tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
This article about applying harm reduction to your secure use of the Internet has been going around. I can't share it in good conscience without adding a few things to it. I work for Google, but the following is my personal opinion.

If you're concerned about your data being collected (and I understand that you may be concerned about Google retaining your data not because you think Google will use it inappropriately, but because you fear that the federal government will require them to surrender it), use Chrome without being logged in. People disagree on how safe Tor really is, but my odds are on "not." If you don't have the level of technical expertise necessary to read the source code for yourself, you probably shouldn't be risking your life on it. It doesn't guarantee full anonymity. The reasons why are fairly complicated, which is a good sign you might want to avoid being lulled into a false sense of security.

For email, I wouldn't really recommend riseup. The author alludes to this, but: any widely used anarchist/radical site has been compromised already. Having a low volume of data makes you an easier target.

A friend I trust has confirmed that Signal is trustworthy. I agree with this article that regular SMS is not secure.

Passwords: use a password manager, turn on 2-factor wherever you can. Pretty much what they say.

Google: Don't log in when searching if you're worried (use multiple browser windows). As an insider, I can say Google takes user trust and privacy extremely seriously. I can't share everything that backs up that belief, but I will vouch for them.

It was pointed out to me that: "Turning off geolocation on a cell phone doesn't do much; the government can and will subpoena cell phone tower records which provide enough geolocation information."

If you would like to see how Google works with government requests for data, watch this official video on how Google responds to search warrants.

I don't trust Duck Duck Go any further than I can throw them, honestly. I would say the same thing about any other small service. They may be trying to do the right thing, but there are lots and lots of ways to retain more data than you intend to, and it takes a huge amount of human resources to not do that.

tl;dr: Only big companies have the resources to actually protect your privacy. Whether they want to do that is a different story. I'm confident that Google does want to do that, because without user trust, Google has no business.

Pretty much nothing is resistant to the government coercing you or your friend with the email server or Google into giving up data, because coercion is how the government works.

Use non-discoverable media when possible. Talk in person.

Whatever you're doing, think about what security people call your "threat model": what are you trying to defend against? What concrete risks do you face if your data gets into the wrong hands? What are the benefits of using a communication mechanism that's subject to surveillance? An example of threat modeling is your bicycle lock: if you have a nice bike and you ride in a major city, you might want to carry a heavy-duty Kryptonite U-lock at all times, plus extra locks for the wheels. That's because you can infer, based on information that you have, that your bike is attractive to thieves, there are many thieves, and they will try hard to steal your bike. If you have a rusty bike and live in a small town, you might be OK with a cable lock because the benefit of not having several pounds of metal to carry around outweighs the risk of theft, and a good U-lock costs more than your bike did. You can think about analogous trade-offs as they apply to your use of networked communication technologies.

This is one post where it's perfectly fine to well-actually me if you have security or systems expertise.
tim: 2x2 grid of four stylized icons: a bus, a light rail train, a car, and a bicycle (public transportation)
If you drive a car:

  • Obey all traffic laws, including posted speed limits, even if you're on a freeway.
  • If you're near a crosswalk, you should be driving slow enough to stop even for a pedestrian who "jumps out in front of you".
  • Do not honk at cyclists or pedestrians. In many places, it's illegal to honk where there is no imminent danger. If you are causing the imminent danger, you should stop causing it instead.
  • Do not shout death threats at cyclists or pedestrians.
  • Stop at all stop signs.
  • Always use turn signals before turning or changing lanes.
  • Know how much space you're legally obligated to give cyclists, and give it to them.
  • If a cyclist is taking the lane, don't try to run the cyclist off the road. They are doing that because they are safer riding that way and because it's their legal right. Treat a cyclist like any other slow-moving vehicle: pass the cyclist if and when you can do so safely, but otherwise stay behind and leave lots of room.
  • Before you open your door while parked in a parking space, look outside to make sure no cyclists are passing by.
  • Don't park in bike lanes.
  • Don't drive drunk or while under the influence of other drugs that impair coordination.
  • Don't text while driving.
  • Don't talk on the phone while driving, not even using a hands-free device; in person, a conversation partner will be aware of your surroundings and can react to them by stopping or slowing down the conversation, whereas someone on the phone can't do that and thus is much more of a distraction.
  • Before making a right turn (or left turn if you're in a country where you drive on the left), check to make sure you wouldn't be hitting a cyclist to your right (or left) who is riding straight through the intersection and has the right of way.

Whether or not you see cyclists riding without helmets, not coming to a complete stop at stop signs, or doing anything else you disapprove of, with power comes responsibility and it's your responsibility as an operator of a heavy, dangerous machine to prevent accidents. If everybody followed the above advice, we'd see a lot fewer fatal accidents involving pedestrians and cyclists.

Just as most advice about preventing rape seems to be targeted at women -- the group more likely to be a victim and less likely to be a perpetrator -- there seems to be vastly more advice about traffic safety targeted at cyclists, along with the assumption that motor vehicle operators know everything and can do no wrong. And just as conventional rape prevention advice perpetuates rape culture, the emphasis on cyclists perpetuates a culture where hit-and-run accidents are common and law enforcement (at least against white drivers who break the law) is rare.

The reality is that "safety" tips aimed at cyclists don't make anyone safer -- they just discourage cycling by making it seem dangerous, as well as empowering motorists to terrorize cyclists ("it's her fault I ran her over, she wasn't wearing a helmet"). And discouraging cycling actually does make it more dangerous to be a cyclist -- the fewer cyclists are on the road, the less likely it is that motorists will know what to do when they encounter one. Vehicular cycling (that is, riding a bike like a car and obeying traffic laws) does make cycling safer, but such "tips" rarely promote it since it sometimes involves taking the lane where it is legal to do so, and that would inconvenience motorists.

In any case, unless you always follow every item on the above list when you're driving a car, you really have no business criticizing cyclists' behavior. You should be focusing on your own obligation to use your vehicle in a responsible way.

Profile

tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
Tim Chevalier

April 2017

S M T W T F S
      1
23456 78
910 1112131415
16171819202122
23242526272829
30      

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags