Welcome Julia Angwin (JuliaAngwin.com) (ProPublica) (Twitter) and Host Marcy Wheeler (emptywheel.net) (TheIntercept) (Twitter)

Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance

Back in July 2012, long before Edward Snowden’s leaks heightened the general public’s concern about online privacy, then Wall Street Journal reporter Julia Angwin set off on a picaresque quest to find some kind of online privacy. The chronicle of that quest, Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Surveillance, serves as a kind of user’s guide for our new dragnet world.

I decided, against all odds, to try to evade the dragnets. I would attempt to avoid being monitored during everyday activities such as reading and shopping. I would obscure my location–at home and while out and about. I would seal my e-mails and texts with the digital equivalent of hot wax. I would find ways to freely associate with people and ideas. I would try to find a way to protect my kids from building a digital trail that would haunt them later in their lives.

Dragnet Nation describes the efforts she took — some of which she has retained, some of which she dropped — to regain some privacy for herself and her family. She paid her 8-year old daughter to come up with random passwords. She obtained as much of the data that brokers had collected on her, and made a somewhat futile effort to get them to purge it. She gave up Google for DuckDuckGo. And she created a false identity named Ida Tarbell who could receive her online purchases, make restaurant reservations, and obtain a phone.

Along the way, Angwin describes the stakes for reclaiming some control over our own privacy. She describes how one lesbian got outed to her family when the president of her college’s Queer Chorus added her to the Facebook discussion group and another had gay-targeted ads come up on her work computer because of ad trackers. She tells how the FBI started tracking one American of Egyptian descent — accessing his phone and email content and putting a GPS on his car — because of comments he and another Arab-American made on Reddit. She describes studies of what happens to people who are under constant surveillance.

Perhaps most controversially, Angwin compared the data collected by Google and LinkedIn with that collected by East Germany’s Stasi. Her guide to the Stasi archives was impressed, because the kind of network mapping the government and marketers now routinely do had been a challenge for East Germany’s secret police. “The Stasi would have loved this,” the Stasi expert said. After Angwin collected all her data broker data, she reflected “Even in their wildest dreams, the Stasi could only fantasize about obtaining this amount of data about citizens with so little effort.”

Ultimately Angwin ends her book and her quest for privacy on an ambivalent note. She judges her efforts to regain some privacy amount to no more than civil disobedience that might start a conversation about privacy.

I came to believe that may actions were likely more effective at changing the conversation about privacy than at countering surveillance. They reminded me of the lunch-counter sit-ins of the 1960s, when black students in Greensboro, North Carolina, sat at a “whites only” lunch counter in an F.W. Woolworth store, in order to protest the company’s policy of racial segregation. The sit-ins did not immediately destroy segregation, but they led to a national conversation that ultimately unraveled it.

My hope is that if enough people join me in refusing to consent to ubiquitous indiscriminate surveillance, we might also prompt a conversation that could unravel it.

At the same time, however, Angwin didn’t like the paranoia that her quest had fostered.

I didn’t want to live in the world that I was building — a world of subterfuge and disinformation and covert actions. It was a world based on fear. It was a world devoid of trust. It was not a world that I wanted to leave to my children.

She ends with a call to bring more fairness and power balance to surveillance dragnets, in part by making all of us watchers.

Julia Angwin may not have a solution for the societal problem of the dragnet, but she offers an accessible guide to tools we can use to protect ourselves until we find that solution.

 

[As a courtesy to our guests, please keep comments to the book and be respectful of dissenting opinions.  Please take other conversations to a previous thread. - bev]

123 Responses to “FDL Book Salon Welcomes Julia Angwin, Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance”

BevW April 13th, 2014 at 1:49 pm

Julia, Welcome back to the Lake.

Marcy, Welcome to the Lake, thank you for Hosting today’s Book Salon.

For our new readers/commenters:

To follow along, you will have to refresh your browser: 
PC = F5 key, MAC = Command+R keys

If you want to ask a question
– just type it in the Leave Your Response box & Submit Comment.


If you are responding to a comment – use the Reply button under the number,
then type your response in the box, Submit Comment. (Using Submit Comment will refresh your browser when you reply to a comment/ask a question.)

dakine01 April 13th, 2014 at 2:01 pm

Good afternoon Julia and welcome to Firedoglake this afternoon. Welcome back Marcy!

Julia, I have not had an opportunity to read your book so forgive me if you address this in there but how do you respond to the corporations and people who claim the tracking is “no big deal,” “if you have nothing to hide you shouldn’t worry,” and “we’re not the government”?

emptywheel April 13th, 2014 at 2:01 pm

Julia welcome–and thanks for a great book. I found it really helpful as I found myself upping my own security in the last several months, both for tips and for the effort to stay above paranoia.

Julia Angwin April 13th, 2014 at 2:02 pm
In response to emptywheel @ 3

Thanks for hosting me! Am honored that I could contribute to your security – considering that no one is better versed in all the ways NSA is spying on us than you!

emptywheel April 13th, 2014 at 2:02 pm

I just joked on Twitter that you could tell us all the best way to update our passwords, given that we should all be changing all our passwords because of Heartbleed.

What’s the best approach you found, aside from paying your daughter to roll dice?

emptywheel April 13th, 2014 at 2:03 pm
In response to Julia Angwin @ 4

Actually I found the way you walked through your threat model/audit really helpful. Want to explain what you did?

