Important message regarding personal information

Moderators: DrVolin, Wombaticus Rex, Jeff

Postby Peregrine » Thu Mar 04, 2010 1:03 pm

ok, wasn't sure. Thanks for the clarification.
~don't let your mouth write a cheque your ass can't cash~
User avatar
Peregrine
 
Posts: 1040
Joined: Tue Mar 27, 2007 11:42 am
Location: Vancouver B.C.
Blog: View Blog (0)

Postby Peregrine » Sun Jun 06, 2010 10:11 pm

heh, there's an "ask jeeves" bot pokin' around. Thought that mildly humorous...
~don't let your mouth write a cheque your ass can't cash~
User avatar
Peregrine
 
Posts: 1040
Joined: Tue Mar 27, 2007 11:42 am
Location: Vancouver B.C.
Blog: View Blog (0)

Re: Important message regarding personal information

Postby 3×5 » Fri Feb 10, 2012 12:54 am

The butler did it!
3×5
 
Posts: 21
Joined: Thu Aug 18, 2011 1:04 am
Blog: View Blog (0)

Re: Important message regarding personal information

Postby 3×5 » Fri Feb 10, 2012 1:18 am

Hey, I don't know if this is the right thread for this, or if this deserves its own thread...

I have become more concerned lately about my online privacy. I recently quit Facebook, and, knowing myself, I can't imagine why I joined in the first place. I was already plenty paranoid before I started divulging my personal information on this massive corporate website, whose president and CEO is notoriously empathically challenged.

I also fed all my email addresses into gmail, which I used as my primary email address, and which then had me logged in all the time while I searched for everything under the sun. I started using Google Docs as my primary word processor and spreadsheet maker.

Google announced its new privacy policy this month, and the New York Times outlined how they, and Facebook, use aggregate data to predict patterns in behavior among people whose fit your demographic and disposition.

In other words, even if you're divulging relatively little data about yourself, if others like you are, and they're able to match you to your own 'kind', then they can predict your habits and patterns of behavior, at least at they pertain to your online activity, based on what people like you tend to do. The article says that credit companies are now using this data, and you can be declined credit based on it. It stands to reason, then that Facebook and Google could sell this data to think tanks, and who knows who else.

I think I would participate in forums like this one more often if I believed I was truly anonymous online, and I am slowly trying to get there. I got off Google suite and started using an alternative search engine. I stopped using Google Chrome and started using SRWare Iron, the secure, open-source browser upon which Chrome is built.

I know there are other posts about threats to our internet freedom, but I thought maybe this thread could serve to offer practical information on how we can protect our privacy and anonymity online. I have tried Tor, and I used Ubuntu Linux for years before finally giving up on it because I couldn't run my music software on it (though I would like to go back to it). I am not an IT or computer science person, and I'm wondering if there are any such people in the community who know about things like, or how to anonymously correspond with people, host a website, et cetera.

I once emailed someone who required a pgp key and I wonder how that actually secures your conversation. I would imagine only an encrypted, open-source instant messenger would be secure, but I'm not sure. Any advice would be much appreciated. Thanks.
3×5
 
Posts: 21
Joined: Thu Aug 18, 2011 1:04 am
Blog: View Blog (0)

Re: Important message regarding personal information

Postby Stephen Morgan » Fri Feb 10, 2012 6:08 am

3×5 wrote:I also fed all my email addresses into gmail, which I used as my primary email address, and which then had me logged in all the time while I searched for everything under the sun.


Yeah, DuckDuckGo is the way to go. Or Scroogle,m when it's working.

I started using Google Docs as my primary word processor and spreadsheet maker.


Should use LibreOffice.

I think I would participate in forums like this one more often if I believed I was truly anonymous online, and I am slowly trying to get there. I got off Google suite and started using an alternative search engine. I stopped using Google Chrome and started using SRWare Iron, the secure, open-source browser upon which Chrome is built.


Firefox is more customisable.

I know there are other posts about threats to our internet freedom, but I thought maybe this thread could serve to offer practical information on how we can protect our privacy and anonymity online. I have tried Tor,


Tor is excellent for anonymity, I2P has a built-in anonymous e-mail service.

and I used Ubuntu Linux for years before finally giving up on it because I couldn't run my music software on it (though I would like to go back to it).


Use some other music software, Banshee or Clementine or something.

I am not an IT or computer science person, and I'm wondering if there are any such people in the community who know about things like, or how to anonymously correspond with people, host a website, et cetera.


