Privacy – A How-To Guide

There can be few people alive now who have not heard about Edward Snowden. 

He is a marmite character hailed as a hero by some and a pariah requiring execution by others.

I realised that in my Gravatar profile I state: “Keen on privacy and IT Security. A volunteer counsellor. I use blogging to improve my writing.” There has been a few blog items on writing and the odd one related to counselling but except for the EXIF article precious little in support of privacy.

Snowden showed us that if you decide to put something on the Internet it is not private anymore. (No matter how much security you imagine protects it).

Security services have techniques that can read information, often when we believed that information was protected.

Information that you put on the Internet today, believing it to be secure, is exposed in a security breach tomorrow.

Some people believe that this is fair enough, if you decide to put a nude selfie online for example then on your head be it.

This article is not for them.

Still reading? Ok, well there are some basic steps that you can take which will protect you. Some more advanced steps you can take if you are very keen on privacy. There are also steps you should take if your life depends on privacy (which is sadly not unfamiliar to some activists in the world today).

http://www.huffingtonpost.co.uk/entry/improve-internet-privacy_n_6902622

https://www.theregister.co.uk/2015/11/12/snowden_guide_to_practical_privacy/

  • Mobile Phones Mobile Phones – transmit a great deal of information about you. they are used by shops to track your purchasing preferences. They still transmit information even when you have turned location services off.

    If you are in the group that really needs to protect your privacy faraday bags for phones do work.If you like your privacy but your life isn’t likely to be in danger over it – turn on location services only when you need it.

    Similarly turn off Bluetooth and wireless when they are not in use.Better still if you do not want to be tracked leave the phone at home.

  • Encrypt Encryption uses mathematics to render the information inaccessible to anyone other than the people you want to have access.However encryption does not solve all problems.There is some evidence that some encryption has been circumvented. .However encryption will defeat prying eyes in the majority of cases.

    You can encrypt your phone .You can encrypt the hard drive on your laptop.

    You can use encrypted file storage online .

  • Encrypted Apps – Use encrypted alternatives to text messages. The recommended system here is an app called Signal which is as easy to use as any text message system.
  • Unique Passwords – Make certain that every website you log into has a unique password.

    Breaches in passwords happen every day.

    A breach is when a company loses the usernames and passwords of its customers onto the Internet. Criminals then get hold of these details and attempt to log into as many websites as they can. It takes criminals minutes to do this it can take many years before a company is aware of the leak.

  • Password Managers – maintaining a different password for each login (for every website) is a discipline that is sometimes beyond the memory of the average individual. This means that you really must use a password manager.

    Password Managers store all your passwords in one place and you only need to remember the one password – the one to access the password manager.

    I use KeePass . It is a standalone password manager (in that it is not integrated with your browser).This reduces functionality a little but increases security a lot. (With all your passwords in one place you do want the solution to be secure).

  • Use two-factor authentication. Remember I said that passwords are leaked onto the internet every day? How do you stop a criminal logging in when you don’t know that your password is already out there?

    Make certain logging on to your account takes more than a password.

    A number of sites permit use of two-factor authentication. Usually this means that after you add your username and password you get a text on your mobile phone giving you a code that you also need to enter.This small amount of extra effort can have a big effect on your security.

  • Use a VPN service that cloaks your location.Every ISP has a list of addresses that they hand out to their clients. This means that when you browse the Internet others on the Internet can determine which ISP you use. In many cases this gives a good approximation of where you are accessing the Internet from.In addition every piece of browsing behaviour goes through a link provided by your ISP who has a log of your activity. The only way to disguise your activity from your ISP is to have a tool that uses an encrypted tunnel to hide what you’re are doing.

    This can be a VPN , use of ToR browser or using ToR browser over a VPN .

    A VPN creates a tunnel between you and a VPN Provider.

    The problem with this is that it moves the keeping track of your actions from your ISP to your VPN provider.

    You therefore need a VPN provider that undertakes not to track your actions.

    For the truly privacy conscious use ToR.

    https://lifehacker.com/what-is-tor-and-should-i-use-it-1527891029.

    ToR is not a panacea but it does make it much more difficult to trace any actions back to you. ToR is a technology that sends the messages you use to communicate on the Internet through a very convoluted route, making it very difficult to trace.

Of course it is far easier to keep something private if you do not share it in the first place. If you share something which would have consequences (if it became public) then perhaps sharing it is not wise. Don’t depend for example on Facebook privacy settings. It is known that people use Facebook to monitor and to trap the unwary.

Don’t put your holiday destination into Facebook until after you have returned.

It is really a bad idea to exchange nude photographs. Can you really be certain that the picture won’t turn up later on in a context which you might not like?

Many sites allow recovery of your account if you supply personal details about yourself. This means that they allow you access after you share with them a secret that they know about you. A favourite is Mother’s maiden name for example. If you forget your password – you supply your mother’s maiden name – you get to reset your password.

If that information (your mother’s maiden name) is on the Internet already (say on social media) it is no longer a secret. Criminals can use this information too.

Firstly be careful what you share. Secondly if you are asked for a secret that can be used to reset your account – lie. If your dog is called Fido and the recovery question is “pet’s name” use ”jambalaya” for example (don’t do that – it’s in the Internet now so people know it – make up your own version and keep it secret).

Once you have created a lie make sure you record it somewhere offline (say in the password manager) so if you need to recover the account you can remember what lie it was that you told them.

Make certain that you use the HTTPS version of a website (most sites have a HTTPS version now). The HTTPS-everywhere add-on can do this for you. HTTPS uses secure communication and hence is more secure to use than HTTP.

Adverts on the Internet have been the source of a great many attacks. Wherever possible use an ad-blocker. This also makes it harder for sites to track your behaviour and use it to bombard you with ads.

It is known that search engines like Google mine your information in order to sell it to advertising companies. One way to obviate this is to use an alternative search engine that does not log your behaviour. The best known of these is DuckDuckGo.

If you are one of the people whose life depends on your privacy then this article is not going to be cautious enough for you.

ToR is a good start. There are also guides as to how compartmentalise your life. There are guides about how to communicate with journalists. Encrypted email solutions exist and should be considered. Even operating systems designed to preserve security.

However it would be remiss of me to advise about these given my life has never been at risk because of a lack of privacy. You must gauge the level of risk and apply appropriate precautions.

For everyone else these few steps can make a big difference.

If you liked this article why not follow this blog

Follow The Procrastination Pen on WordPress.com

Author: Phil Maud

Keen on privacy and IT Security. A volunteer counsellor. I use blogging to improve my writing.

2 thoughts on “Privacy – A How-To Guide”

  1. What a guide, Phil!! Hats off mate, this is excellent. I’m all across turning off location services and Bluetooth on my phone (not only does it protect you a little, but it also extends your battery life haha), but so many of these tips were things I’d never thought of (lying in your security questions = genius!).
    One additional problem with relying on Facebook security settings (aside from the obvious fact that they aren’t all that secure) is that they are prone to change without advance warning. What is “private” today could be “public” tomorrow with a single app update. That’s how I try to think about every third party site or software I use (anything that has Ts&Cs and stores my data, basically).
    Thanks again for sharing this, it’s a cracker!!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s