The Haystack and what Brexit means for digital rights in the UK

Still taken from The Haystack documentary on surveillance in the UK. The image shows people walking along a crowded street in central London and a news headline which says 'Britain is too tolerant and should interfere more in people's lives, says David Cameron'

On Monday evening we held a screening of The Haystack surveillance documentary at Birmingham Open Media, followed by a discussion of what the recent Brexit vote means for digital rights.

Continue reading The Haystack and what Brexit means for digital rights in the UK

Let’s get together to watch ‘The Haystack’ documentary on 21st century survillance

Still taken from The Haystack documentary on surveillance in the UK. The image shows people walking along a crowded street in central London and a news headline which says 'Britain is too tolerant and should interfere more in people's lives, says David Cameron'

We’re excited to announce we’ll be screening ‘The Haystack’ documentary, which examines the rise of suspicionless surveillance in the UK, at our next meetup on Monday 4 July.

Continue reading Let’s get together to watch ‘The Haystack’ documentary on 21st century survillance

Independent review of bulk powers announced but still no room for complacency over the Investigatory Powers Bill

An aerial image of the Government Communications Headquarters (GCHQ) in Cheltenham, Gloucestershire. Photographer: GCHQ/Crown Copyright

With the EU Referendum dominating the news agenda, you may missed the news on Tuesday that the government has agreed to Labour’s demands for an independent review of the so-called bulk powers set out in the Investigatory Powers Bill.

I’ve previously blogged about how the language the government uses to describe is designed to be as boring as possible in order to disccourage public scrutiny. For an idea of how effective this can be as a tactic, see the comedian Jon Oliver’s piece on the campaign for Net Neutrality, which he memorably described as “even boring by C-Spann standards“.

What are bulk powers and why should you be concerned?

Under the Investigatory Powers Bill, the term ‘bulk powers’ gives the government to powers:

  • Tap fibre cables and scoop up vast amounts of global internet data  – essentialy collecting, storing and analysing everyone’s web traffic, emails, messages, Skype calls, etc.
  • Require communications providers collect and store for 12 months internet connection records for all UK citizens – this will show every site you’ve visited, the locations you have visited (thanks to mobile location tracking) and which apps you have installed on your phone.
  • Broad powers to hack internet equipment – instead of hacking a suspect’s computer, authorities will be able to hack the network for the entire Greater London area, putting vital infrastructure at risk.

The easiest way to understand bulk powers is the oft-cited needle in a haystack analogy. The government is seeking powers to gather hay on the whole population, in the hope that if they will then be able to spot the needles (suspected terrorists and other criminals).

The Open Rights Group and other members of the Don’t Spy On Us coalition believe bulk powers constitute mass surveillance, which is fundamentally incomptabile with basic human rights of privacy and freedom of expression. Liberty have produced a detailed briefing on the problems with the bulk powers as they are currently stand.

Reasons to be cautious about the independent review

On the face of it, the announcement of an independent review of bulk powers is to be welcomed. After all, it shows the government is willing to listen to criticism, right?

While the review is a valuable opportunity for campaigners to raise awareness of the problems with  bulk collection, we should be cautious about what difference the review will make for a couple of reasons:

  1. The review will be conducted by David Anderson, the Independent Reviewer of Terrorism Legislation. While Anderson has received praise for some aspects of his 2015 review of terrorism legislation (A Question of Trust), he was criticised for accepting the case for bulk collection. Are Anderson’s views on bulk collection will have moved significantly in the past year or so?
  2. The goverment is under no obligation to act on the findings of the independent review. Forgive me if this sounds cynical, but the government has so far pushed the bill through parliament and taken onboard very little of the criticisms levelled by no fewer than three parliamentary committees. With the review coming so late on in the parliamentary process (the bill is due to receive its third and final reading in the House of Commons in June), there’s a real chance the government will merely pay lip service to Anderson’s recommendations.

Keep up the pressure – email your MP and sign our petition today

Given the uncertainty which surrounds the inpendent review, we can’t afford to wait until Anderson reports back on bulk powers. It’s vital we keep the pressure up on the government. You can do this by:

As well as keeping up the pressure on politicians, it’s vital we continue to talk to our friends and family about the dangers of the Investigatory Powers Bill. By doing this we can raise public awareness and get more people to oppose the bill.

 

 

Why you should oppose the spread of digital rights management

Stop the DRM Habit image by O'Reilly Media
Stop the DRM Habit image by O'Reilly Media
Stop the DRM Habit image by O’Reilly Media

Did you know that today (Tuesday 3 May) is International Day Against Digital Rights Management? I suspect your answer may be no as so far the battle against digital rights management (DRM) has not yet captured the popular imagination in the way that the current battle over strong encryption has.

I believe this state of affairs needs to change and, as we enter the internet of things era, we must not allow digital rights management to extend its reach beyond our computer software and into our everyday household devices and even into our very bodies. Here are my top reasons for opposing DRM.

DRM doesn’t prevent unauthorised file sharing, compelling digital services do

It’s an open secret that most people working in technology don’t like DRM very much and find it a pain to work with. Rights holders, however, continue to insist that DRM is necessary to prevent piracy or unauthorised file sharing and make sure people ‘play by the rules’.

Research in the area of file sharing is always contested. In my view, however, the evidence points towards the carrot of providing compelling, easy to use digital services rather than the stick of DRM restrictions and related legal enforcement measures. The COPIA institute’s report, entitled The Carrot or the Stick? Innovation Vs Anti-Piracy enforcement notes:

“we found little evidence to suggest that the combination of the carrot and the stick is needed. While some entertainment industry executives have argued that these kinds of anti-piracy laws are necessary for authorized services to feel comfortable launching in these countries, the evidence suggests this is simply not true.”

DRM facilitates consumer lock-in

Got a Kindle? Chances are, your library will consist of ebooks bought exclusively through Amazon rather than from a selection of booksellers.

This outcome isn’t simply the result of Amazon offering seamless integration between Kindle hardware and their digital bookstore (which it does). Virtually all publishers insist on encumbering their books with proprietary DRM which only works with certain hardware. This means Kindle ebooks only work on Kindle devices and can’t (legally) be transferred to the Nook or Sony’s ereader.

In placing an artificial restriction on where book lovers can buy and read their ebooks, DRM undermines competition and innovation. Of course there are ways to remove DRM from your ebooks so that you can read them on any device but this is never going to be a mainstream pursuit. Furthemore, under copyright law, it is unlawful to remove DRM even on media you own. This legal barrier prevents companies from making a device capable of reading , regardless of where you purchased them.

Furthermore, legal measures known as anti-circumvention provisions mean it is technically illegal to remove DRM from files, even for media that you purchased. The threat of legal action prevents companies from offering an ebook reader that can read every kind of ebook because to do so would involve removing DRM and converting the ebooks into a standard format.

DRM in web standards threatens permissionless innovation

To date, the development of the web has been characterised by ‘permissionless’ innovation. A person (or most likely a team of people) has a new idea for a new browser feature that users will love, implements it in a browser built using freely accessible standards defined by the W3C consortium and, if the idea proves popular, the person or team enjoys success. Writing for The Guardian today, Cory Doctorow reminds us that 10 years or so ago it was Mozilla who chose to integrate pop-up adblocking into its Firefox browser, a move which delighted users frustrated the ads but which angered publishers who thought they were just great.

Fast forward to May 2016 and the W3C has just last month agreed to proceed with the integration of DRM into web standards as part of its work on Encrypted Media Extensions. In this glorious DRM-encumbered future, any company wanting to include video playback features in their browser will have to get permission from a small group of media companies behind the new EME standard. This will give media companies the power to restrict consumer-friendly innovation. Want users to be able to watch Netflix on your new browser? Better not allow users to install privacy and security-protecting plugins such as Privacy Badger or UBlock Origin.

The elevation of DRM to a core standard of the open web platform tilts the scales away from disruptive innovation which benefits end and back in the direction of cosy, industry-friendly innovation.

DRM and the internet of things

DRM books are just the tip of a very large iceberg. Virtually every week tech blogs such as Techdirt and BoingBoing report on how the internet of things means DRM is rapidly embedding itself in our daily lives.

