Defence Against the Dark Arts, Lesson 2: self-defence made simple.

This week, a request: do a bit of your own Defence Against the Dark Arts.

I am going to tell you how. I promise it will be very easy, quite painless and it will make you less traceable across the internet. It is going to make it that much harder for anyone out there to target you, be it with mass surveillance or advertising.

Defying mass surveillance seems difficult, I know. So difficult, in fact, that many people seem to believe that there is so little they can do about it that they refuse to think about it much at all. But if we all do just a tiny little bit, for example by resetting our own little part of the web, then together we can make an impact.

This is one such tiny little bit and I entreat, beg, implore you to do it.

I have tried out and compiled a number of small but effective steps that anyone – even least tech-savvy person out there (like myself) – can take. I live prove of that.

You do not even have to read this blog post. If you trust me (which you should do no more than any other semi-familiar entity on the web), you can just read the bits that are bold and in italics, follow the links and do what they prompt you to do.

Of course I’d prefer if you read the whole post as it explains what the tools I am asking you to use are good for. But if you want to skip ahead, that’s fine – just do me, and yourselves, this one small favour: take these steps. Take them now.


A few words on tracking

Most of us know this already:

It’s hardly a secret that Amazon, Facebook and Google monitor what their users do online and show them targeted ads based on that data… tracking is pervasive now, and the data is often put into detailed profiles that can also include information from public records and other sources like cash registers at physical stores.

Facebook, “has more than 200 “trackers” watching our internet activity”.


Every time you use a regular search engine, your search data is recorded. Major search engines….make a record of your search terms, the time of your visit, and the links you choose – then they store that information in a giant database.

Note that

Those searches reveal a shocking amount of personal information about you, such as your interests, family circumstances, political leanings, medical conditions, and more.

I am sure most of us have been spooked at some point in their lives online by some targeted ad or other, wondering how the internet knows what we might be interested in (sometimes even before we know it). Well, this is how.

Here is more information on how exactly tracking works.

And while we’re on the subject, can I just remind everyone that the NSA infiltrated Google’s (and others’) data centres? Glenn Greenwald in his Book No Place To Hide describes once again how the NSA stores exactly the same data that search engines get from our searches – and that it uses that data, not just against terrorists.

Fortunately, there is something everyone can do – very easily – to avoid this invasion into their privacy.

Here are three easy ways of doing this. Try them now.


Stop using Google search

Google search by far isn’t the only useful search engine out there. You can use an alternative search engine that doesn’t track you.

Personally, I used DuckDuckGo and then changed to Ixquick (aka Startpage). Ixquick searches Google for you, without telling Google that you are the one making the search request:

“When you submit a search, Startpage submits the search to Google and returns the results to you. All Google sees is a large amount of searches coming from Startpage’s servers – they can’t tie any searches to you or track your searches.”

Unlike Google,

Startpage discards all personally identifiable information. Like DuckDuckGo, Startpage doesn’t use cookies, it immediately discards IP addresses, and it doesn’t keep a record of searches performed.

So you get the benefits of Google (except for those based on tracking, of course) without having to use Google directly.

Obviously, it will not give you the kinds of targeted search results you get from Google (pre-filtered according to all the miscellaneous information Google et al have collected about you in the past) but I would argue that this is a small price worth paying.

After all, it seems that in an age of pervasive government surveillance, it may be convenience rather than curiosity that kills cats.

Here are two other reasons why I think Ixquick/Startpage is great:

Unlike DuckDuckGo, it offers an image and video search and all communication is routed through an HTTPS-protected connection.

Here is exactly what Startpage does.


HTTPS everywhere!

In my post on 27th April, I discussed why I think it is a good idea to roll out HTTPS widely across the internet.

Most importantly:

widespread SSL/TSL would make mass surveillance a lot more difficult and “too expensive for the NSA to spy on everyone.

Unfortunately, not all websites support HTTPS, and if they do, they sometimes “make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The bad news is, there is little you can do if a website does not support HTTPS.

Fortunately, the good news is that if websites do support HTTPS but are making it difficult, there is a simple solution to this. It’s called HTTPS Everywhere and you can find it here.

This is a browser ad-on you can easily download and install (you can trust the Electronic Frontier Foundation, they are actively fighting NSA spying.

The add-on will route “all your data through a secure connection on any of its 1,400 supported web sites, keeping your information safe and away from prying eyes—in short, it’s an extension everyone should have installed”.

As not all websites support HTTPS, this obviously isn’t a perfect solution or silver bullet (yet) but it is a good start. Once you’ve got it, it does what it can for you to make your connections more secure. I agree that “is a must-have regardless of what other security tools you opt to use.


Ghostery – find out who is tracking you and stop them

Ghostery has to be my favourite new toy – if only because of the little smiley blue ghost that now beams at me from the top-hand right corner of my browser in a reassuring way. “Don’t worry,” its smile seems to be saying, “I’ll protect you from the Dementors.”

Here is what that little wraith can do:

Ghostery blocks tracking cookies and scripts from running by default. It’ll also show you what it’s blocked, so you can see whether the items it’s blocked are harmless or intrusive.

Again, it’s very easy to install and then use – just make sure you opt out of their GhostRank feature!

Alternatively, the add-on of choice for most savvy people now seems to be Disconnect.


Everybody grab a bucket – let’s put the fire out!

So you see, these are three steps that you can very easily implement to make your communications more secure and to make life a bit harder for the Voldemorts, Dementors and Death Eaters of the internet.

I cannot stress enough how important that is!

I hope that you will all catch the bug, like I did, in which case you might want to take a look at some further recommendations on encryption and on what else you can do to fix tracking.

Or you could join the campaign to Reset the Net in time for 5th June – the anniversary of the Snowden revelations.

If the NSA is “setting fire to the future of the Internet,” then it is not just the firefighters within the tech community, but every small bucket of water that can help put that fire out.

Adding to your own online security may be that one bucket of water; the more people do this, the better the chances of making a difference.

So go grab a bucket everyone, form an orderly queue (if you’re British) and let’s all stand together against mass surveillance and for our privacy online!


One thought on “Defence Against the Dark Arts, Lesson 2: self-defence made simple.

  1. Pingback: Verteidigung gegen die dunklen Künste, Lektion 2: Selbstverteidigung leicht gemacht | Notes from Self

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s