Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesnât want the whole world to know, but a secret matter is something one doesnât want anybody to know. Privacy is the power to selectively reveal oneself to the world.
â Eric Hughes, âA Cypherpunkâs Manifesto,â 1993
Vladimir Putinâs not-so-secret police wiretapped a strategy meeting between Russian LGBT activists and Western NGOs in St. Petersburg last month â then played the tapes on TV, as proof of a conspiracy. Thatâs no surprise. Whatâs surprising is that the Western NGOs didnât expect it. âSoviet-like surveillanceâ (to quote the indignant condemnations) is nothing new in Russia. The Soviet security establishment didnât ever curl up and die. The only innovation is that recently, instead of using the recordings for blackmail or prosecution, the regime hands them over to pet media for a public smear campaign. But everyone knows that tactic already; during the 2011 anti-Putin protests, âgrainy videos and audio recordingsâ were âleaked to Kremlin-friendly tabloids by security and law-enforcement agencies,â in âa concerted Kremlin effort to discredit and divide their opponents.â The organizers really should have seen this coming.
The truth is, those of us who work on sexual rights internationally donât always take our own issues seriously. We assume evil politicians donât truly fear us â that theyâre merely manipulative or opportunistic, using homophobia, whorephobia, or misogyny as trumped-up distractions from ârealâ concerns. We donât grasp our own power, or get that governments may see these issues as the real ones: that states could spend massive resources on repressing sexual dissidence with the same anxious fervor they devote to crushing separatism or stifling political dissent. Persuaded of our unimportance, we deprecate the actual dangers. But if that ever was justified, it isnât today. The Obama administrationâs broad and occasionally unhelpful ardor in playing tribune for LGBT groups worldwide, for instance, feeds fears that these minuscule movements are actually agents of alien geopolitics, hives of foreign subversion. And the US governmentâs own success in violating anybodyâs and everybodyâs privacy only encourages imitation, and revenge.
Everyone should worry about privacy. And you especially need to worry if either your work or your life contradicts society or law. You may run an NGO, or you may be an individual activist in a small town. You may be a queer checking Grindr in a country where gay sex is illegal; you may be a sex worker using Gmail to hook up with clients. You need to think about how you can protect your communications from prying ears and eyes â whether parents, roommates, or police.
Uninformed about information: Data from 2012 Pew survey on Americansâ search engine use, http://www.pewinternet.org/Reports/2012/Search-Engine-Use-2012.aspx
Technologies are available. Yet most people donât use them. There are three broad reasons for reluctance:
a) Theyâre slow. Secure browsers like Tor are a little lumbering; encrypting e-mails is a hassle. All I can say is, itâs less of a hassle than getting your group closed down, or winding up in jail.
b) Come on, why would they come after me? See above. They may already be after you. But even if the cops havenât noticed you yet, there are plenty of accidental ways to attract attention. Suppose, earnest HIV activist, that your laptopâs stolen â and when the police recover it, they discover that illegal porn video you downloaded. Suppose, mild-mannered sex worker, that one of the clients youâve been e-mailing works for Human Rights Watch â and is constantly watched and spied on in your country. Thereâs no lack of ways you can fall afoul of surveillance.
c) Transparency is a virtue. On principle, a lot of human rights activists donât try to hide from state surveillance, because, they say, they have nothing to hide. This is noble, but not workable. You may not have secrets, but people who trust you do. Members of your organization, people who come to you for help, may expect confidentiality â and may feel betrayed if you donât safeguard what they share. The landlord who rents to you, the guy who sleeps with you, the cleaning lady who scrubs the kitchen, could all get swept up in any scandal â smeared, shamed, or hauled into court. You have a responsibility to protect those around you and those who depend on you.
What follows are some steps to protect your electronic privacy, arranged roughly from the simplest to the most complex. I donât claim to be an expert  â the resources are gleaned from my own reading and use. If you have suggestions, or if you see something that wonât work, tell me in the comments or through email.  Privacy is like safer sex. Thereâs no absolute safety, only relative protection. Everybody has to gauge their own levels of acceptable risk. Keeping abreast of changing technologies for both surveillance and safeguarding is vital. The best way to protect your information is to be informed.
Things you can do:
1.  Clear your browserâs history. Browsers store copies of the web pages you visit in an area called the cache. Moreover, many pages automatically deposit a little turd of information called a cookie on your computer, which lets them recognize you when you return. Both these allow anybody with access to your computer to reconstruct what youâve been viewing. I know dozens of people whose families or bosses have uncovered their sexual orientation simply by checking the browser history.
If you use a computer that anybody else might share, whether at home, at work, or in an internet cafe, you should clear the browser history regularly, preferably after each use. Itâs not perfect â ultra-skilled geeks could still figure out what youâre been doing â but it frustrates most intruders. Good guides to how to do this, for the most common browsers, can be found here, and here, and here.Â
2. Â Realize that Facebook is not your friend. Â Facebook causes too many headaches to count. But this one is really serious.
Go to the search bar and just type in: âGays in [your country]â â you know, as if you were looking for a group, or a page describing the local scene. What youâll get will be quite different:
Itâs raining men interested in men, and women also
Thereâs a parable here about identity construction in the digital age. Facebook automatically takes the button that asks you what gender youâre interested in â one that a lot of people click in fun, or assume to refer to friendship rather than sex â and translates it into being âgayâ or not. More ominously, though: The results youâll get wonât be limited to friends, or friends of friends. Youâll get a list of every man whoâs âinterested in menâ in [your country] and who didnât bother to make that particular part of their profile private. Itâs convenient if youâre gay, and looking for an alternative to Grindr. Itâs also convenient if youâre a policeman, and homosexual sex is illegal in [your country], and youâre looking for a way to track down or entrap the guilty and throw them in jail.
This is all the upshot of Facebookâs new âGraph Search,â a terrifying new feature that puts security on a bonfire and lights a match. It allows you to mine the deep structure of the site â to pluck information out of profiles that, as profiles, are invisible to you. Itâs a âsemantic searchâ (unlike old-style Google); it doesnât just take the words you enter literally, it tries to infer what you mean â hence the leap between âinterested in menâ and âgay.â Itâs nasty and clever and it doesnât give a fuck about your safety.
Itâs called âGraph Searchâ because semantic search builds âa graph of information for the user that pulls insights from different formats to create an over-arching viewpoint related to the original queryâ ⊠blah, blah. More simply: Facebook employs the little bits of data â âlikesâ and âinterested insâ â from all those profiles to map out commonalities between its customers. But this isnât really done âfor the user,â though itâs sold to you as a way to share lovingly with your loved ones and learn lovely things about everyone. Itâs done for Facebook and its advertiser-clients, to divvy up users by their desires and assemble a picture of diversified markets open for advertising and exploitation.
Apt pupil: I know what you did last summer, and with whom. © Dominic Lipinski/PA
Thereâs a whole Tumblr blog highlighting the information, from eccentric to creepy, that Graph Search can turn up. You can look for âEmployers of people who like racismâ; you can root out âMothers of Catholics from Italy who like Durex condoms.â But folks whose private lives put them in danger wonât laugh. âGraph Searchâ makes state repression easy. Human rights advocates ought to give Facebook hell. The search unearths, for instance, 258,285 results for âMen who are interested in men in Iran.â Somehow this has failed to elicit any objections from the usual obsessives over the Islamic Republic (theyâre all on Facebook right now, busy searching for âMen in London who like men and like to read press releasesâ). But if an enterprising religious policeman in Tehran figures out how Graph Search can further the torture business, Facebook will have blood on its hands.
What can you do? The only way to remove yourself from Graph Search is to make sure that each item of information on your profile is marked âprivate.â To repeat: the universal privacy setting that could sequester your whole profile is gone now. Youâve got to do this step by step:
a) Go to each item in the âAboutâ section of your profile, and if thereâs anything you donât want strangers to see, either delete or change it, or make sure the privacy setting is limited to âFriends.â
b) Check on every photo youâre tagged in. If you didnât post the picture, its visibility depends solely on the privacy settings of the person it belongs to. If you donât want it seen or searched, ever, youâll have to remove the tag.
c) You can review all the comments youâve made on Facebook by going to your Activity Log â sort it by Comments (look on the left side).  If youâve commented on somebody elseâs photos or timelines, you canât change the privacy settings â but if you donât want the comment seen, you can delete it.
d) You can still change the privacy settings globally for all the old posts on your timeline. Click the gear icon at the upper right of your screen; select Privacy Settings. Under âWho can see my stuff?â youâll find the option to âLimit the audience for posts youâve shared with friends of friends or Public.â Thatâll let you make them private at one fell swoop. Another option there allows you to review all your past posts if you want to decide on them one-by-one.Â
Thereâs a good overview of these methods here.
3. Use Tor. Tor is a downloadable bundle of software that includes its own browser. When you use the browser to access the Internet, the information you receive or send bounces through a global network of thousands of relays â thousands of other computers â and is encrypted over and over. All the encryption makes it very hard to intercept the data in transit; the rerouting makes it almost impossible to find its origin. All this means that unfriendly eyes canât detect your location, or trace your posts or visits or messages back to you.