At best, the spread of DRM is annoying and harmful to consumer choice. For example, Keurig used DRM in the embedded software of its coffee maker to prevent users from using coffee capsules made by other companies. Similarly, there was a public outcry last year when Philip issued a software update to its ‘Hue’ smart lighting system, which overnight prevented compatible non-Philips lightbulbs users purchased from working with the system.

At its worst, DRM poses a growing risk to our health and personal safety. Due to the legal penalties for breaking DRM on software, security researchers were reluctant to report concerns over the potential for hackers to take control of cars via their embedded software systems. Similarly, restrictions on examining car software meant it was more difficult for researchers to spot the problems at VW which resulted in the global scandal over falsified diesel emissions results.

With connected devices becoming the norm, it looks as though DRM is going to be more and more part of our lives unless we stand together and take action. Please support the fight against DRM and help make sure a good few more people know about International Day Against DRM in 2017.

Discover great free and open source software at our next meetup

Rosie the Riveter Free Software/Open Source propaganda by Iwan Gabovitch is licensed under CC BY 2.0 https://www.flickr.com/photos/qubodup/ https://creativecommons.org/licenses/by/2.0/

We’ll be holding our next meetup on Wednesday 20 April at Birmingham Open Media and we’d love it if you could join us and get involved!

Following on from well-attended practical session on protecting your online privacy and security, we’ll be introducing you to some amazing software packages and tools which you are completely free and legal for you to download.

 

All the software we’ll be introducing you to will be free and open source. Free software is software that gives you the user the freedom to share, study and modify it. That means it not only costs you nothing to use it (free as in beer), but gives you the right to make changes and contribute improvements (free as in freedom).

Free software and digital rights

As well as helping people access to software they would not otherwise be able to afford, free and open source software is really to protecting our privacy, security and human rights online. Because anyone can study and modify the software code, it is easier to spot and fix security bugs. And because no single company controls the software, it is harder for governments to forces companies to spy on their users as in the recent FBI versus Apple court case.

You can find out more about free software on the Free Software Foundation website.

You should come to this meetup if:

  • You need software such as Adobe Photoshop or Microsoft Office for work or education but can’t afford the licence. GIMP is a high quality free alternative to Photoshop while LibreOffice can replace MS Office.
  • Your laptop is a good few years old and is struggling to run Windows. The open source Ubuntu operating system could breathe new life into your computer.
  • You’re worried about how much control Facebook, Google and Apple have over digital and want to find viable alternatives such as Firefox web browser and Signal private messenger.

Don’t forget to bring your laptop/tablet/smartphone with you so that we can try out rather than just talk about software!

RSVP via our Meetup page

We look forward to seeing you on Wednesday 20 April.

 

 

Art against the Snooper’s Charter workshop a success

Obi-Wan IPB

Thank you to everyone who was able to join us last Wednesday at Birmingham Open Media for our creative workshop to raise.

We had a fun evening making memes and other visual materials designed to raise public awareness of the government’s plans to push ahead with its controversial new surveillance bill, officially known as the Investigatory Powers Bill but better understood as a Snooper’s Charter.

The idea behind the evening was

You can read a write-up of the event and see the artwork we created over on Birmingham Open Media’s website.

Art against the Snooper’s Charter 

We hoped creating memes and other visuals would help more people understand what’s at the stake if the Snooper’s Charter becomes law. Speaking in parliament the day before our meetup, My local MP Steve McCabe (@steve_mccabe) summed things up quite nicely, saying that if the bill is passed in its current form “we will be the envy of states such as North Korea, China and Iran“.

Envy of North Korea

I’m pleased to report we have had a good reaction so far to our artwork on Twitter, with people re-tweeting and liking our creations and sharing their own.

Give memes a chance

If you’d like to have a go at creating your own protest meme, check out ImgFlip’s easy-to-use Meme Generator web tool.

Want to create something a little more complex? Why not try using the free and open source GIMP image editor to mock up a thought-provoking image like this playful riff on 1984?

Spread the word

10y87t(1)

If you like any of the visuals we’ve created or decide to create your own, please think about sharing them with your friends and family. Visuals hit home to people in a way that complex arguments and wordy blogs can’t possibly hope to.

