First, I mean no insult to another diary posted (and now recommended) regarding concerns with your private data on the internet, the NSA, etc. However, the root philosophy of this seems to be a bit of a combination of Tin Foil hat and a failure to understand basic internet technologies.
Let's start here: do you use Windows? Or an Apple operating system on your computer? You're hosed. The NSA owns you. They own every thought, all your dreams and aspirations. They own your relatives, your friends, every plan you've ever made and how it turned out, every word you've ever written, every dime you've spent. If they want to be inside your computer watching what you do in real time... yeah: they can do that too, if they want to. But maybe posting with a fake user name on a non-threatening site like DKos... maybe you're flying totally under their radar? Mmmph. You are owned.
There are several significant problems with this statement. First, what operating system you use has almost no impact (at all) on the ability to track and follow a user if so desired. Your internet traffic, once it leaves your PC, is no longer "in your control". It now must (MUST) go through your ISP's gateway/proxy and routers. Many ISPs to provide higher bandwidth use complex data-caching technologies which also log this information. Second, screen-level monitoring services - software like Spector (
http://www.spectorsoft.com/) are bandwidth heavy, and their is simply NO way this can be done over the internet in the massive paranoid volume discussed here. Other live time software (like TeamViewer, GoToMyPC, LogMeIn, and even thin options like VNC/RDP) also require network initiation, traffic, etc. that simply isn't managable on a massive scale.. and they would require localized installs (not at all viable)
You do not have access to these servers; you cannot go and wipe your traffic off of them, what OS you run is meaningless. This is the nature of a TCP/IP Network.
First, let me say, I feel it would be somewhat insulting for me to try to explain "what is a gateway". Or "what is a proxy". I feel as though if I really get into those issues - which I can if asked - it might be fairly insulting.
Therefore, I will offer only a basic description, which should be enough for those who don't understand without insulting them.
A gateway: Is the node or router on a network. If you use a cable modem router (wifi, etc.) this acts as a gateway for your network, turning your public IP address, provided by your ISP, into a set of private addresses. These addresses are generally class-B (192.168.x.x, 10.x.x.x, 172.16.x.x as examples) which do not exist elsewhere on the internet. They may also route IPv6, but would look more like fdfe:dcba:9876:ffff::/64.
A proxy is an external source which organizes traffic and caches data; operating much like a NAT (the simple translation most routers provide), it is often used to do a combination of: filtering/blocking, anti-virus, anti-malware, caching. This is used in many private organizations, and transparently, proxies are a heavy portion of the networks as provided by Time Warner, Comcast, Verizon, etc. in order to minimize traffic.
Before we get too concerned about how the government can intercept and manage your traffic, and whether or not your OS is "owned" we have to get an idea of what the government is doing.
The government is not installing spyware software on your PC. Not only would this be inefficient - easily disposed of on any re-install, and not reliable, it would also be an infinite amount of work. Maintaining such practices on multiple platforms would be an outrageous use of man hours... especially considering that it is much easier to access your ISP's proxy/gateway, and simply get retaining logs of your activity anyway... which takes almost nothing and is a low cost affair.
Second, a large group of people use email services beyond their PC: Yahoo.Com, Gmail.Com, Outlook.Com, etc. or they are emailing someone who is on one of those systems, which breaks this up. There is no need to hack you or to hack them, if it's all in a central repository.. why would the government even bother?
The philosophy of most network administrators is: work smart, not hard. Network administrators who work hard - that is, they are constantly working a near 24 hour a day schedule are either drastically overworked because the ratio of users to admins is wrong OR they are working hard.
The US government is many things, but working hard on IT has never been something the government does well, and they definitely aren't throwing waves of human bodies at cracking every home firewall, gateway device and operating systems.. too intensive.
So, the question for people who are concerned about their privacy is: "what do I do!?! If they just get access to the ISP's gateway, I can't do anything about that!?!?"
Well, first, you need to remember the needle in a haystack rule: while I, too, am concerned about my online privacy, there is such a mountain of information filtered every day that the amount of it is beyond quick assessment by any current technology, no matter how big your server farm is. Google couldn't make a dent in global network traffic to assess it, even if they tried.. terabytes of data are transmitted every SECOND.
