Tag Archives: privacy

Start an 8-day data detox

20 Dec

Recommended to me by Mozilla, I started a Creative Commons-licensed “Data Detox” that was produced for the Glass Room London in 2017, and is curated by Tactical Technology Collective. It was originally a printed/PDF kit created for the Glass Room New-York in 2016.

I thought I might try that little exercise to see if I could learn something more about e-privacy. Turns out there were quite a few things that I did not know about, especially when it came to Google settings, and iPhone configuration. (I am currently using a salvaged iPhone 4 which does not want to die – better for the planet.)

The Data Detox runs over 8 days and runs you through little tasks you can follow to leave less of a data trail while using your Internet-connected devices.

It is of course not covering 100% of what could be said about e-privacy, but I was surprised at how much it taught me about a bunch of privacy settings in my Google account, and about location services in my iPhone. I would recommend following the detox even if you feel you have a good grasp of what you need to do to stay safe and anonymous on the Internet.

Here is a couple of things I would add to the tasks already offered by the Data Detox, in no particular order. Feel free to add those to the list if you feel motivated, or cherry-pick whatever you feel like doing.

  • Using a password manager like KeePassX (which is mentioned in the detox) is a good way to safely store a bunch of diverse and complicated passwords, but another benefit I have learned to appreciate is that it constitutes a record of how many accounts you own, and allows you to review which unused ones you could delete. Here’s a challenge: every time you add a new account and password, try to delete a different one (or two?) so you don’t build up a collection of them.
  • When reading your emails, start directly deleting the ones you know you will never go back to. That will make your email account less of a data trove waiting to be mined. Another benefit is that you are freeing some valuable storage space for your ethical privacy-respecting email account provider (because you use one, right?).
  • The Alternative App Centre that the detox recommends is good, but I would also recommend to have a look at the Free services that Framasoft offers (more directed at offering Free Software alternatives to the ones offered by the GAFAM: Google, Amazon, Facebook, Apple, Microsoft, i.e. the main huge data silos of the Internet), as well as the list of alternatives from PRISM Break (more directed at privacy-respecting apps to fight state surveillance). Another excellent website that lists alternatives, tools, add-ons and services to protect your privacy, along with valuable information, is PrivacyTools.io.
  • Related to the previous point, if you specifically want to get away from data-gathering social networks, I recommend two decentralised Free Software-based alternatives: Mastodon as a Twitter replacement, and Diaspora* as a Facebook replacement. They are both mature projects with a lively healthy community to interact with.
  • Finally, the detox probably didn’t mention it because of the technical knowledge required to set it up, but I’d also recommend looking into self-hosting your own cloud services. Nextcloud, YunoHost and Sandstorm are good starting points. You can also find a service provider that uses Free Software and guarantees to respect your privacy in exchange for some money. I am currently a happy subscriber of IndieHosters (they use Nextcloud for the most part) but you can find more providers on Chatons.org (at the time of writing, 48 providers mainly located in France).

Ebay and their encryption double standard

9 May

I am not often using Ebay, but every so often it happens to be one of the only options for a specific kind of purchase. I recently bought a product to expand my MPC’s internal memory, and tried to communicate with the seller by using my email account (as an Ebay “guest” user).

I have been automatically signing my emails with PGP for a while now, and haven’t had any major problem (except for a Brisbane council issue that somehow filtered my emails because of the unrecognised attachment, an issue that was fixed a while ago, at least in the particular section I have been volunteering at).

Interestingly enough, Ebay rejected my signed (unencrypted) email, with the following explanation:

To better protect our members from identity theft and unwanted emails, we don’t allow encrypted emails. Because your recent email message to [xxx] was encrypted, we didn’t send it.

Please remove the encryption and resend your message.

The notification email links to a messaging help page [snapshot] that states the following:

Emails that are encrypted before they are sent (or are automatically encrypted when sent) will not be delivered through eBay Messages. Encryption is a way of scrambling or coding information before it’s sent, and then decoding the same information when it’s received. If you’re using encryption software, you may need to turn it off before sending messages.

At first, I thought I sort of understood why they would filter out encrypted emails: so they can apply a keyword-based spam filter. However, I still haven’t heard about spammers making use of encryption. It seems to me that encrypting is an obvious massive obstacle to the main objective of spamming: sending large amounts of emails that are not specifically targeted. Encrypting would require the spammer to collect each recipient’s public key and scramble each separate message accordingly… It does not sound likely to become a common spamming practice, which leads me to think that there might be other incentives for Ebay to only have plain-text messages transiting through their servers (data collection and analysis, anyone?).

Add to that the fact that Ebay obviously does a terrible job at telling apart signed plain-text emails from encrypted emails…

In their help page titled “Keeping you safe on Ebay” [snapshot], they state the following:

We use procedural and technical safeguards, including firewalls, encryption and Secure Socket Layers (SSL) to help protect your personal information against loss, theft and unauthorised access and disclosure by users inside and outside the company.

In “Protecting your privacy” [snapshot], it is said that Ebay provide:

Secure communication for all external parties—including customers, vendors, and any business partners outside of eBay—by monitoring every email message, except in countries that have laws prohibiting monitoring of email. If an email contains private information, it will be encrypted through our eBay Secured Email system.

However, the users using encryption themselves (or even just PGP signatures) are considered a threat and denied privacy. What about people who want to make sure they are keeping a particular transaction private from a member of their family, a threatening community, a potential online criminal organisation, or from an oppressive government, for whatever reason?

Funnily enough, at the time of writing, the link to “eBay Secured Email” is a dead link, so good luck if you want to find out more about this particular “system”…

This issue draws me further away from Ebay – as if I needed more reasons.

Reset the Net

5 Jun

Reset the Net is happening today, the 5th of June 2014. It is a global day of action to make government surveillance on the Internet more difficult. It was instigated by the American organisation Fight for the Future, “a nonprofit advocacy group in the area of digital rights founded in 2011″ (see the Wikipedia article). This effort is scheduled a year after Edward Snowden started revealing the NSA’s, and more generally the Five Eyes members’ global surveillance activities. The day of action echoes others like The Day We Fight Back, organised by Aaron Swartz’ Demand Progress in February this year.

Reset the Net is a great event, and I really hope it has a lasting effect on the Internet. However, this kind of change is one that needs to be durable, and this probably means that it won’t be done in a day. I will try and write posts related to government surveillance and general online privacy in the next few day to show examples of how we can switch to safer options, and report on the efforts I made myself. This will be my little contribution towards giving people ideas and making this issue more visible.

For the moment, have a look at the Reset the Net “privacy pack” to get you started on this. There is quite an array of actions you can take, from a simple switch from one app to another, to more elaborate geeky things: everyone can find something that looks doable to them.

Reset the Net on the 5th of June

11 Apr


On the 5th of June 2014, Internet users and organisations around the world will unite to promote openness, privacy and digital rights – in other words, “Reset the Net“.

This is a project started by Fight for the Future, an organisation that describes itself as “a nonprofit working to expand the Internet’s power for good”. The American organisation was founded in 2011 and is known for its engagement in the fight against SOPA and PIPA.

Watch the video below to learn more and head to this website to see how you can help.