Security

Government Surveillance Defense: Is It Possible?

By Sydney Butler / July 4, 2019

Is there such a thing as government surveillance defense? After all, they have more money and power than any mere mortal could hope to fight against, right? While new technologies and a history of questionable laws make it a tough fight, keeping the government out of your business is not impossible.

You might think that, since you have nothing to hide, it doesn't really matter. Only people who have something to hide should care about the government prying into their lives, right? The truth is that privacy is something that you lose if you don't work to protect it. To have the freedom and dignified life, keeping the state out of your business is essential. It's so important that it almost reaches the point of becoming a civic duty. Here, we're going to look at the practical things you can do to protect yourself from the powers that be. The various intricate components of crafting a government surveillance defense strategy.

Embrace Encryption

Torrent Encryption Guide

Encryption is a set of methods that allow a message to be scrambled in such a way that only the person it's meant for can read it. Modern digital encryption is so powerful, that brute force methods of breaking it are basically impossible. Yes, even governments with all their money and resources have no hope of breaking even the everyday encryption normal websites use to secure themselves. Which means you should embrace encryption technology to secure everything you say and do. It's not a magic bullet that will protect you 100%, but proper use of encryption can get you 99% there. Let's unpack what you need to do in more detail.

Tor and VPN Technology is Essential

Image Source: torproject.org

Most of us primarily interact with the internet through our web browsers, but it turns out our browsers betray a ton of personal information. Information that the state can often find legal avenues to collect.

Luckily there are secure ways to browse that are basically impossible to breach from the outside.

The Onion Router or Tor is an Open Source, a modified version of FireFox that pushes all your browser traffic through the highly secure Tor network. This is a network of volunteer computers that randomly shuffle your multi-layer encrypted data packets from source to destination. The end result is that no one along the chain can tell who you are or where you're from. Your ISP can only see that you are connecting to Tor, but not what you're doing there.

That can, however, be a problem, so it's a good idea to combine Tor with a VPN (Virtual Private Network) to get a more complete umbrella of protection. If you use a VPN then your ISP has no idea that you are connecting to Tor. It also means adding an extra layer of anonymity to Tor, since the first Tor node only connects to the VPN server, not your computer.

While Tor is free to download and use, you'll have to stump up a small amount of cash for a VPN subscription.

Cryptocurrencies Have Their Uses

bitcoin_giveaway

You've probably heard about Bitcoin and even perhaps how most world governments aren't too thrilled about it. There's a good reason for that since cryptocurrency uses the power of encryption and a decentralized ledger to make banks unnecessary in the process. The government has a vested interest in what goes on with our finances. The main thing they say they care about is controlling crime, which is why you can't take more than a certain amount of cash with you when you get on a plane or cross a border. Cash is pretty much anonymous, but we're becoming a cashless society. Crypto provides something similar to cash when it comes to privacy, which takes away control from the state.

While Bitcoin itself is pretty much no longer anonymous if it ever was, newer coins such as Monero does a much better job and if you want to make a transaction that doesn't leave digital breadcrumbs leading back to you, it's a viable option. Crypto might not be mature enough for day to day use, but it has its uses for specific transactions that you want to keep private.

Full Disk and Device Encryption

Hard Drive

Whether its a phone or a laptop, support for full disk encryption is pretty much universal these days. There's no real performance impact, so there's no reason not to make use of it. In fact, your iOS device was probably fully encrypted as soon as you set a passcode. Many Android devices default to encryption as well. Either way, it's a good idea to check and ensure that all your device storage is encrypted. That includes USB drives!

Use Signal

Signal Messaging App

Image Courtesy of Getty Images

The Signal is an end-to-end encrypted chat application that has made headlines for how it blocks governments from accessing private communications. Using Signal you can send just about any form of media, including VOIP calls, with almost 100% assurance that no one is listening. It's an Open Source project that's free to use and has revolutionized the fight for privacy, against government surveillance. Something that, for example, the Trump administration doesn't like.

Encrypt Your Cloud Storage

Boxcryptor

Boxcryptor Illustration

In the old days, you'd back up data to an external drive or carry it around on a thumb drive when you had to take it somewhere. Now, we tend to use online drives. Services like DropBox or Google Drive make it easy and safe to store your info. The problem is that, once the data is out of your hands, you don't control the privacy anymore. Yes, Google (for example) might promise today that they won't expose your files to the state. However, that might change at any time in the future. So it's a good idea to encrypt the most sensitive information you put into cloud storage before you upload it. You still get the advantage of cloud storage. It's just that the provider can't peek even if they wanted to.

Be Careful With Email

Nearly Half of All Business Email Attacks Request Money Transfers - Barracuda Networks

When email was invented, people were not too worried about internet security. This was mainly because the only people on the internet were known and trustworthy. The military, universities and a select few other big players had access to this new technology, but no one else. Today, half the world's population is online and that means the risk is exponentially higher.

Modern email, through services like Gmail, is actually pretty secure. However, it's still only a band-aid placed on a fundamentally insecure system. You should only use email for the most innocuous reasons or to simply establish contact with someone. Everything else should happen on a channel with end-to-end encryption that leaves even the service provider blind to your message content. If you must use email, try to make use of anonymous email services.

Kick Your Social Media Habit

Social media is one of the newest and hottest applications on the web. People love socializing and social media has essentially weaponized this phenomenon. Which means that billions of people are now voluntarily putting a treasure trove of personal info out on the web. While it is possible to use social media privately to some extent, it's probably best if you did not use it at all and stuck to more private ways of hanging out with other people online.

Take Security Updates Seriously

While the government might want to have a peek at your personal information in the name of security or something, the companies of whom you are a customer actually have a vested interest in protecting your security. After all, if another provider did a better job of keeping security standards up, people would leave in droves.

Which is why you should never ignore security updates. When that little exclamation mark pops up in your notifications or Windows prompts you to install a critical security update, take a few minutes and do it. When new vulnerabilities are discovered, people who have not patched the problem out are likely to be targeted by an army of hackers who have suddenly become aware of a new way into your system and information. Updates can be a pain, but security updates are always worth the minor hassle of installing them.

It's not just computers and smartphones either. Every smart device that you own should be periodically checked to make sure there are no weaknesses. That includes stuff like smart TVs and IP cameras.

Cover Up Your Webcam

Taped Up Webcam with Eyes Spying

You've probably seen this in the picture - people who put pieces of sticky tape over their built-in webcams. It may seem a little paranoid, but the truth is that many webcams are eminently hackable. If you have a device with a built-in webcam, go ahead and cover it up. If it can be unplugged, do that instead.

Go Open Source

When you buy software that's locked behind proprietary licenses, it makes it very hard to know if there are any privacy issues with that software. Specifically, there's a risk that a "back door" could be placed in the code, allowing the developer or the government access to personal information.

With Open Source software, all source code is published openly. This means that the community can audit the code and make sure there are no issues with its privacy. So where possible, it's a good idea to make use of Open Source software that has been looked over by an army of people with no vested interest in breaching your privacy.

Be Careful With IoT Devices

Amazon Accidentally Leaks User’s Alexa Recordings Due to “Human Error”

Image Courtesy of Amazon

All devices are now, slowly but surely, becoming smart devices. That means they have some sort of onboard processor, sensors and an internet connection. From smart thermostats to smart security cameras, it's all gone hi-tech now. While that makes for a wonderful Jetsons-like world, it also means that those same devices can be used against you as surveillance tools. We're not saying you need to eliminate all smart devices, but you should consider whether a particular appliance really needs to be a smart appliance or not. Also, consider who made this device and whether they have good security measures in place. After all, the news that some devices manufactured in the East have government bugs put in them is more than a little worrying.

Avoid Biometrics

digital_fingerprint

Tapping in passcodes or those annoying patterns can be a real chore, so it's understandable that the ease of using a fingerprint or iris scan is appealing. However, there are plenty of issues with biometrics as a way to secure your information. Even if your device is fully encrypted, it means nothing if you can unlock it just by placing your finger on the sensor. Which means if you are ever taken into custody, the officers can do just that with ease.

Yes, there are kill switches that will instantly disable biometrics, but you need the opportunity to use them. It's far safer to never enable them in the first place.

Powerful Passwords

facebook_email_password

If you can't use biometrics, the only other viable option is a strong password. On mobile phones, the four-digit passcode is still in use, but on some systems, you are now required to use six. Combined with a very limited number of retries, and it's very unlikely that anyone will guess the code before the phone permanently wipes itself. Of course, law enforcement has figured out some ways around this. Such as cloning the encrypted disk and then applying brute force methods to the passcode. Cracking a passcode that only uses numbers is something that can be done in a few hours. The iOS cracker Gray Key can reportedly crack a 6-digit iOS code in 11 hours. From 6 to 10 digits and it will take years. Make it 10 digits and alphanumeric and it won't happen in your lifetime.

For services such as email where you get to make a password, it's best to use a password manager that can generate strong passwords and then store them securely. Even state supercomputers don't yet have the horsepower to defeat these measures, making it effective government surveillance defense.

