Search the Community
Showing results for tags 'privacy'.
-
I have mentioned this before and must do so again so that you understand what we are speaking about when discussing Security vs. Privacy. Also let me state that I often come across a bit judgmental, that is not my intention here. Win 10 is a very solid and well secured OS, but not good for those looking for privacy and anonymity. Privacy vs. Security At a quick glance you will think that they are more or less the same, and that would be the case if we were speaking of material privacy. If your Laptop is secure than your Private photos remain private. But in cyber security we are speaking of privacy as a concept, not a thing. In this case it breaks down like this: Security: This generally speaks to your machine, hardware and software. It deals with Trojans, worms, viruses, adware, malware, ransomware, as well as system vulnerabilities like un-patched or old software, old anti-virus signatures. Keeping permissions tight, keeping access blocked, etc. Privacy: In this case we are talking about you rather than your things. Privacy is about protecting your data, not giving out your SSN, not posting embarrassing photos, not letting other know what you are doing. It is about the information and actions and beliefs that make up you. The basis of all cyber security considerations is which of these two things is most important to you? It is not about choosing one or the other, they are very much entwined, but you will always have to choose between which one weights more in your worries. That decision will often form your choices. If you are a political dissident, if you have a secure PC, but you announce your name online you will be arrested and jailed and any adversary with your hardware will eventually crack it. If you protect your identity online, the government will not who to arrest and not get your machine. So, Privacy is more important, though you would protect your PC too. Windows 10 – Go for it or hold off? So, we come back to Windows and my question above: What do you care more about? If you go out and get a new PC, it will likely have Win 10. The question is then, do I simply accept IU am forced to have Win 10? Do I wait until the next generation of Windows? Or do I simply purchase or change my OS to another type, Like Linux? Here is a break down for you and why the question is so important. I will go Positive first as I am not trying to influence you as it is a personal choice, you just need to understand what is at stake. Security Win 10 is getting some praise by the traditionally anti-Microsoft security experts. 10 is proving to be a major change for Microsoft, it is solid and far more secure than any other Windows in history. Remember that Windows has always been “Dumbed Down” for the users. They want it ridiculously easy to use so you’re the user do not have to think, just point and click. This however has resulted in decisions that, although making your life easier, also made the system massively insecure. Granted, it was also conceived in a time period where nobody saw a real need for security. Here are just a couple reasons I can think of off the top of my head why Windows has finally become more secure. Security and ease of use rarely go hand in hand. Virtualization-based security: Greatest thing to hit Windows since they started using Windows. Most of you know what virtualization is. You install a Virtual Machine and then you can run any type of Operating System (OS) on that machine. So, you boot into Windows, open your VM and you can run a Linux computer on your Windows machine as an example. Win 10 uses a version of this to run much of it’s security virtually, so even if a hacker gets into your admin account, that does not give them the needed permissions to change many major settings. This is a major change for Microsoft and something the security field has been preaching for years. Virtualization is one of the keys to security keeping different parts of the system separate from each other. You can imagine it as a virtual sandbox. Defender Application Guard for Edge: This is another example of Virtualization. Cyber security is a technical field mostly and I try to keep from getting to deep in the technical stuff with you as most of you may want to be safer but now follow the technical stuff. Basically, Application Guard decides if the web site you visit can be trusted. If it is Edge shows it as usual, if not, you still see it as usual, but the web site is shown in a virtual browser and anything bad it includes is unable to infect your browser or the machine. Here is a Happy & Bubbly video on how it works for users. Device Guard: Virtualization again shows its power with this tool. It uses the “Zero Trust Model” where everything is considered untrustworthy. You then “Whitelist” apps you trust or know where they came from. Traditional security counts on having a signature of “Bad” software, so new threats are not recognized as threats. This way everything is considered a threat until proven otherwise, so new threats do not get through. All software must be signed, from Microsoft, the developer, or now you can vouch for software you trust. Using virtualization keeps any malware that reaches the system from running code that will write or change code to the Kernel of the OS programming. Device Guard will also work hand in hand with AppLocker which is in Windows since Vista and can be used to limit permissions to applications. How Windows Defender Device Guard features help protect against threats NOTE: Currently Device Guard only works on High-end editions like Enterprise, Business and maybe Education editions. It does require some hardware etc. that supports the technologies used. Many producers have signed on to support this technology, but they have not shipped such machines, so at this time the average Home edition user will not be able to take advantage of this tool. High-end computers may be able to if they run high-end editions. There are more things making Win 10 the most secure operating system form windows yet, these are just a few real worthwhile mentions. You can see more at: What's new in Windows 10. Privacy This is a completely different matter. As mentioned above, ease of use & security rarely works well together, nor does ease of use and privacy. Here I look at it from both a security point of view and generationally. I am an old guy, so I come from a different world and cannot understand all this linking of stuff. A Phone and a camera are two different things, so why combine them, which was my opinion with the iPhone 1 announcement. Along those lines, why would I go on Facebook and post a selfie of me and my dinner while telling everyone following me what I am eating and at what restaurant at this moment. Who cares? And why would I want to follow anyone anyways? But the millennials and later, it is simply the way things are and what you do. Win 10 is made in the image of Millennials, or at least what Microsoft thinks they want (rather than need). The result is, we get things like the required addition of a Microsoft controlled email to use the OS fully. More and more Microsoft in creeping into our private lives. Win 10 is riddled with Apps that