Just yesterday I chatted with a local news outlet concerned about the security of their reporters and their sources should they report on abortion.

I'm more pleased than I can fitly express to see the entirety of that list among the suggestions I made to them.
posted by humbug at 6:33 AM on July 7, 2022

eponysterical?
posted by lalochezia at 7:22 AM on July 7, 2022 [7 favorites]

Thank you for sharing this-- important stuff
posted by travertina at 8:18 AM on July 7, 2022

Thank you for sharing this, these are great suggestions. This seems like a good a place as any to drop this article which I read recently, about just how much surveillance is packed into modern cars and how little we are able to opt out of it (and how much it will impact those seeking abortion): Your Car Is Tracking You Just As Much As Your Smartphone Is - And Your Data Is At Risk.
posted by stellaluna at 8:40 AM on July 7, 2022 [5 favorites]

I don't disagree with any of this and I appreciate the new perspective. Thanks!

But, DDG isn't all that helpful if you then visit sites with trackers after searching. Two factor authentication is a very good idea. . . but, not really helpful in the case where the government demands records from the company who has your decrypted data. I'm not sure this particular threat model is realistic for most people.

Use Tor/Tails for anything you're genuinely worried about. Pay in cash. Turn off bio logins and power down your cell phone ten blocks from protests.

(Personally, I'm going to be as loud and obnoxious as possible about demanding abortion rights in public using my real name. I'm also a white guy who can afford lawyers.)
posted by eotvos at 9:36 AM on July 7, 2022 [9 favorites]

not really helpful in the case where the government demands records from the company who has your decrypted data.

What data? All of it is going through a VPN that you've vetted and they destroy all of their data after three days. My VPN provider will happily provide them with all the data they ask for...if they have it, which they don't.

I don't know if that would also solve the tracking cookie problem. This isn't really a cohesive model, just a collection of practices. If you think something is missing, go ahead and suggest that without throwing the entire thing out the window first.


Pay in cash

I mean, I pay in cash when I can but this isn't remotely practical in today's world. You may as well be telling folks to forgo internet access entirely.
posted by VTX at 10:12 AM on July 7, 2022 [1 favorite]

Sorry, VTX, I didn't mean to throw the whole thing out the window. I really do like the suggestions here. I really appreciate the post.
posted by eotvos at 10:25 AM on July 7, 2022 [1 favorite]

Ah, so we're talking past each other a bit. It's all good. Carry on.
posted by VTX at 11:15 AM on July 7, 2022 [1 favorite]

What are the possibilities of using the USPS? I would imagine states have no authority to fiddle with federal mail, even with DeJoy still lurking about...
posted by jim in austin at 2:44 PM on July 7, 2022 [1 favorite]

I can’t deduce others’ motives, and even if I could, their motives do not matter when it comes to the effects of their actions.
This is a really important thing to remember in any and all arguments about privacy vs government surveillance. Importantly, motivations change over time and invisibly so that, every time we accept increased surveillance for good motives, we also unknowingly accept that surveillance being used for bad motives.
posted by dg at 6:29 PM on July 7, 2022 [7 favorites]

I created a lot of the tracking/surveillance software used by big telcos. I think the suggestions are nice and well meaning but largely ineffective. This is because DPI at the IP layer can correlate the data well enough to ID you without your cooperation.

Most tracking is done via geo bounded or pen register CALEA requests. You must not carry your mobile phone with you. You must not travel via a telephony enabled car. You must not use any electronic payments. You must not use any internet appliance that you own.

For a normal person this means that you would need to leave all telephony/BT/WiFi electronics at home. Walk to the library one town over. Do your searches, phone calls, etc. walk back.

I think that a normal person will find this impossible. I myself gave up after seeing that I could not defeat the software that we created.
posted by pdoege at 7:25 PM on July 7, 2022 [16 favorites]

What pdoege is saying tallies with the advice that Reporters Without Borders gives for journalists (Digital Safety is Chapter 4 of their safety advice pdf), which includes the phrase "Computer experts note that is has become almost impossible for non-professionals to secure their data permanently".

I'm not necessarily saying don't do the things suggested in the article - but I do think that the way they are framed may give people a false sense of security, that if they do X,Y, Z, then they won't be at risk, when they still are.
posted by Vortisaur at 1:26 AM on July 8, 2022 [3 favorites]

Avoiding cars with telephony is a good first step, but if you really want to cover your bases, you'll avoid cars with tyres...

https://www.schneier.com/blog/archives/2008/04/tracking_vehicl.html

https://web.archive.org/web/20081217160903/http://www.hexview.com/sdp/node/44
posted by Chef Flamboyardee at 1:27 AM on July 8, 2022 [2 favorites]

Even given the power of software, I believe it is still worthwhile to protect ourselves as we may. Here's my reasoning: the fix for that software is actually regulation, and one of the big social barriers to regulation is "oh, people don't actually care, why bother?"

Let's keep showing that we do care. Removes one excuse for not regulating.
posted by humbug at 6:17 AM on July 8, 2022 [2 favorites]

I know someone who knows someone who has to be the police liaison for their organization. This person says that the cops "research" radical events by....scrolling through Facebook, mostly, and searching other social media. They are not internet-savvy, they are not doing shoeleather work, they are not using all the tools available to them to crack down on protests and radicals. And this is not because they don't believe in their mission, it's just because frankly the city would have to pay a lot more and recruit a lot harder to get a really smart, critical-thinking, hard-working police force willing and able to use serious tools to research radicals.

The lesson I take from this is that you don't in fact need to be some kind of ultra elite haxxor to substantially reduce your risk from surveillance, you just need to beat the people who are most likely to be looking for you. If you are in fact some kind of well-known radical journalist or you're doing something extremely and unusually risky and they want to get you, you presumably have to be very smart and careful to avoid surveillance, but if you are an average person doing average things, good-enough is probably going to get you 95 percent of the way there, simply because highly-paid, highly-trained, very intelligent people are unlikely to be looking for you.

This is why sex work is still visible on the internet if you know where to look - technology exists for an absolute crackdown, but you need lots of dedicated, careful, smart people and those people want a lot of money and frankly probably really, really don't want to be cops busting sex workers since frankly you have to be a certain kind of stupid and malicious to want to spend your time that way when you could be making good money doing something else.
posted by Frowner at 9:43 AM on July 8, 2022 [15 favorites]

You could make a lot of money producing a turnkey system that lets even the dumbest cop find and crack down on sex workers (or unaccounted-for pregnancies, or whatever). And I imagine the Palantirs and NSOs of this world are well aware of this.
posted by acb at 10:45 AM on July 8, 2022 [2 favorites]

Like, you could, but then you'd need the city/state to prioritize buying it over buying more weapons, paying overtime, paying insurance premiums, giving raises, etc, and the city would have to have the manpower (I use that word advisedly) to run the software and go out and arrest the people it turns up, and the courts would have to have the judges to prosecute them, plus eventually you're going to arrest a sex worker who gets hired by the mayor or the police chief and then there will be a problem. There are all kinds of subsidiary issues with city and state software contracting that would slow this stuff down, too.

Tyranny isn't frictionless. Also, there was a question on here a few weeks ago where someone was struggling to teach people at their job how to use a new phone app required for the job. The app sounded extremely simple and straightforward to your average mefite, but I can tell you from working with people who deal with a financial system that it is rare that people find a new system simple and straightforward. Even a system which looks extremely simple to Palantir isn't going to look simple to a cop in, eg, Fork Rapids.

My point isn't that things will never change or that they can't get worse, but right now and I think in the medium term future, good-enough security is going to be good-enough for average people doing common things as long as they use it correctly and fairly completely.
posted by Frowner at 11:32 AM on July 8, 2022 [5 favorites]

What are the possibilities of using the USPS?

There is a thriving black market in shipping cannabis and cannabis products around. They all use USPS to do it because they won't open a package for law enforcement without a warrant. The same can't be said of UPS, FedEx, etc.
posted by VTX at 12:46 PM on July 8, 2022 [6 favorites]

Tyranny isn't frictionless.

Damn, Frowner, that is an important point. Thank you.
posted by Bella Donna at 2:17 AM on July 9, 2022

Frowner: "Like, you could, but then you'd need the city/state to prioritize buying it over buying more weapons, paying overtime, paying insurance premiums, giving raises, etc, and the city would have to have the manpower "

We already pay for surveillance cameras at intersections and that money gets funneled straight back into the pockets of the companies that made them.
They can and will get around to things like sex work eventually. We are living in a dystopia and most of the world (not metafilter readers for the most part) doesn't see it.

I told some friends recently about my decision to stop shopping on amazon, with maybe a once a year exception for something I truly can't find elsewhere or an emergency and in every single case the response was "I could never do that" and then they would launch into a discourse about what they loved about amazon.

We're being boiled alive with creature comforts and ease, distracted, not realizing we're trading all of that for abortion rights and privacy and community.

Only one person I know in real life gives even a passing shit about privacy. Hell, people aren't willing to give up amazon, or facebook. I used to be in a nationwide hobby with branches all over, and now all of the groups have gone to facebook and I can't get good data about new groups and events. And all those independently hosted mailing list archives that held valuable hobby instructions and discussions are for the most part gone.

If 99% of the people I know aren't willing to give up facebook and amazon, what hope is there? Everything is broken.

I genuinely want any crumb of hope I can get that we aren't headed straight into the mouth of hell and I can't find it anywhere. The web used to be my safe space. The place where 99% of the world wasn't and it was an escape for freaks and queers and weirdos and sex-workers and academics. Now? Now it's just like what I used it to escape from. And I don't know how to make another thing.

Not only will they find a way to fund that surveillance, but they'll let the companies profit off it--just like traffic cams. The link I posted above is about Rhode Island, but it's like that everywhere.
posted by liminal_shadows at 5:58 PM on July 10, 2022 [2 favorites]

I find it telling that everyone favorited the hell out of Frowner's responses and no one so far favorited acb.

Frowner is factually incorrect that they won't do this--like I said, it's already been done with traffic cameras. The usual deal is, I believe, the company supplies the cameras and then takes most of the cut.

You think the republicans in my family wouldn't jump up and down if their politicians cut a deal like that to surveil abortions or sex workers? Oh they would. They absolutely would. It might even sway them to vote for someone they wouldn't already vote for.

I respect and appreciate what Frowner had to say, primarily in that we have to keep fighting, and a sense of hopelessness is counterproductive for that. If we're going to be beaten, then let's go down fighting and screaming with blood in our mouths (and hopefully more on them).

But never lie to yourself, because that's how they get you.
posted by liminal_shadows at 6:04 PM on July 10, 2022

And one of the ways to go fight and scream is to safeguard your privacy as much as possible. It's especially important to teach younger folk that the world wasn't always this way. Tell them and show them it isn't normal, because all the ones I know can't imagine anything else.

I have to admit, I'm human, and peers matter. When no one I know safeguards their privacy, it's extremely difficult for me to bother. The more of us who do it and talk about it the more normalized it becomes to accept a little (or a lot of) friction in your life for the good in the tradeoff.

I find it troubling in general that this post hasn't sparked more discussion, but not surprising.

