We live in a world where the assumption of privacy has been non-existent for quite a long time. Whether its autocracies, corporations or some third entity you should take steps to safeguard your data and protect your communications.
Even in existing liberal democracies we’re seeing an increasing slide towards authoritarianism and fascism, and it is important to understand that the slide into those forms of government happen slowly until they happen very suddenly. The current political climate in the US is a solid example, and Europe is – despite what we might want to tell ourselves – not that far behind.
“Ultimately, arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
― Edward Snowden
Opsec is an abbreviation for Operations Security, and it describes a doctrine on how to safeguard information so it may be kept secret and not used against you.
Wikipedia defines it thusly: “Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.”
So, what can you – a civilian – do to protect and safeguard your information? It’s not really all that difficult or complicated. It might be depressing. Sorry about that.
First of all, assume that any and all communications and data is compromised by default. Work from there.
Use secure email. I recommend ProtonMail. You can use a domain they provide or your own. Proton is encrypted and secure email hosted in the EU, a political region with some of the strictest privacy protections on the planet (for the time being – local governments are doing what they can to circumvent EU regulations).
Use a VPN as often as possible. Proton provides VPN services. Others that I’ve found to work well are NordVPN (this is an affiliate link) and ExpressVPN.
VPN is an acronym that means Virtual Private Network, and is a means of encrypting and obfuscating your inline activity from your ISP.
This is especially relevant in countries like Denmark that have a telecommunications surveillance law (linked article is in Danish) in place. Assume all your activity online is logged.
Switch away from your ISPs DNS servers. If you use a VPN that will likely already have been handled for you. I recommend reading this article on how to get started on changing your DNS servers.
Use end-to-end encrypted private messaging. The only really good solution for that right now is Signal. Signal has a proven track record and is run by a non-profit with no commercial interests.
End-to-end encryption means that any messages sent are readable only by you and the recipients, but are heavily encrypted while being transmitted. Signal also supports configuring the service to automatically delete your conversations after a certain amount of time, so even if someone managed to crack your code and access your device, the messages would be gone.
Most countries now have laws in place that allow them to demand of you that you unlock your devices to allow them to search them. This is an obvious security risk, and given that high speed internet pretty much ubiquitous globally I highly recommend you delete sensitive files from your devices before crossing any border. You can always redownload them once you get to your destination.
And finally … remember, any service you use for free means that you are paying with your data.
I will update this post as and when I think of more stuff. If you have any ideas, comments or suggestions please feel free to send them my way, and I will include them here.