Steve Phillips, CrypTag
Steve Phillips, by Gretchen Röehrs
In 2013, Edward Snowden revealed the existence of several mass surveillance programs, many run by the National Security Agency (NSA), that hoover up electronic communications of people within the United States and around the world. The Bush Administration created these programs after 9/11; the Obama Administration continued and expanded them.
Now Donald Trump has inherited this vast spying machine. Given his authoritarian tendencies, it’s reasonable to expect that his Administration will not only try to expand mass surveillance, but use it to target individuals and groups he deems dangerous or undesirable.
We caught up with digital security expert Steve Phillips to learn about how to protect ourselves from Trump’s prying eyes. Steve served as a guide at the Trump Preparedness: Digital Security 101 hackathon hosted shortly after Election Day at the San Francisco hackerspace Noisebridge. He is also the founder of CrypTag, a non-profit with the 10-year mission of achieving data privacy for every internet.
In addition to the recommendations below, Steve keeps an up-to-date list of recommended privacy tools at his website. You can find it at https://tryingtobeawesome.com/files/tools.pdf.
Since the election, a lot of non-technical folks have started paying more attention to digital security. They’re concerned that the Trump Administration will expand the mass surveillance programs developed since 9/11, and use them against immigrants, Muslims, and political opponents. What are the privacy-enhancing tools you would recommend for the absolute beginner?
The first is Two Factor Authentication (2FA). Gmail, Facebook, Twitter, Dropbox all support 2FA. 2FA means that when you log into your account, you receive a text message with a numerical code that you must enter in addition to your password. So someone would need to know both your password and have access to your cell phone to log in as you. That makes it that much harder for someone to hijack your account.
Everyone should install Signal on their smartphone right now. Signal lets you send encrypted text messages and have encrypted phone calls with other Signal users. That means anyone monitoring your internet connection won’t be able to see the contents of your messages or listen to your conversations. If I sent a regular unencrypted text message, then my cell phone service provider would be able to read my message, along with the government. Encryption protects you from that.
HTTPS Everywhere is a useful browser extension. Many websites have an insecure HTTP version of their site as well as a secure HTTPS version that encrypts your browser’s connection to that site. If you happen to click on a link that takes you to the insecure HTTP version of a site, HTTPS Everywhere will check for the existence of a secure HTTPS version of the site and redirect you to that.
Tor Browser feels just like any other web browser, but it lets you browse the web anonymously by encrypting and bouncing your traffic around between randomly chosen servers that make up the Tor network. But, obviously, don’t sign into a website as yourself if you’re trying to hide your identity. To learn more about how Tor works, see https://www.torproject.org/about/overview.html.en.
ProtonMail is a service that lets you send encrypted e-mails pretty easily. Any e-mail sent from a ProtonMail user to another ProtonMail user is encrypted automatically. The subject line is not encrypted, so people should watch out for that. But the body of the e-mail and the attachments that you send from one ProtonMail account to another ProtonMail account are encrypted. And they have mobile apps that work well.
What about the fear that if you use these privacy-enhancing tools, you may in fact attract more attention from government agencies?
We have two options.
Either we can remain digitally naked and vulnerable and decide not to take basic precautions to protect ourselves online, or, we can make use of these tools and get everyone we know using them until everyone is protected and using such tools is completely normalized.
So you want to be using these tools all the time. You don’t want to turn on Signal only when you’re headed to the protest, for example.
Exactly. If you only use secure messaging when you want to say something that you’re worried about, then you’re signaling—no pun intended—that this is a special message.
This has been a free excerpt from Tech Against Trump, a new book by Logic chronicling the rising tide of anti-Trump resistance by tech workers and technologists.