If you type online it is not private. Simple reality.
Obscurity adds comfort, but no real protection.
I would expect 99% of traffic, including non-html protocols, that travels on the TCP/IP backbone to be well observed.
The last 1% is most likely scanned real-time.
If you type at your device, while not overtly using online services, a continued observation remains, but we will save that for another post.
Some consideration of who watches your traffic is in order.
Unless you are a bad guy, your typing wouldn’t be of much interest to the security folks, right?
Hmm, maybe not as uninteresting as you might think, as the use of bulk-collection and offshore bulk collection casting a very wide net to gather traffic will dredge up your traffic in the mix.
Most likely unless your particular traffic rises to attention, it may be collected and stored. Yup, a great portion of traffic is archived for possible retrospective analysis.
As where laws limit the legal ability to directly collect certain traffic domestically, much traffic is routed to where contractors and other intel agencies can legally collect the traffic. So we can’t legislate away collections.
Most major governments do the same level of heavy collection, or are part of consortiums that collect traffic. USA, UK, EU, Russia, China, Arab States… all collect traffic, including traffic that you are part of.
The likelihood of our traffic being collected is high, whether we used html, gopher, ssh, telnet or whatever protocol.
So what does one do about it?
First always remember some guidelines:
- Typing online is forever (as it will likely be collected)
- Keep your typing precise with what you wanted to say and stand for
- Collected data becomes context-removed, so explain yourself well to maintain archival grade clarity
- Never presume anything online is truly private
- Obscurity is no protection from collection
We really shouldn’t treat information typed online different than what we put on the radio. Once released it is open book time.
There are some techniques to make extracting anything useful from our online typing harder, mostly by raising the overhead at sending and receiving through encryption. Except when encryption is being used to facilitate a crime, encryption is generally legal for usage domestically.
With enough traffic and with the accumulated small lapses in security we all have, eventually encrypted traffic can be read. Just the costs to do so went up.
As your unencrypted message is typed “in the clear” unless you do off-line encryption/decryption, that raw message may be gathered and sent separate from your actual email or text. Apps that offer end-to-end encryption still gather and later distribute an unencrypted raw message, which is a vulnerability.
As the days where only a percentage of internet traffic was collected have now changed to where all traffic can be collected (and likely is), retroactive-investigations and surveillance developed from the data mining of this massive amount of collected traffic.
The data set allows deep inspection of your online typing afterwards, in some cases years afterwards.
So if you become a “person of interest” your online information that was stored away, will be analyzed.
Brave New World, I guess.