Privacy protection

Besides safe surfing on the inter net, there’s also another issue that needs your attention : Protecting your privacy. Hence this additional article ( for Windows users ), which hopefully is of help to you. Have fun reading !

* *Special thanks to former WOT member “Bob Jam”( Jamieson ) in Arizona – USA for his contribution to this story by adding much information and useful links. And thanks to WOT member “Myxt” for adding some important tips to the story.


“No Worries Online”

Guarding your privacy, in steps explained.

Carefree surfing on the Internet is becoming increasingly difficult. Sites share more and more information with each other, without the visitors knowing that. But YOU ! are also more and more active on the net and for instance social media networks – no matter which and in what form – are a fact and will never disappear !

Internet criminal 1

How can you protect your privacy without limiting your surfing possibilities?

In this story some help is provided to be able to confront privacy invasions. It’s done step by step, starting basic, so even the biggest computer dummy ( = not you! ☺) can do something with that.

Remark : But it doesn’t end after this story ! You always have to stay vigilant. Social media sites exist and earn money with collecting PRIVATE data YOU hand over voluntarily. Their effort is to collect info whenever they can, so you have to set your shields up if you want to use those sites. But when you think “I’m in control of my privacy”, these site owners can change their privacy protection rules without informing their visitors and your shields aren’t closed anymore.

This – for instance – happened in Spring 2012 when LinkedIn suddenly gave themselves the freedom to use the pictures of their members in advertising. When a group of frequent users complained about that they had to restore the old settings to avoid people removing ( or not placing ) a profile picture. Or – even worse – removing their profiles completely


The story :

At first you might – while reading – think : “That’s no news to me, I already know”. But for building up a logical story it’s needed to start with the basic matters.

Step 1: If you want to surf safely, make sure to protect your account. Especially if more people are using the same PC you need to create a password to have your own safe surrounding. Make sure that only YOU know the password !

** Of course that PC must have an Anti Virus ( AV ) and a firewall. Without an up to date AV and a good firewall, any PC is at high risk for infection, in many cases coming from the Internet. And for very frequent internet users – especially those who often download from sites – a “Sandbox” is advisable, see : >> > http://www.sandboxie.com ( Windows users only ).

Sandbox Logo

Step 2: Create a password that’s unique and contains capitals and figures at random. Change that password every now and then, especially if your computer is used by others frequently. Something like “Sky7Get9” will do ( as long as you can remember that yourself of course ). The minimum of 8 figures and letters is needed in an illogical form ! Try to use something unique that says something to you ( and only to you ), such a password is easier to remember.

* I also want to mention the benefit of using a password manager and copy / pasting a password from that ( so that key loggers don’t pick it up ). Plus, password managers will “generate” random passwords with all sorts of characters.

Good additional info can be found on : Linkedin logo

>> > http://blog.linkedin.com/2012/06/06/updating-your-password-on-linkedin-and-other-account-security-best-practices/

**And what about tablets ? You may ask…….

Those are meant for one user. It isn’t possible to create accounts for more users on those, with each their own files / documents ( and more ) behind a password. So if you put a password on a tablet, it’s closed down for others, unless you give your password to them. Which is not advisable to do !

Step 3: Encrypt your network :

Transmit logoWhen you use a wireless home network you have to make sure that no unwanted guests can enter.

You won’t believe how many of these networks are unprotected because of simple ignorance or leaving that for what it is, due to not knowing how to do that. BUT DO IT ! If needed with the help of a professional.

To encrypt you need to install – for instance – WPA on your router and then you have to install the key codes on the PC ‘s of the users on that network. It’s better not to use “WEP encryption” for the wireless, because “WEP encryption” is weak. WPA is much, much better. A search on “WPA encryption” will reveal quite a few tutorials.

Nowadays there’s also WPA2, an improvement of WPA with better safety functionalities.

