It’s not paranoia if they really are out to spy on you

The Thinker by Rodin

President Obama says that no one is reading your email. Maybe not in my case because most of my email is not particularly interesting, but I sure as heck don’t like that the government is collecting huge amounts of metadata about me. Metadata (data about data) is really equally as interesting, if not more so, than actual emails and Facebook posts that you make.

Supposedly a secret court oversees all this. But it’s not a good omen when this court rejects only a handful of requests a year, and approves thousands of others. It’s not comforting to know that Big Brother is indeed watching me to keep me safer and that President Obama is as complicit in this mess as everyone else. Most of Congress has little idea what is going on, and those that do are sworn to secrecy. Being vested members of the system, they will have a natural tendency to think that government’s security needs will trump your right to privacy in your daily affairs.

I could possibly be okay with non-US citizens being monitored by the government but not me, no way, not without my explicit consent. I am a citizen, and I have freedoms and an inherent right to privacy. It’s in the Bill of Rights: freedom from unreasonable searches and seizures, a.k.a the Fourth Amendment. Any Supreme Court worth its salt would reject Project Prism, identified in leaks by Edward Snowden, as wholly unconstitutional. But it is clear that the NSA is sniffing pretty much every packet of data it can get its hands on, not to mention telephone records, and putting all the metadata into huge hosting centers, and maybe your data as well. It’s not even clear that even with a legal prohibition they would actually stop.

Like many Americans I will be working to enact laws to get the government out of the proactive data collection business of U.S. citizens altogether. I have to admit that the probability of my success is rather low, but it would help dear reader if like me you holler like hell at your elected officials. They need to understand that this is not acceptable at all. And if you are cool with the government reading your email and tracking your online behavior then by all means give them permission to do so. I never did.

There have been a number of depressing articles recently about just how easily the government can collect information about us. Of course, it is not just the government. We are already deeply in bed with services like Google that make fabulous search engines and great email in the cloud products, while developing uncannily eerie portfolios of our behavior more valuable than years of babbling to a clinical psychologist.

If like me you are fed up, you might try a few ways of fighting back. Here are some I know about from reading, my experience and that very useful course I took on networking in graduate school.

First off: email. I am guilty of using Gmail. It sure is convenient to have a decade or so of email in the cloud, accessible anywhere I go. However, if you really want private email, you are going to have to pay for it. More importantly, you need an email host not located in the United States. This way when they get a subpoena from a U.S. court they can just laugh. You pay them so they don’t start serving you advertisements and developing their own psychological profile of you. There is no completely risk free solution, but you need to avoid all the cloud email services and that includes GMail, Yahoo Mail, MSN, Hotmail and the like. Here’s one to try: hushmail.com. They are located in Canada and all email is sent via Secure Socket Layer (https). You can use their free web email but if you prefer secure POP or IMAP access, you got to pay them. Their premium package is $34.99 a year. It’s money well invested. Of course they do have some limitations. You can’t use it for sending out spam or for any illegal purpose, at least for any illegal purpose applicable in British Columbia. And for their free web mail, if you don’t log in at least every three weeks, they’ll remove your account. If you do have a hushmail.com or similar type of account, don’t advertise it on your web site or business cards. You don’t want the NSA to associate you with it.

Like to instant message? Don’t particularly like having the NSA able to listen in? What you need to do is nag your chat partners to use encryption. Of course many providers already provide that, but if they can decode it on their servers when sending it between parties then you are vulnerable. You need a chat client with OTR (“off the record”) functionality. Basically you and your recipient exchange cryptographic keys each of you generate and trade them using the protocol. It takes a little bit of effort and you may have to convince your friend to use Adium (Mac) or Pidgin (PC and other operating systems), and then show them how to use OTR. It’s a relatively painless one-time thing between two parties. Your instant messaging provider won’t be able to decrypt it, and neither will the NSA.

