Online Privacy Tools

Off Topic
1

Seeing as it’s the anniversary of the Snowden leaks, I thought it worth sharing what tools we use to protect our online privacy.

Email:
EnigMail
K9 (phone)
APG (phone)

Firefox addons:
NoScript
AdBlock Plus
HTTPS Everywhere
BetterPrivacy
DoNotTrackMe

Phone:
RedPhone
TextSecure
ChatSecure
(just encrypt it)
(buy your android phone direct from google or iphone direct form apple)
Orweb/Orbot
FaceTime
DoNotTrackMe (for providing anonymous numbers)

Passwords:
MasterPassword
(just write it down)
set up 2 factor ID on your email

Chat:
Pidgeon

Browsing/DLing:
Tor
Use a virtual private network

Commerce:
Any sort of bitcoin type network
DoNotTrackMe (for anonymous cards)

2

Seems like a lot of work and I am sure you can be tracked anyways.

3

I began to go down that rabbit hole - even bough JJ Luna’s book and a few other things. It just isn’t realistic. I think the only way is to limit the federal government with laws against data collection of US citizens and to pass regulations on companies that store and sell your personal data. You can’t hide from Big Brother.

4

I don’t think any of these products claim to make themselves “NSA proof,” in fact, I’m not sure it’s legal (hence, why lavabit closed down). Most are described as “resistant,” with the focus being more: they can monitor anybody, but they can’t monitor everybody. I believe it’s just supposed to make it so somebody actually has to go through the effort of doing the work, as opposed to just letting a big database do all the work for them with metadata.

A lot of those in the list are redundant. I don’t use any of them because of the NSA, but third party, private companies.

As far as them being a lot of work, I got them to make my life easier. Adblock, well, blocks adds, so that I don’t have to watch commercials on comedy central (10 minutes of my life saved), without me actually doing anything. HTTPS Everywhere doesn’t require anything, it just uses the secure server for a website, if it’s available. When entering an email address, DoNotTrackMe generates a dummy one using auto-fill; I literally just click where I enter the email, and click on the dummy address. I’ve only been using DoNotTrackMe for about 6 months, and it’s blocked over 80,000 trackers, and I don’t allow 3rd party cookies or flash to run, so it’d probably be twice that for the average user. Pidgeon lets me chat on multiple platforms with one client. With NoScript, I just click on where I want to allow Flash.

5

[quote]1 Man Island wrote:
I don’t think any of these products claim to make themselves “NSA proof,” in fact, I’m not sure it’s legal (hence, why lavabit closed down). Most are described as “resistant,” with the focus being more: they can monitor anybody, but they can’t monitor everybody. I believe it’s just supposed to make it so somebody actually has to go through the effort of doing the work, as opposed to just letting a big database do all the work for them with metadata.

A lot of those in the list are redundant. I don’t use any of them because of the NSA, but third party, private companies.

As far as them being a lot of work, I got them to make my life easier. Adblock, well, blocks adds, so that I don’t have to watch commercials on comedy central (10 minutes of my life saved), without me actually doing anything. HTTPS Everywhere doesn’t require anything, it just uses the secure server for a website, if it’s available. When entering an email address, DoNotTrackMe generates a dummy one using auto-fill; I literally just click where I enter the email, and click on the dummy address. I’ve only been using DoNotTrackMe for about 6 months, and it’s blocked over 80,000 trackers, and I don’t allow 3rd party cookies or flash to run, so it’d probably be twice that for the average user. Pidgeon lets me chat on multiple platforms with one client. With NoScript, I just click on where I want to allow Flash.[/quote]

I must confess that I’m an analog man stuck in a digital world. You are a LOT more “hi-tech” than I am - I don’t even have a facebook. I have no idea what half of what you just wrote about means. I basically stick to the whole idea that if I don’t want it published on the front of the NY times, I don’t do it online. There have been some notable exceptions to that, though! LOL

Privacy IS a big interest of mine, so please continue to enlighten us. Perhaps dumbing it down a little so that I can know what you’re talking about.

