Sunday, 29 April 2018

Internet and privacy: useful tools

Hi all,

In this post, I will talk about something different than sciences. It is about privacy on internet. The recent scandal of Facebook - Cambridge Analytica has revealed what was known for a long time: if a service is 100% free, the likelihood you are paying with your data is great. And data could be anything about you on internet. Think about what you searched on internet, pictures of your kids on Instagram, where you have been with your smartphone (GPS), any email you exchanged (health matter, commercial transaction, bank account). I had a yahoo email account for 20 years. It was great for a long time, but started to goes down in the last years. And more worryingly, I was part of the hacked batch (like other 3 billions) a few years ago. Anyway, some of my friends received spam emails from (and I got some too). So I started to switch some of my internet services.

I will now present some options for adding a bit more privacy while using internet (web browser, web searches, emails and instant messaging).

Web browser:


Mozilla Firefox: https://www.mozilla.org/en-US/firefox/new/

I am a longtime user of Firefox. The new core engine ("Quantum") is incredibly fast.
https://blog.mozilla.org/blog/2017/11/14/introducing-firefox-quantum/

Some useful extensions:

- HTTPS everywhere: https://www.eff.org/https-everywhere
==> check if the website can have 'https' instead of 'http' (in case they have both)

- NoScript Firefox extension: https://noscript.net/
=> block any script. A bit tedious to set up white list, but then it is great.

- uBlock Origins: https://github.com/gorhill/uBlock
=> also block ads and various things.

Other tools (not tested):
- uMatrix: https://addons.mozilla.org/en-US/firefox/addon/umatrix/

Web searches:


DuckDuckGo: https://duckduckgo.com/

It is a free search engines, that agglomerate results from Wikipedia, Bing, Yahoo and others.
It doesn't track/keep your searches (instead of Google).
The business model is based on feature ads, but not personalised.

You can easily switch it as your main engine in Firefox, Safari or Chrome.
(i.e. Firefox: Preferences => Search => Default Search Engine).

It also has some geeky useful features:

Theme settings:

Many features to alter the webpage theme.

 

Country location: 

You can specific the country of searches, or agnostic.

 

Cheat sheet:

Try these searches:
firefox cheat sheet
python cheat sheet
pandas cheat sheet
emacs cheat sheet

Instant Answers: https://duckduckgo.com/api

For example, they provide highlight from Stack overflow if your search is IT oriented.

Try:
pandas check float
seaborn time series

Bangs: https://duckduckgo.com/bang

Bang provides direct access to your webservices, using the keyword "!bang" in front of your search.

Examples:
!pubmed protein structure evolution codeml
!uniprot TLR4_human
!m camden town
!w hawking

A list for academia bangs is here: https://duckduckgo.com/bang?c=Research&sc=Academic

An other alternative to DuckDuckGo would be Qwant: https://www.qwant.com/
It has the advantage of been hosted in Europe, if someone doesn't want to have any data in US (personally I don't mind).


Emails:


ProtonMail: https://protonmail.com/

As mentioned, I used to have Yahoo! mail. After the hack, I then shifted to ProtonMail, and I am still using it (even moved to the monthly subscription option).

Some advantages:

- End-to-end encrypted email, locally stored in Switzerland.
- Open source protocol: https://github.com/openpgpjs/openpgpjs
- Encryption algorithm proof-tested.
- Free (with limited space).
- Subscription option with reasonable price, allows more emails and more space.
- Clean web interface and app for iOS and Android.
- Team communicates on Twitter in case of new features or problems.
- Bridge app to use with Outlook, Thunderbird, Apple Mail (never tried): https://protonmail.com/blog/thunderbird-outlook-encrypted-email/

Disadvantages:

- No possibility to directly search in the body of email, due to encryption.
- No IMAP (for the moment), but  bridge allows the integration with clients.
- And of course, the end-to-end encrypted encryption only works if your contacts also use encrypted emails.


An alternative would be FastMail: https://www.fastmail.com/


Instant messaging:


Signal: https://www.signal.org/

While WhatsApp is the mostly used app, it belongs to Facebook, and it has been revealed they are exchanging data:
http://money.cnn.com/2016/08/25/technology/facebook-whatsapp-data-sharing/index.html
https://www.theguardian.com/technology/2017/dec/19/france-orders-whatsapp-stop-sharing-user-data-facebook-without-consent
https://en.wikipedia.org/wiki/Reception_and_criticism_of_WhatsApp_security_and_privacy_features

Signal is a good alternative:
- More or less same functions as WhatsApp (messages, photo, phone call, video call).
- Open source: https://github.com/signalapp
- Encryption proof-tested.


Another option would be Telegram: https://telegram.org/
I never tried it. And its encryption algorithm has never been proof-tested.



Conclusion:

I presented some services I liked. I don't say we should give up all services provided by the GAFA (i.e this blog is hosted on Blogger, from Google), but we should be aware of the trade-off for using free services.

I might update this page if I find other interesting tools in the future.

That's it. ^^

1 comment:

  1. Great post Romain! Very informative and I myself have used Duck Duck Go but did find its search algorithms a bit off for me. Maybe I'll give it a try again! :)

    -Katherine B.

    ReplyDelete