What I've been doing to secure my online world

After many years of living in bad neighborhoods, I've learned a few things:

1) If someone is determined to rob/attack you, they can/will eventually do it. However...
2) Almost all thieves are lazy, and can be easily discouraged.

The internet is a bad neighborhood, so the same rules apply.
There is no such thing as perfect security, but you can discourage almost everyone who would do you harm.

After many years of working in IT, I've learned a few things:

1) People are lazy, and won't use security tools if they require even a minimum of work. However...
2) They will stop being lazy after the first time they get hacked/robbed (which they eventually will be).

So the trick is making the security tools as easy to use as possible.

Unless you can't imagine a single possibility of calling, emailing, or texting something in the future that you wouldn't want intelligence/law enforcement/hackers to read, then we all need to put encryption in our online lives.
Because if you wait until you actually need it, it's already too late.

During any online debate regarding the NSA mass domestic spying, someone will likely declare that you can't defend yourself from the government, and that the only solution is to simply self-censor (aka the "I don't have anything to hide" defense).
   Well that simply isn't true.

Here's what I've been doing.

Use Signal on your phone

The Feds recently subpoenaed Open Whisper Systems for records on its users. They didn't get much.

Unfortunately for the government, Signal keeps only minimal logs on users, so the vast majority of the requested information was unavailable.
The American Civil Liberties Union, which represented Open Whisper Systems in the fight, has published a number of court filings related to the the request. Portions of the filings are redacted and much about the subpoena is still secret — including the case number, the date it was served, and the details of the underlying case — but it’s clear that the government sought detailed information on the users including subscriber name, payment information, and associated IP addresses.
It’s also clear that almost none of that information was ultimately produced. One of the phone numbers named by the government did not correspond to a Signal account, and logs on the other number showed only when the user first signed up for the service and when they most recently logged in.

Signal is a free app for your phone that uses end-to-end encryption by default for all users for your phone calls and text messages, but only if the other person also installed the Signal app.
Gradually I've managed to get most of my friends and immediate family to install Signal. None of them have since complained.

WhatsApp (Facebook) and Allo (Google) also do encrypted messenging, but with huge security holes.

As for your phone itself, you should of course enable encryption and set up a swipe/pin/password.
Also turn off bluetooth, wifi, and location, both for security and to save your battery. You can always turn them on when you need them.
No matter what, don't do anything financially important with your phone. They are just too insecure for it.

Secure Protonmail

I abandoned my Yahoo account many years ago and moved to Google, but the recent news about Yahoo inspired me to take the next step.
“It does not make sense that U.S. surveillance agencies would serve Yahoo Mail with such an order but ignore Gmail, the world’s largest email provider, or Outlook. There is no doubt that the secret surveillance software is also present in Gmail and Outlook, or at least there is nothing preventing Gmail and Outlook from being forced to comply with a similar directive in the future. From a legal perspective, there is nothing that makes Yahoo particularly vulnerable, or Google particularly invulnerable.”
- Andy Yen, co-founder of ProtonMail

I am in the process of migrating to Protonmail.

All emails are secured automatically with end-to-end encryption. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.
No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account.

Like Signal, they couldn't fink on you if they wanted to. Plus, Protonmail is in Switzerland, and doesn't answer to FISA warrants.

Created by former CERN scientists, ProtonMail ensures that the mails are encrypted at the browser level itself which means that the ProtonMail servers receive mails in an encrypted format. They are transmitted to the recepients also in the encrypted format. The decryption keys are only known to the sender and recipient. This reduces the risk of any third party intercepting your mails since the data is in the encrypted format.
While services such as Gmail also offer some level of encryption, it is not end to end – hence you get those targetted advertisements, because you have given Google permission to go through your mails to send you those timely Google Now cards.

Moving email addresses is a Big Deal.
Believe me, I know. It's a process.
But if you never start, it'll never happen.

Besides, just like you should have more than one browser on your computer (because one will eventually get gummed up), you should have more than one email address (to separate your important email from the garbage).

I've also noticed that Google knows most of what I've done on my Android phone (minus Signal), and that's not cool at all. So it's time to separate.

