Security & Privacy with technology in 2018 and beyond

Please remember the terms of your membership agreement.

Moderators: valis, garyb

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Security & Privacy with technology in 2018 and beyond

Post by valis » Mon Apr 09, 2018 9:00 am

As ronnie mentioned google in another thread, so I thought I'd give discussing this in its own thread a shot (please let's keep this informative, even if anecdotal, and let's not devolve the conversation if we can help it). I agree with what ronnie said here in regards to google. Social media such as Facebook have been getting some attention for certain 3rd party actors in their network utilizing data in ways that were not expressly disclosed to their users. And surely we're all aware of malware, virii and phishing attacks by now, so let's look at these new issues as well.

What can we do to gain some measure of control over our online gatekeepers?

I would first suggest moving away from relying on Google's (Alphabet's?) services alone as much as possible. In our household we have moved all browsers over to search engines that don't track like duckduckgo or startpage.com. I also suggest a practice of segregating personas across browsers & computers, and use different logins entirely to access various services on each (vary your nicknames & handles) . In some cases I even segregate to entirely different networks, for things that really should be secure (think: financial & medical). This is a rough starting list and far from fool-proof, as there's plenty about your personally identifying mouse movements, reading speed, computer identifiers and more than can be gleaned by the top level data aggregators. And yet it does mean that if an account gets compromised somewhere, there's a lot less that's vulnerable to individuals who may seek to exploit that compromise.

There are many alternative browsers (and linux/bsd based operating systems) beyond the default ones in a given OS, and even beyond Firefox & google chrome. For instance Opera is based on the same webkit foundation as Chrome, but has often spearheaded bringing things to the public long before any of the competition (it had gestures long before mobile browsing was even a thing). But there's also forks of Opera like Vivaldi, which I find to be excellent. And privacy based forks of both Chrome and Firefox are easy to find and research if that appeals to you. I personally opt for hardening Chrome & Firefox directly, and relying on Vivaldi alongside. In most of my browsers adblock has been replaced by UBlock Origin (Firefox & Chrome versions here), and I tend to deploy it along with Decentraleyes, Privacy Badger & HTTPS everywhere so that I know browsing sessions are relatively anonymized from the worst of the players in the market. HTTPS everywhere also insures that the ISP isn't an entry point for bad players (individuals in the organization, injection of ads and more can occur here).

For ISP-level protection beyond that, we have OpenDNS (and Google DNS, but that doesn't help us move away from their services,) Cloudflare's new DNS or local solutions like Pi-hole (local DNS relay running on Raspberry Pi that will block malware & ads for your whole network) and/or Simple DNSCrypt (windows client that can do ipv4, ipv6 & a large number of open secured DNS servers or your specific choice). I've implemented Pi-hole solutions for friends as it's easier than the services that run on MacOS & Linux locally, this replaced using hosts file based lists for blocking ad tracking, social media tracking & Win10 analytics stuff...for those who need more security there's also VPN's. For Windows Simple DNSCrypt is pretty 'simple', but I have found it flakier than the Pi-hole solution at times.

I *highly* recommend going through a data detox at least once: https://datadetox.myshadow.org/detox



I might recommend some of the following to anyone using Windows 10. I am giving links that give manual processes to secure Win10 first, but I will also recommend some simple applications that automate these things as well:

I like to disable One Drive completely, a I use other resources. If you use OneDrive, *don't do this*!!
https://www.howtogeek.com/225973/how-to ... indows-10/

https://www.bleepingcomputer.com/forums ... r-privacy/
(above link dates back to 2015)

https://www.geckoandfly.com/25083/free- ... cking-you/
(more recent list, last updated June 5, 2019)

Disable Windows 10 basic telemetry:
https://winaero.com/blog/how-to-disable ... indows-10/

Comprehensive Windows 10 telemetry tweaks:
https://docs.google.com/document/d/1wDk ... 23icqvs76v