Who doesn’t like surfing the web? You may not like it as much if you can’t use your favorite browser, but if you can deal with Firefox you can install TOR, a browser endorsed by Edward Snowden himself. TOR is a customized version of Firefox with privacy enhancements, so it is built on top of an open-source browser. Essentially it proxies traffic between frequently changing servers, making it hard if not impossible for your browsing to be associated with your address on the Internet. I tested it yesterday. I admit it is a bit slower working through a proxy and some of the security features are annoying (it doesn’t want to retain links or easily import bookmarks). But used religiously and you will seem a G-rated person to the NSA even if you live an R-rated life.

Like your cellular phone service but want it secure? Look into Silent Circle. You can also use it for secure messaging, video chats and email. Also look at Redphone software. Curiously, Redphone was developed with your tax money.

What else can you do? If you don’t like turning over private aspects of yourself you could be very brave and delete your Google, Yahoo and other cloud-based accounts. Remember, the government could request these services to give you all their metadata. I’ll grant you that deleting these accounts is hard because they are so convenient. So save those services for the truly vanilla stuff you wouldn’t mind putting on a postcard.

On my list of things to do is getting rid of accounts on sites that provide specialized services. I mentioned mint.com earlier this year. It’s a neat site but it knows too much about me, including all my account numbers and passwords. It’s going to get deleted soon. I’ll keep my financial stuff in Quicken on my home computer. I’ll backup my files to a spare external hard disk, which is easy enough using my Mac and TimeMachine.

Six years ago I mentioned TrueCrypt. It’s a great way to encrypt your whole hard drive, so even the NSA can’t read it. With many operating systems you can do this with a simple command or two. Look into it.

Mobile devices have all sorts of security issues. At a minimum you can try to use secure socket layer when communicating. Many of the solutions I mention above have mobile equivalents. Use them if you can or keep your mobile life boring and G-rated.

Thanks to Edward Snowden, our worst fears have been confirmed. There is no reason to let the government know more about you than your spouse, but that potential is there. You are being sniffed, cataloged, indexed and, perhaps without a court order, having your digital content analyzed for subversive behavior or anything the government wants to learn about you. Join me in yelling like hell but don’t be a patsy either. Do what you can to keep the government out of your digital life.

The virtues of an email client with GMail

The Thinker by Rodin

There is plenty of upheaval in my office. We are completing a painful (and I do mean painful) transition moving from one email system to another. In this case, we are moving from Lotus Notes to Google Mail. Lotus Notes meant lots of expensive email servers inside our firewall closely watched over by a crew of technicians who, like grease monkeys, spent their days (and nights) constantly oiling Lotus’s gears. GMail of course is “in the cloud”. A Google enterprise team manages it for us. It’s all sort of magic and at least so far seems to mostly work.

Switching email systems in a large enterprise of 70,000 people is quite a trick. It is roughly like switching out your car’s engine while driving down the street. It can be done. Essentially you have to have two email engines running at the same time processing the same incoming email. Eventually all the email accounts are successfully migrated from one email system to the other and you pull the plug on the old email system. But of course there are thousands of gotchas. You also have to migrate calendars, contacts and to dos. All sorts of applications and systems are tied into the email system. Each of these individually has to be taught to use the new email system. Sometimes it is easy, sometimes it is hard.

Now that our office is all GMail all the time the office has ditched the dependable email client in favor of using GMail inside the Chrome browser. I like GMail at home and on the road and use it all the time. However, the experience of using GMail on the web casually versus using it all the time is quite a bit different. When sixty percent of your day is spent reading and replying to email, productivity is important. While GMail has lots of nifty features (like its swift search engine to find emails) it also has some significant drawbacks. Specifically you have all the limitations and annoyances of working in a browser. GMail does its best to minimize these drawbacks, but when you are reading and replying to hundreds of emails a day and using a browser for an email client the experience becomes very irritating.

Take, for example, simply navigating between emails. Typically you want to just go to the next or last email. When using a browser and a desktop computer, you must use a mouse. This means you have to reach for the mouse, point to the email you want to read and then click on it. It takes three actions to do something that previously required simply pressing your up and down arrow keys. You don’t notice this at home, but at work I find it is more than irritating. It makes reading and replying to email an annoying hassle.

We don’t have a lot of options. Our service desk supports Microsoft Outlook as an option if you whine about wanting an email client, but as Outlook users know it really prefers that you are using Microsoft Exchange on the backend. Plus it’s a Microsoft product, which means it will have the usual mixture of brilliant, quirky and downright annoying features. Most importantly, it has feature bloat. Ninety percent of the time you need to either delete or quickly file an email. The other ten percent of the time you just need to reply or forward it. You probably don’t need to turn your email client into a newsreader, or to have it transparently integrate multiple email accounts or create multiple personalities. You just want to get through the couple of hundred emails in your email box as efficiently and as quickly as possible, with minimal fuss and keystrokes.

In short, you need Mozilla Thunderbird. The open source email client is not dead, and thankfully Mozilla Thunderbird keeps refining its product, in spite of the fact that its big brother browser (Firefox) gets almost all of the attention. Arguably if you really feel you need an email client with GMail, you should ditch all of the other ones and just standardize on Thunderbird. This is because it works across all the operating systems pretty much identically and it is elegantly simple. And should you feel the need to dress it up with themes or add-ons, it’s easy enough to do. Outlook users can even install a theme that sort of makes it look like Outlook.

It’s possible to use Thunderbird with GMail but it is not intuitive. After installing it, you need to go into your web-based GMail and select “Generate Application Password” (click on the More link near the top). It will create a long string of impossible to guess characters, numbers and symbols and you have to use to authenticate Thunderbird with GMail’s mail servers. Then in Thunderbird you have to find its account settings (Tools > Account Settings) and know the names of Google’s email servers (smtp.google.com for outgoing email and imap.google.com for incoming email). When asked for a password, use the applications password. You may need to tell it to use port 993 and SSL/TSL for connection security. You probably want IMAP instead of POP (Post Office Protocol) because IMAP allows you to keep your email in the cloud, instead of moving it to your computer. This is generally preferred since you never can lose it this way. It’s worth the hassle to make Thunderbird and GMail talk to each other because you sure will get sick of using GMail through a browser if you have to do most of your business day.

Certainly there are some features of the web-based GMail that are occasionally desirable. You can assign multiple tags to more than one email rather than just throw it into a folder. You can do sophisticated searching using a host of qualifiers. The nice thing is that the one percent of the time you might need these features, you can just bring up GMail and peck away. Most of the time you will prefer the speed and efficiency of Mozilla Thunderbird.

Curiously, Thunderbird excels as a purely email client. Maintaining a calendar is very much a part time activity, and GMail’s calendar is slick, easy to use and attractive. You can install an add-on to Thunderbird that will integrate a calendar, but it is relatively ugly. Google Calendar allows you to easily see other’s calendars, once they give you access to their calendar, and you can even see calendars outside of your office network. So if I need my calendar, I go into my browser.

GMail comes with Google Talk for instant messaging. Instant messaging is almost as important as email in the enterprise. With the right program placed in your task bar, you can be notified of instant messages even if you are not focused in your browser. Or you may prefer to install an instant messenger that works with Google Talk. If so make sure you keep that application password because you will need it. Warning: if you generate a new application password, you will need to replace the passwords in other applications you may have connected to Google’s infrastructure. Currently I am using Pidgin, which works well. However you really need to select the XMPP protocol instead of Google Talk protocol. Connect to talk.google.com and use port 5222. Also make sure encryption is enabled.

Perhaps one of these days Google will get GMail browser to work more simply and speedily. Right now they seemed more enamored with adding features you are unlikely to use, like conversation view, than in making it more keyboard friendly. In addition, all the logic is executed through Javascript, which is relatively slow. You notice the time it takes to read an email once you select it. This is less noticeable in an email client. Once you see how comfortable it is to use Thunderbird with GMail, you will likely see no reason to use browser-based GMail at all if you have the option.