Yesterday’s cryptoparty was fascinating in so many ways. A two hour-ish session took us through online privacy issues, behaviours and tools.
Particularly useful was an interactive diagram from the Electronic Frontier Foundation, which campaigns for internet freedom, showing who can see what you are doing with your web browser – from a hacker sitting in the same coffee shop, to your ISP, the hosts of the website you are using and government agencies tapping into the internet backbone (as the NSA and GCHQ in the UK have been doing) or contacting the ISP or website for their records.
Click on the image below to try it for yourself.
I knew some of this previously, but this diagram is really helpful in clarifying the situation. You can see who see how of your online activity is blocked by using a secure plug in (the HTTPS Everywhere extension for Chrome and Firefox browsers will do this) or a super-secure browser like TOR (which encrypts and hides users’ location, identity and web use). Fro the most part, the former blocks people seeing who you are and your data, the latter almost everything except your location and the fact that you are using TOR.
On the last point, using TOR presents what my colleague Jason Ryan calls “the cryptographer’s dilemma”. While it means you have a huge amount of privacy online, it also holds up a metaphorical sign saying “I am doing secret things! Over here, mass surveillance agency – me! Me!”.
Recommendations for using TOR for people like activists or journalists who need to keep their online activity away from prying eyes include:
- Don’t use it too often
- Don’t use it at home
- Don’t upload files on it
- Don’t log in to your email
There are more in an exhaustive – and, frankly, exhausting – list called Want TOR to really work?.
Online privacy and mass surveillance are very complex issues, as are the solutions. I’m very grateful to Chris Pinchen and his cryptoparty friends for helping me to begin to think these issues and ideas through.