identify you, they track you, they call home and let MS know where you are, what you like, and much more data about you which MS then uses to target you for advertising and among other uses, makes a profit off you. This is why you must decide what is more important, a secure OS or an OS that phones home without your knowledge and permission to tell businessmen everything about you just so you can use Skype with fewer clicks. That is the reason it all depends on you, if you want security and do not care about secret communications between your machine and MS, you just want easy access to all your social tools, then Win 10 will work for you. If your privacy is important and you don’t like this idea of MS possibly spying on you, then go with another OS or wait and see if we privacy advocates can force MS to back off and respect our privacy in the next OS. Here are some privacy examples for you: Synchronization is the default. Everything synchronizes with Microsoft to include, web sites you visit, passwords, personal data, browser history, hotspots, software settings etc. Do you trust MS with your user IDs and passwords? Do you visit sites that maybe you do not want others, especially strangers to know you visit? Each instance of Win 10 gets a unique Advertising ID to customize advertising you receive to your interests. They do not do this to be nice, advertisers pay them good money to target you with their advertising based on what you surf to or for. Cortana Data Collection, seriously, was your life so difficult before Cortana? To serve you it must learn about you. To work and meet your requests Cortana (and Siri etc.) collect data such as device location, information & location history, your contacts, voice input, search history, calendar details, content & communication history from messages and app, key strokes, debit & credit card details, movies you watch and music you listen too, as well as info about your device to name a few. When you agree to use Win 10 you are agreeing with sharing your data with Microsoft and how they will track you. Read their privacy statements and service agreements. You have some great services to gain, but it will cost your privacy, so be sure it is worth it for you. https://www.microsoft.com/en-gb/servicesagreement/default.aspx https://privacy.microsoft.com/en-us/privacystatement/ So, decide if you want an Easy to use/Semi-secure/Gadget driven link to your online life or if you are more worried about Security AND Privacy. Many of you do are not much worried about your privacy and that is fine if it works for you and you can feel more secure with Windows 10 than you should feel with whatever Windows you use today. If however your privacy is important to you, stay away from Win 10 as long as possible and seriously consider Linux or even Mac.
-
You may have seen my two recent posts about Cyber Threats, Bad Rabbit and CoinHive. In the first I said top block all Flash, in the second block all JavaScript. Flash: As many of you know this is dying out and has always been a major security vulnerability. As it is dying out you can usually block it without much issue. JavaScript (JS): I have always preached against JS, before because it was not always supported like with early cell phones and because people like me often turned it off and web site readers could have issues with it. But face it, web sites still use it and it has grown rather than diminished in popularity. You cannot reasonably block it without breaking many sites you go to. So, what to do? Eventually I will post a tools thread, but this is important enough for its own thread. In the CoinHive story I pointed out that more and more sites are placing JS on their sites that mine cryptocurrency like Bitcoin using YOUR CPU, but WITHOUT your knowledge, WITHOUT your permission, and WITHOUT sharing the profits with you (.05 Bitcoin I about $285 as of this writing). NoScript: This is the quickest and easiest thing to use. It is a Firefox Plugin you can get from Mozilla. It by default, blocks everything. Once installed most web sites will be broken. It takes patience, but as you visit sites, you will need to give permissions for the sites. You can allow the base website permanently. Same goes for some other clear needs. The rest, you can leave them blocked, or allow them temporarily to see what are required for the site to work and which ones are just fluff or downright invasive. Don’t need it? Don’t allow it. Don’t allow Facebook, don’t allow Google analytics, these are tracking you and are not needed to use the sites. It also blocks Java (many vulnerabilities), Flash (massive vulnerabilities), and some other hazardous things you may not know about. uBlock Origin: This name exactly! uBlock is a different software! uBlock Origin is another Firefox plugin. It does much the same as NoScript and much much more. It is theoretically the better of the two if you have serious issues with your privacy/security. It also has a bit of a learning curve. I intend to use it but have yet to find the time to really sit down and learn how to use it correctly. NoScript is fine for most of you, but if you want more control over what happens in your browser or your paranoid, put the time in to really understand uBlock Origin so you can set it up correctly. There are videos on YouTube on how to use it, so check it out first. It can also replace add blockers. uMatrix: uBlock Origin’s big beefy brother. It is almost identical, but offers the ultimate control over what happens in your browser. It can also replace add blockers. This should be held in reserve until you are well versed and comfortable with uBlock Origin. It is only for advanced techno types. Remember, these will be a pain in your but to begin with and you will want to just get rid of them… do not do that. These can protect your privacy while surfing. Google Analytics tracks you to decide your interests and then make money off your habits by using targeted adds. Yea the data is nifty for web site owners… but it is bad for us users. Go ahead and install Noscript/Ublock Origin and visit a few sites and see what pops up for scripts: Killersites Forum: Killersites and Google Analytics Forbes.com: Initially you will get a white page as all is blocked. Now go to the tool and look, you will see Forbes & ForbesImg (Forbes Image Server), so approve both of them. Now look again after a refresh, the list has grown to about 25 scripts trying to run/connect and you normally would have no idea. Even having an idea they are there, do you know what they do, what data about you they handle and why they need it? Hulu: Hulu has 23 scripts, but my films work fine with only 10 approved. I often listen to Keith Olberman on GQ’s web site. It took me at least 20 min. to get the video collection page working correctly and playing the video. I had to grant temporary permissions to each one until something worked and then make that permanent and try again with the next. It can take a lot of time and energy. But once done, you can surf in more privacy than you did before. Some of these or those like them ar available for Chrome. But Chrome is developed by the folks tracking you for a profit so there are fewer. If you want privacy, use Firefox.
