I expect serious privacy and civil liberties issues under a Trump presidency. I strongly recommend that you take steps to protect yourself, steps that I will describe shortly.
We now live in conditions that would make the great authoritarians of yore salivate with envy. The government’s ability to monitor us has never been greater. And, as that capability advances, politicians and bureaucrats adjust their understanding of privacy and constitutional liberties in ways that allow them to use it.
The only thing keeping them from defining those things out of existence altogether is the residual respect for constitutionality held by those in key positions. As I argued last week, the evidence of such respect is very scant in the incoming Trump administration.
So, love it or hate it, you must be prepared…
Privacy is your responsibility
No matter who is in charge, the government always find a way to justify new methods to invade our privacy.
For example, the Justice Department’s legal justification for monitoring our emails and phone calls is based on the old-fashioned postal letter. When snail mail was king, the courts ruled that any information on the outside of a letter (addressee, return address, place of posting) was in the public domain and therefore available to government investigators. That’s why the Post Office scans and records every piece of mail in the US every day.
That logic is now applied to the metadata of every call you make and every email you send. It may soon apply to your web browsing history as well. I just don’t trust key Trump appointees to resist that logic. So, this is what I recommend:
- Get Signal and/or WhatsApp for mobile messages: Signal is a sophisticated Swiss messaging app that fully encrypts all your text messages. It requires both parties to use it, so it’s not ideal for everything. However, Moxie Marlinspike, the founder of Open Whisper Systems, the developer of Signal, says there has been a huge expansion in its user base since the election. So you will probably find more Signals in your contact list as time goes on. WhatsApp is an alternative that encrypts your messages and VoIP calls. It’s not as secure as Signal because it’s owned by Facebook, whose approach to court orders is uncertain, but for ordinary purposes it will prevent real-time tracking of your communications.
- Encrypt your computer’s hard drive: Full disk encryption makes the contents of your computer completely unintelligible to anyone without the password. For example, if you are detained by the Department of Homeland Security upon your return to the US, your laptop may be searched before you officially enter the US. But if it is encrypted, there is no law that says you must give out the password. Both Apple and Windows computers have built-in automatic encryption if you turn it on. That’s fine for most purposes.
- Get a password manager: Using secure apps and utilities like the ones above means having passwords, lots of them. Don’t write them on your palm. Get a password manager that stores your passwords (encrypted of course) in one place and generates and even changes passwords for you. Other good password managers are 1Password and KeePass. I don’t recommend LastPass, another popular one, because they got hacked last year. That’s not good enough.
- Use two-factor authentication: Most email programs, cloud storage utilities, banking apps, social media, and other sensitive apps these days offer two-factor authentication (TFA). TFA requires that each time you log in, you go through a secondary layer of security: a code to enter at login that is sent to your phone via text message. Some offer such codes by email, but do not use them. If hackers gain access to your email, they can gain access to your accounts by sending TFA codes.
- Use HTTPS everywhere: My friends at the Electronic Frontier Foundation developed a browser plugin for Firefox and Chrome that forces websites you visit to use the most secure connection protocol. If encryption is available on the site you visit, your connection to the site will be encrypted and you will be protected from various forms of surveillance and hacking during that session.
- Don’t rely on your browser’s “incognito mode” to do things you shouldn’t: Browsers like Chrome, Safari, Opera, Firefox, and Microsoft Edge allow you to start a browsing session that doesn’t record anything you do during that session. All websites visited, cookies downloaded or other connection statistics will be deleted when the session ends. “Private” browsing modes protect you from searches on your computer. But unless you’re connecting to an encrypted site (via HTTPS Everywhere, for example), whoever runs the site can collect all your browsing data anyway, since it’s logged by the site’s server.
- Use DuckDuckGo for confidential searches: If you’re not convinced that Google’s “do no evil” motto is more than just a marketing ploy, try DuckDuckGo, an alternative search engine that doesn’t log your searches or anything else about you. It produces great results, so you really won’t lose much if you use it instead of Google.
- Use a virtual private network (VPN): A VPN is the best all-round protection you can get on the internet, because it encrypts everything you do, including your identity and location. VPNs can be used on both your computers and your phones. That’s important because, as Eva Galperin, a global policy analyst at the Electronic Frontier Foundation, says, “logging into airport Wi-Fi without using a VPN is unprotected internet sex.” As a bonus, you can also use a VPN to spoof your location and gain access to region-locked streaming content like Amazon Prime when you’re abroad. The only drawback is that they slow down the connection a bit. VPNs are provided by specialized hosting companies that charge around $5 per month for the service.
These techniques make some or all of your electronic communications and data instantly invisible to anyone. They use levels of encryption that would take a bank of supercomputers hundreds of years to crack.
When it comes to protecting your privacy, now is the time… because after It’s too late.