secure your communications

 

This is a quick translation (my own) of some of the information I mentioned in my previous post regarding  #unplugtrump and withdrawing as much support and dependency as possible from big tech oligarchs.

My main source is a private blog by Stefan, in German (https://blog.unkreativ.net/secure-your-communications/). 

Even if it seems tedious, take a look at what technology you use and who you give what data to. Also think about security and damage. Here's a brief summary: Threema instead of Whatsapp, Bluesky instead of Twitter, Vero instead of Instagram, your own blog instead of Facebook, don't use a cloud solution from Google or Microsoft. And when was the last time you made a backup?

More detailed: Why should I protect myself?

Many people believe that nothing can happen to them and that they have nothing to hide. Both opinions are fundamentally wrong. You are a popular target for digital blackmail (ransomware) as well as for access to your private data for commercial purposes. But your access data is also highly coveted, e.g. to send spam via your accounts. State actors are also increasingly interested in your data.

Basically, privacy is on the retreat everywhere on the planet. This affects the real world with increasing video and audio surveillance just as much as the digital world. You need to realise that even if you don't notice it, you are being spied on in many ways every day.

And very, very importantly: there is no such thing as a free lunch: services that appear to be ‘free’ at first glance will cost you. Because you are the ‘product’ and the money comes with your data. Beyond open source software, you should therefore live by the principle that software worth using is also worth paying for.

One of the biggest problems is that most of the services you use come from the US. In case of doubt or negligence, they don't care about EU law or even German law. Your data is often analysed in a non-transparent way and, especially with social networks, the operators not only determine what you see, but also what you are allowed to talk about.

Web services
Facebook, Google and Co

I probably don't need to explain to you why it's not smart to be on Facebook. Especially not now that Zuck has kissed Trump's ring. Big platforms like Facebook thrive on analysing every millimetre of your life. This also applies to Google, of course. Such providers lure you in with supposedly free offers and then have an interest in ‘locking you in’:

The idea behind this is that you shouldn't have to surf through different websites, but get all your information in one central location. The problem with this is that a company, or even a CEO, essentially determines what you read and listen to.

There are two major components to using Facebook and the like: Firstly, the providers take away all your privacy. Secondly, they also control what you think and how you feel.

This is no joke, because not only are there scandals like the one involving Cambridge Analytica, but there are also studies that show that the feeds that algorithms show you can affect your mood. In other words. Facebook can influence you positively or negatively.

In the process, your data is sold. Behind this is almost always ‘advertising’ and this goes so far that you are categorised into thousands of super precise groups in order to advertise to you in the most targeted way possible. The advertising industry, I kid you not, assumes that you even think it's cool to read as many adverts as possible, as accurately as possible. 

E-mail

Email is another of these things. Email has to be easy to use, and generally free. So isn't it great that Google has GMail. Or Microsoft gives us Outlook?

But remember: if it costs nothing, you are the product. Google analyses your emails for advertising. Microsoft goes one step further and uses Outlook to obtain your access data for e-mail accounts that are not held by Microsoft itself. I can't understand how people allow themselves to be analysed in this way. But there are ways to do something about it.

You should never send unencrypted emails. I don't mean the transport between your computer and the email server, but the content itself. You must realise that even if the transport route is encrypted, anyone can access the content of your emails. This can be fully automated and doesn't even have to have ‘evil’ intentions, it can just be about advertising.

However, you must also realise that there is no way to consider e-mail itself to be secure. In particular, the fields that show the sender's e-mail address or the sender's name can be falsified at will.

Email signature

PGP (Pretty Good Privacy) / OpenPG offers the option of digitally signing e-mails. This allows you to verify that the sender is the person they claim to be. This is increasingly important because attacks on you are becoming more and more sophisticated and it is becoming increasingly difficult to protect yourself against them. Signing an e-mail is an important building block here, which leads to considerably more security. It also means that the email remains unchanged and you can be sure that the email has the content that the sender intended. As anyone with access to email servers can read your emails, anyone can also change them. The digital signature protects against this.

Email client

One way to avoid being completely tracked down is not to use webmailers, whether on a website or, for example, the new Outlook. The latter looks like an application, but is essentially just a webmailer in disguise. (there are apps for browsers like Firefox that filter out and block webmailer searches, e.g. https://duckduckgo.com/email/)

Instant Messengers

Far too many of you are still using WhatsApp, which comes from META (Facebook). And no matter what you say and think, you can trust Zuck only as far as you can throw a piano.