Most of the privacy stuff that I do involves LLC’s and addresses/phone numbers that don’t really link me to where I actually live. And I use snail mail a lot for important things rather than email. And I shred EVERYTHING. It’s not that I’m doing anything illegal or what not, its just that I understand how easily one’s credit can be compromised (and I don’t want crazy ex girlfriends showing up unannounced). But I’d love to learn more about what online privacy concerns you have. I HAVE noticed that pop up ads are now very specific to what I’ve recently been searching for - even under other user names and browsers. So they must be infecting my computer with cookies or something?

6

I have a python script that randomly visits weird porn sites, browses specific items on Amazon, and looks up foreign music videos on youtube, among other things. I’ve been thinking about building profiles into it. I want to convince that algos that I’m a family of 4.

Simplest thing you can do is set up PGP yourself. The security of any third party solution is in question.

If you really have a secret you want to keep, shut your mouth.

7

[quote]angry chicken wrote:

I must confess that I’m an analog man stuck in a digital world. You are a LOT more “hi-tech” than I am - I don’t even have a facebook. I have no idea what half of what you just wrote about means. I basically stick to the whole idea that if I don’t want it published on the front of the NY times, I don’t do it online. There have been some notable exceptions to that, though! LOL

Privacy IS a big interest of mine, so please continue to enlighten us. Perhaps dumbing it down a little so that I can know what you’re talking about.

Most of the privacy stuff that I do involves LLC’s and addresses/phone numbers that don’t really link me to where I actually live. And I use snail mail a lot for important things rather than email. And I shred EVERYTHING. It’s not that I’m doing anything illegal or what not, its just that I understand how easily one’s credit can be compromised (and I don’t want crazy ex girlfriends showing up unannounced). But I’d love to learn more about what online privacy concerns you have. I HAVE noticed that pop up ads are now very specific to what I’ve recently been searching for - even under other user names and browsers. So they must be infecting my computer with cookies or something?[/quote]

I’m kid of in the same boat as you. This forum is about the most public I get, and even here, I’ve gone back and edited posts to remove some even not-so-personal information. However, I do communicate personal information online, through email and other mediums, that I would not want out there for my sake or the other person’s… and you read about the NSA’s (or was it the FBI’s?) top priority for 2014 being to get legislation passed saying they can go through everyone’s old emails and intercept chats and texts for no reason, the over 1 million people working for these organizations with clearance to do this, and the abuses that have already happened, it is concerning.

Let’s say you’re working overseas and communicating with your wife. Sending an international email is a red flag to begin with. Now, lets say the wife of her cousin in Thailand, whom she has never even spoken to, got arrested for protesting… all of a sudden you’re on the watchlist. Now, lets say you’re gone for awhile, and the wifey sends some titty flicks or whatever. It’s two consenting adults doing what adults do to maintain a long distance relationship. I can only do so much, but I would want to protect my wife from these getting out in the first place. But saying “keep your mouth shut” doesn’t exactly work because, well, I still want to see some titties!

That being said, I use most of these tools to protect myself from 3rd party private companies (legit and otherwise) that make money off of selling your information, so that I don’t get flooded with phone calls, emails, Nigerian priests, or whatever else is out there (I’ve been using these, or similar products, for years, so my exposure has been limited).

Anyway, regarding a “dumbed down” version, I’ll clarify what I can. I’m no expert and have never had a smart phone, so I do not know much about that side, but here’s a super simple primer.

