Security vs Freedom
Saw this on a forum by an AC today:
I think that my freedom is more important than my security.
I prefer to live in a free but insecure world than in a perfectly safe but not free world.
When govts try for a perfectly safe world, they need to be reminded of this stance.
Also, New Zealand has a law that fines someone refusing to unlock their electronics at the border with NZD$5,000. The claim is that they must have a good reason to demand access, but that is a little late. The article also said that the device would be in “airplane mode” for the searches.
Privacy of Communications 8
Most nerds accept that email is not private. We are willing to send unencrypted emails to our friends, family and coworkers because it is convenient. We forget that email is really like a postcard, not a letter, so anyone along the way can read all the contents.
A few people use encrypted email. There are 2 main forms of this – x.509 and gpg. I’ve been using gpg more and more for unimportant communications, because it is my right to have private conversations over the internet. What is said between me and the other party is nobody elses’ business. Really, we are just chatting, but that isn’t the point.
Recently, a brave businessman has probably risked jail by not saying that his company was not asked to provide access to encrypted email sent by customers. There have been 2 encrypted email services shutdown by their owners in the last week. We don’t know why, but suspect a gag order by the US government prevents these businesses from talking.
Last time I checked, the 1st amendment to our Constitution expressly provided for free speech. It says (this is a direct quote):
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Seems pretty clear to me that gag orders are unconstitutional.
It has been some very sad years since 2001. The terrorist have won. The US government is more of an enemy now than anyone else in the world, I’m sad to say.
While I wouldn’t trust any 3rd party service for my encrypted email needs, I know how difficult and non-convenient using gpg is. It is a hassle, but I encourage everyone to use it for all their emails. What we say in our email is nobody elses damn business. We shouldn’t need to fear what we say privately and shouldn’t have to worry that our more and more oppressive government is reading those conversations.
So, google “how-to gpg email” for your platform and email program and get setup with your own gpg keys. This is very important for people using those free, huge, email providers like gmail.
A few related articles:
Now the government has made me sound like a lunatic, but at least I feel better.
Petition to Repeal the US Patriot Act 1
There is a petition to repeal the US Patriot Act (used for wholesale government invasion of privacy):
https://petitions.whitehouse.gov/petition/repeal-whole-or-part-usa-patriot-act-order-stop-secret-warrantless-collection-data/pmTnXNw8
Certainly getting 100,000 signatures in the next month shouldn’t be THAT hard.
Have you signed it yet?
EFF 2012 e-Reader Privacy Chart
A few readers might be interested in this article about eReader privacy from the EFF.
Sadly, the privacy ratings for the eReader that many people are considering or already have is not included in the chart or article. If you have an eReader device and use the most popular reading softwares on it, chances are that what you read is being tracked and shared more than you'd like. I haven't seen any tinfoil hats available to block the eReaders from reporting back to the home office that don't also break the features. If you care about personal privacy, the 1 pg article is definitely worth your time.
Enable Do Not Track in Firefox 4
Whether the Do Not Track settings have any legal support or not, it is worth enabling this for anyone who would like to tell websites not to track them. It may be a worthless effort, but thankfully, it doesn’t take much effort, so why not?
On my Linux system, running Firefox 4.0, the Tell web sites I do not want to be tracked setting, yes, that is the exact wording, is under the Advanced tab of the General tab in the Firefox Preferences.
Steps:
- Edit
- Preferences
- Advanced
- General
- then under the Browsing heading, check box to Tell web sites I do not want to be tracked
Simple.
On other operating systems, it should be easy to find.
2010 Article Summary
I was going to create a Top 10 List of 2010 here. Then started looking through the articles and some constant themes can out.
- Virtualization For Desktops and Servers
- Disk Encryption
- Backups Rock!
- Risks and Concerns for Cloud Computing
- Quicken Runs on Linux – ’nuf said.
- Security Isn’t Easy
- Passwords – Never the Same and Use a Password Manager
- Desktop Security Tips
- Browser Security Settings
- WiFi Router Security Checklist
- Privacy Is Gone Online
- Don’t Use Adobe Software
- Windows Software to Avoid
- Free Security Tips Ebook
- Dealing with Computer Viruses
- Been Hacked?
- How To Build A Home Server – Cheap
Previous Best Articles Here
Happy New Year!
Manage Your Google Data
You can manage your google data here https://www.google.com/dashboard/. This is good. I don’t really use all the google apps, but seeing all the searches I’ve made over the last few years and the trend data, was eye opening. I elected to wipe my data, then pause all future capture of that data.
What other data did the dashboard show? I have removed anything personally identifying below.
Account Name: xxxxxxx Nickname: xxxx Email addresses: xxxxxxx@gmail.com, yyyyyy@yyyyyyyy.yyy Requesting data for Account... Manage account Edit personal information Privacy and security help Calendar Country United States Time zone (GMT-05:00) Eastern Time Requesting data for Calendar... Manage calendars Manage mobile devices Calendar privacy policy Contacts Contacts 58 entries Requesting data for Contacts... Manage contacts Docs Owned by me 1 document Most recent: Weight 2008 on Jun 6, 2006 Opened by me 1 document Most recent: Weight 2008 on Jun 6, 2006 Starred 1 document Most recent: Weight 2008 on Jun 6, 2006 Requesting data for Docs... Manage documents Sharing documents Finance 11 securities in 1 portfolio: My Portfolio 11 securities Portfolio value: $0.00 at Nov 6, 2009 Requesting data for Finance... Manage portfolios Gmail Inbox 11 conversations Most recent: TTTTTTTTTTTTTTTTTTTTTTTT at 7:42 AM All mail 40 conversations Most recent: TTTTTTTTTTTTTTTTTTTTTTTT at 7:42 AM Sent mail 7 conversations Most recent: gmail test on Oct 11, 2009 Spam 2 conversations Most recent: Ref: ssssssssssssssss on Oct 30, 2009 Trash 25 conversations Most recent: New private message has arrived on Oct 18, 2009 Requesting data for Gmail... Manage chat history Manage HTTPS settings Manage all Gmail settings Gmail privacy policy Privacy and security help IGoogle Gadgets installed 10 gadgets Most recent: on Jan 24, 2008 Tabs 1 tab Most recently added: Requesting data for IGoogle... Manage iGoogle settings iGoogle privacy policy Profile About me 2 entries Name: xxxxx xxxxxx Profile URL: http://www.google.com/profiles/pppppppppppppppppppppp Requesting data for Profile... Edit profile Manage sharing of contact info About access and privacy of profiles Talk Contacts 1 contact Sample Contact: zzzzzz@gmail.com Requesting data for Talk... About talk Talk privacy policy Voice History 140 calls Placed calls 4 calls Trash 36 items Forwarding phones 2 phones Requesting data for Voice... Manage Greetings Manage Google Voice settings About privacy and security in Google Voice How voicemails are transcribed Web History Web History: Disabled Requesting data for Web History... Remove items or clear Web History Web History help Web History privacy policy Web History privacy FAQ Other products Google Maps
There was a list of 3rd party sites with access to this data too. I didn’t recall authorizing any of them. Data removed and future 3rd party access prevented.
Major kudos to google for allowing us to manage our data and privacy settings.
I did leave some of the private data out there for use. It isn’t important to me. Your internet use may tell others things that are better not shared. Suppose you search on a medical term because a friend tells you a story about his mother. That search term is saved and tied to your account. What happens if 5 yrs later you end up being medically diagnosed with that illness? Your insurance company may start legal discovery efforts, or just pay google for the data. Now they refuse to cover your treatment since it was a pre-existing condition. Even if you don’t care about this, you know someone who does. What if you search for foods that are bad for you or visit weight loss web sites for 5 years? Expect your insurance company and the govt to have access to this data. If it is stored, it will get out.
It should be noted that if you aren’t logged into your google account, the data captured doesn’t appear to be correlated with your account. That doesn’t mean it isn’t captured by your IP address or a google cookie, stored, and correlated. Further, you can’t manage the data with the dashboard. Google writes about this other data
Today, google is a little less evil. Until they let me remove my data from other peoples’ accounts (contacts, phone calls, email addresses), I’ll still avoid using google with an expectation of privacy.
11/8: The Washington Post Security Fix guy has an article on this now too.
How to End Private Data Leaks?
It is really simple to end all the personal data leaks that we read about all the time, make the penalty of the leak so high that no company would ever allow it to happen. Further, make the fine be paid directly to the impacted persons, so it isn’t the class action lawyer or some neutral party being paid.
A few years ago, my college leaked 20,000 transcripts on the internet. Mine was not one of the leaked, but if I were going to cost $2,000, per instance, for the fine, I suspect my University would be more careful. That fine would have cost them $40M. Yep, they wouldn’t leak anything, that’s for certain.
There are a number of systems out now that are known to leak private data, MySpace, Facebook, and Paypal are constantly found to be deficient with security practices. If there was a $2,000 fine for each failure, I bet they’d fix it or refuse all private data. Or, they’d go out of business, which would give them an opportunity to come back with better security after bankruptcy. Further, venture capitol would demand excellent security processes to prevent any private data breaches.
How is any of this bad? I suppose the companies (slime?) who make money offering bogus privacy insurance would be harmed. They would convert into audit companies or fold. I suspect lawsuits against Microsoft for common program breaches would increase, forcing them to create a secure OS if they wanted to retain customers. I can get behind that. The people and companies certifying private data won’t be leaked will be held accountable if their system fails too.
Is financial data the only private data or is anything not found in either the telephone book or government documents to be considered private? Is there an expectation of privacy for all other information that should be protected?
Like Google Search Results, but not the Tracking?
I assume that google tracks everything. Any search, they track, correlate and store with my other google app, google voice, gmail data.
Scroogle is a google anonymizer. You’ll want to use a plugin to access it. Further, Scroogle supports SSL encryption here
Scroogle claims to block google cookies, delete logs and search result files within an hour. Can you trust them? Maybe not, but what are the chances they will be hacked and your data will still be there? Also, google data is just 1 request away from being used in ways you may not want, so, for me, this is less risky than using google directly.
PrivacyPolicy
jdpFu.com Privacy Policy
Good Neighbor
Consider that you are visiting my home. Please treat this site as if you were a guest in my home. If you see something wrong, please let me know. I will also treat you as if you were sitting on my couch for a quick cup of coffee or a beer. Enjoy.
Your Information
This web site does not capture personally identifiable data without your explicit consent. I won’t clandestinely grab information about you or your computer beyond standard logging. You will have to click a button and probably type something into a field. Ok?
email
If you send email to this site, you a volunteering information about yourself and/or requesting that the site act on your behalf. This is true if you email an account that interfaces with an automated email system hosted on this site – a listserv. It is common to allow users to add and remove themselves and our email list servers also support these features.
Selling Data
I won’t knowingly give or sell your information without explicitly requesting your permission. I have no intention of ever doing this, but that cannot be guaranteed due to Internet crackers. Aggregate data is captured as part of running this web site and email systems, but that information will not be knowingly provided to 3rd parties or used other than normally required to maintain a server on the Internet. That doesn’t mean that this site is hack-proof. Every effort is made, but there are absolutely no guarantees.
Standard Logging
What does that mean? It is common practice is to capture the following information in log files or email or web servers concerning visitors. This site also captures this data; however, those logs are usually rotated weekly. Upto 4 weeks worth of data is retained for troubleshooting or cracker research. Backups may be retained indefinitely.
- Your Internet Address
- Your Email Address
- Your Current Browser
- The time of your visit
- A list of the web pages you visited
- The last page you came from
- other assorted non-personal information – load times, file sizes, etc.
Cookies
Some tools that I’ll use may use cookies, but you are welcome to turn them off in your browser. That is how I surf the web. Obviously, so things might break, but that’s life in the big city.
Hidden Images
As of 2/18/01 no hidden images used for tracking are used by this site. I have no intention of ever using these techniques. A Web beacon, also known as a Web bug, is a small, graphic image on a Web page, Web-based document or in an e-mail message that is designed to allow the site owner or a third party to monitor the address and other information of the site viewing the item. Web beacons are often invisible to the user because they are typically very small (only 1-by-1 pixel) and the same color as the background of the Web page, document or e-mail message. Web beacons are represented as HTML IMG tags in the Web page; users can click on "view profiles" of the Web page to see whether the page is using a Web beacon. Web beacons collect the IP address of the computer that the Web beacon is sent to, the URL of the page the Web beacon comes from and the time it was viewed. Web beacons can also be linked to personal information.
However, most 3rd party products do use cookies for personalization. If you come across a 3rd party product on this site, it would be reasonable to expect cookies to be set. As of 7/18/03, there are a number of 3rd party products running on this site. It is very clear when you are using those tools.
Click Here to see what your computer gives away about [[Your Privacy|]]
Privacy Links
- privacy.org What people can know about you without your permission!
- Junkbusters Telemarketing, spam, and other bothersome marketing hassles
- GRC Learn how to protect yourself while connect to the Internet! After you are on the page, click on the "ShieldsUp" image to see information about your computer that anyone can get when you are connected to the Internet. It is worse than the wild west of America in the 1800s!
- the grand daddy of all SecurityNow
- PING
