Surf the web anonymously and why

You are being watched online, and it’s not just the NSA. All those products you visited on Amazon that show up in your Facebook feed- those are “remarketing” campaigns- built from tracking your browsing.

Emails you open from a retailer include tracking codes- so when you visit the site, they know who you are- and then customize the site to sell you more.

Or- want to scope out the competition? Why let them know you’ve been looking?

The easiest way to use Tor is to download the Tor Browser. This is a modified version of Firefox along with a bunch of other software that connects you to the Tor network.

Once you’ve downloaded the installer, you have two options: You can just install the software or you can check the installation file’s GPG signature first. Some people like to check the installation file to make sure they’ve downloaded the proper version of the browser and not something that’s been tampered with.

But checking the GPG signature is not a painless process and requires an additional software download. Nevertheless, if that’s something you’d like to do, the Tor Project has a how-to explaining what’s required.

Source: ? How to use the Tor Browser to surf the web anonymously | PCWorld

There are also sites that allow you to do a one off anonymous cloak- like http://www.covertbrowsing.com/ go there, and browse away.

The other end of things is to use a private VPN network that unlinks you from your ISP’s IP. Most of these are services that you pay for- where you “tunnel” all your internet traffic to their servers that become your “home base” IP. Some have cute names, like www.hidemyass.com but, sometimes, that’s not really what they do: read this post: What everybody should know about HideMyAss

People use VPN in order to access content that’s not available on their continent- like Chinese nationals looking for information on democracy- or for American Football fan ex-pats who want to stream NFL games to Europe. Its traditional use is to be a secure way of connecting to their work from remote locations.

But, in the end, remember anything you do online is never private, no matter how careful you are.

Continue reading →

Privacy Tips

Now that we know that George Orwell wasn’t far off when he wrote 1984 and that “Big Brother” is indeed capable of watching us, here are a few things to think about.

First of all- when Scott McNealy of Sun Micro systems said “You have zero privacy anyway. Get over it” back in 1999, that was before Facebook, Google, YouTube, and iPhones.

Now, overshare is an epidemic and as we’ve seen from the Boston Marathon Bombing, the ability to triangulate images from people taking pictures, security cams, ATM cameras and who knows what else, in record time, shows that we are in fact living in a surveillance nation.

This very email, has the ability to see when you opened it, what you click on, how many times you open it. It could also be set to see who you forward it to. Some people are still amazed when they see this technology demonstrated, but it’s really old hat in Internet time. You can switch off HTML email and get straight text emails, but you’ll feel like you are in the stone age.

While people may love the Chrome browser from Google and Gmail, both are tools that Google uses to build a profile of you- ostensibly to custom tailor your experience. That means to give you better search results- and, to give them better ways to make sure the ads you see are most likely ones you click on. Want more privacy- use Firefox and enable do not track. Read more about that here: http://www.mozilla.org/en-US/dnt/

Just be aware, that if you have a Google TV or an Android phone, you’ve also just invited Google right in.

Browse anonymously

There are ways to browse anonymously. Gotta love this ones name: www.hidemyass.com for just one visit at a time. Others like www.anonymouse.org do the same thing.

But if you want all your browsing to be hidden, consider The Onion Router- or TOR: https://www.torproject.org/

Which hides you from everything. No more ads for “hot single women in Dayton over 50” for me- which are targeted purely by tracking my age, location and marital status from a bunch of different sources.

Are people really correlating all your data from different sites? Absolutely. It started long before the Internet- with credit reporting agencies, mail list sellers, and the government- that’s what the census is in essence.

The Internet has given us so many more ways to correlate data, and in close to real time. Not leaving a trail of everywhere you’ve been online is one thing, but here are some other things that track you:

If you are a registered voter, anyone can download your name, address, age and voting record, showing which elections you voted in and what party you are affiliated with. It’s on the Secretary of State website. What better way to get started? If you own property, the County has your information on your home, how much it cost, when you bought it, if your taxes are paid- unless you hid behind a shell corporation with an LLC.
If you’ve been married or divorced, there are records online, including the redacted details of your divorce- which can make for interesting fill in the blank.

If you’ve gotten speeding tickets or arrested- more records. Never mind the Bureau of Motor Vehicles registration- now we know what you drive too.

Facebook is your life on display

Facebook is one big hot-mess of data. Who your friends are (we may have data on them, and not about you) any personal information you post, where you posted it from (you change locations often, posting from other cities? Wow, we’ve got a traveller). Recently, I was talking to a Sheriff’s deputy who was looking for friends of a person to see where they were posting from so he could try to pick them up on a warrant.

Never mind the postings about privacy changes on FB- if you want privacy, start by shutting off your profile to be found by anyone, even if they have your email – and find your friends yourself, instead of letting them find you. Start in the privacy section at top right. Then, carefully check your other settings. Or better yet- don’t go on Facebook.

Your portable tracking device

But, that also means, don’t carry a cell phone. Even if you have location services off, your cell phone is still a trackable beacon by triangulating the signal it needs to connect to the network. Living without a cell phone for some people is a fate worse than death, for others- no big deal. Just be aware that our cars are becoming smarter too, and it’s not long before everyone of them is connected too. If you have OnStar, it’s already there.

One of the reasons Google maps could offer the best traffic info when it was the primary mapping on the iPhone was that they were tracking how fast your iPhone was moving through traffic. There are a lot more smart phones than GPS units on the roads today. And if that isn’t enough- now, there is a wrist watch from Seiko that adjusts to the correct time zone thanks to built in GPS http://seikousa.com /Astron

Going back to either Stan Lee or Voltaire: “with great power, comes great responsibility” the power to communicate to so many people has never been so easily available to all. We’ve seen with the latest “leaks” of secure information from Edward Snowden and Bradley Manning, that one person can transform the conversation by publishing things to the Internet. Even if you choose to opt out, and drop out, ala Ted Kaczynski, you can still end up famous.

There may be zero privacy, but, the one thing to realize, is it applies to everyone from you and me, to 4 star generals/CIA directors, so, don’t get too depressed. Just be aware of what it means and how you can avoid doing something stupid.

Continue reading →

Is my password secure?

The easiest way to get in trouble online is by using an easy password- or not being careful about where you store it. There are a few different secure password storing systems (I like One Password from Agilebits) because it allows you to forget about remembering anything more than one password- while using different, highly secure passwords for everything else. Of course, you better use a great secure password for One Password.

The NY Times had an excellent article about password security but here’s the most important parts:

FORGET THE DICTIONARY If your password can be found in a dictionary, you might as well not have one. “The worst passwords are dictionary words or a small number of insertions or changes to words that are in the dictionary,” said Mr. Kocher. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.

NEVER USE THE SAME PASSWORD TWICE People tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone’s professional profile on LinkedIn might not have dire consequences, hackers will use that password to crack into, say, someone’s e-mail, bank, or brokerage account where more valuable financial and personal data is stored.

COME UP WITH A PASSPHRASE The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.

OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. “That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don’t know it.”

STORE YOUR PASSWORDS SECURELY Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you’re toast. Mr. Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorized. He copies and pastes those passwords into accounts so that, in the event an attacker installs keystroke logging software on his computer, they cannot record the keystrokes to his password. Mr. Kocher takes a more old-fashioned approach: He keeps password hints, not the actual passwords, on a scrap of paper in his wallet. “I try to keep my most sensitive information off the Internet completely,” Mr. Kocher said.

A PASSWORD MANAGER? MAYBE Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPass, SplashData and AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned: Mr. Kocher said he did not use the software because even with encryption, it still lived on the computer itself. “If someone steals my computer, I’ve lost my passwords.” Mr. Grossman said he did not trust the software because he didn’t write it. Indeed, at a security conference in Amsterdam earlier this year, hackers demonstrated how easily the cryptography used by many popular mobile password managers could be cracked.

IGNORE SECURITY QUESTIONS There is a limited set of answers to questions like “What is your favorite color?” and most answers to questions like “What middle school did you attend?” can be found on the Internet. Hackers use that information to reset your password and take control of your account. Earlier this year, a hacker claimed he was able to crack into Mitt Romney’s Hotmail and Dropbox accounts using the name of his favorite pet. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: “Your favorite song lyric.”

USE DIFFERENT BROWSERS Mr. Grossman makes a point of using different Web browsers for different activities. “Pick one browser for ‘promiscuous’ browsing: online forums, news sites, blogs — anything you don’t consider important,” he said. “When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down.” That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers — including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer — found that Chrome was the least susceptible to attacks.

SHARE CAUTIOUSLY “You are your e-mail address and your password,” Mr. Kocher emphasized. Whenever possible, he will not register for online accounts using his real e-mail address. Instead he will use “throwaway” e-mail addresses, like those offered by 10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later. Mr. Grossman said he often warned people to treat anything they typed or shared online as public record.

The bad news is- eventually you will get hacked, no matter what. So be prepared, with a list of sites and banks that you may have to call when it does.

Continue reading →