Saturday, 19 December 2015

Now that CISA has passed, here are some tips to protect your Privacy, Anonymity, and Security (x-post from /r/YouShouldKnow)

[PSA--Long post ahead. tl;dr for the first half of this: You might be getting spied on. Skip to the numbered part and I'll teach you how to protect yourself. I will not explain in detail how these things work in this post, because I want anyone, regardless of their tech prowess, to find these suggestions accessible. It is also because I am by no means an expert in this area, and do not wish to spread misinformation. Luckily, the information is readily available all over the net, if you would like to know more.]

I promise, I am not as crazy and paranoid as this post is about to make me seem. This is just an important issue to me as a techy/geek. This is important for you as well, I swear, so grab your tinfoil hats and come to Crazy Town with me for a moment.

Basically, CISA has been signed into law. For those that don't know what this means, many corporations and the Department of Homeland Security now have greater access to your online activity and can do with it what they will. There are scary implications of this that I could ramble about; but, honestly, they will probably never happen to you or I. But it's the principle of the thing that concerns me.

There are three important things that everyone should have a right to as a "citizen of the internet": Privacy, Anonymity, and Security. CISA is a blatant invasion of the first two, particularly Privacy. You do not have to be doing anything illegal to warrant a need to private access to the internet. You just simply should not be spied on. You are being violated. It doesn't matter if you're just returning an email to your grandma, or buying some shoes--there is no reason that your activity should be monitored, recorded, and passed around unless there is some solid evidence pointing to you extorting your grandma or stealing those shoes.

The legislation was trojan-horsed in on a budget bill and signed off by the Prez himself, so nothing can be done to reverse it. At least not yet. The good news is, there are things YOU can do right now to maintain your rights. All of the following tips are completely legal (in the USA), freely available, relatively simple to use, and within your rights to use as you wish.

[Pro tips begin here!]

1. Privacy: Use a VPN service. Cyberghost and Tunnelbear both offer excellent free services. If you want even better service, there are a few excellent paid services, as well (I don't know any well enough to endorse one, but I've heard good things about NordVPN. It's got 256-bit AES encryption and is completely logless).

The merit of VPNs is debated around the internet, but I have found them to be indispensable in maintaining my own privacy, as they are quick and easy to connect to and are one of the simplest and most effective tools of allowing you to maintain your privacy.

There are also small program switches you can make. For example, switch from Skype to qTox. It is a more steady, reliable program that offers all of the same services as Skype, but with excellent end-to-end encryption and it's logless, much like a good VPN. Your conversations will remain between you and the other person only. It's also available on a wide variety of platforms, so it should work for almost anyone.

Also consider using a more secure email provider. If you want to keep it net-based, use HushMail. If you like a client installed on your PC, combine your HushMail account with a program called ThunderBird, which allows you to easily manage multiple email accounts, among other cool, secure features.

Another good idea is to reconsider the search engines you use. Google and Bing are notorious data compilers. I use DuckDuckGo instead. It's fast, accurate, and totally private and anonymous. They do not collect data on you.

I also want to mention (legal) File Sharing. I'd like to add that BitDrop is an awesome tool for anonymous, secure file sharing between your devices. As mentioned above, qTox also has secure file sharing capability.

You can also get a free MEGA account. While not the most secure, if you use Winrar or 7Zip to create an encrypted RAR file with a conspicuous name and send it over HushMail, Tox, etc. to your friend/receiver of the file separate from the decryption password/MEGA access code, it will be pretty damn secure, and you can upload up to 50GB with a free account. Just remember to delete the files from your account AND the rubbish bin after the other party has received them.

Another option is to create a torrent file of the encrypted RAR file and seed it directly to the other party, after both of you have configured your torrent clients to run all traffic through a proxy.

If you're especially tech-savvy, you can even go so far as to install CFW on your router, provided it's supported, like Tomato or DD-WRT. Tomato in particular will allow you to actively monitor your bandwidth activity to see who is accessing your network, or even just to see if Comcast is throttling your Netflix usage.

2. Anonymity: Again, you don't have to be a criminal to want to keep your anonymity online. Download the Tor Browser Bundle. It's a modified version of Firefox that allows you to route all of your activity online through the Onion server network. (Pro tip: Tor will not protect you when downloading or torrenting anything, legal or not. If you engage in a peer-to-peer download, you will inevitably upload real personal information about your system, AND it slows down the Tor network for everybody else. The safest way to download is through a torrent client that has been configured to work with a Proxy or VPN, but nothing is guaranteed. Here is a list of free public proxy servers you may use. Always check the validity of your proxy server here before each use).

(Please note that I DO NOT condone piracy or illegal activity of ANY KIND. I am simply suggesting uTorrent as a means of securely sharing legally obtained or created files between two parties.)

Also, NEVER open a downloaded file while still connected to Tor, especially a PDF. There are often traces of data that "call home" when the file is opened, and it can void any protection Tor offers you.

It's also good practice to visit HTTPS versions of sites whenever possible, as they are more secure. The Tor bundle includes a browser plug-in called HTTPS Everywhere that will automatically get you the most secure connection to sites whenever possible. You can also add it to your regular Chrome, Firefox, or Opera browsers, and on Android devices.

You might also consider spoofing your MAC address now and again.

The last thing I will say on anonymity, for the more tech-savvy again, is that you may consider using something like VirtualBox to run a more secure operating system INSIDE of another operating system. You can also just install that more secure OS on a flash drive, but I find the VirtualBox to be easier to manage AND that it provides more anonymity. I personally would recommend using Whonix with VB. It's very effective. I've also heard good things about Tails, but apparently it's not truly logless, and I cannot wholeheartedly recommend it, as I have never used it.

Finally, it's important to know your stuff is working. To test my level of anonymity, I like to use IP Check and Panopticlick.

3. Security: Not really relevant to CISA, but it's important, too. Ditch McAffee, Kaspersky, or whatever junk you paid for. Download Malwarebytes, Panda Antivirus, and CCleaner. All free, all easy to use, all the best at what they do. Just allow them to update regularly and run automatic scans each night.

These are just BASIC tips to help you protect yourself. This will not make you invisible; if someone still wants to spy on you, they could... but they'll actually have to work for it. There's a lot more you can do to abstract your digital "fingerprint". But either way, care about your privacy. Protect yourself. As far fetched as it seems, due to the nature of the issue, the more people that do this stuff, the more secure everyone becomes (especially in regards to Tor use).

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." -- Edward Snowden

/Wall of text



by KillerTuxedo http://ift.tt/1NEbVKe

No comments:

Post a Comment