Carey is a guy on a mission. He wants to raise the awareness of everyday, non-technical people on the crucially important topics of cyber-security and online privacy. He’s also an author of the book titled “Firewalls Don’t Stop Dragons“, which we highly recommend.
So we decided to send him a few questions and were lucky enough to have his answers…
Can you shortly introduce yourself?
I’ve been a software engineer for about 27 years now, at large and small companies. I have a master’s degree in Electrical Engineering from Purdue University. I’ve always had a personal fascination with cryptography and deep respect for personal privacy, but Snowden’s bombshell revelations in 2013 shocked me.
I wanted to do something to help people avoid mass surveillance — both by corporations and by governments. I decided I would write a book about cybersecurity and privacy for the average person. The book, Firewalls Don’t Stop Dragons, is now in its 3rd edition, with a 4th edition on the way.
I also started a blog, a newsletter, and a podcast, and have been teaching some continuing education classes.
What do you see as the main challenges for our privacy today?
It’s hard to pick just one! Our privacy is being threatened on several fronts. But the one that’s got me the most worried lately is the addition of real-world, physical tracking to complement the existing virtual, online tracking.
The use of automated license plate readers is exploding, allowing a handful of companies to amass a treasure trove of our location information. Local video surveillance has been common for decades, but in recent years we’ve added centralized facial recognition technology — again, amassing tons of very personal location and marketing information.
Companies like Amazon’s Ring and Clearview AI are selling this information to law enforcement, allowing them to do things they couldn’t legally do otherwise. Of course, all of this information is also sold to marketers and who knows who else.
And finally, in the age of COVID-19, I’m truly worried that citizens will give up their civil liberties in exchange for very questionable security and health benefits. Once these powers are granted and rights are relinquished, it’s extremely hard to undo.
What can we as individuals do about it?
Thankfully there are many things that individuals can do to thwart or minimize opportunistic, mass surveillance – at least in the digital realm. Using a privacy-oriented browser like Firefox with a handful of privacy plugins like uBlock Origin, Privacy Badger, Decentraleyes, and DuckDuckGo Privacy Essentials will go a long way towards defeating common tracking techniques. (The Tor Browser is even better, but can be frustratingly slow for the average user.)
Avoiding Google services (Android, Chrome browser, Waze, Google Docs, etc) and Facebook products (including WhatsApp, Instagram, and Onavo) is highly recommended, though in practice is very hard to do. So at the very least, you need to be aware of all the privacy settings and crank them up to the max.
Can VPNs help? Do you use one?
Using a VPN can keep your Internet Service Provider (be it your home ISP or your mobile ISP) from recording your web activity and selling it. A VPN is also highly recommended for any public WiFi hotspot or a public network (airports, hotels, libraries, etc).
Realize that when you use a VPN, you’re just exchanging your (mis)trust for your local internet provider with the VPN provider — because now the VPN provider can see all your web activity. So it’s very important to find a VPN service that actually respects your privacy. They should explicitly state, unequivocally, that they do not log personal information or collect any user data. Having an independent privacy audit is nice, too.
What do you do to protect your personal information?
I try to be practical. “Dropping off the grid” is not a viable option — for myself or anyone. I use all the products and services I mentioned previously, though I don’t use them all the time. And I still use some social media (mostly Twitter and LinkedIn). I just try to limit what they know and set all the privacy settings to the max.
I’ve been using Google services since they started, and so extracting myself from that ecosystem has been particularly challenging. I find that CryptPad is quite good, but when collaborating with others, it’s hard to avoid Google Docs.
I use a generic, “spam” email account for most public things. I give as little information as possible when I sign up for something, and I lie about “required” personal information where I can. I use privacy-respecting DNS service (220.127.116.11) and DNS over HTTPS.
I use encrypted messenger apps whenever possible. I personally prefer Signal, but in most cases, I end up using Apple’s Messages app since most people I know have iPhones (and don’t want to install yet another messaging app).
Do you have some other advice for our readers so they could, at least partially, regain their privacy?
Beyond the technical solutions I’ve already mentioned, I have two pieces of advice.
First, get educated and get involved. Pay attention to privacy issues and demand privacy wherever and whenever you can. Reach out to your government representatives on privacy issues, demand more transparency and privacy legislation. The free market can’t fix this problem. Consumers have no objective way to compare the relative privacy between products and services, and in many cases have basically no choice at all. Regulations, when done properly, are essential. You don’t need to personally inspect the safety of your car, your airplane, your meat, or your prescriptions because we have regulations and agencies that do that for you.
Second, support privacy with your wallet where possible. When you do see products and services that bend over backward to provide privacy, choose them over others that don’t. This will almost surely cost more money, but the only way these companies will survive is if we put our money where our mouth is. And likewise, support non-profit organizations that are out there fighting for your civil liberties every day. You might look at the Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT), the Electronic Information Privacy Center (EPIC) and Fight for the Future.