Privacy On The Internet © 2007 by Michaela Merz ([email protected]) Privacy On The Internet The Problems ± Possible Solutions © 2007 Michaela Merz [email protected] Page 1 of 42 Privacy On The Internet © 2007 by Michaela Merz ([email protected]) Overview: 20 years ago the Internet was in its infancy, its members mostly academics and security was not really an issue. People knew each other, the number of users was limited and services like electronic banking were not available anyway. This is why some features and protocols were not invented with security in mind. Some of those protocols are still widely in use even today. The modern Internet is something completely different. Highly personal data flows with confidential business information and other, less relevant bits and bytes. Governments and other organizations spend a great deal of money to listen into and to analyze data traffic not only to look for potential security threats, but also to fish for data that might be interesting for commercial reasons. Computing power now makes it possible to listen into the major data highways and to collect all data like emails, WWW, chats into huge databases, keywords are extracted and all that data will be sorted and combined. This leads into profiles that will be further analyzed and, if possible, attached to a particular user identification and finally permanently stored, ready to be accessed by the intelligence communities and other authorities. About The Author: Michaela Merz, born 1960, is a successful entrepreneur, software developer, manager and IT specialist. Back in 1992, she founded the Free Software Association of Germany (FSAG) supporting the development and distribution of Free Software. In 1993 she invented a lot of functions and services today known under the expression Web 2.0 and launched the ©German Data Highway© a WWW-based community service. It was renamed ©germany.net© and became the second largest Online service in Germany. She sold her interest in ©germany.net© and moved to the US where she served as CEO and board member of several companies. She is now concentrating on IT related Research&Development and helps businesses in project development and as Interims Manager. Page 2 of 42 Privacy On The Internet © 2007 by Michaela Merz ([email protected]) Content: I) What Is Privacy On The Internet And Why Should You Care? II) How To Create Privacy On The Internet: Email 1) Use Encryption 2) Use Temporary Email Addresses 3) Use Anonymous Re-Mailer 4) Mail And Other Email Providers 5) Other Ways To Send Secret Messages 6) Privacy, Anonymity And Criminals 7) Conclusion III)How To Create Privacy On The Internet: Surfing The Web 1) A Closer Look At Cookies 2) The TOR Network 3) Use HTTPS Protocols 4) Web-proxies 5) Remove Cached Data 6) Use Mozilla Software 7) Special Security IV)References V) How To Install Gnu Privacy Guard on Windows Computers VI) Copyright, Trademarks, Page 3 of 42 Privacy On The Internet © 2007 by Michaela Merz ([email protected]) I) What is privacy on the Internet and why should you care? What would you say, if a copy of every letter, every postcard and a list of the content of every package you ever sent would be stored somewhere? If this data would be combined with all the recipients addresses and with all the names of the people you ever called. Of course, a transcript of all those phone conversations would be attached to this dossier as well. Would that be your idea of privacy? I know, you have nothing to hide. But would you like to share the same database with, say, Osama Bin Laden just because you both like ©pecan pie© ? This is a fictitious story but it might as well be true: On the morning of April 2nd, 2007, NSA (National Security Agency) computer surveillance was routinely monitoring Internet traffic. A NSA computer stumbled upon a website in New Jersey that, it found, had links pointing to another website in Pakistan. This location, the computer was told by its database, had been a meeting point for terrorists sympathizers. So the computer started to get a closer look. In all the data it collected it found a statistically significant amount of references to ©pecan pie© ± quite possibly a key word of some sort. It notified the operator who decided to make ©pecan pie© a search term for a broader surveillance. Not knowing all this, Mr. Miller, a traveling sales man from Jacksonville, Florida, was searching the Internet for a ©pecan pie© recipe. His favorite search engine also displayed the link to the aforementioned website in New Jersey and, looking for a recipe, Miller clicked it. He found nothing of interest, so he continued his search and soon forgot about it. Not the NSA. They collected all the IP numbers of all people who had visited the website in New Jersey and forwarded all the data to the national