DecodedInternetPrivacy

Streisand Effect and Ways to stay Private Online

Think before you upload it to the Internet

The Streisand effect is a social phenomenon that occurs when an attempt to hide, remove, or censor information has the unintended or opposite consequence of further publicizing that information, often via the Internet using multiple platforms. Just how negative publicity is considered to to be the best publicity in a lot of cases like cinema industry. Whenever a show or a movie lands in controversy over content or scene, it is watched by more people including ones who would not otherwise care about it.

‘Streisand’ is the last name an American entertainer Barbra Streisand, who sued a photographer in 2003 for violation of privacy. It was an attempt to suppress pictures of her residence. What the case ended up doing for Barbra is that it got her a lot of unwanted attention. A lot of people around the globe who had no clue about the matter, were suddenly digging for the same pictures everywhere. By suing the photographer, she ended up getting the pictures more widely circulated.

Mike Masnick of Techdirt coined the term in 2005 in relation to a holiday resort issuing a takedown notice to urinal.net (a site dedicated to photographs of urinals) over use of the resort’s name.

He stated, “How long is it going to take before lawyers realize that the simple act of trying to repress something they don’t like online is likely to make it so that something that most people would never, ever see (like a photo of a urinal in some random beach resort) is now seen by many more people? Let’s call it the Streisand Effect.”

The ultimate failure to prevent the contents that you intend to hide or suppress from becoming public highlights the global and slippery nature of information. Once it exists in any form especially when uploaded to or shared over Internet to public in unencrypted format, it’s like the water in a rusty tank, some will eventually leak.

Today, because of the Internet, keeping information secret is nearly impossible. Publications by WikiLeaks of confidential documents makes news headlines across the globe but this further diverts attention from two very important things. The first is that the Internet has fundamentally changed the paradigm in which information exists. The second is that governments and other organizations around the world were caught off-guard, yet only have themselves to blame. Anyone with minor technical knowledge of the Internet would have known for years that whistleblower sites were inevitable, and that WikiLeaks is just the tip of the iceberg. Attempting to stop them by intimidating those involved or sabotaging their fundraising is like trying to stop an overflowing dam with a few buckets.

Organizations, state or private, need to accept that any of their communications could become public at any time. The more compromising those communications are, the more likely it is to happen.

Whistleblowers do democracy a service by exposing the illegal activities of large corporations, state agencies and other organizations. It’s hardly good for democracy that some group covertly employ foul means to achieve their ends. If it was not for disclosures from Wikileaks and Snowden, the public was mostly oblivious of the lesser known and pervasive measures being actively used. Some choose to knowingly ignore, with their ‘I have nothing to hide’ attitude, but it’s too late either ways.

No Absolute Privacy. Avoid Trails!

Precaution is always better than the cure. Its even more true in the world of Internet we live in. If you happen not to use digital products by tech giants who smother your privacy by every possible legal and technical means, chances are your own government is spying on you to protect you from terror and child abuse material. Mass data collection and retention is in vogue today, and it is a global thing.

The NSA of United States of America has been in the news a lot lately, and for all the wrong reasons owing to their own contractor Edward Snowden, who happen to be a whistleblower and confirmed what their illegal mass scale surveillance programs. It shouldn’t be surprising to anyone that all of this is happening. It’s been coming for years now and anyone had the ability to see it coming, if they were careful enough to pay attention. The question now becomes how to deal with it. It’s a complex problem and, like many complex problems, requires a multi-pronged effort to address it.

In order to explain how to do that it’s best to understand how we got here. To do that we must back up first and trace things back a few decades to the beginning of the Internet. Some felt that the Internet would be used as a tool to spread knowledge and information. It would empower the masses. Anonymity was easy. Censorship was impossible. Easy copying would destroy the traditional movie and music industries. Even bigger changes seemed inevitable. Many believed that the Internet was the tool that was going to be used to begin a new world order. It was going to be the start of a utopian age in our collective history.

To some extent this has happened but that utopian vision never really did fully materialize, but two other things did that were critical in making mass surveillance possible.

One is that, little by little, people started becoming dependent on the Internet. It is a fact that many of the Internet-using public place their e-mail, photos, videos, calendars, address books, search terms, messages, documents, and perhaps their entire lives into massive data collection silos belonging to companies like Google, Facebook, Apple, Microsoft, and others. The existence of such huge repositories of information makes a tasty target to anyone that is interested.