------------------


O&O ShutUp10 is the app that I prefer to use to tweak Windows 10 telemetry, Cortana, One Drive and more. It encapsulates the above lists and I like it because it's a simple toggle on a case by case basis so I feel like it's still fairly manual, it covers all of the above and more, and it doesn't make changes I don't want or understand:

O&O ShutUp10: https://www.oo-software.com/en/shutup10


The tool below was created to remove a lot of the added telemetry/voice/etc technology in Windows10, this is more of a 'one stop' utility that does everything automatically and is probably a better option for a 1-click 'clean' DAW install where you don't want ANYTHING else running, but since it's not as manual as the O&O version above I don't use this personally (I like to leave Live Tiles and a few other things running, you may not):

https://github.com/Nummer/Destroy-Windo ... g/releases


For more general computer cleaning:


Avira Privacy Pal may be worth a look:
https://liliputing.com/2018/04/avira-re ... ndows.html

Though it has some overlap with another cleaner tool I also recommend:
https://www.ccleaner.com/ccleaner

------------------


Lastly, while this isn't strictly privacy related, this may also be of interest to Windows 10 users who prefer to know their machines more intimately:

Announcing Windows Admin Center: Our reimagined management experience
https://cloudblogs.microsoft.com/window ... xperience/

https://docs.microsoft.com/en-us/window ... min-center

User avatar
t_tangent
Posts: 728
Joined: Sun Dec 28, 2003 4:00 pm
Location: UK

Re: Privacy in 2018

Post by t_tangent » Mon Apr 09, 2018 10:58 am

Thanks for starting this thread, some really useful info already, so I look forward to reading other posts as this thread grows.

Yes I use Ublock for adblocking which seems to work pretty well, but will check out the others you mention, and the different search engines.

VPN is certainly a good idea. NordVPN has a great offer on at the moment, https://nordvpn.com/special/deal/?gclid ... s2EALw_wcB

I use Windscribe VPN sometimes as it has a free service up to 10GB/month for those who only need light usage or just want to try it out. https://windscribe.com/upgrade

User avatar
ronnie
Posts: 694
Joined: Thu Jul 17, 2003 4:00 pm
Location: Varies Between 30Hz & 20KHz
Contact:

Re: Privacy in 2018

Post by ronnie » Mon Apr 09, 2018 12:22 pm

Great stuff. Cloudflare DNS, NordVPN, DuckDuckGo, I would add Orbot. And Orfox browser (Android Only). For Windows you would need a dual boot or USB boot into the Tails OS where they are built in. You will then be invisible. So now you can guess my day gig but I deny everything. 8)
"I’ve come to the conclusion that synths are like potatoes, they’re no good raw—you’ve got to cook ‘em, and I cooked these sounds for months before I got them to the point where they sounded musical to me." Lyle Mays

dawman
Posts: 13512
Joined: Sun Jul 24, 2005 4:00 pm
Location: PROJECT WINDOW

Re: Privacy in 2018

Post by dawman » Mon Apr 09, 2018 7:51 pm

I was relieved when COO Sandberg said I could keep my privacy for a set price.
Privacy is a pipe dream.
People should know when everything is free, it’s like drug dealers giving you the good stuff at cheap prices to get you hooked.
Then the price goes up and the shit is cut.

To believe your privacy is in their best interests is a joke.
Has anyone read the recent EULAs Micro$oft sent you?

Read it, you’ll see your privacy is their legal piracy...

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Privacy in 2018

Post by valis » Tue Apr 10, 2018 3:47 am

Always the cynicist :D But that's a good role to have filled among us by such a worthy gent. Goals will surely differ in any selection of people hence our sometimes lively discussion, but 'Invisibility' is not my personal goal,.

My opinion is that a good 'threat model' at our present point includes privacy protections, separation of sets of activities into 'personas' in such a way that interests are segregated (somewhat at least), and to not let enough online behavior aggregate into any single player's hands that all all of my interests and activities can be seen by 1 means alone.

