Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Since CitizenFour, have you changed the way you conduct yourself online?
43 points by webjames on March 1, 2015 | hide | past | favorite | 64 comments
Ask HN: Since watching CitizenFour, or previously reading about the widespread surveillance conducted by governments - what changes have you made to how you conduct your life online? Have you adopted any new practices, or stopped or started using any new services?

It would be interesting to see what effect this has had on how people, especially technically included people behave and conduct themselves online. This could include technical solutions you have adopted or might include how you use, or view services which you previously trusted with your data.

Myself, I have switched my email provider away from one of the 'big three'. I have started taking an interest in more 'usable' applications of encryption and have started talking to people about the ramifications of the information brought to light by Snowden and others.




I changed some stuff, but it was when the reports came, not because of the movie.

My changes:

- Don't use gmail for private email. Self hosted it instead.

- Switched to Firefox (from Chrome), changed my addons (https everywhere, privacy badger and mublock).

- Deleted my facebook account.

- Tried to get my friends to use a self-hosted irc server + mumble instead of skype - but that didn't last for long sadly.

- Changed from google to duckduckgo, but I'm constantly using the !g command anyway.

Sigh. I don't think any of this matters much anyway.


>> Sigh. I don't think any of this matters much anyway.

This is exactly how I feel. I've reached the point where I assume the majority of my online communication is "public" - and use alternatives only when necessary to achieve (as close as possible) to true privacy.


I would add:

- Use TresorIt/SpiderOak/OwnCloud instead of Dropbox/Google Drive/One Drive.

- Use Tox in place of Skype (definitely hard, nobody is willing to switch away from the comfort of Skype).

- Consider using also Disconnect addon for Firefox.


Dispersing your activity around several different services is surely better than just using a one-stop-shop or all in one solution?


My take on this problem is that most people here do in fact value their privacy and the fight for privacy. That's why Snowden articles rampaged this site for so long. However, the divide comes when the decision to actually change behavior arises.

We know what we can do for better online privacy:

   - Use tor for all internet activity
   - Pay cash for everything; do not own any credit cards,
     or use a service like Blur
   - Bank only with banks that don't share our data
   - Don't use a modern smartphone
   - Use PGP for all email
The list goes on and on, but who here does any of these things? Who wants to sacrifice the convenience of paying with a credit card online and managing their banking with Mint? The threat of privacy violations is not real to many people right now. They either can't or don't extrapolate the ramifications of losing their privacy in the future, or don't weigh the imposing risk as high enough to alter behavior.

Have I changed the way I conduct myself online? Absolutely. I do four of the five things I listed above but I could never imagine a small percentage, let alone a vast majority of people implementing them in their day to day lives. That's the core of the problem that we need to solve first.


I ditched my phone about a year ago. This works for me because I use hangouts for all calls and texts, but I'm not sure if this actually gives me more privacy - now I just have my communication routed through google instead of verizon. Regardless I love that I ditched the phone. Beyond privacy, spyPhones are a scam.


They cost too much, and the privacy issues are obvious--but I really love my phone. I don't even use the phone/sms options very much, what I really love is the data service & "computer" and what it gives me.

Spotify in my car, gps/maps when I'm out of town, google results, HN, etc...I'd miss it sorely if I ditched it.

I could spent a lot of time and/or money setting all of that up in "offline mode," essentially. Mp3s, some map software, wikipedia offline...but in the end, we really can't trust pretty much any of the hardware available, so it might check in on every open network or something.

I'd totally splurge for an anonymous plan, with a trusted data provider, and open hardware platform.

Note: I did go 3 months with no phone a couple of years ago while I lived in Costa Rica--but I was either on my PC or at the beach. Never wanted a phone.


i was just as tethered to my phone until I got rid of it. The fact that I don't leave the house much puts me at an advantage.


If you don't carry around another radio enabled device then you have given yourself back a material amount of privacy as your physical movements around the world are harder to track.


This is true and was one of my motivating factors.


I've started to despair a bit more about both technological and political solutions. I'm trying to adjust to the idea that nothing that happens online is private, and real privacy requires something more like tradecraft than mass adoption of encryption technologies.


>>I've started to despair a bit more about both technological and political solutions.

Ditto the despair. I feel like I've been contributing to the construction of an oppressive pantheon, and there's nothing that can be done about it.

But then I see things like ipfs, and tor, and so on .. and somehow feel like there might be hope. But regardless of the technological solutions that are being proposed, we still need to reign in - and more importantly, make society more aware of the need to reign in - those who wish to oppress us all with technology. Its a daunting task, but the best thing I can possibly do is raise my sons to understand the need to understand things. Teach them cryptography. Save all the old machines for them, just in case. Impress upon them the importance of recognizing repression and fascism in the world today, and do what they can to stamp it out.

I'm also spending more time outside with them, enjoying the simple beauties of life. Its just as important as waiting for the keys to re-gen ..


Disempowerment is a common theme here - it is the case that the 'general public' (read majority non-technical) are concerned about the current and future ramifications of this surveillance but feel disempowered because of how widespread it is, and i think this is because it is difficult to make reasonable changes in the immediate term to effect anything. This is of course excluding publicising/talking about the issues from a political point of view.

If telecoms company A proved to be betraying the trust of its customers, customers might find it reasonable to move their custom to telecoms company B - however the issue is that if both telecoms company A and B are both guilty of surveillance there is no feasible choice for the consumer.

The same can be said about political parties. If all major political parties support mass surveillance there is no viable alternative to support.


Interesting theme on despair. I think it goes a little deeper - perhaps people feel disenfranchised by establishment politics as well. It gets worse if you assume Teleco A-Z are always watching; you could go the Tor route or GPG or Wickr or Telegram - but ultimately the level of espionage being carried out and for so long makes you wonder if any of the privacy solutions are for real. Sounds a bit paranoid but as we've seen the onion peeled back by Snowden it is quite clear.

I can imagine some will feel censored to a degree. There is some stigma to knowing about privacy and technology. Try talking to a lamen even casually and you might as well be wearing a tin foil hat. Even @moxie's recent thread on HN echoes that.


After reading Glenn Greenwald's book, I supported https://protonmail.ch/, an encrypted email service based in the EU (Switzerland -edit: no it is not, should have said "Europe"-). It's currently in beta, I'm waiting for custom domain support and apps. The complete focus on "but Americans are protected" as an excuse for the NSA spying makes me actively seek out local services that are privacy aware. I use Telegram with encrypted chats for many conversations now. I found this service as an alternative to digital ocean: Transip.nl. I do wonder how my rights are when I pick an Amsterdam based data center for my droplet though. I know MS actively protected user data from Ireland which is good, whatever their reasons are. I also switched to using mobile websites in mobile FF instead of installing many intrusive apps. Mobile responsive website are often as good as apps and better for sharing links.


My only gripe with Protonmail is that they're closed sourced. The good news is that they intent to open source it when they come out of beta[0], so I'll be switching to them as soon as that happens.

[0] https://twitter.com/protonmail/status/468759469006942209


mailbox.org seems like another EU (Germany) based email startup. Email is a very big hard-to-deal-with issue, however the Dark Mail Technical Alliance and services such as those already mentioned are taking steps to making email more secure.

It is interesting you mention Telegram, i have started using that with contacts of mine who have also adopted it, i'm not totally convinced it is secure, but does seem a better alternative to WhatsApp.

Further to this i've secured the domains i host content on, not because the content needs securing in terms of handling financial data etc, but because i believe that the wider encryption is used the harder it will be to operate global 'catch-all' surveillance.

ref: http://darkmail.info http://mailbox.org https://telegram.org


If your Dutch is limited, I recommend https://www.transip.eu really excellent option to Digital Ocean.


Switzerland is not in the EU.


Correct. But at least it is "local" and not GCHQ/NSA oriented.


I've always browsed in a sandbox only, since the revelations however I also bought a couple of vps and now tunnel my traffic through one of the servers. This is a very cheap measure, 15$ a month, that probably increases your privacy but also attracts more attention to yourself. A more inconspicuous solution is probably a public vpn service, but those servers are not under your control and you won't be able to make sure that the service does what the advertisements promise.

I don't bother much with email encryption or pgp, I've written down email as a loss in the privacy department and don't bother with trying/hoping my emails are private. So my gmail/hotmail/yahoo inboxes are for fluffy stuff only that doesn't really matter.

Mostly if I need to securely communicate with someone it will be on a private irc server where everybody has his/her own certificates and I can check to see if the server is untouched etc.


"NSA has VPNs in Vulcan death grip" http://arstechnica.com/tech-policy/2014/12/nsa-has-vpns-in-v...

This again leads to the disempowerment issue, each measure seems to have been systematically either compromised or weakened. I look forward to new solutions such as the Dark Mail Alliance. The issue i have is that any solution needs to be very 'consumer friendly' as unless both parties are using a secure system taking extra measures is almost pointless. eg. i take steps to chose an email provider who doesn't share their data, or is outside of the NSA/GCHQ jurisdiction but then i have to send an email to an @gmail address i know that those steps i have taken are compromised by the other party.


