Privacy - Another reason to NoSurf!


#1

Privacy is usually important to every one of us - we don’t want strangers opening our drawers at home, we don’t want intruders while we’re showering, and most of us usually wouldn’t just give out our E-mail password either.

The reason this fits under the NoSurf umbrella is because we either usually stop using social media services, limit the use of the services, or use it very consciously.
This is already helping our privacy partially, but we can do more, and we should. A conscious or limited use of a social medium doesn’t always just have to mean to moderate the use - it can also mean to review settings on all your devices and the account itself, and to take precautions. Even for pupose driven use of the internet!

Some NoSurfers also use their smartphone sparingly, or even switch to a dumbphone - obviously very good to go against app and location tracking. Taking usual NoSurf approaches isn’t only helping whatever problems we deal with, it can also help us with our privacy.

Thanks to the Cambridge Analytica scandal, I’m sure many people have heard about it - big social media companies like Facebook, Instagram, Snapchat, Twitter etc. are free because your data can be sold for analytical and advertising purposes. Ads always keep websites alive, we all know that.

But it is outdated to just show random ads to all registered users of those services; a lot more money can be made when websites like Twitter can promise the advertising firms that the ads will be shown to a specific set of people, possibly even guarantee a number of eyes or an amount of clicks. After all, the companies advertising are looking to get clicks and get their products seen and bought, and that works best if targeted to people who could be interested, therefore more likely to click and buy.

Everybody wins - except the user.

When we usually talk about data the social media companies have, everyone usually thinks about the data they voluntarily enter - your age, your gender, your likes and hobbies. These are important too.
But these websites also collect data that isn’t voluntarily typed in by you. A lot of people don’t check the settings of the websites they use, and also do not check the settings for the apps they use. Officially, Facebook and the like ‘have your consent’ because you haven’t turned a setting collecting your data in a specific way off - but you also didn’t know it existed, or was turned on by default. That way, you can quickly, without knowing, give them permission to use your microphone, use your location, check other apps on your phone, and so on.

The worst offenses of data collecting are actually the ones the normal users do not know about - Tracking users across websites.
This happens with cookies, which are always enabled in a browser. Cookies store information for useful features like keeping you logged into a service, but can also be used maliciously so that even when you’re not on Facebook, it can gather data about what websites you visit and other information.

This is also done by the share buttons nowadays commonly found on almost every website - which means Facebook and other websites can also track non-users (If you’ve ever asked yourself why anyone would share a porn video to their Twitter account via a porn site… now you know what these share buttons are for). When you visit a web page, your browser voluntarily sends information about its configuration and the computer’s configuration, such as OS, IP, available fonts, browser type, and add-ons, which can also make you look very unique and can be used to track you as well. Sometimes, images can be used as well - or so called tracking pixels or web beacons.

Of course, a lot of people say they have nothing to hide. And partially that’s true - if you have nothing illegal or bad going on, you might not need top privacy like someone like Edward Snowden has.
But there is a lot that can be done for your privacy that is uncomplicated, happening in the background, easy to install, and benefitting you. Because of course targeted ads aren’t the end of the world - but when your data is used to identify you, with all the embarassing posts, pictures, private messages, location, browser history and porn likes, email adress, aliases, passwords as well as the people you have contact with and the usual paths you walk around your town, that is a problem. Imagine embarassing side accounts, years old accounts, old posts you already deleted all being connected and surfacing.

While we don’t have to go all dystopian about a government that’s using this information to withhold health insurance from you or will forbid you to leave the country, this can all be leaked in scandals like Cambridge Analytica or hacking as well as other security leaks, or simply misused by websites and third party companies.
We can already see China heavily relying on gathered information to control citizens in a citizen score.
It has already almost become a norm to expect your employer to check for you online.
The US is debating on implementing social media screening for everyone trying to enter the country.

We can never guarantee the services we use will be reasonable with our data in the future, and we can never know if the country we live in will always be a free and democratic place.

Of course online or digital privacy is a rabbit hole you can really delve deep into, but there is a lot we can all do as casual users and as people with ‘nothing to hide’ that combines being easy, userfriendly and acessibility, and doesn’t have to mean complicated software and abstaining from everything.

And if you needed another reason to NoSurf, and delete a lot, if not all of your social media, this is a big one.


#2

Resources for anyone concerned, interested, and especially for those who still need to use online services for work etc.:

  • Checking the settings of your computer OS. The most secure OS are variations of Linux, but because of usability and other reasons, most of us are dependent on Windows. It is debatable if retracting consent to a lot of tracking in the settings changes anything (“What if they track me regardless?”) but it’s better (also for legal reasons) to retract consent than to let it stay, thinking it is useless. If anyone here has Windows 10, I can give tips on where to find settings that are privacy sensitive.

  • Checking the settings of your smartphone and other similar handheld devices. You can already disable a lot of tracking there as well, and go through the permissions each app has. Do these apps really all need access to your images and microphone?

  • Having as less privacy nightmares on sensitive devices on your smartphone as you can. I did away with Google apps and most other social media apps.

  • Open source software that is vetted as privacy friendly (because the open source code can be seen and understood) and supported by donations and contributions is always better than closed source, which potentially doesn’t keep their promises and could be developed by companies trying to profit off of your data.

  • Using no cloud services. They have vulnerabilities, as proven in the past with a dozen nude leaks from celebrities via their cloud services. This isn’t over.

  • Using privacy focused browsers for your handheld devices as well. Firefox Focus is popular and also what I use.

  • Using Firefox on desktop as well. The slow times of Firefox are long over, and Google Chrome is a privacy nightmare. Firefox gives you a lot of options, is made by a company dedicated to protecting privacy, and offers good configuration tweaks and extensions to make having a more private connection to the internet very easy.
    I use:
    -> uBlockOrigin: It’s an ad blocker, but its settings offer so much more, it’s faster and easier on the memory than other adblockers, and is open source. It lets you block tracking as well, whole website elements, adblocker-blocks etc.; you can create own rules and adopt and enable/disable blocking packages made by other people as well.
    -> Privacy Badger: Stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. It learns as you go and gets better with time. The websites track Browser settings, extensions, fonts and settings, mouse movements, time spent on the site, computer hardware and many other things that make it pretty unique. Privacy Badger protects you from this.
    -> Cookie AutoDelete (or any other Cookie Selfdestruct Extension): Automatically removes cookies when they are no longer used by open browser tabs. This extension has options, like whitelisting websites so their cookies aren’t destroyed upon tab closing, and greylisting for allowing a website just this once. You can always easily add the current open website to exceptions by clicking on the icon and seeing the settings there. This offers additional protection.
    -> HTTPS Everywhere: It encrypts your communication with many major websites, making your browsing more secure. It has a list of websites integrated so this isn’t necessarily happening on all websites, but the majority of widely used websites.
    -> Decentraleyes: It has local versions of popular JavaScript files such as JQuery. Typically your browser would automatically download the script (in the background) on a website that uses it, which typically use a Content Delivery Network (like Google’s) to download the script. Decentraleyes nullifies that and uses its own version so you don’t communicate with Google’s CDN servers (for privacy). This protects you against modified (possibly virus-y) scripts and also makes browsing a lot faster!

  • Using a VPN. It links itself between you and the internet and hides your IP, giving you the IP of their server instead - completely legal (I know of no country where it is illegal, at least). Most VPN providers don’t keep logs and your connection is encrypted. This can protect you against having your IP and location leaked, and your internet provider cannot see what websites you access. VPN’s also circumvent geoblocks, either from services like Pandora, or government imposed blocks. Free ones usually are slow and don’t have much settings and are only a browser extension; it’s better than nothing but can sometimes really be a hassle. I recommend a paid one, if you can. I use TrustZone.

  • Using a password manager. This enables you to generate very complex and difficult passwords so that your accounts are safer and much harder to hack/bruteforce, while this software remembers them for you and can fill them in. Depending on the password manager you choose, you can store them locally (safer), and they are also encrypted and can only be used with a Master password of yours that serves as the encryption key. LastPass and KeePass are popular options.

  • Using two-factor authentication that is available in the social media settings for your account. This isn’t only about privacy, but also safety. Use sms/text or an Authenticator app. This is an additional code to put in after you log in that you receive on a device of your choice. This could be good for NoSurfers as well in terms of making logging into addictive services harder.
    [/LIST]

These are the basic things anyone could do for themselves to protect themselves better without losing convenience or being very technically literate. Just settings, and installing extensions/software that run without (any, or complicated) setup. :slight_smile:

If you want to know the privacy rules and agreements of the services of your choice, I can recommend Privacy Angel, a website dedicated to explaning complicated terms of use etc. in easier language and summarizing the important points concering your privacy and what data you give up by using the services.

There are some advanced techniques I can get into some time.


#3

Here a few software changes you can make to help further your privacy:

Operating System

  • Use Ubuntu. It’s very noob friendly. If you’re tech saavy you can try Debian or Arch Linux
    https://www.ubuntu.com/

Web Browser

Ad Block

Mobile Browser

Email

VPN

  • ProtonVPN is made by the same people who make ProtonMail. Not sure how good it is because it’s new.
    https://protonvpn.com/

The other popular ones are

Password Manager

Office Software

Messaging App

Notes App

Messaging App

Cloud Storage

  • Sync. It’s the only one that’s privacy friendly, encrypted, and also has a free plan.
    https://www.sync.com/

Audiobooks, Music, Tv Shows, Movies

  • Hoopla Digital. If you live in the U.S. it’s free with your library card.
    Note that it’s not actually privacy friendly by nature but I still think it’s better than your data going to a huge corporation.
    Their selection of audibooks and music is REALLY GOOD. Movies/tvshows not so much but it seems to be growing rapidly.
    They limit you to 8 borrows a month which effectively prevents you from binge watching.
    https://www.hoopladigital.com/

Search Engine


#4

I recommend to expand the browser addons, first. umatrix and noscript may be good for those who want to fiddle with website’s js. If you need granular control, use umatrix, and if not, use noscript. Then, perhaps blocking other source of tracking such as html5 canvas fingerprinting? This is a matter of being identified through your browser’s addon or through the other method of tracking… so choose wisely as it is also your convenience at risk?

Then again, you can use tails with persistent volume as an alternative to ubuntu for OS. Also Tor with its best practices (else your anonymity may be compromised).


#5

An additional good Website is haveibeenpwned.com. It’s a website that’s dedicated to tracking major breaches and getting a hold of the data so you know if you’ve been compromised in the breach or not.

A super old email address of mine (the first I ever had) has been affected by breaches and leaks of websites 8 times, for example. Check all your email addresses here and if you’ve been affected, change your password and the password of the website account the email was tied to (ex. Tumblr). If you’ve been affected multiple times, I’d recommend to abandon the email address and create a new one.

I have a lot of e-mail addresses (each for specific uses) so that even when one of them should be hacked, they do not have access to everything. Certain email addresses are kept off websites or logins if they have sensitive data as well.

Just another thing you can implement :slight_smile: be sure though to not connect the email addresses to eachother (sending something from one to another) or else this could be useless.


#7

It’s good to switch away from Google and Yahoo. Because of GDPR, I’ve been notified per Email about privacy things regarding the use of any Verizon/Oath service (Yahoo and Tumblr, for example) and what they’re collecting is intense.

If you want new email adresses, you’ll sadly have to create them and then transfer each account over (log in, go to settings, put in new email address, confirm via email). Some accounts don’t let you switch email addresses, but that should be rare.

For the password managers: I can only speak about LastPass*, but it’s easy. You install it as a browser extension and log in via that, and each time you log in somewhere, it asks you if it should add it to your ‘vault’ (where all of your info is stored). So you don’t necessarily have to type in all the info by hand, you can just have it open while logging into your services. I’m sure other password managers are similar.

* Their client API is open source, and LastPass does encryption in the client, so the server never sees your unencrypted data so even in an event of hacking, the encrypted data would be useless. If I am not mistaken, your master password is the hash needed to unencrypt your passwords specifically.

About switching operating systems: Keep in mind that not all software you use is compatible with your new OS (ex. from Windows to MacOS or Linux), so you’ll have to find out if you can get the fitting version, or if there are alternatives for the software you’ve been using for your new OS. Don’t forget peripheral drivers (mouse, printer, wifi adapter, webcam …) are affected by this as well. If you play games, you might not be able to play them any longer if they aren’t compatible with MacOS or Linux.
A good compromise is having, for example Linux, installed while booting up Windows separately whenever you need access to a specific software or game that doesn’t run on Linux (effectively having both installed, and deciding which one to boot whenever you turn on your device). In extreme cases, you can run a Windows Virtual Machine on Linux so Windows stays isolated while still being able to run software.


#9

How private must we be?

I have been thinking about using an alias for when I’m writing my comic books, and I’ve also felt reluctant to make music for fear of people trying to destroy my reputation and ruin my life. Yet I have dreams of being famous and making my dent in the world.

I feel like JFK.


#10

I just want to add, since some posts above have mentioned it, that while Linux is indeed written in such a way as to make it harder for malicious programs to run without your consent, running Linux is not a cure-all for privacy. You can still be irresponsible with Linux, just as you can with any other operating system, it all depends on how you use it and if you use it in a responsible fashion.