Skip to Main Content

Internet and Data Privacy Guide

Tips for building a privacy practice with a critical technology lens

Guides to Protecting Yourself

Tools for Protecting Your Privacy

Securing Passwords

  • Security best practices require using a unique password for each login. Use a password generator like Random.org to create a unique password for each login. 
  • Practicing this level of password security requires juggling between hundreds of possible passwords. Many people use password managers provided by their web browser, but non-browser password managers like the open source KeePassXC allow you to store passwords independent of your browser, providing an additional layer of security.
  • Some even believe that writing your passwords on paper may be the most secure password management system.

VPNs

  • A Virtual Private Network (VPN) creates a private "tunnel" through the internet - as exhibited by the image below. This January 2020 article from Popular Mechanics explains what a VPN is, how VPNs work, and specifies criteria for choosing a VPN best suited to your privacy needs.
  • That One Privacy Site has comparison charts that help illustrate the differences between various VPNs based on privacy considerations. The piece also includes a glossary to help you make an informed decision about internet privacy.
  • VPNs can sometimes break authentication or digital rights management systems, disrupting some library digital resources. If you have a VPN and are having issues accessing library resources, try turning off your VPN.

Image Credit: https://securityboulevard.com/2020/03/vpn-a-key-to-securing-an-online-work-environment/

Encryption Technologies

Encryption technologies use a mathematical formula to scramble information, rendering it unreadable unless you have a key to decrypt the encrypted information. Different forms of encryption are applied to different sorts of data. Text messages, emails, or communications with apps are examples of data in transit, while computer files, external hard drives, and information stored on a cell phone are data at rest. Data in transit requires different encryption strategies than data at rest.

Encryption technologies are a tool in your privacy toolkit, but encryption alone will not solve your privacy issues. Below is a discussion of two different kinds of encryption technologies for data in transit, Tor Browsers and the Signal messaging app. While both technologies are helpful tools with storied advocates, critical questions should be raised about the early research and development of each, particularly for users driven to use Tor and Signal to avoid government surveillance.

By The Tor Project, Inc. - https://media.torproject.org/image/official-images/2011-tor-logo-flat.svg, CC BY 3.0 us, https://commons.wikimedia.org/w/index.php?curid=20851621Tor Browsers

 

 

Image Credit: By The Tor Project, Inc. - https://media.torproject.org/image/official-images/2011-tor-logo-flat.svg, CC BY 3.0 us, https://commons.wikimedia.org/w/index.php?curid=20851621

  • How does Tor work?
    • Through onion routing. Messages are encoded in layers of encryption, like an onion. This website explains onion routing.
    • Georgetown Law Technology Review article from the Fall 2016 issue provides a succinct explanation of onion routers and browser security concerns.
  • Advocates of Tor:
    • Tor's most famous advocate is Edwards Snowden, the former military contractor turned NSA whistleblower and privacy advocate.
    • The Electronic Frontier Foundation (EFF) is a major proponent of the Tor browser, and hosts annual events to strengthen the anonymity of the network. They offer this one-pager demystifying the Tor browser.
    • The Library Freedom Project works closely with the Tor Project to help libraries protect library user's online privacy.
  • Questions about Tor:
    • After a FOIA request, journalist Yasha Levine found that Tor was initially developed by the CIA, funding the browser through the CIA-affiliated organization Broadcasting Board of Governors.
    • In addition to using CIA funding to develop Tor, the founders of Tor worked for the Naval Research Laboratory.
    • Ultimately, do these ties matter? Should you worry that actions on Tor will be shared with government agencies? Maybe. It is clear that Tor is comfortable accepting government resources. Tor also shares information with the government before informing Tor users, potentially contradicting Tor's promised transparency.
    • Not all are swayed by Levine's research. Micah Lee, technologist at The Intercept, contends that Levine is being conspiratorial. The Tor website states that the project was initially seeded by military funding, and Levine never identifies an instance of Tor's collusion with the US military. Additionally, Tor advocate EFF notes that Tor is not completely private.

