Have the Snowden revelations changed your computing habits?
It’s no surprise that governments spy on one another and monitor citizens in the name of “terrorism prevention”, but the Edward Snowden leaks showed just how horribly invasive the surveillance state has become. For our next podcast, we want to hear from you: have you changed your computing habits since you read about the Snowden revelations?
Maybe you’ve started encrypting your emails, or switched to a different email provider. Perhaps you’re now using Tor for all your web browsing and you do everything over a VPN. Or maybe you’re so despondent about the whole thing and think it’s a losing battle. Whatever the case, let us know and we’ll read out your comments in the next podcast!
Related Posts
About The Author
Ben Everard
Ben Everard is the co-author of Learning Python with the Raspberry Pi and hacks hardware projects held together with a big dollop of Linux and Free Software glue. He's @ben_everard on Twitter.
Not really – my current internet usage is so inconsequential that it wouldn't change much anyway. However, what has changed is my perception of the internet, and the leaks mean that, once I do up my dependance on tge cloud etc I will certainly take all reasonable precautions to protect my data. One thing to note, the goal in NSA avoidance is not to have an ultra-secure system, it is just to make it inconvenient enough for them that they ignore you – this is why if I ever did need to communicate securely I wouldn't use tor (used lots therefore worth cracking), I would make my own encryption method – much easier to crack but MUCH less reward for doing so.
No, but I'm starting to think about how I might. It's difficult to know what steps to take when you hear about the NSA subverting standards creation processes to make it easier for them to break it later. The big question is who do you trust now? Everybody says that open source makes it easier to catch this kind of stuff because people can look at the code. Are people looking at the code? There are a lot of lines of code to audit before anybody can guarantee there's been no monkey business. Wasn't it FreeBSD that caught something that somebody slipped in without anybody noticing? If I remember correctly it was years before it was caught. Personally I would be very impressed with any project that took a minute to re-examine their code in light of things. Then I could think about how to proceed. Google NSA + FreeBSD backdoor for the story I mentioned.
Yes, most definitely. Since all this NSA stuff hit the proverbial fan, I have reconsidered things massively. I have upgraded our internet connection from ADSL to fibre. I have ordered an HP micro server which I intend to run Owncloud on. I'm going to pull everything off dropbox, Google drive etc. I've also installed CyanogenMod on my phone, without the Google apps. I don't have anything to hide, but I don't agree with the NSA or GCHQ being able to look at my stuff whenever they see fit. Its a start. I mean would you allow a complete stranger into your house to look at any paperwork they wanted, because that's exactly what's happening at the moment.
From the realm of Identica we have had a GnuPG Practice Group. Our goal has been to practice using the tool to make it more natural. Even with Enigmail it is hardly natural. We have not had any e-mails lately which means I may need to light up Sylpheed and see what is coking. We were trading ASCII art at one point which the NSA is lovingly preserving for all time now, alas.
xkcd has a great cartoon on this here: http://xkcd.com/1269/
Nothing has really much changed on my part. If you've read any of the books by James Bamford talking about the National Security Agency, the Snowden revelations were nothing really new. James Bamford had been writing about the agency for some time. All that resulted is that suddenly Bamford doesn't seem like a nutjob with the Snowden revelations even though Bamford carefully sourced his books anyhow.
This may be why I enjoy the artwork by the former Soviet agitprop artist at thepeoplescube dot com so much. It simply remains that nothing you put on the Internet should be something you would feel uncomfortable having read back to you in a courtroom. Nation-states have pursued total information awareness for centuries and the United States almost has it within the grasp of a "combat support agency" it owns.
I've decided to take my data out of the cloud, and set up ownCloud instead. Other than that, not much has changed for me. I've become more conscious of where the services I use are hosted, but that's not very useful because many of the American services don't have European replacements. Hopefully that will change soon.
Not in the slightest. Putting anything online that you wanted kept secret without strong encryption was always a bad idea. All these leaks are nothing but acknowledgement of what a lot of people suspected all along.
Not that I think some part of it isn’t overstepping and needs correcting. On the other hand I think it’s still often overblown. Snowden discusses exchanging communication with a reporter about how to encrypt communications. If the feds (with any initials from any country) were as capable and fine toothed as a lot of people seem to think then this alone would have triggered investigation and he would have never gotten past that step. I mean a guy with super high security clearance is talking to an important journalist about how to talk with encryption so he can tell him stuff… And that triggered – nothing.
No. I was already paranoid about this kind of thing and it was no great suprise to me. I mean I don't actually own a tin foil hat (though I did used to wear one in my old band) but I don't use Facebook, gmail, Google, etc. I do have a Twitter account after my mate persuaded me to sign up while drunk in the pub one night but I don't really use it (except when I'm drunk). I do feel like a weirdo though and increasingly isolated from my friends online so maybe these revelations will help other people appreciate what I've been banging on about for years – and maybe want me to make them some tinfoil hats too…
Not really, I didn't have too many illusions about privacy anyway. I followed the news stories about NSA having its own switches inside the facilities of the major telcos that were published a few years ago.
