General Web Security
Always use HTTPS. Gmail has https on by default since China was hacking the accounts of dissidents. https means that middle men have a much harder time getting your account info.
Gmail explains here: http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=74765
Facebook has a setting under Security Settings.
However, please note that this only applies if you can trust whoever is at the end of the connection. Google and Facebook will give your info to the Government if they get subpoenaed.
HTTPS Everywhere is pretty smooth. Might add a second or two to your initial web entries. Also be sure to turn on https in your account settings on facebook or it might cause facebook issues.
Think of the internet as a large open room where everybody represents computers, and when your computer (you) contacts my server (me) to browse Wikipedia, you’re literally yelling across the room to me things like what page you want, and your username and password to log in. Anybody listening can hear that information. HTTPS adds a layer of security to it called SSL that basically changes the way you and I communicate. If my server uses HTTPS, when you want to communicate with me, instead of shouting across the room, we’re whispering in each other’s ear, making it a lot harder (near impossible) for others to hear. There are considerations (namely money and practicality) that go into implementing SSL on a server but any large site like Facebook, Google (not tumblr and twitter though) and online businesses use them.
One side note is that https is important when it comes to wireless connections, especially wireless connections at places like airports and coffee shops where they’re obliged to be open and unencrypted so most people can easily use them. The kind of eavesdropping techniques that can be used on a wired connection are extended over unencrypted wireless because now you have people who can be sitting in their cars listening in instead of having to go into the shop itself and plug in. By using https when you’re connected to a public wireless network, the wireless may make it easier for eavesdroppers to “get into the room”, but they’ll still be stuck watching you whisper your information.
What to keep your IMs secret? Encryption is available on Adium for Mac and Pidgin for PC (with a plug-in). Works with most IM protocols. Also you can turn off Gmail chat archival so that it doesn’t save it for later scrutiny (in theory).
Thunderbird, my mail program of choice has a number of add-ons that are useful: https://addons.mozilla.org/en-US/thunderbird/extensions/privacy-and-security/
For anonymous browsing, the Tor network is interesting. Basically, you can route your browsing through a number of servers, all encrypted (except for the endpoint). Makes it very hard to track what you are browsing (unless you sign in to a website and have cookies/Java on!). Vidalia and Torbutton are pretty much the easiest way to route your browsing through the Tor network. Really, any internet traffic can be sent over the tor network, but you have set it up to use it.
Tor is also somewhat of a mixed bag. There have been studies that have basically shown that based on tracking your entry point into the Tor network and your exit point from it, your movements can still be tracked (if they can find your exit!). There are also trust issues (as there are with all infrastructures like this), as anybody can run a Tor node, essentially meaning you’re trusting that the person running that node doesn’t snoop on your traffic as it’s passing by (although I think it is encrypted between nodes???). It’s also very much a “lie down with dogs…” scenario as you’re mixing your legally privacy-conscious traffic in with lawbreakers like child porn distributors who also might use the network.
Tor is also like the internet circa 1995. VERY SLOW. All of your packets are being sent on the scenic route as it were, and sometimes they get lost and they definitely move very slowly.
Another interesting thing about about Tor is that it has its own internet! There are addresses that can only be reached via the Tor network. And theoretically, no one knows who put them there! It’s kinda cool.
Another thing to keep in mind is cookies. I was surprised to find out that some modern virus scanners will actually delete cookies intended to track your browsing! Amazing. Although, I don’t keep cookies across browser sessions. I have firefox only keep cookies until I close the browser. Look for it under Options -> Privacy. Fuck you 100 year cookies!
For information obfuscation on the client side, all modern browsers have implementations of a private mode that when turned on does not use the browser’s cache, history, or store cookies persistently when you’re browsing, resulting in no client side records. Keep in mind that server and ISP logs will still keep track of stuff, so this is just for snoops who have physical access to your computer.
One more cool program (but not free) is Little Snitch. Basically it lets you control all of the network traffic going in and out of your computer. Basically a firewall. It tells you what program is trying to contact where. Good for keeping programs from phoning home with your permission. It’s amazing what programs are trying to pull sometimes!!!