Talk and Chat Privately - Take Control of Your Online Privacy (1.1) (2014)

Take Control of Your Online Privacy (1.1) (2014)

Talk and Chat Privately

I am old enough to remember the days when, if someone wanted to converse with another person who wasn’t nearby, both people would talk into analog devices called “telephones” to have real-time audio conversations. Perhaps you’ve seen such devices in old movies or read about them in antique documents called “books.”

I kid, but analog telephones are rapidly on the way out. My home phone, which I used to refer to as a “landline,” bypasses the phone company altogether and relies on a box that plugs into my broadband router. I happen to use Vonage for my home VoIP (voice-over-IP) telephone service, but I could have chosen a similar service from my broadband provider or from any of numerous other companies. In other words, for me, telephone service is a variety of Internet service.

And then there’s my smartphone, which is almost never out of reach. I use it for conventional audio phone calls maybe once a week on average. Of course, I constantly use it for email, instant messages, SMS, Twitter, and video chats—most of which, again, travel over the Internet—and even those occasional audio calls are more likely than not to use a VoIP app such as Skype.

Meanwhile, my computers and tablets have software for a long list of services that provide real-time text, audio, and/or video communication—not just Skype but also Google+ Hangouts, AIM (AOL Instant Messenger), Apple’s FaceTime and Messages, and numerous others you may or may not have heard of, to say nothing of the chat services built into games, Facebook, and other social networking services. Xbox, PlayStation, and Nintendo game consoles all support messaging and voice chat too.

The question is: How private are any of these real-time communication services?

Understand the Privacy Risks of Real-Time Communication

One of the best ways to acquaint yourself with the risks of real-time communication is to watch the HBO TV series The Wire. Yes, all five seasons. (Go ahead and do that, if you haven’t already, and then come back to this page.)

I’ve mentioned The Wire because a lot of it has to do with electronic surveillance (hence the name)—but the main target of this surveillance is ordinary mobile phones. On the show, law enforcement agents need both special equipment and legal permission to monitor the mobile phone use of suspected criminals. But the process ultimately poses little technological challenge, and the people being monitored have no way to know their conversations aren’t private.

Now, think about that and consider the fact that monitoring real-time communication over the Internet is potentially easier. And, although government and law-enforcement entities have greater access to this sort of data than ordinary citizens, professional hackers and even casual snoops likely have the capability to see (or hear) far more of this data than you might suspect.

As with everything else I’ve discussed in this book, precisely what that means to your personal privacy depends on what you say and to whom, but in principle there’s almost no limit to your potential risk. However, let me now backpedal a bit and point out a few mitigating factors:

· Audio data is more difficult to store and analyze than textual data, and video data poses a bigger challenge than audio data. Because of the sheer inconvenience of dealing with such large amounts of data, it’s far less likely that your audio or video calls will be kept or searched than email, text messages, or chats. Of course, if your VoIP connection were compromised, a computer could attempt to transcribe every word of a conversation and turn it into conveniently searchable text without having to store the audio or video itself. So although there are no guarantees, on the whole, I consider voice and video communications over the Internet to be safer than any sort of text-based communication.

· The previous point notwithstanding, available technical details and anecdotal reports suggest that Apple’s encrypted iMessage service—which can be used for text messages and file transfer between Macs and iOS devices—is highly resistant to hacking and eavesdropping. (See the sidebar just ahead for more information.)

· Communication that takes place entirely over the Internet (for example, Skype-to-Skype calls or FaceTime chats) or entirely over analog phone lines is probably safer than communication that crosses between the two (such as using Skype or a VoIP service to call a landline phone) because calls that traverse multiple networks have more potential points of interception.

Security in iMessage and Other Apple Services

If you’re curious to learn exactly what security measures Apple uses with iMessage, iCloud Keychain, and other services, you can find them in the PDF iOS Security, which also applies somewhat to Macs. For a less technical summary of the iCloud Keychain portion of this document, read Rich Mogull’s TidBITS article How to Protect Your iCloud Keychain from the NSA.

And, to learn much more about how iCloud Keychain works and how to use it, see my book Take Control of iCloud.

Improve Your Real-Time Communication Privacy

If you have money to burn and a powerful need for a “secure line,” you can buy secure telephones (landline) or crypto telephones (mobile) with built-in hardware encryption. There are also various hardware and software products (for example, Silent Circle) that can work with existing phones to achieve the same effect. But end-to-end encryption means both parties will need interoperable equipment or software.

For the purposes of this book, I’m assuming you don’t need such a heavy-duty solution. For improving your day-to-day privacy in real-time communication, I suggest the following:

· Read the privacy policies. Your mobile carrier, ISP, VoIP provider, instant messaging service, and other such companies will have boring pages of legalese, but you should at least be able to scan them to see if the services encrypt your data, and under what circumstances they may share your information with others.

· Use encryption when available. Encrypted connections don’t necessarily mean that no one can eavesdrop. For example, Skype (now owned by Microsoft) encrypts communication but recent disclosures suggest the service has back doors that make the contents of calls (even audio and video) available to the U.S. government. Even so, more protection is better than less. But that brings me to…

· Use obscure products. Tens of millions of people use Skype and AIM, making them attractive targets for both official surveillance and hackers. Newer and less-popular communication services—more of them are popping up all the time—might not be large enough to attract that sort of attention. Of course, they also may not have the expertise or resources to engineer or operate a high-quality service.

· Favor higher-bandwidth communication. All things being equal, if circumstances permit, choose video before audio, and audio before text—simply because anything other than text makes it less convenient to capture, store, and analyze your conversation (and all the more so if it’s encrypted). Remember, none of this means audio or video is entirely safe from snooping, but the odds are more favorable than when using text-based communications.