That said, the Snowden stories coincided in my life with receiving a ton of Google's attempts to get me to use Google Plus. I use Android, Google Talk/Hangouts, Gmail and Youtube, and suddenly it felt like Google was trying to push G+ down my throat from every direction, while the world was talking about surveillance. As I wrote, I didn't have too many illusions before, but my view of Google is several shades dimmer these days.
Indirectly it has. It spurred me to sort out my VPN solution properly: private keys which are used to generate client certificates not on VPN machine itself, hosted on a separate VPS *just* doing VPN, private DNS server for VPN machines, bi-directional authentication of both client-to-server *and* server-to-client, etc, etc. It also encouraged me to finally sort out a securely sync-able password safe solution rather than the less-than-stellar password management I did have. Finally, I got around to getting a (free) SSL certificate from startssl.com for my website and move over to HTTPS-only with perfect forward security switched on.
So, in summary, it didn't make me do anything *new*, just gave me an incentive to get around to doing the existing things *right*.
Not at all. Now, where is that invisible ink pot and that dusty old book?
The only response on my side is to delete most private data at social engineering sites (facebook,…).
I never trusted in google – so i dont have an google account.
For my private data i use ssh and openvpn with a private fileserver at home. For syncing the files i use unison which uses ssh.
E-Mail encryption and chat encryption (XMPP) is not accepted by my friends, so it is no option for me.
Whilst it has not changed my browsing habits, in terms of sites I use I am a lot more careful that I was previously. I have installed HTTPS Everywhere, and think twice before uploading data to cloud services or on Social Networking sites. I am also considering getting a VPN.
I am a lot more interested in web security, and keenly follow the EFF and Open Rights Groups.
It's just made me more vigilant about it – make sure I use my password manager to create new passwords for sites, encrypting all my drives, that kind of thing. It's a reminder that encryption works, but people (i.e. me) is the weak point in a good security system.
I have email encryption setup, but the people I email don't care about it so I don't encrypt my mail. The best I can do is sign all my emails, which I do.
It's great to be more aware of how insecure general internet useage is, but until something negative happens to an individual then their web habits are not going to change. Why should web browsing be more resource hungry and more complicated to setup with a secure private connection. Web habits of individuals will only change when secure private encrypted communications are the norm and not something extra to setup or slow the user down.
I am starting with GPG for my e-mail.
I have to say not at all. I've known about such monitoring for years. TBH I'm surprised people are surprised about the revealations.
The government does lots of things it's not supposed ton in the name of protecting is citizens.
Especially those that pay large somes of money
I moved from Dropbox to Spideroak (which was underway anyway; since I found out db had overstated their encryption). Have GPG-signed my email for years but have few people that took up encryption, although an American friend living in the UK was prompted to get set up with it, so maybe moving that way.
I've ceased using the cloud and have 'downgraded' my use of the Internet to 'web 1.0' style activity; that's to say that I just use it for emails, information research and posting on really cool (sorry, awesome!) websites. I find that as long as I bear in mind Ben's maxim that 'once a data-packet leaves your PC then you have lost control over it' I find that I am more judicious in my use of the Internet.
At this point in time I'm still uncertain whether the powers that be are competent enough to assimilate all of the information which they could be collecting but 'they' are laying the foundations of an infrastructure, or more precisely a public acceptance of an infrastructure, that in the future could be used in a whole host of evil ways.
No, but it made me kinda want to do a degree in law, focusng on information technology law and human rights law … We should all have a new right that's under human rights… "The right to do computing privately" … its a hard subject, but one that's worth it I reckon.
I'm also interested with using affordable mini computers (like raspberry pi, cubieboard etc) and mobile access points (like TP-LINK MR3020) to create "mobile personal networks" accessible via wi fi and still usin the same tcp/ip standards we have today… just strap all those hardware to a platform with Arduino, motors, wheels and a huge rechargable battery to power it all … it'll be your "robot server: people can connect to via wi fi to access your site/content … ! 😉
No really to be honest. We've all suspected this kind of thing has been going on for years so the revelations were not too surprising. Not saying I agree with what's going on (I don't, I'm totally against the large scale collection of data and the argument of "is you've nothing to hide, you've nothing to fear" is obscene) but it's not surprising.
Question for those who feel they are being snooped on – if the authorities are watching everyones communications and trawling them for information, why is there still an issue with online child pornography? If the snooping systems were as pervasive, intrusive and sophisticated as people believe, then surely the targeting of the people who post this kind of filth would be relatively simple, no? Considering the furore surrounding the issue of 'snooping', wouldn't the NSA and GCHQ gain a lot of kudos and public acceptance by using their systems to target these people?
