It’s easy to feel that personal privacy is a dead issue. Once you go online, your every action is exposed, either through data lost in a breach or misuse by advertisers and online merchants. But don’t give up hope. You don’t have to go totally off-grid to retain or regain control of your privacy. Smart people around the world have come up with a variety of programs to attack the problem from different directions—creating apps that range from VPNs to email providers that don’t spy on you or share your data. You may have to lay out a little cash, but the alternative is using free services that pay themselves by monetizing your private data.
Like the internet itself, email was invented by optimists and academics who never dreamed that anyone would misuse it. Read someone else’s mail? How rude! Fill up inboxes with unwanted junk mail? They had no idea what was coming.
One type of privacy app aims to protect the content of your email conversations from snooping and tampering. Preveil, Private-Mail, ProtonMail, and StartMail let you lock down your communications using a technique called public-key cryptography. All but Preveil use a protocol called PGP (Pretty Good Privacy) to generate a pair of keys, one public, one private. To send me a secure message, you encrypt it with my public key, and I decrypt it with my private key. Simple!
Using Preveil is even simpler, though. A high-tech system involving what they call wrapped keys means you never deal with a key, public or private. It does also mean you can’t connect with users of other PGP-based services, but few consumers know how to set that up.
This public key technology also lets me send you a message that’s digitally signed, guaranteeing it came from me, with no tampering. I simply encrypt the message with my private key. The fact that you can decrypt it using my public key means it’s totally legit. ProtonMail and StartMail automate the key exchange process with other users of the same service, while Private-Mail requires that you perform the exchange yourself. With any of these, you can exchange secure messages with anybody who provides a public key.
Of course, not everyone has embraced public key cryptography for their email. With StartMail and ProtonMail, you can send encrypted messages to non-users, though you don’t get the same level of open-source security. The service encrypts the message using a simple password, and you transmit the password via some avenue other than email, perhaps a secure messaging app.
Virtru offers email encryption for free, but only if you use Gmail, and only in Chrome. Like Preveil, it handles key management internally, though it doesn’t use public-key cryptography. You send an encrypted message and the recipient clicks a button to read it, without either of you entering a password.
With the contents of your email conversations encrypted, no hacker can sniff out just what you’re saying. However, your email address itself is exposed any time you send a message, buy a product online, or sign up for any kind of internet-based service. That might not sound problematic, but your email address is typically your user ID for many sites. A hacker who finds your email and guesses your weak password now owns the account. And, of course, having your email address floating promiscuously around the web just invites spam.
But how can you communicate without giving a merchant or service your email? The solution lies in a simple technology called a Disposable Email Address, or DEA. The DEA service provides and manages these addresses, ensuring that mail sent to them lands in your inbox, and that your replies seem to come from the DEA. If you’re done dealing with a particular merchant, or if one of your DEAs starts receiving spam, you just destroy it.
Burner Mail, Abine Blur, and ManyMe are among the services offering DEA management. ManyMe is unusual in a couple of ways. First, it’s free, which is uncommon. Second, unlike most such services it doesn’t make you register a new FlyBy email (as it calls them) before using it. Say someone at a cocktail party asks for your email. You can make up a FlyBy address on the spot, without giving your actual email away.
Abine Blur takes the concept of masking your actual identity online to the next level. Besides masking your email address, it offers masked credit card numbers, different for each transaction. You load the masked card with exactly the amount of the transaction, so a sleazy merchant can’t overcharge you or use the card again. It even lets you chat on the phone without giving your actual number.
It’s worth noting that Private-Mail and StartMail also offer a modicum of DEA management. StartMail lets you manage up to 10 permanent DEAs, and an unlimited number of DEAs set to expire within two weeks or less. Private-Mail offers five alternate email identities, without full DEA management.
As they say, if you’re not paying, then you are the product. You can surf the internet endlessly without paying a fee to visit specific sites, but those sites still work hard to monetize your visits. Advertising trackers plant cookies on your system, taking note when a tracker from an ad on a different website encounters that same cookie. Through this and other tracking methods, they form a profile of your online activity, a profile that others are willing to pay for.
Some years ago, the Internet’s Powers That Be, recognizing that many users prefer not to be tracked, ginned up a simple Do Not Track message to be sent by the browser. This DNT system never became a standard, but all the top browsers adopted it anyway. It had no effect, because websites were and are free to ignore the header.
In place of the ineffectual DNT header, many security companies started devising active systems to identify and block ad trackers and other trackers. You’ll find this feature as a bonus in many security suites and some privacy-specific products. Abine Blur, Ghostery Midnight, and ShieldApps Cyber Privacy Suite offer active DNT. Unlike most such implementations, Midnight deters tracker requests in any internet-aware application.
The trackers, in turn, invented a different technique for identifying individuals across different websites, relying on the ridiculous amount of information supplied to each site by your browser. This ranges from your IP address and browser version down to minutiae like the fonts installed on your system. There’s so much information that trackers can create a fingerprint that’s almost sure to identify you, and only you.
So, what can you do? Make a liar out of your browser, that’s what. TrackOff mixes up the data sent from your browser so it’s different for each website. Cyber Privacy Suite also scrambles your fingerprint. Important info still reaches the site, but not in a consistent way that could be fingerprinted. Steganos Privacy Suite once included a component to foil fingerprinting, but the latest edition has dropped that feature, along with its active Do Not Track component.
Using a Virtual Private Network, or VPN, disguises your IP address but leaves plenty of data unchanged for the fingerprinters. Even so, keeping your internet traffic encrypted and having your IP address hidden are valuable ways to protect your privacy. In addition to their other privacy components, Ghostery Midnight and Cyber Privacy Suite include VPN protection.
Passwords are terrible, but we don’t yet have a universal replacement. For security, you must use a different non-guessable strong password for every secure site. The only way anybody can accomplish that feat is by relying on a password manager. Unless you use a different strong password for every website, a data breach on one site could expose dozens of your other accounts.
In a perfect world, you already have an effective password manager in place, and you’ve taken the opportunity to fix any weak or duplicate passwords. On the chance you aren’t already equipped, some privacy products have taken to including password management as a bonus feature. Abine Blur, for one, offers a complete, if basic, password manager. It even rates your passwords, giving extra credit for those logins that also use a masked email address.
You can get Steganos Password Manager as a separate program or as part of Steganos Privacy Suite. Either way, it’s not a standout. You’re probably better off with a top-notch free password manager. Cyber Privacy Suite seeks passwords stored insecurely in your browsers and moves them to encrypted storage, but doesn’t do any password management beyond that protective step.
Icloak Stik is a tiny, bootable USB device that provides you with an entire private operating system; more about that below. Within that private OS, it offers the One Ring password manager built into the Tor Browser. That’s important, because your existing password manager won’t work in the Icloak environment.
Just as your private data can be exposed in many ways, software companies find a variety of ways to protect it. One unusual service comes from Abine DeleteMe. Rather than create disposable email addresses, this service attempts to clean up your existing email and other personal data. It searches dozens of websites that legally aggregate public information. Wherever it finds you, it sends an opt-out request to remove your data. This process can’t be fully automated, so DeleteMe is relatively expensive.
Icloak Stik takes privacy to an extreme. You plug this tiny USB device into any PC, Mac, or Linux box and reboot. The Linux-based operating system that comes up resides entirely on the USB device. If you don’t need to copy any files to the device, you can pocket it after booting up. And you can hide your IP address by going online with the Tor Browser. Once you shut down the host device, all traces of your session vanish.
If a malefactor steals your laptop or otherwise gains access to your PC, your private data could still be safe, provided you’ve encrypted it. We’ve covered numerous products solely devoted to encrypting files, folders, or whole drives. Some privacy products broaden their protection by including encryption. Steganos Privacy Suite, for example, includes the Steganos Safe encryption tool, also available as a standalone product.
Private-Mail goes beyond the usual features of encrypted email by giving you an online area to store encrypted files. You can encrypt files using PGP or using a simple password, and you can even share your encrypted files with others.
With Preveil, storing essential files in your encrypted cloud is a snap. You just treat that cloud like any other folder. Sharing with other Preveil users is also easy.
Virtru doesn’t offer cloud storage, but it gives you unusual control over your messages and attachments. You can set messages to expire, disable secure forwarding, and add a watermark to some kinds of attachments. You can also convert attachments into a protected form that only the recipient can view, just like a Virtru message.
When you set up an encrypted email system or a disposable email address manager, your account password is a potential weakness. If you use an easily-guessed password, or if a stranger shoulder-surfs your login, you could lose control of your privacy protection. That’s where two-factor authentication comes in.
The concept is simple. With two-factor authentication, logging requires at least two of the following: something you know (such as a password); something you have (such as an authentication app); or something you are (such as a fingerprint). Quite a few of the privacy tools examined here offer a two-factor option, specifically Abine Blur, Burner Mail, Private-Mail, StartMail, and Steganos Privacy Suite.
All these products rely on Google Authenticator or another Time-based One-Time Password generator. To get started, you use your authenticator mobile app to snap a QR code provided by the privacy program. Enter the code generated by the app and you’re done. Now, your password alone doesn’t grant access to the privacy program. A password thief won’t be able to enter the code from your authenticator app, and hence won’t get in.
Preveil also provides a degree of two-factor authentication by the very nature of its encryption. Connecting to your encrypted mail is easy and automatic provided that you have access both to the email account and to a trusted device. An evildoer who cracks your email account still won’t gain access to your encrypted mail and files. And if you lose a trusted device, you can cancel your trust.
As for Virtru, it doesn’t require a password and doesn’t offer two-factor authentication. You prove your identity by logging into your Gmail account. That being the case, you’d do well to protect that Gmail account using two-factor authentication.
These aren’t the only programs for protecting your privacy, and this isn’t an exhaustive list of privacy-cloaking techniques. However, all these programs do their best to keep you safe from advertisers, spies, and creeps online.
via PCMag