Episode-1728- Justin Carroll on Personal Privacy in a Mass Surveillance Age

Learn More at Paracentric.com

Learn More at Paracentric.com

Justin Carroll is a veteran of fifteen years in the service of the United States Government. He is a plank owner with the elite Marine Special Operations Command (MARSOC), has worked on a contractual basis with another government agency, and has deployed to some of the world’s most dangerous and inhospitable places.

After completing his last overseas deployment Justin spent five years teaching digital security and identity management to hundreds of soldiers, sailors, and Marines of the United States Special Operations Command (USSOCOM) and was instrumental in the development of a highly technical surveillance program currently in use abroad by US Special Operations Forces.

Justin is the author of Your Ultimate Security Guide: Windows 7 and Your Ultimate Security Guide: iOS and is currently co-writing The Complete Privacy & Security Desk Reference. Justin resides just outside of Phoenix, Arizona.

According to Justin, the government surveillance apparatus that is now pointed at American citizens is incredibly alarming. Unfortunately they government is not the only or even the most pervasive collector of data about individuals in this day and age.

Your personal emails, phone, and VoIP conversations are eavesdropped upon, your purchases are recorded, your movements are tracked, your “credit worthiness” is bought and sold.  Your search history is compiled along with your FaceBook and Instagram pages.

All of this is used to create a profile about you that highlights your interests, sexual preferences, religion, income and education levels, and ultimately your level of compliance with an increasingly heavy-handed “system”. And it will never forget. Fortunately, you can opt out of almost all of this collection.

Resources for today’s show…

Sponsors of the Day

Remember to comment, chime in and tell us your thoughts, this podcast is one man’s opinion, not a lecture or sermon. Also please enter our listener appreciation contest and help spread the word about our show. Also remember you can call in your questions and comments to 866-65-THINK (866-658-4465) and you might hear yourself on the air.

Join the MSB Today

Join the MSB Today

Want Every Episode of TSP Ever Produced?

Remember in addition to discounts to over 40 vendors who supply stuff you are likely buying anyway, tons of free ebooks and video content, MSB Members also get every edition of The Survival Podcast ever produced in convenient zip files in blocks of 24. More info on the MSB can be found here.

39 Responses to Episode-1728- Justin Carroll on Personal Privacy in a Mass Surveillance Age

  1. Can’t wait to listen to this on the way home today Jack. BTW I think you could do a show on how your vote does not count. I know that has been your position and I agree. Last nights primary in N.H. should have opened the eyes of a lot of folks with Sanders pounding Clinton but she will leave with the same number of delegates as Sanders. The establishment will do whatever it can to put their candidate in place. BTW I have no love for any candidate on either side.
    http://www.thepoliticalinsider.com/in-n-h-democrat-establishment-just-stole-the-election-for-hillary/

    • The reason that Sanders got the same number of delegates as Clinton is not because the Democrats in NH’s vote did not matter but because the Democrat party has something called “superdelegates.” These are party officials that are allowed to have a vote at the end. These votes are not cast until the convention instead of the delegates that are locked in upon the conclusion of a state’s primary.

      In 2008, Obama was winning a lot of delegates through primary’s but not the superdelegates which were “committed” toward Clinton. In the end, the superdelegates jumped ship and went with Obama clearly the most popular choice.

      My guess is that this will happen again. Sanders will take the Democrat nomination.

      On a side bar, there are countries where a person’s vote doesn’t matter. These would include North Korea, China, Iran, to some degree Russia. Where the person that is in charge is going to be in charge whether anyone votes or not.

      America isn’t that kind of place.

  2. I’m thinking that (warning tin ahead!!) politicians, etc. get shit on their enemies and blackmail them. internet porn is what I’m talking about here.

  3. Bettertohaveit

    Has anyone tried or have a review of the MeWe Network? Apparently it’s a non spying social network. Anti Facebook…

  4. Tried to post a list of the upgrades to Win7 that add the telemetry elements of Win10 but got a SPAM notice. Hopefully Jack will provide a link to these upgrades that Jason mentioned

  5. The updates are (from Jason’s site)

    KB3068708
    KB3022345
    KB3075249
    KB3080149

    • BTW, the Windows update that installs that “Get Windows 10” nagware is KB3035583. Uninstall it and then hide it in Windows Updates and you will no longer get the stupid tray icon, no third-party programs needed. I’ve set a group policy for my organization.

  6. Ugh, that comment about the hardware limitations coming really seems likely to screw those of us who refuse to work with Winblows or Mac and just run some variation of Linux.

    • I think the people that develop Linux will come up with a work around. They are smart. Microsoft is not a hardware company. If they piss off enough people, some company will come up with a substitute hardware platform. Look at the Chromebook.