The second thing that happened is that people began to increasingly access their data using devices that they have ever diminishing control over: iPhones, iPads, Android phones, Kindles, ChromeBooks, and so on. Unlike operating systems made up of free software (such as GNU/Linux), these devices are controlled entirely by vendors, who limit what software can run, what they can do, how they’re updated, and so on. Even desktop computers are heading in the direction of more vendor control and less user control. The lack of control over their own computing devices meant that people were forbidden from knowing what was being done with their data and, even if they did know, were powerless to stop it.

With most of the Internet-using public reliant on software that they cannot study and using third party services that sell them out, it began to create the perfect storm that made mass surveillance possible. It seems somewhat ironic that the public actually helped with their own surveillance by using these things.

That is how we got here. The next question is what to do about it. For that, it’s important to understand how things are being done. When the NSA wants information, they get it and they have several methods at their disposal. This is probably not exhaustive but what is known so far is:

Cooperation

Some companies voluntarily give the NSA access to private information. Reports backed up by Snowden’s leaked documents show that after September 11, 2001 a major American telecommunications company – rumored to be either AT&T or Verizon – voluntarily gave the agency access to its call records among other customer data. The NSA has invested a significant amount of time and money on personnel, software and equipment to sweep such data for important clues. Companies that choose this route are immune to prosecution, courtesy of the FISA Ammendments Act.

Legal Compulsion

If the company or person won’t cooperate voluntarily, Section 215 of the Patriot Act gives the NSA the power to force Americans and American businesses to give up private information that it has. There is a supposed restricted set of circumstances that would allow the NSA to act in this way. These restrictions were set in place to prevent abuse of power. Unfortunately, by law, companies cannot reveal the number of times that the NSA requests this private information from them or the type of information that is requested. According to Snowden, companies like Google, Facebook, Twitter, Microsoft, Apple and others have all been forced to give up this private information.

Digital Splitters And Undersea Cables

Not every company is going to volunteer information to the NSA or their British counterpart GCHQ. There are times when of these governmental agencies, in their infinite wisdom, feel that it needs to resort to illegal methods in order to get information. According to documents released by Snowden from the second quarter of the year 2012, GCHQ has been tapping undersea cables. These cables move unfathomably large amounts of information around the world. This information is shared with the NSA, and together these agencies use the tools and resources they have to glean information from the stored data. The NSA has also resorted to installing digital splitters in company servers. These splitters allow the NSA to shunt communications traffic to the NSA.

Spies

When everything else fails, nothing works like good old-fashioned spying. According to the Guardian, GCHQ has a team of operatives that they referred to as the Humint unit. This stands for Human Intelligence. This team has the responsibility of recruiting and placing agents in telecommunication companies around the world. Now, with this large network of spies, the NSA is able to get information from almost any source that it needs.

Malicious Software

The NSA is not above using software and malicious applications to exploit software weaknesses. They can use the software to either extract, implant, or manipulate information. Stuxnet and Flame are two examples of the type of software that the NSA uses. They can deliver this either by using infected emails or other methods. They even intercept computers in transit to install malicious software, and some of their methods can survive hard disk replacement and operating system reinstallation. The idea is to make it easy to engage in long-term surveillance that is impossible to detect. It is reported that the NSA also has the ability to worm its way into devices that even use iOS, Android, and BlackBerry operating systems.

Backdoors

One of the ways that the NSA uses to find its way in and around encrypted data is by cooperating with technology companies. These technology companies will build backdoors into hardware and software. These backdoors are designed to be absolutely invisible to the individual who was using the software and in some cases can’t even be proven to exist even when you suspect they might be there. However, it will allow the NSA to have unprecedented access to the electronic device that they want to spy on. For instance, the global technology community suspects that the NSA may have somehow compelled the US National Institute of Standards and Technology to approve the deliberately flawed Dual Elliptic Curve Deterministic Random Bit Generator cryptographic standard.

Brute Force Attacks

It is difficult, if not impossible, for the NSA to snoop on a information that is properly encrypted. So, they will find other ways to get at it. They may try brute force to decrypt the data. Even if the NSA cannot, they will store the information for up to five years. When the technology advances to the point that they can decrypt the information, they will.

That covers how we get here, and what’s happening now. After hearing about all of the avenues that the NSA has at its disposal to do surveillance on people, it is easy for a person to think that there is nothing that they can do in order to avoid surveillance. However, this is nowhere near the truth. There are a lot of things that people can do in order to avoid surveillance, minimize what information can be obtained, and make it harder to obtain that. Some of these are regulatory while some are technical.

