Some Simple Steps Toward Online Privacy and Security

I value my privacy. That is one of the reasons I live where I do. (In the country) I don’t have nosy neighbors to deal with every day. My neighbors and I talk when there is a reason to do so.

I also value my online privacy. I don’t want to be a “product” for Google, or Facebook or whoever. So I do things to safeguard my privacy. Google tracks every search you make, back to you as an individual. Facebook tracks you even if you are not logged on to Facebook. (Every site that has a Facebook “Like” button is tracking you.) And they sell that information about you to other companies.

Google and Facebook – not to mention the CIA/NSA/FBI/EIEIO – want you to believe that privacy is impossible. That security is impossible. Because if you think it is impossible, or even just really hard, you won’t even bother to try to secure your technology. But it isn’t that hard to have decent privacy and security. And it isn’t just the .gov or the big corporations that want your information. Hackers are looking too.

So here is a list of things you can do. Some are easy to do; some are a bit harder. Some are free, while some cost a little. While the list isn’t in order of importance, or effect, the first 3 items on this list should take you less than 10 minutes – total. And you only have to do them once (or until you get a new computer or switch to a new browser.) The rest of the items are a bit more complex, but they are not impossible. Do one thing a day for a week. Or do one thing a week if they seem overly complicated. Even if you only do one thing a month, you will have much better security in a fairly short time. Do something.

  • Use a Search Engine That Doesn’t Track Every Query.

    There are a couple of alternatives to Google. And not Yahoo or Bing. (They aspire to be Google.) DuckDuckGo is the easiest (though you have to install an extension in Chrome to set it as your default search engine because Google REALLY doesn’t want you to have any options). Disconnect is another option. There are probably more choices to cut off the tracking of everything you do. I started using DuckDuckGo when Google stopped answering the queries I typed in and started answering what they THOUGHT I wanted to know. Also Google has a tendency to shortchange any site connected to firearms or the 2nd Amendment. (Which is a subject near and dear to my heart.) There are probably other subjects that Google is downplaying. (That said, I do use Google, Yahoo and Bing on occasion.)

  • Disable 3rd Party Cookies in Your Browser.

    This isn’t a fool-proof method, but the folks who write tracking software still complain about Apple’s Safari browser – it is the ONLY browser that ships with 3rd party cookies disabled by default. How to turn them off depends on which browser you use. But look under “settings” or “options” for something about content or privacy. The browsers have good help – mostly.

  • Install Privacy Protection Extensions in Your Browser.

    Privacy Badger from the EFF blocks all kinds of things that are stealing your info – and potentially loading Malware on your system. It is available for Gecko-based browsers (Firefox, Pale Moon, etc.) and Chromium-based browsers (Chrome, Opera, Vivaldi, etc.). I am not sure about Microsoft’s browsers or Safari.

    uBlock Origin (not uBlock, uBlockPlus, or any of the others) is a fairly efficient ad-blocker that will shut down tracking-based ads. And the potential spyware, etc. that can come along with ads. Available for Gecko and Chromium browsers as well as Microsoft’s Edge. (Some of these may be available for your mobile devices as well.)

  • Use a Virtual Private Network (VPN).

    I should say use a QUALITY VPN, because some of them are hackers posing as legitimate businesses.

    One of the things that changed recently is that Congress rolled back some internet privacy rules. This lets your Internet Service Provider (ISP) look at all of your internet traffic. Using a VPN encrypts all of your data before your ISP can see it and sends it to the VPN node for decryption. It is then sent on to the website you requested. There is some cost in performance, but I have no trouble streaming video over my VPN. Some sites will block you if they detect you are using a VPN. I’m not sure why. But I have to disable/re-enable mine from time to time. (Which can cause problems.)

    The simplest place to get started is Torrent Freak’s recommendations. You can also watch a portion of the TekThing episode that dealt with this topic. (the relevant portion being 5 and a half minutes or so) This will give you a good introduction to the matter, including what to look for and what to avoid. Finally, That One Privacy Site has DETAILED information and reviews, but it can be overwhelming.

    Disclaimer – I use Private Internet Access. It isn’t perfect, and I may switch when my year is up. It costs less than $40 per year, I can use it on my smart phone as well as a computer.

    I should say that a VPN is absolutely REQUIRED if you are doing anything important over a public-WiFi connection. (Do you live in a marina and use their WiFi? Do you use the WiFi at Starbucks or wherever? Then you need a quality VPN.)

  • Use a Password Manager.

    I only have to remember 1 password. It is the PW to get into my password database. It remembers all the rest of my passwords. Since I only need to remember 1 PW, it can be complex. And all the passwords for my email, banking, etc. are VERY long VERY complex passwords that are not pets’ names, or birthdays, or fictional characters, or anything that can be deduced from social media.

    The PW manager that most folks seem to use is Lastpass. It is web-based, interfaces with all the major browsers. (NOTE: If you are already using Lastpass upgrade to the most recent – April 2017 – release, as it fixes a couple of problems!)

    I use KeePass. It is an open-source system, so it is a bit more of a roll-your-own set up. But I like the fact that I don’t have to trust the cloud storage. I do need to manage the database. (Backups, etc.) I can store it on a thumb drive so I can take it with me when I leave the house. If I loose the thumb drive, the database is strongly encrypted. No one can get to my passwords. And as I say, I have backups.

    There are other choices for PW manager.

  • Use 2 Factor Authentication.

    When you log into your bank (for example) they will call you with a special code. This ensures no one can log in unless they have your phone. This CAN cause headaches if you lose your phone. This is available in a lot of places. Some banks, Amazon, etc. More organizations are adopting it every day.

  • Install a Secure Messaging App on Your Smartphone.

    Signal or WhatsApp. iMessage is supposed to be adopting the Signal protocols developed by Moxie Marlinspike, but I have no info on the status of that project. And you still will likely only communicate with other iPhone users. You can find me on both Signal and WhatsApp

  • Buy and Use a Shredder.

    A lot of identity stealing is still done the old-fashioned way. By looking through paper documents. Shred things like bank statements before you put them in the recycle bin.

All of the things listed above are relatively straight forward. There are apps you can install on your phone or extensions you can install in your browser to get this stuff done. You don’t need to be a programmer or a cryptographer to have security and privacy. If you were to find yourself as a democracy activist in a country that despises democracy activists, then you would need to do a lot more. But the things listed above will go a very long way to ensuring your privacy.

If you are a journalist and you are trying to have Edward Snowden-like security then there are other things you need to do, that are a bit more complicated. Not rocket science, but it will take you some time to set up. Especially the first item. That’s why these items are not part of the list.

Public Key Encryption. This will let you send data securely around the net via email. Email by itself is NOT secure. Attempts to create a simple, secure email have FAILED. And those trying finally stopped. If you need to send documents via email, you need Public Key Crypto. This is complicated enough, that not many people are using it. Though it isn’t as complicated as picking a fantasy football team. Still it is something to consider. The best place to get started is GNU Privacy Guard or GNUpg. It is the open source version of Pretty Good Privacy, which as far as the Cryptography community is publicly aware, is secure.

AES Encryption. This is not for sending files around the internet, but for keeping things safe at home. Encrypt important files on your PC. (Tax records etc.) Anything you don’t want the average burglar to get their hands on. If you delete the original, AND forget the encryption PW, you will NEVER see that file again. (Contrary to what you see on the crime-TV-shows, strong encryption cannot be broken in anything short of a several hundred years. That is why the .gov is continually freaking out.) Check out AES Crypt. Though that is one of the sites that won’t let you access it via a VPN.

Erase Your Files. If you just delete files through Windows, etc. the file is not erased, the link is just removed from the index. The data still exists on the disk drive. (Probably not an issue for SSD drives. Definitely an issue for spinning magnetic drives.) To really erase things requires a little more effort. Eraser is a program I have used. It is not perfect. Before you sell, or donate or recycle a computer, you should use something called a “boot and nuke” to completely wipe the disk drives. See Darik’s Boot and Nuke as an example. (Not a recommendation as I have never used this particular utility.) Use caution! Once they are gone, the files are gone for good. To ensure erasure the product should use US Department of Defense DoD 5220.22-M(ECE) 7 pass erasure.

Advertisements

8 thoughts on “Some Simple Steps Toward Online Privacy and Security

  1. Yes, I know I didn’t include the TOR Browser. If I have to mention it at this point. Besides, it drives people to distraction. The small size, the JavaScript embargo. But it is the only way to access the dark web.

  2. A few other things to consider:
    – ANY US search engine, website, or email provider can be served with a secret FISA warrant to collect data – and it can require them to lie to their customers about it. In particular, while I don;t have any evidence, DuckDuckGo seems to have popped up a little too conveniently at the time people were complaining about Google. I suggest using a foreign anonymous search engine with Https like ixquick that can’t be forced by the US government to lie to you. Also, if you are going to use a VPN consider a foreign one for the same reasons.
    – Unless you buy a GOOD shredder, your trash can be reconstructed; destroy anything important yourself. In the country, the easiest way is to have a fire. In fact, where I live I can’t get trash service, so everything flammable gets burned and what is left (metal and glass) goes into recycling dumpsters in town. It is really easy for me in the winter since I primarily use a wood stove.
    – Iron is a version of Chrome with the tracking features and Google information collection removed, giving a good start for privacy settings. it is open source so you can check everything yourself if you really want to.
    – Secure your house/ physical access to your computer. Accessing files, bank statements, etc becomes easier with direct access. Lock your doors and windows, don’t show outward signs of wealth (packaging, expensive items visible from public roads, etc). Discourage peeping toms with distance, shrubbery, thorns, etc. These are some of the standard measures that help with personal security; they also help with physical security.

  3. There are lots more things that can be done… But the first thing you have to do is decide who you are hiding from?

    Locking your door sounds good, but the average door lock in America can be picked in under a minute. There are alarms, sensors, cameras, etc. But you can turn your home into a bunker pretty quick.

    I am letting the blackberry brambles have their way. Next year I will start in again with the Osage Orange. (Thorns are 1.5 to 2 inches.) Hedgerows held up the US military in WWII. But even those can be avoided.

    Thanks for the heads up on Iron, that is one I hadn’t heard of…

  4. Thorns will help – however they alone weren’t the problem in Normandy: the hedgerows that gave us so much trouble had developed over centuries to be multiple foot high berms packed hard and filled with roots, essentially a natural anti-tank barrier that started before tanks were even a dream.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s