Adapted from http://www.torproject.org
The chart shows how. Ordinarily, if Alice up there sends someone an email or accesses a web page, those on the other end can find out the Internet address sheâs using. However, if she uses Tor, the recipient (âBobâ down below, or any watchers on Bobâs end) can only see the address of that last relay, or proxy, in the extended network: not Aliceâs own.
Edward Snowden in exile, with sticker on his computer supporting the Tor Project: from nyti.ms/18oyv9Y
Tor (the name stands for The Onion Router, representing the layers of protection that an intruder would have to peel away) was developed by the US military, and the State Department still funds its nonprofit promoters as a way of supporting what America otherwise opposes, Internet freedom. But itâs so independent and impenetrable that (according to national security documents Edward Snowden leaked) even the US government is intimidated; they call it âthe king of high-secure,â anonymous Internet access. Itâs open-source, meaning a team of elves is always at work to fix any vulnerabilities. Like most open-source projects, it has a cooperative and collective spirit. In fact, you can volunteer your own computer to serve as one of the relay points â though I donât recommend this, because if the system ever is cracked, you could conceivably be held liable for anything illegal other users might send through your terminal.
There are three main limitations:
a) Tor is not fast. All those relays slow things down. Moreover, Tor blocks plugins like Flash, Quicktime, and RealPlayer, because they can bug up the browser and reveal your real address. You need a special fix to get it to play YouTube videos.
b) Obviously, it wonât conceal your identity if you log into e-mail or any other service. Itâll just hide what Internet address youâre writing from.
c) If your government knows where you are to begin with, it could still find ways to get at your computer and any information youâre sending from it. Similarly, Tor canât protect whatâs on the computer or server at the other end, the one youâre communicating with. Only the transmissions in between are encrypted and secure. Look at that chart again: Tor doesnât encrypt the last stage of traffic, between the âexit nodeâ (the last relay point) Â and the target server. If you want to be more secure, you need to use so-called âend to endâ encryption such as PGP (below), which encodes your messages from the point you create them until the intended receiver reads them.
Nonetheless, Tor remains a crucial tool if you want to browse the Internet anonymously. Download it free here.Â
4. Encrypt your hard drive. Â You should protect yourself on your own end by keeping all or part of your computer encrypted. Anybody unauthorized who tries to open it â a hacker, a policeman, a thief â wonât be able to read the information you store in encrypted files. The data can only be made readable with a âkeyâ â that is, by entering a code that activates decryption. So the main thing is; never give away (or forget) your key.
Laptop lockup: Data in chains
No encryption system is perfect. Governments â particularly the resourced and intrusive ones, like the US, China, or Israel â are always looking for ways around the codes. The US National Security Agency spent billions on what it called âan aggressive, multipronged effort to break widely used Internet encryption technologies.â This included $250 million a year bribing corporations â sorry; I mean âactively engag[ing] the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial productsâ designsâ to make them âexploitable.â Paying them, that is, to put holes in the stuff they sell. A quarter of a billion buys a lot of cooperation. Microsoft, for one, now has a policy of providing âintelligence agencies with information about bugs in its popular software before it publicly releases a fix.â
The lesson: Donât waste money buying âproprietary,â corporate encryption systems. You have no way of knowing whether theyâve obligingly built a back door into their ramparts for US spies to pry. (And you donât know whether the US has shared those Trojan portals with your government, if itâs an American ally. Or, if itâs not, perhaps your local spies have managed to copy US anti-cryptography shortcuts: Americans seem better at stealing othersâ secrets than concealing their own.) Paradoxically, open-source software is safer precisely because its code is out there on the net for anyone to see. If a government tried to insert malware or sneak in a weakness, somebody probably would notice. And it âis in a constant state of development by experts all over the worldâ â meaning that a lot of beautiful minds are fixing and fine-tuning it all the time.
Here is a helpful list of five trusted file encryption tools. Many experts recommend TrueCrypt, which works with Windows, Mac, and Linux, and is free. (Reportedly, Edward Snowden used it to smuggle information on his hard drive.) It can encrypt files, folders, or whole drives. It can hide encrypted volumes for additional security. It does âreal-time encryption,â meaning it decrypts and encrypts material as you work. This simplifies things for you; true, it can slow your computerâs speed somewhat, but not much â âthe performance penalty is quite acceptable,â one independent review found. You can download TrueCrypt here.Â
5. Encrypt your emails. Email encryption is like riding a bicycle. Itâs difficult to explain it to those who havenât tried it, without making the doer sound either superhumanly agile or insane. (âMounted upon the high saddle, commence revolving your legs in circular and rhythmic motion, an agitation that simultaneously ensures the balance of the inch-wide wheels and propels the mechanism forward âŠ.â)  Describing it is way harder than doing it. Bear with me, and try not to be too terrified, while I try.
Two keys needed: PGP
First, background and basics. The standard form of email encryption is named âPretty Good Privacy,â or PGP.  Phil Zimmermann invented it in the 1990s. Cryptography, he wrote, is âabout the power relationship between a government and its people. It is about the right to privacy, freedom of speech, freedom of political association, freedom of the press, freedom from unreasonable search and seizure, freedom to be left alone.â The anti-war and anti-nuke movements were his particular passion, and he intended the tools for them. âPGPâ has since been trademarked by a company selling a proprietary variant, but thereâs a range of free, open-source versions; one, called GnuPG or GPG, is available here, and others are at the International PGP home page.
E-mail encryption relies on a sender and receiver sharing tools that let them both encrypt messages and decode them.
These tools are called âkeys.â When you install the program, youâll be asked to set up two keys â strings of characters that perform certain tasks. You will have a public key, and a secret key. Anybody can use the former, but the latter will carry a password so that only you can activate it. You must share the public key with your interlocutors â anyone who wants to send you an encrypted message needs to have your public key first, because thatâs what will encrypt it for them. And youâll need that personâs public key to write her in return. People who have PGP on their computers can communicate easily as long as they have each otherâs public keys.
So letâs say Faisal wants to send you a note. Faisal will use your public key, which youâve given him, to encrypt the message in a code thatâs readable to you alone. Though your âpublic keyâ performed the coding, the message is far from public: that key is cyber-twinned with your secret key, so that only your secret key can decode what it says. Youâll reply using Faisalâs public key, in a message he can only decode with his secret key. You can also apply your secret key to âsignâ that message digitally, so Faisal will know itâs authentically from you; itâs like a seal on an old-fashioned letter, showing that nothingâs been tampered with in transit.
Sealed letters: by Cornelis Norbertus Gysbrechts, 1665.
Several things make all this extra cumbersome.
a) You can only communicate with people who have both the software and your public key. So youâre obviously not going to encrypt all your e-mail communications â just the sensitive ones with folks who share your line of work. Some commercial âkey authoritiesâ compile online directories of usersâ public keys, like phone books. Â Rather than relying on those, though, youâll probably form circles of colleagues and co-conspirators who share each otherâs public keys â âweb of trustâ is one term for this, a phrase that manages to combine Zen touchy-feeliness with faint paranoia.
b) You can only use PGP on the computers where you have it installed. If you get an encrypted message on your phone, you wonât be able to read it till youâre sitting at the computer that has your secret key. If youâre travelling and left your laptop behind, youâre screwed.
c) PGP encryption doesnât function well with web-based mail services like Gmail or Yahoo. (Recently developers have come up with a JavaScript version of encryption that theoretically fits with your web browser, but itâs clunky at best.) Instead, youâll want to use an e-mail client à la Outlook. The most popular one specifically designed for encryption users is called Thunderbird; itâs free, it works with Windows, Mac, or Linux, and you can set it up to receive your Gmail. A basic introduction to Thunderbird is here.Â
Email encryption is complicated, though once you and your correspondents get used to it, things will seem more natural and routine. Its advantage is that it safeguards information through the whole process of transmission â end to end, unlike the partial protection Tor offers.  You can find more detailed descriptions of how to use it here and here.
6. Go off the record. Millions of people worldwide used to entrust Skype with their long-distance intimacies and secrets. We now know, though, that the corporation has routinely handed over recorded conversations to the US and Chinese governments.
Off the Record (OTR) is a safer alternative. Itâs a system, somewhat similar to PGP, for encrypting instant messaging over most of the major chat networks. Yet itâs much less cumbersome than PGP, and lets you communicate quickly in real time. Do not confuse OTR with the âoff the recordâ feature in Googleâs own instant messaging service, which is only as secure as Google itself â that is, not very; US state security, after all, has figured out how to trawl data from the giant corporationâs communications links. OTR encryption is really off the record, and offers you important protections.
The revolution will not be recorded: LP confidential
To use OTR, youâll need to download and install an instant-messaging client: either Pidgin or Adium. Pidgin is a free program that lets you chat with friends over the Google, MSN, Yahoo!, Jabber, and AIM networks.  Adium is very similar, but specifically made for Mac. Adium has OTR built in. For Pidgin, you just have to add a special OTR encryption plugin.
From there on, itâs quite simple. All thatâs required is that the person you want to chat with also have Pidgin or Adium, with OTR activated. OTR does two things for you: It encrypts the conversation, and it also lets you verify your messaging partnerâs identity. (This verification formerly required exchanging a âfingerprint,â a trimmed-down version of PGPâs public keys, but recent versions of OTR simply let you use a previously-agreed-on secret word.) OTR encrypts your messages almost automatically: the two sets of software swap the necessary codes and mumbo-jumbo pretty much without either of you humans noticing.
Good luck, unless you have the software
OTR has one additional advantage that PGP e-mail doesnât. For each chat session, the software creates a unique encryption key, then âforgetsâ it once the chat is over. This means that if your OTR account is compromised â if, for instance, somebody steals your computer with your chat program on it â nobody can recover and decrypt any past conversation. Effectively, those fleeting words are gone forever. This is called âforward secrecy,â and it bestows the peace of mind that forgetfulness fosters. (In PGP, by contrast, someone who obtains your private key could decode every single encrypted e-mail youâve saved.)
OTRâs main drawback is that itâs only one-on-one, and still doesnât allow group chat. For a basic overview, see the OTR website; more detail on the program can be found here and here.
In conclusion
We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.
â Eric Hughes, âA Cypherpunkâs Manifesto,â 1993
Big brothers doing their special dance: Nicolae CeauÈescu and Kim Il-Sung
In the early 1990s, I taught for two years in Romania. The apartment I lived in had been the American lecturerâs residence since the mid-1960s; microphones riddled it, so many that at night I thought I could hear the wiretaps faintly clicking like sickly crickets, and I got an electric shock when I touched one particularly wired stretch of wall. The last Fulbright professor whoâd served before the Revolution told me how he and his wife decided, in the cold November of 1989, to host a Thanksgiving dinner for their Romanian colleagues. It took them days to find a starved excuse for a turkey; then they faced the dilemma of making stuffing, when no vegetables graced the market at all. Theyâd spent a day in the kitchen debating the difficulty, till someone knocked at the door. A little man hunched outside, bundled against the wind. Springing into speech, he hinted that some colleagues â well, cousins, who intimately attended to matters about the flat, had phoned him regarding a problem here that, perhaps for a fee, needed fixing. He gestured vaguely at a tall-antennaed car parked (as it was always parked) down the road. âI understand,â he said, âthat you are discussing how to stuff a bird. I can help. I am a licensed taxidermist âŠâ
It was funny, and not funny. When I lived there the city still roiled with ethnic hate and nationalist hysteria. As a gay man and a human rights activist, who visited prisons on most off days, I was an object of exceptional interest. The secret police called in a friend of mine, and interrogated him about every syllable of our conversation the night before in my living room. They warned him I would recruit him into âa spy ring of Hungarians, Jews, and homosexuals undermining the Romanian nation.â I went to the United States for a couple of months that summer. Showering in the cramped bathroom in my fatherâs house, I started talking idly to myself, then stopped in terror: Had I repeated a secret? What if they were listening? The surge of relief when I realized there were no ears around was as if a dam burst behind my tensed muscles. I realized the constant and intolerable pressure Iâd lived under for a year, always watched, always overheard.
In the age of paper: Pre-revolution surveillance files preserved at the National Center for Studying the Securitate Archives, Bucharest, Romania (© Bogdan Cristel/Reuters).
The same year I settled in Romania, 1992, a few radical computer geeks in San Francisco started a mailing list that eventually grew into the Cypherpunk movement. Loathing of state surveillance drew them together, and a belief that technology could forge tools to resist. Their ideology was a remarkable faith that code should be public and knowledge shared so that people could stay private and intimacy stay intact:
Cypherpunks write code. We know that someone has to write software to defend privacy, and since we canât get privacy unless we all do, weâre going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide.  ⊠We know that software canât be destroyed and that a widely dispersed system canât be shut down.
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nationâs border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
Thereâs a lot of our world in that manifesto.
Electronic technologies âallow for strong privacy.â But they also destroy it, at least when states and corporations wield them. I used to feel innocently sure in the US that the listening ears werenât there; I wouldnât feel it now. That watchfulness, inculcated in the bone, is the condition we inhabit; that no-manâs land is where we live.
The struggle between computer and computer, to see and not to be seen, is the new arms race and Cold War. Unless you want to drop out, turn Unabomber and settle in a cabin with the wires all cut, paranoiacally interrogating and torturing your carrier pigeons, you have to take a side. Choosing the technologies of privacy is about as close as you can come to choosing freedom. Yet it means living walled in by technologyâs protections. The tension wonât go away.
I hear you: Gene Hackman listening, in Francis Ford Coppolaâs The Conversation (1974)