Surely we are aware that abuses of power tend to come not just to "guilty", but obviously from actors seeking to gain. Under the right circumstances, we can accept that we all have our limitations and yet don't seek to be limited by others. So it seems to me to follow that we should have at least some measure of control over what information we expose and where, and to limit exposure where it's unwanted, and accept that we are imperfect at this and that this is a moving target.

At least that's my perspective, to avoid my business and the people in my household being profiled. Both for financial data and for personality traits and weaknesses (family, friends and certainly my own) via psychometrics that divorce the human from the 'aggregated' data profile that stands as an avatar in lieu of our 'self'.

In other words: it should be obvious now from the recent news coverage that it takes a few months of solid tracking to profile a person on the level of what a psychologist could do before. Active in a social group, church, or applying for a job? Just encourage someone to fill out a few Myers Briggs & Enneagram Institute -like online quizzes on websites with ad-trackers via some 'fun' social media posts, collect analytics data across search engine behavior and ad networks... and so on! Eventually this data winds up in the hands of aggregators, both the normal legal entities that trade in such data for marketing purposes, and of course the 'dark' side of online profiling and account penetration as well.

That doesn't mean (imo again) that we should be prepared to hunker down and hide from technology, or only use a 1997 P3 era system to access the web and closet the rest of our studio gear in a Faraday cage embedded in the dirt. I know in my case that since I have a few different avenues for my personal work (graphics, audio, light development work) all of these machines are more & more online as a necessity. And I'm sure most of us fall somewhere along that spectrum (somewhere between a bastion of technocracy and a fundamental enclave :D )

Also my interest might be more self-centered n another way: if we don't have some measure of online security in place, then that would also affect the forums we frequent, the clients and businesses with which we interact, and perhaps other friends & acquaintances. For instance here on the Z, if your account is hacked because your browser was compromised (or your machine) and you were to lose access to these forums, then surely GaryB or I would have to help you with your account access at some point, so avoiding that saves us all time at the very least (again this is just an example).

dawman
Posts: 13512
Joined: Sun Jul 24, 2005 4:00 pm
Location: PROJECT WINDOW

Re: Privacy in 2018

Post by dawman » Tue Apr 10, 2018 8:08 am

Me, I just continue to lie about the gear I own, and how I want the massive Central Government, and love Hillary.
They’ll think they succeeded in my re education and leave me be.

dawman
Posts: 13512
Joined: Sun Jul 24, 2005 4:00 pm
Location: PROJECT WINDOW

Re: Privacy in 2018

Post by dawman » Tue Apr 10, 2018 8:15 am

Registering at the DMV what political your you’re affilliated with will be kept private too....

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Privacy in 2018

Post by valis » Tue Apr 10, 2018 12:53 pm

:lol:

User avatar
garyb
Posts: 21975
Joined: Sun Apr 15, 2001 4:00 pm
Location: ghetto by the sea

Re: Security & Privacy with technology in 2018

Post by garyb » Wed Apr 11, 2018 10:24 am

thanks for taking the time to write this.
this is good info for everyone.

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018

Post by valis » Wed Apr 11, 2018 1:10 pm

Certainly. And thanks for all you do again 8)

User avatar
t_tangent
Posts: 728
Joined: Sun Dec 28, 2003 4:00 pm
Location: UK

Re: Security & Privacy with technology in 2018

Post by t_tangent » Wed Apr 11, 2018 2:51 pm

Yes. Very useful links. Thanks Valis and to both yourself and the O.G. (Original Gary) for all your help on the forum :)

User avatar
Nestor
Posts: 6365
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: Security & Privacy with technology in 2018

Post by Nestor » Thu Apr 12, 2018 5:37 am

It is sad to see how complicated our lives have become due to this crap... it is amazing to witness it, and it is not a Hollywood movie, it is reality. We are surrounded by eyes watching us all the time..., it is insane. If it was only the internet that would be already pretty bad, but it is all over the place: supermarket, bank accounts, car, travels, money exchange, purchases, titles, phone calls, WhatsApp, pet shops records, credit cards, airports, customs controls and face recognition, hospitals, medical care, cameras recording you all over the place, and the list goes on…

I am in a middle position, that is, between Valis and Dawman. I think it is worth to take care and avoid for this octopus to follow you that much, and at the same time, I also believe that it is somehow impossible to totally hide yourself from this extremely persistent world control.

