Author: Zeke Weeks

About Zeke Weeks

I'm crazy about the web – It's the biggest thing to happen to freedom and opportunity since the Gutenberg Press. My passion is the combined disciplines of business strategy, product design, and web application development (most often with open, community-driven projects like WordPress or Drupal).

Resources for everyday folks on internet privacy and security

I’ve had several friends from non-computing fields ask me for advice about tools for better privacy and security online. Some of this is in reaction to recently repealed FCC privacy rules that prevented Internet Service Providers (ISPs) from selling their customers’ private browsing information. Some of it is concern about an increasingly invasive surveillance state, and breaches by hacking groups with state funding.

I’ve been looking to improve my own digital security as well, and have found most of the resources out there to be hard to digest and turn into an action plan that doesn’t start with years of learning. So I’m putting my short notes on what I think matters most here, as well as some links for those who want to learn more. This is by no means a definitive or infallible guide, and if you have specific concerns, you should get individualized advice on this stuff.

Contents:

The 3 Major Web Security Technologies and What They Protect

  1. HTTPS is a secure way to connect to a remote website without anyone being able to read what gets sent or received. More and more websites are supporting or defaulting to HTTPS these days. (This is what we said “look for the lock icon in the address bar!” about in the ’90s.) Importantly, HTTPS does not prevent your ISP or Big Brother from knowing what site you’re visiting. And it doesn’t keep you anonymous from the servers running the site you’re visiting – anyone with their server or access logs knows about your visit, and if they get hacked or subpoenaed, you have exposure to threats here. But HTTPS is great! You should avoid ever using a login or password on sites that don’t use HTTPS (Ask sites without HTTPS why they aren’t protecting their users!) If you use the Chrome or Firefox browsers on your PC or Mac, I recommend installing the HTTPS Everywhere browser extension, which tries to use HTTPS connections to sites whenever possible. (Be advised that every once in a while, HTTPS Everywhere can cause issues if a site has not set up HTTPS properly. The extension can be disabled on a site-by-site basis in these instances.)
  2. A VPN (virtual private network) will encrypt your entire internet connection between your device and the VPN’s server. (Your apps are covered too! However, some services, especially from financial institutions and outgoing mail servers, are often blocked over VPN.) This makes for good protection against unsecured public Wi-Fi networks, snooping ISPs, network censorship, and can route around corporate or government surveillance before the VPN server (but only if you’re connecting to a server beyond those surveillance tools). But on the VPN server side, your traffic still comes out unprotected. Think of it like a secure pipeline or signal repeater to access the Internet from the VPN server’s location, instead of your own. Trust is important here – a VPN provider is just as capable of bad actions as your local ISP. (In fact, the majority of free VPNs are super malicious. I currently do not recommend any free-to-the-public VPN. Even that cool one you heard about from a trusted brand.) It’s also important to know what information the VPN provider is logging about you.
  3. Tor is a tool which tries to fully anonymize your identity and browsing information from everyone. (HTTPS and VPNs protect part of your browsing information during part of a browsing session.) It requires you to use their modified version of the Firefox browser, and disables functionality present in other browsers that can be used to reveal your identity or communications. They also have some important warnings which need to be heeded to keep you protected.

Choosing a VPN service

This is a complicated and personal decision. I suggest keeping the following in mind:

  • Who do you want to shield your internet data from? Your neighbors at the café? The tech staff at your work or school? Your ISP? Your government or one you’re visiting?
  • What devices do you want to protect? If you just connect your PC to a VPN, your phone is still exposed. Some VPNs have a limit on how many devices can connect at once.
  • What kind of logging do you care about the VPN doing? Some log everything. Some log as little as possible.
  • Do you need something that’s easy to use? Sometimes the best VPN on paper turns out to be difficult to set up or use.

I used two different guides to VPNs in my research:

  • PCMag.com reviewed several VPN services on their quality of service and ease of use, but paid almost no attention to the privacy or logging side of things.
  • That One Privacy Site has a detailed guide to many VPN services which focuses on their quantitative specs (with a strong emphasis on their security against government surveillance), and has very little about their usability or quality.

I decided that I want to use a VPN to protect my browsing information from corporations who would like to sell it for their own purposes, possibly to my detriment. I will use other technologies to add security for more sensitive situations.

I chose to use Private Internet Access on my iOS, macOS, and Windows devices. They claim to log very little about what their customers access, allow a good number of devices connected at once, have a lot of available servers, and are a great deal at $40/year. Installation was very easy, and it automatically connects to their VPN whenever I turn any device on. On my mobile devices, it seamlessly handles any transitions between cellular and wi-fi networks, and maintains a permanent connection. I did have my Windows PC completely crash a couple of times, though I haven’t yet narrowed that down to an incompatibility with a certain driver. Everything works very well.

My biggest caveat for Private Internet Access: they’re under United States jurisdiction, and they aren’t very transparent about who runs or owns the business. (Their corporate address is a coworking space just next to Union Station in Denver, so points for a Colorado business, perhaps?) I would probably advise something else for activists or people more concerned about a snooping government than a snooping ISP.

Let’s talk about your e-mail and messaging apps.

All email is inherently insecure. Treat it like a postcard that could be read by anyone between the writer and intended recipient. Don’t use it for sensitive information about you or anyone else. Unless you want to learn how to do PGP-encrypted email. (You don’t want to learn how to do PGP-encrypted email.)

SMS messaging and most internet messaging apps are also particularly vulnerable. Don’t talk about anything that could be damaging to yourself or any vulnerable third parties over them. Even if you think you’re having a private conversation. But I do recommend using Signal for private, encrypted messaging and calls. (Install: iOSAndroidChrome) Others have said WhatsApp (owned by Facebook) is secure, but since the UK Snooper’s Charter became law, we can no longer be sure of this.

Other things you should be doing

  • It’s long past time to actually start using different, strong passwords for every account you have. No excuses! You will get burned if you don’t. And possibly embarrassed publicly. You can check to see where your login information has already been compromised at “Have I Been Pwned?”
  • Use a password manager to generate and store all those different passwords you have. The two I can vouch for are LastPass (which I use, and like for their features and pricing, though sometimes they have some usability and design issues) and 1Password (which also works well and has better design but costs more). Nowadays these managers can be unlocked on your phone with a fingerprint, which makes them faster than remembering any password. Seriously, come on in. The water’s fine. I don’t remember any of my passwords any more.
  • Enable two-factor authentication on any service that supports it. This protects you in case someone does get a hold of your password. Here’s more on how 2FA works, and here’s a list of who supports 2FA with links to each provider’s own 2FA instructions.
  • Worried about other Internet companies like Facebook, Google, and Amazon tracking you? I recommend the following:
    • Change your default search engine to DuckDuckGo, which works very well and doesn’t track you. This is an available search engine in iOS as well.
    • There is a browser extension for Firefox and Chrome called Privacy Badger that is meant to block tracking stuff outright. I don’t use it but it sounds great.
    • Only allow cookies from the actual site you’re visiting (block third party cookies that usually are for ads):
      • Safari 10.1 (macOS): Preferences > Privacy > Cookies and website data: “Allow from current website only”
      • Firefox 52: Preferences/Settings  > Privacy > History > Use custom settings for history > Accept cookies from sites > Accept third-party cookies: Never
      • Chrome 57 desktop: Preferences/Settings > Show advanced settings > Privacy > Content settings > Block third-party cookies and site data
      • iOS 10: Settings > Safari > Block Cookies > Allow from Current Website Only
      • Chrome 57 Android: Settings > Site Settings > Cookies > Block third-party cookies

Educational resources

The best place to learn more about this stuff for yourself is the Electronic Frontier Foundation’s Surveillance Self-Defense Guide. I particularly recommend “An Introduction to Threat Modeling,” which covers the kind of different security risks to keep in mind before you set about a plan to improve your operational security.

Hitting the road soon!

For a little over a year, I’ve been researching and preparing to move into an RV full-time. I’ve since bought a truck and a trailer, and with my apartment lease about to end, it’s finally about to happen!

I’ve set up Money for Gasoline as a separate blog just for RV stuff. I want to keep this blog for more general stuff. Go check it out! The introductory post has more information about the rig I’m starting with; it’s sure to evolve as I learn and get settled.

I’m still trying to figure out how much I want to do in written format, and how much to do on other networks. YouTube videos seem like a good idea, but YouTube comments do not.

Waking Up to a Neo-Nazi Government

Like most, this month’s presidential election results took me by complete surprise. Coming to grips with it has been a textbook grieving process, with distinct phases for shock, denial, anger, bargaining, depression, and more.

I’m starting to settle down into a place where I can think about the big picture of what’s going on. I’m still working on my personal plan for action, and will post more about it in the future (hold me to that, friends!)

Here is my outline of where we are now. This is a big picture, so I’m skipping over a lot of fine details, “gotchas,” and exceptions. It’s also completely possible I’ve missed some major parts. Forgive me if I have.

Neo-Nazis just won. Period.

  • 24% of voting-age Americans put them there and 45% took no action against them.

Neo-Nazi success depends on the passive inaction of privileged moderates.

  • It’s crucial to resist pressure to treat what is happening as normal.
    • Refuse pressure to use doublespeak language which masks the historical origins of what’s going on now
      • “Neo-nazi,” not “alt-right”
      • “Propaganda,” not “fake news”
      • “Lying,” not “post-truth”
      • “Theocracy,” not “religious freedom” (Actual religious freedom is an American value, but in its current use it is a euphemism for sanctioned discrimination in public life.)
    • Watch out for businesses rushing to normalize bigotry in an effort to avoid controversy or protect themselves from fascist reprisal.
    • Reject efforts to silence dissent because it’s “negativity” or “too political”
    • If you are not living in poverty, spend money to support quality journalism, which the Trump regime working to destro (with some success already).
      • This is the main thing they need to win future elections without an informed electorate.
      • This is not a luxury. Accurate information requires real investment. It’s worth a section of your budget.
  • White people have an obligation to use their privileged position to defend people of color and those whose status (sexuality, immigration, religion, gender, disability) makes them a Neo-Nazi target.
    • It’s never acceptable to be a bystander to hate, legal or not.
    • Progressive whites may be the most shocked group out there – or the least-equipped to deal with fascist rule.
      • Every group historically oppressed by White America has built systems to resist annihilation and support each other in a society that did not support their own existence.
      • Be respectfully deferential – these people are experienced leaders in fighting white oppression, and white allies are novices hoping to benefit from their experience.
      • Don’t bring the white power structure into the movement for equality.
    • Learn about intersectionality. Don’t treat one group’s struggle for equal treatment as more important than another, and don’t treat an individual as if one aspect of their identity defines them.
      • This outline focuses on white supremacy because that’s the central bloc which put Trump in power – Trump swept the white vote. But many groups are vulnerable under a Neo-Nazi regime.
    • You may be scared to put yourself in danger while defending the vulnerable. Remember that a country is only as free as its most oppressed residents. If you don’t take risks in protecting them, you are participating in a system that feeds off of them.

Neo-Nazis now control the most advanced spying apparatus ever.

  • Making people afraid to speak in public and in private is a key weapon of autocracy.
  • Security is not an app you install or a state you reach. It must be an ongoing conscious effort to evaluate your own threat profile and the measures you take to protect yourself and those you communicate with. It can’t wait. You must always take the time for proper security. Read up on the EFF’s guides to surveillance self-defense.
  • Stay updated with the EFF’s coverage of which tech companies are protecting their users. Any company that hasn’t made user security a top priority will become a key fascist weapon.

When they go low, we go high.

  • America’s Neo-Nazi movement is cribbing from an autocratic playbook already seen across the globe.
    • It depends on accusing adversaries of the very same corrupt tactics being employed by the accuser.
    • It’s also extremely good at turning the opposition’s anger into an advantage. The more they can make us hate them, the better.
  • Now, more than ever, we must hold true to (and loudly stand up for) American ideals. We can’t simply defend the country from fascism — it’s on us to create a more equitable, inclusive, and free nation. There is nobody else who can build it for us.
  • How will you act to create a better country today? This is only a picture of where we are now. Carrying on with daily life is not an option. Don’t be a bystander in annex-Nazi regime.
  • We must remain above reproach.
    • Be peaceful. Fascist states want nothing more than to turn their opposition into terrorists. It keeps them in power.
    • Love, forgive, and de-escalate tensions. Never give in to hate, both from others and from within.
      • This doesn’t mean you have to tolerate intolerant rhetoric. Bigots manipulate that indulgence to further their agenda. It means we can’t counter hate with hate.
      • If we fail at this, we have not created a better country.

 

 

Why I’m #ReadyForHillary

This isn’t going to be a full-throated piece about how one politician will be the solution to all of America’s problems. It won’t convince you that any candidate is best on the issues, and it certainly won’t get you excited about another election year. But I’m to the point where I’ve weighed my thoughts on this and want to share them, because it’s a little different from the perspectives I’ve been hearing.

Here’s the short version: I really want Hillary Clinton to be the next President. Not because of her stances on the issues. Not because of how her campaign is going. It’s because Hillary Clinton is fucking presidential. I think she will be the best president in decades in terms of accomplishments that move the country forward.

“Hold up, Zeke. Didn’t you vocally oppose Hillary Clinton in 2008?”

Yep, and this was part of my path towards wanting her to win in 2016. I got excited about Barack Obama in 2006, before he formed the exploratory committee for his campaign. In short, he seemed like the most promising candidate for the presidency since John F. Kennedy. His campaign centered around a politics of common ground and bringing a fresh start to Washington. You don’t need to look farther than this blog to find plenty of fierce criticism of then-Senator Clinton’s campaign. I felt like Senator Clinton represented the status quo, and that she ran a campaign with all the usual ugly tactics while Senator Obama offered an inspiring campaign and a preferable platform.

“So what happened?”

Barack Obama won. The Republican party started its mission to obstruct President Obama above all else. But along with the presidency, Democrats held both houses of Congress for Obama’s first term. They made some major achievements they campaigned on; most significantly, the biggest improvement to healthcare in 50 years (albeit on the model that Hillary Clinton advocated in the 2008 primary – Obama originally preferred single-payer healthcare). But ultimately, Barack Obama’s campaign for hope fell far short of what many hoped for. I could write a whole piece about this, but for now I’ll just link to PolitiFact’s “Obameter” which tracks his campaign promises.

Throughout his presidency, I’ve had mixed feelings about Barack Obama’s legacy. In the last seven-plus years, America has in some ways become a better example of the ideals it strives to stand for, and in others, we’ve gotten worse. President Obama’s administration owns partial credit or blame for this, as does an obstructionist Republican Congress built on overtly racist gerrymandering and voter suppression tactics.

Since 2008, I’ve thought a lot about what makes an effective president. Only the hardest problems make it all the way to the president’s desk, and usually none of the options will match perfectly with the president’s ideals. I’ve studied each president since the Johnson administration with an eye for both their expressed ideals and their actual effectiveness during the presidency. We’ve had strong idealists from both parties, as well as plenty of pragmatic administrators. Ultimately I don’t think idealism or pragmatism determines a president’s effectiveness, but it has led me to believe that what’s said during a presidential campaign is an utterly poor predictor of how good a president will be. In shorter terms: I loved Barack Obama the campaigner, but it wasn’t enough to deliver on much of his vision.

“Enough about President Obama. Why Hillary Clinton?”

Secretary of State Hillary Clinton turned me around. My bitterness about her primary rivalry with my preferred candidate was turned into a high opinion of how she represented the United States and addressed complex policy issues during a time of significant international upheaval.

As I studied other aspects of American history, especially Bill Clinton’s political history (which I did from a fairly neutral academic perspective), I learned more about Hillary Rodham, and her long history of work to improve conditions for all kinds of American families. She has always been a policy wonk and has a keen interest in finding a path to progress, especially through political obstacles. And since 1991, she’s been doing this on the national stage. In terms of knowing how to get things done in Washington, I can’t think of any person better than Hillary Clinton.

“Laaaaame, don’t you #FeelTheBern?”

I’m so glad Bernie Sanders is in this campaign. And he’s got a great platform. I just think Hillary Clinton will accomplish more for his cause than Bernie Sanders could if he won the presidency. I will vote for Sanders if he wins the nomination, and would love to look back at this post in eight years in embarrassment if it means his platform became reality. I just am more fired up about what Hillary Clinton has been accomplishing in positions of leadership for her whole life.

“You’ve got to be kidding. What about Clinton’s record on ______?”

I’ve disagreed with Hillary Clinton about plenty of things, big and small. But I agreed with campaign-Obama on almost everything, and now I find myself looking for qualities beyond just politicians’ positions on the issues or how well they’ve avoided controversy in the past. If Clinton wins, I’ll continue to participate in activism that challenges her on many fronts. Ultimately, I am more interested in effective governance than I am in politicians who I like most on paper.

In conclusion

This has been a frustrating election so far. I find myself disillusioned with the disconnect between what seems to matter in a campaign, and what actually brings progress in Washington. It means that I’ve been trying to tune most campaign coverage out. But since I started watching Hillary Clinton’s tenure as Secretary of State, and learning more about her history, I’ve been silently wondering just how much she could get done from the Oval Office. I’m excited by the prospect and really would love to see her there in 2017.

(Photo via US Embassy in New Zealand – cc-by-nd)