It's been a while since part 8 of this series on how I've improved protection of my privacy in the face of massive human rights violations against my freedom and privacy by a number of security organizations around the world as revealed by Edward Snowden. I've said good bye to public instant messaging providers and have installed my own server for family internal communication together with secure end to end encryption. Certificate Patrol in the browser protects me of rogue SSL certificates, I've installed GnuPG for email encryption but found it unusable in practice, I've become a regular user of TOR, my browser automatically deletes cookies when I exit it and most importantly, Owncloud keeps my files, calendar and address book in my own domain. For details on all those things click on the "Privacy" link at the end of this post to see the previoius parts of this series. Despite all of this, however, I still feel there are a number of open flanks that still need to be addressed:
- eMail: As a means of communication, email is completely broken and even encrypting the content will not make this form of communication secure. This is because there always needs to be a server somewhere in the Internet to store and forward messages and even if the content is encrypted, the subject, sender and receiver are not. So apart of encryption the only think that could at least make communication between my family members secure and private is to host my own email server at home and have all devices receive and send email via that server at home. This way at least the email and content we send between each other would be secure as that would never end up on an external server.
- My RSS aggregator leaves trails: Not mentioned above is Selfoss, my self hosted RSS aggregator that I installed after Google decided to shut down its Reader cloud service. It's been a tremendous enabler so I'm quite happy Google shut down the only service apart from search that I used to use from them. One thing I'd really like to do when I have a bit of time is to TORify all aggregator web requests to keep information about which web sites I read private. That might be a bit on the paranoid side it's really nobody's business which web sites I'm interested in. Period.
- Voice and Video calling: I still have to find a good replacement for Skype for communication between family members as a central server farm controlled by Microsoft knows about every call and every message I send over the Skype client. This is probably the most pressing issue that I have to address in the near future.
- Metadata: One thing I can do little about is the metadata my communication creates. Phone companies record who calls me and whom I call, anyone observing my IP packets knows what websites I'm interested in, which bank I am a customer of, etc. etc.
While I can still close a number of holes in my privacy armor, especially the meta data issue clearly shows that raising the shields is just treating the symptoms but is definitely not a cure for secret service agencies in many countries trampling on our human rights of freedom and privacy by collecting all data they can get hold of. I recently heard a pretty interesting analogy: Security agencies are like the immune system of the body, which detects and protects us from harm attacking our body. Without an immune system the body would not survive. But then there are autoimmune diseases where the immune system attacks the body which is ultimately fatal. And that's what just happening right now and we have to do everything to ensure that security agencies act as a proper immune system and not like an autoimmune disease. In other words, treating the symptoms by raising the shields is not enough, it's very important to treat the illness as well.