Security for Living Under the American Regime

February 23, 2017 by Gabe | [mmd] |

Living in a country with the second best espionage infrastructure in the world, I like to think I'm prudent. Be that as it may, there's always more to consider and I've shared this site with many of my friends. It's a good primer on securing your devices and personal infrastructure.

This is a topic I regrettably think about a lot. I'm not even close to an expert though. You can get a pretty good summary of my position on the privacy episode of Nerds on Draft. I have no doubt a dedicated state actor could build a detailed profile of my life. My only option is to make it expensive enough that there better be a real pay-off for them. Here's some of the things I think about.

Email

I generally trust Apple to secure my email, but they are still an American company, which comes with legal obligation. I've used FastMail for years because they are an excellent IMAP provider. I also appreciate the added benefit of their security policy.

The Fastmail security policy has a few reassuring nuggets:

FastMail is an Australian company and as such is subject to Australian law. Australia has strong privacy laws in relation to email, specified in the Telecommunications (Interception and Access) Act 1979. The Electronic Frontiers Australia organisation has an excellent summary; this privacy policy tries to make it clear how it applies in practice to FastMail.

As an Australian company, we are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by an Australian judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with "fishing expeditions". As a guideline, in the last year we disclosed information on fewer than 50 accounts.

We do not directly disclose any information about our users to law enforcement from outside Australia, and indeed our understanding of Australian law is that it would be illegal for us to do so.

If that's not enough or you just want to tighten up a bit more, try ProtonMail:

The Company is domiciled solely in Switzerland and all hosting infrastructure is also located solely within Switzerland, and thus governed by the laws and regulations of Switzerland.

ProtonMail adds some additional protection just based on how little information they have access to. See one of my previous posts about ProtonMail. It's not IMAP, but it's still a very nice email service.

Chat

I like iMessages but as stated above, I don't know how much (if any) information Apple logs unencrypted. Last year there was a brief uproar about logging device connection for sent messages. I naively think Apple has no interest in and actively avoids knowing anything about iMessage communications.

I've tried Signal for iPhone and it's very good. The biggest downside was that hardly anyone I knew was on Signal. There's also still not a Mac or Windows client and maybe there never will be. But if I wanted to criticize the American president, I'd probably feel most comfortable on Signal.

I'm increasingly growing wary of Slack. The company seems great, including the CEO. But, it's still an American company that clearly logs every message as part of their operating model. It's not their fault since that's what it's supposed to do. So, I still love to post GIFs on slack as well as the occasional libation I'm enjoying, but I'm using it less and less for meaningful conversations about the world.

VPN

I rarely use a foreign WiFi network. There's generally a cellular connection anywhere I want data. Additionally, I've found that several public WiFi hotspots restricted VPN access. As more information is revealed about the deep connections between American Telcos and intelligence agencies, I've grown ever more careful about using cellular data too. It's the N.S.A.'s phone line, you're only borrowing it.1

I suggest using a VPN when you are participating in democracy, even when you are on a cellular connection. I use VPN Unlimited which works fine for me. If you want the don't-think-about-it VPN that just works, I recommend Cloak. So, before you head over to 5Calls.org on your iPhone, turn on your VPN. Just remember, when you choose a VPN, you are choosing a middleman for your data.

Search

I primarily use DuckDuckGo. Still an American company but they go out of their way to make their service secure, where they can. The results are about 80% as good as Google results. If I want to compare, I just add a !g in front of my search and get a Google "encrypted" search. Here's the thing though. Even if your search engine doesn't collect personally identifiable information, you are your searches. There's probably nothing else more personally identifiable than the things I search on-line. I am my interests. I wish there were more options for good internet searches.

Mac

Jeesh, just get Little Snitch. It's one of my favorite Mac apps. It doesn't just keep track of what apps are connecting to, it also tells me which apps are the most "noisy" on my network. Chrome is constantly talking to Google. I know that because Little Snitch tells me so. Even when Chrome isn't running, it's trying to talk to Google (probably for updates, but who knows). Little Snitch allows me to set a "no-Google" profile to block all of Chromes attempts. When I want to run Chrome, it's one click to allow the traffic while the app is open. It's just so damn good.


  1. Unfortunately, your ISP is still probably the same Telco.