Protecting your private data from intruders

Â© Alexander Kataytsev - Fotolia.com

Privacy

Paul Brown

You don't have to be a criminal to want to preserve your privacy. Fortunately, Ubuntu, and the Open Source community provide ways to keep snoopers at bay.

There are no two ways about it: The idea that, if you want to keep your private matters, well, private, it's because you're a criminal or a pervert is a cynical shifting of the blame to the innocent party. The agencies doing the spying are in the wrong here. They are systematically violating the laws of all western democracies. Any private citizen doing the same thing would be thrown into jail without a second thought, and rightly so.

But, while we wait for the perpetrators of the NSA blanket spying to be indicted, what can we do? The old Internet adage "if you're not paying for it, you are not the client, you are the product" holds true for every single service on the Internet. The information you upload to popular social networks, store on clouds, and transfer through popular commercial communication networks is a prime candidate for harvesting, storage, analysis, and use by the creators of the services, as well as (as we now know but have long suspected) government security agencies.

If you want real confidentiality, you must avoid all the obvious popular and free (as in beer) options that have already proven untrustworthy. In other words, if you are serious about the issue of keeping your data private, you should steer clear of Facebooks, Hotmails, Gmails, Skypes, YouTubes, Dropboxes, and the like (I'll call this the first level of confidentiality). You should also use only open source software (a second level of confidentiality), because it is the only software that is audited frequently by independent, non-biased third parties. A third level of confidentiality is that you should be able to host the services that process and store your data yourself.

Now, this where some may disagree. Many sys admins would argue that hosting your own stuff in-house to defend your privacy is not a good idea. They would say that supporting servers is a full-time job and that most SoHo setups are not as secure and fail-tolerant as professionally maintained server farms at hosting companies. They would be right; however, we are not arguing security here but confidentiality, and those are two different things.

An external server farm will have backup systems, high levels of software and hardware security, and expert personnel to keep your data safe from the bad guys and accidental erasure. However, a server farm is also more likely to be the target of malicious hackers and the secret laws, courts, and subpoenas that we have been hearing so much about. A hosting company may be subject to a gag order as well as being subpoenaed; so, if you host your data with a third party, an NSA flunky's grubby paws might be all over your family photos, recordings of your personal conversations, and private medical records, and you would not even know it. However, if a government agency wanted information from your own machine and decided to obtain it in a legal fashion, you would be the first to find out.

Of course, the agency could just get a wiretap order for your communications without your knowledge. But, first, they can do that with a third company hosting your data as well, so that's a given. And, second, that's what encryption was invented for.

In the feature section of this month's magazine, we'll give you the tools to make life harder for snoopers and intruders. You'll learn how to host your own files and share them safely with only those you trust, you'll encrypt your email, and you'll learn how to navigate the web with complete anonymity.

Privacy is your right. You don't have to have done anything wrong to need and want it.