Cookies: These are simple files used by websites to transfer information. This information can be things like preferences, login credentials, form information, and ranges from innocent/mundane to specifically targeted to track everything it can. To control for this, I do 2 simple things (I use firefox, so these directions will be for that, Chrome has a shady privacy policy), 1) Under (alt) Tools > Options > Privacy tab, I accept 3rd party cookies only from sites I visit (never accepting them is sensible as well). This prevents services like DoubleClick that make money off of selling your information to advertisers from doing a whole lot. 2) I also have my browser prompt me on whether or not to accept a cookie from a site I visit. This can be a headache in the beginning because you get prompts all the time, but over time, you’ve given preferences for most sites that you visit, and you no longer get bothered. Occasionally, however, I’ll block a cookie that I need to use a site properly, and this can sometimes take some time to undo (figure out which cookie, change preference, etc.).
There’s also something called LSO Cookies, which basically sit a little deeper in the system. For this, I use an addon called BetterPrivacy that just deletes them whenever I close my browser.

Passwords: This is common sense, but you should have different PWs for different sites, using typically recommended protocols: numbers, special characters, long, bascially gibberish, and you should write them down on a piece of paper, not your computer.

I mentioned the other addons I use in my previous post. Like I said, these are all pretty simple: No script shows a box where Flash should be and you click the box if you want to allow it. HTTPS Everywhere automatically ops for the secure version of a site. DoNotTrackMe, you just click where you want to insert an email (or phone number or CC number), and it creates a dummy email address on the spot that gets forwarded to your email; if you start having a problem with it, you just delete the dummy email. Adblock blocks ads with a whitelist that allows certain components to be run and not others; only time I ever encountered this was trying watch some stuff on NBC’s site, where I had to disable it until it started, but re-enabled it after it began to skip the commercials.

PGP is pretty good, but the person on the other end needs to use it as well. And, lets say you’re applying for a job, if you send and email w/ all this gibberish in it (the key), they’re going to think you’re weird and probably not respond. And I agree that all of these 3rd party products are suspect. Heck, they even confirmed that the NSA was routing computers from Dell and Amazon through their offices to install chips to track activity.

All of that being said. Some would argue that it is unethical to block ads and take other steps because that is the way these companies make money and by blocking them you are “stealing” from that company and limiting the content that can be produced because they have to produce more dumbed down and generic products to appeal to a wider audience.

8

Good thread everyone.

Pidgin, Firefox, NoScript, Adblock user myself. One other thing I’d add is to switch over to an open source based operating system. I’m an Xubuntu user (also played around with Ubuntu, PuppyLinux, and others). From what little I know they have a tendency to be more secure than Windows or OSX in general, and when combined with all the other tools the OP mentioned, they’re very secure. Plus they’re like the Prius of the computer world–lets me walk around in a cloud of smug. In all seriousness though, it’s really neat to see you can step outside the standard OS’s and find that everything still works equally as well (email [Thunderbird], Word [OpenOffice or LibreOffice], photoshop [GIMP], the list goes on and on), just slightly differently. So if there’s a geek inside you that enjoys that kind of stuff, I highly recommend open source OS’s

I keep all cookies blocked except for a list of sites that I frequent. Yes, it can be a pain in the ass at first, but if you’re like me, you visit the same websites more often than not, so after a while your NoScript and cookie settings get dialed in and you forget you ever messed with the configurations in the first place. It’s very rare that I stray into the seedy underbelly of the internet, but when I do, it’s always nice to remember I’ve got things like scripts and cookies locked down tight.

About six months ago I switched from Google to DuckDuckGo. It’s almost as good as Google, and it’s very simple to switch back if there’s something (which is rare) it can’t find.

Adblock is freaking incredible. Every time I go to work and try to surf the web, all the ads make it almost unbearable. When I come home the internet is nice and quiet and clean.

But yeah, as far as actually hiding from the NSA or the government or whatever, nah. This is more about privacy and security on my end. I don’t have a smartphone either, so this is all for a desktop computer.

TOR was fun to mess around with once or twice, but for the most part it’s sloooow, and in order for it to make you completely anonymous, you really can’t use any scripts at all, which means no movies, or porn, which is what the internet is for, right?

Also:

[quote]1 Man Island wrote:

This.