There is no need to wonder; They have been doing this for years!
At EVERY SINGLE ISP (Internet Service Provider), they have equipment, owned by the government, that intercepts ALL traffic. They store this traffic and can recall and search any of it for keywords or specific content. If you doubt this claim, ask a worker at a data center facility if they had to be deputized by the NSA to perform his job too (kind of implying that you had to go through the same scenario).
With that in mind – why would you ever worry about it? Are you doing something illegal? Does it really matter? Well if everything you are doing on the Internet is above board, legal, moral and with good intention, you have nothing to worry about right? After all the NSA is there for your protection and paid for with your tax dollars.
And of course the government would never hire anyone that would do anything with your information that wasn’t first subpoenaed through the courts – Right? They would never steal credit card information and sell it on the black market. They would never use information to blackmail anyone. NEVER! And of course they would never hire a private contractor and give them access to that information.
And if you believe that, then you have a lot to learn about the way the government works!
Protect yourself:
Email :
Probably the easiest thing you can do to protect yourself is to protect your important emails. Start by using Thunderbird and Enigmail (this adds PGP encryption). You need to do a little bit of set-up, but it is worth it in the end. You will be able to send confidential emails to other people and have it completely encrypted (they have to be using it also). You encrypt an email with the other persons “public key”. Once you do that, only they can decrypt it with their “private key”. And the process is reversed if they send you one.
Of course to make this work, you can never give anyone your “private key” or the password used to activate it. If you suspect that has happened, you can also revoke it. You can also post your public key on a key server. This allows anyone to be able to verify that an email was actually originated from you if you “sign” your emails with your public key.
The downfall of all of this is that your emails will no longer be easily searched for content by you. Of course the benefit is that no-one else will be able to search them either. You will also not be able to just login to a browser based email window to decode the email. There are plenty of options for smart phones and tablets also to work with PGP to make it easy for you.
Wireless Internet:
Free WiFi – how can you beat it? You don’t have to pay for connection charges and you are using someone else’s bandwidth. What could possibly go wrong? How could you possibly lose out in this scenario?
How about someone else watching all data going back and forth on the system? “But I conduct all of my transactions using https and other secure methods.”, you say….
Yup, just be aware that thieves will set up “honey-pot” wifi networks that just sit there and record everything you do. When they sift through enough bits of information about you, they can steal your identity and rob you blind. Also these open wifi networks are also open to everyone else. Anyone that can connect, can monitor the data going back and forth.
Text Messages:
Most standard cellphone text messages are sent in plain text over the “air” or radio waves. Anyone with some basic radio knowledge or enough money to buy a commercially available device can read all of your text messages if they sit between you and the cell tower or between cell towers that are transferring your messages.
NEVER send anything confidential via text messages. NEVER!
Browsing the Web:
Basic browsing:
One browser add-on that you MUST install is called HTTPS Everywhere. This add-on tells your browser to always ask for the encrypted version of a web site first. HTTPS has end to end encryption between your browser and the web server. This prevents anyone else from seeing your data and what you are looking at.
Install NoScript as well. This will allow you to turn off scripting either globally or by web site. Script can be very dangerous and reveal a lot about you and your browsing habits.
Browser add-ons / search toolbars:
Have you ever read the fine print on the policies of these tools? Go ahead, I dare you. They are counting on the fact that you won’t read ALL of the fine print. MOST of them are recording everything you do. They then mine this data, create a complete profile of you and your “habits” and sell it to the highest bidder.
And those are the “legit” ones. Install one that is not so legit, and they might have access to all of the files on your pc and / or even the ability to control your pc remotely.
Have you ever know of anyone who has had their family photos or “private” photos end up on a not so innocent web site and not be able to figure out how they got there? I have heard of a few people it has happened to.
Searching the Internet:
Google, Yahoo, Bing, most all of them get paid multiple ways. Advertising and selling your “profile” is the most common. They sell your profile by targeting you with customized searches that provide customized advertising as well. They lock you into this “bubble” where you see results that they want you to see. This is especially true for Google.
Burst the bubble and go for a alternative search engine like duckduckgo and you will see what you are missing in seconds. And also take a look at their privacy policy.
Web Browsers:
Web sites can do some neat tricks with Internet Explorer, especially before version 9. Ever wonder why other browser are limited in neat tricks? Well it has to do with security and standards adherence. IE until the last version claimed to be the most standards compliant browser, but any web programmer knows that was a flat out lie. You always had to program in special code just for different version of IE. There were so many differences between the version it is sickening.
Security on IE is a major issue. Microsoft tried to make Ie integrate with Windows so much, that it even allows executable code to be run from a web page. While this gives you some neat capabilities, it also makes it simple for people to write virus’ that can attack you system.
Want to cut down big time on your chances of getting a virus from the web? Ditch Internet Explorer and use a browser like Firefox, Chromium or Opera. Notice I said Chromium and not Chrome. Chrome is Google’s closed source browser that has added tracking built in. Chromium is an open sourced version without the extra tracking and reporting.
Online Purchases:
Always make sure you are using an encrypted form on an encrypted page (HTTPS) when entering in your billing information(not just your credit card info but your name and address also).
And always look for trusted credit card processors such as paypal, authorize.net and others seals on the payment page.
Your Computer / Operating System:
Oh, you mean Windows XP, Vista, 7, and 8 right? No, I mean Microsoft versus MAC, Linux(Fedora, Red Hat, Ubuntu, etc), Minix, FreeBSD, NetBSD, Haiku, Inferno, KolibriOS, AROS and others.
What are all of those? They are non-standard operating systems. Not many people use them and almost no one would bother writing a virus for them. Oh there is talk out there that the NSA has programmers on staff that submit code to the Linux kernel. And while that could very well be true, I would recommend against using a standard Linux kernel.
Use something like Minix and the last four mentioned above. While some, like Minix, are a little more difficult to use and set up, you will find the security, reliability and speed to be unmatched.
I understand that you may not be able to switch completely to another Operating System and be happy. One idea I implore you to explore is the use of a Live CD, or Live USB. You can reboot your PC and run this operating system off a CD or USB stick. Use this any time you want to do something confidential. Then just reboot back to windows (if you must) to do your normal work.
Make sure you DO NOT enable persistent storage when using a USB stick. The military and US Government employ this exact scenario when logging into sensitive government sites and databases. This makes you start with a known “clean slate” operating system that has no virus’. Of course the military version also uses a smart card reader to identify the person logging in.
(Disclaimer – this document will be edited over time. It is meant to be a living, breathing guide to aid in computer security.)