Privacy Guide

THREATS

 

1.  Is Mobile Browsing Safe?

Unfortunately the mobile browsers are even weaker and more vulnerable to hack attacks than a common desktop browser. Attacking the mobile devices and tablets through web browsers is one of the easiest ways that the hackers and spy agencies use to exploit the security of your device.

Firefox supported AdBlock Plus app is considerably a good option while looking to secure your mobile browsing. As it turns out apps like Private Browsing, Do Not Track, InBrowser and CM Browser are some of the apps that keep your smartphones, tabs and iOS devices safe and secure.

 

2.  Potential Risks in Web Browsers

Having discussed the potential risks of mobile browsing, we feel it is necessary to mention here that even some of the “top” web browsers are not as safe or as fast as they claim them to be. For starters, we will stick to the commonly used Google Chrome and Firefox and will update this section on regular intervals so you can get an idea about some of the insecure and slowest web browsers.

(i) Risks of Using Google Chrome:

  • A security firm Identity Finder has revealed that Google Chrome stores several files on the hard drive of your computer. The file includes all the names, email addresses, passwords and account numbers you use while browsing with Chrome.
  • Google fills in your name, email address; password and phone number itself while filling out an online form – suggesting that it STORES your information so you can use it later for your convenience.
  • When you use Google Chrome, you have to sign in with your Gmail ID to make its functioning smooth. If you use Google Chrome on two or more devices, signing up with the same ID will sync the data on all of them. Your browsing history will be evident to everyone.

(ii) Risks of Using Mozilla Firefox

  • Mozilla Firefox is not a user-friendly web browser at all. If you are new to the world of web browsers, you may find it a bit complicated than Google Chrome and Internet Explorer.
  • The web page downloading seriously gets affected due to multiple plugins running in the background.
  • Not all websites are accessible on Mozilla Firefox due to severe compatibility issues.
  • Eats too much of your CPU memory and affects the overall performance of your computer/device.

 

3.  Disadvantages of Social Media

The social networking websites have taken the world of internet by storm. It does not surprise us anymore when someone asks us to ‘add’ him/her on Facebook or ‘follow’ him/her on Twitter or Instagram. While the social media has its perks; it has, in store, a major chunk of disadvantages that come with it.

(i) Identity Theft

  • It is known to everyone how the hackers and snoopers come up with new tactics to exploit your personal data. Facebook, Twitter, LinkedIn and Instagram are not the ideal places to keep a record of your social security number or transaction details. The hackers can wreck havocs in your life if they get access to your social security number.

(ii) Sexual Predators

  • Most of you would have come across fake profiles on Facebook and Twitter that are solely used for harassing young boys and girls. Peter Chapman – now a convicted murderer, had a false profile on Facebook with over 3000 friends which he used to prey on young women. He raped and then murdered one of his “Facebook friends” back in 2009 and was charged with the crimes back in 2010.

(iii) Stalking

  • A study indicates that 63% of the Facebook users are subjected to stalking without even being aware of the fact that they are stalked online by someone. It is imperative that you double check what you are posting online and what your default privacy settings are because as noted by the security experts, Facebook and other social networks use “Share with Public” as your default privacy settings.

(iv) Harassment/Trolling

  • Social media can be used to attack individuals for voicing their opinions or sharing their pictures or videos publicly. Melody Hensley – a feminist woman claims that she now suffers from PTSD due to the constant trolling and hatred she receives from her “followers” on Twitter.

(v) Online Surveillance

  • According to Edward Snowden, Facebook and Google are two of the major partners of NSA who hand over your private data for the sake of few dollars. NSA and other surveillance agencies have created backdoors to keep a track of all your activities. Even when your privacy settings are set as “Share with Friends”, you are unknowingly sharing all your data with the online surveillance agencies.

 

4.  Ensuring Privacy on Public Wi-Fi Hotspots

The root of the security problem lies in the fact that public Wi-Fi Hotspots lack authentication. This gives hackers the margin they need to mess with the system. They can do anything from duplicating your data off the Wi-Fi router, to coming in between your smartphone/tablet and the router so that all your data goes through them first.