Signal

 



Image Credit: https://github.com/signalapp/Signal-iOS/blob/master/Signal/iTunesArtwork%403x.png

  • How does it work?:
    • Signal has end-to-end encryption on messages. It sends encrypted messages using data plans, not phone plans.
    • This review from proprivacy.com discusses whether Signal saves metadata on each message.
    • Signal sounds like WhatsApp; why did people switch from WhatsApp to Signal? A few reasons, including security features and open source software. Facebook owns WhatsApp and mines WhatsApp networks for Facebook data. In the wake of the Facebook buyout, many WhatsApp developers left the company.
    • A July 2019 academic conference paper compares privacy features of different encrypted messaging apps (including WickrMe, WeChat, and Telegram).
  • Advocates of Signal:
    • Edward Snowden is also an advocate for Signal.
    • EFF does not necessarily advocate for Signal's privacy record. EFF does note that Signal has better encryption tactics than WhatApp.
    • Signal was created by Moxie Marlinspike, part of the early 1990's Silicon Valley scene. Prior to creating the end-to-end encryption technology at the center of Signal, he was famous in hacking circles for breaking through SSL (Security Socket Layers), known as SSL stripping. Marlinspike headed Cyber Security for Twitter from 2011-2013 before creating the Signal protocol.
  • Questions about Signal:
    • Yasha Levine has also critiqued Signal. Levine's September 2017 article from The Baffler includes an interview with one of the creators of the encrypted messaging app Telegram, pointing to curiosities in Signal's funding (including funding from the Broadcasting Board of Governors) and Snowden's insisted preference for Signal instead of other encryption apps. The article also discusses a CIA leak revealing that the CIA had tools to decrypt Signal, Weibo, and other encrypted SMS apps.

Online Harassment

Web 2.0 and the proliferation of social media has increasingly blended our online life into our life IRL to the point that it is almost meaningless to differentiate between the two. Online harassment - including doxing, threats, denial of service attacks, "revenge porn" and nonconsensual sexual image sharing- can make the simple task of checking your email traumatic. Despite prevailing attitudes, online harassment does not end when you log off; there are myriad offline consequences of online harassment.

The resources below will help you protect yourself from online harassment, including tips on enhancing your data privacy and resources for people dealing with online harassment:

  • Guide to Protecting Yourself from Online Harassment from the Library Freedom Project provides an inclusive framework for defining online harassment and provides resources for protecting yourself and taking action against online harassment.
  • Pamphlet about internet privacy and censorship under SESTA-FOSTA from the Library Freedom Project.
  • If you are experiencing online harassment from a Pratt student, you can report this harassment to the Title IX Office. The link also provides supportive non-mandatory reporting resources at Pratt.
  • If you feel emboldened by the supposed anonymity of the internet - and realize that you may be more aggressive online than in offline - then FemTechNet's guide to "doing better" online helps you reflect and reframe your online behavior.

Determining if Your Data Has Been Breached

The sites below have tools to determine whether your data has been compromised in data breaches. These sites sift through data aggregated data from sources including the "dark web" that contain hacked data. As with anything, it's critical to research security services on the internet. There are many fake security sites that collect your data for nefarious purposes; equally, there are many sites (like PwnedList) that do not have sufficient security to protect the user data entered for security scanning.

  • have I been pwned? is one of the earliest security hack sites. The site includes lists of the newest and more prolific data breaches, along with a free tool to see if your username or email address have been affected by data breaches. You can sign up for data breach notifications on the website.
  • Sucuri is a security scanner that checks websites for bugs, blacklisting, hacker activity, and security vulnerabilities. While Sucuri offers myriad paid services, they also offer a free WordPress plugin and Chrome extension that scans WordPress or any other website for possible security breaches.

Image Credit: https://www.varonis.com/blog/data-breach-statistics/