InfoSec for TBP Readers – Part 5

Guest Post by aka.attrition

Privacy and security are not easy and especially for those of us who are not very computer literate. Coming from an information technology (IT) background with special interest in information security (infosec) I decided to write an article for the layman (don’t give me no uphill about politically correct words!) to help you increase your security and protect your privacy a little more.  This is a small contribution to this website where I spend far too much time reading the articles and especially the major commentators – you know who you are. Thanks Jim and the heavy hitters.

The full article is broken down into four five parts;

Part 1

• The one thing you need to do with your browser
• Ad-blockers and anti-trackers
• Internet search

Part 2

• Email
• DNS servers
• Virtual Private Networks – VPN

Part 3

• Windows 10/11 – the boss tracker and what you can do about it.

Part 4

• Fingerprinting you

Part 5

• Feedback plus one more tool for the toolbox

I realize that some of these topics can be a hard for the non-IT / computer oriented person and I write this article with those end-users in mind, not an IT professional audience. There are very many options, settings, and tools one can use but in this article I’m going to restrict it to just a few of the biggest-bang-for-your-buck changes, those things we should all be able to implement without too much IT knowledge. After all, we have day jobs.

Feedback and Final Thoughts:

In the previous articles there were two comments that deserve to be addressed. They were, in essence, as follows:

• Everything you do is tracked by powerful agencies so just accept it
• Everything is crackable/hackable and so there is no point to bother with security

Both of these points are true and false depending on the context and context is usually everything. Let’s address these points.

Everything you do is tracked so just accept it:

Although in theory this is true in practice there is a lot you can do to remain anonymous to a degree. It all depends on who you want to remain anonymous from. If you want to surf the internet and be totally anonymous even from 3-letter agencies then you’re probably going to be out of luck, not because the technology, tools, and options for that do not exist, but because 99.9999% of us simply do not have the knowledge how to go about doing what would be required. There are ways to remain essentially anonymous totally but that requires a level of effort that most of us either will not make and/or it requires a level of knowledge that most us do not have.

On the other hand, if you just want to remain anonymous from the most common prying eyes, such as your Internet Service Provider (ISP), Gulag, Fecebook, Twatter, etc. then the tools and techniques described in this series of articles will work just fine for the most part. A little common sense and application of commonly available tools will hide you from them, or at the least, make your surfing habits and history of little value to them.

To show why implementing the recommendations in this series of articles (or similar recommendations) is useful take the following example; it has become increasingly difficult to access certain Russian news websites. ISPs are often blocking access and search engines are often not returning results from those sites. But if you want to read what the “other side” is writing then you are going to need to use a VPN. Problem solved.

Similarly, if you do not use at least some level of anonymity tools when surfing the internet then everything you search for will be recorded and linked to you. Searching for “heart palpitations”, visiting medical websites for that topics, etc. … that can be recorded and linked directly to you. Now, what if that information is sold to insurance companies … they wouldn’t increase your premiums, would they, or request additional medicals before accepting you, would they? How about the sale of the information to potential employers, how could that affect you? Using a VPN, clearing browser caches, using a TOR/onion browser, etc. solves that since it hides you from the most common prying eyes.

So applying some level of anonymizing tools and techniques protects you to a degree that probably makes it worth the small effort to implement them. If you need more security than that, then you better get very well educated in the field.

Everything is crackable/hackable so no point to bother with anything:

This is an interesting point; everything is indeed ultimately hackable and crackable. Any computer, software, chip, encrypted file, etc. are all in theory crackable, but the question becomes one of time. One of the best ways to think about security, in my opinion, is known as time-based security and it requires answering / thinking about three things;

• What do you want to protect?
• For how long?
• From whom?

These three questions can help the privacy and security practitioner to understand what level of security and effort is warranted for a specific case.

• What: If you want to protect you mother’s apple pie recipe then it probably doesn’t warrant a very high level of security or effort. It’s not in the same ballpark as the nuclear launch codes. On the other hand, the launch codes are obviously highly sensitive and so warrant the highest levels of security and protection possible.
• For How Long: Virtually all information and data has a time-value component. Your surfing history will have no value to anyone 200 years from now; we’ll all be long gone. A public company’s financials are only valuable until they are released to the public. The source code for a custom built application only needs to be protected until the code has no value anymore, i.e. technology moves on, competitors build their own versions, applications become redundant, etc. An alarm system and safe only needs to protect you and the contents for as long as it takes for the security / protection unit to arrive. That’s why fire safes are rated for the time and heat that they can provide protection from; the assumption being that within 1 hour or 30 minutes or whatever help and support will arrive. The safe does not need to provide 10 years of protection, just long enough.
• From whom: Answering this question will again guide you as to how much effort and protection you need. If you want to hide your surfing habits from your ISP you can just use a VPN. If you don’t want to be tracked by Fecebook or Gulag then use the privacy tools (or similar) mentioned in these articles. If you want to hide your online interests from a 3-letter agency then you better educate yourself in some serious infosec practices. For most of us there is a middle ground which we can all implement.

Ultimately the way to think about privacy and information security, including physical security, is to realize that all security is a cost/benefit decision. Providing security for yourself, such as protecting your privacy or protecting your physical world (family/possessions), all costs something either in time and/or money. And those measures then provide some level of benefit.  In all things one weighs the cost of doing something against the benefit that the measure provides. Using a non-Gulag browser, installing a few add-ons, using a VPN, etc. are such low cost steps that the benefits are probably worth it for everyone.

Post Script – One More Tool in the Toolbox:

I don’t use any special anti-virus software or personal firewall software beyond what comes stock-standard in the operating systems that I use. I think they are mostly fear-driven tools that are not significantly better or worse than what modern operating systems are providing – fear is big business. However, there is one group of tools you may like to know about and that are online virus scanners.

Online virus scanners can analyze specific files that you upload to them and/or can scan websites that you are not sure of and want to test before you visit them.  In the first case you simply select a file from your local computer and upload it to the online scanning service website. For the second case you simply enter a URL of the website you want checked before visiting it.

The advantage of online scanners is that they use very many different anti-virus scanning engines, for example, my favourite online scanner uses 61 different anti-virus engines! Here are two of the best online file and website virus scanners:

                VirusTotal          

File and website scanner              https://www.virustotal.com

                URLVoid              

Website Scanner                              https://www.urlvoid.com

Use these if you have any doubt about a file or website.

Thank you for reading, and remember, if you’re using a service for free on the internet then it’s probably you that’s being sold.

-----------------------------------------------------
It is my sincere desire to provide readers of this site with the best unbiased information available, and a forum where it can be discussed openly, as our Founders intended. But it is not easy nor inexpensive to do so, especially when those who wish to prevent us from making the truth known, attack us without mercy on all fronts on a daily basis. So each time you visit the site, I would ask that you consider the value that you receive and have received from The Burning Platform and the community of which you are a vital part. I can't do it all alone, and I need your help and support to keep it alive. Please consider contributing an amount commensurate to the value that you receive from this site and community, or even by becoming a sustaining supporter through periodic contributions. [Burning Platform LLC - PO Box 1520 Kulpsville, PA 19443] or Paypal

-----------------------------------------------------
To donate via Stripe, click here.
-----------------------------------------------------
Use promo code ILMF2, and save up to 66% on all MyPillow purchases. (The Burning Platform benefits when you use this promo code.)

Click to visit the TBP Store for Great TBP Merchandise