Privacy Tools – Encryption Against Global Mass Surveillance

<i>&gt;All [vpn] providers listed here are outside the US, use encryption, accept Bitcoin, support OpenVPN and have a no logging policy.</i><p>Yes but how does the average person <i>really know</i> if those suggested foreign VPNs are not CIA or other government coordinated honeypots?<p>In terms of cyberspace cat &amp; mouse games, I think VPNs can be useful to evade Netflix streaming restrictions to particular countries or to hide your DNS queries from your ISP. You don&#x27;t need a lot of trust in VPN entities to evade <i>commercial businesses</i>.<p>However, using VPNs to evade <i>government surveillance</i> is a whole different ballgame. Because of the far reaching tentacles of government agencies, there&#x27;s no reliable method to determine which VPN to trust.

<i>Why is it not recommended to choose a US-based service?</i><p>This is extraordinarily, almost axiomatically bad advice. The USG has an NSL process for obtaining information from US-based service providers. It has no process whatsoever for obtaining it from foreign providers. <i>It can simply do it</i>. We have the largest, best-funded signals intelligence agency in the world, and literally the only place in the world you have any procedural, legal defenses against them is here.<p>I&#x27;m not being normative. You don&#x27;t have to like this state of affairs. But it is the reality in which we live, and signing up with a European privacy service won&#x27;t keep your data out of the hands of US surveillance if they want it.<p>I think jurisdiction is the wrong question. The most important question to be asking about a service provide is &quot;what information do they collect and retain about me&quot;. Sometimes these comparisons are hard to make from the outside, but other times you can make inferences just based on the features they offer and the protocols they use.

Using privacy-related software makes it more likely that you&#x27;ll get specifically targeted for surveillance. [1]<p>Simply visiting this site makes it more likely. [2]<p>For anyone who fears state-level surveillance: Using a VPN or Tor and some privacy plugins isn&#x27;t enough. Don&#x27;t assume that you&#x27;re safe just because of it. In fact, you make yourself identifiable if you rely on such plugins.<p>I won&#x27;t go into details on how to be able to have privacy that can compete with state-level surveillance, because you&#x27;ll have to commit crimes to get it. If you think that your government is watching you - don&#x27;t trust these simple instructions. It&#x27;s way harder. Some people had to die because of this.<p>Many (authoritarian) governments don&#x27;t let you use a VPN without putting you on a watch list. If you try to keep a low profile, you need other measures. False sense of security can be dangerous in some countries. I hope that those who need this (a fraction of those who read it) keep themselves safe.<p>edit: I think they should clearly state that this tutorial isn&#x27;t suited for individuals who are in great danger w.r.t surveillance. It&#x27;s for people who are interested in privacy, not for people in life-or-death situations.<p>[1]: <a href="https:&#x2F;&#x2F;www.cnet.com&#x2F;news&#x2F;nsa-likely-targets-anybody-whos-tor-curious&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.cnet.com&#x2F;news&#x2F;nsa-likely-targets-anybody-whos-to...</a><p>[2]: <a href="https:&#x2F;&#x2F;www.makeuseof.com&#x2F;tag&#x2F;interest-privacy-will-ensure-youre-targeted-nsa&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.makeuseof.com&#x2F;tag&#x2F;interest-privacy-will-ensure-y...</a>

Prism Break is also worth taking a look: <a href="https:&#x2F;&#x2F;prism-break.org&#x2F;en&#x2F;" rel="nofollow">https:&#x2F;&#x2F;prism-break.org&#x2F;en&#x2F;</a><p>I like that it has OS-specific recommendations.

This is a great overview and a list of useful tools and technologies. Kudos to the author!<p>However, I am afraid that using those tools to protect your own privacy is at best a temporary band-aid as long as the current trend of accepting more and more backdoors into our personal lives persists.<p>To change this a significant portion of people need to see the government not as the main savior from terrorism (poverty, disease, crime, etc.) but as a big bureaucracy where a lot of clerks care more about their paycheck than the end results of their day&#x27;s work (which is fine). And a large portion of public servants who do care, care more about their career, power and perception than about people who chose them to govern (which is bad).<p>This view change, if it ever happens, should force government to justify their actions and pay more attention to real issues (poverty, crime, disease, terrorism) and less to scare tactics. A used car salesman can provide a useful service -- knowing that a customer suspects him to be a swindler forces him into a partial honesty. That said, I am not optimistic that this view change will happen soon.

