Am I Being Tracked by the Government?

2013 was a pivotal year for online privacy. It’s not that people weren’t thinking about Internet privacy problems by then, but it took Edward Snowden’s NSA leaks to really open most people’s eyes on how their government might by tracking them online.

Of course, a lot has been said about Snowden and NSA, but there was another interesting case that happened the same year that also stripped the ugly truth of the U.S. government’s online surveillance of its citizens – the investigation of Fox News journalist James Rosen.

What was so significant about the Rosen case was that it was the first to reveal a striking fact. 

While the government and prosecutors are required to provide you a notice if they are tracking your cell phone geolocation data, they don’t have to do that when it comes to your emails.

In other words, the only two ways to know if they are searching and reading your emails are:

  1. If you are charged with a crime, or;
  2. If your ISP tells you (which they probably won’t because of a gag order).

If it Does, How Does the Government Spy on Your Emails?

Admittedly, the chances that the government is paying more than a passing glance at your emails are minor at best. You would need to be doing something to draw their attention, like using the Tor browser for instance.

But let’s say that your government is spying on your email and Internet activities. How would they do it?

If you’re thinking about black boxes and special microchips installed on your device, you’re way off. The government has a much more simple and effective method to do this:

Court orders.

All the government needs to do is provide a court order to your email service provider and they will be obliged to give them all your data.

Ha! I’m using end-to-end encryption. No way they can spy on me.

Good for you on using E2EE but know this. There are many benefits of email encrypting, but know this – email private services are not exempt from responding to court orders. For instance, if we at CTemplar receive a valid court order from Iceland, we have to share our user’s data with them. Luckily, as Iceland is committed to protecting online privacy, this doesn’t happen very often.

Let’s say your provider does get a court order for your email data. What happens next can be different depending on if you are using a free email service like Gmail, that does very little encrypting, or a secure email service that encrypts your data in transit and at rest, email body, subjects, attachments, etc.

However, even if you do have all of those encrypted, there’s still a tiny problem of your metadata. These little pieces of data are like fingerprints and they carry with them things like sender’s and recipient’s addresses, your IP, etc.

Unfortunately, few secure email services bother much with protecting user’s metadata. As far as we know, CTemplar is the only one that is actively working on encrypting this and we are already stripping your IP address from metadata.

Online Privacy Tips

When you’re sitting at home, you certainly don’t want anyone looking through your window to watch what you’re doing. Why would this be okay for your email and Internet activities? 

With that in mind, here are a couple of online privacy tips that will help you stay (at least somewhat) anonymous online:

  1. Browse in incognito or private mode.

Depending on your browser, you can browse in incognito or private mode. If you’re on Safari, for example, the way you turn on Private Browsing (which is essentially the same as Chrome Incognito) is to:

Open Safari app > “File” > “New Private Window”.

Alternatively, you can use the Shift + Command + N shortcut.

When you’re in this mode, your browsing history will stay private for the tabs you open in that window and Safari won’t remember the pages you visited, your search history, or your AutoFill information.

However, can incognito be traced? 

Unfortunately, yes. There are ways for private browsing to be tracked. In particular, websites you visit will still know who you are by your IP and if you are using a work network, you’ll leave tracks on the network regardless of your private browsing attempts.

  1. Use a more privacy-oriented browser and search engine

Most people use Google to go online, which is easy and convenient. But not very good when it comes to your privacy. There have been multiple reports of Google selling data to 3rd party advertising agencies, governments, etc, without the consent of their users.

Because of that, you should switch to a browser that cares more about your privacy.

DuckDuckGo, for instance, very privacy-oriented, however, it’s a U.S.-based company, so they’re under the U.S. Electronic Transactions Act jurisdiction, which is not ideal.

Another choice is the Dutch-based web search engine Startpage, which claims to not record any of your search queries or personal data.

Tor is another option and it probably provides the best anonymity for the user, but it can run slower.

Being aware of the websites you access and the surveys you engage in is crucial, as such activities have a profound impact on your privacy.

We strongly suggest that you carefully examine all agreements and terms before consenting to them on any website. Bear in mind that the data you share is collected and analyzed, hence it’s imperative to be extremely vigilant in your online behavior.

  1. Use a VPN

A VPN or Virtual Private Network is the next step from a privacy search engine in protecting your Internet privacy, especially if you’re using a public WiFi that someone (like the government for instance) might be spying on.

However, you need to be careful in choosing a VPN service. If you’re using a VPN, be sure to choose a provider that does not log your data and that has more than a few server locations to choose from.

  1. Dump Gmail and similar for an anonymous email

Google’s email service, Gmail is a far cry from what you would call a “secure and private”. Not only is the company much more concerned at how they can squeeze more money out of your data to become even richer, but their encryption isn’t something to write home about (only TLS encryption in transit, no PGP).

A much better choice to protect your email privacy is to use a service dedicated to protecting it like CTemplar. With CTemplar your email data is encrypted in transit and at rest and we also anonymize your IP address and make sure your email is safe with Zero-knowledge encryption.

At CTemplar, we believe that privacy is a human right and that everyone has the right to it. If you’re on the same page with us, sign up today for your CTemplar: Armored Email account.