Abstract
1. Google listens to your every word
One of Google’s coolest features is its voice search but rather creepily you can activate it just by saying “OK Google” to your device. Does this mean it is permanently listening? In fact, you need to have enabled voice detection in Google’s settings for this to work. It is enabled when there is a filled-in microphone icon at the right end of the search box and it constantly listens out for you saying OK Google. If you are signed into your Google account, a short audio clip is saved. You can see what they have on you – and delete it – at history.google.com/history/audio. Other devices, such as smart TVs and Xboxes, have similar voice features but these need to be enabled to work. However, many use third-party voice recognition software providers to interpret commands and what you say will be transmitted to those companies.
2. Your phone is tracking you
Yes, it is. Mobile networks can locate you easily by measuring the relative strengths of the signals received from your device by nearby masts using a technique called triangulation. The issue is that the networks also record this information, as was revealed from a freedom of information request by a German Green party member called Malte Spitz. German weekly newspaper Die Zeit turned the information Spitz received from the German telecommunications company Deutsche Telekom into an interactive map which showed him clearly driving along roads, taking public transport and walking along streets.
It is not only networks but also devices which record your movements. Apple’s iPhone includes a feature called frequent locations that tracks “places you have recently been, as well as how often and when you visited them, in order to learn places that are significant to you”.
It can quickly identify your home and workplace from the amount of time you spend at them and when. Apple says it is used to provide personalised services and is only held on the phone itself. You have to turn it on before it can track you, and to turn it off you need to go into Settings > Privacy > Location services > System service.
3. A Faraday cage will secure my phone
When Edward Snowden was in Hong Kong, he famously asked visitors to place their phones in the fridge. The idea was that the fridge would act as a Faraday cage, a closed grid of metal blocking radio signals, but this only works from the point the phone is placed in your fridge (and it may well be leaky and not work well). As we saw above, the networks can still track the phone until it disappears into the fridge, and when it reappears. So the tracker would be able to have a good guess at where you are. The desire to have secure mobile comms has led to the development of the Blackphone, a new enterprise-level device from Swiss company Silent Circle, which runs on a custom version of Android called Silent OS and encrypts voice, video and texts on the device as standard.
Credit: Ben Tallon
4. Air gaps make computers secure
High-security operations, such as the military or nuclear installations, often use air-gapped computers – ones that are not connected to any external networks, particularly the internet – to improve security. The idea is that the computer cannot get infected by malware or other viruses since the computer can only receive data and files through USB sticks or being hardwired to other computers on the network. However, in 2010, it was revealed that USB sticks had been used to infect air-gapped computers in nuclear installations in Iran with the Stuxnet worm. More recently, researchers at Ben Gurion University in Israel have demonstrated a proof of concept for a technique known as AirHopper, which allowed them to gain access to an air-gapped computer through a nearby mobile phone by intercepting radio waves from the monitor.
5. Your laptop camera is spying on you
Possibly. Programmes usually have to ask for explicit permission to use the webcam or microphone on your computer and this is the default setting. However, certain types of malware target this permission dialogue and can bypass the permission request, as Miss Teen USA 2013, Cassidy Wolf, found to her horror when a stalker secretly took naked pictures of her at home by hacking her computer and activating the webcam. The surest way to protect against such attacks is perhaps the lowest tech – stick a piece of tape over your camera until you need to use it.
6. Using a virtual private network (VPN) makes communication secure
Dissidents and others who want to access banned websites or forums often use VPNs to get around obstacles such as the Chinese firewall.
A VPN – a means of sending data securely across public networks – is a little like an undersea tunnel: it connects the two ends and traffic can pass along it without anyone along the route being able to see what is being transmitted. Any attempt to break into the tunnel is futile as it gets flooded. Another advantage of a VPN is that many offer the possibility of being anonymous.
VPNs rely on a number of techniques to stay secure. Client software on your local device and software at the server are authenticated while data passing through the VPN is encrypted by the sender and decrypted by the receiver. Transmissions also often include measures to ensure integrity which will reveal if the data has been intercepted in transmission.
So can you really remain anonymous? Some VPNs that promise anonymous access also show in their small-print terms that they log any activity that you get up to while connected through their service. Of those that claim not to log activity, many would reveal information about their users if served with a valid court order. Some also doubt that providers who claim they do not log activity are not being secretly monitored by security agencies.
7. Encryption systems like the Pretty Good Privacy (PGP) work
Most of the encryption techniques used today to keep communications secure rely on asymmetric cryptography, a system that uses two keys – essentially numbers – which are mathematically related to encrypt and decrypt information. The popular email encryption system PGP uses asymmetric cryptography as one of its encryption steps, while the technique is also at the heart of the RSA security system used by many companies.
The security of such systems lies in the mathematics. In the case of RSA, the security comes from the fact that it is easy to multiply two large prime numbers together to work out their product but fiendishly difficult to work out the two original numbers from the answer. Early versions of such systems have been compromised as computing power to work out the answer by brute force has become cheaper and faster.
The worry has been that security organisations like the US National Security Agency have worked out shortcuts to these mathematical problems. Snowden’s revelations appear to confirm that properly implemented encryption systems can still keep traffic secret but that the NSA exploits vulnerabilities elsewhere.
Highly secure technologies do exist but, as governments get more interested in what their citizens are doing, demand for technology to help keep the communications of dissidents, journalists and others with a need for privacy is rising. However, what Edward Snowden has made abundantly clear is that even if perfect technology exists, there are many weak links that can be exploited – vulnerable individuals and compliant and complicity corporates who routinely hand over details of what has passed over their networks. In light of this, is it perhaps time to ditch the technology and go back to the old-fashioned methods of secret communication? Invisible ink anyone?
© Mary Frary