Isn&#x27;t it bizarre that a privacy tools website uses Google Maps instead of Openstreetmap?

Many file formats record creation timestamps, like in image, document, video, audio, executable, archive, and so on. If you create these formats and send the file to others, they would at least know when you created the file. Sometimes they even include timezone info, so they can even know something about your geo location. This applies to network protocols, application communications, database records and so on. Even Git will record your timestamp and timezone info for every commit, and it&#x27;s very difficult to completely change or remove these info.<p>You might think it&#x27;s a trivial thing, but it actually tells a lot about you. If someone can trace your activities through time, it&#x27;s essentially a detailed profile of you, and they can learn how you live and work. Sometimes it can even be used to de-anonymize you by cross referencing with your &quot;real&quot; online identity.<p>In general it&#x27;s impractical for users to fully understand what kinds of meta data were included in each file format or send by each application. EXIF data is often included in image files generated by cameras or image editing software. Your full file path to a source code file may be included in the executable you compiled, and it may leak your personal information. Your operating system may send regular health report to its company. A proxy service may append your real IP address in HTTP headers. Even for some encrypted services, they don&#x27;t encrypt or sign everything. Like 1Password in the past didn&#x27;t encrypt the URLs of your saved login sites. TLS 1.2 doesn&#x27;t sign the cipher suites. TLS 1.3 doesn&#x27;t encrypt client certificate.<p>Most of these software and protocols were not designed with privacy as a primary concern. Even they do, there are info that they decided to be okay to leak. However, it should be up to the users to decide whether the design decisions were reasonable for their own use case. Even many of these meta data leak seem like targeted surveillance, it&#x27;s actually scalable and can be adapted to mass surveillance.

Brave (based on Chrome, minus Google tracking) includes optional Tor in private tabs, anti-tracking and ad blocking. By making Tor accessible to all users of Brave, it makes Tor users slightly less of an anomaly. Brave has also added capacity to the Tor network.

I am impressed with the amount of detail this page has, wonderful job by the author!

<a href="https:&#x2F;&#x2F;torrentfreak.com&#x2F;proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930&#x2F;" rel="nofollow">https:&#x2F;&#x2F;torrentfreak.com&#x2F;proxy-sh-vpn-provider-monitored-tra...</a>

A nice resource, but I think the links on the page should all open into a new tab. Reading through and clicking a link takes me away from the page, I&#x27;d rather that the links open in a new tab for later.

Are those password managers listed really &quot;better&quot; than 1Password or lastpass? If so, why? Shouldn&#x27;t I want to pay money for my password manager?

The only way to win the game is not to play.

One of my favorite lines against &quot;I have nothing to hide&quot; is from national security whistleblower, Edward Snowden:<p><i>“Arguing that you don&#x27;t care about the right to privacy because you have nothing to hide is no different than saying you don&#x27;t care about free speech because you have nothing to say.”</i><p><a href="https:&#x2F;&#x2F;www.goodreads.com&#x2F;quotes&#x2F;7308507-arguing-that-you-don-t-care-about-the-right-to-privacy" rel="nofollow">https:&#x2F;&#x2F;www.goodreads.com&#x2F;quotes&#x2F;7308507-arguing-that-you-do...</a><p>But ultimately, the idea that you want privacy because you have something <i>bad</i> to hide is a deeply flawed one, pushed by governments, maybe not necessarily because they are &quot;evil&quot; and want to abuse that power (although that certainly seems a factor to consider lately), but also because pretty much the only times they do want to bypass privacy laws is when they deal with criminals. So that gives them a very narrow view of the issue. When all you have is a hammer, every problem looks like a nail.<p>Privacy is both about &quot;keeping things to yourself&quot; and not wanting others to know everything there is to know about you for no good reason, as well as to protect yourself against potential abuses (from governments, but also criminals, unscrupulous companies, etc) that can&#x27;t be predicted ahead of time. There are thousands of potential uses for the data, like say using your data to manipulate you with ads during elections, make you buy anti-depressants, make you pay higher insurance, and so on.