The worst part about the public Wi-Fi HotSpot security risk is that there is no way to know if you are being attacked by hackers. Hackers use public Wi-Fi HotSpots as data pools where they sit and violate your privacy to collect your data. At the end of the day they assess the collected data to short-list the people who sent the most relevant data over the internet and launch pre-planned attacks.

For instance, checking your email and bank account on your smartphone might be a routine activity for you, but it is a jackpot for the hacker at the coffee shop at the corner. The hacker will quietly collect your information, and keep track of your accounts; and he won’t make his move until there is a large sum in your account.

 

5.  Wi-Fi Hotspot Safety Measures

You can check out the below mentioned measures to strengthen the online security of your Wi-Fi network.

(i) Encrypt

  • Try to use encryption tools to encrypt all the data that is sent/received from your phone. Encryption will render your data useless for any hacker who intercepts it with the intention of exploiting it.
  • Make sure that all your browsing sessions are encrypted when you are using the internet for any personal and/or sensitive reasons. Look in the URL field and make sure that it starts with ‘https’. This does not necessarily guarantee impenetrable security but every little bit helps these days.

(ii) Switch off When Not in Use

  • You ensure the privacy of your home by keeping the door shut – and you need to do start doing the same for your mobile device. Remember to switch your smartphone’s Wi-Fi off when you don’t need it. This will hinder data transmissions (sending/receiving) from any malware that may have managed to get into your device.

(iii) Fake Wi-Fi Hotspots

  • No Privacy Guide can be complete without talking about Evil Twins. The only thing worse than a hacked Wi-Fi, is a fake Wi-Fi! Most people tend to set their phones on auto-detect-and connect for Wi-Fi HotSpots. Hackers know this and love to setup fake Wi-Fi HotSpots (also known as ‘Evil twins’).
  • These HotSpots are designed to look like other regular HotSpots in the area and offer a charade of websites for you to access. All the information you enter when connected to these Wi-Fi HotSpots will go straight to the hacker. It is the worst form of privacy penetration because it is almost as if you gave the perpetrator complete remote access to your system.

(iv) Get Confirmation

  • Never connect to a Wi-Fi HotSpot until you have verified the authenticity of the connection from an individual directly associated with the HotSpot. So if you walk into a coffee shop and your smartphone picks up a free Wi-Fi HotSpot that sounds like it is for the coffee shop customers, make sure to confirm with one of the staff before you connect to it. Hackers usually set up their data traps in public places.

 

6.  NSA

Every time you make a phone call, or use internet on your device, the NSA collects your data without any regard for legal or ethical obligations/principles. What started off as the PRISM surveillance program in 2007, has grown to a point where the NSA is now collecting users’ data from at least nine tech giants of the cyber world.

We do not mean to offend anyone but people who believe that complete internet freedom still exists are either shortsighted or have no idea about the unchecked surveillance demons of the internet. It may be hard to believe, but the US government has been regularly monitoring your communication over phone calls, emails, VoIP services and other internet means since (at least) 2001.

If you think you are safe from the unjustifiable online surveillance because you have done no harm to anyone, you are sadly mistaken. The US government states very clearly that it will do EVERYTHING to ensure that the general public remains safe and peace prevails in the region.

 

7.  Is the Surveillance Umbrella limited to US residents?

A simple and short answer to this question is: no. The official NSA website has a map that is meant to describe the degree of surveillance that is carried out across the world. For the record, this map is bull!

Regions Affected by Online Surveillance of NSA that show privacy violations (Green = Minimum Surveillance, Yellow = Moderate Surveillance, Orange = Heavy Surveillance, Red = Maximum Surveillance)

The NSA claims that it internet surveillance is moderate in the US and heavy monitoring is reserved for South Asian countries. Security experts and whistle blowers consider the map to be a blatant lie. An increasing volume of evidence proves that American users are the ones who are actually heavily monitored.

