[For the purposes of getting this out as quickly as possible, I’ll assume you’re all using Google Chrome as your default browser. If not, you can download it easily by googling Chrome. Good luck.]
Alright, so as you all know the new metadata retention laws [have] are likely to pass the senate, so it’s in all our best interests as members of a democratic society who value our freedom of speech to find out how we can communicate privately and without the intrusion of government/corporate surveillance.
To that end, I’m compiling the following short guide to online privacy, which will be by no means comprehensive but rather a starting point for interested parties.
Whether we are involved in criminal or illegal activity or not, we still have a basic right to privacy as human beings, and we must exercise that right if we wish to keep it.
So, where do we start?
BROWSER OPTIONS & EXTENSIONS
There are a few very easy steps to securing your browsing that can be done in-browser, along with some extensions and apps that do the legwork for you.
Firstly we’ll go over a few simple mouse-click changes you can perform in the settings tab in Chrome, which you can find by clicking the three horizontal bars in the top-right corner of your browser.
If your Google account is connected with chrome your data will automatically synchronise and update to google’s servers. Considering Google’s involvement with the NSA it’s wise to disable this feature.
You can do so by selecting “Disconnect your Google Account” under the “Sign In” heading.
If instead you see a box that says “Sign in to Chrome”, you’re not synchronised and have one less thing to worry about.
The next thing you’ll want to do is scroll down to the bottom of the Settings page and click “Show advanced settings…”
The first heading that appears should be “Privacy”. While you’re here, click “Clear browsing data”, check all the boxes and choose “Obliterate the following items from: the beginning of time”.
You’ll have to reinput any passwords and form data after performing this action.
Underneath this heading there is a list of check-boxes. You’ll want to uncheck the second box, “Use a protection service to help…”, and the third box “Predict network actions…”
The last item on the list you’ll want to check, “Send a “Do Not Track” request with your browsing traffic.”
Click on “Content settings”, and under “Cookies”, check the box that says “Block third-party cookies and site data”.
Scroll down to “Plug-ins”, and under this heading choose “Do not run plugins by default”.
The next important heading is “Location”, here you’ll want to select “Do not allow any site to track your physical location”
Under “Notifications”, choose “Ask when a site wants to show desktop notifications.”
Under “Automatic downloads”, select “Do not allow any site to download multiple files automatically.”
Once you’ve done the above, click “Done” to save your changes.
Now, on to the extensions.
HTTPS Everywhere is an extension that automatically shunts your connection from a non-secure http format to a secure https connection wherever possible. You can find it here.
Ghostery allows you to disable trackers from many companies such as Facebook, Google and Apple, just remember to opt out of their option to send data to their servers, which you should be asked to do during setup. You can find it here.
ScriptSafe allows you to choose which active scripts you trust and enable or disable them on the fly, get it here.
CryptoCat is probably the most useful active app we’ll use, as it allows encrypted chat over Facebook and other IM services. To use it with Facebook, install the app and open it from the apps tab in your Chrome bookmarks toolbar, it should be on the far left, then choose the “Facebook” tab.
This Facebook connectivity will expire on April 15th, so this is only going to be usable for two weeks-ish from now. The non-Facebook aspect of the app should be fine to use after that date however so it’s still worth getting. Get the app here.
OTHER GENERAL ADVICE
While these services and tweaks will go some way to anonymising your activity online, they are not magic bullets. If you are discussing anything private, don’t do it online, and if you have to do it by phone, use Wickr, an app which automatically destroys your comms after they’ve been sent. You can get that from the AppStore/GooglePlay.
A better option than using Google Chrome is to use the Tor Browser. You can find the browser and comprehensive info on how to use it and set it up here.
If you want real privacy the only way to get it now is to meet face to face somewhere isolated and soundproof, and to disable all electronic devices by removing their power sources. Even that isn’t necessarily foolproof.
What the above changes will accomplish is to make your metadata harder to collect and store. You should consider changing your internet service provider to a company that upholds good privacy standards, for example iiNet.
Don’t trust providers, buy your devices directly from the manufacturer when you upgrade and remember to disable any location trackers and cookie storage etc upon purchase.
If you have extremely sensitive information, use an “air gapped” machine, i.e. a computer that has no network capability and has never been connected to the web, or even better, don’t digitise it.
All of that said, none of us have too much to worry about, but these actions are statements indicating that we are recognising and exercising our basic human rights, and that we include the right to privacy under that heading.