Consumer Tips: What to do about the NSA address book snooping

The Washington Post published new revelations from Edward Snowden’s leaked documents that revealed that the NSA is scooping up millions of email and IM address books globally. This is a serious piece of snooping business, and it deserves immediate attention on a policy level. For people who are reading this and wondering what you can do today, right now, here are some immediate steps to take.

The NSA is snooping on web mail and IM connections that are not encrypted. One thing this means is that if you are using web-based email, it needs to be using an encrypted connection. An encrypted connection will have a lock icon in the toolbar, and the URL will read https://. Unencrypted connections will use http://. An http connection will send data in the clear. Data sent in the clear can be easily intercepted by the NSA, and also by mischievous hackers. It’s a best practice to use default encryption for web-based email and IM.

Here are some basic tips to get started with:

The major web-based email and IM providers, Google’s Gmail, Microsoft’s Outlook, and now Facebook offer encrypted connections by default for computers and mobile browsing devices.
Yahoo does not automatically encrypt its web-based email connections at this time. The company announced today that they will use encryption by default as of January 2014. Until then, you will need to turn on https by adjusting the Yahoo settings manually. To do this, go to your Yahoo mailbox, then click Settings —-> Security –> Click Make your Yahoo! Mail more secure with SSL —> click Save. Refresh your browser and you should see a lock icon in your browser from now on in mail. See the sidebar below for how to do this step by step.
If you are using a legacy device (computer or smartphone), which means your device is older, and/or your software is not up to date, you need to ensure that it accepts https:// connections readily. Some legacy devices have trouble with these kinds of connections. To test this, open your web-based email accounts. You should see https:// in the URL or address bar if you are using Google’s Gmail, Microsoft Outlook, or Facebook.
If you use the Firefox or Chrome browser, you can use a plug-in called HTTPS everywhere to facilitate secure connections in all of your browsing https://www.eff.org/https-everywhere. Another plug-in for Firefox is HTTP nowhere, which blocks unencrypted connections. https://rx4g.com/http-nowhere/.
If you travel to a developing nation, you may have difficulty receiving https:// connections, but this will vary tremendously with the device you are using and what country/area you are in. Upgrade to a current device if at all possible, and experiment with the secure browsing plug-ins mentioned above.

How to Manually Set Yahoo Mail to Use SSL

Here’s how to set your Yahoo to use SSL for mail step-by-step:

First, In your Yahoo mail, click the Settings tool icon, and select Settings from the drop-down menu (Screenshot 1).

Screenshot 1: Yahoo’s Mail Settings menu

Next, select Security in the menu, and put a tick in the box that says Make your Yahoo Mail more secure with SSL. You will need to click the Save button, seen below in screenshot 2.

Screenshot 2: Yahoo Mail security menu and Save button.

Just a note: After you tick the Make your Yahoo Mail more secure box, you will see a little red notice pop up, below, in screenshot 3. Just click the Save button, and you will be all set.

Screenshot 3: After you tick the SSL box, you will see this note. No worries. Just click the Save button.

Internet companies are correctly moving into a much more assertive stance on offering https:// by default. This is a bottom-line best practice as of today.

Links:

WPF has a Facebook FAQ on how to check your secure browsing connection in Facebook. For most users, it is on by default. If you are using a legacy device, this FAQ will show you how to turn it on.
We discuss more about using secure connections in our Search Engine Privacy Tips.
The Washington Post has an excellent and must-read discussion of the NSA address book issue in its FAQ on this topic.
Here is the Washington Post article where Yahoo has pledged to use https:// connections or SSL connections for its webmail users.

Posted October 14, 2013 in Best Practices, Consumer Alert, Consumer Privacy, Consumer Tips, E-mail, Web, and Social, encryption & privacy tools, Modern privacy, Online Privacy
Tags: Yahoo

New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.

Consumer Tips: What to do about the NSA address book snooping

Here are some basic tips to get started with:

How to Manually Set Yahoo Mail to Use SSL

Links:

WPF has a Facebook FAQ on how to check your secure browsing connection in Facebook. For most users, it is on by default. If you are using a legacy device, this FAQ will show you how to turn it on.

We discuss more about using secure connections in our Search Engine Privacy Tips.

The Washington Post has an excellent and must-read discussion of the NSA address book issue in its FAQ on this topic.

Here is the Washington Post article where Yahoo has pledged to use https:// connections or SSL connections for its webmail users.