Edward Snowden, the NSA whistleblower, has exposed the NSA’s suspicious activities. He is hiding from the intelligence sources like FBI in Russia and Japan. Mr. Snowden has recently claimed that the US and UK, in a collaboration, have hacked into the world’s biggest SIM manufacturing company – renowned for distribution of SIM cards all over the world, to keep a track of your movements and to tap all the communication made over the phones.

 

8.  Is There Any Way to Stop the Online Surveillance?

While people may not know this but there is a certain way with which you can not only prevent yourself from being spied on, but you can also achieve 100% anonymity over the internet. Some of you might be familiar with a VPN service; it assigns you a new IP address and encrypts your data with numerous algorithms to make sure it remains safe from the claws of the NSA.

The NSA, on the other hand, if somehow manages to trace your data, is left with no other option but to dispose it off because it cannot be decrypted. Various VPN service providers work their best to keep your data protected. The implementation of military grade encryption by VPN service providers is an indication of how seriously do they take the online security of their users.

PRIVACY TOOLS

 

1.  VPN

A Virtual Private Network is commonly used by the users for online safety against the surveillance agencies and malware. A VPN puts you off the radars of hackers and spy agencies by tunneling your traffic with its secret protocols layered with foolproof encryption.

Since the IP addresses are assigned by the ISPs, they are usually able to see and record the online activities. A VPN helps one prevent all kinds of snoopers including the ISPs from sneaking in without the consent of the user. The only computers able to see the data include the one transmitting it, and the one receiving it at the VPN server end.

 

What Should You Look for in a VPN Service

  • The VPN services work under certain rules and regulations of their origins. Some of them are ordered by their governments to keep an eye on your activities and to prompt them, should they notice something unusual. Always look for a VPN that provides a neatly defined “No Logs” policy.
  • Opt for a VPN service that provides multi-protocols support.
  • Check the level of encryption you get with the VPN service.

What Should You Not Look for in a VPN Service

  • You should avoid looking for free VPN services. Not only do they annoy you with constant ads but they are also vulnerable to malware and hackers due to third party apps.
  • It is recommended to every user to avoid a VPN that keeps logs.

 

2.  Tor

Tor can simply be defined as a special network that offers you free software to surf the internet freely and anonymously. Tor routes your traffic through various nodes, and in the process keeps re-encrypting the data to make sure it is safe. The nodes are only aware of the IPs they are connecting to and the IPs that are connected to them.

The exit node – one that proves out to be the bridge between your PC and the internet is one of the most vulnerable points. Since the performance of the nodes is highly dependent on the behavior of other users, you can be exposed to various threats due to the erratic behavior of other users. The IPs of the violators can also be traced down and be easily linked with the exit nodes.

The fear of piracy and other cybercrimes has led the governments in many countries to ban some of the public exit nodes. In countries where using the internet freely feels like a distant dream, hardly any public node is made available.

They are constantly monitored by their respective surveillance agencies. The users have to reconnect to several nodes before finally being able to connect to the desired exit node.

Advantages

  • Its online security cannot be questioned since it was developed by the US Navy to exchange secret information. It works on a mechanism where the connection keeps re-encrypting itself to make sure it is safe.
  • It is an ideal choice while connecting to a Public Wi-Fi hotspot. It also helps the users in bypassing the firewalls that are used to restrict the access to internet.
  • It is available to all the users for free

Disadvantages

  • Very slow. Sometimes the browsing experience becomes nothing less than a splitting headache for the users.
  • The public exit nodes are usually blocked in countries where cyber laws aren’t as lenient as they are in other countries.
  • P2P filesharing on Tor puts a negative impact on the speed of your and your peers’ connections. It can also affect the volunteers of exit nodes directly if you are involved in copyrights infringement.

 

3.  Free Open Source Software

NSA is widely known for forcing the tech companies to create a backdoor for it in their software programs. Such is the ferocity of surveillance that many companies have joined hands with NSA to provide it with the users’ information for monetary gains.

The ‘online security software’, made in the UK and the US, are not trustworthy since they operate under the rules and regulations set by their respective governments.

The proprietary security software companies can easily be influenced and convinced to give some margin to the likes of NSA and GCHQ whereas the free open source software (FOSS) are hard to trace, and the codes are visible for examination to everyone; cutting down the threats of hampering the software.

That being said, it is hard to deny that the NSA has never infiltrated any FOSS software. You can easily find millions of free open source software that have been hampered with to gather data from the users all over the world. The free open source software still lead the proprietary software by miles when it comes to trusting the software with your online security.

 

4.  Make Anonymous Online Payments

According to a report, cybercrimes result in losses of $400 billion every year all around the world. The cybercriminals do not only look to get hold off your information, they also look to exploit your personal data for monetary gains.

Read about Bitcoin and tips for other payment methods to make your transactions safer than ever.

 

5.  Bitcoin

This payment system was invented by Satoshi Nakamoto, a group of people who came up with the idea of virtual currency for trading for the first time. Making its first appearance as open- source software in 2009, Bitcoin soon became popular among the masses owing to the way it operates.

The working mechanism of Bitcoin is very much similar to that of Skype and BitTorrent. Bitcoin, like the aforementioned services, also works on a peer-to-peer connection and provides a modern day platform to the users who wish to make payments without disclosing their confidential details.

Mainly used as a “crypto-currency”, Bitcoin can easily be used for trading while purchasing the online services. But out of all the services, Bitcoin remains a hot choice while purchasing online security services like a VPN or an Anti-virus.

 

Tips for Utmost Anonymity

  • Use a pseudo email address while registering with Bitcoin to ensure your email address does not contain your personal data.
  • While purchasing a service, make sure to create a separate Bitcoin wallet each time. Using the same on all is not recommended because a single mistake can expose all your past purchasing records.
  • Never reveal your personal information to third parties while making payments online.
  • Instead of buying the Bitcoin anonymously, use a mixer service such as shared.com to ‘cleanse’ the ‘cleanse’ it further.

a)      ‘Prepaid’ Credit Cards

Heavily dependent on geo-location, this method can be used to make your transactions safe. You can use the prepaid credit cards over-the-counter without leaving a trace of your real identity and then can opt for Bitcoin with a pseudo email address by your side. This way not only do you become hard to trace but even your transactions are safe and secure.

b)      Use other ‘Crypto-Currencies’

Admittedly Bitcoin is the most popular crypto-currency that keeps your identity secure; but there are some other crypto-currencies as well that are putting in a great deal of effort to ensure your payments are safe from the cybercriminals who seek monetary gains and pass on your personal data to unknown and untrusted third parties.

 

6.  Privacy Friendly Search Engines

The search engines, apart from helping you with your query, also keep an eye on your activities and actively store your data in their data bases. The likes of Google and Yahoo – two most renowned search engines are also guilty of storing your information on their data bases.

They store the following information:

  • Your IP address.
  • The exact date and time of your query.
  • Your Cookie ID. Cookies act as the identity of your computer. The search engines can easily get back to your computer using your stored Cookie ID.
  • Your query’s search terms to determine your behavior on the internet.

The cookies, as you might know, are sent to the webpages you have requested to visit and to the third party ads owners. Once your behavior on the internet is fully understood by the search engines and the ads owners, the advertisements related to your search queries begin to show up on your screens.

 

7.  Search Engines You Should Opt For

Following are some of the search engines that are doing their best to ensure the users receive maximum online protection while surfing the internet.

(i) DuckDuckGo

  • Highly popular among the internet geeks, DuckDuckGo is a search engine that delivers the best security to its users when they type and search their queries. DuckDuckGo works on a different model and does not personalize the users’ queries; but rather it displays the same search results to the users for the same query.
  • DuckDuckGo maintains that it duly complies with the courts’ orders to share the data with them if they ask for it, but since it does not track its users’ it cannot give away anything that is potentially harmful.

(ii) StartPage

  • When you enter your query search term on StartPage, it looks for the answers on multiple search engines while remaining anonymous and rates the answers that are listed in the top ten search results to give you the best possible answer.
  • StartPage has a defined policy of not tracking its users or using their Cookie IDs against them to send your information to third parties.