If you’re sharing on social media , remember to mention the Investigatory Powers Bill/Snooper’s Charter in your posts and, if possible include the hashtags #IPBill and #SnoopersCharter. If you’re using Twitter, copying in @OpenRightsBrum will also allow us to more easily re-tweet your posts.

Don’t forget to email your MP (and sign the 38 Degrees petition)

While it’s really important we broaden the reach of our campaign through memes, we still need to keep up the pressure on MPs through traditional campaigning methods.

If you’ve not already done so, please use Open Rights Group’s easy-to-use web tool to email your MP today. The more MPs hear concerns from their consituents over the coming months, the better chance we have of stopping the Snooper’s Charter.

Once you’ve done this, please also take a couple of minutes to sign and share the new 38 Degrees petition, Stop Government Plans to Snoop on Your Internet History.

Can you spare a few quid to fight the Snooper’s Charter?

Lastly, the Don’t Spy On Us coalition (which Open Rights Group is a member) is currently a crowdfunding a hard-hitting advertising campaign to raise awareness of the Snooper’s Charter. Please spare what you can to help stop the bill.

Don’t Spy On Us launches fundraiser for Investigatory Powers Bill ad campaign

Can your memes and animated GIFs stop the Investigatory Powers Bill?

Investigatory Powers Bill meme shared by academic Paul Bernal on Twitter

Last week, the Home Office published its revised Investigatory Powers Bill (AKA the Snooper’s Charter) less than three weeks after receiving widespread criticism from no fewer than three separate parliamentary committees.

Chances are, if you’ve visited the Open Rights Group Birmingham you know and care about this already. The problem is, how many of your friends and family who aren’t into digital rights/politics/human rights  first of all know about what the government is up to, let alone are committed to stopping them?

Email your MP today!

Right now, the campaign is focused on asking supporters to email their MPs about the Investigatory Powers Bill. The hope is that if MPs receive enough emails from their consituents expressing concerns over the bill, they will be more likely to carefully consider the bill and not simply nod it through.

If you’ve not done so already, please email your MP today! Open Rights Group has created an online tool for contacting your MP as well as some suggestions for what to say in your email.

Join us next Wednesday (16 March) for art against the IP Bill

As important as it is to email your MP about the Investigatory Powers Bill (IPBill), it can be a little dull. Given the mindboggling array of digital technology at our disposal, and open Rights Group’s base at Birmingham Open Media, surely we can do better than email?

For that reason, we’ve decided to hold a special ‘Art Against the IPBill’ session next Wednesday (16 March). Please sign up via our ORG Birmingham Meetup page.

Investigatory Powers Bill meme shared by academic Paul Bernal on Twitter
Investigatory Powers Bill meme shared by academic Paul Bernal (@PaulBernalUK) on Twitter

Think memes, animated GIFs, looping videos, audio storytelling and anything else that will get across all that is wrong about the IP Bill. Liberty have produced a very good analyis called the IP Bill: the good, the good, the bad and the downright scary but I can’t help but feel it’s missing a LOLcat.

Bring along anything you think will help you create. This could be your trusty laptop, tablet or phone. Alternatively, you might like to go old school and work with a pen and a pad.

We’re hoping to have some fully paid-up artists from Birmingham Open Media and beyond to help inspire us with their creativity. If you’re an artist and you’d like to get involved, please do get in touch or simply drop in on the night.

Looking forward to seeing you next Wednesday. And in the meantime, please don’t forget to email your MP.

Please RSVP for the session via the ORG Birmingham Meetup page

Investigatory Powers Bill now published : Email your MP!

Cover of Draft Investigatory Powers Bill report

You’ve probably heard by now that earlier today (1 March) the Home Office has published the revised Snoopers’ Charter / Investigatory Powers Bill less than three weeks after three reports by MPs and peers made 123 recommendations for changes.

On first reading, the revised Bill barely pays lip service to the serious concerns raised by the committees that scrutinised the draft Bill. The Bill still includes police powers to see which websites and apps we use, and bulk surveillance powers for GCHQ – it needs serious improvements.

You can find out more on the Don’t Spy On Us coalition website.

Ask your MP to stand up to the Home Office

Now that the Home Office has published the Bill, we need MPs to stand up to the Home Office’s attempts to ride roughshod over parliamentary scrutiny and avoid having a proper public debate.

You can help by contacting your MP to tell them you are unhappy about what the Home Office is doing and asking them to make sure the Investigatory Powers Bill is not rushed.

The national Open Rights Group has created an easy-to-use form for emailing your MP:

Email your MP tool

Remember, you don’t have to write a lot, the most important thing is to contact your MP as soon as possible to remind them that the Home Office should not rush the Investigatory Powers Bill should not be rushed through parliament. The main messages to include are:

  • The Investigatory Powers Bill should not be rushed. The Home Office has been told to examine carefully the criticisms and recommendations of three Parliamentary committees. Less than three weeks is not enough time for a considered redrafting of the Bill. The new Bill only has a few significant changes from the draft version.
  • The new powers for the Police to access our ‘Internet Connection Records’ – a database of our online activity in the last 12 months – is invasive and unneccessary. Internet Service Providers, web hosting companies, and parliamentarians have been critical of this power.
  • The arguments made for bulk collection powers and Internet Connection Records are built on anecdotes. The operational case needs to provide figures, costs, and be open to scrutiny.

We’d love to hear what kind of repsponse you get from your MP. You can let us know via Twitter @OpenRightsGroup and @OpenRightsBrum

Keep up to date with ORG Birmingham

Please sign up for our mailing list to be first to know about future workshops, talks and campaigns:

Open Rights Group mailing list

You can also follow latest developments on Twitter @OpenRightsGroup@OpenRightsBrum and the #IPBill hashtag.

Stop the government rushing through the Investigatory Powers Bill. Email your MP today!

Cover of Draft Investigatory Powers Bill report

The Open Rights Group needs your help! Please read on for how you can help stop the government passing the seriously flawed Investigatory Powers Bill.

Today (1 March), the government plans to introduce to the House of Commons a revised version of the Draft Investigatory Powers Bill.

This is less than three weeks (!) since the Joint Committee set up to review the bill published a report calling on the government to make significant changes to the bill, including:

– Strengthening privacy safeguards
– Clarifying the government’s position on encryption, which is essential to modern life and the digital economy
– Making the case for mass surveillance/bulk collection of everyone’s data in a way that is legally compliant with the UK’s obligations to protect the right to privacy

You can read more about the committee’s recommendations over on the Open Rights Group website.

These are complex issues and the stakes are incredibly high – our civil liberties and national security are at stake. It is difficult to believe the government has given itself enough time to take on board the feedback it has received. Instead, the government is giving the impression that it is determined to pass the Investigatory Powers Bill at any cost, in order to free up more time to focus on higher profile issues, such as this summer’s referendum on EU membership.

Take action – email your MP today!

If we are stop the government rushing through the Investigatory Powers Bill, we need to gain the support of MPs.

You can help by emailing your local MP to let them know you are concerned about the government’s plans to rush through the Investigatory Powers Bill.

You can easily find out who your local MP is and email them directly via the excellent WriteToThem website.

Please don’t let the technical aspects of the surveillance debate put you off contacting your local MP. Simply letting your MP know you are concerned about the government’s approach and asking them to consider the issues will make a real difference.

Wherever possible, please include in your email a link to the guidance the Don’t Spy on us coalition has produced for parliamentarians. This explains in more detail the problems with the Investigatory Powers Bill and what MPs can do to make the bill fit-for-purpose.

https://www.dontspyonus.org.uk/blog/2016/02/26/investigatory-powers-bill-how-to-make-it-fit-for-purpose/

When writing to your MP, remember to be polite and encouraging, not rude and demanding. Respectfully making your local MP aware of the issues surrounding the bill is the best way to build support for an Investigatory Powers Bill that is truly fit-for-purpose.

7 top tips for protecting your online privacy and security

ORG Birmingham privacy and security meetup-001

Thank you to everyone who was able to join us for our online privacy and security workshop at Birmingham Open Media last Wednesday. We’re pleased to be able to share with you some resources from the evening so that you can take some simple steps to improve your online privacy and security.

The workshop was hosted by myself (Francis Clarke), who established Open Rights Group Birmingham in 2015 and Leo Francisco, who has made a contribution since joining ORG Birmingham just before Christmas.

Close to 30 people came along to Birmingham Open Media (BOM) for the meetup. For many, it was the first time they’d attended an Open Rights Group event. I’m pleased to say reaction to the event and BOM’s wonderful venue was overwhelmingly positive.

Why you should care about online privacy

I kicked off the evening with an introduction to Open Rights Group’s mission to protect and promote human rights as our society goes digital before going on to explain why we as a society must care about protecting online privacy and reject the ‘nothing to hide, nothing to fear’ argument.

Leo presented a more detailed look at the threats to our privacy, including the mass surveillance regimes Edward Snowden revealed and the UK government’s plans to introduce even more surveillance through the much-criticised Investigatory Powers Bill.

We were also fortunate enough to hear from respected journalist Paul Bradshaw, who explained how pervasive surveillance, particularly in the workplace, is making it harder for whistleblowers to alert the public to corruption and misconduct.

Leo has kindly shared slides from the evening here.

Practical help to reclaim your online privacy

With so much doom, gloom and political point-scoring surrounding the privacy debate, it’s easy to feel overwhelmed and pessimistic. For this reason, we spent the rest of the evening showing guests some simple things we can all take to improve our own privacy and security and help society, too.

1. Keep your device’s software up-to-date

Privacy and security are closely related. Keeping your desktop, laptop, tablet or smartphone’s software up-to-date makes it more difficult for criminals to access to your device and steal personal information such as your online banking login details.

The precise method for updating your device’s software will vary depending on the hardware and software you’re running. Both Microsoft Windows and Mac OS X will regularly prompt you to install updates. Don’t ignore these messages! If you are an iPhone or iPad user, you will also receive similar messages. Sadly, updates for Android phones and tablets are released less frequently but you should still keep an eye out for them.

As well as saying yes to update prompts, you can also manually check for available updates. Here are instructions for different systems.

Check for Microsoft Windows updates (PC desktops and laptops)

Check for Apple updates (Mac OS X desktops and laptops and iOS iPhone and iPad)

Updates for Android phones and tablets vary by manufacturer. Generally, look in your Settings menu for an ‘About your Phone’ option. Here you will see an option to check if updates are available for your phone. Some manufacturers are better than others at issuing updates. Generally, Google Nexus phones and tablets receive updates faster than Samsung, HTC and other phone makes.

Remember to keep an eye out for other opportunities to keep your software up-to-date. Modern web browsers such as Firefox and Chrome regularly search for updates but, depending on your device’s settings, you may still need to approve the changes.

If you’re a Windows user and you’re still using Microsoft Internet Explorer, it’s worth switching over to Firefox and Chrome, both of which offer much better security and privacy options.

2. Choose strong and unique passwords

Be honest, have you ever used the same password for more than one service? Most of us have done this at one time or another, making it easier for a criminal who has accessed our social media accounts to gain access to our private email conversations.

To make matters worse, we often choose passwords which are easy for criminals to guess from the information we post online about ourselves, such as the names of our family members, fondly remembered pets or the place we grew up in.

Choosing strong and unique passwords for our online services reduces the chances of us having our personal information compromised.

One good way of choosing a strong password is to select four random words from the dictionary. A password consisting of ‘correct horse battery staple’ is easier to remember than one made up of random letters and numbers.

3. Use a Password manager

A password manager can help you get round the problem of having to remember all your various passwords. Instead, all you have to do is remember one strong ‘master password’. The rest of your passwords will be securely stored in your personal password vault, which only you can access.

There are many different password managers out there. Two options to try out are:

KeePassX. A free, open source password manager that works across multiple systems and comes with a strong security pedigree.

Open source means anyone is free to inspect how the software works and make improvements. Public inspection is probably the most important why of ensuring security flaws are spotted quickly and fixed.

LastPasss. A popular commercial password manager with a strong emphasis on working seamlessly across multiple devices.

Depending on your level of computer confidence, you may find KeePassX quite technical and hard to set up. If so, you might prefer LastPass. LastPass is ‘freemium’, which means it provides both a free version as well as a more advanced, paid-for option.

With any password manager you use there is always a risk of ‘putting all your eggs in one basket’, i.e. if someone discovers your master password, they could go on to access all your other services. However, this risk must be weighed up against the benefits that come from being able to easily create and remember multiple strong and unique passwords.

4. Use Two factor authentication

Even if you use strong and unique passwords, there is a chance someone could discover your password and go on to access your personal information. That’s where two factor authentication comes in.

With two factor authentication, your online service will prompt you for a second unique piece of information before granting you access. For example, should you try to access your Gmail from a friend’s laptop, Google will send a verification code to your mobile phone via text message. you assigned to your account. Only when you have entered this information will you be able to access your emails.

As well as text message alerts, services increasingly give you the option of receiving notifications via a dedicated smartphone app. This can be handy when you are abroad or your mobile reception is patchy.

5. Encryption and Signal Private Messenger

Encryption is the process of encoding a message or information in such a way that only authorised parties can read it.

If you’ve been following the news lately, chances are you’ve heard about encryption and not in a good way. Politicians and public officials have been claiming that encryption is preventing them from tackling terrorism and other serious crime. For the latest round in this debate, see the stand-off between Apple and the FBI.

You’re far less likely to hear how strong encryption is essential to modern day life, allowing us to access online banking, complete our tax return online and securely and exchange private information securely.

Next time you’re browsing online, look for the green padlock icon in your web address. That symbol, together with the letters https, tell you that your connection to the website you are visiting is protected by encryption, which prevents criminals from getting between you and the website to steal your personal information.

Up until a few years ago, your options for encrypting your personal communications were fairly limited. You could set up an encrypted email system but it was (and still is) technically complex, with lots of room for error.

Following Edward Snowden’s revelations of mass surveillance, companies started to take customer privacy more seriously and offer smartphone-based encrypted messaging services. Both iMessage and WhatsApp, for example, allow you to send messages in encrypted form, which is a big improvement over traditional SMS text messages, which people can easily intercept and read.

While iMessage and WhatsApp are very good services, they still require you to trust the companies operating the service with your privacy. For that reason, privacy and security experts recommend you use the Signal Private Messenger app, which is available as a free download for both iPhone and Android.

Signal Private Messenger for Android

Signal Private Messenger for iOS

Without going overboard on the strengths and weaknesses of different messaging systems (more of which can be found over on the EFF Messaging Scorecard), the main advantages of Signal are:

– Encryption is end to end and your access key is not shared with the company. This means nobody but you and the person you are sending the message to can access the content.

– Signal is open source, meaning anyone can examine the code and report security issues. This is seen as the best way of maintaining a secure system. By contrast, iMessage and WhatsApp are closed source, which means we have to trust the app makers that they have spotted and fixed all known problems.

– Signal is free to download and developed by a not-for-profit company. This means they do not have the same commercial pressure as other messaging providers, which can result in providers acting in a way that runs contrary to user privacy.

– It’s a really well-made app and stands up very favourably to WhatsApp, which should make it easier for you to persuade friends and family to install the app.

6. Privacy and security boosting web browser extensions

With the Investigatory Powers Bill and Apple versus the FBI cases in the news, a lot of attention has rightly focused on government threats to your online privacy. However, as an everyday user of the internet, you should not overlook the significant role commercial organisations play in undermining online privacy through commercial surveillance.

Commercial surveillance most often takes the form of companies tracking how you use the web (what you search for, the sites you visit, the links you click on) so that they can build a detailed profile about you, which is then used for targeted advertising and even to adjust the price you see for products online.

Online tracking is a huge topic. To find out more about what tracking is and how it affects you everyday, go to the excellent Do Not Track interactive documentary.

Adjust your browser’s privacy settings

The first thing to do to take control of your online privacy is to adjust your web browser’s privacy settings and into the Do Not Track request. This was an attempt to get advertisers to respect people’s right not to be tracked online but sadly many operators have chosen to ignore user requests and carry on tracking. It’s still worth switching on Do Not Track, however, as it gives a signal of support for online privacy.

The steps for doing this will vary depending on your web browser. The EFF organisation have produced a how to guide for mot browsers.

How to Turn on Do Not Track in your browser

Installing Browser Extensions or Add Ons

Most modern browsers allow users to install extensions or add ons to the standard browser. Extensions or add ons can provide a wide range of extra features which enhance your web experience.