Consider App Permissions

We are all basically married to our smartphones and the app that make them worth using. Of course, as with any software you need to make sure you only install applications you trust. Google and Apple do a decent job of keeping apps off their storefronts which contain malware. However, that doesn't mean "trusted" applications can't still be used by the state (and other bad-faith actors) to spy on you. When an application asks for specific permissions, get out of the habit of simply saying yes to everything. Think carefully about what the app is meant to do and if it really needs that specific permission. You might not also have a use for the app feature that requires that permission, so never grant it permission if not needed.

Background permissions in particular can be suspicious. While it might make sense for an app to track your location while you have it open, background tracking might not. That's just one example and modern mobile operating systems allow you a high level of granularity when it comes to assigning permissions to apps. Considering that some apps might in fact be state-sanctioned trojan horses, it's worth taking control in this way to bolster your government surveillance defense plan.

GPS, WiFi, Bluetooth, and other Tattletales

While our smartphones, tablets, and laptops are incredibly useful, they are also the equivalent of carrying a tracking device with you at all times. Just a quick glance at your Google location history can be shocking. Most people are probably unaware that Google is storing all their movements via Android, even when you weren't using the GPS. While GPS provides exact location data, other wireless technologies can also be used to estimate your location.

For example, which WiFi networks your phone is close to is information that mobile operating systems can use to make location data more accurate. The same thing goes for Bluetooth beacons that might store a log of which devices passed by them. Even your normal cellular connection will tell someone which cell towers you are close to. While your phone isn't all that useful if you switch off all the wireless functionality, you might want to keep this in mind if you're traveling to a place which you'd rather want to remain private.

Signal Blocking Methods

You can switch your phone to airplane mode or selectively disable some technologies, that doesn't mean you are entirely safe. After all, you're just toggling a digital switch. If your phone has been hijacked by software such as Cerberus, it can just switch all these tracking systems on again. Without you even knowing it.

The only surefire way temporarily disable your phone is to remove the battery and ensure there's no power. Of course, many modern phones don't have removable batteries. So you'll have to put the phone into a shielded bag that acts as a portable Faraday Cage. Obviously, the phone won't be able to send or receive anything while in the bag, but that's sort of the point.

Use a Digital File Shredder

Shredded Documents

When you delete something from your hard drive or removable storage, the data isn't actually gone. That's thanks to the way that file management systems work. All deletion does is mark that part of the drive as being available to write over. If it doesn't get overwritten, then it's trivial to use recovery software to get it back.

When you get rid of drives that are still working, you should run military-grade erasure protocols on it as a powerful government surveillance defense. To ensure that none of your old data can be recovered. You should also use digital file shredding software to properly destroy sensitive information you want to delete from your computer. You can also use such tools to shred all the free space on your drives. So that everything you've deleted in the past stays deleted as it should.

If you follow this advice, it doesn't matter if someone infiltrates your computer with malware or physically accesses it while you are away. The data is gone forever.

Set Up a Deadman Switch

One of the most extreme measures you can take against state surveillance is the creation of a "deadman switch". This is a system that needs you to regularly reset it to prevent some sort of action from taking place. So if someone happens to prevents you from resetting the clock, it will act on your behalf and do its pre-programmed task.

A common use for deadman switches is the deletion of data, with proper file shredding. It may involve sending information you don't want to get deleted to the press or other trusted sources. it doesn't matter, as long as it does what you need it to if you become incapacitated.

Defeat Facial Recognition

Modern machine vision systems can detect and recognize faces caught on camera in seconds. This means that as soon as you step out into public, your whereabouts can be tracked automatically. A scary thought, but these systems are not foolproof. There are various methods to confuse and defeat facial recognition systems and it's a good idea to review them for future reference. This is going to become essential to any government surveillance defense.

Change Your Thinking About Government Surveillance Defense

If it isn't clear by now, you should realize that government surveillance is happening along multiple vectors. They are trying to tap your information at every level. New technologies mean you don't even have to be important to get caught in the web. That means your risk profile calculations have to change as it becomes easier for them to watch everyone. For now, that's no impossible task. But we also have to worry about the state using future technology retroactively on our digital histories. Hopefully the various issues we highlighted in this article will help you understand the scope of the issue. Allowing you to develop a government surveillance defense that fits your specific needs.

What do you do for a little more government surveillance defense? Let us know in the comments. Lastly, we’d like to ask you to share this article online. And don’t forget that you can follow TechNadu on Facebook and Twitter. Thanks!



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: