Personal Qualms With Computer Privacy

  • Posted on: 17 April 2015
  • By: davis

It's mentally exhausting to live in this cyber-warfare age. When I know for a fact that everything I do is being logged in some fashion by someone. I am casually interested in cyber-warfare and spend most of my day dealing with intrusion prevention and server maintenance. I grew up reading The Cuckoo's Egg by Cliff Stoll. I felt his triumph and his agony as he tracked his perpetrator across the world, eventually landing on a suspect with KGB connections. The suspect was later murdered mysteriously. If you haven't read The Cuckoo's Egg, go read it. It's an amazing look at the early Internet.

So to live now, in this day and age, is very worrisome. I must carefully calculate any statement I choose to post online. In my teenage years I was active across all manners of forums. Now, I carefully avoid signing up for forums. I rigorously practice browsing anonymously, making sure to enable ad/cookie blockers, IP filters, client-side software, using Tor, TAILS (operating system), and more. But I still feel a tinge of paranoia – what if someone posted my worst secrets, pieced together, for everyone to see? I'm not a big deal at all, and even I have to worry about that.

What really threw me for a loop was the Snowden revelations.

I had understood and agreed with those who said the U.S. monitored internet traffic, before Snowden, back when all of this was theoretical. I had, after all, read quite a few books on U.S. submarine operations during the Cold War. There was an understandably heavy focus on tapping underseas communications, and U.S. submarines were frequently engaged in subterfuge in Russian territory. Tapping communications was always going to be at the forefront of the military's priorities. That only makes sense – throughout warfare, it has always been beneficial to capture messengers, whether they're riding on horseback or TCP/IP packets. Hell, the Byzantine Generals problem (which Bitcoin tried/nearly practically succeeded in solving) is based on the concept of “unaltered messengers.”

But I hadn't consciously known the depth of penetration. Keep in mind, before Snowden, these were all things that I couldn't casually talk among my peers about. I knew I sounded a bit nuts asserting that the U.S. government could trivially pinpoint your location, and it would only increase. I thought at the time that perhaps I was being paranoid. But the reality was much worse.

And now I have this very real fear of my computer. I am fairly computer literate (certified A+, Security+, Network+, MCSA), studied I.T. Management in college, and work as a web developer and server administrator as my day job. My grandfather worked with nuclear weapons in the 1950's, and reading books about the proliferation of nuclear technology should have forewarned me as to how deep this intrusion of privacy would be. It is clear that governments will stop at nothing to maintain control of powerful technologies.

I want to give you a real example of this fear. I typed this post up in LibreOffice, an open-source alternative to Microsoft Office. When I created this document, it was named – Untitled 1 – LibreOffice Writer. That's what I see in the toolbar right now. But what I feel when I look at the toolbar is that LibreOffice is a large, popular product. I'm sure the government has binaries capable of reading this data. So when I want to have a real conversation about Silk Road, or parts of the DarkNet – well, there it goes. I'm sweating a little bit, just a tad. Because I'm worried, just by typing those things, that I'll be placed on a list of some sort. I have a very real fear that I'm passing notes in class – putting information out there on faith that it will never be used against me, hoping the teacher's back will stay turned.

And for all I know, LibreOffice is secure. Maybe no one can read what I'm typing. But I'm not going to encrypt this document. Having said that, now all I can think about is how easily cracked Windows 7 is – I am writing this from a cracked version, after all. So it's insecure and privy to any dedicated hacker.

I mean, I've set up WPA2 encryption on my wireless router, changed my admin password, and have a 25char randomly generated password. But I used LastPass to generate the password, so there's a chance that I compromised the existence of that password. Besides, what's entropy to future computers – what happens to all of these poorly protected, SHA1-based passwords when every computer is capable of cracking such schemes trivially? It's not that far away. Moore's Law has yet to be disproven.

In 50 years, when everyone's old MySpace and Facebook accounts are trivially cracked, what happens? What happens when the government's healthcare database is cracked (it will be) and everyone's information is leaked? What happens when everyone, collectively, realizes that they are being watched at all times?

I'm connected to the router with a bright yellow Ethernet cord. I can see it's not being physically tapped. But I haven't inspected the wiring of the cable to the street, where the Verizon technician installed it. I have to trust it's not bugged there. And that trust lays another burden upon my voice, a quiet voice saying “Watch what you say.”

But I know better. I know that my usage is tracked. I turn on Peer Blocker when I run qtBittorrent to hide my suspicious activity from my ISP, because I know that they will seed popular torrents and track the incoming IP connections. That's how you get a letter from your ISP, by the way. Always run Peer Block or an equivalent program.

And my hardware – I have absolutely zero faith that my hardware is trustworthy. How many stories about the NSA/GCHQ do we need to prove that hardware will be tampered with?

Of course, my connection to the Internet itself is anything but assured – subject to the whims of the cable provider's routing, which could easily be running through a government tap. We've seen story after story of certificate authorities having their licenses revoked or banned by Mozilla/Google. CA signing in its current form is a joke to organized governments. Recall the MITM (man-in-the-middle) attack on Belgian engineers by NSA/GCHQ. It's not difficult when you own the Internet.

I'm not done yet. I've already given up faith that I can do anything vaguely illegal. I've already given up faith that I can talk freely about anything that isn't government sanctioned. Right here, in this text box, I am extraordinarily reluctant to type about my deepest confessions, because, I mean, fuck. What can I do? Human knowledge is being leaned upon with this extraordinary burden. All of human knowledge is free to fly back and forth across the globe to people of every color and nation – but... you know it's not free. In the back of your head, you know it's being watched and regulated. You know that it's not truly anonymous. How many people have you seen on the news lately, getting tracked down for saying dumb shit online? How does that affect your willingness to talk about or research certain subjects?

My dad and I were talking about bombs once, and we couldn't agree on the definition of a “pipe bomb.” I walked over to his computer and started to pull up Google, and then stopped. We both knew why. Haha, don't do that, you'll be on a watch list. Nervous chuckles that acknowledged that we both knew we could be watched for such an act. In that uncomfortable manner where we don't really think the government would do that... but... they could. The moment passes, I retreat from the keyboard.

Haha, very funny.

I didn't search for “what is a pipe bomb.” I figured we're safer that way. We didn't really need to know.

And no, the government wasn't going to come after us. But we would be on a list, that's for sure. As we've seen over the course of history, you generally want to avoid giving the government evidence for anything, as they are the ones most likely to prosecute your freedom. It's just generally sound strategy to conceal most of your life from the government – but it is becoming increasingly difficult.

It is so mentally exhausting, all of these things to worry about. I know one option, the one the reader would most likely prescribe, is reducing my Internet usage. But how can I do my my professional job that I have trained for all of my life without the Internet? I must be on the Internet, at least to do my job, and that creates a terrific strain on my sanity, the feeling of being watched all the time is ever-present.

And that's just the government. I worry about the social effects of a company like Google brazenly tracking our movements across the web. Google, at least, uses our data for nominally useful purposes. Ad merchants like PanOpticlick and a million shady knockoffs – they exist just to present you with an optimized reality. So much of the internet economy right now is predicated on harvesting data for the big score. Everyone wants to cash out eventually, once they have enough. So we collect data, and we stereotype people, and we target them better than ever before. It's quite easy to become cynical about this enterprise.