Well, I don't think I've ever felt so paranoid. Thanks President Obama, this is the exact opposite thing we wanted you to do when we voted for you.
There is a fundamental problem with being truly secure online. That flaw is that the sites and services we use are compromised. In order to me to write this comment, I'm relying on the free wifi at Starbucks to not log my actions. I'm relying on their ISP to not log the traffic to HN's servers. I'm relying on Google's Chrome browser to correctly recognize HN's certificate and encrypt my packets properly, and I'm relying on Entrust Certification Authority to correctly assert that I am actually sending my data to HN and not an intermediary. Then I'm relying on HN to receive my data and store it securely (well, as secure as I should expect a public forum to be, but the scenario applies just as well to banks and email providers). Finally, I'm relying on all software installed on my laptop (including the operating system) to respect my privacy by not logging keystrokes.<p>Any 3-letter agency that wanted to track my internet usage only needs to collude with one of these services to compromise my privacy. I think the solution to privacy is a combination between government transparency and accountability, and our own due diligence to carefully vet the programs and services we use.
In today's environment, the most secure person computing set-up might be Richard Stallman's. I don't think I could do it though, as it is too restrictive.<p><a href="http://stallman.org/stallman-computing.html" rel="nofollow">http://stallman.org/stallman-computing.html</a>
There's one more thing all Tor users with good bandwidth should consider: start relaying.<p>I relay when I can, which is not very often because I am mostly behind a NAT which I have no control over.
If everyone uses Adblock, it could be detrimental to a lot of free web services that are supported solely on ad revenue. I am not sure if there is a good solution here...
I feel like this is a rather porous plan for privacy.<p>> 1. Sign up to relevant pressure groups<p>Ok, I like this one. No reason not to. Support the EFF.<p>> 2. Install HTTPS Everywhere<p>Since I believe that the NSA likely already have all of the relevant private keys, I'm not sure about this one. HTTPS is still better than no HTTPS, but don't overestimate it.<p>> 3. Install Adblock Plus<p>Yep ok. Making it harder to be tracked across the internet is good.<p>> 4. Review my browser use<p>Sure. Use Chrome + best practices.<p>> 5. Review web services I use and switch if necessary<p>Suddenly this appears: a catch-all "change everything I do on the internet". Stop using Facebook, Skype, Gmail, etc. Probably not going to happen. I'll come back to this in a second.<p>> 6. Download and Use Tor<p>Given my belief that the government is probably running enough nodes to reconstruct Tor identities, I'm not convinced that this helps much.<p>> 7. Use the Onion Browser on my mobile<p>See #6.<p>> 8. Run "host-proof" Web applications<p>This is an extension of #5. I like the idea, but this is hard. Startups like Ciphercloud and Social Fortress are ostensibly working on it; I look forward to when they're available. I imagine that if any significant percentage of people start using, say, Social Fortress on Facebook, Facebook will make it against the TOS.<p>I do think that the NSA has probably broken RSA. It's notable that they haven't approved it for securing classified data, despite the fact that it would significantly simplify the DOD's current pains around key distribution. This, of course, takes SSL with it, but importantly takes PGP, too. Running GPGMail on a desktop isn't enough.<p>###<p>My privacy plan will involve learning more about politics. Who are our representatives? What districts play disproportionate roles here? How are the oversight committees formed? Who's on them and why? What can we do to be involved? This is a much longer timescale play -- it's a lifetime of being involved, rather than a quick technological fix now. I'm not confusing a personal interest here with having influence -- I'm just one person, and not a high-profile one, and alone I won't have much impact. But, I don't believe that there's any substitute for a politically engaged constituency.<p>I don't believe that Washington is fundamentally corrupt or irreversibly damaged. In the Snowden video he spoke about how these decisions are viewed as policy and not law -- so a future president may decide to go off the deep end into despotism. But since it's still policy, there are systems for this. It's not ok to simply complain that the system will defend itself and there's nothing you can do. Apply the same mindset that drives you through the multiple brick walls that are a startup to changing Washington.
This is a good start, but in the end the NSA can bypass any of these measure if needed (even the cryptography). The only think that really can change this situation is a protest versus your political representatives.
Here's what I did. <a href="http://www.battle-school.co.uk/Blog/2013/06/08/its-our-own-fault-deal-with-it/" rel="nofollow">http://www.battle-school.co.uk/Blog/2013/06/08/its-our-own-f...</a>
Got rid of every cloud based service I use.