Online Privacy/Security

If you type online it is not private.  Simple reality.

Obscurity adds comfort, but no real protection.

I would expect 99% of traffic, including non-html protocols, that travels on the TCP/IP backbone to be well observed.

The last 1% is most likely scanned real-time.

If you type at your device, while not overtly using online services, a continued observation remains, but we will save that for another post.

Some consideration of who watches your traffic is in order.

Unless you are a bad guy, your typing wouldn’t be of much interest to the security folks, right?

Hmm, maybe not as uninteresting as you might think, as the use of bulk-collection and offshore bulk collection casting a very wide net to gather traffic will dredge up your traffic in the mix.

Most likely unless your particular traffic rises to attention, it may be collected and stored.  Yup, a great portion of traffic is archived for possible retrospective analysis.

As where laws limit the legal ability to directly collect certain traffic domestically, much traffic is routed to where contractors and other intel agencies can legally collect the traffic.  So we can’t legislate away collections.

Most major governments do the same level of heavy collection, or are part of consortiums that collect traffic.  USA, UK, EU, Russia, China, Arab States… all collect traffic, including traffic that you are part of.

The likelihood of our traffic being collected is high, whether we used html, gopher, ssh, telnet or whatever protocol.

So what does one do about it?

First always remember some guidelines:

  • Typing online is forever (as it will likely be collected)
  • Keep your typing precise with what you wanted to say and stand for
  • Collected data becomes context-removed, so explain yourself well to maintain archival grade clarity
  • Never presume anything online is truly private
  • Obscurity is no protection from collection

We really shouldn’t treat information typed online different than what we put on the radio.  Once released it is open book time.

There are some techniques to make extracting anything useful from our online typing harder, mostly by raising the overhead at sending and receiving through  encryption.  Except when encryption is being used to facilitate a crime, encryption is generally legal for usage domestically.

With enough traffic and with the accumulated small lapses in security we all have, eventually encrypted traffic can be read.  Just the costs to do so went up.

As your unencrypted message is typed “in the clear” unless you do off-line encryption/decryption, that raw message may be gathered and sent separate from your actual email or text.  Apps that offer end-to-end encryption still gather and later distribute an unencrypted raw message, which is a vulnerability.

As the days where only a percentage of internet traffic was collected have now changed to where all traffic can be collected (and likely is), retroactive-investigations and surveillance developed from the data mining of this massive amount of collected traffic.

The data set allows deep inspection of your online typing afterwards, in some cases years afterwards.

So if you become a “person of interest” your online information that was stored away, will be analyzed.

Brave New World, I guess.

73

Steve
K9ZW

One thought on “Online Privacy/Security

  1. Kuby, N6JSX, MS-EET(ret) says:

    So using Yahoo, Gmail, others, Email services not only mine your emails for meta data but also subject/topic/buzz-words.

    Does Proton-Mail typing get encrypted to their server? I think all gets encrypted providing you stay within the Proton system.

    Now what are the trigger ‘words/combinations’ that will insure the NSA screening computers scan flags a manual screening of your emails? i.e. bomb, POTUS, sniper, etc?
    A few years ago working at WPAFB, a fellow Engineer said he added a list of NSA-buzz-words (his label) in Arabic at the very bottom of his auto-signature block (3pt font, white color) to intentionally trigger a manual screening of each email wasting the Govt alphabets time/effort. He did get called on the carpet and told to knock it off. Yahoo and Hotmail dropped his accounts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: