e.Man
22nd May 2015, 13:58
I'm a bit of a privacy freak, to the point where, because of my research into on-line privacy and security, my freakishness is beginning to propagate into my off-line life. I have no social media accounts; i never provide accurate personal information if i can avoid it; i don't use Skype or any other mainstream messenger. When i applied to join this community, i wrote an email to Bill stating that i would rather not provide certain personal details. I didn't even provide my website address because i wanted to make it harder for certain organizations to profile me, primarily because of certain highly controversial topics which i have written about (in retrospect i think that not disclosing my web address was kind of nonsensical since i have linked to my site in many other places).
The fact is, however, that it would likely be trivial for anyone to identify anyone else who engages in on-line activity. A little creative social engineering would probably yield some very interesting results in many cases. So the question then becomes, 'who am i hiding from'? Who are you hiding from, assuming you think like me? Certainly not TPTB since it would be trivial for "them" to grab all kinds of information about pretty much anyone they decide to target.
Nevertheless, many of us persist in our quest for on-line anonymity/privacy. Even if we cannot thwart the efforts of the police/surveillance state in many cases, at least we can make it more difficult for certain data harvesting/advertising/search engine corporations to track and profile us using the reams of metadata we unknowingly provide through the services and software we use. I think that focusing on privacy and security is especially important to anyone who is a whistle-blower or who seriously researches and writes about controversial subjects.
I have been tinkering with Windows OS security and privacy since Win 95 when i learned about what kind of data IE stores permanently, even after the user "deletes" all cache, cookies, history, etc., and how this data can be, and is used by LE (law enforcement). I had conversations with a computer forensic cop who gave me a number of clues as to how they can access and use such data. In the end, i asked him straight out whether this data could be accessed remotely (we're talikg Windows here). His answer: "What do you think?".
Regardless of my studies, my level of tech knowledge, particularly in regard to networking, is ultimately very low and i fully and freely admit that I AM NO SECURITY EXPERT by any stretch of the imagination. Nevertheless, given my limitations, i do what i can to harden my OS, web browser and email client against data leakage and threats to my privacy and system security.
You want the TL:DR version? Simple: DON'T USE WINDOWS, and certainly do not use Internet Explorer. Unfortunately, many of us, including myself, are victims of Mr. Gates and his world-wide monopoly. Well sir, this the end of the road for me; i have vowed to make 7 my last MS OS. Next it's Linux (but not any of the Ubuntu (https://www.gnu.org/philosophy/ubuntu-spyware.html) derivatives) since ReactOS (https://www.reactos.org/), a Windows like, open source NT compatible, will probably never reach a stable release in my lifetime at the rate they're going - LOL.
Regardless of our OS choice however, it is our web browsers and email clients that are the primary gateways to the on-line world for many of us and it is my opinion that anyone who cares about their privacy and security probably ought to direct some serious attention to the software that connects us to the www. In that vein, i have written a few guides for those that are interested ...
Firefox Configuration Guide for Privacy Freaks and Performance Buffs (http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - this covers the Firefox/Gecko family of browsers, including Seamonkey and, to some extent, the Mozilla Thunderbird email client.
Firefox Extensions: My Picks (http://12bytes.org/articles/tech/firefox-extensions-my-picks) - a nice selection of Firefox extensions and information about extensions in general.
Opting out of the Firefox / Google / Yahoo partnership (http://12bytes.org/articles/tech/opting-out-of-the-firefoxgoogle-partnership) - Don't want to be tracked by, or support Mozilla's partnerships with globs of unethical companies? Learn how you can easily opt-out.
Encrypting DNS Traffic (and why you want to) (http://12bytes.org/articles/tech/encrypting-dns-traffic) - Want to visit projectavalon.net? The computers that route internet traffic have no idea what the heck "projectavalon.net" is, so the domain name is sent from your machine to a DNS resolver which converts it to an IP address (198.143.158.131 for projectavalon.net). The problem is that, even if the connection is secure (https), your DNS query is not. This guide will show you how to secure DNS look-ups and help thwart MitM (Man in the Middle) attacks and other threats to your privacy.
Malware: It's worse than you think (http://12bytes.org/articles/tech/malware-its-worse-than-you-think) - You take precautions. You use an anti-virus/malware product and a software firewall. You use Firefox, or perhaps Chromium, or perhaps a privacy-centric fork of Google's Chrome. You disable JavaScript by default. You NEVER open executable email attachments. You are protected, right? Wrong!
Lastly, i'd like to add an aside regarding encryption...
I sold a PC once to an older fella who worked for the U.S. government, either directly or as a sub in the tech arena. I remember him telling me he had a security clearance, but i don't remember what type ("Crypto" maybe rings a bell - i seem to remember it was something i perceived as "high level"). We got talking about the government and encryption and he had some very interesting stories to tell but not the time to tell them. I suggested that we continue our dialog through email and that we could use encryption. His three word response: "Encryption is useless.".
Obviously encryption is not useless in general, but i think the point he was trying to make is that, depending on who is targeting you, it may be useless, especially if it is a high-level (3-letter) government agency doing the targeting - at least that's what i read in to his statement.
Something i read on the web long ago, and i'm paraphrasing; "Ever find any record of the NSA subpoenaing anyone for their password?". I never investigated that, but it's an interesting statement to make.
The fact is, however, that it would likely be trivial for anyone to identify anyone else who engages in on-line activity. A little creative social engineering would probably yield some very interesting results in many cases. So the question then becomes, 'who am i hiding from'? Who are you hiding from, assuming you think like me? Certainly not TPTB since it would be trivial for "them" to grab all kinds of information about pretty much anyone they decide to target.
Nevertheless, many of us persist in our quest for on-line anonymity/privacy. Even if we cannot thwart the efforts of the police/surveillance state in many cases, at least we can make it more difficult for certain data harvesting/advertising/search engine corporations to track and profile us using the reams of metadata we unknowingly provide through the services and software we use. I think that focusing on privacy and security is especially important to anyone who is a whistle-blower or who seriously researches and writes about controversial subjects.
I have been tinkering with Windows OS security and privacy since Win 95 when i learned about what kind of data IE stores permanently, even after the user "deletes" all cache, cookies, history, etc., and how this data can be, and is used by LE (law enforcement). I had conversations with a computer forensic cop who gave me a number of clues as to how they can access and use such data. In the end, i asked him straight out whether this data could be accessed remotely (we're talikg Windows here). His answer: "What do you think?".
Regardless of my studies, my level of tech knowledge, particularly in regard to networking, is ultimately very low and i fully and freely admit that I AM NO SECURITY EXPERT by any stretch of the imagination. Nevertheless, given my limitations, i do what i can to harden my OS, web browser and email client against data leakage and threats to my privacy and system security.
You want the TL:DR version? Simple: DON'T USE WINDOWS, and certainly do not use Internet Explorer. Unfortunately, many of us, including myself, are victims of Mr. Gates and his world-wide monopoly. Well sir, this the end of the road for me; i have vowed to make 7 my last MS OS. Next it's Linux (but not any of the Ubuntu (https://www.gnu.org/philosophy/ubuntu-spyware.html) derivatives) since ReactOS (https://www.reactos.org/), a Windows like, open source NT compatible, will probably never reach a stable release in my lifetime at the rate they're going - LOL.
Regardless of our OS choice however, it is our web browsers and email clients that are the primary gateways to the on-line world for many of us and it is my opinion that anyone who cares about their privacy and security probably ought to direct some serious attention to the software that connects us to the www. In that vein, i have written a few guides for those that are interested ...
Firefox Configuration Guide for Privacy Freaks and Performance Buffs (http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - this covers the Firefox/Gecko family of browsers, including Seamonkey and, to some extent, the Mozilla Thunderbird email client.
Firefox Extensions: My Picks (http://12bytes.org/articles/tech/firefox-extensions-my-picks) - a nice selection of Firefox extensions and information about extensions in general.
Opting out of the Firefox / Google / Yahoo partnership (http://12bytes.org/articles/tech/opting-out-of-the-firefoxgoogle-partnership) - Don't want to be tracked by, or support Mozilla's partnerships with globs of unethical companies? Learn how you can easily opt-out.
Encrypting DNS Traffic (and why you want to) (http://12bytes.org/articles/tech/encrypting-dns-traffic) - Want to visit projectavalon.net? The computers that route internet traffic have no idea what the heck "projectavalon.net" is, so the domain name is sent from your machine to a DNS resolver which converts it to an IP address (198.143.158.131 for projectavalon.net). The problem is that, even if the connection is secure (https), your DNS query is not. This guide will show you how to secure DNS look-ups and help thwart MitM (Man in the Middle) attacks and other threats to your privacy.
Malware: It's worse than you think (http://12bytes.org/articles/tech/malware-its-worse-than-you-think) - You take precautions. You use an anti-virus/malware product and a software firewall. You use Firefox, or perhaps Chromium, or perhaps a privacy-centric fork of Google's Chrome. You disable JavaScript by default. You NEVER open executable email attachments. You are protected, right? Wrong!
Lastly, i'd like to add an aside regarding encryption...
I sold a PC once to an older fella who worked for the U.S. government, either directly or as a sub in the tech arena. I remember him telling me he had a security clearance, but i don't remember what type ("Crypto" maybe rings a bell - i seem to remember it was something i perceived as "high level"). We got talking about the government and encryption and he had some very interesting stories to tell but not the time to tell them. I suggested that we continue our dialog through email and that we could use encryption. His three word response: "Encryption is useless.".
Obviously encryption is not useless in general, but i think the point he was trying to make is that, depending on who is targeting you, it may be useless, especially if it is a high-level (3-letter) government agency doing the targeting - at least that's what i read in to his statement.
Something i read on the web long ago, and i'm paraphrasing; "Ever find any record of the NSA subpoenaing anyone for their password?". I never investigated that, but it's an interesting statement to make.