If you are amazingly concerned, there are quick messaging technologies out there; but for the most part, you are spending a lot of time with something that has little to no benefit.. if you use one, the moment you trade a message with someone on a public interface like any of the major messaging services, your entire "safety" net is blown apart; the message you sent, plus the one sent back to you are archived on the other end.
If you are truly terrified the government is coming to get you, or afraid your ISP might give you trouble because you are going to all of those live porn shows or online overthrow the government rallies.. if it's http (web) traffic, you can employ an anomizing VPN service of your own - many are hosted outside of the US which use OpenVPN. VPN is an encryption technology which prevents your ISP from having logs (footprints) of your traffic. VPN as a technology is VERY difficult to intercept, and as a result, it makes following you much more difficult.
Frankly, most individuals should be far more concerned about virus outbreaks, malware attacks, etc. which pose immediate danger to their finances, data, etc. They also can act as serious security breaches by providing the wrong people access to your credit information and personal data. To avoid those issues, the basics are always smart:
A decent home firewall. The cheapest isn't always the best. Simple NAT routers are normally in the $39-$69 range. But your can easily find "good" home firewalls with SPI, and especially those that disallow public use of UPnP, a known exploit. These router/firewalls are also amongst the better WiFi units on the market, so if you want good wifi, pay for it.. spend the $80-$120+ and get something that has better features. Update on this: Make sure you are using WPA/WPA2 as your encryption method. Do not leave a router "open" or "public" for Wifi. This allows anyone to easily walk through your open network shares, devices and equipment on your network.
Rotate your password - The biggest mistake most users make that get them into trouble is keeping the same password for years. More than that, they chose a password that can be guessed. Example:
"Oh, my password is: tomtim1214. Why tomtim1213? Well, that's my two kids names and the birthday of the last one"
This is simply too easy for someone to put in limited effort to gain access to your account. Passwords should be complex, and rotate on a 60 day basis.
If you need, you can use a service like: http://strongpasswordgenerator.com/
The #1 question I get is: "But then I can't remember my password, and I have SO many!" I will admit, this is something that can be difficult. More companies are working to make this easier by working with keychains, but there are also password memory software apps out for your phone, iPad, windows RT, and Android that will store your passwords. The negative: lose that device and it just takes one password to get into that app to get ALL your passwords. However, most people have "remote wipe" technology on phones, and phones/etc. are less likely to be lost if you're not careless.. and if you're careless, none of the advice given here will help you regardless.
Maintain Good Antivirus - More common virus at the moment tends to pop up and PRETEND to be the FBI, etc. and demand your credit card information. Of course, don't ever give anyone pretending to be the FBI your credit card information ;) That said, virus, spyware and the like account for a large loss to the US economy every day; people lose time and money - plus their security when virus attacks take over a PC. Some of the basics of avoiding a virus are simple:
* Use Sandboxing if you are testing software you are unsure of: http://en.wikipedia.org/...
* Buy your software. Sorry, but one of the top sources of bad virus attacks comes through pirated software. If you're busy using lots of pirated software, your risk of a virus is significantly higher then someone who isn't.
* Keep your anti-virus services up to date. There are several good ones: ESET, Kapersky, Symantec, Avast, etc. In the past, I had recommended Microsoft Security Essentials, but MS has fallen significantly behind, failing the last two AV-Bulletin tests, so it's hard to recommend them. Whatever you decide on, make sure it's up to date and current. Also, try to avoid goofball anti-virus. "I'm using Tiger Paw antivirus" "Ok, is there any review, AV Bulletin score etc. to go with Tiger Paw" "It's new".. yeah, I wouldn't trust that.
And, here is the most important, and best way to avoid digital snooping into your life: go out and talk to people one on one, straight to their face more often. I know, this is pretty shocking, but you'll find in many environments including work and home, that sending an email to your wife could be prevented if you would walk 40 feet across your house and go physically talk to her. Trouble with your kids? Maybe go talk to them. Neighbor? Nothing wrong with stopping by and shooting the breeze.
There is a surprising benefit, also, to the last step: you generally cover more subjects and spend more rewarding time while doing it, plus unless someone has a parabola mic and is stalking you (if that happens, you're hosed no matter what advice I give you Tony Soprano), then your conversation isn't going to get picked up anywhere.
Good luck, happy computing!