Posts Tagged ‘Do Not Track’

Got secure messaging? Part 2

Posted: February 28, 2015 by IntentionalPrivacy in Cell phone, First Steps, free speech, Historical and future use of technology, Identity theft, Privacy, Security or Privacy Initiatives, Tips
Tags: , , , , , , , , ,

Part 1 explains why you might decide to use secure messaging.

If you decide you want to use a secure messaging app, here are some factors you might consider:

  • How secure is the program? Does it send your messages in plaintext or does it encrypt your communications?
  • How user friendly is it?
  • How many people overall use it? A good rule for security and privacy: do not be an early adapter! Let somebody else work the bugs out. The number of users should be at least several thousand.
  • What do users say about using it? Make sure you read both positive and negative comments. Test drive it before you trust it.
  • How many people do you know who use it? Could you persuade your family and friends to use it?
  • How much does it cost?
  • What happens to the message if the receiver is not using the same program as the sender?
    • Does it notify you first and offer other message delivery options or does the message encryption fail?
    • For those cases where the encryption fails, does the message not get sent or is it sent and stored unencrypted on the other end?
  • Will it work on other platforms besides yours? Android, iOS, Blackberry, Windows, etc.
  • Does the app include an anonymizer, such as Tor?
  • While the app itself may not cost, consider whether the messages will be sent using data or SMS? Will it cost you money from that standpoint?

The Electronic Freedom Foundation recently published an article called “The Secure Messaging Scorecard” that might help you find an app that meets your needs. Here are a few of the protocols used by the applications listed in the article:

I picked out a few apps that met all of their parameters, and put together some notes on cost, protocols, and platforms. While I have not used any of them, I am looking forward to testing them, and will let you know how it goes.

 

App Name Cost Platforms Protocol Notes
ChatSecure + Orbot Free; open source; GitHub iOS, Android OTR, XMPP, Tor, SQLCipher
CryptoCat Free; open source; GitHub Firefox, Chrome, Safari, Opera, OS X, iPhone; Facebook Messsenger OTR – single conversations; XMPP – group conversations Group chat, file sharing; not anonymous
Off-The-Record Messaging for Windows (Pidgin) Free Windows, GNOME2, KDE 3, KDE 4 OTR, XMPP, file transfer protocols
Off-The-Record Messaging for Mac (Adium) Free Adium 1.5 or later runs on Mac OS X 10.6.8 or newer OTR, XMPP, file transfer protocols No recent code audit
Signal (iPhone) / RedPhone (Android) Free iPhone, Android, and the browser ZTRP
Silent Phone / Silent Text https://silentcircle.com/pricing Desktop: Windows ZRTP, SCIMP Used for calling, texting, video chatting, or sending files
Telegram (secret chats) Free Android, iPhone / iPad, Windows Phone, Web- version, OS X (10.7 up), Windows/Mac/Linux Mproto Cloud-based; runs a cracking contest periodically
TextSecure Free Android Curve25519, AES-256, HMAC-SHA256.

Sources
http://en.flossmanuals.net/basic-internet-security/ch048_tools-secure-textmessaging/
http://security.stackexchange.com/questions/11493/how-hard-is-it-to-intercept-sms-two-factor-authentication
http://www.bbc.co.uk/news/technology-16812064
http://www.practiceunite.com/notifications-the-3-factor-in-choosing-a-secure-texting-solution/
http://www.tomsguide.com/us/iphone-jailbreak-risks,news-18850.html

WhiteHat Aviator rides into town …

Posted: February 4, 2015 by IntentionalPrivacy in Browser Vulnerabilities, First Steps, Privacy, Security Breach, Vulnerabilities
Tags: , , , , , , , , , , ,

I have recently started using the WhiteHat Aviator browser, which uses the anonymous search engine Disconnect. It is available for Windows and Mac here. It works pretty well (although it is sometimes slow). When I use it for sites like Gmail where I use two-factor authentication, I do have to enter both the second factor and the password every time I load the website. It will not save the code like Firefox can for thirty days.

I am planning on installing Disconnect on my phone next. If that works out, I will try the premium version, which includes encrypted Internet, safe browsing, and location control.

Another anonymous search engine is DuckDuckGo.

I also use Firefox with extensions NoScript, Ghostery, Adblock Plus, and Lightbeam. Lightbeam is particularly fascinating to look at; it shows all the sites that track me, even after all those add-ons. NoScript can be painful to use because you have to enable every single site.

After the last set of Adobe Flash 0days (two in a week!), I uninstalled Adobe Flash and Air. After all, if I really need Flash, I can always use Google Chrome, where Flash is built in.

I rarely use Internet Explorer any more.

And while you are updating your browser, make sure your Java version is current.

Happy Data Privacy Day!

Posted: January 28, 2015 by IntentionalPrivacy in First Steps, free speech, Security or Privacy Initiatives
Tags: , , , , , , ,

Data-Privacy-Day-2015roundInternational Data Privacy Day—called Data Protection Day in Europe—is celebrated in the US, Canada, and 27 European countries every year on January 28. It started on January 28, 1981, when the members of the Council of Europe signed the Convention for Protection of Individuals with regard to Automatic Processing of Personal Data. In the US, Data Privacy Day is sponsored by StaySafeOnline.

Ever thought, why should I protect my information? Listen to Glenn Greenwald’s Ted Talk on Why Privacy Matters. Not only will it help you understand, but it might galvanize you to action!

Some tips on how to better protect your data include:

  • Use “Do Not Track” on your browser. The Electronic Frontier Foundation (EFF) explains how to turn on “Do Not Track” in some common browsers here. The EFF is a great resource about how to better protect your personal information.
  • Think before you share personal information, whether through email, on social media sites, or over the phone. Once you share information, you have no control over what happens to it. Help your children learn what is okay for them to share.
  • Check the privacy settings on social media sites you use on a regular basis. Twitter, LinkedIn, Instagram, Pinterest, … privacy policies change, which may impact your privacy settings.
  • Protect your computer by keeping your operating system and applications updated. On Windows, Secunia’s Personal Software Inspector helps me keep my applications current.
  • Create strong, unique passwords for every important site. Have a problem remembering all those passwords? Me too! Use a password manager like KeePass or LastPass. If you want to protect your information more, use two-factor authentication for email and social media site log-ins.
    • Help setting up Google’s Two-Factor Authentication
    • Help setting up Microsoft’s Two-Factor Authentication
  • Back up your important data regularly—pictures, documents, music, videos, or whatever is important to you—at least once a week. If you use a physical device, disconnect it between backups. To ensure that your information is safe, use two physical backup devices, alternate them, and keep one someplace safe like a safe deposit box. If you use a cloud backup, use a physical back up as well. Online services can go offline temporarily or even go out of business, while devices break, become corrupted, lost, stolen, or infected by malware. Periodically try to recover documents to ensure that your backups are functional.

Other tips

  • Mozilla’s Get Smart on Privacy
  • FTC’s Consumer Information
  • Check out DuckDuckGo, a search engine that doesn’t track you. Want to see how much tracking happens in your browser? Check out the Firefox Lightbeam addin.
  • Try WhiteHat Security Lab’s Aviator browser. Note: if you use two-factor authentication, you will need to enter a code every time you open up a site that uses it.

How your privacy can be invaded …

Posted: June 22, 2013 by IntentionalPrivacy in Privacy, Social media
Tags: , , , , ,

This article about how you give up your privacy from CNN is eye-opening, http://www.cnn.com/2013/06/13/living/buzzfeed-data-mining/index.html?iid=article_sidebar

I tried the link listed in the article http://youarewhatyoulike.com/. I thought their specific findings were interesting although not all that accurate.

Data Mining Is Scary

How does shopping affect my privacy?

I like the products that Target carries and the stores are usually clean and well-stocked. You can even sometimes find a clerk to help you when you need one. But I am seriously creeped out by the amount of data they carry on each person who shops there. A couple of weeks ago, I bought some items at Target and the clerk was very aggressive about getting me to sign up for their “REDcard.” The REDcard is a Target-branded debit card that allows you to save an extra 5% on your purchases from their stores. I declined, saying  I wanted to find out more information before I signed up and I was also in a hurry, but the clerk kept pushing, which only reinforced my decision not to sign up. My husband was surprised at my decision because I like to save money. But I value my privacy and I also don’t like feeling I’m being railroaded into a hasty decision that I might regret later.

When I got home, I immediately started researching the Target REDcard. I am not the only person to find their data-mining tactics offensive. If you’re interested, you can read this NY Times article on how organizations data mine an individual’s shopping habits http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=5&ref=business&pagewanted=all&

Credit.com also wrote a series of articles on the Target REDcard:

What’s the bottom line?

  1. Read those pesky agreements that you receive when you sign up for any kind of debit/credit card. If you don’t like the terms, don’t accept the card.
  2. The Electronic Frontier Foundation has some great articles on protecting your privacy. I highly recommend “4 Simple Changes to Stop Online Tracking.”
  3. You can remove tracking cookies specific to a website by following these directions http://www.ehow.com/how_6367641_remove-amazon-tracking-cookies.html or you can decide not to accept any third-party cookies.
  4. Install browser tools such as Ghostery or AdBlockPlus, and enable Do Not Track.
  5. Here’s an article on how to opt out of Facebook’s ads http://gizmodo.com/5989550/how-to-opt-out-of-facebooks-new-targeted-ads