As the Internet has exploded with information sharing, it has diluted the privacy that we cherish in our offline lives. Here are three apps that can help you bring privacy to your online life.
Before the information age, our views and personal lives were often enough kept behind closed doors, drawn curtains and confined to our communities. With so many relationships made digital and international, a lot of what we share today is no longer obscure. It is usually a Google search away.
Our personal lives, as we volunteer them to our friends and communities on social media, are stored and mined by corporations such as Facebook and Google. Key identifiers about us such as our email, country, purchasing habits, interests and political views etc., are packaged and sold by advertising agencies to the highest bidder.
Add to that the fact that governments around the world, in particular the U.S., are investing billions to turn the Internet into a the largest spy machine in history, and many are left to conclude that—as the saying goes—privacy is dead.
The Snowden revelations, as shocking as they have been, have left many feeling helpless and thus detached from the issue of privacy, while at the same time angering many activists and IT developers—a feeling reflected in a growing wave of consumer products focused particularly on giving users control over their online presence.
The following three companies offer password and identity manager apps that are as easy to use as any piece of software. They each go a long way toward giving you a level of privacy closer to that of your own home, with the benefits of the internet's global reach.
LastPass
LastPass (LP) is a leading password manager in the industry, accompanied by 1password, and open-source tech such as KeePass, Mitro, or other non-cloud-based login credential vaults.
LP lets you manage your online identities with a minimal amount of clicks and incredible control. You can create any number of login credentials for a site like Twitter, for example, log out and quickly log back in without having to juggle or remember passwords.
As a security tool kit, it lets you generate random passwords that are up to 100 characters long with a minimum of two clicks, which is very impressive and can make the good old-fashioned brute-force attacks statistically impossible. I've found most websites can handle a 30 to 40-character random password and not complain. This easily allows users of LastPass to be far above the average six-character password, which according to LP takes just three minutes to crack.
They support multi-factor authentication with a basket of third parties, most notably the hardware-based 2FA YubiKey and software solutions such as Authy.
LP also claims to encrypt all your information locally, similar to Blockchain.info and other Bitcoin wallet services, meaning that they never see your master passphrase. They can help you regain access to your account if you've lost your passphrase, however, only if you've installed the browser plugin on a computer and logged in. They do this through the use of one-time passwords.
LastPass is free to use on desktops and costs an unbelievable US$12 a year for mobile, which lets you sync your encrypted passwords and identities to its cloud storage. You can also access your data offline for free by downloading it, and they have very responsive customer service.
LP has plenty of stamps of approval from the IT industry, including support from Steve Gibson—IT expert and host of the show Security Now—who has stood behind LP even after the Snowden leaks.
Kristov Atlas, founder of the Open Bitcoin Privacy Project, said to Cointelegraph about LP: “I use it and have worked for organizations that use it because it works well.”
Red flags worth considering for the protection of more delicate information are that it is closed source, which is debatable security wise. The company’s headquarters are also based out of Fairfax, VA, which is very close to Washington DC. In other words, its are vulnerable to political attacks, such as receiving a subpoena from the NSA with a gag order attached. They wrote a blog post about their official stance on keeping customer information secure.
What does this have to do with privacy or its sibling anonymity? Well, LastPass's identity management and ease of use lets you go from Clark Kent to Superman with two clicks. No need to find a phone booth or wear red underwear and a rubber suit underneath your business casual.
Oh yeah, and they'll be accepting Bitcoin soon.
Blur
Blur, also known as “abine,” is a very active privacy company that has been delivering free and premium products to the mainstream for years.
“Your Email Address is your Internet ID And tracking companies would love to get their hands on it.” —Blur
Masked emails, one of their free and most useful features, lets you randomly generate email addresses that you can offer to websites when they ask. These emails can then be blocked or unblocked independently, making them very useful for spam control and protecting your privacy, since they won't have some key identifying gibberish such as '[email protected],' nor do they have to be reused.
Another one of their free services is a tracking blocker. Tracking is what advertisers love to do so that they can target ads to you. They drop what are most simply referred to as cookies on your computer, which follow you and gather data about you such as which websites you visit, your IP address, your internet usage patterns, etc. This is one way they manage to piece together a profile of you and sell it to the highest bidder.
Blur’s tracking control lets you block cookies from all websites, but also lets you choose which websites to reject cookies from. If there’s a company you trust with your personal data, you can easily unblock it.
On top of all that, they also offer premium services to mask your credit card credentials and phone numbers and let you sync all your data to the cloud, though these come with a price tag of US$2 to US$4 per month.
One of Blur’s most recent services is called DeleteMe, which it says removes “your public profile from leading data sites,” including “contact, personal, and social information, photos of you, your family, and your home.”
While Blur places itself between you and advertisers or spies, it is also true that it holds onto a significant amount of information about you as you become its customer. Though unlike other websites, the company does not profit from your privacy so claims to only store information which is absolutely needed in order to offer you these services.
Blur is also based out of the U.S., so is equally vulnerable as LastPass to a political attack. They claim to be willing to resist, unless they receive a valid court order, which according to them is a much higher standard than the usual legal wording of “as permitted by law.” Nevertheless, it is worth keeping in mind.
Cryptostorm
Last but not least, you need to mask your IP address with a good VPN (virtual privacy network). If you use email address as your ID, your IP address is the Internet equivalent of your home's address. Without your IP, information cannot reach you when you surf the web. Thus, it is excellent at revealing where you are and what you are up to online.
VPNs have evolved to hide your IP, letting you browse the web from any location worldwide, doing away with the lines on the map that governments and wars have painted, usually with the blood of thousands of people.
Though IP protection is one of the main features they are known for, they can do much more. I recently covered the VPN service Cryptostorm, whose innovations use blockchain tech in a variety of ways.
I suggest using Cryptostorm for a variety of reasons, including:
- Acceptance of Bitcoin
- Native access to Tor, I2P and Namecoin.bit domains, without installing anything extra
- Data encryption through their VPN tunnel as it reaches you
- Assurance that your Internet traffic is not being snooped on by men in the middle who have tapped the Internet lines, even when encrypted
- No cap on bandwidth, which means you can download anything fast while keeping your privacy
- No logging of your IP, really
- No personal information required to sign up (just give them a throwaway email if you want)
- Easy to set up
They charge an amazing US$4 per month or less, and they have a free VPN service with limited bandwidth, which is just as good in every other way and you can use it on your mobile phone or anywhere else.
You'll know it works when Google feeds you ads in German.
Privacy Is a Human Need
Privacy is as natural and common to the human experience as eating or bathing. We use clothing (usually) and close and lock our doors at night, or put blinds over our windows. We don't go around telling everyone where we live, what our credit card number and address are, or every detail of our curiosity and thought processes—well, except when we go online. It’s time to extend our natural desire for privacy to the world we increasingly inhabit and depend on—the internet.
While the war over our privacy is not over yet, we are certainly putting up a fight. Privacy is far from dead.
[Disclaimer: I am not a security expert. These are suggestions that I believe to be good enough for everyday privacy and peace of mind. I judged these methods of privacy management based on my own experiences and on public disclosures of what the technologies do, rather than on an analysis of their software code or hardware. As always, do your own research.]