Friday, October 2, 2015

How to Protect Online Activity

Introduction to Online Security, Internet Privacy, Anonymous browsing.  


As an honest hard-working citizen, you may think you have nothing to hide, but at the same time you may be annoyed with intrusive advertizing, or you may be concerned with the ability of hackers to see your bank accounts, or for governments, foreign or domestic to watch what you do online.

Advertising

Some people are surprised to see ads shortly after visiting a website.  For example, suppose you want to check the price of flights to Seattle, just out of curiosity to compare prices to different cities, but with no intention of ever going there.  Then, you notice over the next few days, that there all kinds of advertisements in your browser for flights, or hotels in Seattle.  Then you wonder how did those advertisers get the crazy idea that I might be interested in going to Seattle?  Or why do I keep seeing ads for something in which I have no interest?  That is tracking technology known as Interest-Based Advertising.

Criminal Hackers

People have the erroneous idea that their passwords are secure, and that a little router at home will protect them from the bad kind of hackers.  Malware can be installed by viruses that come from file sharing, and phishing is another technique used to get people to go to a fake website, and install some kind of malware.  One example is an email with a link to a fake website, with a logo that may look like a familiar bank.  The unsuspecting user clicks on the link in the email (not a good idea), and is directed to the hacker's website.  Then the user enters his username and password for the user to see, before redirecting to the bank.  There was a documentary about how a team of students would collect small amounts into their bank accounts, and funnel the funds back to the leader, in an effort to try to avoid detection.  Of course they were caught, eventually.  The way they got into the accounts was by installing a keystroke logger -- a piece of malware that takes every keystroke, and sends it somewhere for them to analyze.  Then when the user connects to their bank, they enter the username, and password.  The browser uses SSL, so there is a little lock icon, so the user feels safe.  The SSL connection was secure, but the computer was not.  The user could change their password every day, and the hacker would have the new password every time, as long as the malware was still running and communicating back to them.  This is why password security is not always enough, and anti-malware should include anti-spyware or anti-tracking.  Advertising is annoying enough, but obviously it is more important for banking to be secure.

Governments

There has been some discussion in the news about a particular government blocking internet access, or spying on it's citizens at one time or another, but this topic can really be about any government at any time.  Again, as law-abiding upstanding citizens with nothing to hide, there is no need to be paranoid, but who knows how strong the fourth amendment right to privacy will be in the online world, since some information may be considered to be in "plain view".  It is easy to see the need for any government to protect it's people, but also for people to protect themselves, so both sides make some good points.

Employers
Yes, employers often spy on employees, either to protect company confidential information, or to gather evidence of inappropriate, or even illegal activities.  If you work for a company, you should have no expectation of privacy, and should consider that there may be snapshots taken of your screen every 10 minutes.

PBS had a Frontline Roundtable on Privacy and Surveillance, called

How to Protect Yourself (and Your Data) Online

http://www.pbs.org/wgbh/pages/frontline/government-elections-politics/united-states-of-secrets/podcast-how-to-protect-yourself-and-your-data-online/

On SystemNotes, we love free, open-source software, so we have listed here some of the tools that were mentioned when discussing how to keep online activities safe from criminal hackers, advertisers, and the government.

The Tools listed in the discussion, are quick and easy to implement:

Encrypt Internet Browsing

Https-Everywhere -- https://www.eff.org/https-everywhere

Install https-everywhere https://www.eff.org/https-everywhere to encrypt web traffic on all sites visited.  Usually, https (SSL) is enabled only on sites were encryption is considered important by the company providing the site.  Online banking and shopping is where https is almost always enabled.  This software enables https by default.
 
Hide Tracking Information

https://duckduckgo.com -- Use https://duckduckgo.com instead of something like Google, Bing, or Yahoo, to avoid having all searches recorded.

Probably only one of these is needed, since they seem to accomplish the same thing:

Privacy Badger:  https://www.eff.org/privacybadger
Disconnect Me:  https://disconnect.me  Disconnect browser add-on
Ghostery:  https://www.ghostery.com


Note that web browsers continue to add security features, and new plugins may be available.  Here are some links to notes on popular browsers:


For more info, check out the EFF.org site:
 
EFF - Surveillance Self-Defense - Defensive Technology
Basic technical information on how to protect the privacy of your data

https://ssd.eff.org/tech

PBS Frontline: United States of Secrets
May 13 & May 20, 2014
http://www.pbs.org/wgbh/pages/frontline/united-states-of-secrets/
    Part One - "The Program"How did the gov't come to spy on millions of Americans?  114:11
    Part Two - "Privacy Lost"How Silicon Valley feeds the NSA's global dragnet  53:41


Related Posts:  Free AntiVirus and AntiSpyware Software -- http://systemnotesorg.blogspot.com/2011/10/free-antivirus-and-antispyware-software.html

All Antivirus Articles: http://systemnotesorg.blogspot.com/search/label/antivirus

Of course there are other ways to protect a home, or businees network, such as installing a firewall, and using OpenDNS, but those are topics for another article.