Open-Source Rocks! Pt.2 Privacy

By Elliot Smith on June 25th, 2017

Disclaimer: I am not an expert in open-source software, in fact I have only just fully embarked across the sea of open-source freedom. In this particular article I would also like to make it clear that I am also not a privacy or security expert. I would also like to say that not all tracking is necessarily bad, but it's good to be aware of.

So it's tin-foil hats time as I start to delve in to the deep, dark world of data privacy and online security and how open-source software can help maximise those things for you.

In case you don't know or haven't heard, or maybe even forgotten - THEY'RE WATCHING YOU. When I say "they", I don't just mean governments, I mean everyone. Obviously this doesn't include your neighbour's dog, but you never know, have you looked outside recently? Anyway, yes it's true, companies, governments, employers, they're all watching you and in some ways you might find surprising. I have recently been interested in privacy in the digital age, and whilst I'm no Richard Stallman, I think the first key is the operating system you are running.

From the base up

Lets start with the base level, your operating system - if you are reading this on a Windows 10 or OSX operating system then unless you've taken any precautions already your computer or laptop will be "phoning home" every now and again to send "anonymous" data to the company's servers in order to "improve your experience". For Apple/ OSX users, this is mainly through the use of Spotlight Search, whilst for Windows 10 users it is a bit more thorough and complex. However, even though there seems to be more privacy concerns with Windows 10, these are well documented and can easily be found and turned off through a quick google. On the other hand, Apple's extremely closed eco-system makes it very difficult to know what is going on and when and how. If you want to have a look at some of the extents taken to secure a Macbook, this guide will take you through the many steps involved.

There have been reports that Apple had left a major security flaw within their iTunes software 3 years after being told about it. There had also been connections made to the British government's usage of such a vulnerability. This, to me is scarier than the numerous privacy flaws within Windows 10. At least with Windows 10 I know that a lot of my data is being collected and I can lessen it through a GUI application or download an open-source tool from github to lessen all the known problems. But when a company is knowingly leaving security vulnerabilities within a program which they control for 3 years and not openly saying to users why, that's when my eye-brows begin to raise.

Whilst there have been issues in the Linux world with Ubuntu and their spotlight-like service, dash-search as well as an associated Amazon application, these privacy concerns have been quelled. Now, Ubuntu does not send any data used in the dash-search by default. This is the advantage open-source has generally, people can openly see what the program is doing and if they don't like it it can be altered to suit their needs.

Glorious Google

Let me preface this by saying I use Google services, I use them a lot. Heck, I'm even writing this post on the open-source version of Google's browser Chromium, but I eventually want to start decreasing the amount of services I use from them. Why, you might ask? The blunt truth of it is, whilst Google try to tout themselves as a technology company, they are an advertising company first and foremost, in fact 77% of Google's revenue in 2015 came from advertisements.

This isn't a big issue when you look at it from a company stand point and how they make money, but becomes more of a scary thought when you start thinking about the information they can access about people whom use their services be it using their search engine or using their hugely popular email service. All this information is indexed and related to you, hence the targeted ads most people see in their search results and email interface. It makes sense for them, the more targeted the advertisements are for you, the more likely you'll be interacting with them. Facebook uses the data it has about you for similar targeting.

What can you do for you search and email needs instead? Well for search there's DuckDuckGo, for email there aren't many free options out there, Proton Mail is one, but that comes with its own issues. If you're willing to pay a bit then Kolab Now would be a good one. Otherwise if you're wanting to shout and swear at your computer screen you can look in to hosting your own mail server with something like Postfix, which is what I have done for the email addresses connected to this website. As I say though, this is definitely not something for the non-technically minded to pursue. I will probably end up writing a bit of a how-to guide about hosting your own mail-server at some point though, so keep your eyes peeled. In general email is not a secure protocol, so if you do have sensitive information to send, you probably shouldn't be doing it through email.

If you're wanting to anonymise you internet traffic to some degree look in to a VPN or TOR. Of course there's always the possibility that your anonymity can be comporomised whatever you do. If you decide to join a VPN service just make sure you do your research and ensure they do not log any information at all.

Other services like "cloud" platforms for data storage are very useful for accessing your files across devices, but full of the same problems. Those files are effectively just being sent to you another computer connected to the internet and are indexed by the companies who run them. If you're looking for an open-source alternative to run on your own machine, or a VPS of some kind, I would recommend Nextcloud.

Also next time you sign up for something, think again before using Facebook or any other social media outlet to authenticate your sign-in. It's adding to their data-profile on you by tracking which services outside of their own you are interested in. It's kind of horrific when you think about how much they can tap in to your psyche - I would wager a bet to say that these companies probably know more about you, than you know about yourself.

This is a reason why the comments system on this website is so basic, whilst there are a lot of proprietary, closed source and open source commenting frameworks out there almost all of them require you to sign in with some sort of identification which can be tracked across multiple services. With the system I use, it only requires a name (which can be anonymous and a message), I care about your privacy - you should too. It's why I also don't utilise any cookies or G***** analytics, you're welcome :). If tracking through analytics is another thing you are worried about I would recommend using the Ghostery plugin for your web-browser or uBlock Origin.

You may be sitting there thinking, so what? Yeah, there are some companies who may or may not be collecting and storing data about me on some servers some where, what's the big deal? Read on...

The other big G

Some people may not be aware but there's no such thing as a secure computer, well that's a lie, there is. To make a computer secure involves three simple steps:

  1. -Unplug the network cable/ turn off WiFi.
  2. -Turn computer off.
  3. -Unplug power cable.
  4. -Burn it, destroy it and preferably throw an EMP grenade on it for good measure.

Oh damn, that's four steps...

Seriously though, there really isn't. Somewhere, somehow your data can be compromised so long as it is on a functioning machine. The question is how easy do you want it to be for someone to access it. As mentioned in the previous section data you put through search engines and email providers is stored on a server somewhere in the world. It's estimated Google alone could have anywhere up to 15 exabytes (1 exabyte is about 1 billion gigabytes) of data stored in these data-centers across the world, all of it about you and I and all of it vulnerable to being compromised.

The C word

So how did we get to this point? Why do we all use these services that could be spying on us and have it's data open to the world? One word, convenience, we're all guilty of it. I think in modern society with all the technology people feel they don't have a choice, "I have to use x because of Y", or "Everyone else is on X so I have to use it too". The truth of the matter is you don't, it's not as though the world didn't function before all of this convenience arrived it was just less convenient. And I know, modern life can become so busy that you just need to use something that works and is easy and links with all your other devices. I understand - I choose to use an open-source operating system to minimise data-collection at the root, I choose to use some google services for the convenience they offer (but am wanting to move most of it to a Nextcloud instance running on a VPS in the future).

All I'm hoping is that perhaps this has opened your eyes to some alternatives to the big names, alternatives which respect your privacy and offer much of the same functionality. I realise that maybe I haven't pushed the open-source aspect of this series too much within this article, but I hope you get the idea that with open-source software you tend to get the control needed to minimise mass data collection and surveillance that has become prevalent in all our lives.

Further reading/ viewing

If you would like to read more about security and privacy concerns in the digital age, here is kind of bibliography for this article:

  1. - "They're watching you" - a great video of a talk Bryan Lunduke made at a Linux convention about privacy in the digital world.
  2. - Richard Stallman's personal computing habits - a stalwart of free software and data privacy.
  3. - Is open-source less secure? - an article explaining why open-source isn't less secure than closed-source.
  4. - Down the rabbit-hole - A series of articles by Bryan Lunduke about making his computing habits more private.
  5. - Information about Keyhole Inc, the parent company of Niantec.

As always, if you wanna ask any questions feel free to comment (I promise I won't can't track anything), and if you wanna stay up to date with my blog posts feel free to use the subscription form to the side (I'm afraid that may do some tracking through Mailchimp. I may get around to changing that to a home-made service at some point, otherwise just keep checking back here occasionally for new posts :) ).

The next post in this series will be about how I use alternatives to Adobe programs for my creative work, see you next time.

Subscribe

If you want to get updated with the latest blog entries directly to your inbox, put your e-mail address in the form below!