So are your children. And your parents. And everyone else you care about.
It's not being done by strangers in a van peering through binoculars, no. What's actually happening is far more intrusive than what's visible through glass lenses.
You probably know that vast amounts of information about you is being collected electronically, but beyond encountering eerily specific targeted ads, it's difficult for most people to grasp what's going on behind the scenes, let alone understand the present and future implications.
Fortunately, just as you don't need to be a mechanic to recognize that your car's broken, you also don't need to understand the intricacies of mass data collection to know that there's big trouble brewing.
How do you protect yourself from hackers and mass surveillance? What approaches yield the best results? What's the best way to safeguard your digital life…?
Philosophically these questions are simple because there are only two basic approaches, you can go "bright" or you can go "dark".
Going bright is accomplished by generating large amounts of meaningless information, thus creating enough 'noise' that analysis systems generate nonsensical results. Broadly this is known as obfuscation. It can be very effective, but it takes a tremendous amount of work.
Going dark is accomplished by using high-grade protection of both your data and the metadata about it. Until now that's been extremely difficult, but as you'll see, Merlin is about to change all that.
Both approaches can be very effective, but one is far easier than the other. What doesn't work are half-measures: you can't do just a little… to be useful these must be 'all or nothing' solutions.
Going bright means embedding your electronic activity within vast amounts of irrelevant information. The technique is simple but exceptionally time-consuming: you intentionally generate a lot of important-looking yet meaningless digital noise.
The effect is to overwhelm the nasty government and corporate algorithms that parse your life to discern patterns or draw conclusions about you.
That takes the form of searching topics of no consequence to you, clicking on all the ads you see, semi-random movements with your electronic devices, making random website visits, and much more.
The more of this digital smoke you can generate, the better, as described in great detail in the book Obfuscation: A User’s Guide for Privacy and Protest by Finn Brunton and Helen Nissenbaum, published by the Massachusetts Institute of Technology (MIT) University press.
There are even services on the internet specifically aimed at generating a huge amount of digital fog, including the aptly named RuinMySearchHistory, among others. However, these are the nuclear weapons of obfuscation, and may be a bit more powerful than most people find appropriate, with perhaps unintended side effects.
All in all, rather than blinding those who spy on you like a over-wattage bulb, it's probably easier to do the opposite, by going dark…
The cornerstones of "going dark" are anonymity and encryption.
Instead of talking to the internet directly, your device connects to a server operated by the VPN company, and it interacts with web sites and other services on your behalf, along with hundreds or thousands of other people also using the VPN service.
Therefore to a nosy website, your location on the internet is hidden because you appear to be the VPN company.
Of course, if you sign into an account in such a way that you identify yourself (your bank's website, for example), they will know who you are but still won't know where you are. But if you're just casually browsing you will remain mostly anonymous.
We say "mostly" anonymous because using a VPN is not enough on account of something called browser fingerprinting, which you can read about here, and also because of something called WebRTC, which if not disabled can render your VPN useless, a problem you can read more about here.
But if you attend to those details, a VPN can be a very effective shroud for who and where you are. But not what you say. For that you also need end-to-end encryption.
Encryption is the process of encoding information so only authorized parties can access it.
Modern encryption algorithms are now so strong that when properly implemented they're secure enough to protect everything from ATM machines to government top secrets.
It works so well, in fact, that it has sparked numerous debates between a government's "need to know" and individual's "right to privacy", which is well-summarized here.
Unfortunately, encryption isn't easy for most people to implement. And even when they can, it doesn't cover everything people do with their devices. Still, it's better than nothing. A lot better.
"Just because a burglar could gain access to your house by breaking a window doesn't mean you should shrug your shoulders and leave the front door unlocked at night".
With products like VeraCrypt you can encrypt your files or entire disk drives, and with things like GPG you can encrypt your emails (provided those you communicate with also use it). With apps like qTox you can enjoy encrypted text and voice calls (impressively good voice quality, btw), and with a good password manager you can encrypt all your credentials (login IDs and passwords).
The problem is, all this stuff is very 'techie', it's really difficult for an ordinary consumer to implement.
We've come to accept that with increasingly capable technology comes increasingly capable surveillance. But that's not true, it doesn't have to be that way. We've just never been presented with any other option. Until now.
There's no reason why we can't have broad access to tremendously rich information AND complete privacy in actions.
What's wrong is not the result of a fundamental constraint, what's missing are the right technical implementations driven by the correct philosophy and powered by a business model that does not depend on invading your privacy.
Merlin is about to change all that.
If you found this helpful, please like us on Facebook!