We are facing dreadful dark times! Everything is ready for the fall of our civilization, we are in key days right now.
*MUSIC* The most Powerful Language in the world! *INDEED*

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018

Post by valis » Thu Apr 12, 2018 8:26 am

I'm certainly not trying to fear-monger, I just think it's good to be mindful of the things I've addressed above.

Digital analytics once only the arena of business & finance, has been turning its attention to everything we do in life for some time. It's impossible to ignore that the coupon machines we have at the checkout stands these days are there to collect your purchasing habits and not just to give us nice coupons. Cash-back incentives are designed to keep you purchasing as much as possible with a single card.

And of course we should sure know that the phone you carry with you is an incredible wealth of data, for any app or provider that you connect it with. All of your online web browsing is tracked by search engines, ad networks and social networking 'share' buttons. We know this. But now your phone, and soon your watch and glasses, are aware not just of your location but also the contents of the room around you via audio, and if you have facial recognition in your device it's likely much more of the room than one would think. So aggregate enough of this from enough people, and you have our 'wealth' for the 'information age'. My interest here is simply to insure that the data "wealth" serves us to some degree (and preferably more than less), and doesn't get accumulated only at our expense.

Certainly businesses NEED relevant analytics data on general, it can help improve products and services and help them know when they're wasting money on efforts that can be better used elsewhere. And data on consumer activities is a marketing wet dream. But I still believe we don't need to be able to correlate your diet with your therapist's recommended online reading with choice of television panels and so on. And imho you do this by limiting the amount of power any one player has when it comes to profiling you, not by eliminating ads and tracking data altogether.

And most importantly, we evaluate this information based on what these services TELL US that they do with our data, and how that data is handled. When they are not truthful or exact about this, it's in our best interest to dig in and learn more and limit what we expose. This, I'm sure, will become evident to everyone if it isn't already.

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018

Post by valis » Mon Apr 16, 2018 5:44 am

At least we don't run casinos (though jimmy might work at them):
http://www.businessinsider.com/hackers- ... ?r=UK&IR=T

User avatar
Sounddesigner
Posts: 944
Joined: Sat Jun 02, 2007 11:06 pm

Re: Security & Privacy with technology in 2018

Post by Sounddesigner » Thu May 03, 2018 3:04 am

What I hate about corporate abuse like this privacy issue is it ends up harming us in multiple ways. First our Privacy is destroyed cause Facebook and others don't know where to draw the line and go overboard doing things like watching all of your internet activities even after you leave their website; but secondly the Government uses this type of stuff as a excuse to over-regulate businesses wich ultimately cost us the users/consumers in some way, and makes it harder for new and small companies to compete with giants like Facebook, Google, etc. Over-regulation and over-taxation hurts the most customers and small businesses. Many politicians want a lot more changes to the internet in regards to regulations and taxation and financial-penalties. The EU passed legislation called GDPR that will be in effect in a few days wich puts extreme limitations on consumers personal data wich I'm sure will seriously harm EU consumers/Social-Media-Users in the longrun. Government often does more harm than good when it tries to solve problems like this and use issues like this as a excuse to impliment more Government control/political-agenda. If one does not like what Facebook and other companies are doing it's best to just not use their services and products and generally keep Uncle-Sam out of it or else citizens might end up harmed in multiple ways. Sometimes the fix is worse than the problem.

borg
Posts: 1461
Joined: Tue Oct 23, 2001 4:00 pm
Location: antwerp, belgium

Re: Security & Privacy with technology in 2018

Post by borg » Thu May 03, 2018 6:47 am

This is preposterous! I haven't got a single clue what is being discussed here... I don't mean the threats, I've read the news, but all these measures to be taken. I've been using Macs for almost twenty years now, only one issue with malware, but I do realize I'm vulnerable and ignorant, and probably lucky/uninteresting. What is this? Will, in two years time, only IT specialists be able to use the internet safely?

But this is child's play really. I recently saw a documentary about the next generation of cities that are being built at the moment in China and Persian Gulf states... Heading for disaster, I guess! Everything is being run by computers, everything! And I mean Every Thing!
A few months ago, a teenager in his bedroom brought the entire Dutch banking world on its knees (quite innocently), if you walk through a red light in China, it's camera registered and the government will shut you out/make you loose your civil rights. Everyone is being watched, and villains apparently have no trouble getting hold of all this info... What if some badass can get into the framework of such a city?

Dystopian, Orwellian, short sighted... call it what you want, but as long as governments don't really feel the need to protect its citizens, but rather keep them under its thumb in favour of the industry...
andy
the lunatics are in the hall

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018

Post by valis » Fri May 04, 2018 3:44 am

When it comes to abuses of power, imo concern is often not the faceless side of power wielded by organizations, oligarchies, governments and other organizations but rather the individuals who can wield that power in some way. The obvious case in point with Facebook is the Cambridge Analytica 'scandal', but the real issue there is that those resources are being used to mine you for a lot more reasons than just showing ads. And that singular company is just the tip of the iceberg...

Not to mention what happens when that data aggregates into the hands of a single player who can be exploited: https://www.wired.com/story/exactis-dat ... n-records/

A good example of abuse of power via access at the individual level: https://arstechnica.com/information-tec ... alk-women/

--------------------

So I agree with Sounddesigner in regards to voting with our dollars and attention, and simply avoiding the 'use' of services where possible. Since visiting a website first relies on DNS to resolve the web address, the DNS 'use' case outlined here is a case of 'knowing what websites you visit' and mining that data, and options are given for that. SImilarly, browser plugins to block ads and such are not new, so I have also mentioned how you can do this via DNS redirection (pi-hole, DNSCrypt etc) which also avoids ISPs injecting their own ads in place of well known ad-networks.

And since our operating systems also collect data on you, and provide default services (like Onedrive) which may also tie in a lot of your data, there are options provided here as well. I would have provided more Mac specific discussions here but I was operating with the presumption that more of our forum users are non-Mac, and know this is true from being here for so long. If you're interested borg I can provide more options there, or you can as well so we can include that into the conversation.

borg
Posts: 1461
Joined: Tue Oct 23, 2001 4:00 pm
Location: antwerp, belgium

Re: Security & Privacy with technology in 2018

Post by borg » Sat May 05, 2018 7:01 am

hi Valis,

if it was unclear, 'this is preposterous' wasn't aimed at this thread at all, on the contrary, it was aimed at the situation where you need a degree or at least deeper knowledge to do wat seems so innocent: looking for innocent info, connecting to friends,... Personally, I only check Z, and a few other music technology sites, and our national (unbiased?) news site, and some youtube, not interested in social media. I don't mind the 5 sec Native Instruments ads before my clip starts. So basically, I only use computers to make music and check soccer results, and try to keep my human interactions as 'live' as possible.
So, thanks for the offer to give some Mac based advice! My ignorant self says "don't need it", but yeah, it could be too late some time soon.

What I would like to ask you, has to do with something totally different: One of those other sites I frequent is the Subsekt techno forum, and the admins are having some trouble with phpBB, seems like they need a transition like Z went through a few years ago, but they haven't got a clue. The guy that built the site is no longer part of the team. I directed them to Z, and mentioned your name... So not really a question, more of a warning that some dude may knock on your door...
andy
the lunatics are in the hall

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018

Post by valis » Sat May 05, 2018 7:41 am

Ok, thank you for the heads up. If I can help within my schedule, will do so.

And thank you for the clarification as well.

User avatar
valis
Posts: 4939
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018

Post by valis » Mon Aug 13, 2018 12:23 pm

Google tracks your movements, like it or not:
https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb

How to find and delete where Google knows you’ve been
https://www.apnews.com/b031ee35d4534f548e43b7575f4ab494

Post Reply