Data and Goliath

    Data and Goliath

    Bruce Schneier is a well known American security researcher, who has written several books about this topic. Data and Goliath is his latest book about it. I bought it last year, but I only got around to reading it last month (one more win for the reading goal for the year \:D/). First ob­ser­va­tion: while the book is thick, with 383 pages, a third of it are notes, so it's not that long actually.

    While I've heard about various privacy issues and about the mass sur­veil­lance revealed by Edward Snowden, I never really did anything about it. I had an adblocker installed, but that was just because I was annoyed by ads and they slowed down browsing the Internet, but nothing else. This book was a coherent pre­sen­ta­tion of what both cor­po­ra­tions and gov­ern­ments do, what effects it has on us, and why it's really, really, really, really bad.

    I don't want to go talk too much about what the book says about existing sur­veil­lance and what is going, except to call out the fact that the existing large scale gov­ern­men­tal tracking is not effective against terrorists. The haystack is too big and the needles look more like twigs, so it doesn't help at all. Good old in­ves­ti­ga­tion work is what catches the bad guys. Mass sur­veil­lance is useful for tracking people who protest (le­git­i­mate­ly) against the government. Also, corporate sur­veil­lance comes in many subtle forms and is used to build up big profiles about people, which are then often sold by data brokers, or hacked. Again, not really worth the benefits in most cases.

    So what can the average Joe like me do? There are several things, ranging from political to technical. First off, lobby, propose, discuss, raise awareness, vote about this. If enough people know about this and are worried about it, democracy can do it's thing. Hopefully it's not 1984 already.

    On the more technical side, there are some simple solutions. Use HTTPS Everywhere, which forces your browser to use encrypted con­nec­tions whenever possible. It's a first, simple step towards avoiding dragnet sur­veil­lance. If it's encrypted, it can't be read in a straight­for­ward way. Use either Ghostery, Privacy Badger(I use this one) or Disconnect. These extensions do as much as possible to disable tracking. Most im­por­tant­ly, they disable the automatic loading of social network share buttons, which would au­to­mat­i­cal­ly report back what pages you browse, even if you don't click on them.

    Now, on to more com­pli­cat­ed ones. You can do ob­fus­ca­tion, which means doing random stuff do create bogus data on your profile. Things like searching for TV models, even though you don't want to buy one, clicking on random search results, adding as friends people you don't know, creating fake profiles, in­ter­chang­ing store loyalty cards with friends, not giving out your real in­for­ma­tion when asked for (be careful about who's asking and if you can give out fake in­for­ma­tion) and so on. And, if you wanna go one step further, use the Tor browser. It's a pain to use, because many things are blocked there, it's quite slow, but it's definitely a good option. I won't be using it all the time, but sometimes I will. If you wanna go extreme, you can even run your own Tor nodes.

    That's it folks! Be safe and keep an eye out for sur­veil­lance!