Jump to content

Privacy Tips and Tools

Recommended Posts

I thought you all might enjoy a few tools to help privacy.

As I suspect most of you know, our lives online cast a "digital shadow"... cookies: track our browsing, phones: our location, Alexa/Siri: some of our spoken word.

While convenient, it creates more data that can be used to grow a picture of you, and that's worth money when sold and aggregated. Since the value of the data is lower when it is less specific, this creates incentive to use poorer technology to anonymize data. Commercially, the US spends over 12 billion a year on marketing data, and governments have growing budgets to purchase our information... an example: https://www.nytimes.com/2020/02/07/opinion/dhs-cell-phone-tracking.html

 

I thought I'd share a few of my favourite applications and a couple tip websites, for those interested:

 

Electronic Freedom Foundation Tips: 

 - https://ssd.eff.org/en/module/protecting-yourself-social-networks

- Signal, an app that encrypts text messages.

        When used, texts no longer appear on your phone bill (must be used by both sides of the text): 

        https://ssd.eff.org/en/module/protecting-yourself-social-networks

 - - Privacy badger: General cookie and tracking cleanup: https://www.eff.org/privacybadger

- Blur: Generates anonymous mailboxes, credit cards and a virtual phone number, all of which point to your real stuff. I like the credit cards especially, as I can create low $$ limit, single use cards for specific websites.

  - https://www.abine.com/

 

"The Onion Router" TOR Browser lets one surf onion/hidden services, sometimes called the dark web, and makes you anonymous (when used correctly) on the regular web. https://www.torproject.org/download/ 

 

 

Enjoy. I hope folks find this useful.

 

-cbs

 

 

  • Like 1
  • Thanks 2

Share this post


Link to post
Share on other sites

Signal is an amazing app, I use it daily, but as you mentioned it only provides encryption and "protection" when both parties are using it.

 

Getting others to adopt it in the face of Apple's messaging solution, FB messenger, Android Messages etc has been a hurdle for me, and probably will be moreso for providers.  

 

Don't get me wrong, it's a fantastic app and it would be great if all providers and all clients would adopt it, but alas, it's unlikely 

 

 

  • Thanks 2

Share this post


Link to post
Share on other sites
On 2/11/2020 at 5:11 PM, OldandNerdy said:

Don't get me wrong, it's a fantastic app and it would be great if all providers and all clients would adopt it, but alas, it's unlikely

Two things that can be done.

Providers can advertize that it's an acceptable way to communicate, if they want (the ones who aren't keen on texting probably won't). That may get clients and even other providers to check it out.

Clients can ask providers whether they're OK with it for communication. That might prompt the providers to offer it, even if they don't right now. But again, probably best to only ask the providers who use texting, because the ones who prefer email or calls probably won't like Signal either.

  • Thanks 1

Share this post


Link to post
Share on other sites

Data Privacy is a massive topic of discussion in today's era of Data Privacy laws such as General Data Protection Regulation (GDPR) in the EU. Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and Privacy laws of the United States. I do not want to talk in depth about the laws in this thread, hence I posted the links for those who are interested to know more about it.

Now when it comes to IM or messaging apps on phones, there are tons of apps out there on Apple Store and Google Playstore and these days most of the app developers claim that the messaging apps are "End to End Encryption" enabled is strong and completely safe. While the End to End Encryption uses strong encryption and hashing algorithms, you do not know who is on the other end of the app reading your messages. as rightly quoted by Mathew Green from John Hopkins University, "Encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to, you’re screwed."

 

image.png.fa7302651c893d79fe2ab38e5933dcb2.png

 

As end to end encryption became popular with the messaging apps these days and free of cost to the end user, the cyber criminals have become smarter too. Instead of trying to break the encryption using super computers, they have started to use spyware's such as pegasus that was developed by an Israeli cyberarms company NSO. Pegasus is being abused and pushed into apps on Playstore and Apple store with other apps using  Steganography technique. Once the spyware is installed on your phone, the data exfiltration process begins which will start sending the data from the phone to the attacker. You might have heard or read about Jeff Bezos iPhone hack. Investigations revealed that the pegasus spyware was used for the same.

 

We have also read and heard about Backdoors being left on various apps on purpose by the app developers, now most of you would be shocked or surprised to know if this is true and why would there be a backdoor in an end to end encryption enabled app that is supposed to encrypt the data that is in transit and on rest. Unfortunately, in today's world, these end to end encryption enabled apps have fallen into the wrong hands and is being used to cause harm and damage either a person, entity, state or a country's national security and integrity. Even though the developers might claim that there are no backdoors left open in their app, one should always recall the infamous Edward Snowden and his claims on NSA (I do not want to go in depth about it)

To conclude, I would say there is nothing called as "Perfect Security" or fool proof, unbreakable app. We all have to accept a certain element of security risk in whatever we do in life, similarly, it's the same in technology, we have to assess how much risk is  "acceptable" and follow the best security practices to make sure we can protect our data to the maximum extent with the options we have in hand.

For those who love reading, I would highly recommend to read the book The Art of Invisibility where Kevin Mitnick, who was one of the most wanted hacker by the FBI has thrown some amazing insights and how to be safe in the digital age.

Hope this helps. 

Share this post


Link to post
Share on other sites

Interesting read, though in the end unsatisfying, since while it goes over the theory, in essence concludes thar ‘stuff is hard’ phones are hacked, and apps have have bugs... so no news. Its kind of defeatist. 
 

Ultimately, one picks the phone and app one trusts, rather than just giving up.  Signal is built by Moxie Marlinspike, a well respected researcher, the code is open source, snd well reviewed by independent security folks, and endorsed by folks like EFF, Phil Zimmerman... and whatever you feel about Snowden, he did evade capture, and  get away... and he endorses Signal.

 

while sure, side channel / os attacks are a thing... Apple has regular collisions with governments over their desire to avoid back doors, an aggressive security update program, and they pay a bounty of $1M for an ios kernel bug... so while nothing is ever perfect Signal, especially used on iPhone, is a good bet.

Edited by clearbluesky15

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×