I've rented a VPS and set up ownCloud on there, so I can stop using Dropbox and Copy.com for anything other than stuff I want to be public. I'm also running an XMPP server on there and am halfway through migrating my email from Google Apps to being self-hosted. By halfway, I mean that I've installed getmail, dovecot and roundcube on my VPS, but I've not update my MX records yet…
Disengaging from Google and Microsoft is all well and good and is what I have done, but it is disappointing that the majority of computer users will take no such action, therefore the NSA or GCHQ can carry on with business as usual. If anything is to change it will have to be down to organized pressure groups continually lobbying the issues with politcal parties and within the public domain.
It annoys me considerably that these spying agencies can access my boring hum drum everyday data. It seems that the only thing that I may be able to do to annoy them is to add words like 'President, Allah and Bomb' to every email that I send.
Government wire tapping may be ethically wrong but it's been going on ever since semophore was invented. Like others in this thread my communications are inconsequential and get lost in the noise of the exabytes they harvest and for me Snowden was a meh after reading Blamford's book a while back. People get het up about Snowden and then ignore the CCTV everywhere, discuss personal stuff on the phone in public and display their lives on Facebook etc.
I've known the NSA has been monitoring the internet for quite some time. In the mid '90's, there was quite a stir over it. Back then, we'd put word strings like "nuke, bomb…" in our emails and usenet postings just to make the NSA waste their processing time. But what's really sad is that I recently purchased an old copy of 2600 from the 2006 season at a used book store and started to read it. Right off the bat there were articles about the NSA snooping. I'm hoping that now, with the Snowden release, people will finally take this issue seriously.
As for me and mine, the Snowden release prompted me to implement OpenPGP for email for both my wife and myself. If I can cause the NSA to waste their hard drive space on "Pick up some milk on the way home" messages, and waste system time trying to decrypt it, so much the better. If everybody did it, the NSA would be helpless. They'd never be able to store and process that much data. But again, the sad thing is that nobody has asked what the strange attachment is on my emails (my public key). The public remains totally ignorant and uninquisitive.
I've begun using ixquick.com for searches, and started using their proxy service. Thank you, Ben, for the tip in your former publication. I've done a deep dive review of ssh which, as a Linux admin, is a great tool for system-to-system authentication, especially using agents.
Lots of "sadness" in this post, but it's made up for by being able to hear the podcast again! Cheers
My habits have definitely changed. My trouble though is that I never know if I'm being all tin-foil-hat about it or whether I should feel justified in what I am changing.
Luckily, my 'cloud' storage requirements (I hate the word 'cloud') have been pretty minimal so have started to use OwnCloud for that on my own hardware but I am genuinely struggling to leave GMail and Calendar. They are outstanding products and do make life genuinely easier online but the whole 'other people might also be able to take a look in without me knowing' thing does bug me. When I find a provider, or even a method of having such a great equivalent for myself, then I shall be moving over but until then, it's a hard thing to break out of once you're hooked.
I would love to say it has – but unfortunately, I'm still working on it. While the evolution of Linux has lead to a Linux Mint install that can be done by a 5 year old with a blindfold, setting up Mailservers is still an absolute nightmare. Even though I would consider myself an experienced Linux user, I am still struggling to get my Postfix / Dovecot combination up and running.
I am using owncloud to replace Google Calendar and Contacts, but I'm not sure how far I trust the filesync capabilities – at the moment I still get quite a few error messages and random file deletions and recreations. I would love to use Bittorrent Sync as it seems far more reliable, but unfortunately it won't get through the firewall of the University I'm working at.
At least I started to encrypt emails – even though I only know one person who I can exchange encrypted emails with. Unfortunately, we still send confidential student information etc over unencrypted email…
My UNI just switched to MS Exchange, despite the advices and outcries from the IT dept…
On Friday night I found myself having dinner with the cyber security advisor to President Obama.
I thought I had built a fairly secure corporate network, but one thing I took away from that meal (apart from a hangover) was that nothing is secure. If the White House and NASA regularly get breeches, your information will be accessible if it is of any relevance to external parties.
So, don't keep anything on a computing device that you don't mind the world seeing. If you do mind, keep it in your head (but don't ever sleep!).
No, and in my opinion, anyone who really was "surprised", either or both didn't know much about the US Government or how internet data is handled to start with (e.g. Global routing, intermediate nodes etc.).
But to answer your question: no, I've not changed my habits. The internet is just another public forum: so I ask you: would you publish your personal information in Hyde Park, or leave your credit cards lying on a street where you live. Point made, or go yelling threats to an unknown person at your local pub?
Yes, it's egregious how the US government is so paranoid as to trash the constitution it claims to so believe in/love so much, but who's surprised: to quote the adage: "absolute power corrupts absolutely…" (every time…)
Yeah, more careful with passwords. Started using BitTorrent Sync, looking into more secure email options and even thinking of running Own Cloud on a Raspberry Pi, which I guess is possible.
I've become more critical to Google, planning to quit Gmail and came back to Firefox after 2 year mostly Chromium era. I'm trying more other seach machines than Google (DuckDuckGo and Startpage). I've tested Tor as a browser but haven't got used to it.
Most important: i see my move from Windows to Linux 6 years ago as "natural decision".