Those giant repositories of information made the NSA’s job very easy by providing a form of one-stop shopping for them. Tearing down those data collection silos is an important step, so the first step anyone can do is move out of that silo and host your own data instead.

When it comes to centralized social networks I can only say one thing about them: Get rid of them. Close your Facebook, your Twitter, and all of your centralized social media accounts and never use them again. Social media networks are a treasure trove of personal information that the NSA and other government agencies can easily have access to. Use decentralized social networking instead:

Don’t use a cell phone. Surveillance is inevitable in this case: Whenever your phone is powered on, your cell phone company is able to record where you are, the phone calls and text messages sent and received, and what was accessed over the Internet, etc. If you do use one, you’ll have to accept that surveillance is inevitable although there are still steps that can be taken to minimize it:

  • Use Replicant. It is a mobile phone operating system that is made entirely of free software. Or a degoogled or google-free OS like /e/OS or LineageOS without google apps or grapheneOS. Also, consider using F-droid, a free software App Store solution for Android.
  • Encrypt your text messages using Silence.
  • Encrypt your phone calls using a secure solution.

Don’t consider using email for private communication. It is insecure and not private if used without encryption and extreme precaution. Look at something encrypted and decentralized like BitMessage. If you must use email, run it yourself on your own machine out of your own home and use GPG, S/MIME and SSL/TLS to communicate with the recipient, who should also be using their own mail server (or at the very least maybe arrangements could be made for them to use yours.) There is also an easy to use secure and end-to-end encrypted Chat-over-Email standalone solution that you can use with friends and family called Delta Chat.

Don’t store files in public cloud services. Going by Snowden’s leaks, cloud service providers have been juicy targets for the NSA. Add to that the unresolved crisis that is Megaupload, and you can see why you should not store data in public clouds. NSA personnel do not necessarily need access to your cloud account – they can grab data as you upload your files. The same methods can be used to collect information from software-as-a-service applications like Office 365 and Google Drive. To protect yourself, store data in your own servers, encrypt your traffic, and limit communications. If you are not capable of self-hosting, I have compiled a list of secure paid providers for you. But always consider encrypting your important files locally on your computer before uploading it to there services.

Keep web browsing private – Avoid relying on the “Do Not Track” feature. It cannot prevent snooping. Use the Electronic Frontier Foundation’s HTTPS Everywhere and Privacy Badger extensions. It uses the popular Secure Sockets Layer encryption scheme to keep web browsing private but doesn’t prevent the NSA from knowing what servers or people you’re communicating with. To avoid that, an even better option is to use HTTPS Everywhere along with TOR. Also, do not Google, consider using other privacy friendly web search options like Seax [you can self-host one], Startpage, Qwant, SwissCows etc.

Learn to properly encrypt your system or browser’s DNS with DoH or DoT, a list of encrypted DNS resolvers compiled by PrivacyTools, an informative website on Encryption and other tools to protect your privacy is a good start.

Always use free software encryption programs. Unlike proprietary programs, they are less likely to incorporate backdoors and if there is one it can be removed by the people using the software.

Use free boot firmware. Most computers begin to run proprietary software as soon as you press the power button, in the form of the BIOS. Given that we know that NSA has BIOS exploits, it’s more important than ever to use a free one. The Free Software Foundation from time to time certifies laptops and other projects to Respect Your Freedom, all the way down to the boot firmware. You should definitely consider buying them. This can’t be said of every machine running coreboot: It took specific hardware and a modified version of coreboot with proprietary software removed to pull this off.

Use 100% free software GNU/Linux distributions. The Free Software Foundation maintains a list of these at https://www.gnu.org/distros/. The combination of free boot firmware and a 100% free GNU/Linux distribution means that the people using these systems can be sure that their computers are working for them, and not against them.

These are just some simple or basic ideas – there may be more. Please feel free to share your ideas with me in the comments section below. Ultimately, the ways I have mentioned will only serve as a way to make it more difficult for the evil tech giants and illegal government programs to collect information, but it will not be impossible. With enough power, money and resources, if they decide that they want some information, they will find a way to get it. The only way that we are going to be able to protect our privacy is by demanding regulatory change too. If you have not already done so, start participating in various activities of digital and human rights groups to fight for you rights with the relevant authorities.

Tags

Manish Gehlot

I am a privacy, security, encryption and software freedom enthusiast. I am into VPNs, TLS security. Recently I also got into technical writings including guides.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Adblock Detected

Please consider supporting us by disabling your ad blocker