My Personal Security Plan

Posted on Thu 15 June 2017 in blog

Back on June 5, 2013 I remember pacing back and forth while freaking out all day. I spent the day talking to my good friend Cassandra Granade, who was in a similar state of dismay. At the time we were both in graduate school, she doing her PhD and myself working on my MSc, both in physics. We poured over all the news of the day, astonished at what we were reading. It honestly felt like some sort of nightmare, where all of the bad plots to Hollywood movies were coming real.

Of course, this was the day that The Guardian, thanks to the courageous work of Edward Snowden, let the world know that the NSA was operating a variety of programs with the intent of mass surveillance of anyone and everyone. We learned of programs like PRISM and XKeyscore, of the secret courts compelling tech companies to do their bidding, and the widespread infiltration of every level of our modern networked lives.

Needless to say, we didn't get any work done that day. And that day turned out to only be the tip of the iceberg.

With all this information I became overwhelmed. As the days went on, more news kept coming out, and I just felt helpless.

I write this now 4 years later. Since then, people much smarter than me have actually tried to do something about this. The fantastic people at the EFF and Open Whisper Systems have continued to put out free open-source software and text guides to help people protect their privacy and digital security. Over the last few months I've been thinking about this more, and now with the most recent release by Wikileaks regarding the CIA, I've been doing my research to figure out what I can do to help myself. In this article, I will present in no particular order a list of things that I plan on doing now and in the near future.

Request my contacts move to using Signal

Several years ago I installed the end-to-end encryption communications software, Signal. The problem I experienced was exactly what you might expect; the inertia involved with getting people to switch messaging systems proved difficult. It wasn't until Nov 25, 2015 on my birthday that I received a message on Signal from a friend who I had not previously discussed Signal with. How exciting! This continued to pickup throughout 2016 with more friends moving to the platform, mostly thanks to a few of them pushing for people to switch.

Now its my turn. A lot of people that I communicate with are now on Signal, which is fantastic. The remainders though, are from different circles of friends. Here are the groups I've identified:

  • Family. Not sure if I'll be able to win this one, but its worth trying.
  • Old friends. This shouldn't be too much of an issue. We just primarily use SMS because that's what we've always used.
  • Warcraft guildmates. My guess is this will be half easy and half a pain. Some people will do it, some won't care, and some I'll need to hold their hand through the process.

Review permissions and settings for all apps on my phone

This is something that I try to do on a regular basis, but I need to take the time to do a once-over for everything. This includes general app settings as well as Android permissions.

The main prompt for this was my recent discovery that Google, through my cell phone, has been keeping a record of every single location I had gone since my first Android phone! I had honestly thought I had turned that off, but it turns out that was a different-but-similar tracking feature. I turned it off and purged the complete history, but it does make me wonder what else I've missed.

Enable full disk encryption on my phone

Here's a easy one. I need to enable fill disk encryption on my cell phone and switch to using a strong unlock passcode. I'm not going to lie, I should have done this ages ago, but I was lazy.

Update my laptop OS

You would think that I'd always be on the latest and greatest OS version. But nope, not the case. I'm currently running Ubuntu GNOME 15.10 on my Thinkpad T440. This stopped being supported months ago, but I'm always hesitant to update my distribution instead of doing a clean install. I need to make sure I'm using supported software to help protect myself from security vulnerabilities.

Continue to pair down on Non-FOSS

I've always been an advocate for Free Open Source Software (FOSS). I do my best to release my own projects under FOSS licences, and I try to encourage others to use FOSS solutions when they can. There are a few areas in my own life where I could do a little better. The one that sticks out in my head the most is Adobe Lightroom vs Darktable.

I should also re-evaluate my usage of web-based software, and attempt to use more open alternatives where I can. I'll first have to take a better stock of my commonly used webapps and see where I can go from there.

Switch back to using Firefox

I'm not sure exactly when it happened, but at some point I went from a happy Firefox user of many years, to primarily a Chrome user. My guess is the convenience of being able to log into my Google account directly into the browser proved to be too tempting.

While a significant portion of Chrome is open source, I believe that at the end of the day, the Mozilla Foundation is a greater force for good in the FOSS community. At the end of the day, they make a great product, and ensuring that there is a counter to Google's corporate interests is important for all of us.

My main concern with switching to Firefox is how poorly the browser has performed in exploit competitions. I even recall how Firefox was excluded from some due to how easy it was to exploit. Perhaps I first need to do some research and see how far Firefox has come in this department. Maybe I actually should be switching to the ungoogled-chromium project. Time will tell!

Set Default search to Duckduckgo

This will probably be the hardest habit to break. I've been instinctively going to for my web search needs for a very long time. I honestly can't remember what I used before. I recall using a variety of search engines in those early days. Unfortunately these days, everything you do online (and in a growing number of cases, in meatspace) is tracked and tied to a growing profile of you.