Rosio Pavoris a blog

Assume people read your e-mail

With Sweden on the verge of implementing a Big Brother type program and the US’s Department of Homeland Security Blanket trying to reimplement the Total Information Awareness project under a different name (it was axed last time for being worse than Orwellian), I was going to write a post about what privacy means in the Age of the Internet, and how much of it you should expect to be allowed to have, but I can’t really put it more succinctly than assume people read your e-mail.

Big BrotherFor all intents and purposes, everything the average user does on the internet with vanilla applications (that is, an account with a regular ISP, a brower, and maybe an e-mail client) is visible to everyone who wants to look at it. This includes every single e-mail you send and receive, every website you visit, and every password you use.

If you do not have a firewall, do not even assume your computer itself belongs to you.

If you do not use [[PGP|Pretty_Good_Privacy]] (or something similar) to encrypt data, do not assume your e-mails are private. Do not use e-mail to share private information or files.

If you do not use an anonymiser of some sort (such as [[Tor|Tor_%28anonymity_network%29]]), do not assume people aren’t watching your every move.

Do not assume IM is secure. Do not assume IRC is secure. Do not assume anyone cares about your privacy. Individuals won’t, and corporations may appear to, but really, they won’t either. Safe-guarding user privacy is a costly affair, and even though security breaches cost customers, anything beyond some (very) basic measures won’t be worth their time.
For similar reasons, do not use the same password for everything. All it takes is a single company being stupid enough to store passwords in plaintext and a single security breach to compromise every single one of your accounts, even if you’re careful otherwise.

IAOYou cannot erase your tracks once they’ve been made. You can make sure they don’t lead directly to you if you take care to prepare.
If you access a website, it will be logged, and storing logs is so cheap and so handy few companies clear out their old logs. If you receive an e-mail, it will be archived indefinitely (especially if you use Gmail), attachments and all, even if you delete it.

There are ways to protect yourself, but they involve in-depth knowledge of the tools you’re using to be really safe. If you’re using tools for the wrong purposes, you may end up more vulnerable than you started.
Many people use proxies to protect their identity, for example. These people don’t understand how proxies work, or why they exist.

There is no such thing as paranoia online.

Having said all this, do I bother with it myself?
Not really.

I’m aware of my vulnerabilities, and only cover up the ones I care about the most.
I use a decent firewall, and a fairly large number of passwords. I do not handle sums of money over the internet I cannot afford to lose. When I do handle money, I make sure whatever I’m using uses a secure connection (at its most elementary, [[HTTPS]]).
Maybe that has more to do with the unreliability of Paypal than with a fear of losing my savings.

I do not encrypt my e-mail. I do not send vulnerable information over e-mail. The most private thing I e-mail people is the occasional picture of my penis, and if anyone really wants to see that, honestly, just ask and I’ll probably show it to you anyway.
Of course, a problem with encrypting e-mail is that the people you’re e-mailing need to be able to decypher it.

I do not use anonymising networks. I don’t care if people know which sites I visit. I’m not ashamed of anything I do online, and nothing I do can be used to blackmail me.
Of course, a problem with anonymising networks is that they add additional routing points between you and whatever you’re looking at, so they add lag. And they aren’t really suited for general use anyway.

Which, of course, demonstrates the problem. Increased security almost always comes at the cost of convenience.
Up to a point, it’s definitely worth it, and the point is probably different for every person. You cannot decide where it is, though, without realising how incredibly vulnerable you can be.

If I end by saying that as far as basic privacy goes (as opposed to actual identity theft), you just shouldn’t do anything you don’t want people to find out about, people will accuse me of siding with Big Brother, and they’d be right to say that, so instead, I’ll just repeat:

    Assume people read your e-mail.

Keeping that in mind is the first step to keeping (or reclaiming) your civil liberties online.

1 Comment

  1. Mai said,

    Assume people will password-guess you and read your email.

    Trust no one.

Post a Comment

RSS feed for comments on this post · TrackBack URL