Ask Slashdot: How Do You Protect Your Privacy These Days? Or Do You?

An anonymous reader writes "The NSA snoops traffic and has backdoors in encryption algorithms. Law enforcement agencies are operating surveillance drones domestically (not to mention traffic cameras and satellites). Commercial entities like Google, Facebook and Amazon have vast data on your internet behavior. The average Joe has sophisticated video-shooting and sharing technology in his pocket, meaning your image can be spread anywhere anytime. Your private health, financial, etc. data is protected by under-funded IT organizations which are not under your control. Is privacy even a valid consideration anymore, or is it simply obsolete? If you think you can maintain your privacy, how do you go about it?"

Re:Simple.

[Anonymous Coward]

"I don't have anything the NSA is interested in."

Do you comment on any forums to influence people?
Do you vote? Do you think your vote is not interesting?
Do you have relatives? Do you think they are all so bland and uninteresting?
Do you work for a company? Does it make stuff in competition to other companies?
Do you know stuff the NSA might find useful.

Not too bothered

[axlash]

I'm less worried about the likes of the NSA, and more worried about criminal gangs getting hold of my data and using it to make my life a misery through identity theft.

Anyhow, the way these things work is:
- Either a very small percentage of people are seriously affected by breaches in privacy, in which case I don't need to worry too much about it, or
- A significantly large number of people are seriously affected, so that it becomes a political issue and there's a push to do something about it.

Depending on the platform, there are some options.

[c.r.o.c.o]

The issue is you cannot protect your privacy directly from the NSA. They seem to have tapped communication between Google data centres, can request any information they wish from any company (Google, FB, your local ISB and phone provider, etc), so the only option is limiting the amount of data you provide. Interestingly I started taking the following steps even before the leaks simply because I became uncomfortable with the major corporations gathering my data and then changing their privacy policies at will. That's not how contracts are supposed to work, and disagreeing doesn't seem to have any effect. Once Snowden went public, my paranoia turned out to be justified.

In general terms, I do not share anything truly personal on a public forum. So on FB I never upload pictures, I do not share places I visit, and I do not provide a phone number. I just use it to set up events like Birthdays or nights out. I do not use twitter, foursquare, pinterest, instagram, myspace or whatever social fad of the day happens to be. It could be that in my early thirties I'm becoming a technology Luddite, but then I was never denied a job because my *insert questionable behavior here* is posted all over the net.

Google is a special case. I started using Gmail when getting invites was almost impossible, and Youtube when they were still independent. So giving up my Gmail account would be a VERY significant undertaking, especially since I couldn't come up with better alternatives (fast, supporting POP3, almost perfect uptime, and guaranteed not to shut down). But I never stay signed into Gmail outside checking my mail, I do not use G+, I stopped using YT while being logged in, and I search through DuckDuckGo. And if anyone can suggest a reliable email provider that is NOT Google, MS or Yahoo, I am all ears.

Getting to specific platforms, on a Windows 7 PC, I use Seamonkey with Adblock Plus and No Script. I also block all third party cookies. I'm also considering adding Ghostery to the mix. This takes care of most of the trackers, cookies, ads, etc. I have not used Linux on a desktop in years, and I am yet to touch Windows 8, so I can't comment there. I also never share my location, although it's pretty braindead to find out where my IP is located anyway.

On my smartphone, I run CyanogenMod without GApps, meaning no Google account, no PlayStore, no Google Maps, etc. You get the idea. Every single app on my phone is installed from F-Droid. I have a fully functional, OSS book reader (Cool Reader), browser (Firefox with Adblock Plus), map application (rmaps), email client (k-9). So my phone is fully functional for my needs without any connection to the Google servers. As before, I never share my location which on a smartphone does make a difference.

This is pretty much what I've done to avoid Big Data without using any functionality and giving up only a bit of convenience. Any suggestions for improvements are more than welcome.

Is it worth protecting?

[ohnocitizen]

That is the question I'd like to start with. Because I'd answer yes it is. I don't want my identity stolen, my economic future decided by whether my boss sees a photo a friend of a friend of mine posted 5 years ago to a social networking site I didn't join, or my emails to my ex-girlfriend read by anyone other than me or her. So if it is worth protecting, then when we realize "how can you protect your privacy" is really broken up into subdomains, and for many of those the answer is "right now you cannot", we have motivation to then ask "how can we change that?".

