OpenSource Privacy

I’ve blogged a bit about OpenSource, and Linux – I’ve even convinced numerous friends and family members to join me. CentOS and Debian are my distros of choice, but for many of them, moving over from the Windows world; simpler is better. So I’ve set them up mainly with Ubuntu (shudder) and Mint. My own children use Xubuntu. I get asked a lot – “How do you get anything done since (insert overpriced product here) doesn’t run on Linux? Well, I’ve blogged about that too, HERE. But in the wake of US Programmes for spying on the American public, such as PRISM, just using OpenSource and expecting the lack of anything Microsoft to protect you isn’t enough. I’ve touched on configuring TOR, using Off the Record plugins for Pidgeon and other similar privacy enhancements HERE. But I’d like to take a moment to post on a basic level for beginners, about the very bare essentials in protecting their privacy. Simple changes that they can make without having to do any real major configuration to their system.

For this, you need to be a bit more clever, doing things such as changing your search engine, what browser you use, how you email and how you generally make use of any web based products. Read more about giving the NSA the finger HERE, and opting out of global data surveillance HERE.

The “Opting out of Global Data Surveillance” link should pretty much cover what you need, and for Linux users like myself, this specific LINK in the Opt Out information is particularly useful. But at the very basic level, even if you don’t feel a need to install, configure and make use of TOR, at the very minimal, use Firefox and make either https://duckduckgo.com or https://www.startpage.com your go-to for your searches each and every time you search. StartPage has the obvious advantage as it provides Google search results (let’s face it, we call searching “Googling” for a reason) but strips out your personal information so that Google never receives your IP or has a chance to laden your machine with cookies. That’s not to say that DuckDuckGo isn’t useful, but you will note a HUGE difference in the quality of search results.

As to email, while it does not have anywhere near the bells and whistles of Google/Gmail, I highly recommend Autistici-Inventati. Their service does provide all of the following, free, and naturally they accept donations to keep these services available. Find them HERE. The webmail is plain and uses Roundcube, but it’s free, private and secure. Couple it with Thunderbird or Earlybird (HERE‘s how you secure them), and it’s a win! Also, you can use K-9 on your Android phone for the secure email feature.

There are other email alternatives, of course, aside from even those mentioned in the Opt Out link. A friend of mine on Mastodon (more on this in a bit) recommends ProtonMail. I haven’t tried it to date, and as such, cannot comment on it positively or negatively. I do, however; respect his opinion and assume that if he recommends it, it’s worthy of said recommendation. You can read about his move to Linux HERE. You can also read his writeup on online privacy (in which he touches on ProtonMail) HERE.

Anyway, these are the surface level important bits gleaned from the Opt Out information. You can read more details and customize more of your desktop environment with apps and web services as you desire based on their guide. These presented here are just the absolute BASICS for preserving a shred of privacy in an ever increasingly watched, regulated and data mined digital world.

The last subject I’d like to touch on, is… well… a touchy one. Social networking. I know… you’re old and stuck in your ways. Facebook is just familiar and easy. Twitter is comfortable and doesn’t require any configuration. Well – that may be true, but they’re also undoing EVERYTHING that we are trying to accomplish in the entire preceding portion of this blog post. Facebook caches every single search. Whether for people or for products. Every page you like. Every status you like. Every news story that you read from their web app. Twitter does the same. Everything that you do on either site is monitored, collected, and placed into a nice little package that allows them to serve all of those ads that you see all over in the side bars, and in between posts. Your email… your birthday… all of your relationships. This data is all theirs. You gave it to them. And they USE IT.

There are two different options for Social Networking that I highly recommend. The first is older (if you don’t count OpenSource predecessors) and it is called Diaspora. It’s pretty much got all of the functionality of Facebook, but without the clutter, without the ads, and without fear of all of your data being mined and sold to any and all bidders. I’m personally on https://diasp.org username theophilus79@diasp.org, but they have a large pool of “pods” to choose from, and you can join any of them. They allow you to follow people from other “pods”, but they aren’t ruled by a centralized, authoritarian data miner. I know, it’s a pain getting your family and friends to switch, but persistence does pay off! The second is Mastodon I’m personally on https://mastodon.technology username theophilus@mastodon.technology – as my main account. It’s essentially a fuller featured Twitter, which allows more character input as well. Like Diaspora, it’s broken into “instances” and not all housed in a central server somewhere. You can join any instance that you like, and like Diaspora, follow people from other Instances. Again, no centralized authoritarian data miner granting you the right to use a website in exchange for all of your digital data. Both Diaspora and Mastodon have mobile apps that you can use. Both are well worth a try, and both will help you protect / control your own data. That isn’t to say that either is foolproof, but both by far outweigh the negative aspects of Facebook and Twitter.

Lastest Online Security News

Security missives from the front lines
This is a curated collection of my own encounters as well as some that were contributed by others. If you have some gems to share please send them along or leave a comment below. I'd love to build this list out as I know there are many more out there.
Read more on CSO Online

Security of online voting debated
It's examining the possibility of taking part in the Government's online voting trial for next year's local body elections. Despite the $ 240,000 price tag, staff are recommending council register interest. The only councillor who supported the trial …
Read more on Newstalk ZB

Kaymu assures on online security for shoppers
Kaymu, at her Entrepreneurs' club seminar which took place at the Lagos Chamber of Commerce and Industry (LCCI) Conference and Exhibition Centre in Lagos, has assured shoppers of protection against online fraudsters and hackers in the process of …
Read more on The Nation Newspaper

China arrests 15000 who 'jeopardized Internet security'
China has arrested a whopping 15,000 people for acts that “jeopardized Internet security,” police said Tuesday. It's a mark of the country's continuing crackdown on online dissidents, which has ranged from a crusade against pornography—this was …
Read more on The Daily Dot

Lastest Online Security News

First Library to Support Anonymous Internet Browsing Effort Stops After DHS Email
The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users' locations. Soon after state authorities received an email about it from an agent at the Department of Homeland Security. “The …
Read more on ProPublica

China arrests 15000 people for web security violations
A crackdown on “cyber crime” by Chinese authorities appeared to reach a new level on Tuesday when police said they had arrested 15,000 people for online security violations. The announcement, posted on the website of the Ministry of Public Security …
Read more on Financial Times

Ashley Madison hackers publish compromised records
The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on the promise made when the hack was announced in July. The compromised records include account profile information, personal information, …
Read more on CSO Online

Indusface releases a list of online security stats that websites cannot afford
It is unfortunate that even some of the major online brand names overlook app security and compliance." Gartner research has already predicted that increasing adoption of cloud and mobile will drive the security market, which is estimated to $ 76.9 …
Read more on ChannelWorld.in

Waynesboro Police Warning About Credit Card Fraud Ring

Waynesboro Police Warning About Credit Card Fraud Ring
(WHSV) — The Waynesboro Police Department wants citizens and businesses to be aware of a reoccurring credit card scam that has been seen perpetrated in stores particularly in small cities on the eastern seaboard, including Waynesboro. Locally, Krogers …
Read more on WHSV

Lastest Online Security News

Ashley Madison self-assessments highlight security fears and failures
Last June, executives and business leaders at Avid Life Media (ALM) responded to an internal Q&A addressing their strengths and fears. This assessment was leaked as part of the documents released by Impact Team this week, and offers a unique insight …
Read more on CSO Online

Agora, Internet drug den, going offline amid security concerns
Agora, an online marketplace where items ranging from illicit drugs to forged documents are bought and sold, is indefinitely shuttering its doors on the Dark Web due to supposed security concerns. The administrators of the underground bazaar said …
Read more on Washington Times

Application security needs to be shored up now

Application security needs to be shored up now
PCI DSS requirement 6 falls into the domain of software developers who are involved in the development of applications that process, store or and transmit cardholder data. There is little low-hanging fruit here, and firms that have in-scope …
Read more on CSO Online

Whole Foods drops security firm after Calif. store attack
OAKLAND, Calif. (AP) — Whole Foods Market says it has cut ties entirely with the security firm that had been patrolling an Oakland store where a security guard allegedly beat a customer unconscious. Company spokeswoman Beth Krauss tells the Oakland …
Read more on Daily Mail

Is poor software development the biggest cyber threat?
The “Forrester Wave: Application Security Report”, which evaluates vendors for security and risk professionals, says many firms have rushed to bring applications online, building out consumer-facing websites, buying commercial off-the-shelf (COTS …
Read more on CSO Online

Match.com suspends UK advertising after malware warning

Match.com suspends UK advertising after malware warning
A spokesperson for match.com said: “We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue. Our security …
Read more on Techworld.com