jenvalentino

I think it's important to consider something called a "threat model." In other words, you need to determine what kind of surveillance worries you, and what type of surveillance you're most likely to see. The following recommendations go from easiest to more difficult.

• For many people, protection against their threat model will just mean that they want to make sure tracking companies don't have information about them that could be used to influence the deals and offers they get. THAT mostly requires deleting cookies and using tools like Disconnect and Ghostery.

• The next step is to make sure you are using a more secure network on the Web as frequently as possible. A browser add-on called HTTPS Everywhere will help you do that.

• Other people might want to protect their Web browsing further and really be anonymized as much as they can. That requires something called Tor.

• Then beyond that, you can use encryption. I find that a great introductory encryption tool is something called CryptoCat. That allows you to conduct encrypted chats and have cat emoticons. This is a good way to ease yourself into understanding that you can, indeed, use this sort of thing.

• Beyond even that, you can check out Adium and Pidgin and something called OTR (off the record) chat. There is an IM server, jabber.ccc.de, that is quite good about not logging, etc. I suggest Googling those things.

• A hacker called The Grugq, who is good at this stuff, recommends using Pidgin and OTR over Tor and creating multiple jabber.ccc.de addresses. He also recommends CryptoCat used over Tor.

• And you can use PGP ("pretty good privacy") encryption for email and other things. I wrote up some instructions on it on my personal blog, but it's a little out-of-date. Could be helpful, though.

But all that said, if you are really in danger, be careful about relying on any of these things. There was a huge brouhaha over CryptoCat, for example, and whether it was safe enough for dissidents to use. The creators of that really do warn people whose lives are in danger, for example during the Arab Spring, that they should be careful about anything.

If someone is really after you, well, that's probably beyond a Reddit thread.

But anyway, that gives you an idea of threat modeling and the depths to which you can go.

(Edited to add further information about CryptoCat and OTR chat, as well as to link to The Grugq's Twitter feed, which I might regret.)

One of my favorite questions!

One response is that you might have more to hide than you think, and you might not even know right now that it's something you want to hide.

Right now, people tend to talk about surveillance as a terrorism-fighting tool. So often, the public supports it, because nobody wants terrorist attacks except the terrorists. I don't want bombs going off either.

But what if the surveillance turns to target ... say ... people with Communist leanings? Or people of some other political persuasion deemed to be dangerous. We did have that whole "Red Scare" thing.

One of my colleagues, Geoff Fowler, wrote a story about some students who joined a LGBT choir at college. The choir administrator signed them up for the Facebook group, and a notice went out to their families without their approval. It created a terrible situation for them. So ... did they have something to hide? Yes and no.

Another response is that, well, this could be exactly what the framers of our Constitution had in mind when they included the Fourth Amendment.

The Fourth Amendment was intended to address things called "general warrants," in which law enforcement could just go through people's houses looking for contraband. Of course, if you were innocent and had nothing to hide, maybe it was just an inconvenience.

But is that really the society you want to live in? Certainly earlier in our history, important people didn't think so.

It depends on who you are and what you mean by "watching."

But I'll just tackle this broadly.

Your data can be gathered with incredible ease. For the most part, the folks doing this are the companies that are providing you the services. Google, for example, sifts through Gmail to show you ads. As you know, the phone companies can get a lot of information about the "metadata" from your calls.

Depending on the type of data and who is gathering it, some of it gets sent to companies called data brokers. These guys (Acxiom, for example, or Lexis Nexis) store a lot of data about you from private sources as well as public databases, like court and real estate records.

Right now, in terms of corporate tracking, this is done mostly to show advertising. But it's also done to identify good customers and tell marketers about who desirable customers are.

I myself like getting targeted ads. The concern comes if companies are doing this to alter prices, especially for sensitive categories such as insurance. My fellow reporters and I had a story about this type of thing in December.

As for government tracking, law enforcement has the ability to track people pursuant to several authorities.

To get content (what you're actually saying), they get a Title III wiretap warrant, which requires probable cause as well as minimization of extraneous content and other things.

Law enforcement also can get things like email metadata pursuant to a lesser court order, which requires going before a judge and showing "specific and articulable facts."

The lowest type of court order, called a "pen register trap and trace" order, provides things like phone metadata. For that, investigators just have to show that it's relevant to an ongoing investigation. They aren't supposed to use that authority to track your location going forward, though, even though location is now also found in phone metadata.

And then there are other countries and so forth, but that isn't my area of expertise.

I might end up giving this answer a lot. But I think transparency is the key first step.

We can't, as a society, decide if we agree with something if we don't even know what that "something" is.

A couple senators on the Intelligence committee have been saying for some time, rather loudly, that there is a "secret interpretation of the law" that should worry us all. Turns out that secret legal interpretation is what allows this massive gathering of phone record information and so forth.

Those senators had been asking to have the legal reasoning be declassified, but they weren't able to effect that change.

To me, if you can't even declassify the way our own laws are being interpreted, that's a huge question for our system. That's not about protecting troop movements or activities. It's about whether we as citizens get to know what the law says.

Point taken. Thanks.

I'm not recommending security tools for dissidents, nor am I saying this is what I would use for confidential sources. I'm sorry if it came off that way. The OP seemed to be asking for some very basic recommendations and an introduction.

I'm recommending to everyone how they might learn more about this, and saying that dissidents, sources and people in danger should be more careful than that.

I think broad use of similar tools is, in fact, important in increasing a general understanding of security. The more people who use them, the more of a signal it sends that people are interested in their privacy and have an expectation of privacy.

Thanks for prompting me to clarify that. Seriously.

If somebody wants to ask a question about security for journalists or dissidents, I'm happy to get into that. I think it's very important. It's just not the audience I was targeting with my initial response.

Also, I don't work for the Washington Post. I'm not sure why people think I do.

And when I use ROT 13, I make sure to use it twice!