Resetting the Net: Make the Adversaries Life Harder

Resetting the Net: Make the Adversaries Life Harder

Yesterday When this post was written, it was "Reset the Net" Day, and system administrators, web-masters, and ordinary internet users alike took steps to encrypt their data and keep there personal lives... well, personal. Today, massive online spying is becoming the social norm. Many people assume that everything they send over the internet can and likely will be intercepted by people like the NSA, and that there is little they can do about it. But there is actually a lot that you can do. To get you started in the right direction, I will explain some of the steps I have taken to harden my internet security.
Use Tor or a Secure VPN
The Tor network is one of the best ways to remain anonymous online. I'm not going to get into how it works here, however there is a thorough explanation of Tor's magic here. Yes, Tor is slow and not always convenient to use. That's why I only use it when I'm feeling really paranoid. For most of my other online activities, I use a virtual private network (VPN). VPN's tunnel all of your computers internet traffic through another server, located somewhere else (preferably on the other side of the Earth in a politically neutral country). Although a VPN does not give you nearly the anonymity that Tor does, it provides you with very powerful end-to-end traffic encryption. Our traffic remains encrypted until it exits the VPN server in (for example) Switzerland, then continues to it's final destination. We don't care what Switzerland thinks about our web browsing habits, and they aren't interested, so it's a win-win. A great VPN service with servers in many different geo-political regions is PrivateInternetAccess.com.

Use Open Source Software

It's amazing and sad to me that 90% of personal computers still run Microsoft Windows when there are so many better (and free) options out there. Consider making the switch to Linux, you will be happy you did. However, there's still ways to securely use a Windows system. Consider installing Pigdin Instant Messenger, which allows you to use encrypted instant messaging on services like Facebook Messenger or Google Talk. Use an open source browser like Firefox. Open source=people can read the source code=the software has been scrutinized by thousands of security-minded developers, so you can be pretty sure there are no back-doors/gaping security holes.



Be Smart

Be careful what you send through email. Unless you are using encryption, assume anything sent through email can be intercepted. In fact, assume anything sent over the internet can be intercepted. Therefore, it is best to send as little personally identifying information over the internet as possible, even when using Tor. Install the browser add-on HTTPS Everywhere, which will force use of https whenever available. Pay attention to the warnings that your browser gives you about unverified connections. If an https certificate cannot be verified, either the site you're visiting has not registered it, or you are the victim of a Man in the Middle Attack.

Knowledge is Power

Learn about how technology works so that you can better make educated decisions about your online activities. It is helpful to have a basic understanding of Internet Protocol and Public Key Encryption.
If you are tech savvy, you can configure your own VPN server by renting a cheap VPS somewhere and installing openvpn-server. I recommend Digital Ocean for they're outstanding record of reliability, ease of use, and versatile choice of platforms.

Edit: fuck that. They're great for convenience, but for some reason, I just don't trust them anymore. Find an overseas vps and pay for it with mixed up bitcoin.

If you already administer a VPN, rotate your keys right now, and use a 2048 bit 4096 bit d.h. key. One other thing i did today was configure my own Firefox sync server. Since I use many different computers, I like to have my browser data synced. However, I don't want my browser settings stored on a server that I do not control. It turns out that it's pretty simple to configure your own sync server. Now I can keep all my bookmarks and settings in sync without using a 3rd party server, which makes me feel a lot better.