Since security and surveillance expert Edward Snowden blew the whistle and leaked damning NSA documents to investigative journalists Laura Poitras and Glenn Greenwald, the implications and ramifications of the NSA’s dragnet surveillance, partly enabled by IT giants like Google, Microsoft, and Facebook, have been cause for concern everywhere, and not least in elearning. As educators we bear a responsibility to our learners and other educators to protect their basic civil rights wherever and whenever we can. By being well-informed about internet surveillance and the tools and strategies available, we can offer useful, effective advice and help to reduce both the quality and quantity of personal data collected from them in the course of their online studies and work.
Why is internet surveillance an important issue?
First, here’s the scary bit. Below is an interview with a Journalist who’s looked into the business of internet surveillance:
“Pulitzer Prize-winning investigative journalist Julia Angwin joins us to discuss her new book, “Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance.” Currently at ProPublica and previously with the Wall Street Journal, Angwin details her complex and fraught path towards increasing her own online privacy. According to Angwin, the private data collected by East Germany’s Soviet-era Stasi secret police could pale in comparison to the information revealed today by an individual’s Facebook profile or Google search.”
So, What can learners and teachers do to limit corporate surveillance while working online?
What advice can we give and what measures can we put in place? Are they practical, understandable, and easily do-able? Here’s some practical suggestions to get the ball rolling…
Turn off local storage on Flash Player
Turn off local storage on Flash Player: Local Shared Objects (LSOs) are used extensively by surveillance organisations, including Google, because they reveal more information about users’ computers and software, making it easier to uniquely identify individuals, and LSOs aren’t deleted when you clear/purge your browsers’ cache, i.e. they’re more persistent. The benefits of allowing LSOs is minor and easy to live without.
Install a cookie manager
Along with your IP address and HTTP headers, cookies are the primary means of identifying and tracking individuals. There are several cookie manager extensions/plugins available for browsers that manage cookies for you. Those that you want to keep, e.g. for sites that you want to remain logged into, you can white-list them, everything else gets deleted when you navigate away from the site. My favourite is Self-destructing cookies for Firefox.
Block JavaScript from surveillance sites
This one’s a bit more problematic and can “break” page displays on some sites. If at all practical and workable, JavaScript blocking prevents some very detailed surveillance from taking place. From my experience with using free and open source web analytics software, I’ve witnessed how rich and detailed the collected data can be. There are two main approaches; white-lists and black-lists. A white-list is a list of approved sites to allow JavaScript from, a black-list is a list of sites to block JavaScript from. Both require someone to maintain the lists and block or allow new sites as they come up: many sites nowadays use CDNs and/or 3rd party libraries for JavaScript libraries and blocking them can make many sites unusable. In short, you have to maintain a list of legitimate JavaScript CDNs and 3rd party libraries as well as for the individual sites. I use a white-list plugin for Firefox called NoScript.
The added benefit of JavaScript blocking with white-lists, is that they also prevent the vast majority of web malware attacks. JavaScript has consistently been identified as the primary technology used in malware attacks by all the major anti-virus firms.
Use privacy protecting search engines
Rather than use Google, Yahoo!, or Bing as your search provider, why not use one of the more ethical and privacy protecting services? They don’t store your search history or your IP address and as an added advantage, they don’t filter their search results according to a personal search history profile thereby preventing the “filter bubble” phenomenon which can hide useful, relevant results from users.
Automatically generate random tracking noise
The browser plugin for Firefox and Chrome TrackMeNot periodically generates random but convincingly genuine search strings and sends them to search engines that may be tracking you. This “muddies” the profile they can build up on you, making it less accurate and less revealing about you.
Use different browsers
Using different web browsers, e.g. Firefox, Internet Explorer, Safari, Chrome, Chromium, and Opera, for different purposes puts up barriers between surveillance companies that use the same tracking techniques, e.g. “+”, “Like”, and “Share” buttons (In many cases, you don’t have to click on them, they’re watching you anyway), across multiple websites. For example, use one browser for searches and another one for social networking sites, and another one for logging into email (or better still use a free and open source email client that doesn’t send tracking data to surveillance companies, e.g. Thunderbird.
Use a privacy protecting proxy
This is one that organisations’ IT support can implement on their users’ behalf. A proxy can filter out personally revealing information from HTTP requests and in some cases hide users’ IP addresses.
Why if my school/college/university/institution has switched to using Google services?
It would be expensive and difficult to switch back, so more than likely not a feasible option for many organisations. The best advice I can think of is to create Google accounts specifically for use with that educational organisation and don’t use those for anything else and, if you already use Google services, e.g. GMail, Google+, and/or GCalendar, migrate to a different service provider; preferably a more ethical one, if that’s possible. The idea is to create as many barriers as possible between your private life and your studies and work, and reduce the quality and quantity of your personal information and internet usage habits that are available to one single surveillance organisation.
Use TOR
TOR (The Onion Router) is at the extreme end of anti-surveillance techniques. It’s quite restrictive and only practical for searching for and viewing a narrower range of web media, e.g. viewing Flash-based media such as video and audio can reveal personally identifiable information thereby defeating the purpose of using TOR. TOR would be particularly useful for users researching politically and culturally sensitive topics, e.g. child abuse, sexual behaviour, terrorism, copyright infringement, and political activism, that might lead to inappropriate interventions by security and law enforcement agencies (or get followed around the web by some highly inappropriate targeted advertising!) It’s widely used by journalists, political activists, and people who want to circumvent censorship and surveillance around the world. TOR comes in a ready configured, optimised, easy to use, standalone package called the TOR Browser Bundle which can also be run from a USB thumb drive or CD ROM.
In summary
These measures cannot prevent surveillance entirely but they can significantly reduce the quality and quantity of data that corporations and government security agencies can collect about you. If you can add suggestions to this list that are practical, understandable, and easily do-able, please participate in the discussion. I’ve linked to this article from Moodle.org community forums. Joining Moodle.org is free and quick, and a great place meet elearning professionals and discuss things that matter to you and to them. (Disclosure: Moodle.org uses Google Search and Analytics but I’d like to get that changed!)