Privacy – The Procrastination Pen

Privacy – A How-To Guide

There can be few people alive now who have not heard about Edward Snowden.

He is a marmite character hailed as a hero by some and a pariah requiring execution by others.

I realised that in my Gravatar profile I state: “Keen on privacy and IT Security. A volunteer counsellor. I use blogging to improve my writing.” There has been a few blog items on writing and the odd one related to counselling but except for the EXIF article precious little in support of privacy.

Snowden showed us that if you decide to put something on the Internet it is not private anymore. (No matter how much security you imagine protects it).

Security services have techniques that can read information, often when we believed that information was protected.

Information that you put on the Internet today, believing it to be secure, is exposed in a security breach tomorrow.

Some people believe that this is fair enough, if you decide to put a nude selfie online for example then on your head be it.

This article is not for them.

Still reading? Ok, well there are some basic steps that you can take which will protect you. Some more advanced steps you can take if you are very keen on privacy. There are also steps you should take if your life depends on privacy (which is sadly not unfamiliar to some activists in the world today).

http://www.huffingtonpost.co.uk/entry/improve-internet-privacy_n_6902622

https://www.theregister.co.uk/2015/11/12/snowden_guide_to_practical_privacy/

Mobile Phones Mobile Phones – transmit a great deal of information about you. they are used by shops to track your purchasing preferences. They still transmit information even when you have turned location services off.
If you are in the group that really needs to protect your privacy faraday bags for phones do work.If you like your privacy but your life isn’t likely to be in danger over it – turn on location services only when you need it.

Similarly turn off Bluetooth and wireless when they are not in use.Better still if you do not want to be tracked leave the phone at home.

Encrypt Encryption uses mathematics to render the information inaccessible to anyone other than the people you want to have access.However encryption does not solve all problems.There is some evidence that some encryption has been circumvented. .However encryption will defeat prying eyes in the majority of cases.
You can encrypt your phone .You can encrypt the hard drive on your laptop.

You can use encrypted file storage online .

Encrypted Apps – Use encrypted alternatives to text messages. The recommended system here is an app called Signal which is as easy to use as any text message system.

Unique Passwords – Make certain that every website you log into has a unique password.
Breaches in passwords happen every day.

A breach is when a company loses the usernames and passwords of its customers onto the Internet. Criminals then get hold of these details and attempt to log into as many websites as they can. It takes criminals minutes to do this it can take many years before a company is aware of the leak.

Password Managers – maintaining a different password for each login (for every website) is a discipline that is sometimes beyond the memory of the average individual. This means that you really must use a password manager.
Password Managers store all your passwords in one place and you only need to remember the one password – the one to access the password manager.

I use KeePass . It is a standalone password manager (in that it is not integrated with your browser).This reduces functionality a little but increases security a lot. (With all your passwords in one place you do want the solution to be secure).

Use two-factor authentication. Remember I said that passwords are leaked onto the internet every day? How do you stop a criminal logging in when you don’t know that your password is already out there?
Make certain logging on to your account takes more than a password.

A number of sites permit use of two-factor authentication. Usually this means that after you add your username and password you get a text on your mobile phone giving you a code that you also need to enter.This small amount of extra effort can have a big effect on your security.

Use a VPN service that cloaks your location.Every ISP has a list of addresses that they hand out to their clients. This means that when you browse the Internet others on the Internet can determine which ISP you use. In many cases this gives a good approximation of where you are accessing the Internet from.In addition every piece of browsing behaviour goes through a link provided by your ISP who has a log of your activity. The only way to disguise your activity from your ISP is to have a tool that uses an encrypted tunnel to hide what you’re are doing.
This can be a VPN , use of ToR browser or using ToR browser over a VPN .

A VPN creates a tunnel between you and a VPN Provider.

The problem with this is that it moves the keeping track of your actions from your ISP to your VPN provider.

You therefore need a VPN provider that undertakes not to track your actions.

For the truly privacy conscious use ToR.

https://lifehacker.com/what-is-tor-and-should-i-use-it-1527891029.

ToR is not a panacea but it does make it much more difficult to trace any actions back to you. ToR is a technology that sends the messages you use to communicate on the Internet through a very convoluted route, making it very difficult to trace.

Of course it is far easier to keep something private if you do not share it in the first place. If you share something which would have consequences (if it became public) then perhaps sharing it is not wise. Don’t depend for example on Facebook privacy settings. It is known that people use Facebook to monitor and to trap the unwary.

Don’t put your holiday destination into Facebook until after you have returned.

It is really a bad idea to exchange nude photographs. Can you really be certain that the picture won’t turn up later on in a context which you might not like?

Many sites allow recovery of your account if you supply personal details about yourself. This means that they allow you access after you share with them a secret that they know about you. A favourite is Mother’s maiden name for example. If you forget your password – you supply your mother’s maiden name – you get to reset your password.

If that information (your mother’s maiden name) is on the Internet already (say on social media) it is no longer a secret. Criminals can use this information too.

Firstly be careful what you share. Secondly if you are asked for a secret that can be used to reset your account – lie. If your dog is called Fido and the recovery question is “pet’s name” use ”jambalaya” for example (don’t do that – it’s in the Internet now so people know it – make up your own version and keep it secret).

Once you have created a lie make sure you record it somewhere offline (say in the password manager) so if you need to recover the account you can remember what lie it was that you told them.

Make certain that you use the HTTPS version of a website (most sites have a HTTPS version now). The HTTPS-everywhere add-on can do this for you. HTTPS uses secure communication and hence is more secure to use than HTTP.

Adverts on the Internet have been the source of a great many attacks. Wherever possible use an ad-blocker. This also makes it harder for sites to track your behaviour and use it to bombard you with ads.

It is known that search engines like Google mine your information in order to sell it to advertising companies. One way to obviate this is to use an alternative search engine that does not log your behaviour. The best known of these is DuckDuckGo.

If you are one of the people whose life depends on your privacy then this article is not going to be cautious enough for you.

ToR is a good start. There are also guides as to how compartmentalise your life. There are guides about how to communicate with journalists. Encrypted email solutions exist and should be considered. Even operating systems designed to preserve security.

However it would be remiss of me to advise about these given my life has never been at risk because of a lack of privacy. You must gauge the level of risk and apply appropriate precautions.

For everyone else these few steps can make a big difference.

If you liked this article why not follow this blog

Follow The Procrastination Pen on WordPress.com

Audiobooks

Not that long ago I decided that I would explore the world of audiobooks.

Some of my friends use audiobooks.

I spend a reasonable part of each week driving. I thought having something playing in the background would allow me to make best use of that time.

To me the obvious place to start was an audiobook download from Amazon.

After a while I had listened to the book and I thought that my niece might like to listen to it after me.

I own the book and I reasoned that this should present no problem.

I determined that there was no way to export the book from the playing interface. I couldn’t record it or indeed to pass it on by a method such as via email or file sharing service.

I contacted Amazon support and they told me it is forbidden to do what I was proposing.

Amazon control what you do with your audiobook.

When I owned a CD I could package up the CD and send it on to someone else. The CD belonged to me.

When I owned a book, I could take it to a charity shop and they could sell it; that was my right because the book belonged to me.

I discovered that in the world of downloads you do not own the item that you have bought. The closest relationship I can equate it to is a rental agreement in which you make a one-off payment.

https://www.theguardian.com/commentisfree/2013/apr/05/digital-media-licensed-not-owned

This seems a shift in the power of ownership which few people seem aware of.

So far I have not met anyone who is trying to fight it.

I have decided that I will continue to buy physical media such as CDs because, at present, they belong to me.

What I want to do is to rip the CD to digital audio such as MP3. This convoluted approach is inefficient but at least I own the audiobook.

This means that I am not downloading audiobooks.

Recently I have discovered that there are some services where you do not pay for the audiobooks. Such as this one:

http://www.openculture.com/freeaudiobooks.

For those who love eBooks there are also free download services for these such as:

https://www.bookbub.com/ebook-deals/free-ebooks.

If large companies constrain how you use something you own there are ways to fight this.

One approach is to gain access to digital media for free.

Any stance which resists this trend seems to me appropriate.

If, for example, you decide to keep purchasing physical items companies would adapt to maintain their profits.

The alternative is to resign yourself to a future where your behaviour is controlled.

EXIF

People share their location, by uploading images to the Internet, and in most cases do not know they are doing so.

For example, “I know where your cat lives”: http://www.independent.co.uk/life-style/gadgets-and-tech/news/i-know-where-your-cat-lives-feline-photo-mapping-website-exposes-how-easy-it-is-to-track-the-owners-a6743621.html

And:

https://motherboard.vice.com/en_us/article/vvb7yx/this-guy-is-cyberstalking-the-worlds-cats-in-the-name-of-privacy.

Every image taken with a modern camera (or smartphone) has embedded in it the location where it was taken.

If you take a photograph in your garden – tools on the Internet can reveal where your house is:

https://www.pic2map.com/.

For other data that is embedded in photos read this:

http://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/.

Wherever possible I like to recommend tools that are free or low cost.

One of my favoured image editors is a tool called GIMP:

https://www.gimp.org/.

This is both free and open source (all the code used to write GIMP is freely available).

The Gimp interface currently looks like this:

If I take a screen shot (an image with no embedded metadata), paste this into GIMP and select File – Export:

Give the file a name:

Click Export (the name of the file determines which options you see here – I will show the options for JPEG).

Expand Advanced Options.

The “Save EXIF Data” option is greyed out (the screenshot contains no EXIF data).

However, if I open a photograph with GIMP and follow the above steps, the “Advanced Options” looks like this:

The “save EXIF data” option is available (this is because the image contains EXIF data).

To remove the EXIF data from an image before uploading it to the Internet, follow the above steps. (Ensure that you export the image with a different name to that which the camera gave it by default – to avoid overwriting that original image).

Take the tick out of the “Save EXIF data” box as pictured above and click the Export button.

Your image now contains no information that can be used to identify you or your camera. The image is therefore safe to upload to the Internet.

There are of course alternative methods of removing EXIF data. This article details some of those:

https://www.howtogeek.com/203592/what-is-exif-data-and-how-to-remove-it/