-
This is a loaded question, because it is dictated by you and what angle you are looking at it. So, the very first question before you go further is: “What/Who am I?” then you follow that with “Who do I think I am up against?” Private Folk: This is the primary target for this forum. Who – You, your kids, family & friends Opposition – Cyber Crime, Hacker Groups, Lone Hackers, or Script Kitties, Government Business person at home: Looking at more mom & Pop to smallish business for our readers. Who – Shall we say for argument small business like you doing web design or the businesses you design for. Opposition – Cyber Crime, Hacker Groups, Lone Hackers, or Script Kitties. Travelers, Big Business or Press: Again, rather big league for my purposes. Who – Big businessmen or Press traveling to questionable areas. These folks can expect to be hacked within 1 hour of signing into their hotel in places like Russia or China. You would not want to have a laptop full of business secrets or notes on where you will meet a dissident. Opposition – Secret police, law enforcement, nation state government backed cyber units. The Dissident/Activist: I am not going to cover this person much as I doubt any of you fit the bill. Who – The Dissident we will say is risking their freedom or life to fight for justice. Security for them is life & death for them and their loved ones. They have to stay smart, extremely paranoid and on edge. Opposition – Secret police, law enforcement, nation state government backed cyber units. Common sense will tell you that You want to protect your computer, phone, tablet and computer from hackers, malware, ransomware, viruses etc. and you’re up against medium to minor threats. The dissident does not want to die so needs aliases, deep covers, saves nothing on a PC. Encrypts hard drives, what you see spies do in movies and are up against well-funded professionals with great skills and tools and the “Law” on their side. Now ask yourself: What is important to me? What am I protecting? What is important to me? - Security or Privacy? This is confusing at first, I know. If my PC is secure… my Personally Identifiable Information (PII) is private. But let us take Google Chrome as an example. Now for the first time the most popular browser in use and many of you use it. I did until I got into security. But look at it from a purely security stand point, shall we? Chrome: Security: Google is a very secure browser. It has had fewer vulnerabilities found than Firefox and they were fixed quickly. Chrome has a form of sandboxing built in. It has a big organization behind it. Google offers rewards to hackers who find vulnerabilities in its products. Privacy: Google is everywhere. It tracks everything you do. The moment you come to Killersites, Google knows you are here and ads that data and you can be profiled by it. KS uses Googleanalitics, so google knows you are here and can surmise how often and what other web sites you go to and before you know it they guess you are a web designer. Google owns many sites now like YouTube, and analytics are everywhere. Google has a corporate monetary interest is tracking you, learning your likes and dislikes and selling it as well as feeding us targeted advertisements. Firefox: Security: Firefox has more of a history of vulnerabilities, but they have all been fairly minor and quickly patched. Firefox has been around longer with a bigger following so a better target for hackers. Now Chrome will be targeted more often. Firefox also has more available security and privacy extensions to make it more secure. Privacy: Mozilla Just makes a browser (OK, email, colander etc.) and has no monetary interest in tracking you. So, as you can see, Chrome may be the more secure browser in theory, but it is a nightmare if you don’t like being tracked. So, Security is about protecting your application. machine etc. from unauthorized changes while Privacy can be about you. What am I protecting? These we call “Cyber Assets”. This is up to you. Here are some ideas, starting with the obvious: Passwords, especially Master Passwords Banking, Stock and other financial info data PII data like SSN, birth date, medical data etc. Questionable Photos & Video Questionable materials How about personal photos, not adult, just simple photos that can identify you, help identity thieves, help people pose as you How about your interests than can be used to profile you Tracking Websites you visit that can profile you Cookies and other things that can track you for a profile Your OS, browser, browser plugins, and cookies can all be used to “fingerprint” you. You could be identified by this data These are some things you will need to consider as you read anything else I post in this forum. You will need to consider these things as you decide for yourself just how far you wish to go with YOUR security. You may have no problem with Google tracking you and making money off your data.
-
- personal security
- PII
-
(and 4 more)
Tagged with: