Jump to content
Killersites Forums

Who Do You Trust Vs. Who Should You Trust


Recommended Posts

I cannot help with the first, but the second I can… Nobody. This is called the “Zero Trust Model” That said, it is not always possible.

 

But here is the issue, unless you are new here, you trust KillerSites. But under the zero-trust model you should not. Is Steff going to steal your data or sell it? No. He may even say that somewhere here. But will he going to jail for you? What if law enforcement walks in with a warrant?

 

This is just one issue to be considered. If you use a VPN (Virtual Private Network) for privacy, are they really private? How do you know? Even if they say they do not log you, they may be lying. Or they may start logging users next year, or they may be forced to log users by law enforcement or new laws later.

 

How can you trust people you don’t know, how do you know what they claim is true and how to know what they claim today may change tomorrow by choice or force?

 

Just look at these headlines as examples:

 

In the end, you have to trust, I realize that. You have to trust your bank (but don’t forget Well Fargo’s headlines of late), you have to trust your ISP (you really should not) unless you use a VPN that you then need to trust. Just tell yourself that you may have to trust them, but not blindly trust them. Be informed, investigate them and if you see something you don’t like, leave. All companies are out for profit, not you. They sell your data for profit, then track you so they can send you targeted advertisements from partner companies paying them to do so (Yea, you Google).

 

Freeware is not free, your personal data is the price you pay. They collect it and sell it further and all you have to show for it is a silly game. If you want privacy of your personal data, pay for services. Do not let companies track you. Protect your personal data because it may not seem important to you but someone out there is selling and buying it and studying it.

 

This is a link to a list of big companies and their policies for personal information and government requests by the non-profit Electronic Frontier Foundation: Who Has Your Back? Government Data Requests 2015

 

Finally, please notice I have tried to get a few examples of trust not warranted. The vacuum cleaner will sell your info where, Equifax, Viacom, and the contractor are just doing stupid stuff. So whether it is a blatant money grab, incompetence or even government pressure, your data is still compromised, so just remember the governments own Axim, “Need to know”. Does that app or web site really need to know or just want to know that? Does that app need that access to your phone or can you live without that app?

 

But as I have said, I am in the security business now and it is my job to be paranoid for you. There are good people out there too. Killersites and Steff are one in my opinion and I write this to help you be more secure for free. I don’t even have my own business doing this for a living. I would like to introduce you to one last person and headline.

 

If you have never heard the name Ladar Levison, it is a shame. He was the founder of a secure email company named “Lavabit” who closed his successful company rather than give up user’s information to the US Government. This was the company used by Edward Snowden. Regardless of your position on Snowden, I personally have to admire a man like Levison who shuts down his company rather than sell out what he believes in, our right to privacy. How the Government Killed a Secure E-mail Company.

Link to post
Share on other sites
  • 3 weeks later...

Here is another example, PureVPN claims they do not track or log users. Yet they were able to give the FBI information to catch a Cyber Stalker. Kudos to the FBI for nabbing this guy... but if the VPN really did not log users than there would be nothing to give the FBI. Although arguably good that they did and that the stalker used this service... that means that the VPN also lies to their users.

 

FBI Arrests A Cyberstalker After Shady "No-Logs" VPN Provider Shared User Logs

Link to post
Share on other sites

Another rule about cyber security is not to use any of these password back up tools that will send you a reminder or some other such example and here a is a reason why. Your friend or family member my be trustworthy... but is their computer secure or wide open? What if they are already or get compromised? This is a new Facebook attack vector. Your friends are trustworthy, but should you trust their computer?

 

Link to post
Share on other sites
  • 4 weeks later...

Here we have a hardware trust issue: Built-in Keylogger Found in MantisTek GK2 Keyboards - Sends Data to China, now one can see how counts of key presses may be of interest to a manufacturer, but you ae not being told that data about your usage is being collected. I could be modified to log all that you type to get passwords. But every language has its most common characters so we know those are pressed alot, we know what keys gamers use as well so those get alot of hits. So considering that is there really a reason to log key strokes?

This person uses these keys more than average so they are likely a gamer so we will sell that data to a game company for them to advertise to. Do you see the issue here? Any data about you can be monatanized so someone else makes a profit off your data but you.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...