User Name
Password
AppleNova Forums » General Discussion »

How to ensure your privacy?


Register Members List Calendar Search FAQ Posting Guidelines
How to ensure your privacy?
Page 1 of 2 [1] 2  Next Thread Tools
Mugge
Thunderbolt, fuck yeah!
 
Join Date: Jan 2005
Location: Denmark
 
2008-06-06, 08:38

Lately there has been a lot of news and talk about the erosion of privacy on the Internet. The Patriot act and EC logging directive are old news, but with initiatives like Phorm it seems like the ISPs are also getting into the act of tracking us online. And then there's all the criminals who would like to get their hands on our sensitive data as well. I've taken a look at Torpark and probably decided that it was too much of a hassle anyway. We also had an interesting discussion about VPN here at AN a while ago.

Now I was wondering if any of you guys had any ideas or opinion on online privacy. Personally, it does irk me that everything I'm doing online gets logged these days. Not so much because of what the government would do, but more because all these logs could potentially end up in the wrong hands. Hackers must see all these government databases as veritable treasure troves. Look no further than the UK for a fine example. So what can one do to minimise the exposure to all this?

The main threats as far as I see it are:
  • Logging
  • Traffic analysis
  • Untrustworthy internet access nodes like public hotspots
  • Spyware - not really a Mac problem
  • Commercial surveillance and profiling


I suggest we could categorise any suggestions in the following categories, depending on the degree of paranoia. Kinda like an Ars System Guide:

1. The ordinary user: Just want's his personal info to stay out of the hands of the wrong people.

2. The security minded user: Has confidential information and internet traffic that he/she want's to keep secret. This could for example be someone running a small business with confidential customer information or a journalist who had annoyed of the wrong people.

3. The paranoid: Basically want's to be totally invisible and considers himself to be a potential victim of the black helicopters.
  quote
Yonzie
Mac Mini Maniac
 
Join Date: Sep 2005
 
2008-06-06, 10:48

Proxies. If you use 7, it's impossible to track you.

1) Use a Mac, try not to give away too much personal info on forums/myspace, etc. Use webmail and a router. When buying stuff online and similar, only buy from known-good vendors and check that the website uses SSL when giving your credit card details.

2) Same as above, except more so. Buy a good router from a major company like Cisco. VPN support might be nice also.

3) You want paranoid?
  • Proxies/Tor. The proxy/Tor node may be hostile.
  • Remember that SSL can (theoretically) be broken. We don't know how many acres of computers the NSA and Homeland Insecurity has.
  • Use disposable email when signing up for websites and use a new name/pass/email combination on every site so people can't track you across websites. Don't forget that the evil government may have access to the email providers' logs. Do not check more than one email account per IP you connect from.
  • Don't give out even the tiniest personal details (doh). Alternately, give out misleading/wrong personal information, although this might be useable as well.
  • Make liberal use of internet cafés, change often of course. Have a custom linux distro on a CD or USB flash drive to ensure the computer is free of keyloggers and other spyware. Be aware that the keyboard may be bugged and that there could be surveillance cameras tracking your typing.
  • Do not use a credit card ever (cash only).
  • Buy a used cell phone (from a private person, not in a store) and a prepaid SIM. Change both often.
  • For online banking use a security device* (or preferably don't use banks at all).
  • Don't be a member of any clubs (member details may not be 100% private for them to receive public funding and they may have a website with member lists and event results).
  • Don't get drunk/high. Loose lips sink ships.
  • Don't compute with the curtains open. It is possible to decode the blur from your screen on the wall behind you and reconstruct the image.
  • Do not use CRTs. Same as above, only through walls via the electromagnetic radiation.

* I have this little calculator-looking thing. To log into my banks website, I need my username (random numbers/letters), password (same), code for the calculator-thingy, and the calculator thingy itself. I get a code from the bank which i type into the device and I get a different code back which I type into the online banking system. This ensures secure communications from everywhere.

Converted 07/2005.

Last edited by Yonzie : 2008-06-06 at 11:52.
  quote
atomicbartbeans
reticulating your mom
 
Join Date: Jan 2005
Send a message via AIM to atomicbartbeans  
2008-06-06, 10:57

Vote for this guy.
Quote:
Safeguard our Right to Privacy: The open information platforms of the 21st century can also tempt institutions to violate the privacy of citizens. Dramatic increases in computing power, decreases in storage costs and huge flows of information that characterize the digital age bring enormous benefits, but also create risk of abuse. We need sensible safeguards that protect privacy in this dynamic new world. As president, Barack Obama will strengthen privacy protections for the digital age and will harness the power of technology to hold government and business accountable for violations of personal privacy.
To ensure that powerful databases containing information on Americans that are necessary tools in the fight against terrorism are not misused for other purposes, Barack Obama supports restrictions on how information may be used and technology safeguards to verify how the information has actually been used.
Obama supports updating surveillance laws and ensuring that law enforcement investigations and intelligence-gathering relating to U.S. citizens are done only under the rule of law.
Obama will also work to provide robust protection against misuses of particularly sensitive kinds of information, such as e-health records and location data that do not fit comfortably within sector-specific privacy laws.
Obama will increase the Federal Trade Commission’s enforcement budget and will step up international cooperation to track down cyber-criminals so that U.S. law enforcement can better prevent and punish spam, spyware, telemarketing and phishing intrusions into the privacy of American homes and computers.
Edit: Oh, you're in Denmark. My bad.
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2008-06-06, 11:02

I think this bears to keep in mind-

Internet originally was designed to enable communication among several computers. Privacy wasn't a design consideration, and one of aspect of Internet is end-to-end connectivity which also implies that you have to be fully known by everyone else to use the internet (otherwise you'd get blank pages after blank pages cos nobody would know where to send the information to). It is literally an afterthought.

How is that relevant? Well, SSL is wrong solution to wrong problem, so even if it was unbreakable, it wouldn't really solve the real problem; it's easier to secure and protect a line from invasion or snooping, but not as easy to protect the endpoint (namely, your computer). That fancy calculator-thingy Yonzie talked about is probably perfect if he wanted to protect himself from man-in-middle attack or snooping, but it won't do a damn if there's a logger reading his keystrokes or malware that can access the memory heap.

But thankfully, OS X gets it right and does much more to protect the endpoint much better than Windows. (To be fair, this is also true of any well-designed Linux distros or UNIX with a proper implementation of privilege separation and other security mechanism).
  quote
Yonzie
Mac Mini Maniac
 
Join Date: Sep 2005
 
2008-06-06, 11:55

Quote:
Originally Posted by Banana View Post
That fancy calculator-thingy Yonzie talked about is probably perfect if he wanted to protect himself from man-in-middle attack or snooping, but it won't do a damn if there's a logger reading his keystrokes or malware that can access the memory heap.
Remember you get a new code every time you try to log in, and the return code is only valid for a short time, defeating keyloggers etc. Basically you need some more evil spyware to be compromised.
(also added a linkt to a picture of it in my original post)

Converted 07/2005.
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2008-06-06, 12:03

Quote:
Originally Posted by Banana View Post
But thankfully, OS X gets it right and does much more to protect the endpoint much better than Windows. (To be fair, this is also true of any well-designed Linux distros or UNIX with a proper implementation of privilege separation and other security mechanism).
Elaborate. What does Windows not do?
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2008-06-06, 12:47

For starters, it could silently installs bad stuff in name of convenience. With other OSs, you get a dialog asking for confirmation if you really want to run (with exception of that stupid "Download Safe File" option in Safari). Windows does prompt for this as well, but my understanding is that it's not always and you just have to say it's from Microsoft and you get instant access to everything in Windows.

Then there's IE's lenient security- just toss in an nasty ActiveX and you can basically do whatever you want. This may have changed with IE 7, however.

Oh, and Windows XP shipped with Remote Assistance enabled, IIRC. Don't know if Vista still does that, but this is one of other defaults where you have to change to make it properly secure.
  quote
apple007
BANNED
I am worthless beyond hope.
 
Join Date: May 2006
 
2008-06-06, 14:01

Quote:
Originally Posted by atomicbartbeans View Post
Vote for this guy.

[quote from Obama's site ...]

Edit: Oh, you're in Denmark. My bad.
I don't want to turn this into a political thread, but the text quoted sounds less like a concern for people's privacy than it does a green light for an expansion of the role of trial lawyers in America.
  quote
Robo
Formerly Roboman, still
awesome
 
Join Date: Jul 2004
Location: Portland, OR
 
2008-06-06, 19:13

I am a pretty private person and I have concerns about intellectual property (I realize the chances of any thief stealing my laptop and then deciding that he or she would publish the novel themselves are virtually nil, but still...I'd feel so much better knowing that nobody else could have my work before I wanted them to) so I'm not planning on keeping any files of any importance on my netbook. Rather, I think I'll be picking up one of these.

Hopefully, people would be less likely to steal my lappy in the first place if they see that it is tethered to my wrist , and if I ever need to leave my lappy alone for the shortest period of time (to get a refill or something) I can easily take all my data with me; the most any would-be thief would get would be a single chapter (the one currently open). Right?

It's kind of a ugly watch, though.

and i guess i've known it all along / the truth is, you have to be soft to be strong
  quote
Yonzie
Mac Mini Maniac
 
Join Date: Sep 2005
 
2008-06-06, 19:29

I hope you back up your watch. (OMG WTF? )
Also this: http://www.youtube.com/watch?v=LNN6CE_GJHQ

Also, ditch the mininote and get a MB+iAlertu
  quote
Robo
Formerly Roboman, still
awesome
 
Join Date: Jul 2004
Location: Portland, OR
 
2008-06-06, 19:36

Quote:
Originally Posted by Yonzie View Post
I hope you back up your watch. (OMG WTF? )
Also this: http://www.youtube.com/watch?v=LNN6CE_GJHQ
Oh yeah, nightlies onto a well-hidden SD card at home, and maybe monthlies onto an SD card that I would then send to my PO Box for an off-site backup. I do not eff around with backups, at least not for my writing.

Edit: iAlertU is awesome (love the car sounds and the use of the Apple Remote) but if a thief were to pick up a laptop and have an alarm sound, would they really put it back down and run away? I think they'd run away...without putting it down first.

Maybe a well-meaning stranger would trip him on his way out, though.

and i guess i've known it all along / the truth is, you have to be soft to be strong
  quote
apple007
BANNED
I am worthless beyond hope.
 
Join Date: May 2006
 
2008-06-06, 20:01

Quote:
Originally Posted by Roboman View Post
I am a pretty private person and I have concerns about intellectual property (I realize the chances of any thief stealing my laptop and then deciding that he or she would publish the novel themselves are virtually nil, but still...I'd feel so much better knowing that nobody else could have my work before I wanted them to) so I'm not planning on keeping any files of any importance on my netbook. ...
I'm sure your concern isn't unique among writers. Have you asked around or posted on any writers' forums to see what steps they take to safeguard their material?
  quote
Robo
Formerly Roboman, still
awesome
 
Join Date: Jul 2004
Location: Portland, OR
 
2008-06-06, 20:41

Quote:
Originally Posted by apple007 View Post
I'm sure your concern isn't unique among writers. Have you asked around or posted on any writers' forums to see what steps they take to safeguard their material?
Mmhmm. The usual answer seems to be "not much" (chances are, they don't even back-up ). Which is weird, because those are usually the same authors who don't want to tell their agents their plots for fear of their agents "stealing" their ideas, or they make agents and editors sign NDAs, and generally act all unprofessional about it (agents don't steal plot ideas, ever).

I know nobody would really steal my laptop for my writing, they'd steal it for the laptop (or possibly some personal information). I'm not famous enough for anyone to give a damn about my novel, and I have no delusions otherwise. So the steps I take are mainly to make me feel better. I just wouldn't want a copy of my book out in the wild, out of my control, even if the person with it doesn't give a shit about it.

and i guess i've known it all along / the truth is, you have to be soft to be strong
  quote
apple007
BANNED
I am worthless beyond hope.
 
Join Date: May 2006
 
2008-06-06, 21:06

That's perfectly understandable. You're probably right about writers in general, although I figured at least a small percentage would have some good ideas about maintaining portability of their works while also keeping them secure.
  quote
Capella
Dark Cat of the Sith
 
Join Date: Jun 2007
Location: Rochester, NY
Send a message via AIM to Capella  
2008-06-06, 21:23

I have 3 copies of my writing: the one on my hard drive, the one on my external drive (backed up only once a month), the one on my school storage space (backed up once a week). If I know I'm gonna be working on it not on my machine, I update the online backup; if I don't, I can always use the online one anyways and when I'm back on my computer resync it. If/when I get a .Mac account I'll probably keep a copy on there too, although whether or not I'll delete the Eden backup in favor of that one I haven't decided yet.

"A blind, deaf, comatose, lobotomy patient could feel my anger!" - Darth Baras
twitter ; amateur photographer ; fanfiction writer ; roleplayer and worldbuilder
  quote
Swox
OK Mr. Sunshine!
 
Join Date: Oct 2006
Location: Toronto
 
2008-06-07, 18:42

I recommend getting creative with making up your online personas - you have to act the part. Pretend to hold political and religious positions that you don't really believe in. Research them carefully so that you can argue from that perspective with all the vehemence and style (or lack thereof) that someone who really believes in them would.

Make up your location. This is really easy to do, thanks to Google and Wikipedia. It's amazingly easy to convince people that you live in, say, Toronto.

Read enough about subjects that no one knows you study, so you can pretend to be knowledgeable about them online, and thus pretend that you work in a field you don't. Pick one that doesn't relate directly to what your board is about, so that other experts on that site won't be able to tell you're a poser. Also, pick one that's not common, to reduce the likelihood of being exposed.

If you really want to get detailed (and I recommend you do), develop a specific style of writing that doesn't match your real one - vary the quality of your spelling, grammar, and vocabulary.

It's all pretty easy to do with a bit of effort. I like to think of it as leveling my alt.

Do not be oppressed by the forces of ignorance and delusion! But rise up now with resolve and courage! Entranced by ignorance, from beginningless time until now, You have had more than enough time to sleep. So do not slumber any longer, but strive after virtue with body, speech, and mind!
  quote
Robo
Formerly Roboman, still
awesome
 
Join Date: Jul 2004
Location: Portland, OR
 
2008-06-07, 23:14

Quote:
Originally Posted by Swox View Post
I recommend getting creative with making up your online personas - you have to act the part. Pretend to hold political and religious positions that you don't really believe in. Research them carefully so that you can argue from that perspective with all the vehemence and style (or lack thereof) that someone who really believes in them would.

Make up your location. This is really easy to do, thanks to Google and Wikipedia. It's amazingly easy to convince people that you live in, say, Toronto.

Read enough about subjects that no one knows you study, so you can pretend to be knowledgeable about them online, and thus pretend that you work in a field you don't. Pick one that doesn't relate directly to what your board is about, so that other experts on that site won't be able to tell you're a poser. Also, pick one that's not common, to reduce the likelihood of being exposed.

If you really want to get detailed (and I recommend you do), develop a specific style of writing that doesn't match your real one - vary the quality of your spelling, grammar, and vocabulary.

It's all pretty easy to do with a bit of effort. I like to think of it as leveling my alt.
So shall I take it that you, Swox, don't really live in Toronto?
  quote
Partial
Stallion
 
Join Date: Feb 2006
Location: Milwaukee
 
2008-06-08, 00:42

Quote:
Originally Posted by Roboman View Post
Mmhmm. The usual answer seems to be "not much" (chances are, they don't even back-up ). Which is weird, because those are usually the same authors who don't want to tell their agents their plots for fear of their agents "stealing" their ideas, or they make agents and editors sign NDAs, and generally act all unprofessional about it (agents don't steal plot ideas, ever).

I know nobody would really steal my laptop for my writing, they'd steal it for the laptop (or possibly some personal information). I'm not famous enough for anyone to give a damn about my novel, and I have no delusions otherwise. So the steps I take are mainly to make me feel better. I just wouldn't want a copy of my book out in the wild, out of my control, even if the person with it doesn't give a shit about it.
google docs.
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2008-06-08, 01:46

That's the worst thing to do if you want to keep something privet (put it on Google I mean).
  quote
Robo
Formerly Roboman, still
awesome
 
Join Date: Jul 2004
Location: Portland, OR
 
2008-06-08, 11:15

And I'd like to be able to access my writing when I'm not in a Wi-Fi hotspot.
  quote
Partial
Stallion
 
Join Date: Feb 2006
Location: Milwaukee
 
2008-06-08, 12:07

Quote:
Originally Posted by PB PM View Post
That's the worst thing to do if you want to keep something privet (put it on Google I mean).
Why?
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-06-08, 12:50

Quote:
Originally Posted by tensdanny38 View Post
Why?
Because it's Google?

Would you trust a megacorporation that makes money from indexing documents and selling advertisements based on the content of said documents with keeping your own personal and private documents? If you just need scratch space for something you don't need to keep private, Google Docs is great.

Even if you think Google is a completely trustworthy storage mechanism, Google Docs are transmitted in plain text, introducing another major security concern.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Mugge
Thunderbolt, fuck yeah!
 
Join Date: Jan 2005
Location: Denmark
 
2008-06-08, 15:03

Thanks for you replies, guys. Especially Yonzie for the thorough guide to the paranoid life. However, I'm too fond of getting drunk to abide to it. But I've downloaded the Little Brother novel. Banana's point about the original intentions of the internet have also been taken to heart.



I'd also agree with Brad on Google. In fact that's why I stopped using my Gmail, well in principle .Mac could be just as bad, but at least it's not it's stated modus operandi to profile it's users.

A thing that also struck out at me from the replies here is that people seem to have different ideas of what is most important in respect to privacy. Personally, I'm most concerned with commercial logging, and old-fashioned traffic analysis which can't be defeated by SSL and other forms of encryption. The latter looks at who you are talking to and not so much what is being said. It's pretty obvious that if you spend a lot of time communicating with your net-bank, then you might be a good target for some money related advertisements.

Now that I think about it; it also baffles me to no end that email is still sent unencrypted unless you have some plug-in installed that needs to be present on both ends.

  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Tidewater Virginia
 
2008-06-08, 15:23

Quote:
Originally Posted by Mugge View Post
...
Now that I think about it; it also baffles me to no end that email is still sent unencrypted unless you have some plug-in installed that needs to be present on both ends.

This is something that annoys me too. Granted, most of my emails are to my mom and family members, but still I would rather that info be private.
  quote
Mugge
Thunderbolt, fuck yeah!
 
Join Date: Jan 2005
Location: Denmark
 
2008-06-08, 17:29

For me, I suppose it's safe from my Mac to .Mac. But after that I really don't have any control over it. I have a digital signature from the state that I can use to encrypt and sign mails with, but unless the other end also uses it I can't use it.
  quote
Partial
Stallion
 
Join Date: Feb 2006
Location: Milwaukee
 
2008-06-08, 23:06

Quote:
Originally Posted by Brad View Post
Because it's Google?

Would you trust a megacorporation that makes money from indexing documents and selling advertisements based on the content of said documents with keeping your own personal and private documents? If you just need scratch space for something you don't need to keep private, Google Docs is great.

Even if you think Google is a completely trustworthy storage mechanism, Google Docs are transmitted in plain text, introducing another major security concern.
Since when is your gmail account and google docs account made publically available?

Are we really worried about someone hacking in to Google or hacking into my personal machine?!?

The biggest thing I would worry about is losing the laptop and having your documents there for everyone to read. If someone is smart enough to hack into your computer or Google, I am sure they are savy enough to beat some encrypted document format.

Even so, as others have stated, with all the other unencrypted data transferred across the web, what are the odds someone is going to pick up your book?!? It just seems far fetched to me.

...and calling/e-mailing/texting ex-girlfriends on the off-chance they'll invite you over for some "old time's sake" no-strings couch gymnastics...
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2008-06-09, 00:04

^

Back to grammar school. Maybe this time around we can 1+ your reading comprehension, tensdanny38.
  quote
Koodari
Veteran Member
 
Join Date: Jun 2004
 
2008-06-09, 00:32

Roboman, I think if you want to be thorough, you'll assume everything you carry with you *will* be stolen, and work from there.

Full disk encryption on the laptop -> no one will get anything out of it.
Backups at home/elsewhere -> at most, you lose last work.

I wouldn't bother with the wristwatch thingy. The laptop should be encrypted anyway to stop anyone from pulling the data out of temp files, caches or virtual memory, and if you did carry the wristwatch you'd have to encrypt the stuff on it because it can be robbed or stolen as well.
  quote
Partial
Stallion
 
Join Date: Feb 2006
Location: Milwaukee
 
2008-06-09, 08:32

Quote:
Originally Posted by Banana View Post
^

Back to grammar school. Maybe this time around we can 1+ your reading comprehension, tensdanny38.
Meh, I guess my 31 on the ACT for reading isn't good enough.

Bro, its an online forum. I spend 8 hours a day writing formal documents. I let my hair down online I guess.

...and calling/e-mailing/texting ex-girlfriends on the off-chance they'll invite you over for some "old time's sake" no-strings couch gymnastics...
  quote
Robo
Formerly Roboman, still
awesome
 
Join Date: Jul 2004
Location: Portland, OR
 
2008-06-09, 08:48

Quote:
Originally Posted by tensdanny38 View Post
Meh, I guess my 31 on the ACT for reading isn't good enough.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Page 1 of 2 [1] 2  Next

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Procedure before sending iBook for repair: Privacy? scubaski Genius Bar 10 2008-04-29 08:40
We're So Screwed (RFID Privacy Concerns) Dave AppleOutsider 4 2007-02-21 08:04
Is our privacy being violated with 10.4.7? washington mac user Apple Products 20 2006-07-09 16:00
One Mac, two people (iTunes, iPhoto, privacy, etc.) pscates2.0 Genius Bar 18 2006-07-09 02:18
iTunes Mini Store Privacy Debacle: Apple's solution chucker Apple Products 10 2006-01-18 11:53


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 06:23.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2019, AppleNova