How to protect your digital information: a student’s guide

Hypertabs is The Varsity’s online features subsection about all things internet. Our goal is to explore the depths of the online world and understand how it shapes our habits and affects our communities.

Following Edward Snowden’s 2013 National Security Agency (NSA) disclosures, more attention has been directed to openly-sourced and independently developed software to protect users’ privacy. As a U of T student, I rely on proprietary services for most of my activities online: I use a Gmail account, I use Microsoft Outlook for university e-communications and its Office 365 suite for coursework, and I rely on Dropbox to store my files. As I have found, it is not as easy toeing the line between privacy, comfort, productivity, and peace-of-mind.

In a 2015 paper entitled “Seeing Through the Cloud,” a team of U of T researchers led by faculty members Heidi Bohaker, Lisa Austin, Andrew Clement, and Stephanie Perrin examined the repercussions of U of T’s dependency on Microsoft’s e-communication solutions. The paper notes that, though Microsoft may claim to offer measures for robust data security, ‘secure’ software is not equivalent to private software. The paper further asserts that Canadian domestic traffic is routinely exposed to collection by US state surveillance programs, and thus recommends that universities refrain from outsourcing “eCommunications services beyond Canadian jurisdiction until adequate measures for ensuring legal and constitutional protections equivalent to those in Canada are in place.”

Armed with the knowledge that governments and private establishments monitor my online behaviour, I consulted privacytools.io, a website that “provides knowledge and tools to protect your privacy against global mass surveillance,” in hopes of discovering secure and private software. Based on the recommendations from the website, I tried four different privacy-conscious softwares.

These were my experiences.

Linphone

I, like most students, rely on voice messaging platforms to communicate with friends and family, but I would prefer not to use the data-logging Skype. I came across Linphone, a free video and voice messaging service available on iOS, Android, Linux, Windows and Mac. Linphone supports the ZRTP protocol for end-to-end encrypted voice and video communication; this means that video chats cannot be intercepted by a third-party agent in the form of a ‘man in the middle’ attack. Notably, however, this protection does not extend to text chat.

Linphone’s set-up process is not particularly accessible to a user unfamiliar with encryption. However, in my experience, once configured, calls directed to friends and family located outside of Canada went smoothly, offering strong connectivity and good voice and video quality. That said, I would not recommend Linphone to students as an alternative to Skype; instead, I came across something better.

Signal

Developed by Open Whisper Systems — known as the gold standard in encrypted communications — Signal provides instant messaging and voice and video calling with end-to-end encryption. It is available for download through Google Chrome on computers, as well as on iOS and Android. Signal is free, easy to set-up and use, and is open source, meaning anyone can view and audit its code. Chatting, unlike Linphone, is encrypted and voice and video calls work smoothly.

Once my friends installed Signal, it supplanted both Facebook Messenger and Skype. Messenger in particular provides a wealth of information for advertisers, endangering our private conversations, and Skype interactions are also caught in the NSA’s dragnet. As students, we rely on messaging services as much as text-based and in-person interactions to communicate. The risks of sharing private data on these social and video-conferencing networks intensify as we set out on career paths, with employers placing us under increasing digital scrutiny. Don’t be fooled by Messenger’s “secret conversations” feature: Signal remains a better choice.

Tutanota

Based in Germany, Tutanota is a freemium email service with built-in encryption, competing with the data-logging Gmail and Outlook. Busy students will appreciate the ease with which Tutanota syncs between phones and computers, making sending mail that cannot be intercepted in transit convenient from either platform. However, the downside of Tutanota is that it offers limited storage space of only 1 GB for a free account and its user interface is not as intuitively designed as Gmail. As a student, I rely on Tutanota less to keep up with the myriad online accounts that my email address is linked to, and more for personal email conversations. For schoolwork, I had to maintain my Outlook inbox, since U of T restricts its official business to Outlook.

OwnCloud

OwnCloud is an encrypted cloud storage service and a useful alternative to Dropbox. Dropbox has faced criticism recently for its lack of concern for user privacy. In 2014, Condoleezza Rice, former US Secretary of State, was appointed to Dropbox’s Board of Directors, prompting a “Drop Dropbox” online campaign. Rice is known to have defended warrantless wiretaps on US citizens by the NSA.

[pullquote]Unlimited storage might be ‘free,’ but it comes at a price.[/pullquote]

The OwnCloud set-up process was smooth: I selected a cloud storage server to host my files, registered with a private email address, and installed the software on my phone and computer. The server I used is based in Switzerland and offers 256-bit SSL encryption for data transfer over the internet and server-side. 256-bit encryption is a great option: a hacker would need to attempt 2²⁵⁶ different combinations to break a 256-bit encrypted message, making decryption extremely difficult and time-consuming for even the fastest computers. Although the phone application costs $1.39 on Apple’s App Store, up to 1 GB of storage on OwnCloud is free. I value OwnCloud for its well designed interface, smooth syncing across platforms, and the assurance that my files are protected from indexing into a government-run database.

Signal and OwnCloud are my favourite privacy-conscious services and much of this is because of their easy-to-use design and accessible set-up processes, in addition to the assurance that my content is relatively secure. Though anyone determined enough to hack into a device could read Signal messages, the same level of brute-force attack is not required for anyone to hack into Facebook’s servers from a remote location, making Messenger far less secure. I would also avoid Linphone and favour Signal as an alternative to Skype for video calls.

[pullquote]we will have to live with the uncomfortable awareness that, more often than not, our digital habits are shaped more by a craving for convenience than by concern for privacy[/pullquote]

OwnCloud is a great choice for anyone who would like to store important files like bank statements and government documentation away from prying eyes. I should admit, most of my coursework, like essays and presentations, remains on Dropbox, which is well designed and offers a good deal of storage space. That said, no one should feel obligated to rely on a proprietary service because no better alternative is known to them, particularly for personal information that ideally steers clear of as many security agency dragnets as it can.

I remain a supporter of Tutanota and its companions like ProtonMail. My emails are safe from Google, which often poses advertisements based on content in messages, and Outlook, whose data is also exposed to surveillance programs. While Gmail might be more convenient, you should be aware that what you’re typing is not private, and that your email is likely linked to several online accounts that make you easily traceable and hackable once an inbox is compromised. Unlimited storage might be ‘free,’ but it comes at a price.

For many developers, releasing secure software relies on having enough support and recognition among users to maintain their solutions. Creators must strike a careful balance between winning a robust user base and avoiding the risk of being forcibly shut down by a surveillance state jealous of the software’s popularity. As students, we have options: we can switch to the Firefox or Tor browsers, enable two-step verification on our accounts, and install a password manager. Until we have a more widespread recognition of what is happening — or, until we snap out of ‘dismissal’ mode — we will have to live with the uncomfortable awareness that, more often than not, our digital habits are shaped more by a craving for convenience than by concern for privacy.