Julia Angwin April 13th, 2014 at 2:05 pm
In response to emptywheel @ 5

Passwords are such a difficult challenge. I’ve mostly outsourced my passwords to my password management software – 1Password. That software generates random passwords for me on most accounts. I only use my daughter’s “artisanal” password service for key accounts – e-mail, banking and the password to my password manager.

emptywheel April 13th, 2014 at 2:06 pm

To explain Julia’s daughter’s business: one way to generate passwords is with a numbered dictionary. For each password you roll dice a bunch of times to get a totally random word. String a number of those together and you’ve got something that is memorable, because it consists of real words, but so random it should be hard to break.

Julia Angwin April 13th, 2014 at 2:08 pm
In response to dakine01 @ 2

Dakine01 – Thank you for your question. This is a very important question that I spend a lot of time discussing in the book. However, the short version is simple: Information is power. When we hand over our information to institutions – corporate or government – we give them power over us. That would be fine if we could be assured that they wouldn’t abuse that power. However, we have very little legal control over our personal data – and often, we cannot determine what is known about us and how it may have been used against us. If we could have those assurances, I think we might feel better about the indiscriminate surveillance that we are subjected to.

emptywheel April 13th, 2014 at 2:09 pm

Your chapter on the Stasi — excerpted here was the only one I saw anyone complain about, mostly out of knee jerk insistence that we’re not that bad.

But that wasn’t really the point you were making. Can you describe how NSA/Google/etc’s social mapping is similar to what the Stasi aspired to do?

CTuttle April 13th, 2014 at 2:09 pm
In response to Julia Angwin @ 4

Aloha, Julia and Marcy…! What a pleasure to have you both here today…! I started using DuckDuckGo about a year ago and I love it…! I haven’t read your book yet, but, I do plan on rectifying that shortly…!

Julia Angwin April 13th, 2014 at 2:10 pm
In response to emptywheel @ 8

For more detail on the method that my daughter uses to generate passwords, check out my blog post: http://juliaangwin.com/privacy-tools-how-to-build-better-passwords/

emptywheel April 13th, 2014 at 2:12 pm
In response to Julia Angwin @ 9

One thing you did as you were figuring out what info corporations have on us — which everyone can replicate but may not want to — is to see what Google stores on us.

Can you explain what they have stored and what you can do about it. Does using an Incognito Window help?

Julia Angwin April 13th, 2014 at 2:13 pm
In response to emptywheel @ 10

Indeed, it was controversial to compare today’s surveillance to the surveillance conducted by the famously repressive Stasi — the secret police in East Germany during the Communist regime. However, the point I was making was that the Stasi only had files on one-quarter of the population, and yet they managed to instill fear in the entire population. Now we have a situation where our secret agencies have files on literally everyone. And so my question is: how can we make sure that we have the appropriate oversight to ensure that they won’t abuse that power and instill fear in all of us.

Julia Angwin April 13th, 2014 at 2:14 pm
In response to CTuttle @ 11

Ctuttle – Aloha! Glad to meet another DuckDuckGo user. Hope you enjoy the book!

tuezday April 13th, 2014 at 2:17 pm

Julia, I re-watched the interview you did with Bill Moyers today. Forgive me if this is in the book, I have not had a chance to read it, or if it’s a little OT, but you stated once you learned how to search on DuckDuckGo, your search results improved. How does one improve their search results using DDG?

I found DDG was infinitely better when it was riding on Google and now that they are using Yandex, search results can be less than stellar.

emptywheel April 13th, 2014 at 2:18 pm
In response to Julia Angwin @ 14

I’m not sure if you had a chance to see it, but in his testimony to the EU the other day, Snowden talked about how the NSA builds “fingerprints” of us that combine a great deal, if not all, of our online activity. In particular, they use the cookies advertisers use to track us online to learn about our interests.

That goes well beyond what had come out when you did your Stasi chapter, I think.

Can you talk about how this same kind of tracking has led to the exposure of other people’s health status, religion, or sexuality?

Julia Angwin April 13th, 2014 at 2:18 pm
In response to emptywheel @ 13

Google actually provides users a fairly decent window into what it stores about them. If you have a Gmail account, it is in your “Google Dashboard.” I found my web search history in a separate section of my account called “other tools” but it may have moved since then. I found that my web search history was incredibly revealing — seeing it is what prompted me to quit using Google.

It’s also worth pointing out that the Incognito window *does not* prevent Google or others from tracking you. Google’s Incognito setting simply prevents other people who use your Web browser after you to see where you’ve been online. Some better ways to hide your tracks here: http://juliaangwin.com/privacytoolshowtosafelybrowsetheweb/

CTuttle April 13th, 2014 at 2:19 pm
In response to Julia Angwin @ 14

…how can we make sure that we have the appropriate oversight

Surely you jest, Julia…! Not with our current crop of Congressional Critters…!

bigbrother April 13th, 2014 at 2:21 pm
In response to Julia Angwin @ 15

Julia I will read your book. I have been bloging for years using big brother as a handle so aware of the snoop invading my life. Wall Street, the corporations and governments of the globe pay techies big bucks to create a profile of our likes, friends, behavior, cookies and our thought. They use that to market us control our behavior subliminaly and when that fails they up the game to harsher fear tactics. How do we take back our Democracy?

Julia Angwin April 13th, 2014 at 2:21 pm
In response to tuezday @ 16

Tuezday – If you want to use Google search without leaving a trace, you can use https://search.disconnect.me/ or https://startpage.com/. Both route your searches through Google without revealing your identifying details.

emptywheel April 13th, 2014 at 2:24 pm

This book has come out as a bunch of people, some credible, many not, have started marketing things as “NSA proof.” What’s your take on this new marketing angle, and how can people assess what will really work (short of, as you did, hang out with white hat hackers a whole bunch)?

