of paper and pencil and
tell them to write their Gmail password. If they decline telling you "Well, I
don't want you to read my emails", quickly answer "wow, now I truly wonder
what you have to hide?!? What kind of emails are you sending and tho whom? I
mean if you have nothing to hide then you should be okay with me reading your
emails, no?".

3\. Finally, if 1 and 2 doesn't work, try a bathroom trick. Invite them over
for some cookout at your house with beer or wine. Keep pouring drink as much
as you can and keep them at least for an hour (watch movie, play some
boardgame, etc). Eventually they will have to use bathroom. Follow them on
their way and once they close the door, open them immediately before they have
a chance to lock it and tell them: "no, no, no, no! I don't close or lock
doors in my house! Look, I know you just going to pee, but still if you have
nothing to hide, you shouldn't be closing and locking doors after yourself,
don't you think so? Unless you know... you plan to build a bomb or answer some
jihadist emails in my bathroom, but you are not, right? So keep them wide open
please".

That's all I got. If someone has better ideas, please share!

~~~
wepple
Another one from a slightly different angle I use is:

Imagine we’re all having dinner, talking about a particular politician. We’re
sharing our thoughts and opinions, likes and dislikes. In a parallel universe,
we’re doing exactly the same, except the politician is sat at the table having
dinner with us.

Are we going to say the exact same things in both universes?

No, you’ll change your behavior when you know someone is watching. Even if you
have nothing at all to hide, knowing that you’re being monitored or observed
or that there’s even a remote chance it will come to light - you don’t act
with full autonomy.

That’s wildly dangerous in a democratic society.

(Rough translation of the idea of the panopticon)

------
ogennadi
> Maintaining many different personas over a long time can be psychologically
> taxing. Real spies have access to professionals helping to deal with the
> psychological issues that arise from compartmentalization.

> All this begs the question if privacy invasive tech itself is changing us
> for the worse and making us sick? Either we get sick by it’s potential for
> psychological addiction or we get sick from trying to outsmart the privacy
> invasion. In any case it’s a game we can’t win unless we radically rethink
> our relationship to technology for work and play. If you have ideas, rants
> or raves I’d be thrilled to hear them.

~~~
acou_nPlusOne_t
I think over time we will have professional level ghost writting for our
social lives - including brands -like play like your pwediepie etc. Well
hiddden behind that brand noise of these chatbots/ outsourced workers will be
our actual social lifes.

------
mahmoudimus
This is a pretty great article. We do a lot of this as standard status quo at
my company ([https://verygoodsecurity.com](https://verygoodsecurity.com)) and
we're about to deploy a full suite of google pixelbooks as well as primary
computers instead of macs.

If there's more interest here, email me and I'll write up a lot of what we do
-- but this post is a great start! We are planning on open-sourcing a lot of
the tools that we built to achieve SOC2, PCI DSS, HIPAA, etc.

~~~
gustavmarwin
I'd love to read more on what you guys do!

The first question I would have would be: since you're about to be using
Pixelbooks, what happens if someday your Google login get disabled for some
random internal Google reason?

I'd love it actually if Pixelbooks could be de-googlized, or even better, if
Qubes-OS could run on Chromebooks. One can dream. :-)

~~~
gustavmarwin
Just to clarify: I know many things can be done once you put your Chromebook
in dev mode, however once in that mode, your Chromebook becomes a lot more
vulnerable. As opposed to on Android, where you can unlock without
compromising on security, particularly true on and only on Pixel phones, as
can be seen with CopperheadOS.

------
doodlebugging
>$> crontab -l # start /etc/host blocking blocking social media every morning
at 6 AM 0 6 * * 1-5 cd $HOME/src/host/ && /usr/bin/python ./updateHostFile.py
--auto --extension social porn gambling fakenews

># reset /etc/host to allow social media after 8 PM 0 20 * * 1-5 cd
$HOME/src/host/ && /usr/bin/python ./updateHostFile.py --auto --extension porn
gambling faknews

I think this cron job is probably broken if it depends on this exact script
working IRL.

The return to personal hours at 8 pm configuration has misspelled the
"fakenews" filter list. Surely this generates an error.

------
01001010
Uhm, "uBlock origin" appears to link to "uBlock" [1] rather than "uBlock
origin" [2]. I don't use Firefox myself, but aren't the two completely
unrelated? (I was under the impression that [1] was basically an unmaintained
hoax of [2]?)

Besides that, great article.

[1]: [https://www.ublock.org](https://www.ublock.org)

[2]: [https://github.com/gorhill/uBlock](https://github.com/gorhill/uBlock)

------
bo1024
I think it's really cool that this page exists, even if very, very few people
will follow all the advice.