Yes, that's exactly why I don't expect email to be secure!

Even if you were to completely own your own infrastructure for the first two hops (your computer and router). And manage all those services yourself you'd still be exposed the moment your email needed to be forwarded to a user who hasn't gone through those steps.

As for the death grip. This is pure speculation on my part, but if they can decrypt/de-cloak your traffic it's probably because they hacked/infiltrated/bribed the services as opposed to breaking the crypto. So here's me hoping that my setup is relatively safe even if it's not anonymous.


What do you use to browse in a sandbox?


I started using TextSecure with my closest friends, but not after the documentary, after the first Snowden revelations.

I'm also very cautious about using non-HTTPS sites these days, or using sites with broken HTTPS. I sent my bank an email about their poor HTTPS configuration as well.

I also intend to use EFF's CA for all my future sites, regardless of what type of site it is and whether it actually "needs" HTTPS or not.

I'm much more careful about what I share through Gmail/Hangouts. I use 2FA for Gmail now, but I know it's useless against the NSA, because Google defaults to SMS-based 2FA (and the wireless networks are completely owned by the NSA), regardless of whether you chose SMS or Authenticator 2FA. It's mainly to protect against other "regular" hackers.

I plan to start using FIDO-ready hardware tokens this year, and I won't change my phone until the new ones have strong support for local fingerprint recognition/FIDO.

I try to use as few Microsoft services as possible: http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-c....

I haven't managed to move off Windows yet, but I might in a few years time. What most people don't realize is that Microsoft gives NSA "back doors" on a daily basis. It's all the zero-day vulnerabilities they share with them months before Microsoft gets around to fixing them. That's time in which the NSA can exploit those vulnerabilities. And now, unfortunately, Apple is going to do the same (technicaly giving them to the DHS...but I think we all know those are going to the NSA, too).

http://bloomberg.com/news/2013-06-14/u-s-agencies-said-to-sw...


I'm keeping my eye on EFF's developments on their CA.

It's hard to totally avoid Microsoft/Google etc absolutely, but by not buying into them completely at least it's security through obscurity.


So a few people have moved to a few different services that provide more privacy.

The truth is that the King has always been able to have anything intercepted ever since the first letter was written. Way before 9/11 GCHQ/NSA had things pretty covered and they certainly had capabilities to fully bug anyone of actual interest. You know these people even have your school reports if they want to dig back that far?

What has changed is that one can talk about security matters without sounding like a conspiracy theorist. That is about it for me.


This is something I thought about it for a long time, too. I've been following this for years and was always suspicious about all the "free" services and what their motivation is behind it all.

Here is a list of apps/extensions I use:

- Firefox with disconnect.me, HTTPS everywhere, Adblock.

- Never EVER use Google for search. Always use DuckDuckGo.

- Deleted my Facebook account. - Never ever use Skype (I refuse anyone who wants to use skype) There are other alternatives.

- Whenever possible I use a VPN (mine it privateinternetaccess)

- Never use any storage services like Dropbox, OneDrive, GDrive, etc.

Now that being said, I struggle with some "habits" and alternatives. These are:

- Google Apps, especially email. There is a reason why it works and so many people use it. I've tried Thunderbird, Apple Mail, Airmail, Outlook, etc. But somehow always go back to gmail :-(

On another note, I wonder what people use for an operating system?!?

I myself use MacOS X. I run many servers, all of them are Ubuntu Servers. I love Linux. However for a desktop app, I need to be productive and fast. Every time I want to switch to Linux I find some app that is not working and I need to use a VM for that.

Is it even worth considering a switch of operating systems? Too paranoid?


No, there's nothing I can do about it, and I'm highly unlikely to be a person of interest under the mass surveillance programme, so why bother?


Unfortunately ostich strategies wont make any difference. With the ever increasing quantity of laws and State power over the individual, the chances of you commiting a felony unkowingly are ever increasing by definition. And the State will have all your "metadata" to build up a case whenever they want.

Privacy is a form of Liberty, you loose one and the other will have its final countdown


Glen Greenwald gave a TED talk about a similar point of view. http://www.ted.com/talks/glenn_greenwald_why_privacy_matters...