Tor and I2P can both be used to host anonymous web servers, although you'll have to set up a server on your own computer. Tor hidden services and I2P eepsites. Feel free to DuckDuckGo them.

I once emailed someone who required a pgp key and I wonder how that actually secures your conversation. I would imagine only an encrypted, open-source instant messenger would be secure, but I'm not sure. Any advice would be much appreciated. Thanks.


PGP signatures ensure that the message came from who it claims to have come from, although it doesn't stop people readin it unless it's actually encrypted rather than just signed.

I2P has a built-in chat server, for anonymous IRC with other people on I2P. You can also use Tor as a proxy for your IRC client.
Those who dream by night in the dusty recesses of their minds wake in the day to find that all was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes, and make it possible. -- Lawrence of Arabia
User avatar
Stephen Morgan
 
Posts: 3735
Joined: Thu Apr 19, 2007 6:37 am
Location: England
Blog: View Blog (9)

Re: Important message regarding personal information

Postby elfismiles » Fri Feb 10, 2012 9:41 am

A splendid idea 3x5. I am struggling with similar considerations.

And thanks SM for that info.


3×5 wrote:Hey, I don't know if this is the right thread for this, or if this deserves its own thread...

I have become more concerned lately about my online privacy. I recently quit Facebook, and, knowing myself, I can't imagine why I joined in the first place. I was already plenty paranoid before I started divulging my personal information on this massive corporate website, whose president and CEO is notoriously empathically challenged.

...

I know there are other posts about threats to our internet freedom, but I thought maybe this thread could serve to offer practical information on how we can protect our privacy and anonymity online. I have tried Tor, and I used Ubuntu Linux for years before finally giving up on it because I couldn't run my music software on it (though I would like to go back to it). I am not an IT or computer science person, and I'm wondering if there are any such people in the community who know about things like, or how to anonymously correspond with people, host a website, et cetera.

...

Any advice would be much appreciated. Thanks.
User avatar
elfismiles
 
Posts: 7754
Joined: Fri Aug 11, 2006 6:46 pm
Blog: View Blog (4)

Re: Important message regarding personal information

Postby 3×5 » Fri Feb 10, 2012 2:00 pm

Thanks, Stephen. I will definately check out I2p and the other recommendations. With regards to Ubuntu, I make music using Reaper and a lot of VST software, with an external low-latency audio interface that connect to a guitar and microphone. Unfortunately, this software studio will not work in Linux without a Windows emulation layer, which means you're using Windows again anyway, only the software and hardware now takes a huge performance hit.

Another thing I neglected to mention before: KeePass. It's a keychain program that automatically generates very secure passwords for you, and the file that holds all the passwords is encrypted as well. You just have to create one clever password you can remember, to unlock the keychain. You can then see all your usernames for different message boards, social networks, online banking, email, and so on. You then copy the password to the clipboard. After 10 seconds, KeePass deletes the password from your clipboard.

The best way to use KeePass is to install the portable version on a thumb drive that you keep on your actual keychain. It's probably a good idea to periodically make a secure backup of your keychain file.

This is a nice solution, even if your computer is already compromised. Let's say someone has remote desktop access to your computer, meaning they can see what you see on your screen. Your computer is also infected with malware that is logging all your keystrokes. With the message described above, you could generate a password that KeePass never shows you, copy it, paste it into an online registration form, and use this password from now on, without having ever seen or typed the password in the first place.
3×5
 
Posts: 21
Joined: Thu Aug 18, 2011 1:04 am
Blog: View Blog (0)

Re: Important message regarding personal information

Postby Stephen Morgan » Fri Feb 10, 2012 3:24 pm

3×5 wrote:Thanks, Stephen. I will definately check out I2p and the other recommendations. With regards to Ubuntu, I make music using Reaper and a lot of VST software, with an external low-latency audio interface that connect to a guitar and microphone. Unfortunately, this software studio will not work in Linux without a Windows emulation layer, which means you're using Windows again anyway, only the software and hardware now takes a huge performance hit.


I'm an acoustic man myself. Still, I'm sure you could find some equivalent. Ubuntu Studio even comes with the -rt low latency kernel for better multimedia performance. I use the zen kernel myself.

