“But I’ve got nothing to hide!”
This is the usual response I hear in response to how extensively governments and private companies track our online activity.
In that case, “Great! Let me read your messages to your partner. And scroll through all of your photos.”
“I see here in your location history you went to the chemist on Thursday – what was that for? Actually, don’t worry, I can see your browsing history. Forget the photos, but maybe you should chat to your partner”.
Sure, it’s a hyped-up scenario, but it’s entirely achievable once data is leaked.
At the risk of becoming one of those “tinfoil hat” types, every day I worry more and more about the issues of personal security and privacy. It’s not that you should never share any personal details or photos online, but that it should be your choice to do so. ad trackers, mandatory data retention, facial recognition and who knows what else!
In a world where data retention is mandatory and online privacy is up for sale, alongside unprecedented access to technology, it’s easy to feel that privacy is a luxury and that data attacks are inevitable. The thing is, there are steps that can be taken. They just require a bit of know-how.
So, what’s at risk and how can you mitigate that risk?
Messages you send via SMS aren’t nearly as secure as you think they are. You should be using apps that offer end-to-end encryption if you don’t want anybody to read them, which encrypts the message you’ve sent on your device and can only be decrypted by the receiver.
Apps such as iMessage, Signal and WhatsApp are the most popular apps that support end-to-end encryption. A word of warning though: WhatsApp is owned by a company that earns a lot of money harvesting your personal information.
In the aftermath of the recent London attack, UK Home Secretary Amber Rudd called for tech companies to allow a backdoor into encrypted chats so they can monitor the messages of suspected terrorists. Sounds fantastic, until you consider that the same encryption which protects messaging also protects your bank accounts and a whole host of other data online, both for you and the rest of the world. If one is compromised, they’re all compromised.
When a mobile’s security is compromised, the owner becomes much more vulnerable because of the myriad of ways a mobile is tracking movement.
Every time your phone connects to a new tower (which happens as you walk or drive around), your location can easily be tracked by your carrier. If you don’t believe me, take a look at the ABC’s Will Ockenden’s reporting on what he discovered from his own metadata.
Without a tonne of burner phones and SIM cards, this is basically impossible to avoid, but the two steps I would personally take to minimise having your physical location tracked are:
What the hell is a MAC address? Think of a MAC address as a unique code for your phone. When your phone looks for nearby Wi-Fi networks so you can upload your latest photo of poached eggs and smashed avo, it needs to transmit this code, meaning all nearby hotspots can see it. Modern phones try to send fake MAC addresses so your specific device can’t be tracked by Wi-Fi networks you aren’t connected to, and Android doesn’t do this very well.
In the US, law enforcement agencies commonly use a device called a Stingray which pretends to be a phone tower so your device will connect to it, but really it just eavesdrops on your calls and SMS messages.
This one is basically a lost cause, but let’s take a quick look anyway.
Facial recognition is now so advanced, that even if you don’t have a Facebook account you can be sure they would have the capability to easily find you in the billions of photos posted to their servers over the last 10+ years. You would have been photographed in the background of countless images other users have posted to Facebook and Instagram over the years.
In fact, there’s currently a class action lawsuit against Facebook about this, which may allow us to learn more about their capabilities.
This is a tough one though: being paranoid about never being photographed by other people on the street is pretty much impossible, but may earn you a restraining order if you try.
Did you know that Australian ISPs are legally obliged to track every single web site you visit for up to two years? Luckily though this is only the metadata for the sites you visit, and not the content of the page. Remember Attorney-General George Brandis’s absolute car crash of an interview where he couldn’t quite define ‘metadata’?
So in other words, the Australian government is tracking everything you visit, although big companies such as Google and Facebook know pretty much everything about us, our browsing habits and about what we search for. To help combat this, my default search engine is DuckDuckGo, not Google. It doesn’t keep a record of what you search for, and they take your privacy seriously.
Everybody knows by now you should use a VPN if you’re going to pirate the latest episode of Game of Thrones, but in reality, using a VPN is often cumbersome, and slows down your connection.
Here’s the long and short of it: Use HTTPS whenever you can. Government data retention can “only” track the IP address you connected to. They cannot see the specific page you visited on a given site if it uses HTTPS.
On top of that, the Government is currently considering allowing the use of your browsing history for civil lawsuits, meaning – theoretically – if you were being sued for pirating said episodes of Game of Thrones, your browsing history may be used as evidence against you.
Ok, so we’ve already established that mobile carriers know a lot about us: they can see which web sites we visit, they can listen in on our phone calls, and they know where we are. That particular horse has bolted, but wait, there’s more!
As if we’re not already being tracked enough, we’re now voluntarily putting microphones in our own houses that transmit and store everything we say.
While home voice assistants such as Google Home and Amazon Echo do have privacy measures in place (they don’t transmit what you say until they hear the activation word), just be aware that they’re becoming more and more prevalent, and there’s a good chance you’re being recorded in the privacy of you or your friends’ homes.
In fact, Amazon has recently handed over Echo recordings to police in the U.S. to help them solve a murder case. Yes, it was with the permission of the owner of those recordings, but is storing the recordings in the first place really necessary?
It’s going to be extremely difficult to never be tracked, but hopefully you’re now aware of at least some ways to protect yourself online. If you’re interested in some of the work being done to protect your rights online (and by extension, the real world), I highly recommend following the work of Electronic Frontiers Australia and Electronic Frontier Foundation.