Use Tor

Or at least take some basic security steps with your browser.
Install Adblock, HTTPS Everywhere, be careful with Flash, and clear your history every time you close your browser.
Also, get in the habit of using DuckDuckGo to search instead of Google.

Tor does all that, plus it anonymizes your IP address. It's not perfect, but it's darn close. However, with so much locked down, Tor might not do everything you are used to doing.
Also, if you torrent, use Tribler. It's slower, but you won't have anyone asking you to "pay up".

Use Linux

This is the big one, and the hardest one to get people to do.
At the very least, get off of Windows. Microsoft has put NSA backdoors into Windows since the 90's.

But that isn't even the biggest reason to get off of Windows. As I said yesterday, 99.4% of virus are made for the Windows operating system, and viruses are the #1 method used by hackers.
Linux, OTOH, is practically immune from viruses. Why is that?

In Windows users by default have access to everything in the system because they are given administrator rights. If the virus will be able to penetrate their system, they can quickly gain access to important parts of the system. On the other hand, in Linux, they have a lower access rights, and, theoretically, the virus can only access local files and folders, the system will remain safe.

This isn't totally true, but it's partly true.

Linux works in many environments and distros such as Linux Mint, Debian, Ubuntu, Gentoo, Arch, and many others. Various email clients, the environment console and system packages also make the system extremely fragmented and difficult for any virus. The architecture of Windows is not so divided, so a virus could easily reach the many computers of the system which will cause harm to their users.
The number of users using Linux is much less in comparison with Windows and Mac OS. As the number of users is smaller, less viruses will strive to hit their computers to gain access to important data.

No matter how you cut it, viruses for Linux are extremely rare, while they are everywhere in the Windows world.
Viruses used to be rare for Macs too, but they are becoming more common as Macs get more popular. However, Macs are still a far better choice.
Also, Linux is free and open-source, so you can be confident there are no backdoors.

Linux distros today are extremely easy to install, and not difficult to use.
However, you won't have your typical apps you are accustom to.
If all you do on your computer is stuff on the web, then Linux is a good choice. Otherwise, it depends on what you use your computer for.
I personally use Linux Mint.

Common sense practices

No list is complete without a list like this.

Another diatribe about passwords

Changing passwords and making sure that you don't use the same password for multiple sites is still very important -- in spite of recent warnings that frequent password changes might result in simpler, more guessable passwords. If one of your accounts is compromised, you probably don't want all of them to suffer the same fate.
And the passwords you choose should be complex enough to not be easily guessed.

Privacy

Don't post anything you're not willing to have go public. I hear so many people complaining about their lack of privacy. At the same time, they share the intimate details of their lives on Facebook, Twitter, etc. Keep enough information private that you have a chance of knowing some things that no one who isn't very close to you will know.

Scrutinizing links

Don't trust links -- examine them, retype them, and don't click unless you're confident they're not leading you astray. Hover your mouse over links and make sure they point to the resource they pretend to point to. And beware of carefully crafted look-alikes. An extra letter, a 0 in place of an O, or a b in place of a d might not be obvious unless you look closely.

Don't trust public WiFi

Don't trust WiFi in public places with anything you wouldn't share with anyone -- especially don't log into sensitive accounts like your bank accounts. You might be sharing everything you type and could be completely oblivious to the possibility that someone is snooping.

I'll add more as I think of it.

Share
up
0 users have voted.

Comments

elenacarlena's picture

How many of these suggestions are expensive? How many are complicated? Especially moving to Linux - yikes, that's a whole different operating system, right?

I have a Windows XP-using computer that is just sitting offline because it caught a virus I never was able to fully remove. Would it be possible to play with Linux on it, or would the virus remnant quickly make it unusable? Or would it be better to take it to a computer geek if I ever have enough money and get them to erase the virus and give me some sort of XP-compatible security (Windows no longer supporting such)?

up
0 users have voted.

Please check out Pet Vet Help, consider joining us to help pets, and follow me @ElenaCarlena on Twitter! Thank you.

Get a recent linux distro CD and wipe your old PC and install linux.
Then install Tor.
Both linux and Tor are free. So is signal on your phone.

What you have is the perfect PC to play with. Then you can decide for yourself.

up
0 users have voted.
Deja's picture

That's what I've done in classes years ago. It's been so long, but there was something about partitions. Glad I spent all that money so I could forget what I've learned.

Anyway, elenacarlena can also put Linux on a stick (aka thumb drive, jump drive) in case the optical drive is only a CD rom, but she needs to make sure the stick is readable in her old machine.

And, maybe tell her that a distro is a distribution (version) like Ubuntu which might be small enough for an XP machine. Lubuntu is another.

Now I really need to do all this for a little xp laptop I have. Thanks for this!

up
0 users have voted.

It's XP after all. Even Microsoft gave up on it in 2014.

up
0 users have voted.
Deja's picture

actually wipe the Windows OS? I don't recall using any type of wiping software. Like I said, it's been a long time, but it seems like we just installed it over the old OS and had a clean OS to go with.

up
0 users have voted.

You can have Linux and Windows exist on the same partition, or on separate partitions. Either way can be dual boot.

Or you can wipe the HD and have a more clean install, which is what I'd do. It's just a matter of selecting the install method checkbox.

up
0 users have voted.
Deja's picture

That's why I didn't recall wiping anything.

I don't want dual boot. It's XP, after all.
I'll put Libre on after I do it so I can do documents and whatnot.

Thanks for reminding me of what I had forgotten.

up
0 users have voted.
sojourns's picture

The linux installer will allow you to easily install linux side by side with your windows installation. Better if Windows is already on there as windows does not like to share and wants it's master boot record intact. All the installer will ask you to do is to decide how much drive space you want alloted for each. LInux will install GRUB (grand unified boot loader) which will appear after your logo screen and then you choose what you want to use. easy peazy.

up
0 users have voted.

"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage

thanatokephaloides's picture

...... the sooner you can completely cold-turkey from Windows, the better -- both for your own sanity, and for humanity as a whole.

Wink

up
0 users have voted.

"US govt/military = bad. Russian govt/military = bad. Any politician wanting power = bad. Anyone wielding power = bad." --Shahryar

"All power corrupts absolutely!" -- thanatokephaloides

sojourns's picture

I have to have Windows to run my Adobe software because Macromedia is just to coolgreedy to port it to run on Linux. I run Win 7 in a Virtual Machine within Linux leaving it sand boxed and therefore invisible to the outside world.

up
0 users have voted.

"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage

mhagle's picture

Disclaimer . . . I hate Adobe . . .

Do you need it when you have the Gimp, Inkscape, MyPaint, Cinelerra, Audacity, SynfigStudio, Blender, Rosegarden, . . . .

http://linuxfreedom.com/musix/download.html

up
0 users have voted.

Marilyn

"Make dirt, not war." eyo

sojourns's picture

I hate to say it but Adobe is still the reigning flagship for these types of media programs...

It is only a matter of time though, before they catch up and knock Adobe off it's throne.

edit: Blender is super cool and Adobe has nothing to compare.

up
0 users have voted.

"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage

Use your 'outer to put Linux on a thumb drive. A 2 gig will hold the system anything bigger and you can take all your files. Will run on any win machine, and bypass win completely. Totally portable full access of your complete operating system.

up
0 users have voted.

There is no such thing as TMI. It can always be held in reserve for extortion.

WoodsDweller's picture

I've been running Linux for years, and various flavors of Unix before that, about 30 years in total.
I run it on a separate computer, but that's not necessary. It has more to do with giving Windows it's own machine to own and just gaming on it.
I NEVER do anything that involves money on the Windows box and NEVER do any email on it.
Most Linux distributions have a "Live" version you can try, it will either be a bootable DVD or thumb drive. You can stick it into your existing machine and bring it up to try it out and see what's going on without touching your existing Windows drive. You might need to change the boot priority to make that device boot before the hard drive.

up
0 users have voted.

"The greatest shortcoming of the human race is our inability to understand the exponential function." -- Albert Bartlett
"A species that is hurtling toward extinction has no business promoting slow incremental change." -- Caitlin Johnstone

Deja's picture

I'm going to put Ubuntu or Lubuntu on my little old XP laptop. Gotta get all my pictures off first.

Oh, and I had to change the boot order in order to get the Live disc to work on my desktop, so that's a good point you brought up.

up
0 users have voted.

use Lubuntu. If it's really old, look at Puppy linux.

up
0 users have voted.
sojourns's picture

is what I use. It is quite good. Another search engine that does not track you is Start Page. Three other add ons I have found to be useful are 1. Blur. This is a tracker blocker and obfuscates credit card purchases, telephone numbers and email addresses. (there is a fee incurred for using temp credit cards.)
2. Blue Hell. Another tracker blocker that picks up things that Blur misses.
3. BetterPrivacy. (the lacking space is not a typo-- This captures all LSO cookies. Long Storage Cookies some but not all are Flash cookies. These are typically 100kb text files unlike the 4kb files of ordinary cookies and they are not deleted when you clear your cookies. They are some times useful for gamers as they maintain the game information. You can white list LSO's that you want to keep.

TOR is ok if you really need to be cloak and dagger but because you are bouncing all over the world it tends to load rather slowly, sometimes unbearably slow, even on fast connections. Personally, I don't find it that useful and it is far from bullet proof. Should any gov't be interested in your actions that much, they can follow you to the exit node and track you from there to your home IP.

When using a out of the box browser, disable 'view DMR content'. This allows you to watch most video without flash. The advent of HTML 5 is making flash obsolete. I use flash with the setting set to 'always ask' before activating flash.

As gjohnsit points out, Use Linux. It has become very user friendly. Methinks any flavor of Ubuntu as it is the easiest transit and will come with all the basic software . And it is available for free. Donation suggested.

up
0 users have voted.

"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage

not a good idea to have your passwords "remembered" or does it matter?

up
0 users have voted.
thanatokephaloides's picture

It's probably not a good idea to have your passwords "remembered" or does it matter?

It leaves your connection to the remote computer open to compromise in several nasty ways. It's also not a good idea to set any connection up to remember your password because it leaves your session open after you leave your end of it. There are ways hackers can take that open session over from you and do evil deeds therein.

up
0 users have voted.

"US govt/military = bad. Russian govt/military = bad. Any politician wanting power = bad. Anyone wielding power = bad." --Shahryar

"All power corrupts absolutely!" -- thanatokephaloides

riverlover's picture

UID and pass alphabetically in pencil.

up
0 users have voted.

Hey! my dear friends or soon-to-be's, JtC could use the donations to keep this site functioning for those of us who can still see the life preserver or flotsam in the water.

I'll stop saving passwords pronto. One thing I may be doing right is I have my credit union account set up so when I log in the credit union calls my cell phone with a six digit random number I have to type in before it will take me to my account. It takes 30 seconds longer and I hope it's worth it...

up
0 users have voted.
thanatokephaloides's picture

Contrary to popular belief (largely fed and watered by Microsoft, I'd bet), loading and running modern Linux is NOT as hard as it is often made out to be. The days of needing to master the command line for most transactions are long behind us, and the very few times left that one must use the command line at all are verbatim cut-and-paste jobs easily and freely available online.

Today's Linux is no harder to use than Windows, and often is actually easier -- especially for those of us who can't throw hundred dollar bills on demand. Linux is supported for free online; the answers to almost all questions are an Ixquick session away.

One harder-core security freak that I myself do as a power Linux user: I maintain current Kernel from the Linux Kernel site. This requires basic compiler skills, but the directions are pretty straightforward (and located in the README file!).

And applications for almost every need are available as free, open-source programs in Linux. (One more reason us non-rich 99%ers should migrate to it!)

One other reason Linux is more secure than Windows is: Windows is built on the "API and Big Black Box" proprietary model, which provides lots of cover for bad actors. With every byte of the operating system available for inspection and tweaking by the user public, Linux (and its cousin BSD) provides no such cover. There's no secret area for the bad guys to hide in.

Smile

up
0 users have voted.

"US govt/military = bad. Russian govt/military = bad. Any politician wanting power = bad. Anyone wielding power = bad." --Shahryar

"All power corrupts absolutely!" -- thanatokephaloides

As a PC gamer, I still find that Linux is a drag. Some games take a lot configuration to get them to work right. It's getting better, though. Dual booting is an option, of course, but I just end up using Windows most of the time because I'm too "lazy" to switch between the two.

up
0 users have voted.
mhagle's picture

and another for stuff you want to be secure??? It can be an older machine for Linux.

up
0 users have voted.

Marilyn

"Make dirt, not war." eyo

sojourns's picture

on the rare occasions someone successfully writes a virus or bit of malware to attack a Linux machine, it is discovered quick smart by the Linux community.

up
0 users have voted.

"I can't understand why people are frightened of new ideas. I'm frightened of the old ones."
John Cage

Probably silly but here goes. If I switch from Windows to Linux will I still be able to use my Office2010. I know it's a download but will it still work? I use excel a lot.
Update; I found this http://www.howtogeek.com/171565/how-to-install-microsoft-office-on-linux/

up
0 users have voted.
Deja's picture

Edit: oh wow, I didn't think it was possible! Cool!

But you could use Libre which is a free suite of apps like Office.

Or, you could run Linux beside Windows and use Windows for when you wanted to use Office.

Since I'm not an expert, I also want to know what they have to say - because I could be completely wrong!

I do know that if you only have Linux, you have to save (externally on DVD or USB stick) your important pictures, videos, files before replacing Windows with Linux. However, I don't know anything about putting them back onto the machine once Linux is installed. Will the formats be compatible with Linux? I don't know that.

up
0 users have voted.

Or, you could run Linux beside Windows and use Windows for when you wanted to use Office.

I need some classes on this stuff. What you said is like saying I could build a machine to travel to another dimension...it ain't gonna happen anytime soon...

up
0 users have voted.
Deja's picture

You can have one computer with two operating systems (OSs). You can switch back and forth. But, it kind of defeats the security purpose of ditching Windows. Although, if you only go online with Linux, and never on Windows it would be okay, I think.

Check out this comment from above, it also explains dual boot:

http://caucus99percent.com/comment/195543#comment-195543

The online Linux community can teach you everything. Just move on to another site or thread if you find one too technical, because some are way over the heads of us novice users.

up
0 users have voted.

possible?

up
0 users have voted.
WoodsDweller's picture

Are you talking about a virus on one partition clobbering data on another? Yes, partitions by themselves do nothing about that, you can make multiple NTFS partitions on a single drive under Windows today and a virus would have access to all of it.
The virus CODE will, in most cases, not run except in a Windows environment. It's a program. The executables it infects are Windows programs which require Windows to run. If it is a script in an email attachment for example, it will require the specific scripting language it was written in to be installed, most likely only in Windows.
However, if you boot to your Windows installation any viruses or malware you have over there will have an opportunity to run. What will it do to a partition you made for your Linux installation? It depends. Windows has terrible support for non-Windows file systems. If you made an NTFS partition to install Linux in, or to transfer data to in preparation for your installation, then yes the virus/malware will have access to it (depending on what permissions you set up or if you encrypted that partition). If, however, you installed with any of the dozens of other file systems, for example the usual default of ext4, the virus code won't be able to ask for file access, and any Windows path names (C:\ means nothing) it tries to use won't be valid. It could still destroy the entry in the partition table and wipe out the whole thing, but subtle stuff won't work.
If you're running Windows in a virtual machine on a Linux host, the virus/malware shouldn't be able to escape the cage you've locked it into, but could still wreck the data you have on its partition.
Hope that helps.

up
0 users have voted.

"The greatest shortcoming of the human race is our inability to understand the exponential function." -- Albert Bartlett
"A species that is hurtling toward extinction has no business promoting slow incremental change." -- Caitlin Johnstone

I raised the question because it seemed to me that some people were thinking they were safe if they partitioned, kept windows in one and Linux/ubuntu et al on the other - one for games or whatever didn't need much security, and the other for secure data such as banking etc.

I didn't know for sure but strongly suspected you must have two separate computers and not a single partitioned computer in order to secure data. You confirmed what I suspected, and I thank you for your excellent explanation.

btw what woods?

up
0 users have voted.

But it would make more sense just to dual boot your system.

up
0 users have voted.
WoodsDweller's picture

If you are required to use Office for work, Wine is a good way to go as indicated in the article you linked. You can run Windows as a virtual client on a Linux system, but that's probably more than you want to deal with. You could maintain an old system with Windows that you just load and save your files in before turning them in.
Otherwise, just use LibreOffice. It probably does everything you need and runs on every platform you care about. It's supposed to export to Office compatible format, but I don't know how perfect it is.

up
0 users have voted.

"The greatest shortcoming of the human race is our inability to understand the exponential function." -- Albert Bartlett
"A species that is hurtling toward extinction has no business promoting slow incremental change." -- Caitlin Johnstone

mhagle's picture

is more powerful than Excel IMO.

GoogleDocs will read all of your Office stuff in my experience. But I have been able to do many more cool things with Gnumeric, like copy and paste an Internet table into Gnumeric and turn it into a spreadsheet. It is a standard Linux app.

up
0 users have voted.

Marilyn

"Make dirt, not war." eyo

I find this to be a really good resource:

privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.

https://www.privacytools.io/

up
0 users have voted.
Citizen Of Earth's picture

It's a FREE browser addon. (https://noscript.net/)

The up-side is that it blocks scripts from executing on a web page. So if you land on a black hat hacker page, it prevents the nasty attack scripts from running.

The down-side is that it blocks scripts from executing on a web page. So you have to teach it what sites to trust.

I like it because I can stop the tracking sites from logging my web activity. It is also amazing to see how many marketing sites are tracking you when you go to the common news sites.

It's not for everyone though. I takes a bit of work to train it what to trust.

up
0 users have voted.

Donnie The #ShitHole Douchebag. Fake Friend to the Working Class. Real Asshole.

WoodsDweller's picture

ClamWin
Open source, free as in beer, comparable to Norton, doesn't mess up your machine.

up
0 users have voted.

"The greatest shortcoming of the human race is our inability to understand the exponential function." -- Albert Bartlett
"A species that is hurtling toward extinction has no business promoting slow incremental change." -- Caitlin Johnstone

as an anti-virus on my linux box. It's never found anything.

up
0 users have voted.

With something like the Visual Basic functions?

And if you wipe a computer (I'm back with format:A, if I can even find the command line from Windows), will the DVD boot itself up? Just stick it in the drive?

up
0 users have voted.

Thanks loads, gjohnsit! And all of you here,

up
0 users have voted.
WoodsDweller's picture

though I have no idea what "Visual Basic functions" would be. There are free, fully functional RDBMSs such as MySQL.
If you don't care about what is on your drive you can just reformat the whole thing within the Linux installer. You can install Linux in NTFS if you want, but it supports dozens of file systems and the native one is ext4. You will be repartitioning the drive and reformatting the partitions, in particular the swap partition, so things will be very much gone. I can't tell you what options you might have for preserving some data, it will vary depending on the distribution and version. One thing you can do is create an NTFS partition on your existing drive and move your photos or whatever over to it, then just repartition the rest of the drive during the Linux installation and leave that data partition alone.

up
0 users have voted.

"The greatest shortcoming of the human race is our inability to understand the exponential function." -- Albert Bartlett
"A species that is hurtling toward extinction has no business promoting slow incremental change." -- Caitlin Johnstone

Visual Basic lets you design an interface, with buttons to perform functions or display the data different ways, etc., and a sub-version of it is in Access. It's fun to work with.

I'm actually thinking about a different laptop, because I have a couple of Rosetta Stone programs on the one I have, and haven't connected it to the web in quite a while. It always seemed a bit sluggish, and I do hate Windows. I use it for DVDs lately, and my phone for the web. Which may not be such a good idea, I guess.

Been a while since I did anything with SQL.

up
0 users have voted.
Alex Ocana's picture

Windows keeps thumbnail databases, other programs keep recent files lists, pagefile.sys keeps all sorts of snippets in virtual memory, there are recycle bins, logs, temp files, catalog dbs, caches, cookie, registry artifacts and more.... and of course all the snippets on the free space on the hard drive. Even the cleaner programs like CCleaner and Privazer don't catch half of it although they do help as a first line of defense to wipe things clean.

OK, then its always a good idea to have a strong encrypted container for documents which one would rather keep private. I am shocked that the idiots like Podesta etc. didn't keep their emails in an encrypted container. Veracrypt is open source freeware and very simple to use. It also has measures for plausible denial if they start torturing you for your password.

up
0 users have voted.

From the Light House.