Most people's excuse is that there are so many other people on there. But you and your friends might have to consider whether you should really use technologies that are potentially dangerous purely out of peer pressure.

I cannot judge whether META keeps its promise that WhatsApp messages are effectively encrypted. But you have to assume that META analyses the associated data, the metadata. In other words, who is communicating with whom and when. This alone tells them a lot about people.

Social Media

It's no secret that social media is a problem.

YouTube: Here, all your data belongs to Google, which also bombards you with loads of adverts. The videos you watch reveal who you are. The suggested videos then want to influence your political orientation or your emotions.

Instagram, Facebook, Workplace: Here your data belongs to Facebook, essentially the same applies as for YouTube. A rapid decline in values can currently be seen since Trump took power again. The parent company META decides what you see, how you feel and, above all, what you are allowed to say / write. 

Twitter / X: Here your data belongs to Elon Musk, who can now be safely labelled a right-wing extremist. He decides what you are allowed to say / write.

There have been promising alternatives to Twitter for some time now. Probably the most recommendable is BlueSky, which is currently growing rapidly. There are several things here that are worth mentioning. One of these is that it is open to the connection with other networks (Fediverse). In a nutshell, this also means that if Musk decides to buy it, you can simply move all your data and followers over to another alternative.

Adblocker

Advertising is a huge problem on the internet. Not only because ads try to target you as precisely as possible with the data you leave behind on Facebook and Google. But also because advertising costs you a lot of money in the form of data and electricity consumption.

And what many people don't realise, ads can also contain malicious code to take over your PC, encrypt your data and blackmail you.

Browser

Many browsers today function on the technical basis of a browser core from Google (Chrome / Chromium). And yes, of course Google collects your data. But Google goes one step further and now makes it almost impossible for ad blockers to protect you from adverts. Of course, Google earns money from advertising. A lot of money.

A good alternative is Firefox, which, like Thunderbird, is developed by the non-profit Mozilla Foundation. Here, too, not all that glitters is gold. But when it comes to privacy, Firefox is currently way ahead because the browser also uses technologies to slow down Facebook's snooping mania, for example.

However, you also need to follow a few rules. This includes, for example, configuring your browser so that it deletes cookies every time you close it. Browsers collect vast amounts of your data locally to make surfing more convenient and to target you more efficiently.

Passwords and password safe, 2FA

Basically, you should use your own passwords (plural!) for every service, every website and simply everything you use. There are relatively secure solutions such as Keepass or Vaultwarden to help you manage this. These solutions also come with plug-ins for Firefox, so they can automate logging in to websites. And remember, always delete cookies before you log off.

Please, please, please switch on 2FA (two-factor authentication) wherever possible. Whether by app, SMS, email or otherwise. A second factor increases security immensely, because knowing the password alone is simply not enough. 

Cloud

When using cloud services, you must always remember one thing: Cloud only means that your data is stored on someone else's computer. If you use Onedrive, your data is stored with Microsoft. With iCloud it's with Apple, with Google Drive, you guessed it, Google has it. And so on. As a rule, and Apple is a notable exception here in many cases, the data is not encrypted, which means it's free for whoever wants it.

This means that companies can analyse your data however they like. Some even simply scan everything ‘to prevent criminal offences’. If the companies believe that you have broken the law (and mind you, US law), in the worst case scenario your account will be closed - you will lose access to all your data and there is usually no legal recourse unless you want to file a lawsuit in the US. You may even lose access to your computer.

Updates:

It is extremely important that you keep your software up to date. This applies to Windows, Linux and iOS as well as to the programmes you use. As there is still no serious liability for software errors today, software almost always has security vulnerabilities. These are dealt with in updates, so check often enough to see if there are any. At least once a week.

Backup & recovery

For heaven's sake, make backups of your systems and, above all, test the recovery.

This means a backup of your entire system, preferably before you install new software or updates, and very regular backups of your data. The devices on which the backups are stored should not be connected / switched on unless you absolutely need them.

Most importantly, make yourself independent of META, Microsoft and Google. There are alternatives for everything, locally, nationwide, worldwide. Check with local IT geeks, friends, groups, forums and more.