Search the Community
Showing results for tags 'PII'.
I cannot help with the first, but the second I can… Nobody. This is called the “Zero Trust Model” That said, it is not always possible. But here is the issue, unless you are new here, you trust KillerSites. But under the zero-trust model you should not. Is Steff going to steal your data or sell it? No. He may even say that somewhere here. But will he going to jail for you? What if law enforcement walks in with a warrant? This is just one issue to be considered. If you use a VPN (Virtual Private Network) for privacy, are they really private? How do you know? Even if they say they do not log you, they may be lying. Or they may start logging users next year, or they may be forced to log users by law enforcement or new laws later. How can you trust people you don’t know, how do you know what they claim is true and how to know what they claim today may change tomorrow by choice or force? Just look at these headlines as examples: Equifax Hack Exposes Personal Info of 143 Million US Consumers Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach You should be able to trust Equifax, but clearly you can’t because they failed to keep up to date Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server You should be able to trust Viacom, luckily it was not customer info, but hackers could use this data to trick you into entering incorrect sites US Defense Contractor left Sensitive Files on Amazon Server Without Password Passwords For 540,000 Car Tracking Devices Leaked Online Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server Smart Vacuum Cleaners Making Map Of Your Home — And Wants to Sell It Sweden Accidentally Leaks Personal Details of Nearly All Citizens You Had One Job, Lenovo Hotspot Shield accused of snooping on its users’ VPN usage In the end, you have to trust, I realize that. You have to trust your bank (but don’t forget Well Fargo’s headlines of late), you have to trust your ISP (you really should not) unless you use a VPN that you then need to trust. Just tell yourself that you may have to trust them, but not blindly trust them. Be informed, investigate them and if you see something you don’t like, leave. All companies are out for profit, not you. They sell your data for profit, then track you so they can send you targeted advertisements from partner companies paying them to do so (Yea, you Google). Freeware is not free, your personal data is the price you pay. They collect it and sell it further and all you have to show for it is a silly game. If you want privacy of your personal data, pay for services. Do not let companies track you. Protect your personal data because it may not seem important to you but someone out there is selling and buying it and studying it. This is a link to a list of big companies and their policies for personal information and government requests by the non-profit Electronic Frontier Foundation: Who Has Your Back? Government Data Requests 2015 Finally, please notice I have tried to get a few examples of trust not warranted. The vacuum cleaner will sell your info where, Equifax, Viacom, and the contractor are just doing stupid stuff. So whether it is a blatant money grab, incompetence or even government pressure, your data is still compromised, so just remember the governments own Axim, “Need to know”. Does that app or web site really need to know or just want to know that? Does that app need that access to your phone or can you live without that app? But as I have said, I am in the security business now and it is my job to be paranoid for you. There are good people out there too. Killersites and Steff are one in my opinion and I write this to help you be more secure for free. I don’t even have my own business doing this for a living. I would like to introduce you to one last person and headline. If you have never heard the name Ladar Levison, it is a shame. He was the founder of a secure email company named “Lavabit” who closed his successful company rather than give up user’s information to the US Government. This was the company used by Edward Snowden. Regardless of your position on Snowden, I personally have to admire a man like Levison who shuts down his company rather than sell out what he believes in, our right to privacy. How the Government Killed a Secure E-mail Company.
This is a loaded question, because it is dictated by you and what angle you are looking at it. So, the very first question before you go further is: “What/Who am I?” then you follow that with “Who do I think I am up against?” Private Folk: This is the primary target for this forum. Who – You, your kids, family & friends Opposition – Cyber Crime, Hacker Groups, Lone Hackers, or Script Kitties, Government Business person at home: Looking at more mom & Pop to smallish business for our readers. Who – Shall we say for argument small business like you doing web design or the businesses you design for. Opposition – Cyber Crime, Hacker Groups, Lone Hackers, or Script Kitties. Travelers, Big Business or Press: Again, rather big league for my purposes. Who – Big businessmen or Press traveling to questionable areas. These folks can expect to be hacked within 1 hour of signing into their hotel in places like Russia or China. You would not want to have a laptop full of business secrets or notes on where you will meet a dissident. Opposition – Secret police, law enforcement, nation state government backed cyber units. The Dissident/Activist: I am not going to cover this person much as I doubt any of you fit the bill. Who – The Dissident we will say is risking their freedom or life to fight for justice. Security for them is life & death for them and their loved ones. They have to stay smart, extremely paranoid and on edge. Opposition – Secret police, law enforcement, nation state government backed cyber units. Common sense will tell you that You want to protect your computer, phone, tablet and computer from hackers, malware, ransomware, viruses etc. and you’re up against medium to minor threats. The dissident does not want to die so needs aliases, deep covers, saves nothing on a PC. Encrypts hard drives, what you see spies do in movies and are up against well-funded professionals with great skills and tools and the “Law” on their side. Now ask yourself: What is important to me? What am I protecting? What is important to me? - Security or Privacy? This is confusing at first, I know. If my PC is secure… my Personally Identifiable Information (PII) is private. But let us take Google Chrome as an example. Now for the first time the most popular browser in use and many of you use it. I did until I got into security. But look at it from a purely security stand point, shall we? Chrome: Security: Google is a very secure browser. It has had fewer vulnerabilities found than Firefox and they were fixed quickly. Chrome has a form of sandboxing built in. It has a big organization behind it. Google offers rewards to hackers who find vulnerabilities in its products. Privacy: Google is everywhere. It tracks everything you do. The moment you come to Killersites, Google knows you are here and ads that data and you can be profiled by it. KS uses Googleanalitics, so google knows you are here and can surmise how often and what other web sites you go to and before you know it they guess you are a web designer. Google owns many sites now like YouTube, and analytics are everywhere. Google has a corporate monetary interest is tracking you, learning your likes and dislikes and selling it as well as feeding us targeted advertisements. Firefox: Security: Firefox has more of a history of vulnerabilities, but they have all been fairly minor and quickly patched. Firefox has been around longer with a bigger following so a better target for hackers. Now Chrome will be targeted more often. Firefox also has more available security and privacy extensions to make it more secure. Privacy: Mozilla Just makes a browser (OK, email, colander etc.) and has no monetary interest in tracking you. So, as you can see, Chrome may be the more secure browser in theory, but it is a nightmare if you don’t like being tracked. So, Security is about protecting your application. machine etc. from unauthorized changes while Privacy can be about you. What am I protecting? These we call “Cyber Assets”. This is up to you. Here are some ideas, starting with the obvious: Passwords, especially Master Passwords Banking, Stock and other financial info data PII data like SSN, birth date, medical data etc. Questionable Photos & Video Questionable materials How about personal photos, not adult, just simple photos that can identify you, help identity thieves, help people pose as you How about your interests than can be used to profile you Tracking Websites you visit that can profile you Cookies and other things that can track you for a profile Your OS, browser, browser plugins, and cookies can all be used to “fingerprint” you. You could be identified by this data These are some things you will need to consider as you read anything else I post in this forum. You will need to consider these things as you decide for yourself just how far you wish to go with YOUR security. You may have no problem with Google tracking you and making money off your data.