Protecting Your Digital Life, 2017

It’s 2017 people, ads are everywhere, malicious software is everywhere, eyes are everywhere and they don’t necessarily want your money.

Data.

Data is one of the most important things that many give to so many companies so freely; however, it can have some of the most dire consequences.  A simple first name, last name and email address can be used to figure out what state you live in, your address, telephone number, voting statistics and more.  The horrible part is that we agree to it!  Have you ever really sat down and read a ToS (Terms of Service) or Privacy Agreement for an online service that you sign up for?  There are no truly free things on the internet — when you don’t pay, you and your data are the fees.

In the below, I’ll break down the common attack surfaces in which you need to protect yourself by describing in detail what they are and giving you ammunition in your fight for your RIGHT to online and digital privacy.  (Remember, contrary to popular belief by friends, family, and employers — you have a right to your privacy.)


Apps & Software

Why start with apps first?  Simple.  We are on our phones from the moment we wake up checking Facebook (I’ll make you terrified of them later) until we lay it down at night.  What a better way to protect yourself from malicious apps than not installing them at all?

When you are browsing your App Store of choice for that next big thing there are 4 things to consider:

  1. Who made the app?
  2. Are there common issues which are seen in the ratings/about section that you should be aware of?  (Such as update date, constant bad reviews, etc)
  3. When agreeing to the Terms of Service, what do they actually say?
  4. Upon installation what permissions does it need? (Location, Camera, Microphone)
    1. Note that denying access to one or more of these permissions could cause the app to not work properly, but that is a cost we can pay for increased privacy and security.  My recommendation is to give apps the least amount of permissions at first, then add when necessary while never giving access to Location Services unless you fully trust the app, most apps simply do not need that level of access

I do not expect you to read the Terms of Service or Privacy Agreement in full for every app, some are simply too long.  However, there are keywords to look for that I advise you to check (use the Find command, if you are at a computer Ctrl + F brings up this search) before agreeing to use a free app again:

  • Data
  • Personal
  • Privacy
  • Usage
  • Share
  • Third-Party(ies)

If you do keyword searches on these and they comeback with hits, read the selected sentences and agree to those terms only if you are satisfied and agree with the potential risks, if any.


Service Providers & Snoops

Your internet service provider (ISP) might be one of your biggest foes, little did you know.  Whether you are on wifi at home utilizing Comcast’s services or on the go with a blazing fast LTE connection from MetroPCS, Verizon or another cellular carrier — your ISP can track your every move and they want to sell your data.  Additionally, there are malicious actors on the internet that can act in the middle of the router you are connected to and the internet itself (which is why it’s never good to join wireless networks you are unfamiliar with) and can see your data while it is being sent and can even manipulate data and images that you see — this is called a “Man in the Middle Attack“.

It may seem that there is nothing you can do, but there is and it’s fairly simple to implement and will cover most of the security risks above.

VPN. (I’ve talked about this in depth previously, please read all about it)

A VPN connection creates a secure tunnel between your computer and whatever item you are accessing on the internet and your machine uses the remote computer to do it’s online surfing.  What does your ISP see?  They see absolutely nothing.  They can tell that you are connected to “private host A”; however, they cannot see the contents of the data being transmitted — they see a garbled, encrypted mess, which is exactly what we want!  You can even use a VPN to alter your location, in many cases, media providers like Netflix and others do not like users to utilize a VPN or proxy to connect.

IMG_1235
Example of how a VPN connection appears in the system status of iOS and showing the user’s location is altered. (You just have to trust me when I state that I don’t live in Florida)

Ad Companies

Facebook, Equifax, Google and others  have developed a bad wrap for their potential data selling in the marketplace.  (Let it be known, as I’ve stated before Google doesn’t sell your data or “follow” you around the internet, they primarily sell access to you in the form of ads that you see based on information that you provide — remember those Terms of Service agreements that you likely didn’t read?  It’s documented there.)  Google may not be squeaky clean, but they are leaps and bounds better than people give them credit for in terms of security and privacy.  The company offers dashboards for the end user and allows you to customize every piece of your experience and what types of data (if any) are collected.  Read their privacy policy here as well as a previous DexJohn’s PC post about their privacy stance.

On the other hand, companies like Facebook are a little more nefarious.  Ever heard of Facebook Pixel!?  Of course you haven’t, because it’s designed to sit in the background, installed on your favorite websites, and watch your every move on the internet and serve you “relevant” ads whether you are a Facebook user or not.


Hardware Protection

We walk around carrying priceless data on our devices, from friends and family information including notes, phone numbers and addresses, not to mention personal passwords and more, which should all be kept in encrypted form either on device or in the cloud.  There is absolutely no reason to not have a passcode on your device, whether it is a mobile device or laptop.  Protecting your hardware is one of your first defenses.  Take this example, you have no password protections on any app on your device; however, you have a lock-screen password — at least you’re somewhat safe.  Create a password that has a combination of letters (upper-case and lower-case), numbers and a symbol (my iPhone password is over 20 characters long).  Your password doesn’t have to be as long, as long as it is complex and something that you can remember.  If you need help creating a secure, complex, lengthy password visit here, shown below:

Screenshot from 2017-11-08 12-48-30
Screenshot from http://passwordsgenerator.net/, showing the complexities that can be programmed.

Recommendations for Security

To be private and secure one cannot simply utilize the tools that are available on his or her mobile device or machine.  Only through a set of secure apps and protocol can one travel down the road to increased privacy.

  • Password Manager — A password manager is essentially for your privacy and security.  There are several options where you password database are stored in the cloud such as LastPass and 1Password, while there are offline options, which are considered more secure, such as KeePass.
  • VPN — A VPN is necessary for masking your online activities (just because you’re masking because of privacy DOES NOT mean that you are doing nefarious activities) from your ISP, attackers and services online.  Some options that are prasied are PrivateInternetAccess, Proton VPN, IPVanish and more.
  • Terms of Service Help — Ever heard of “tldr” or too long didn’t read?  There is also tosdr for Terms of Service Didn’t Read and this website can help you understand what it is that you’re signing up for.  Additionally, while reading and agreeing to privacy statements, be sure to use my Find and search technique, outlined above.
  • Chrome/Browser Extensions — We all use one of big browsers as our gateway to the internet.  Add these extensions to hamper tracking by Facebook and eradicate insecure connections.
    • HTTPs Everywhere — an extension created by the EFF and Tor Project and it switches sites from http to https, which is secure.
    • Privacy Badger — Blocks ads and invisible trackers
    • Ghostery — Protects you from trackers and optimizes the web
    • Facebook Disconnect — Blocks Facebook ads from Pixel and its potential tracking of your traffic all over the web
    • AdBlock — Blocks obtrusive ads on Facebook, Youtube and multiple place

Wrapping Up

Remember, these are all tools to add to your privacy and security arsenal and is in no way a complete list or a complete listing of products I use — just ones that I consider essential.

Advertisements

2 thoughts on “Protecting Your Digital Life, 2017

  1. You can pick and choose which ones work best for you; however, analyze your use case and go from there! Follow me on @dexter_johnson I post to Twitter with lots of tips on all of these things and I am always available.

Comments are closed.