Don't use "free" services

[Neelix21]

The main thing I do to protect my privacy is not to use "free" services, such as Gmail, Hotmail for personal email. I maintain my own server which has a mailserver installed. This means that no-one except me (and anyone who manages to break in) can just access my email.
I live in the Netherlands where ISPs are forced to keep "traffic records" of me. Because I'm an academic I get to use the academic ISP, which is not bound by that law, at least for Internet traffic. But having my own mailserver means that also my my email traffic is not monitored and can not be requested by the police. Furthermore, having your own mailserver and domain also makes it very easy to compartmentalise service subscriptions. Just make a new email address for each service.

I used to use Google Calendar, and Contacts but stopped with that since I discovered that OwnCloud is a really decent private drop-in replacement that you can host yourself.

I use many different privacy plugins (Ghostery, Adblock, etc.), while being aware that this makes my browser ID somewhat unique and identifiable. At least I'm making it harder for them.

I don't use my real name.

[ugglybabee]

I don't use my real name on the internet. This is no small thing, because Facebook will throw you off their network for using a fake name, and while I find facebook to be ubelievably drab and awful, I suffer a penalty in relationships from not being on it, since nearly everybody I know has some kind of presense on Facebook, I'd rather not trust the NSA with my personal information, but since i am not a criminal, the potential negative consequences involved are finite. I could be harassed for my views, though they're not particularly extreme, or falsely accused of a crime, But there are a billion people on the internet, and they've got a billion agendas, and i know from experience that some of them can truly be evil motherfuckers. There's no sense in trying to measure or aniticipate what can happen, what they're going to individually decide or figure out. I'm probably safe. I'm a 55 year old male with not much money. Nobody's going to want to stalk me for anything, but I refuse to participate in this crazy experiment whereby we turn down the privacy settings for civilization, and see who thrives, and who gets hurt. Zuck you, Fuckerberg!

Re:one method

[Joce640k]

Which part of not entering real information did you miss?

Unfortunately there's a couple of flaws in his plan:
a) Facebook is busy asking other people things like: "Did you go to school with JohnVanVilet?" and they're all eagerly answering "Yes!!"
b) They've figure out he lies so they're starting to 'confirm' every new account via. mobile phone.

One more

[SuperKendall]

Worried about someone finding your child-porn stash?

Don't store it with Google [cbslocal.com]

Basically a lot of the answers to how to avoid "X" would be, don't store that with Google.

It's a rough question though as I have to say I'm OK with Google poking through Picasa in order to catch a real child molester.

Basically I've always assumed myself that anything marked "private" and uploaded to a server I do not control, means it is for my eyes only - plus the eyes of every admin on the system.

Re:Unplug.

[Pino Grigio]

Here's the thing:

There are two levels of private here. There's keeping things private from potential employers, friends, family, associates and so on and there's keeping things private from the NSA, GCHQ, Chinese Government and so on. The average guy or girl has absolutely no hope of keeping their online dealings private from the latter. From the former, you don't so much keep them private as be a bit circumspect when making use of the internet, your mobile phone and so on.

So far over the last 10 years I've had 1 credit card attempted theft (tried to transfer £4,000 out of it, bank caught it as "suspect" so it didn't happen) and I've had 2 email accounts hacked and used to send spam. Of the latter, the problem was weak passwords. I now have a "system" for passwords and none are weak, but that doesn't mean the NSA and GCHQ can't still read them. I have no intention of fighting a room full of Mathematics PhDs for my data.

Even if you get the NSA to stop doing this through political action, the Chinese, Russians and so on will still be doing it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Government doesn't bother me

[grumbel]

The government snooping around doesn't bother me all that much, as while it might be a waste of money, it really doesn't affect me. It's just dead data sitting around on some NSA server. There is more interesting stuff to read then my email. What I am bothered by is the leaking of private data that happens all over the place, things like the people you follow on Twitter or Youtube being publicly visible information. Why exactly does every modern social webpage treat what are essentially bookmarks as public information and publishes it to the world? Why is everybody just accepting that and not complaining about? You can't even switch it off most of the time. I find that incredible annoying and avoid any service that does that when I can. I don't have much of a problem with my information being out there, but at the very least a service should make it very clear what kind of information is public and what is private and modern services don't really do that.

Another thing I have a real issue with is the starting pervasiveness of requiring real life authentication to log into a webpages. Mobile phone numbers started as just a way to get your password back, but now quite a few webpages are requiring them and Google+ and Facebook have their real name requirements. Furthermore there are more and more webpages that only allow you to access them via your Facebook or Twitter login, not via a webpage specific account. So once Facebook or Google switching on the requirement for a mobile phone number or real name and enforce that, that means your real life identity is linked to a ton of a webpages and you can't stop that from happening unless you completely avoid that webpage, as even Tor doesn't give you a free anonymous mobile phone number.