As far as web browsing, I feel that blocking javascript is simpler and as
effective as many of these much more involved steps -- hosts files, pi-hole,
adnauseum, etc.

~~~
ballenf
Wouldn't the social media "like" buttons still transmit back your IP address
as the images are loaded?

~~~
mirimir
It's pretty easy to setup a bunch of pfSense VMs as gateways for various VPN
services. Then you can create nested VPN connections through local internal
networks. So each workspace VM is compartmentalized at both OS and networking
levels. IVPN published my how-to guides for that. They're a little out of
date, but the basic design still works well.

------
wepple
There are a few glaring flaws in this:

The section on 2FA goes on about SMS, which has a very increasing history of
being easily bypassed and is utterly terrible advice. You’re designating a
helpdesk operator on minimum wage at T-mobile as your root of trust, to defend
against number porting.

Also, if you’re this ultra paranoid you may want to reconsider using Firefox
-the last of all the major browsers to get a sandbox by a margin of years- to
defend you.

I like the idea of this article and think privacy & security are worthy
endeavors, but if you’re putting this much effort in, maybe it’s worth taking
a serious look at what precise threats you believe you have, then coming up
with the best solutions to those, rather than enabling a ton of stuff and
praying it all works.

~~~
wepple
I should add: 2FA is indeed one of the best forward movements security has had
in the last decade, it just SMS who’s time is limited: FIDO seems to be our
next best bet.

------
bogomipz
The article states:

"Another reason for taking this route is that extensions like TrackMeNot and
AdNauseum obfuscate your existing data-sets stored by third parties. Using
these extensions for a few months, we break Googles ability to understand and
monetize your data. Because by then you have created havoc in the data-set
they have. And the things they assume about you are invalid."

This is fascinating. Couldn't this technique of generating lots of random
noise if it gained wide spread adoption completely destroy the surveillance
business model?

------
trumped
> By default all DNS look-ups (that translate a human readable domain name to
> an IP address) are being conducted by the DNS servers of your ISP. I
> recommended you change this default behavior.

Even if your DNS servers are not your ISP's servers, your ISP will still know
which IP addresses you connect to... I don't see how this increases privacy if
you share it with a third party instead
([https://www.opennic.org/](https://www.opennic.org/) in his example).

~~~
jstarfish
IPs get shared/reused by multiple domain names. Knowing the specific domain
you went to is what betrays your intent.

------
lucb1e
I don't get this distrust of your ISP regarding DNS queries. They're one of
the few parties we're actually paying. I don't see anyone paying 8.8.8.8 or
most other alternatives people use. If we can't trust them, who the hell _are_
you going to trust?

------
neltnerb
I'm quite nervous about installing a dozen extensions... doesn't this slow
things down a lot? It feels like some of these things (uBlock Origin _AND_
AdNauseum) feel redundant. Are these things good or bad ideas if your goal is
both privacy and a reasonably snappy browser?

~~~
DavideNL
The problem is, installing all these kinds of extensions breaks all kinds of
things, some time in the future, when you've long forgotten everything you
installed/configured;

In theory i'd rather use Firefox over Safari. However in practise, a lot of
stuff doesn't work properly in Firefox - because of some extension or some
about:config setting i set after reading posts like this.

When that happens, i always revert to the trustworthy Safari which just always
works (...and has proper pinch-to-zoom, which in my opinion is a very basic
feature Firefox is lacking.)

~~~
ballenf
This is a valid point, perhaps more applicable to the parents or siblings we
try to protect, but still valid.

It would be nice if Firefox had a page that listed every setting that is
changed from a default value in one place. You'd still have to investigate
extensions separately, but at least all those obscure hidden settings you've
changed accessible and visible in one place.

~~~
thg
> It would be nice if Firefox had a page that listed every setting that is
> changed from a default value in one place.

On about:config, sort after the "Status" column. That'll give you a list of
all modified values.

------
mirimir
Comprehensive and excellent! And +10 for getting into compartmentalization.

------
KhayriRRW
Using pseudonyms and sockpuppets will highly probably get them all locked out
and suspended by social networks and internet services that have built strong
countermeasures against it.

~ Khayri R.R. Woulfe

~~~
dang
Please don't sign your comments. They're already signed with your username.
(This used to be in the site guidelines. Maybe we should put it back.)

[https://news.ycombinator.com/item?id=198817](https://news.ycombinator.com/item?id=198817)

[https://news.ycombinator.com/item?id=6531383](https://news.ycombinator.com/item?id=6531383)

[https://hn.algolia.com/?query=by:pg%20signing%20posts&sort=b...](https://hn.algolia.com/?query=by:pg%20signing%20posts&sort=byDate&dateRange=all&type=comment&storyText=false&prefix=false&page=0)

