Skip to main content

3 Steps to Curb What the Government Knows About You

SAN FRANCISCO — There are three simple steps you can take to limit what Google, the National Security Agency and other data-collecting entities can learn about you, computer-networking expert Lisa Lorenzin explained at the BSides SF hacker conference here yesterday (April 19).

"They're easy to do," Lorenzin said. "They don't make your life complicated. Anyone can turn them on."

MORE: Can You Hide Anything from the NSA?

The first, she said, is to use HTTPS Everywhere, a free browser plug-in from the Electronic Frontier Foundation that creates encrypted connections to any website that allows them. It runs in Google Chrome, Mozilla Firefox (including Firefox for Android) and Opera.

The second, Lorenzin explained, is to use the privacy-enhancing DuckDuckGo search engine instead of Google's search engine.

"Stop giving Google this information," she said. "If you're not adding your data to their vast stores of collected information, then the government can't be getting it from them."

Users can't be sure that DuckDuckGo won't comply with a government request for information, Lorenzin said, but the company does state that it doesn't keep logs of user searches, which is a start.

The third step is to use private-browsing mode.

"Every major browser has the option of incognito mode or private-browsing mode," she said. "This isn't going to protect you from someone watching you make these requests [online], but ... it's going to stop some of this information from being tied together in these databases."

There are other steps that more technically minded Internet users can take, Lorenzin explained, ranging from using end-to-end-encrypted chat services such as Cryptocat to running your own email server, but the three first steps are something everyone should do, she said.

"How much you can do depends on how far you're willing to go," Lorenzin said. "These three things cost nothing. They're not hard. Just do it."

Lorenzin also said that everything any individual could do, whether easy or complicated, would address only bulk data collection, such as what the National Security Agency gets from intercepting search queries passing through overseas servers, or what the FBI gets after it presents an Internet service provider with a search order.

Targeted surveillance against predetermined individuals or organizations, in which the FBI or NSA will use hacker tools and tricks to gather data, are much more difficult to defend against.

"I want to make very, very clear that I am not talking about removing yourself from targeted surveillance," she said. "Quite frankly, if they're targeting you, then you're f---ed."

But, Lorenzin explained, trying to limit the amount of data available about yourself makes things less easy for the organizations mining the traffic sent across the Internet every day.

"I'm not trying to find a perfect solution," she said. "I'm just trying to get better."

Paul Wagenseil is a senior editor at Tom's Guide focused on security and gaming. Follow him at @snd_wagenseilFollow Tom's Guide at @tomsguide, on Facebook and on Google+.

  • sam_p_lay
    Worth mentioning that (at least in Chrome), two of her recommendations conflict. Using incognito mode will by default prevent extensions (such as HTTPS Everywhere, or Adblock Plus, which you should also use) from running. Be sure to set these to run in incognito mode at chrome://extensions.
    Reply
  • Josh Mahurin
    I keep seeing duckduckgo mentioned but never startpage. Is there some flaw in startpage or advantage of duckduckgo that I'm missing?
    Reply
  • wilsonterm
    @Jush No, nothing wrong with startpage.com, it's just not as popular as DDG -- even though it exists quite a bit longer! (Same with messenger apps, btw: Threema exists longer than Telegram, but the latter gets all the fame.)
    Reply
  • Inspira
    Wow these are terrible.
    1. Just use https://
    2. DDG search results are terrible.
    3. What? Incognito mode is basically "don't remember history on this computer while I'm incognito".

    I have a better idea. Just one step:
    1. Stop using the Internet.
    Reply
  • doublecheck
    @wilsonterm You are right. I would love to see more people using Threema. Well at least people are using some sort encrypted messengers.
    Reply