  7. Hey Jack, can you post the VPN and email programs that Justin approves of?

    • The VPN is privateinternetaccess.com
      The email is protonmail.com
      Search engines duckduckgo and startpage

    • Unfortunately, protonmail says it is at capacity and puts you on a waiting list to get an invite. I think they need to adjust their business model so that they get more funds to add more equipment as demand increases.

      I hear good things about StartMail, although its $60/year and 99.99% of my emails is just spam… I rarely communicate with people by email, so I don’t care enough to pay for it.

  8. The signal app that Justin mentioned no longer encrypts text sms messages. If both people are running the app then it will encrypt aessages over the Internet but sms messages are NOT encrypted.

    • Greg,

      You’re absolutely correct – Signal does not and never did encrypt true SMS or MMS messages, only messages to and from other Signal users, over a data or Wi-Fi connection. With iOS this isn’t a problem but with Android it can be confusing as Signal can be set as your default messaging application. As with most of this stuff two-party participation is required.

      Thanks for pointing that out,

      Justin

      • I was going to suggest text secure for sms but it looks like they became signal.
        https://en.wikipedia.org/wiki/TextSecure
        I don’t know if the old versions of text secure will still function for the purpose or not.

        • Mike,

          I recommend always going with updated versions. Old versions are patched to deal with security holes, among other things – an old version almost certainly has vulnerabilities. It is my understanding that all your TextSecure contacts will still be available and the transition is pretty painless.

          Justin

  9. I really like the fun song, that purposely or not got in on the end and was so abruptly cut off. I had to find it and play the rest.

    I tried to post info on Woody Leonard, author of “For Dummies” books on Windows, and his website, and blog. If I overstepped some rules I apologize, but please let me know which ones so I don’t do it again.

    Evelyn

  10. Do we now get on a guest to tell us how to change to Linux?
    No privacy concerns there!

    From Frank in Sunny Western Australia

    • …until you connect to the internet. At that point, the OS you’re using really doesn’t matter.

      • Yes and no. Lucid is right that the bulk of Linux developers have no interest in aggregating your data for themselves.

        But yes, getting true privacy on the internet is a pain as discussed in this episode.

      • Linux is a step in the right direction. I’ve been using it exclusively since 1998. Try Debian.

  11. I’ve been using virtual credit card numbers which is available through my citicard for any online purchases, or if i have to pay with a card over the phone. Using the advance settings I can set a credit limit just above the cost of the item or service and a short term length.

  12. Excellent show topic … a lot to be learned from and executed. In perusing Justin’s site you can see a planned book: “THE COMPLETE PRIVACY & SECURITY DESK REFERENCE. This 600-page work will be available only to current employees of the US Government, law enforcement agents and officers, and active-duty military personnel.”

    What’s up with that? I assume legal and contractual obligations limit.

    Government / Mil / LEO’s have a more acute risks to privacy and their lives than does the average Joe American Public, but they mustn’t forget that their privacy and lives are not more valuable.

    Any plans to develop an equivalent compendium for the rest of the “good guys”?

    • Redwood,

      We do hope to make a public version of this available in the near future but we are on legal hold right now even for the .gov version if that tells you anything. I’m sorry – I know that’s probably not the answer you wanted. Thanks for looking and keep checking back. I will be up-to-the-minute on anything pertaining to CP&S.

      Thanks again,
      Justin

  13. One thing I haven’t figured out a good solution for is what to do about our Android phones having way more stored just by Google than I’d like. In particular, the contacts list (necessary to make calls unless I want to memorize numbers), and the google calendar. I don’t really like Google accumulating such a thorough database of my contacts, against my will too… it adds stuff I did not even add, often resulting in duplicates. Any email or other contact, instant add. I hate that. I do like their calendar feature to set up reminders (test generator, check flashlight batteries, charge battery bank, etc.)… but, Google has it all. I looked for alternate apps for both of these, but didn’t find anything any good.

    Does anyone know of some contacts and calendar alternatives? The contacts alternative would have to support dialing.

  14. I feel like some of the easiest and most effective tips regarding internet security were completely omitted. There are several browser plug-ins to Firefox that I consider vital before ever using the internet in any way other than to download the browser and said add-ons.

    Let me be clear, I haven’t had a virus or piece of malware/spyware on any computer in my control in at least ten years, nor have I seen an ad almost anywhere – including google search results and in Youtube videos (which I just learned last week had ads now from a friend) – and I offer the following as the primary reasons why.

    Jack, you mentioned that you use “Ghosty,” which I assume you meant, “Ghostery,” which is #3 on my list. It has a massive database of spying, tracking, and data-collecting scripts that run in the background of a webpage, ‘aggregating’ (nice word choice there) your data and habits.

    #1 would be AdBlock Plus. This one is super simple and easy to use. You basically do nothing to make it work. I haven’t seen an ad or had a pop-up in years. I recommend this for everyone. As a side note, if you are visiting a website that makes its money from advertising, you should disable this application on that site in particular in order to allow them to generate said revenue.

    #2 is NoScript. This one is for more advanced users since it takes some getting used to and makes browsing a bit more cumbersome. I’ve been using it for years and have gotten used to the little bit of extra effort required to optimize my browsing. With this add-on, all scripts (think computer programs and web-page components) are disabled by default. You have to manually allow (or temporarily allow for the session) each individual script access to run. This add-on is the most powerful but also the most aggravating if you just want to click everything and have instant access. The upside is that malicious websites or trackers cannot affect you at all.

    #3 is Ghostery as mentioned. It is similar to NoScript, but it isn’t as powerful, but is easier to use. I use both. Right now, Ghostery is blocking Moopra (analytics tracking), TwitterButton (widget, social media connection), GoogleAnalytics (analytics tracking – shame!), and AWeber (beacon) from opertaing. I’m allowing Gravatar, which is mostly just code that allows special website functions to work (like this comment section).

    #4 is HttpsEverywhere which can be downloaded from the Electronic Frontier Foundation’s website for many different browsers (for free). All this does is ensures that you connect to any website that has it, the https address rather than the http when the former is available. This means all your traffic that can be encrypted automatically is. This is super user-friendly and doesn’t impact your browsing habits at all. I recommend this for everyone.

    #5 is Blur which was mentioned on the show, which used to be DoNotTrackMe and was free for basic content, and still is for me, but I may be grandfathered in. Again, it does similar functions as Ghostery and has way more options for paying members, which I believe I will be soon.

    #6 is BetterPrivacy which has some overlap with the rest, but its main selling point is that it removes the so-called Super Cookies and Flash Cookies that normal cookie-removal doesn’t.

    Like all things, the more privacy you desire, the more work it takes. I use all these add-ons in the Firefox browser because I take my privacy very seriously, and I do not like the idea of Big Data tracking all of my life. With all these addons, some websites don’t function properly – primarily ones that have a ton of tracking scripts – but most are usable without much, if any, effort.

    • James,

      You made some great points here. Yes, these were completely omitted – an hour and a half is a pretty tough time limit to get to everything!

      All of these add-ons are very good. A couple that I also use and recommend are Disconnect Search (Chrome only). Disconnect search routes your searches through a proxy and strips the header information like your IP, user-agent string, etc., effectively making you “private” on Google, Bing, and Yahoo. Another is Disconnect (same company, slightly different name). Disconnect is a tracking blocker similar to Ghostery and I have a slight preference for it. I completely agree with you about NoScript – best protection you can get but unfortunately it comes with a pretty high learning curve. All of these are covered in my book; I think browser extensions are a pretty big piece of the puzzle. However, they DO make your browser more distinctive and therefore more vulnerable to browser fingerprinting…food for thought.

      Again, great comment!

      Justin

  15. I am wondering if something was missed in this. By going “gray”, adopting all cash purchases, canceling your Amazon, encrypting calls, emails, using a VPN etc etc, does not one generate a warning flag? Perhaps the biggest threat does not come from the government, but one could imagine that the people in Utah could use “going gray” as an indication that you deserve more scrutiny. Perhaps one approach would be to conduct normal affairs (grocery purchases, gas purchases, in the “open” while obscuring things like preps (bullets, firearms, bandages, beans, etc – especially anything related to guns) via these methods.

    Then again, if one is going to do it, one might as well go big and go all the way. Of course, I’ll never convincing the wife is something else entirely. I guess I better start planting those seeds.

  16. Damn! Looks like I’m screwed. I was hacked by OPM, BCBS, Home depot. I don’t use facebook but have windows 10 and android phone. My aggregated file must be huge. What do I do now? Ask them to delete the file?Go off radar? Will that just. Make me a target? Damn! Big green got me again.

  17. Maybe I should just keep doing what I’m doing to blend in with the zombies?

  18. Here is a link to a letter from Apple dated February 16, 2016 about the government wanting Apple to weaken the security of the iphone. Very chilling.

    http://www.apple.com/customer-letter/

  19. Anyone have thoughts on GPS apps for iPhone? I’ve been very happy with the accuracy and features of Waze right up until it asked me this evening “are you on your way home?” when I was just getting directions to a friends house.

  20. Any thoughts on PIA vs Tunnel Bear?