Glenn makes a compelling case, and I agree with him on most points, but this false equivalency highlights the difference between the claimed and actual risks of automated surveillance, to most people:

> because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting

One thing the mass surveillance programme does not do is publish 'interesting' personal data that passes through it. The risk of one's private communications reaching a wider audience than, rarely, the occasional analyst (who is bound by secrecy laws) is close to zero.

The vast majority of people are more at risk of having their laptops stolen, accounts hacked/phished, online presence stalked, and so on by other members of the public rather than the security services. It's much more important to protect against that, than be disproportionately concerned about an invisible omnipresence to which their everyday activities are a trifling insignificance.


Everyone can do something, the honest expression would be "there's nothing I want to do about it."


Reality is that there is plenty of people willing to stay plugged into The Matrix


"First they came for the Socialists, and I did not speak out— Because I was not a Socialist.

Then they came for the Trade Unionists, and I did not speak out—Because I was not a Trade Unionist.

Then they came for the Jews, and I did not speak out— Because I was not a Jew.

Then they came for me—and there was no one left to speak for me."

—Martin Niemöller


But this is not about speaking out, this is about if it's worth bothering to take evasive measures to avoid automated surveillance.


That's not an attitude that leads to progress, to a better world. "It doesn't affect me, so why bother"?


His point is the last half. He's not a "person of interest" in these surveillance activities so it doesn't concern him; and it shouldn't.


> He's not a "person of interest" in these surveillance activities so it doesn't concern him; and it shouldn't.

But, despite not being a person of interest, he's still being surveilled. That should concern him.


That was exactly my point, too. You shouldn't care about other people's rights just because it affects you. Then you are those people anyway. You should care when it doesn't affect you too.

For instance, you should care that the police is very brutal to black people, even if you are not black and the police acts much better around white people.

Also, he's wrong. It does affect him. All data is analyzed. That includes his data, too. He's just of the attitude that "as long as me or any member of my family which I care about never says anything too critical about the government for the rest of our lives, then we're all good".

In my opinion he's wrong that he'll never be critical of his government. Obama won't rule forever, even if he does like him, and I assume he'll witness at least a few other governments during the rest of his life. Chances are he will become critical of his government, especially if things turn much worse (as the trend is right now). What if the government intends to cut his social benefits? What if the government introduces mandatory army enlisting? And so on and so on. Nobody can stay "non-critical" of the government for too long.

It's also wrong because it's self-censorship: "If I keep my head down, nothing bad will happen to me." The problem is when most people think like that, that's how you end up with tyranny. When little opposition exists, those in power start abusing it.


> In my opinion he's wrong that he'll never be critical of his government. Obama won't rule forever, even if he does like him, and I assume he'll witness at least a few other governments during the rest of his life. Chances are he will become critical of his government, especially if things turn much worse (as the trend is right now). What if the government intends to cut his social benefits? What if the government introduces mandatory army enlisting? And so on and so on. Nobody can stay "non-critical" of the government for too long.

But I am openly critical of my government (the UK), both online and offline. I just don't feel there's any significant risk in this, or anything else in my online activities. And that is the reason why I haven't changed any of my online habits.


Straw man arguments all the way around with plenty of assumptions. You presume the government's intention is to monitor him and watch his every move to work against him. The fact is, the government may scan something about him looking for bad guys and, once it finds he is not one of them, quickly moves on.

Just as your badge may be checked when you enter work, or you have to walk through a metal detector, these scans are not looking for the every day man. You can thank terrorists for this and quit blaming the government for looking for them. You can thank the government for looking for them and curse the terrorists.

OT - "you should care that the police is very brutal to black people"

I have to say that this is a blatant lie brought on by the media and the internet scream. While you can find something bad about something at any time, to generalize based on the occasional incident is wrong.


There are two types of security, Mossad and non-Mossad. Risk wise the latter is more important for average users and the former is unwinnable without unjustifiable difficulty.


I don't think I've changed a single thing since Snowden first started leaking stuff. That's not intentional and I'm not advocating that, I just haven't. I don't want the government reading my shit but at the end of the day, I guess I don't have anything I care about hiding enough to go to the trouble of hiding it.


- I haven't changed anything about my habits. There's probably 10+ years of stuff already available to them anyway. A change of habits is probably a significant event when studying someone's timeline.

- I did start looking into some ways to communicate more securely/anonymously if I really needed to do that but I am not confident teaching others to do the same (so talk in person with your phones in the fridge!).

- I ordered a couple of Schneier books and the Glenn Greenwald book and I'm going to try the Matasano challenges and start studying secure practices to hopefully become a more security-minded developer.

- I will probably not live in the USA for any longer than I have to, but I need more skills and experience before I can really change countries but frankly I have no idea where I would go that would be safe.


What's your goal in leaving the USA?

Your rights are more likely to be infringed by the NSA--you're not "protected as an American" to whatever extent that remains or might be reinstated.

If it's for privacy--you'll have less of it.


I started using Twister over Twitter.


I though you were joking until I searched it:

http://twister.net.co/

Do you know anything about the number of users?


There's interesting people on there, but I couldn't tell you how many.


http://www.pbs.org/wgbh/pages/frontline/united-states-of-sec... and part two and citizenfour are all must watch... from some of the comments many have not seen all of these.


No I have not changed a thing. I've always assumed that they were watching everything. Why else would cell phone providers suddenly not charge for services like gps? Or the fact that Microsoft lost its monopoly case against Netscape. How is providing something free a monopoly case? It doesn't exist to protect businesses.


I use Tor and block third party requests by default for my random browsing. It's good enough.


I started using MEGAsync instead of Dropbox. As a non-american I think this is one of the few ways I might be able to change things. Maybe the recent pressure from payment processors means that it works?


Depends who is asking.


haha!!!


I changed my habits long before CitizenFour when I discovered hadoop/big data and zeroday exploits


The biggest change I made is not talking online about how I protect myself from surveillance. This thread is probably innocuous. But if I were watching one of you already, I would be very interested in hearing what you had to say about how you protect yourself, particularly if you did me the favor of analyzing its weak points for me.


I live under assumption that what has been uncovered by Snowden is true since the early 2000's.

I assume that for the last ten years all my online identities are pseudo-anonymous in the very best case and that all my communications meta data and content is logged and has been, is or is going to be scrutinized by TPTB. And that should anyone be interested, my full profile along with all my social network is or can be made available.


No. I have no need to. There are better things to do with my time.

It's like saying I won't drive my car on the street because the police are watching you. But the police are looking for bad guys, not me. I'm not a bad guy.

I see so many people trying to block the police from doing their work finding bad guys. They don't want road checks for drunk drivers but then complain when a drunk driver kills someone. They don't want license plate scans for criminals and drug trafficking yet complain when they aren't caught.

They don't want the NSA scanning internet traffic and email yet complain they didn't catch the Boston bombers and others ahead of time while actively protesting the same thing.

I fear people like Snowden more than anything else.


    They don't want road checks for drunk drivers but then
    complain when a drunk driver kills someone. They don't
    want license plate scans for criminals and drug trafficking
    yet complain when they aren't caught.
I think the problem here is not that people don't want police to do those things, it's the belief that the power, once granted, will be abused. Drunk driving checks to catch drunk drivers are a good thing, but what about when a cop forces you out of your car because he didn't like your attitude? License plate scans are also good for catching criminals, but what about if the police store the data forever and tie it to personal IDs of people? Would you want the police to have a record forever of everywhere you've gone?

This is the problem with saying you have no need to. You assume you have already thought of every possible case when in fact, that's impossible to do. The most important part in the fight for personal privacy is in protecting the freedoms we have from potential abuse.


You can come up with all kinds of "what ifs" while forgetting our (in the US) system of checks and balances which protestors forget about and want to circumvent by creating vigilante groups to take care of matters on their own. Anything can be made open for abuse but you are assuming no one is watching and will do nothing about it.

Funny. Just a few minutes ago, I was watching NBC News story about the 3 teenage kids who went to Syria on their own. The family lawyer complained that, since the government is watching all the social media they posted on, why didn't they alert the family so this could be stopped?

To which all of HN would reply, "But ... but ..."


You can come up with all kinds of "what ifs" while forgetting our (in the US) system of checks and balances which protestors forget about and want to circumvent by creating vigilante groups to take care of matters on their own. Anything can be made open for abuse but you are assuming no one is watching and will do nothing about it.

Funny but, on NBC News tonight, there was a story about 3 kids who went to Syria on their own. The family lawyer complained that the government, which is watching Facebook and all the social media they posted on, according to him, why didn't they alert the family to prevent this.


Citizenfour is suspiciously well produced. And Edward Snowden is extremelly good. This all is probably the stage in which we realise of this and all is simply going according to the agenda.

"THE conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society consti- tute an invisible government which is the true ruling power of our country. We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smooth- ly functioning society." ~ Edward L. Bernays, Propaganda (1928), Chapter 1 - Organizing the Chaos


Is there a particular covert agenda that you see Citizenfour as promoting?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: