Privacy and Security Online Guide
This is a live document, updated as required.
– January 2016 –
Every single action you do online is tracked and logged for a number of reasons: Marketing, advertising delivery, security, warrantless NSA tracking, usage statistics, demographic studies, and so many more.
The end result is dozens of private companies, your ISP, our government (and likely foreign governments) all have detailed files about you. Your browsing habits, what bank you use, your financial situation, your interests, your contacts, your friends, your employer and job, your medical history, games you play, political affiliations, just about every single detail of your life is logged and recorded. Most of this is used for government criminal investigations and marketing purposes, but it’s anyone’s guess what else the data is being used for.
Not to mention the fact that the data is routinely sold between companies further completing detailed records of every single Internet user.
Furthermore, the majority of major web services (Google, Yahoo, Twitter, Facebook, etc.) have been known to be compromised by the NSA and God knows who else.
Privacy is important in this day in age, not only to defend yourself against warrantless searches, but against simple corporate manipulation.
How bad is the problem, really?
Short answer: Terrifyingly bad.
Take this simple example of an average day of Internet use:
First, you check your email on Gmail. Then you check your Facebook, add a friend, make a post, and like a few others. After that you check the news on the CNN and Fox News websites. You look up a recipe for bratwurst for dinner and Google the symptoms of a cold your roommate has. Look up some funny cat pictures, check your bank balance, and buy a book and a new coat on Amazon (looking good!). Then you install a flashlight app on your phone and look up directions to your friend’s house.
Over the course of this normal day of web browsing you have been tracked and your activities logged by no less than 30 private organizations, who now know:
- Your name
- Your location.
- Your friend’s location.
- Your friends on Facebook.
- Your taste in books.
- Your fashion tastes.
- That you shop on Amazon.
- Your sense of humor.
- Your food preferences.
- What banks you use.
- A general idea of your financial situation.
- What search engine you use.
- All the websites you visited that day.
- In some cases, your precise location in real time.
- Other web and social media accounts you possess,
and all the data associated with them.
- The type of computer and web browser you use
- Your model of phone and carrier.
- What ISP you use.
- Your travel plans and when you are going to be away from home.
- Most Names of family members and the name of your pet.
- Most likely a whole host of other information.
You have also been exposed to no less than 75 advertisements, many of which are automatically tailored to you (using the information gathered as described above) to increase sales rates.
Needless to say, if this happens after ONE DAY of normal use, imagine how much is known about you after years of unprotected use.
How does this tracking work?
There are a number of different ways to track you and they are mostly extremely technical. Typically tracking is done through purposeful logging by the website you’re using. Also, the advertisements loaded onto the page track your every move. Beyond that, tracking cookies and even more insidious LFO cookies that are hard to remove are used. Then, non-advertising analytics software is installed on web pages to even more easily track you.
This all happens without the unsuspecting visitor even signing up for an account or logging in to anything. Once you sign up for an account anywhere and log in, even MORE data is logged.
How do I stop this nonsense?
Unfortunately, due to the extremely sophisticated nature and range of tracking methods, this is no simple task. It will require the installation of new software, configuration of add-ons, and preparation of white lists. You will also have to change some of your browsing habits and change some of the services you use online. You will also have to learn the concepts and application of common encryption technology (like PGP), which can be difficult for the novice to grasp. Also, ideally, it will require the purchase of a VPN (Virtual Private Network) to the tune of approximately $40 per year. The rest of the techniques are completely free.
Still, for all the inconvenience in set up, its certainly a worthwhile venture to not only maintain your privacy and security, but to make a statement that you don’t consent to activity that should be illegal and in some cases is outright criminal.
Configuring your web browser
Step 1: Switch to Firefox.
Internet Explorer and Google Chrome track your browsing habits. Ditch them. Safari tracks if you don’t use the private browsing feature. If you are going to use Safari, make sure you have Private Browsing turned on and no history will be recorded. Also, Under the Privacy tab, select “Tell Sites I Don’t Want To Be Tracked.” Best plan is to switch to Firefox, which has all the useful add-ons that you will need.
Download Firefox from http:///www.getfirefox.com –
it’s totally free.
Step 2: Make Firefox Amnesic
The next step is to make configure Firefox to forget everything every time you close it.
Click on the three horizontal lines in the top right corner and then click on Options.
Under the Privacy tab, select “Tell Sites I Don’t Want To Be Tracked” under Tracking and select “Never Remember History” under History.
You will have to log in to each account every time you start your browser because it will clear cookies each time.
Use bookmarks as shortcuts to your favorite sites instead of relying on browser history- it’s much more secure.
Step 3: Block Advertisements and trackers
Click on the three horizontal lines again and click “Add-ons.” Search for and install “ublock.” This will block an impressive number of advertisements and trackers.
Step 5: Force SSL Encryption Wherever Possible
Now install the ad-on HTTPS-Everywhere. It will automatically request sites to encrypt the connection wherever possible. Download it here https://www.eff.org/https-everywhere
Step 6: Block Tracking Cookies
Install the ad-on “BetterPrivacy.” This will block the majority of tracking cookies and the harder to eliminate LFO objects.
Step 7: (Semi Optional) Block Scripts and Embedded Plugins
To do this, install the NoScript add-on.
Step 8: (Optional, Very Technical) Block Externally Loaded Objects by Default
“RequestPolicy” is a powerful security tool that will block all externally loaded objects (images, scripts, style sheets, fonts, etc.) by default. It can be tricky to use and is certain to disrupt your browsing experience frequently, forcing you to whitelist a number of externally loaded objects on Web pages. But, it is a powerful tool that will ensure no third party can steal your information.
Step 9: Stop Using Google Search
I know that Google is everybody’s favorite search engine, but it is also among the most prolific trackers on the Internet. Change your default search engine to Startpage SSL by clicking on the Google logo in the search box and selecting Startpage SSL. Startpage SSL doesn’t log anything, doesn’t track you, and keeps you completely anonymous while searching.
Step 10 (Optional): Get Control of Cookies
The use of the ad-on Advanced Cookie Manager can be useful to understand and take individual control of cookies that websites have left on your computer.
Step 11: Configure Flash Player
On Windows, go to Control Panel and the Flash Player. Select “Block All Sites From Storing Information On This Computer,” then click “Delete All.” Check both options and click “Delete Data.”
Change Your Browsing Habits
Now that your browser is secure, you still need to change some habits to remain secure.
Step 1: ALWAYS Log Out When You’re Done Using a Website
This is ESSENTIAL. Not only to prevent that very same Website from tracking you (Google, Facebook, etc.) but also to keep your account secure. CSRF (Cross Site Request Forgery) is one of the most common Web security issues there is, but it only works if you are logged in to your account. Log out! Also, on a daily basis or more often, completely shutdown and re-launch your browser.
Step 2: Switch Websites You Use (As Much As Possible)
Getting away from major providers like Google, Microsoft and Facebook is often nearly impossible. Whenever possible, find alternative providers for things like email and productivity if possible. This may be a lost cause and even I regularly use quality Google products. Still, when selecting a new service to use in the future, keep their privacy policies in mind.
Step 3: READ AND UNDERSTAND TERMS AND CONDITIONS
This one is a huge pain, but extremely important. Deliberately and carefully read any agreement and understand it. If you see something that bothers you, try to find another service. Please don’t just carelessly click “I AGREE” when you don’t know what you’re agreeing to. Remember, clicking “I AGREE” is legally the same as signing a document in person and IS legally enforceable in the US. Also, it’s usually impossible to escape any tracking or sale of private information after clicking. Click with caution!
Step 4: Try To Avoid Signing Up For Accounts
The more accounts you sign up for online, the easier it is to track you. Accounts are often a necessary evil, but try to avoid them as much as is practical.
Step 5: Good Password Policy
This one is a hassle, but very important. First of all, the majority of passwords hacked are done by brute force. Hackers try every possible combination of letters and numbers until they find the right password.
A long, complex password is the best defense against this. To make an easy to remember, long password, try coming up with an easy to remember sentence and mix up capital and lowercase letters, add numbers and symbols, and make it L O N G. Characters like spaces are usually the strongest when allowed. It is rare for a brute force hacker to include spaces in the search.
Also, using a different password for each account is important. It is often more convenient to use one “base” password and modify it slightly for each site.
Beyond that, you should change passwords regularly. Yes, it is a hassle, but critically important. Try our recently added “Passgen” password generator in the “Free Tools” section of this Website.
Step 6: Two-Factor Authentication
Several major websites like Google, Amazon Web Services and Digital Ocean offer two-factor authentication. This is where you log in with a password as well as a generated code that is either generated on a phone app or is texted to you. Using two-factor authentication wherever possible makes your account much more difficult to hack into.
Protect Your Computer
The next step is to protect your computer. Malware, hardware theft, and even nosy friends can be a threat to your security and privacy.
Step 1: Antivirus
This one is pretty obvious, but be sure to install a quality antivirus and keep it updated. Set a schedule to scan regularly. On Windows, the free Microsoft Security Essentials is good and light weight.
Step 2: Password and Screen Lock
Don’t leave your computer without a user password! Be sure to set your password and make the password secure. (See note on passwords above) When leaving your computer unattended, always log out or lock the screen. On Windows, lock the screen with the key command [Win]+L.
On a MAC, set your security to require a password to require signing back in after the MAC has gone to sleep. Log out and shut down when not using your MAC.
Step 3: Hard Drive Encryption
This will protect your computer in the event of theft or unlawful seizure. There are a number of ways to do this. In Enterprise versions of Windows, BitLocker is available. If you don’t have that available find a third party application to do it.
Follow the guides on the site and BE SURE TO BACKUP YOUR DATA BEFORE YOU BEGIN!
We will also be using VeraCrypt in the next step to encrypt individual files.
Step 4: Sensitive File Encryption
Use VeraCrypt from the last step to create an encrypted volume for extra security. We would suggest creating a “Hidden Volume” where one password will open the real volume, and the mock password will open a fake volume. This is in case you are coerced to reveal the password for the volume.
Also, be sure to use keyfiles with it for extra security. We also suggest using cascading encryption like AES-Twofish-Blowfish to make extra, extra sure it can never be cracked. A good strong password is also essential.
Step 5: Encrypt and Anonymize Your Internet Connection
This is the only step in this guide that costs money, but its well worth it. Sign up for a VPN (Virtual Private Network) and always use it. A VPN will not only hide your IP address from websites but also strongly encrypts the traffic. This will eliminate MiTM attacks, network sniffing, and general tracking. It will allow you to remain truly anonymous online until you log in to an account and identify yourself. We use Private Internet Access for $40 a year and have found the quality to be excellent. Also NordVPN
Step 6: Keep Your System and Software Up To Date
Be sure to regularly install updates for you operating system and software. This is especially so for Firefox!
Step 7: Uninstall Unneeded Programs
Remove unused software from Control Panel->Add/.Remove Programs.
Protect Your Communications With PGP
As email is an old and flawed protocol, email and file transfers are still widely insecure. Gmail and other email providers read and log all email and use it for marketing purposes, and no doubt companies and governments have full access to it. By encrypting sensitive messages you eliminate this problem.
PGP stands for Pretty Good Privacy. Its a form of public key encryption that will secure emails, files, and allow you to sign a message or file to confirm that it was in fact you who sent it and that it has not been tampered with en route.
PGP has two key files: the public key, and the private key.
Say you want to send an encrypted message to Sally. You will use her public key to encrypt the message and then only her private key can decrypt the message. Then, when she responds, she will use your private key to encrypt it, and you will use your private key to decrypt it. The private key can also be used to sign a message, even if its not encrypted.
A good, basic software for PGP is OpenPGP Studio.
PGP has a bit of a learning curve to understand and use fluently. Check the OpenPGP Studio Documentation to learn how to use it.
Protecting Your Phone
Your phone is one of the most insidious ways to track you in terrifying ways. Some apps will literally use the phones built in GPS and location services to track everywhere you go in real time and use the information for marketing purposes. It is suspected that the NSA also routinely uses this technology.
Most of these steps are generalized because of the number of models and makes of cell phones and you may have to look up the documentation for your device to do some of these.
Step 1: Disable Location Service
While its still possible to track your approximate location, disabling location service will help a lot.
Step 2: Never Use Bluetooth
Bluetooth is probably the most insecure protocol known to mankind. Don’t use it and disable it entirely.
Step 3: Use Screen Lock
However you do it, be sure to use some manner of screen lock. We prefer using phones with a fingerprint scanner for convenience.
Step 4: Encrypt your phone
Encrypting your phone will require a password on boot. This is a great way to foil thieves or anyone else you don’t want snooping through your phone.
Step 5: Pay Attention to App Permissions
Many apps have horrible tracking and privacy features. If your phone supports app permissions, be sure to read and understand the permissions of all the apps you install. You would be surprised at the number of apps that do amazingly sketchy tracking things. Games, utilities, toys, just about every category of app has some malcontents that will abuse permissions. If the permissions don’t seem necessary for the nature of the app, find another one.
Step 6: Use VPN on Your Phone
Private Internet Access has apps for Android and iPhone. Be sure to install them to secure the network connection on your phone.
Step 7: Close Apps When You’re Done With Them
Be sure not to keep unused apps running in the back ground! Not only will it improve performance, but it will also inhibit tracking and reduce security threats.
Step 8: Use Firefox Mobile if Possible
Android supports Firefox Mobile. Use that instead of the default browser. Configure the browser to be amnesic and install the available add-ons just like on your computer browser.
Remember to exit the browser properly to clear the history and cookies. Tap the three dots in the top right and scroll down to Quit.
Step 9: Link As Few Accounts As Possible
Always assume that every account linked to your phone will be tracked. Link as few as possible.
© 2015-2016 THE IRON JACKET,™ LLC
& RAIDIAN™ Global, Inc.
Our servers are protected by THE IRON JACKET™