**Just think about this : In 2011 the Dutch government found out that Google was collecting data from unprotected home networks while they were making pictures for “Street view”. They even used boats to photograph houses along a waterfront ( very needed in our country full of dikes and water ways ). And in the same time they collected as much data as possible ! Google logo

When they were caught and it was made public they had to admit it and apologized. The government forced them to delete all the data they had gathered. But can we be sure it really happened ? Or was it already transmitted to the USA and then deleted as they promised. We will never know ! I’m glad my network was inaccessible…………..

Step 4: Use “https” instead of “http” as much as possible. Of course that depends on the site you visit and if that’s supported from there. But in case of privacy sensitive and confidential matters it’s absolutely necessary. So when you’re online banking or filling in a questionnaire you MUST control the URL title in top of your screen. If no “https” is announced, leave that site ! ! ! It can be a fake site with nasty hidden malware or a phishing attempt. Note : “https” is not a guarantee of safety, but it’s about 99% safe. And it’s something you want to make sure you see.

Step 5: Follow up of step 4.

SSL logo 1 SSL logo 2

When communicating confidential data on the net ( for instance on a site ) use SSL (or TLS). At “https” sites it’s usually default to use this, but it can be provided elsewhere as an option too.

SSL ( TLS ) creates some kind of “tunnel” and makes it impossible for “third parties” to read along ! There’s only one problem : The other communicating party must support the optional SSL too, otherwise it won’t work.

SSL logo 3 slotje

But remember, you can only REDUCE your risk by using SSL, you can’t eliminate it entirely . . . there’s no such thing as 100% security . . . so this is NOT a guarantee. You can read why in the link mentioned in the end of step 4.

A helpful tool for SSL checking on authorization is this : >> > http://www.digicert.com/help

Step 6: Safe E-mailing.

Much E-mail doesn’t contain important confidential information. But occasionally you want to keep the contents secret, by using SSL in mailing too.

In Microsoft Outlook there are possibilities to use SSL for mailing . In the advanced version of your account you can change your settings. If you use Hotmail , Live mail or Gmail you also have possibilities to mail in a safe environment. How to achieve that differs per service you use.

Step 7: The online gold mine………

Browsers are a gold mine for those who are interested in your surfing behavior. And browsers store everything you do! Sites you’ve visited, search words you followed, forms you’ve filled in and what more? It can – for instance – be handy for you to have a surfing history, but if someone else uses your browser from your account it isn’t an advantage anymore. And then when someone else uses your account, your history ( visited websites, for example ) is shared with third parties for marketing and advertising purposes. That’s why it’s important for you to use your own account and not let anyone else use it.

Note: It’s very important to remove the browsing history when you’ve used someone else’s computer or when you share a computer with someone, for instance at work. You don’t want to make people ask difficult questions, do you ? ( we all have some secrets, you know….. ).

And when removing, don’t forget to remove the cookies of those sites too ! Otherwise you still leave traces and that wasn’t the intention.

How to do?

In Internet Explorer go to “Internet options” / “Remove”.

In Google Chrome you need to go to “Options’/ “Advanced options” / “Privacy” / Browsing data removal”

Firefox logoThan about Mozilla Firefox ( FF ). Personally that’s my favorite browser and the amount of people using that worldwide is growing. The advantage of that open source browser is that you have some kind of privacy, at least your surfing behavior isn’t stored by Microsoft or Google ! ( * Hopefully, again : there IS no 100% guarantee….. )

Besides that this browser is quite user friendly, though sometimes sensitive for disturbances. But that doesn’t happen a lot. Because FF has so many functions and add-ons it can happen that the newest update doesn’t directly cooperate with those or with your own AV software. But that’s mostly later on solved quickly.

In FF you need to go to “Extra” / “Options” and in the then opened window you can choose to remove “Browser history” ( where you can select what to delete ) or you can go to a separate cookies list and there you can delete what you want. Make sure not to delete ALL cookies, some remain handy to start your favorites, without entering your passwords again. A very handy tool is the program “Cookie monster” which can be downloaded from >> >  www.ampsoft.net

Cookie monster

The cookie monster in the Muppet show always made a mess of it, but this program doesn’t.

Once downloaded you can adjust your settings by selecting which website / cookies should remain, because they are useful and frequently needed ( like the cookies that belong to your favorites ).

TIP : It’s advisable also to use the “Better Privacy” addon in Firefox to clean out LSO’s  ( Locally Stored Objects, a.k.a. “supercookies” – typically SWF Flash objects ).

The 5 most popular addons in FF are WOT, NoScript, AdBlock Plus, Better Privacy and Ghostery.

Step 8: Auto removal in IE.

In the browser Internet Explorer there is the option to remove your surfing history automatically when you shut down the browser. That’s much easier than doing this yourself every time again.

It depends on your choice if you prefer that, some people prefer to go back to websites again later, and then this setting can be an unpleasant surprise………. Because your next browser session will start with NO history for you to use to go back and visit the sites you were on, unless you bookmarked them. You’ll think to yourself “Now, what was that site I was on? It had some very useful information, but my history is blank and I can’t find it any longer”.

Step 9: How to do that in GC ?

Google Chrome doesn’t have the auto removal function when closing down. There you need “Click & clean” . Go to “Options” / “Extensions”/ “More extensions search”. Than enter “Clean” in the search.

“Click & clean” will be found and can be added as a tool to GC after installing. After that you have to go back to “Extensions” to adjust the settings in “Clear data when browser closes” and to activate the extra tool ( remove the marking at “Disabled” ).

WOT logo WOT symbols

Step 10: Controlling your cookies.

Cookies play a major role in following you ! It’s possible to adjust your browser that the entry of cookies isn’t allowed. But is that handy ? It can cause you a lot of trouble, when you want to visit sites that are – for sure – absolutely safe and / or your favorites. If you don’t prefer that, it’s advisable to download the “Web Of Trust” safety tool. That provides additional information about the safety of sites, and does that already in several important search engines BEFORE you should visit a site.

Once installed W.O.T. places a color coded icon next to web links ( for instance on Google result pages ).  Green is safe, Yellow is questionable and Red is bad and / or dangerous. Don’t click the red links!  And if you’ve already clicked it ?  Don’t worry, WOT cuts you a break and posts a warning page before serving up any Red sites themselves, giving you a second chance to avoid these disreputable ones.

Example :

WOT warning screen

WOT warning screen

More ( compact ) information about Web Of Trust can be read on the extended site of Web Of Trust itself : >> >  www.mywot.com This handy add-on is for free and doesn’t slow down your computer.

Tip : If you want to surf without being followed, there’s the option of using the “Tor” network. In fact this makes you “not traceable” because the network provides you another identity by giving you a different IP than your own. The Tor network is huge and that guarantees that it doesn’t slow down your computer and surfing speed. But if you use that network always select “English” as the language in the “Tor browser bundle”, so you can’t be traced by your own language too. To use Tor, go to : >> >  www.torproject.org/download and select your system. The bundle provides a Firefox version with Tor settings and the search engine Ixquick ( see further ).

But remember : Since the Dutch NSCS ( National Security Cyber Squad, department of the police ) has found out that the Tor network is often used by pedophiles to store their ( encrypted ) filthy movies and pictures, the network is under close surveillance constantly. If you’re decent and have nothing to hide ….. don’t worry about that !

Step 11: Fun! – Social media networks.

Facebook logo

Fun ? Really ? – Sites like Facebook, Twitter, LinkedIn and Google+ are NOT built with the sole purpose to bring you enjoyment ! Their existence is built on gathering as much data from you as they can. That’s how they gain money, a Facebook profile has an estimated value of $ 80 to 100 ! Delivered by you for free !

Citing a respected Web Of Trust member : “Trying to be on social networks and having your privacy secured is like trying to carry a leaky bucket of red paint across a pristine white carpet. No matter how skilled you think you are that carpet is going to get ruined.” Well said and very true !

I don’t use Facebook, Twitter, Google+ and such. I’ve tried Facebook in the past, but after having a scam already within a month and also getting bored of all the needless information ( most people only put chit – chat on it ), I’ve dropped it again. It’s just a waste of your precious time if you don’t have a goal with it. But if you use those sites for company or product profiling, than it’s useful of course.