Julia Angwin April 13th, 2014 at 2:25 pm
In response to emptywheel @ 17

Snowden’s testimony to the EU highlighted what I have found to be one of the most shocking parts of the NSA revelations in the past year: the fact that the NSA is piggy-backing on all these commercial technologies, such as ad tracking technology, to identify us. It really changes the “why should we care” debate when you realize that even those targeted ads that follow you around the Web are being exploited by intelligence agencies.

And, as you say, these ad tracking technologies can reveal a lot about us. Advertisers regularly target people based on their sexuality, religion and health – among many other attributes. In my book, I tell a story of a woman who checked her Facebook page at work, and her colleagues noticed that she had a lot of LGBT ads on her page. Poof, just like that she was outed to her colleagues.

eCAHNomics April 13th, 2014 at 2:27 pm

Does anyone think TIA went away because Poindexter claimed it did?

Julia Angwin April 13th, 2014 at 2:28 pm
In response to emptywheel @ 22

I think it is unwise for anyone to market their technology as NSA-proof. One thing we have learned in the past year is that the NSA has an incredible array of tricks in its bag. If they want you, they will most likely get you.

I aim to support effective privacy-protecting technologies, but unfortunately it’s difficult for the average person to figure out if they are getting real value for their money with privacy tools. I had the luxury of asking white-hat hackers to test my tools for me, but not everyone can do that.

That’s why I think the market would likely be well served by some baseline privacy standards — similar to organic standards for food or safety standards for cars.

Phoenix Woman April 13th, 2014 at 2:28 pm
In response to emptywheel @ 8

Actually, you can have easily-memorized passcodes that are all but unbreakable by simply making your passcodes from multiple words (which are either smooshed together or connected with underscores or spaces):

http://xkcd.com/936/

tuezday April 13th, 2014 at 2:28 pm
In response to Julia Angwin @ 21

Thanks. I have used startpage but went with ighome instead. Mostly because of all the customization it allows, which probably defeats the purpose (although, truth be known, I don’t really remember why I went with ighome).

bigbrother April 13th, 2014 at 2:29 pm
In response to Julia Angwin @ 23

How do you use social media wisely?

emptywheel April 13th, 2014 at 2:29 pm
In response to Julia Angwin @ 23

Yeah, one thing about the Snowden stories so far is they tell isolated stories, without giving a really good sense of what it all means (which is why, I assume, Snowden spent so much time on how they use XKeyscore). The government has tried very hard to pretend that they only collect phone and Internet metadata (and by the latter they pretend they mean email and IP). But they’re actually collecting far more, and that’s the stuff that is most dangerous.

Julia Angwin April 13th, 2014 at 2:30 pm
In response to Phoenix Woman @ 26

Phoenix Woman – That XKCD comic is describing the password technique that my daughter uses. It’s called Diceware http://world.std.com/~reinhold/diceware.html

bigbrother April 13th, 2014 at 2:31 pm
In response to Julia Angwin @ 25

How effective is TOR? CCleaner or Glary?

allan April 13th, 2014 at 2:31 pm
In response to Julia Angwin @ 25

similar to organic standards for food

Not a reassuring comparison.

“The market” will never deliver the privacy we need.
We need laws, and as CTuttle says, that’s not going to happen with current congresscritters.

emptywheel April 13th, 2014 at 2:32 pm
In response to Julia Angwin @ 25

You forgot your, “that’s why you should read my book” plug!

No, seriously, that’s why I raised the Incognito thing. Because there are so many things that sell themselves as privacy protective that don’t deliver what they sell.

Or “privacy solutions” marketed by the marketers. There were others, besides Incognito. Any that you think are particularly abusive?

tuezday April 13th, 2014 at 2:33 pm
In response to bigbrother @ 31

CCleaner is great for the simple reason it swipes your free space, so no left over file fragments. However, it also wipes any restore points.

Julia Angwin April 13th, 2014 at 2:35 pm
In response to bigbrother @ 31

There is evidence that Tor is fairly effective – there was an NSA slide-deck describing how hard it was to break Tor; and a recent article about the FBI’s efforts to break Tor described how the agents waited for users to mistakenly *not* use Tor.

greenwarrior April 13th, 2014 at 2:36 pm
In response to Julia Angwin @ 18

How does one go about finding Google Dashboard?

eCAHNomics April 13th, 2014 at 2:36 pm
In response to allan @ 32

Not going to happen with any congress. Spying is second oldest profession.

emptywheel April 13th, 2014 at 2:36 pm

You talked about how your kids’ approach to privacy changed over the course of the book, away from it seeming like a way to say no to being more of a worthy challenge (not sure if I characterized that right).

What has the response been so far from the general public who have come to your book events? Do you see a change in their view towards privacy (or are the people who are concerned about privacy the ones who are coming out)? And is it driven more by things like the Target hack or by Snowden?

Julia Angwin April 13th, 2014 at 2:38 pm
In response to emptywheel @ 33

Yes, there is a high snake oil factor in a sector where the ‘product’ is ephemeral.

I had a very disappointing experience with two services that I paid for, each of which promised to opt me out of some of the biggest commercial data brokers. When I checked, both services had failed to opt me out of several of the companies that they had promised to opt me out of.

emptywheel April 13th, 2014 at 2:38 pm
In response to bigbrother @ 31

Adding to what Julia says, the indictments for people who used Tor all seem to indicate places where they failed their own security. That is, Tor itself works great, but only if one is very diligent about using it properly.

joelmael April 13th, 2014 at 2:38 pm
In response to Julia Angwin @ 35

Is there any downside to using Tor? Does it put you on their list?

Julia Angwin April 13th, 2014 at 2:38 pm
In response to greenwarrior @ 36

Google.com/dashboard

eCAHNomics April 13th, 2014 at 2:39 pm

Looking for ways to thwart spooks is distraction from productive social participation, such as grass roots organizing (TaxWallStreetParty for example).

Instead of being obsessed with privacy, do something in public that will improve life for 99s.

CTuttle April 13th, 2014 at 2:39 pm
In response to Julia Angwin @ 23

the fact that the NSA is piggy-backing on all these commercial technologies, such as ad tracking technology, to identify us.

Even our local yokels are compiling databases…! A case in point…

Average Michigan resident on cops’ radar as data collection grows

Julia Angwin April 13th, 2014 at 2:41 pm
In response to joelmael @ 41

Yes, unfortunately, it is likely that using many Tools like Tor and PGP encryption will put you under increased suspicion. I decided to do it anyway, partly as a form of protest. I don’t think it should be considered suspicious to want to have a confidential conversation or to not be spied on while I browse the Web.

emptywheel April 13th, 2014 at 2:42 pm
In response to joelmael @ 41

All encryption puts you on their list. And there’s a slide where NSA talks about IDing the Tor users as a way to ID other ways in. They also can keep encrypted communication indefinitely (and using Tor, of course, they couldn’t even rule out your communications as a US person).

So the thing to do — and the thing that will have to happen for the general public to have better protection all around — is for more people to use more encryption more of the time, which basically will make it harder for them to isolate any particular user.

Julia Angwin April 13th, 2014 at 2:43 pm
In response to emptywheel @ 38

Yep, that’s a good characterization of my kids approach. They saw it as a challenge with a great payoff: they could get privacy from each other and from me. After all, I am the NSA to them!

bmaz April 13th, 2014 at 2:43 pm

Hi Julia, welcome to Book Salon!

One of my friends (either Chris Sogohian or Julian Sanchez I think) yesterday said on Twitter that if Google and Microsoft were to put their weight behind serious dragnet/collection reform, both Congress and the White House would get serious in line. But they have not, and instead have remained relatively silent in spite of the tangible economic damage that is being done to them and their tech brethren by the government’s relentless programatic overcollection.

What can citizens do to press the tech companies into doing what is already in their own interest to do?

Any further comments in this area?

spocko April 13th, 2014 at 2:45 pm

This is a question for both Julia and Marcy. I’m talking to a lot of people about the Trans Pacific Partnership. Specifically some of the provisions involved in lowing food safety standards.

These documents are top secret. Even our congress people can’t see this info. However some of the people at the trade groups and lobbying firms who are advisers can. And they are worried.

Let’s say hypothetically I have two insiders who are familiar with the portion of the text that shows the problems that will lead to deaths from imported food. They are asking me how to securely communicate with journalists and experts.

They are not only afraid of their own government and breaking that laws but they see how whistleblowers have been destroyed financially and personally. They are in an industry that sued Oprah, and passes ag gag laws.

Right now I’m advising them to create encrypted keys, but it’s not something easy and the journalists don’t even know how to do or understand how much data they send out in other ways.

Also I’m they are looking for advice on how to expose the info without exposing themselves, their friends and put them under massive surveillance.

CTuttle April 13th, 2014 at 2:46 pm
In response to Julia Angwin @ 47

After all, I am the NSA to them!

That’s hilarious, Julia…! ;-)

Julia Angwin April 13th, 2014 at 2:48 pm
In response to bmaz @ 48

I think it may have been Trevor Timm’s column that said that the tech companies could work harder to fight government surveillance: http://www.theguardian.com/commentisfree/2014/apr/12/silicon-valley-nsa-reform-taking-so-long

One way to encourage the companies to take the issue seriously, is for consumers to vote with their feet. I know it’s not possible for everybody, but I quit using Google, I left a shell page on Facebook, I deleted my LinkedIn account, and when possible, I have switched to smaller tech providers that are aimed at protecting my privacy.

I think of it as similar to recycling. Recycling didn’t change the world overnight, but kids forcing their parents to recycle did help change the political debate over time.

emptywheel April 13th, 2014 at 2:50 pm
In response to spocko @ 49

A number of media outlets (including The Intercept) have SecureDrop up and working. Here’s the Intercept’s:

https://firstlook.org/theintercept/securedrop/

Basically what it does it provide a way for people to use Tor to hide their identity entirely. But once you get a Secure Drop item, you can write back to the person that way.

As with all security it takes some work, and one has to find ways to use Tor safely. But that is what works.

As I understand it, some members of Congress are also considering SecureDrops for whistleblowers.

joelmael April 13th, 2014 at 2:51 pm

I want to quite yahoo mail. Is there an email provider that protects one at least from commercial snoops?

Julia Angwin April 13th, 2014 at 2:51 pm
In response to spocko @ 49

The best way to leak secret documents is to use the postal mail and send to a trusted journalist. The second best way is to use Tor and a secure drop box such as https://securedrop.propublica.org/ at my journalistic organization. PGP encryption can be a good way to communicate, but as you have learned, it is difficult to use and it still reveals metadata.

Julia Angwin April 13th, 2014 at 2:53 pm
In response to joelmael @ 53

Sadly, it’s not easy to find a privacy-protecting e-mail provider. I use Riseup.net – but it is a small service run by a collective and you need to get invited to join. I believe there are some other options listed here: https://prism-break.org/en/

tuezday April 13th, 2014 at 2:58 pm

Julia, I use ad block, ghostery, https anywhere, better privacy, a white list and my cookies clear automatically every time I shut down Firefox. Is all of this doing me any good?

I started using Firefox when it was still in beta, so I’ve been at this for awhile.

I’m assuming I’m at least confusing the picture, as my 120 pound self regularly gets mail from Catherine’s.

joelmael April 13th, 2014 at 3:00 pm

I remember my mother crying the day Roosevelt died. I willingly, nay proudly, served in the service in the 1950′s. It just never occurred to me that it would happen here, that, I would see my own democratic government as an adversary. Bad feeling.

emptywheel April 13th, 2014 at 3:00 pm

Julia:

With the OpenSSL debacle, there has been some rather rash comments about the open source community. And while open source doesn’t perfectly coincide w/privacy protections, there is a significant overlap there.

Can you talk about the difference between more commercial products and open source ones?

And can you talk about your efforts to make sure you were supporting the products you used? I think it’s an important part of this balance.

Julia Angwin April 13th, 2014 at 3:01 pm
In response to tuezday @ 56

Tuezday – That’s an impressive regime. I would only add two features – stripping out referer headers and blocking Flash and other plugins from loading without explicit permission. I’ve been using a new Web browser – the Aviator browser from White Hat Security – that has those features built in. But you can also adjust those settings in Firefox.

spocko April 13th, 2014 at 3:02 pm
In response to emptywheel @ 52

Their current plan is to keep their mouths shut. Like the people at GM, they only see downsides in speaking up, no protection for them, no gratitude from the government or their industry for saving lives.

There are no financial rewards for protecting the public health, their congress person is lobbied by the industry to believe the industry who pays them vs. some snitch. They only see financial and personal punishment in the future.

On the press side the people they have talked at the NYTimes seem to be more concerned about hearing the industries point of view, which would open them up to identification. They have looked at the New Yorker securebox method, but haven’t got a response.

There seems to be a desire to wait until it is revealed in some official fashion, which by then will be too late to educate and protest.

If the proposed changes in lower food safety rules go through, there will be more deaths. At that time they could pop up and say I told you so. But that’s not a lot of help to the dead, plus the link back to the people who worked to make it possible is severed. Plus they can claim there was never any intention to hurt anyone, that nobody could have anticipated that lowering international food safety regulations would lead to sick and dying people in the US.

tuezday April 13th, 2014 at 3:03 pm
In response to Julia Angwin @ 59

I block flash too. I will investigate the headers issue. Thanx.

gigi3 April 13th, 2014 at 3:04 pm
In response to Julia Angwin @ 55

I’m currently participating in Beta trail with StartMail (Ixquick). It uses email encryption. Are you familiar with this? If so, what is your opinion?

Julia Angwin April 13th, 2014 at 3:05 pm

Marcy – Great question about open source.

I am very conflicted about open-source software. I believe that keeping the code open is the only way that we will be able to verify that we the software we depend on doesn’t contain bugs like Heartbleed. But that will only happen if we support the programmers who work on open-source projects.

In my opinion, it’s criminal that we spent more than $50 billion on intelligence agencies that snoop on us and the world, and we literally don’t fund open-source projects like OpenSSL at all. OpenSSL is basically critical infrastructure and its run by four core programmers, only one of whom calls it his full-time job.

I believe that if we want the benefits of open-source, we have to fund it. And that’s why I make a point of donating money to all the open-source projects whose software I use – such as Riseup, Disconnect, etc.

CTuttle April 13th, 2014 at 3:10 pm
In response to tuezday @ 61

Can you still view youtubes, tuez…?

Julia Angwin April 13th, 2014 at 3:10 pm
In response to gigi3 @ 62

Gigi3 — I also plan to join the StartMail beta to try it out. However, I do have a concern about being a US resident and using an overseas e-mail provider: it opens me up to even more governmental surveillance from my government and others.

Inside the US, the NSA is not supposed to surveil US residents except under certain conditions. Now, we know they have violated those rules.

But there are literally *no* rules overseas. Once your data leaves the country, it’s fair game for the NSA, not to mention other governments that might think twice about trying to spy on you inside the US.

And so, I have made the reluctant decision to use primarily US-based technology – even though there are some great services overseas.

tuezday April 13th, 2014 at 3:11 pm
In response to CTuttle @ 64

Yes, I can opt to only allow flash to work once or always at any particular site. I use the one time only option.

On edit: There is a link over the video asking if you want to allow flash.

emptywheel April 13th, 2014 at 3:12 pm
In response to Julia Angwin @ 63

I read a good piece — I’d have to go look on my other computer — basically pointing out how stupid it is that NSA didn’t find this (assuming we believe NSA’s claim they didn’t know about Heartbleed before this month, which oddly in this case I do).

Julia Angwin April 13th, 2014 at 3:12 pm
In response to CTuttle @ 64

I’ve just set it up as “click to play” for Flash. So if I want to watch YouTube, I can. But it blocks Flash from loading automatically.

Julia Angwin April 13th, 2014 at 3:14 pm
In response to emptywheel @ 67

If NSA didn’t find Heartbleed, then you have to wonder how seriously are they taking their cyberdefense mission?

CTuttle April 13th, 2014 at 3:15 pm
In response to Julia Angwin @ 68

Mahalo, Julia and tuez…!

DaveMoore April 13th, 2014 at 3:15 pm
In response to emptywheel @ 52

I personally don’t think it is a good idea to trust your congressman. I retired form the Library of Congress and contacted Sen Grassley regarding a comment he made about secure book areas. I contacted him and told to go to Deck B of the Jefferson Building (Rare Books) and look at the Susan B Anthony Collection and Romanoff Collection. The Librarian never fixed the rood and instead hung plastic sheets over the rare books, which were slowly being ruined. Instead of doing what I suggest, he sent my letter to the IG to forward to the Librarian. Luckily I had a working relationship with the investigator who intercepted it. Congressmen make deals with agencies every day. Grassley, by the way, was the one who outed Sybil Edmonds.

tuezday April 13th, 2014 at 3:17 pm

Julia, do you cover mobile banking in your book? Personally, I’m skeptical of banking in the ether where anyone can pick up a radio signal. Albeit, my tinfoil hat is known to get too tight.

Julia Angwin April 13th, 2014 at 3:17 pm
In response to spocko @ 60

Spocko -

That’s unfortunate. I would encourage your friends to look beyond just the big mainstream media to find an outlet. It’s often best to find a journalist who is already covering something similar to this topic.

I’m always sad when the threat of government surveillance prevents people from speaking freely. This is the true cost of our Dragnet Nation. Even if people don’t care about their own privacy, they should care that government surveillance is preventing journalists from getting the truth and holding government accountable for its actions.

bgrothus April 13th, 2014 at 3:17 pm

I am not very astute in these matters, but I have used DDG and have no issue with them, but as soon as I search for something there and then go to a web site from there, am I not right back in the system with my searches and info going into the info gathering net?

emptywheel April 13th, 2014 at 3:18 pm
In response to Julia Angwin @ 69

That was pretty much the point. And a whole bunch of USG sites use OpenSSL too. Of course, plugging holes rather than leaving them open and spying on everyone isn’t as fun, is it?

It will be interesting to see if anyone can substantiate claims that someone had found that hole, because if it wasn’t NSA and it was another state we will have an interesting conversation about security.

Julia Angwin April 13th, 2014 at 3:20 pm
In response to tuezday @ 72

Tuezday –

I don’t cover mobile banking in my book. But I personally don’t plan to do any mobile banking until I have a better way to audit the traffic flowing in and out of my phone. I find it incredibly frustrating that many of the tools I use on my computer – HTTPS everywhere, Disconnect, etc. – cannot be used on my phone, and so I cannot verify where my information is flowing.

gigi3 April 13th, 2014 at 3:20 pm
In response to Julia Angwin @ 69

fwiw, Bloomberg alleges NSA knew about Heartbleed and regularly used it for at least two years in order to “gather critical intelligence.” Anonymous sources.

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

spocko April 13th, 2014 at 3:22 pm
In response to Julia Angwin @ 54

“A trusted journalist” hmm. You mean someone who aided and abetted Snowden?

“To the extent that you have aided and abetted Snowden, even in his current movements, why shouldn’t you, Mr. Greenwald, be charged with a crime?” -David Gregory

This person doesn’t want to be the target of a multibillion dollar industry bulls-eye. And the NSA can be used by the Obama government to go after the journalist and the person with the documents because this involves international trade deals. Obama’s gov can push to compel people hiding their identities. Or the NSA can go back over all the meta data from the connections prior to when they figured out this was scary stuff that they could go to jail for.

As you found out, people unknowingly share data all the time, Even if you are good, the person you talk to might not be good or the next and we know that NSA does 2 and 3 hop connections.

Julia Angwin April 13th, 2014 at 3:22 pm
In response to bgrothus @ 74

Bgrothus – Yes, when you browse the Web unprotected you are most likely being tracked. However, with a few simple browser add-ons, you can block much (but not all) of it. I recommend Disconnect and HTTPS Everywhere as a bare minimum. http://juliaangwin.com/privacytoolshowtosafelybrowsetheweb/

emptywheel April 13th, 2014 at 3:22 pm
In response to gigi3 @ 77

Yes. The Govt issued a denial that was uncharacteristically solid on Friday. I am as skeptical as anyone of the tripe that comes out of ODNI, but IMO the denial in this case was qualitatively different than their normal denials.

emptywheel April 13th, 2014 at 3:24 pm
In response to Julia Angwin @ 79

I feel like (and felt like, when i was reading the book, though that was before the web was live I think) you should also put out a CD that links up all your how-tos. Cause those pages are tremendously helpful.

bgrothus April 13th, 2014 at 3:24 pm
In response to Julia Angwin @ 79

Thanks, I am in pre-school on how to do all of these things, so I will follow your lead.

gigi3 April 13th, 2014 at 3:26 pm
In response to emptywheel @ 80

I’ll trust your judgment – haven’t found it to be wrong yet.

Julia Angwin April 13th, 2014 at 3:27 pm
In response to emptywheel @ 81

I am trying to compile all my tips in one place online: http://juliaangwin.com/privacy-tools/

I am still adding to the list. I still need to write a post on how to use fake identities, and least painful ways to use encryption!

Julia Angwin April 13th, 2014 at 3:28 pm
In response to gigi3 @ 84

Marcy is pretty much right about everything.

emptywheel April 13th, 2014 at 3:29 pm
In response to Julia Angwin @ 85

Oh! I forgot to have you explain Ida Tarbell! Thanks for the reminder!

gigi3 April 13th, 2014 at 3:29 pm
In response to Julia Angwin @ 86

Yes, she is.

tuezday April 13th, 2014 at 3:30 pm
In response to Julia Angwin @ 76

Julia, that has been the biggest reason I’ve been slow to adapt to mobile devices. I have no control, or very little. We do have a burner, and I have an iPod touch which does everything an iphone can do except it doesn’t have GPS (it does have a wifi locator but can be off by miles) and I can use it as a phone without signing up with the likes of AT and T. I don’t use email on it and have never even gone to the credit unions website with it cause I can’t see what cookies it’s storing, among other things.

Personally, the only cloud I’m interested in is the external drive on my desk.

CTuttle April 13th, 2014 at 3:33 pm
In response to Julia Angwin @ 86

*heh* Even when she mentions blowjobs, Julia…! ;-)

emptywheel April 13th, 2014 at 3:33 pm
In response to Julia Angwin @ 86

LOL, Thanks!

I don’t think the NatSec types buy that. But I have spent an unbelievable amount of time wading through the propaganda since June.

Julia Angwin April 13th, 2014 at 3:34 pm
In response to emptywheel @ 87

Ida Tarbell is my favorite topic of all! Ida is a journalist heroine of mine from the turn of the century, who wrote crusading and revelatory articles about Standard Oil’s abuse of its monopoly.

She is also my online alter ego. I realized that there were some tasks that couldn’t be done with just technology alone. So I set up an identity for Ida Tarbell. She has an American Express card, a cell phone, a postal address, an Amazon account, an email address and an OpenTable account. Her identity allows me to conduct online and offline commerce without exposing my identity.

It’s worth pointing out that everything I did was legal :-)

emptywheel April 13th, 2014 at 3:34 pm
In response to tuezday @ 89

Julia even used a Faraday cage for a period during her work on the book.

I’ve gotten a lot more neurotic about turning my WiFi on and off on the phone, because that kind of tracking has already gotten commercialized in shopping areas.

bmaz April 13th, 2014 at 3:38 pm

What issues do you see coming with the conversion of television from cable/broadcast to internet supply?

tuezday April 13th, 2014 at 3:38 pm
In response to emptywheel @ 93

Ha. I leave the ipod at home unless I’m walking the dog and take the, useless for commercial purposes, burner when I go shopping.

emptywheel April 13th, 2014 at 3:39 pm
In response to Julia Angwin @ 92

Yeah I really empathized with your description of overcoming the taboo against lying to set her up. I’m the same way — I have a real aversion to lying.

Don’t people ever say, “hey, wasn’t Ida Tarbell a famous journalist”?

spocko April 13th, 2014 at 3:39 pm
In response to Julia Angwin @ 73

Well that has happened as well. The fear response they get from the smaller players is even greater. The ones who cover the industry have close ties to the players and know how powerful they are. They don’t have the resources of a Guardian yet they know the issue better than anyone.
Plus the industry experts are all mostly compromised. They are mostly paid by the industry. The non experts are out of the loop and haven’t even formed opinions on the docs they can’t see.

Why would anyone want to get in the way of the revenues of a multibillion dollar industry deal? An industry that works closely with their “regulator” to direct regulations in their favor, but not in the favor of the health and safety of the American People.

One of the people, who works in a regulatory position, has info about specifically how people in private industry trick the government and allows unsafe food to come into the US, but won’t talk either.

The balance is their current positions and life vs. some dead kids in the future vs. lobbyist money, diffused responsibility.

Julia Angwin April 13th, 2014 at 3:39 pm

The commercialization of tracking via your Wi-Fi signal is particularly annoying to me. Anyone can set up a device to identify the wi-fi transmissions of cellphones passing by. I tried to opt out of the cellphone tracking services, but it’s hard to find a good list of them and not all of them opt out. So I ended up turning of Wi-Fi altogether.

You can see a list of location tracking companies here:
http://juliaangwin.com/privacy-tools-mask-your-location/

bmaz April 13th, 2014 at 3:40 pm
In response to emptywheel @ 93

Yes, I never have WiFi or bluetooth enabled on my phone unless absolutely needed for some immediate purpose (usually tethering my laptop).

Get out with the Faraday cage, that is humor, eh??

Julia Angwin April 13th, 2014 at 3:40 pm
In response to emptywheel @ 96

Sadly, no one has ever said “hey, wasn’t Ida Tarbell a famous journalist” at any restaurant or store where I’ve used the card. Clearly she is not famous enough! I am trying to rectify that, though :-)

greenwarrior April 13th, 2014 at 3:41 pm
In response to emptywheel @ 93

What does it do for you to turn off the WiFi and what do you lose? I got my first smart phone the day before Thanksgiving.

I don’t know that I even qualify as a pre-schooler in this arena (hat tip to bgrothus).

Julia Angwin April 13th, 2014 at 3:44 pm
In response to bmaz @ 99

Unfortunately, the Faraday cage is not humor. I use this one: https://offpocket.com/

It’s kind of ridiculous that you have to put your phone in a metal cage in order to ensure that it is not transmitting without your knowledge. But sadly, ever since the CIA CTO said that he could track people’s cellphones even when they were off, I have felt that the Faraday cage is the best last resort against spying.

tuezday April 13th, 2014 at 3:44 pm
In response to Julia Angwin @ 92

I take it you were able to open all these accounts without a SS#, even at AMX?

Julia Angwin April 13th, 2014 at 3:46 pm
In response to greenwarrior @ 101

I haven’t missed Wi-Fi. I’ve not noticed any difference in the performance of my phone after turning off Wi-Fi. But I live in NYC where the cell phone coverage is pretty good. It might be more noticeable in places where the cell signal is weak.

emptywheel April 13th, 2014 at 3:47 pm
In response to greenwarrior @ 101

What people do, from Google to local malls, is collect the WiFi pings of people walking by with WiFi on (basically when your phone picks up the signal the WiFi can ID your phone).

That provides them a way to track who has been where. Cops use it to find out who attends protests. There was a big deal when Ukraine, before Yanukovych’s ouster, basically sent messages to people’s phones letting them know they had been tracked at the protest. But here, they simply don’t tell you, don’t ask for permission.

Julia Angwin April 13th, 2014 at 3:48 pm
In response to tuezday @ 103

I did not provide a SSN# for Ida Tarbell. I did, however, provide Amex with my real name. I simply added Ida as an additional cardholder on my account. So Amex knows that I pay Ida’s bills. But there is no reason that every other merchant needs to know my identity when I am shopping – so I am still protected against most of those folks.

tuezday April 13th, 2014 at 3:50 pm

Actually, anything with an RFID chip in it, like a passport, transmits all the time and needs to be covered in metal. Or in the case of a passport, a few seconds in the microwave will disable it (or so it was said when RFID chips were first being used in passports).

emptywheel April 13th, 2014 at 3:50 pm
In response to greenwarrior @ 101

The thing you gain from using WiFi is better reception for streaming services (like Pandora, for example). But they will track you and there are malicious WiFi signals out there.

I’ve gotten a lot more neurotic about using unknown WiFi (the big plane WiFi service brags that it shares info with law enforcement, and that’s a project Canada’s NSA did experimentally before, to track movement across locations).

BevW April 13th, 2014 at 3:52 pm

As we come to the last minutes of this great Book Salon discussion. Any last thoughts?

Julia, Thank you for stopping by the Lake and spending the afternoon with us discussing your new book, and the surveillance state we are in.

Marcy, Thank you very much for Hosting this great Book Salon.

Everyone, if you would like more information: Julia’s book/website and Twitter. Marcy’s website and Twitter.

Thanks all, Have a great week. If you would like to contact the FDL Book Salon: FiredoglakeBookSalon@gmail.com

tuezday April 13th, 2014 at 3:52 pm
In response to Julia Angwin @ 106

That makes sense. I guess, not having kids, setting up subaccounts would not occur to me.

Julia Angwin April 13th, 2014 at 3:54 pm
In response to emptywheel @ 108

I’ve stopped using public wifi altogether. I now carry a MyFi device to connect to a cell signal wherever I am at. Of course, it’s expensive – it costs $35 a month.

And that’s why I’m worried that privacy is becoming a luxury good.

emptywheel April 13th, 2014 at 3:54 pm
In response to tuezday @ 110

I don’t have kids either. Definitely got the feeling that that changes your mindset on privacy too, worrying about the kids.

emptywheel April 13th, 2014 at 3:55 pm
In response to Julia Angwin @ 111

Right–I do the same mostly.

Julia Angwin April 13th, 2014 at 3:55 pm

Thanks to Marcy and all the guests for the great questions. And thanks for Bev for making it all happen. Have a great week!

spocko April 13th, 2014 at 3:55 pm
In response to Julia Angwin @ 102

I’m a big Science Fiction fan, and a lot of the issues discussed here are brought up in Cory Doctrow’s books Little Brother and Homeland.
They are interesting to read and it involves people understanding how to use the various surveillance technology for their own purposes as well as subvert the technology used against them.

If you want to go deeper in fiction, Neal Stevenson’s Cryptonomicon is fascinating and talks about the levels that determined people can go to detect “sig int” (signal intelligence)

I also read a lot of non-fiction on this topic and talk to some people working in the industry (who worked for the NSA or within big ISPs and Software providers)

You find that sometimes low tech is best, that social engineering (lying to people and tricking them) is often an easier way to get data from people than the high tech tricks.

emptywheel April 13th, 2014 at 3:55 pm

Julia

Thanks for joining us, and thanks for a very timely and accessible book. I wish you the best of luck with it.

CTuttle April 13th, 2014 at 3:56 pm
In response to BevW @ 109

Mahalo Nui Loa, Bev, Julia and Marcy, for all your many prolific and prodigious efforts…! *g*

tuezday April 13th, 2014 at 3:56 pm

Thanks everyone for a great book salon.

For the record, I do turn on some tracking on blogs I like, like FDL and Marcy’s place, so they get credited for my presence.

Julia Angwin April 13th, 2014 at 3:58 pm
In response to spocko @ 115

Agreed that science fiction is one of the best ways to dive into this topic. Another book that describes a fascinating privacy dystopia is Gary Shteyngart’s Super Sad True Love Story.

emptywheel April 13th, 2014 at 3:58 pm
In response to spocko @ 115

One of my favorite revelations from the Snowden docs is that an Iranian Republican Guard Yahoo account got overloaded with spam and the NSA had to detask. I put together that that happened during the time when the “Scary Iran Plotter” — the used Car Sales man who tried to kill the Saudi Ambassador, allegedly, was calling Iran and trying to set up his collaborators. There are reasons to question the narrative the govt gave us about the Scary Iran plotter, and I think the spam-detask may have served to hide whatever State that knows our ways didn’t want us to know what was really going on.

Julia Angwin April 13th, 2014 at 3:59 pm
In response to tuezday @ 118

Good point! I’ve also white-listed sites like FDL so they can track me (within reason!)

emptywheel April 13th, 2014 at 4:00 pm
In response to tuezday @ 118

Thanks! Sorry my ads aren’t all that sexy!

Elliott April 13th, 2014 at 4:03 pm

Thank you both very much for such an informative discussion. Sad that it’s come to this, that we fear our own government – and that they apparently fear us. You gave us a lot of good advice on how to reduce their snoop.

Good luck with the book!

and thanks BevW! – as always.

Sorry but the comments are closed on this post