For example, if you are designer you can install a colour picker tool, similar to one you would find in a photo editor, which allows you to identify the precise colour of red used in a logo so that you can match colours like a pro.

In our case, we’re going to focus on extensions which give a helping hand to online security and privacy.

Every browser implements extensions slightly differently and not all of the extensions listed below will be available for every browser so you will have to experiment in order to arrive at a setup which works for you. For example, it’s possible to run extensions using the Safari browser on iPhone but not on the mobile version of the Chrome browser. If you wish to run extensions on your phone or tablet, Firefox is generally your best bet.

Setting up Extensions on Firefox

Setting up Extensions on Chrome

Setting up Extensions on Safari

HTTPS Everywhere

As the name of this  name suggests, this extension tries its best to allow you to use HTTPS on every site you visit. Often, websites offer a secure version of their website but do not make it easy for you to access it. HTTPS Everywhere does its best to select for you the secure version of the website and force other elements, including advertising networks, to at least encrypt the data they are gathering about you.

For example, as standard The Guardian website is insecure, meaning anyone sharing the same WiFi network as you could look at your browsing and see you’re reading that trashy article about pets. With HTTPS everywhere, your connection is at least partially encrypted, meaning the most someone on your network would know is you are visiting a reputable bastion of liberal news and current affairs.

HTTPS Everywhere

Ad blocking extensions

The adverts you see online are a well known source of malware/viruses and can infect your computer, even without you clicking on them. For that reason, people often choose to run an ad blocking extension in their browser.

Not only will an ad blocker stop you seeing annoying adverts when you’re online, they also make it more difficult for companies to gather information about your online browsing habits, which they sell on to other advertisers and marketers. Plus, if you’re on a smartphone, you’ll notice pages load more quickly and consume less data because more often than not it’s the adverts not the content that make up the bulk of the page.

There are lots of different ad blockers out there. Each will implement ad blocking slightly differently. Unlock Origin is growing in popularity and has received very positive feedback for its effectiveness and for not slowing down your device. Adblock Plus is probably the most popular blocker but its Acceptable Ads Programme has been a source of controversy.

Ublock Origin for Firefox

Ublock Origin for Chrome

Adblock Plus (universal website leads you to extension for your browser)

It’s worth trying out different ad blockers to see which one works for you.

Privacy Badger: a more ethical alternative to ad blocking?

Whilst online advertising presents privacy and security risks, many websites rely on the money they make from advertising to operate. Therefore, using an ad blocker can present an ethical dilemma.

Should you feel uncomfortable using a regular ad blocker, you may wish to try the Privacy Badger extension instead. This extension operates on a trust model, only blocking adverts and other trackers once it has established they are tracking you without your consent. Privacy badger allows adverts which promise to respect your right not to be tracked online.

For me personally, I am more comfortable using Privacy Badger over conventional ad blockers. Unfortunately, as of writing (Feb 2016) Privacy badger is not available for smartphones, only desktop/laptops but hopefully that will change soon.

Privacy Badger (universal website leads you to extension for your browser)

7. Use Tor to stay anonymous online

Even if you apply all the privacy and security settings listed above, your online privacy cannot be guaranteed. For example, when you visit a website, it is still possible for its operator, your internet service provider and other determined individuals/organisations could obtain a range of information about you, including:

– The Internet Protocol address you used to access the site (at home this is usually shared by everyone who uses your broadband but at work your IP address can be tied to a single machine)

– Whereabouts in the world you are accessing the internet from. For example, someone could tell that you accessed openrightsgroupbirmingingham.wordpress.com from Birmingham

– Other identifying characteristics such as the type of device you used to access the internet

Tor, or to give use its full name The Onion Router, is designed to get around these problems and stay anonymous online. The Tor project, which develops the software, is focused on helping people who need anonymity, such as human rights defenders operating in repressive countries and people with special safety requirements. For example, the high profile Everyday Sexism project recommends people use Tor to protect their identity and stay safe when reporting their experiences of sexism.

You can read find out more over on the About Tor page and by watching the video below.

To use Tor, you will need to install a separate Tor web browser, which is a super-secure version of Firefox. Please click on the link below for installation instructions.

Download Tor