Even then you have to stay careful. I’ll explain in the end of this story in step 18 / 19 why !

Step 12: GPS data.

More and more equipment is using GPS, e.g. your smartphone and modern cameras ! Services like Flickr and Google+ also use “exif” information. And the location where a picture was made is stored with that picture. Nice and handy, but you ( the photographer ) can be located also by that. Where you’ve been and when ! With the program Photo Data Explorer you can see in detail what exif information is stored with the picture. The program can be installed from >> > www.alexnolan.net/photodata.

When you’re getting nervous after seeing all that exif data there’s also a program to remove those data, called JPEG & PNG Stripper. It’s not needed to install this program, start it on the inter net at >> > www.steelbytes.com and then you can drag a picture to the Stripper window. Always use a copy and store the original picture in a separate file, the removal in the shredder can not be repaired ! When done you can use the “cleaned” picture for publication on the inter net without privacy risk. Tip : with “preview only” you can give this process a try and the program will explain what actions are planned.

Step 13: Picture information

Besides GPS information there are more risks. When you master a site or a Social media profile you sometimes want to place a picture there. Make sure that the filename of that picture doesn’t contain personal information ! Pinterest logoThis is especially important on “Pinterest” , once a picture from one of your boards is “pinned”, you can’t change the title of that picture anymore ( on YOUR board you can, but on someone else’s board YOU can’t ) for the simple reason that you don’t control that board, it’s unreachable for you.

Step 14: Your Smartphone…..

Besides services like mentioned above there are other threats as well when it comes to locating you with GPS. As we all know every cell phone can be located by the police in case of criminality or national security. But some people have an app on their smart phone added, like Foursquare or Latitude, that shows them and their friends constantly where they all are. These data can be shared with Facebook and Twitter and then it starts to get real scary. In the beginning this sounds like fun, but after a while people get annoyed. I know someone who had this in a group with his friends ( for the fun, you know….. ), but after a few weeks they skipped the app when one of them started asking questions others didn’t like ( “You’ve been in ….. Why ? ” ). *Yes, they still are friends after this !

If you’ve had some kind of service or game like this and don’t use it anymore, remove the app and / or the profile completely. When it’s still there, though sleeping ( you think ! ), it can be active “behind the screens” without you being aware of that. And that’s very handy information for people that have a dubious intent.

And then about “Whatsapp” : A very handy service of  course and growing rapidly. But keep it “light” for the usual common messages in life and don’t use this for exchanging confidential information. Remember that the possibilities to follow you are expanded since Facebook is the owner. Like I’ve described before, Facebook is a “hungry beast” that swallows everything, gathering information is making money these days.

Step 15: Connectivity.

Social networks spread themselves out constantly and it happens more and more that they connect to each other and share their data. I’ve once confronted someone with the fact that he was making tweets about a confidential meeting we both joined. He didn’t realize that his Twitter messages were also published on LinkedIn and could be read by all his connections, even in an E-mail that LinkedIn was sending around as a so called “network update”.

*Guess what ? That lead to a severe discussion in the next meeting and the set up of rules on how to handle Social media in a “Compliance statement” we all signed.

Those connections make sure that all these networks know what you do, where you are, what you like and what you maybe want to purchase in the near future. If they ask you to connect, think strongly about saying “NO THANKS” when there’s no need to !

It happened many times that someone was searching on Google for a certain product and received a lot of advertising pop-ups about that product in the weeks that followed. This is already quite common……

Step 16: Searching……

As a follow up of that last sentences a tip on how to search in a private environment.

The following search engines provide you privacy and no follow up of advertising and such :

Ixquick logo

>> > https://www.ixquick.com and >> >  https://startpage.com ( also from Ixquick, but this one follows the Google system ). As you can see they both use “https” ! ( mentioned in step 4 ).

Step 17: Signing up

Some services offer you the possibility to log in through a social media network like Facebook.

That is attractive because you don’t have to remember passwords and such. But if those social media networks are the gate to everything you do on the internet, they also store your surfing behavior from beginning to end. It’s preferable to log in on an account with the use of your E-mail address and a password. Enter the internet directly and stay in control yourself ! Don’t let them follow you if there’s no need to !

And then a tip to keep spam out of your personal E-mailbox :

On discussion group postings and such, always “disguise” your email address if you want to post it. For example, one of my E-mail addresses ( I have more than one) is peter***** [at] hotmail.nl. Notice that I typed out “at” instead of using the @ symbol. That’s “disguising” ! Most harvesters look for the @ symbol to get E-mail addresses, so if you leave out the @ symbol by typing “at”, the harvesters will not identify it ( hopefully ). Internet criminal 3

However, spammers are getting more sophisticated tools, and harvesters may now look for “at” when it’s typed out – which is why I put it in brackets too. But then they may look for “at” in brackets too ! It’s a real cat-and-mouse game.

IMPORTANT TIP:

Get an Internet E-mail account – such as Yahoo, Gmail (Google), or Hotmail (Microsoft) IN ADDITION to your ISP’s E-mail account ( I call that one your “personal” E-mail ). Most of them are free.

For Internet stuff, leave your Internet E-mail address. That way, even if spammers figure out a way to harvest your disguised address , spam will only be delivered to your Internet E-mail address.

It’s like having two snail mailboxes. One is for junk mail only ( a so called “spam trap” ), and the other is for “personal” stuff, like correspondence from family or friends and business.

Which brings me to another point on this “two E-mail boxes” strategy. Give your uncontaminated “personal” E-mail address to trusted family members and friends ONLY !

Step 18: Your traces on the internet.

In the mean time it will be clear to you that you can easily be found on the Internet and how sites approach you with advertisements.

Are you curious who is gathering information about you and how ? For users of Mozilla Firefox a promising add-on has been launched, called “Lightbeam” ( an improved version of “Collusion” ). This extension gives you insight in the situation.

In FF you have to go to “Extra” and then to “Addons”. That should lead you to the menu ( if not, press your Alt key ). In the menu go to “Extensions” and type “Lightbeam” in the search bar ( top right ). Select that and install “Lightbeam”.

Step 19: Using Lightbeam ( former Collusion ).

Some things have changed after installing Lightbeam. The addon creates a file that shows you an overview of which sites are following you as third parties, though you didn’t visit them ! That overview is made visual in a graphical way, but you can also choose for a list

**Lightbeam is an improvement of Collusion made by students of the Emily Carr University together with the Mozilla foundation and supported by the Ford foundation and was launched in 2013.

Link : >> >  https://www.mozilla.org/nl/lightbeam/?src=external-newsletter

Step 20: Using Disconnect : If you prefer not to be followed instead of knowing who is following you, it’s possible to block the followers with Disconnect.

Link : >> >  https://disconnect.me 

As you can see it’s a secured “https” domain, hence most likely safe  to visit. But using this service has one disadvantage :  The disconnect search add-on  isn’t compatible with WOT and hence WOT ratings can’t be seen there.

And then there’s “Ghostery“. Also a great addon to shake off followers. I’ve written a blog about that on July 3 – 2015 on the page >> > Spams / Scams / News blog ( linked ). I suggest to read that, because using the addon has a disadvantage when online shopping.

*For those of you who want to read more :

Alan Henry has written a good story about privacy protection on the site >> > Lifehacker.com ( linked). He mentions in his story the addon “Priv3” as very useful. An option I didn’t mention here btw.


Internet security, privacy protection, web safety, web design

Finally:

The sum of all these steps hopefully brings you to the conclusion that a lot is possible to protect your privacy. I did my utmost best to provide some tools to do that.

To all of you : The internet nowadays is the new “wild west”. You have to be vigilant and prepared.

Be safe out there and take care!

BTW : You might get the idea that I’m seeing ghosts everywhere, after reading all this. Definitely not !

Though I’m not using Facebook and Twitter, you can find me on Linkedin and Pinterest.

And I use Spotify too ( but of course not by logging in with Facebook !  ).

——————————————–

Copyright peterswebsafety