Security for Living Under the American Regime

February 23, 2017 by Gabe | [mmd] |

Living in a country with the second best espionage infrastructure in the world, I like to think I'm prudent. Be that as it may, there's always more to consider and I've shared this site with many of my friends. It's a good primer on securing your devices and personal infrastructure.

This is a topic I regrettably think about a lot. I'm not even close to an expert though. You can get a pretty good summary of my position on the privacy episode of Nerds on Draft. I have no doubt a dedicated state actor could build a detailed profile of my life. My only option is to make it expensive enough that there better be a real pay-off for them. Here's some of the things I think about.

Email

I generally trust Apple to secure my email, but they are still an American company, which comes with legal obligation. I've used FastMail for years because they are an excellent IMAP provider. I also appreciate the added benefit of their security policy.

The Fastmail security policy has a few reassuring nuggets:

FastMail is an Australian company and as such is subject to Australian law. Australia has strong privacy laws in relation to email, specified in the Telecommunications (Interception and Access) Act 1979. The Electronic Frontiers Australia organisation has an excellent summary; this privacy policy tries to make it clear how it applies in practice to FastMail.

As an Australian company, we are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by an Australian judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with "fishing expeditions". As a guideline, in the last year we disclosed information on fewer than 50 accounts.

We do not directly disclose any information about our users to law enforcement from outside Australia, and indeed our understanding of Australian law is that it would be illegal for us to do so.

If that's not enough or you just want to tighten up a bit more, try ProtonMail:

The Company is domiciled solely in Switzerland and all hosting infrastructure is also located solely within Switzerland, and thus governed by the laws and regulations of Switzerland.

ProtonMail adds some additional protection just based on how little information they have access to. See one of my previous posts about ProtonMail. It's not IMAP, but it's still a very nice email service.

Chat

I like iMessages but as stated above, I don't know how much (if any) information Apple logs unencrypted. Last year there was a brief uproar about logging device connection for sent messages. I naively think Apple has no interest in and actively avoids knowing anything about iMessage communications.

I've tried Signal for iPhone and it's very good. The biggest downside was that hardly anyone I knew was on Signal. There's also still not a Mac or Windows client and maybe there never will be. But if I wanted to criticize the American president, I'd probably feel most comfortable on Signal.

I'm increasingly growing wary of Slack. The company seems great, including the CEO. But, it's still an American company that clearly logs every message as part of their operating model. It's not their fault since that's what it's supposed to do. So, I still love to post GIFs on slack as well as the occasional libation I'm enjoying, but I'm using it less and less for meaningful conversations about the world.

VPN

I rarely use a foreign WiFi network. There's generally a cellular connection anywhere I want data. Additionally, I've found that several public WiFi hotspots restricted VPN access. As more information is revealed about the deep connections between American Telcos and intelligence agencies, I've grown ever more careful about using cellular data too. It's the N.S.A.'s phone line, you're only borrowing it.1

I suggest using a VPN when you are participating in democracy, even when you are on a cellular connection. I use VPN Unlimited which works fine for me. If you want the don't-think-about-it VPN that just works, I recommend Cloak. So, before you head over to 5Calls.org on your iPhone, turn on your VPN. Just remember, when you choose a VPN, you are choosing a middleman for your data.

Search

I primarily use DuckDuckGo. Still an American company but they go out of their way to make their service secure, where they can. The results are about 80% as good as Google results. If I want to compare, I just add a !g in front of my search and get a Google "encrypted" search. Here's the thing though. Even if your search engine doesn't collect personally identifiable information, you are your searches. There's probably nothing else more personally identifiable than the things I search on-line. I am my interests. I wish there were more options for good internet searches.

Mac

Jeesh, just get Little Snitch. It's one of my favorite Mac apps. It doesn't just keep track of what apps are connecting to, it also tells me which apps are the most "noisy" on my network. Chrome is constantly talking to Google. I know that because Little Snitch tells me so. Even when Chrome isn't running, it's trying to talk to Google (probably for updates, but who knows). Little Snitch allows me to set a "no-Google" profile to block all of Chromes attempts. When I want to run Chrome, it's one click to allow the traffic while the app is open. It's just so damn good.


  1. Unfortunately, your ISP is still probably the same Telco. 

Older articles

  1. How to Bury a Major Breach Notification [Link]

    February 22, 2017 by Gabe | [mmd] | ℳ↫

    From Brian Krebs:

    That’s because in addition to compromising the download page for this software package, the attackers also hacked the company’s software update server, meaning any company that already had the software installed prior to the site compromise would likely have automatically downloaded the compromised version when ...

  2. The Best Anagram in English [Link]

    February 21, 2017 by Gabe | [mmd] | ℳ↫

    This just tickles me. I love these solutions that are really just an opportunity to learn.

    This gave me the idea to score a pair of anagrams according to how many chunks one had to be cut into in order to rearrange it to make the other one. On this ...

  3. MailMate to MailHub [Link]

    February 21, 2017 by Gabe | [mmd] | ℳ↫

    Dr. Drang moved back to Apple Mail (for now). While I still use MailMate everyday, I pretty much agree with all of his comments. MailHub could feel like magic and I still miss its intelligence. I wrote about my affection back in 2013. I'm sticking with MailMate because my ...

  4. Python's New Secrets Module [Link]

    February 18, 2017 by Gabe | [mmd] | ℳ↫

    Python 3.6 adds a new module for creating random values for cryptographic secrets.

    For example, this call:

    secrets.token_urlsafe(16)

    generates this unique string: '5t_jLGlV8yp2Q5tolvBesQ'

    Now, if only I could get all of my scripts moved off of Python 2.7 I'd be in business.

  5. A Few Recent Advances in Children's TV

    February 18, 2017 by Gabe | [mmd] |

    Good children's television is hard to come by. I mean, an actually tolerable, enjoyable by an adult, children's TV is as rare as an honest toy commercial. But, this past year my family has discovered several new shows that we've all enjoyed. Here's the top 5 ...

  6. Americans and Cybersecurity [Link]

    February 14, 2017 by Gabe | [mmd] | ℳ↫

    A new study out last month from the Pew Research Center show that americans understand the security risks online but are pretty bad at protecting themselves.

    The survey also finds that Americans are not always vigilant in the context of mobile security. For instance, 28% of smartphone owners report that ...

  7. Star Wars Things [Link]

    February 14, 2017 by Gabe | [mmd] | ℳ↫

    I haven't been this giddy in many months. Chewy brings a tear to my eye.

  8. When They Say They're Going to Cure Cancer Be Skeptical [Link]

    February 14, 2017 by Gabe | [mmd] | ℳ↫

    Patrick Soon-Shiong seems like a Perfect fit for the new administration.

  9. DEVONthink 2 Go 2.1 Becomes an iOS Document Provider

    February 08, 2017 by Gabe | [mmd] |

    Today DEVONthink 2 Go 2.1 is available it adds a major new feature: Document Provider service on iOS. There are not many apps on iOS that do this, but DEVONthink is a perfect fit. From within a compatible app, like Textastic or Ulysses, open a provider and browse to ...