Snowden: One Year After

I think there was a thread like this before, but anyway.

I've made quite a few changes (I can't say that all of these are down to Snowden because I can't be exactly sure when I started using them).

I'm using keepass (I absolutely *love* this). I routinely use PGP with friends who are happy to use it. I use OTR for chat or assume the chat is compromised. I'm using Tor a lot more (and have set up two relays). I use textsecure for texts. HTTPS where I can get it and I only support HTTPS on sites that I'm responsible for. I think the biggest change is in my head though. I absolutely assume that everything that I send through an app that the source code isn't available for (e.g. skype) is compromised. Where before I might have sent login credentials that way, now I will not and any I had previously sent I have changed.

So yeah...I was going to say that I'm a lot more paranoid, but in reality I think my eyes were just opened. Many on here will say I was naive not to believe that all of this was happening anyway given history.

I never use VPNs because I don't trust any other network. If I wanted to be anonymous I would use Tor, but to be honest, I have no real means to use Tor.

I became more security conscious in general. I did more research on the likes of SSL and enciphers. I always assume anything I do online is being read. I even did checks on SSL certs on websites for interest.

One thing I never was really concerned about was the use of telephone tapping. I haven't changed my habits but I have stopped using work phones (ones that "are not recorded" so they say), just because I feel I have more privacy with my mobile phone. I would always assume someone could listen and watch everything I do regardless.

I cut Google Apps and got my own server. Not because of the NSA reading it, but because Google's Privacy Policies were not secure. I also like to control things myself.

I've since paid a lot more attention to data protection breaches in Ireland. I read the entire act the week it came out (before I just flicked through it) and realised that most businesses with CCTV don't actually show signs telling you this. I paid more attention to how my data is being used when I'm asked for it and for what purposes it's for, and if I'm in doubt, I don't feel strange asking.

I tend to make names, addresses, postcodes and dates of birth up when signing up to websites that really don't need to know that information. I would aim to use the likes of PayPal more often if the website is not one that's familiar and I check the address bar A LOT. I tend to have several different passwords which are changed frequently and I don't copy them on my PC. I don't save them. I also encrypted my hard drives.

Where I can, I use 2 step authentication because I tend to use public computers when accessing these.

I wiped my entire hard drive when I got a very strange virus, flashing bios, reinstalled O.S. and changed all passwords. Since then I have been very rigorous and install Windows frequently. On my PC I use linux.

I always assumed that some Government could be watching but this just confirmed it.

One thing is the use of WiFi networks I tend not to use because nothing is free. I would always assume these networks gather statistics etc on you and try to build a profile of you. Tesco have WiFi for example, but you need your clubcard number.

It's not that I was never security conscious. I always was, I just have been more rigorous and paid more attention to how my data is being used.

jmcc wrote: »

There's a certain irony in an agency running a VPN service and charging those being surveilled for using it.

Indeed, but they would have to charge something or give themselves away.