Privacy, GNU/Linux, Online Safety vs Convenience (Updated 08/26/2019)
Tuesday, August 20, 2019
Today we’re going to talk about privacy and how to keep your information online safe.
First off why should you care about your privacy? After all those that are worried the loudest have something to hide right? Actually wrong. Everyone in the world has a fundamental right to privacy. Here are some events that occurred that should make you think twice about privacy and why it matters to you:
- The iCloud leaks of 2014.
- In 2014 according to Wikipedia nearly five hundred pictures of various celebrities mostly women were leaked onto the internet onto social media, picture sites and other forums due to a breach of cloud services by way of spear phishing “highly targeted” attacks. This event aka termed “Celebgate” and other more popular names (which we’re not mentioning here but you can do a search to find out the more popular name since we’re trying to maintain some semblance of journalist respect) leaked this information or as the term is called “doxxed” the individuals.
- Doxxing is not a port manteau but a “neologism” or a new word or utterance that becomes common enough to actually may become a new word and as opposed to sniglets may not be so humorous as in this case of doxxing. Doxxing is supposedly taking the word “documents” according to Wikipedia again and basically releasing of hacked documents in a leaked fashion in order to embarrass or compromise someone in order to get revenge or abet and aid some other purpose. This has happened to some politicians for example during recent 2016 campaigns where phone numbers were leaked or perhaps some information was leaked that was meant to be private or hard to obtain. It has also been a source of cyberbullying in the new age of social media.
- Cambridge Analytica, Twitter plaintext, FedEx records exposed, government personnel records, phone record breaches, Target & Home Depot, & Turbo Tax
- Whether you really have something to hide or you don’t sometimes you can do everything to be protect your privacy and still have it exposed. A recent example was where supposedly over 21.5 million personnel records were exposed or stolen from a government targeted data breach. You may have also heard about a big blue social media company which harvested data on its users or some other ones where passwords were exposed or simply from using your phone or buying stuff online. All you had to do was be a daily consumer or just be going through your normal course of daily life. Think about it, you going in and buying and shopping at your store and your store data gets exposed.
So whether you want to protect or hide something or just need to protect your privacy it doesn’t matter. Everyone needs to have a way to protect their information from misuse and protect their dignity as is the case of the picture leaks above. Simply using devices like Alexa or even social media or chat apps can get your info exposed across the planet if you aren’t careful and things go viral as many people have found out when on the internet and you don’t need your passwords across the world to see or people judging your creases of the folds of your skin or putting your love for designer clothing put up for judgment.
OKAY, So I understand why I need privacy. But what can I do about it?
Great it should be no question why you need some common decency to shield your identity. There are HIPAA laws after all shielding your personal medical information after all and there’s attorney client privileges and tax / bank / financial privacy acts and so it’s all important that there’s a way to mask your footprint online because – and here’s the kicker by the way – it seems anything you put online has a way of leaking out. So the smart thing is if you have a secret don’t tell anyone and KEEP YOUR TRAP shut. But you can absolutely minimize your footprint online.
We scoured some security experts and what they said about ways to stay private. Here are some tips which you of course will ALWAYS need to do additional research before implementing these as a prescribed course of action.
- #1 If you can’t keep it secret then don’t even think about putting it online and don’t even access it online. Once it’s out there you can kiss that picture or thing you wrote goodbye. There are drives and tools to recover your information and even the most secure phones have been know to been able to recover through hardware means your data even with deletes and basic wipes. Heck, every teen probably knows about the Cameron Diaz & Jason Segel movie where romp-edy movie where a homemade “tape” is uploaded to the cloud by accident. Don’t even think about recording or taping or making the record in the first place and it can’t be sent.
- #2 If you do make some record then you need to burn, wipe, destroy, pulverize etc becomes it even becomes an issue and can get you in a compromising situation. Had people done a lot of these top two things then tapes, messages, … emails… would have never been an issue and it would never made the evening news like it always inevitably seems to happen. No records, no public access, no problems.
- #3 If you’re going to be dumb and keep an archive of something that you can look back at wistfully 20 years from now such as how svelte your Cadillac 6 pack abs are or baby smooth arms and pinky toes are then find a way to encrypt them. I believe in the movie Watchmen there’s character that writes in a notebook and is so far gone in thinking that his writing is almost gibberish or basically encrypted in a sense. So if you’re going to be Project Sunshine to the world about your breakfast, lunch and dinner then make sure that the bit about the extra slice of avocado toast you hid from your husband while you were on your Special K diet stays mum. Oops! What happened in Vegas, right?
Here are some additional brief tips if you’re in a tl;dr mode.
- Isolate, cut yourself off from society. Hey it works, just be prepared to trade convenience for true privacy. “Something something about a whole village raising a child while sacrificing their privacy.”
- If you can’t do that start by turning off tracking as in things like LOCATION tracking.
- Anytime you start a new fresh install in a operating system say NO to s**** like opening in to sharing data with improving a user experience for the programmers.
- Opt out of sending voice recordings, location data, search results, other user interface embellishments to improve your experience. Yes it’s inconvenient but if I never used it or needed it before do I need it now. So you have to ask yourself are you really wanting to help them improve their programming and are you high enough of a target that you won’t get data leaked in unintended fashion. Probably some of that data is safe if you’re high profile, but again… “do you feel lucky punk?”
- Replace your basic search engine in most defaults on your browsers. It is getting to the point that I have to install all my own operating systems and customize my own software. People, especially guys, like to fix their own cars cause either they like tinkering or don’t trust anyone else to do it. But software on laptops and fresh installs you usually have the option to go through basic set ups when you first get a laptop. DEVOTE an evening to looking at the manual, spend time going through tabs and settings and make sure you are controlling your software and not that YOU do not become the product yourself. Many big organizations especially those at a regulating state and above level have whole departments configure their IT departments and have firewalls and VPN’s. If they can spend more than 5 minutes to configure their network, you can spend at least 30 minutes looking through your phone or computer settings at least to try to harden some of your security. Something is better than nothing.
- Spend time learning, or reading or subscribing to security alerts also and learing about best practices, just don’t inundate your inbox with useless spam.
- Consider again the search tools your use and even your choice of web browser. If your browser known to be safe or is it made in such a way that it has ads and commercials all over and it leaks data or is known to be made by a country that doesn’t respect privacy?
- Here are some search engines to consider and we aren’t advocating any particular ones because you have to look at them yourselves and we have not tried them all:
- !— (Update: 08/26/2019 Search encrypt is removed as a recommendation due to reports of adware)
- Discrete Search
- Get at least two phones or two email accounts. One for spammy junk and one for normal business life etc. Never give out your important account to anyone and always give them your spammy account first online if someone is unknown. These are also known as burner accounts. Some people that are not “in the know” think that there’s something less than honest about multiple accounts but that’s because they are not open minded or aware that not everyone out there looks out for you best interest and unless you “take care of your own” you will always be left holding the bag and taken advantage of. Basically “suckered”. This happens because human nature is to try to help which is great and altruistic and has helped people stay together as a community for several hundreds of years and through the millennium. But people online don’t care about that community feel. And sometimes people in real life needing money also are just as “pathologically fixated enough” that you need to protect yourself. Burner phones are not because you’re going to do anything bad. Think of it like insurance. You might not need something but if something bad happens you’ll be so glad you have it. And you can often get these second accounts for free. Thank goodness.
- You need a Virtual Private Network option or distributed network browser option so that your traffic is not exposed. Think about it this way. You’re at the airport or coffee shop and surfing. Oops. You’re not actually connected to Starbucks but some hacker’s network. If you have an encrypted connection or some decentralized connection you just might be able to prevent your data packets from being read or some nosey person.
- Consider a Alternativeto type software option. There are lots of software now. Everywhere and many them are open source. Some of them proprietary and code is not open to inspection. We’re not going to necessarily debate the merits of either here. But if a software option is NOT meeting your needs, switch it up. Don’t even think about giving up your permission options in your phone or identity if you don’t want it leaked. There might be some other option that’s less intrusive so you may have to give up using that app. Or find someone to get you an app that works the same way. Maybe that’s how you start a business niche and make money that way. (After all our site is about making money and you have a problem and a need and someone will always need a privacy program).
- A lot of suites and software for “big name” companies readily sell your data and plug and plant ads in front of you as you sit and watch these commercials flash past your eyes. Map apps, Email apps. There are other options. If not in the main app stores, you might be able to find alternatives or overseas options as well.
- Use encrypted messaging. This is a stickler for some people that argue that backdoors are needed for law enforcement but there’s also a slippery slope argument. Where does it begin and end? Companies and regulation needs to be separated. Sort of like separation of religion and governance in some countries there needs to be a separation to allow privacy and freedom from surveillance to be codified into universal rights. The early creators of countries may have never envisioned all the cameras and interconnectedness all the technology would be and how it would impact our lives and this needs to be brought up in today’s dialogue.
- Also consider using encrypted email services and PGP or GPG.
- Consider ridding yourself of useless social media accounts. You’re hit the gym more and spend more time with friends and be more productive instead of scrolling through your phone. During some commutes to work, all we see are people scrolling through their phones. I wouldn’t say hypnotized because they are learning and absorbing information, but consider the trade off with productivity.
- Consider getting a better operating system that respects privacy. Unfortunately some of the changes in operating systems have us less than enthusiastic. It feels like some operating systems are now spyware and destined to continue down that path for the foreseeable future. Luckily we have open source and other options being developed in other countries. Many people like to say their country has the best stuff or about nationalism. But in Justice: Tower of Babel which was an episode and comic book any nation or country or software if unchecked can stray from the original intentions and deviate into something unrecognizable. Even small companies like which have now become monoliths like Apple, Microsoft, Facebook which were of course once start ups have become bigger. And as they Uncle Ben Parker “With great power…” I’m sure you can finish the rest. Nations check each other’s powers. It’s how WWII ended without the whole world becoming one government. And it’s how differences and views continue to date. If everyone thought exactly the same then there would be no diversity and innovation and things would possibly stagnate.
- Note: some of the earliest attempts at free and open systems include Libreboot and Trisquel according to Wikipedia during a GNU/Linux movement. There may be much better operating systems and apps and programs now.
- Consider full disk encryption if your data falls in the wrong hands. Contingency plans are so important and “expecting the unexpected”.
- Limit what you put into search engines. It’s so important because searches are now saved across many platforms.
- Consider using a Office Suite that is open and not trying to sell you other products.
- Back to the burner accounts, make sure you decouple your real identity from your public identity. People online are starting to realize safety of pseudonyms. It’s probably why the creator of certain virtual currencies is said to have possibly an identity that’s not that person’s real name. And it’s also why credit card companies are starting to tokenize your accounts so that your online transactions and cards can’t be associated to your real card if their databases are compromised.
- Don’t give away all your secrets. Security through obscurity is important. There’s a saying “A girl doesn’t reveal all her secrets” or something like that. Same for just in general you don’t give away all your power. In dating, in life. You hold back your offer and keep a poker face saving your ace card if you need it. Don’t tell people how much money you make. Don’t tell them your true age and other things to hurt you with. There’s another saying. Enemies will punch you right in your face. Friends stab you in your back. If you reveal everything your opponent in the boxing ring knows all your moves and how to counter. So don’t give them your secret boss move.
- Flip off unused services when not required. Turn off location, flip on airplane mode. Turn off WiFi. Kill NFC and Bluetooth and your data connection if you’re done with it for the night. Someone can’t remote in if it’s not active to brute force in or hack into. Turn off folder and network sharing. Check file permissions. This includes camera functions, Siri, Cortana, Alexa services, Google Now etc.
- Cover up cameras with stickers including your phones. There were reports that certain devices such as baby monitors were exposed and as things are connected as Internet of Things (IoT) devices and a botnet disaster is waiting to happen, you may be paranoid, but the person that laughs last is the one that doesn’t have their tinfoil fig leaves exposed.
- Uninstall and deactivate apps, and other “spyware”.
- Incognito mode in browsers just delete your history and cache but your IP address is still exposed which is why a Virtual Private Network may be needed or some other way to hide your IP address. If a hacker knows your IP they may be able to know what services you log in or use for your web servers and also the cookies and credentials for logging into a service.
- Use old fashioned methods. Maybe use an old fashioned typewriter. I know this used to drive someone batty but forget them. It’s not their life. Or handwrite a letter and give it to a significant other. It means more if you wrote it with your own two shaking doctor’s handwritten scribbles. Pick up your regular landline and call maybe instead of emails. Or walk over and give your significant other a physical hug instead of Snapchatting those mother-shocking photos. Buffet, the great investor of stocks was known to use a basic phone or flip phone it was said for many years.
- Pay using cash or other secure methods is another thing you can do and in the store sometimes instead of doing all things via credit and online transactions.
- Consider using a virtual machine that you’re running in under or a sandboxed program.
- Poison the well. Sometimes ad data collectors will try to collect unnecessary data. If you are just needing to get to the next screen you may need to feed it fake data. An example for example is to connect to a free public wifi hotspot or some other example that escapes me right now… like maybe a survey. You may be able to feed data. The wifi obviously wants you to give up an email address or something to use wifi but you don’t want to give up the info so you could in this instance feed in some data like the above spam account and a bunk name. Or something like why are you visiting our site and other survey cr–. Most times you’re only going to be on that wifi for a short time or get that free shopping deal etc and they don’t need all that data and they know they use it for marketing. An example is also when you go shopping they often ask for your email address. You can give them your email address or say you don’t have one. But if it’s a field that requires again some field to sell you junk or advertise that’s when you may have to put in data. Not to do anything bad of course just get where you need to go.
Some additional resources (keep learning to stay ahead):
Check out privacy dot haus / checklist/ .
Check out proprivacy dot com
Check out prism dash break dot org
Remember what you don’t know can HURT you. There’s a saying in legal matters that ignorance of something (legal requirements & regulations) doesn’t exempt you from liability of responsibility.
Nowadays it’s nearly impossible to be completely off the grid and you’re likely in some database somewhere, but armed with some knowledge you can at least reduce your digital footprint so hackers have a harder time hitting a moving small target.
These are just a compendium of some great things we found online. Hope this helps.
Stay safe, secure and if possible anonymous and obscure. Of course there’s no perfect solution yet and you’re trading off usability.