Another thing I neglected to mention before: KeePass. It's a keychain program that automatically generates very secure passwords for you, and the file that holds all the passwords is encrypted as well. You just have to create one clever password you can remember, to unlock the keychain. You can then see all your usernames for different message boards, social networks, online banking, email, and so on. You then copy the password to the clipboard. After 10 seconds, KeePass deletes the password from your clipboard.


I don't like overly secure passwords. I just remember mine, and have Firefox remember them. If you're worried about someone getting them off your harddrive you can encrypt your harddrive with LUKS or your home partition with ecryptfs. If you want a really secure password, just type `dd if=/dev/urandom of=passphrase.txt bs=128 count=1`. Obviously there's GPG if you want to use public-key encryption.

The best way to use KeePass is to install the portable version on a thumb drive that you keep on your actual keychain. It's probably a good idea to periodically make a secure backup of your keychain file.

This is a nice solution, even if your computer is already compromised. Let's say someone has remote desktop access to your computer, meaning they can see what you see on your screen. Your computer is also infected with malware that is logging all your keystrokes. With the message described above, you could generate a password that KeePass never shows you, copy it, paste it into an online registration form, and use this password from now on, without having ever seen or typed the password in the first place.


Talking of USB drive, you could get the TAILS Live USB, designed to send everything through Tor and to wipe your RAM at shutdown and so on. Being a Live USB without persistence all your activity is untraceable as soon as you shut down. Constructed on a Debian base.
Those who dream by night in the dusty recesses of their minds wake in the day to find that all was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes, and make it possible. -- Lawrence of Arabia
User avatar
Stephen Morgan
 
Posts: 3735
Joined: Thu Apr 19, 2007 6:37 am
Location: England
Blog: View Blog (9)

Re: Important message regarding personal information

Postby 3×5 » Tue Mar 13, 2012 2:08 am

My next question is this: how do you detect if you're being surveilled, or if your network is being exploited? I think it would ease my paranoia to be able to determine these things, and to protect my home network. Is there a way to encrypt data before it leaves your router? Is there some kind of packet sniffer sniffer that can detect digital eavesdroppers? How do you know if you can trust your ISP with your data? Any advice on this would be greatly appreciated.
3×5
 
Posts: 21
Joined: Thu Aug 18, 2011 1:04 am
Blog: View Blog (0)

Re: Important message regarding personal information

Postby Stephen Morgan » Tue Mar 13, 2012 4:13 am

3×5 wrote:My next question is this: how do you detect if you're being surveilled, or if your network is being exploited?[]/quote]

You don't.

I think it would ease my paranoia to be able to determine these things, and to protect my home network.


Use a password.

Is there a way to encrypt data before it leaves your router?


Use encrypted connections, SSH tunnels, encrypted proxies or just connect to HTTPS sites when available with HTTPS Anywhere from the EFF.

Is there some kind of packet sniffer sniffer that can detect digital eavesdroppers?


No.

How do you know if you can trust your ISP with your data?


You don't. In fact they're probably required by law to spy on you.
Those who dream by night in the dusty recesses of their minds wake in the day to find that all was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes, and make it possible. -- Lawrence of Arabia
User avatar
Stephen Morgan
 
Posts: 3735
Joined: Thu Apr 19, 2007 6:37 am
Location: England
Blog: View Blog (9)

Re: Important message regarding personal information

Postby 3×5 » Tue Mar 13, 2012 2:31 pm

I am using https anywhere. I don't know a lot about encrypted connections or SSH tunnels. When I use FoxyProxy, Google records my IP as the proxy's IP, but whatsmyip.net always knows and displays my actual IP address. This leads me to think that this isn't actually hiding my IP at all.
3×5
 
Posts: 21
Joined: Thu Aug 18, 2011 1:04 am
Blog: View Blog (0)

Re: Important message regarding personal information

Postby Stephen Morgan » Tue Mar 13, 2012 2:56 pm

3×5 wrote:When I use FoxyProxy, Google records my IP as the proxy's IP, but whatsmyip.net always knows and displays my actual IP address. This leads me to think that this isn't actually hiding my IP at all.


I'm not seeing that happen. Maybe your browser's set up wrong. Some torrent clients, for example, send out your real IP to peers, so torrenting through a proxy with those clients does nothing.
Those who dream by night in the dusty recesses of their minds wake in the day to find that all was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes, and make it possible. -- Lawrence of Arabia
User avatar
Stephen Morgan
 
Posts: 3735
Joined: Thu Apr 19, 2007 6:37 am
Location: England
Blog: View Blog (9)

Previous

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 21 guests