Privacy Gestures

In what is probably a meaningless gesture, i’ve decided to make a start on carving out a more private space on the internet. This is obviously at odds with me posting pictures on flickr, writing a blog, using twitter, but leaving that contradiction aside, here is the set of (random) actions that i’ve taken.

PGP Mail – sending mail on the internet is akin to sending a postcard, encrypting your mail is the equivalent of putting it in an envelope. Admittedly the envelope is somewhat stronger than usual, but the concept is roughly the same. Signing mail (using a cryptographic key) also feels like a reasonable thing to be doing as it lets the recipient know that the mail is indeed from you.

It seems reasonable to ask why i should care about this if i’m not sending mail that contains information that is of value to anyone else. My feeling at this point is that isn’t a very useful question. My intent in sending a mail to a person is that they should read it, if i want other people to read it they’ll receive a copy. If you thought the postal service was opening your mail you’d probably be upset. However, it7s quite likely that all email is being scanned (by one of many processes) and we don’t seem to care. I’ve decided that i do.

To do this i’m using:

Fortunately the webmail interface for my main mail account uses Horde, which has built in support for PGP Mail. This means that i can send and receive mail without being at my machine and have it secure. Horde also runs over https, so it’s a good bet for public machines.

Off The Record IM – although the technology isn’t as well thought out as PGP, it’s also possible to secure instant messaging. This mostly depends on being able to verify that you are really talking to the person that you think you’re talking to, and then trusting them when they present a given identity.

The OTR implementation that i’m using is in Adium.

Ad Blocking – not so much a privacy issue as a worry that years of looking at wall of advertising, a flashing and moving at rates specifically designed to be hard to ignore will turn me into either an epileptic, or worst a mindless consumer or pointless crap.

Cookie Management – despite ad blocking, my machine is littered with cookies, flash cookies, and local databases than could possibly useful. The purpose of these cookies is not (generally) to improve my browsing experience (unless you count having more and more targeted advertising stuff down your eyeballs) but to turn my behavior into a salable commodity. It seems unlikely that i’m getting close to scratching the surface of curtailing this kind of sleazy business model, but at least i can feel that i might be making things a little harder.

Google Tracking – this will probably be the most controversial. Rather than have google track my movement around the internet (google analytics) and compile a profile of me to sell to advertisers (search terms, clicked links), i’m going remain anonymous when i’m not signed into Google. Radical stuff. Depending on how hard Google wants to work for this information, it’s obviously still possible for them to gather a lot of it, but i’m betting that with all the willing throngs out there on the ‘net they’re not thinking about making the effort.

It is, as previously noted, disappointing that there are so few alternatives to Google when it comes to search. My guess is this won’t change until someone comes up with a better way (than Google) to sell the lowlights of users online lives to the highest bidder.

All in all, i’m not sure that this skullduggery amount to a great deal, but it feels good to start to get an understanding of what information is being collected and how.

The PGP Mail part feels like the part that i’d like continue to grow. If you get set up, and create a public key (and we know each other, etc) get in touch and we’ll swap keys.