It took me a while to respond to this because one of my resolutions is to do less on mobile, because that's more easily tracked. (As a side effect, I sound far more coherent because that's the beauty of a keyboard.) For anyone else reading on your box at home, you can bypass paywalls with this. I think this is only slated to work through the end of the year, but this'll do ya for now. But it won't work on mobile.
posted by liminal_shadows at 6:19 PM on July 10, 2022 [1 favorite]

The point is that it takes time for any tyrannical process to be put into place and bureaucracies have multiple cross-cutting interests. Otherwise, since these technologies do exist and have existed for some years now, why aren't we living under absolute censorship with absolute and instant shut-down of dissent? Why are sex workers still able to maintain any kind of internet presence? It's certainly not because of the scruples of the authorities; rather, it's because it costs money and time to implement surveillance and react to what you learn by surveilling.

I can also tell you that in my both heavily policed and extremely neglected neighborhood, we do not have traffic cameras. You can speed with impunity. In fact "the youth are speeding too much and we don't have enough cops to stop it" is the big pro-cop story this week. If there's anything that isn't happening in the ongoing criminalization of youth, it's the heavy installation of traffic cameras to ticket and surveil. My perception is that this is because our police force is mostly interested in graft, phony overtime and huge salaries, all of which they get from a compliant mayor; they don't need to go to the expense and effort of ticketing people, and indeed if they did improve traffic they'd be less able to scare and bully the city into giving them money. Winning the surveillance war is not in their interest because of local political conditions.

When Trump was first elected, a lot of people, some on here, expected a fascist-paramilitaries-on-every-corner situation to materialize overnight when this was obviously impossible because it was going to take time to organize the people and build the connections. We're only right now, six years later, at the point where there really are constant, effective fascist paramilitary attacks across the US.

If you start from the standpoint of "everyone is either totally happy with the present situation or presenting the Very Darkest Tomorrow" then you'll read my comment as "so everything is great, it's fine that it took six years to build up paramilitaries, don't worry, no need to worry about internet security either".

But the point is that we make different choices if something is happening tomorrow than if it's happening in two years. "The total surveillance state is coming tomorrow and nothing that you can realistically achieve overnight will save you"...hey, that could happen, yes, but that's not what's happening. "The total surveillance state is possible and is held back more by fading norms and bureaucratic prioritization than anything else, so do what you can now and get your ducks in a row for later" is what's happening.

What I object to is the persistent "nothing you, the average user, do to avoid surveillance is at all useful; only leet haxxor shit does any good" when that's obviously untrue. Just because people can surveil you down to the keystroke doesn't mean that they're always watching.
posted by Frowner at 6:53 PM on July 10, 2022 [5 favorites]

I'm a thousand percent with you in the last paragraph, Frowner. One thousand.

I have lived in places with traffic cams and without. My point is never that it's hopeless (even though I often feel hopeless, as stated above). I use duckduckgo (even though google is still my verb of choice), and half the time I use a Tor browser, and have for several years. I use Signal and Telegram (for all its imperfections).

And the news is not always bad. Sometimes fighting for a thing makes it a reality. For example, in the state where I live now, this just happened: vote against traffic cams.

But because it's not happening in your city and not to the youth in your city doesn't mean it's not happening and not a problem and can't or won't escalate. I'll drop this here, because I've said my piece and I think as much as I get the feeling you don't want us to be in agreement because I smell a faint hint of dislike, we are actually in agreement on the bottom line: do what you can, even if it feels like not very much, don't give up, celebrate the victories we do have. Also, as you pointed out, if there's an open and easier way to graft, that always gets picked first and sometimes they stop there.
posted by liminal_shadows at 8:54 PM on July 10, 2022

For what it's worth, liminal_shadows, I do not shop on Amazon, nor do I have a Facebook account -- I ditched FB after the Beacon thing broke. I do other things to protect my privacy -- SpiderOakONE for backups, all the browser plugins, phone mostly in airplane mode, very little mobile-app use, and so on.

I routinely teach others to raise their game too. I'm also fighting my own profession (librarianship) to get serious about its stated privacy values.

Please don't think you're alone.
posted by humbug at 6:39 AM on July 11, 2022 [2 favorites]