telecommunications companies and requested names and addresses. In addition, NSA asked for all of Miller©s communication records from his phone company. No warrant or court order was ever obtained, but the phone company disclosed all of Miller©s records anyway. Going through Miller©s private communication records, agents found a lot of emails sent and received from several foreign countries and phone calls to Munich, Germany as well as to London and Madrid, Spain. One email even contained the request for a ©walnut pie© (a ©pecan© like nut) recipe sent to Brussels, Belgium. Page 4 of 42 Privacy On The Internet © 2007 by Michaela Merz ([email protected]) If they would have asked Miller, he would have explained that he is responsible for international sales of ©Organic Cane Sugar© produced in Florida, that he has a lot of customers in Europe (Europeans are especially fond of Organic Produce) and that he also likes to bake and cook. But they didn©t ask. They covertly went through Miller©s records, read his and his wifes email (she was using the same Internet access) and even tapped his phone. Every word was cross linked and referenced checked in re-checked. Miller of course wasn©t aware of anything. Nobody would ever tell him that he was a terrorist suspect, that his privacy had been taken away, that his emails were monitored and that maybe somebody was silently laughing about his thoughts sent by email to the pastor of his church. Eventually, Miller was dropped from the list of potential terrorists. His privacy was stripped from him, his name disclosed to his phone company as a potential security risk, he was even temporarily placed on the notorious ©no fly© list. If he would have needed to go on a business trip, he would have been stopped at the airport, in front of his colleagues, interrogated, maybe even arrested. Miller will now have his data stored away in some corner of the vast memory of NSA©s super computers. Someday in the future and for whatever reason, it may become activated again. But Mr. Miller is not aware of all that. Nobody will ever tell him. This was fiction. Here is the truth: Reporting from every major American media outlet and undisputed whistleblower evidence show that AT&T and other phone companies were complicit in the NSA©s warrantless surveillance. The companies participated in surveillance, handing over billions of their customers private communications and communications records without warrant or court order. This included the records and full content of the private domestic communications of millions of ordinary Americans. The President and the phone companies hid this information from Congress and the American people for at least six years.17 Page 5 of 42 Privacy On The Internet © 2007 by Michaela Merz ([email protected]) What is going to happen with all those records? Do you trust your government that it will never use that data against you or any of your loved ones? What if, by accident or by malicious intent, this file would get into the hands of some private organizations or criminals? Should you really trust anybody with safeguarding your personal communications? November 29, 2007: Two lost Revenue & Customs CDs containing the personal and financial details of 25 million people in the U.K. could be worth $3.12 billion to criminals, says a member of Britain's Parliament. APRIL 11, 2007 In the biggest loss ever of personal information compiled by state government, a computer disk containing data on 2.9 million citizens of the State of Georgia has been lost in shipping. September 11, 2007: New Zealand's Security Intelligence Service (SIS) head Warren Tucker reveals that foreign governments have hacked into German and New Zealand Government computer systems. Government departments' websites had been attacked, information had been stolen and hard-to-detect software had been installed that could be used to take control of computer systems. August 3, 2006: The U.S. Department of Veterans Affairs learned on August 3rd that a computer was missing from Unisys, a subcontractor that provides software support to the Pittsburgh and Philadelphia VA Medical Centers. The computer contained insurance claim data for patients. December 30, 2004: Bank of America suffered the loss of five computer data tapes. These tapes contained personal information (names, Social Security account numbers, and addresses) and government travel card account numbers for 933,000 Department of Defense Bank of America government travel cardholders. Page 6 of 42 Privacy On The Internet © 2007 by Michaela Merz ([email protected]) All your data on the Internet is fair game. Governments all over the world are actually analyzing, storing and matching all of your Internet email, your web surfing, your search engine requests and your voice over ip (VOIP) phone conversations.