(iii) YaCy

  • YaCy provides a free search engine portal platform to anyone for its intranet network using the peer-to-peer technology. It also allows the users to connect to world-wide peer network and brings out the best results out of billions of indexed web pages.
  • YaCy believes in promoting the freedom of speech and does so by not censoring the data. YaCy does not store your Cookie IDs and your query search terms.

 

8.  How to Make Your Browsing Impregnable?

From the likes of NSA to the owners of advertisements, all of them want your data to be shared with them. The NSA wants your data because it uses your data against you and sets its sight on your usual activities. Reason? NSA has been proactive since the infamous terrorist attacks of 9/11 and it has made its objective very clear that it wants to eliminate the elements of terrorism.

That being said, there is absolutely no denying the fact that the unwarranted surveillance has inflicted more self-damage than self-protection. But to make your browsing safe, many web browsers have integrated private browsing extensions to ensure your browsing remains unaffected from the usual poking of NSA and other surveillance agencies.

(i) AdBlock Plus

  • AdBlock Plus allows you to block all kinds of ads (free and paid) that show up while you are surfing or watching a video on Youtube. It works on various web browsers and can easily be installed as an extension in Chrome and Firefox.
  • AdBlock Plus also warns its users’ of the consequences if they visit any known malware hosting websites. AdBlock Plus also works on to disable all third party tracking apps and cookies that are stored on your computer.
  • AdBlock Plus, however, allows some ‘genuine advertisements’ but you can turn them off as well by simply filtering the settings under the Add-ons tab on your web browser.

(ii) HTTPS Everywhere

  • This open source web browser is a result of the joint efforts of Tor and the Electronic Frontier Foundation. HTTPS Everywhere is compatible with Google Chrome, Opera and Mozilla Firefox and it works by making the website work on HTTPS connection – which is considered safer than the default HTTP.
  • SSL, however, is a commonly used and implemented connection source and one that has been ruptured by the NSA to gather your data while you browse.

(iii) Disconnect

  • Apart from providing its VPN service, Disconnect also offers a web-browser extension which can be used to block ‘malvertising’ and all other threats which can be used to track your location.
  • Disconnect also works against cookie storage on your device and also keeps the social networking websites and search engines in balance that otherwise track your activities.

(iv) Privacy Badger

  • Privacy Badger – a browsing add-on for privacy is used to block the tracking tools that gather your information by simply sending cookies on your devices.
  • Privacy Badger, unlike the aforementioned web browsing privacy add-ons, works a bit differently and blocks the malware, ads, cookies and other tools from multiple sources.

 

9.  GNU Privacy Guard

Replacing the Symantec owned PGP software, this open source software is free to use and can be used to protect and encrypt your emails and data for offline communication. The GNU Privacy Guard has been aided majorly by the German government and it is acquiescent with RFC 4880.

Versions of GNU Privacy Guard

  • The classical portable version 1.4.19
  • The latest 2.1.7 version which comes with built-n support for ECC
  • And the stable version 2.0.28 – commonly used by most users

GNU Privacy Guard is one of the tools which Edward Snowden used when he revealed the dirty secrets of NSA. The software can be used on Windows, Linux and OSX and can be used to hide your emails and other data from the surveillance agencies.

 

10.       Encrypted Email

SSL encryption between the start point and the end point is commonly provided by many email services. Google has even gone as far as fixing the problems that arise while implementing the SSL encryption. That being said, the SSL encrypted connections do no good because many email services hand over your data to third parties.

Google and Microsoft have two most popular email services – Gmail and Hotmail respectively. Since they pass on your information to third parties, it can be assumed easily that even your mails are forwarded to NSA and other surveillance agencies. As for the smaller email services, they remain unaffected from the surveillance as of now.

Even though end-to-end mail encryption seems like a good idea where the sender encrypts the data and only the receiver decrypts it; it remains the least preferred way of email encryption mainly because of the way it operates. Since end-to-end encryption requires the involvement of both the sender and receiver, it usually leaves the receiver perplexed about the attachment and information in the email.

(i)     Encrypted Webmail – Can it be trusted?

Until a few years ago, Hushmail was very frequently used by the users whenever they needed to send “secure webmail”. Since it was one of the least services that offered PGP encryption, it was automatically the users’ first choice whenever the security of the email came in question.

But eight years ago, a backdoor was used to track emails of three accounts and the tracked emails were handed over to the Canadian courts. Hushmail itself recommends its users to use a non-web based service like GnuPG or PGP Desktop, if they are looking for a stronger suite to encrypt their emails.

(ii)   Extensions that Keep Your Emails Safe

“Encrypted Communication” is one of such extensions that encrypt your emails and offer you AES 256-bit end-to-end encryption support to ensure your emails are protected from the hackers and spy agencies. Since it is compatible with Mozilla Firefox, the extension only needs to be installed to work.

It follows a simple process where the sender is required to type in the email and right-click anywhere on the text. Once he has done that, he only needs to select “Encrypted Communication” to protect the email. The sender will need to enter the password which will be needed at the receiver’s end to decrypt the message.

“Mailvelope” is another such extension that uses end-to-end OpenPGP on the leading webmail service providers like Gmail, Hotmail and Yahoo! and can be installed on Google Chrome and Mozilla Firefox by simply downloading the extension from its website.

 

11.       Encrypt Your Messaging and VoIP Services

One of Snowden’s revelations also indicated that VoIP services like Skype are renowned for passing on your communication details to NSA. Skype (now operating under Microsoft) has shown vulnerability even though it is commonly used by millions of users all around the world due to its free and cheap calls and video calls services.

You can secure the information you share and messages you communicate over Skype and other Instant Messaging services with a VPN service. As stated above, a VPN service cordons off the data you transmit and protects it with shield layered with extra protection in form of encryption.

 

12.       Substitute Skype with

There are tons of free and paid VoIP services in the industry that are not only offering you voice and video call features, but they are also offering you an option of encrypting your communication. We have picked up the following out of them:

(i)     Jitsi

  • Jitsi is free open source software that offers the same features as Skype.
  • Compatible with all the devices and operating software, Jitsi offers its users the unique choice of encrypting their communication (read: chats, filesharing, voice calls and video conferences) with ZRTP.
  • The initial setup of encrypted call may need a few minutes before it gets smooth.

(ii)   RedPhone

  • RedPhone is free open source app available on Android only.
  • It offers end-to-end encryption on voice calls and lets you encrypt the calls.
  • The working model of RedPhone is different than that of Jitsi or Skype and it allows you to use your phone number with the normal dialing system to ensure your communication remains safe.

(iii) Tox

  • Tox is considered as one of the best replacements of Skype because it offers the same features as Skype with “encryption”.
  • You can make free calls, send messages, share files and make video calls with surety that no third party will be monitoring your activities on Tox.
  • Although, unlike Skype, Tox can be used for Tox-to-Tox calls only.

 

13.       Use Secure Text Messaging Services

Ever since Edward Snowden – the whistleblower came forward and revealed how NSA taps your phone calls and monitors your text messages, the need for secure text messaging services is at an all-time high. There are many free and paid apps available that encrypt your text messages to provide you better safety.

(i) TextSecure

  • TextSecure is a private messaging application that is available to the users of Android only.
  • Unlike the usual texting applications, TextSecure does not necessarily have to be installed on both (senders’ and receivers’) devices for SMS encryption.
  • The users can attain maximum anonymity by chatting over TextSecure.

(ii) Gliph

  • Considered as one of the most secure apps for messaging, Gliph is available on different platforms including iOS, Android and desktop PCs.
  • Gliph can be used for personal and professional communications. It allows you to change your name to a pseudonym for personal messages and switching it back to real for professional communications.
  • It has a unique feature called “Real Delete” which allows you to delete the messages from sender’s and receiver’s devices as well as from the servers of Gliph.

(iii) Telegram

  • Telegram works on iOS, Android and Windows devices and provides end-to-end encryption to protect your messages so that they can only be received and decoded by the receiver.
  • Telegram does not store your messages on its servers, and deletes the messages off both devices simultaneously so you can be sure there is no record of your text messages at any end.
  • Telegram lets you create chats groups of up to 200 recipients to ensure you avoid the hassle of sending text messages to your colleagues and friends separately.

FAQS

 

1.  What Is Encryption?

According to Microsoft, Encryption is the organized scrambling of data. Organized scrambling is carried out by an encryption key, that is shared with the origin and the recipient of the data. This way, the data becomes cipher for any and all third parties that may come across it.

Information is power, and Encryption has been around ever since the inception of the struggle for power. Modern day encryption is used to protect personal details and data that can be exploited in any way. This includes information like your credit cards, email addresses, pin codes, passwords, emails, shopping history, etc.

While the subject of encryption is vast and spreads out across different technology types, a digestible way to understand it is to take a look at the most commonly used encryption methods.

Most software comes built-in with encryption to ensure that data cannot be lost or stolen at any point in time during transfer from the origin to the recipient. Different levels (protocols) of encryption have been developed over time. These standards became popular at the consumer level when Microsoft invented the PPTP protocol (more on this below). Even though it is now frequently criticized for alleged weaknesses, the PPTP protocol laid the foundation and provided the world the inspiration for more advanced encryption protocols such as L2TP, SSTP and OpenVPN.

For instance, you use the HTTPS protocol daily. The HTTPS is a combination of the HTTP and TLS protocols that comes hard-wired into most internet browsers and is designed to ensure that no information alteration takes place during data transmission. It doesn’t provide protection against advanced threats. Protection from advanced threats requires the use of advanced encryption protocols.

 

2.  How Does Encryption Work?

Using an encryption protocol is a technique to secure your data by altering it for safe transit. It is not like using a proxy or browsing in incognito mode. Here is a brief and practical description of some of the most common encryption protocols.

Ciphers play a major role in helping ensure data privacy. A frequently cited and easy to understand example of ciphers is the use of the Caesar Shift Cipher that Julius Cease would use to send his letters. He would simply replace each alphabet with the next one. This was made more complex by constantly changing the number of alphabets that would be juxtaposed each time.

As long as the origin and the recipient knew this number (called the key), the message was secure and indecipherable for anybody who may intercept it. As long as the key was safe, the secrecy of the message remained intact.

You will notice that most services offer AES encryption. AES is a widely used symmetry-key cipher that was initially used by government organizations because of the ease and speed it provided. I guess you could call it an advanced version of the good old Caesar Shift Cipher. Which creates the challenge of keeping the key secure in hyper-connected cyberspace.

RSA is a heavy duty asymmetric algorithm. As an asymmetric encryption algorithm that uses a public key and a private key so that decryption requires two-step verification. The ‘certificates’ you often see your browser exchanging while you surf are the public keys.

 

3.  PPTP

Introduced by Microsoft with Windows 95, PPTP now comes with most operating systems and is one of the weakest encryption protocols today. Only recommended for use in bypassing basic geo-restrictions as the light-weight PPTP does not have an impact on speed.

 

4.  OpenVPN

OpenVPN is built over the OpenSSL encryption library. The open-source encryption protocol is known to provide adequate data security when used with AES encryption. Even though it is not built in to most software, we recommend it and encourage you to download the easily available third-party OpenVPN software.

 

5.  L2TP/IPSec

L2TP is a VPN protocol that is usually implemented with IPSec encryption. It is more secure than PPTP but problematic when used with firewalls. Using L2TP/IPSec can take a bit of toll on speed as it is a two-step process.

 

6.  SSTP

Introduced by Microsoft with the Windows Vista Service Pack 1, it was built over the SSL encryption library like OpenVPN and is best used with AES encryption. It is safer and faster than L2TP/IPSec, and is widely regarded as Microsoft’s version of OpenVPN.

 

7.  Are There Any Weaknesses In Encryption?

The problem with using standardized encryption such as the more common AES and RSA, and the less common SHA-1 and SHA-2, is that almost all of them have been the target of NSA’s cracking attacks in the last few years. To start with, the US government’s NIST (National Institute of Standards and Technology) take an extraordinary interest in developing and certifying encryption protocols, which explains why Edward Snowdens allegations about government tampering and back-door injecting might have weightage.

Why are we still using these encryption protocols? IT manufacturers and contractors use these encryption protocols because failing to use them would be deviation from NIST’s standards that must be complied with in order to operate in the US.

Most people don’t mind the government snooping and the spyware infiltration. They feel that they have nothing to hide and are ok with relinquishing their right to privacy. Others feel that their privacy should not be taken for granted and that they have the right to decide whether or not they wish to be monitored.

Users have begun to use open source options such as Tor and OpenVPN (more discussed below) in order to stay off the government and corporate grids when using the internet.

 

8.  What Is Perfect Forward Secrecy?

Perfect Forward Secrecy is a technique used to ensure that encryption keys remain safe and that the leakage of a single encryption key does not jeopardize other keys in the same session via a domino effect.

Had the government allowed IT manufacturers to implement perfect forward security at the consumer level, the Heartbleed bug would have never earned a place in the history books.

 

9.  How Does Perfect Forward Secrecy Work?

A secret key is used to create a secret key, that is then used to create a session (cipher) key, that is used to encrypt data. Data integrity is directly reliant upon the confidentiality of the session key. Which means that any data that is stolen and saved in its encrypted form (which is a hobby loved by the NSA and hackers alike), will become readable if the session key is recovered and used to crack the secret key in the future.

Perfect Forward Secrecy is a method of creating and using short-term secret keys. This makes the session key useless for anybody who might acquire it in order to decrypt stolen/stored data.

 

10.       What Is The Heartbleed Bug?

Countless cases have been recorded in which globally recognized internet security methods have crumbled and left users vulnerable. The Heartbleed bug is this century’s biggest security fumble to date.

According to the research done by the good people at CNet, Heartbleed happened because of a security vulnerability in the OpenSSL software that allowed hackers to access users’ access credentials for around 500,000 websites.

Under the cover of the heartbleed bug, hackers were able to siphon out data without setting off any alarms. By stealing 64 kbs of data at a time, hackers were able to stay under the radar while collecting data that included login credentials and cookies. Hackers were also able to steal certificates (encryption keys) used for email, instant messages, etc.

 

11.       Is The Heartbleed Bug Still A Security Threat?

Only a set of specific versions of the OpenSSL software came under fire from the Heartbleed bug and websites that ran the unfortunate version were quick to patch up the weakness. Users were also instructed to change their log-in credentials in case hackers had managed to grab hold of any information before the bug was patched.

The Heartbleed bug had been around for around two years until it was discovered. It was unclear if hackers had been able to find and exploit the bug during that time. It was, and is, also impossible to ascertain if any information had been stolen during that time. Only reactionary measures could be taken by patching the weakness and changing the passwords.

The Heartbleed Bug serves as a solemn reminder of the fact that there are weaknesses in the codes that we trust today, and we may not always be the first ones to find them. However, experts say that the Heartbleed Bug would have never been a threat if we were using End-to-End encryption.

 

12.       What Is End-To-End Encryption?

This is the perfect form of encryption since it ensures that data is encrypted at all times during transit. Companies like Microsoft promise to encrypt your data, but only do so on their servers, and have the right to decrypt your data for any third-party at will. This is what happened when Microsoft and the NSA collaborated to work on the Prism program.

 

13.       How Does End-To-End Encryption Work?

End-to-End encryption starts on your end – may it be your laptop, desktop, mobile, or console. Your data, once encrypted, is then transmitted in the encrypted form and is not decrypted until it reaches its destination.

Any third party (corporate, governmental, etc.) with or without authority, will not be able to collect and read your data, with or without a warrant. That is why corporate IT giants are never given permission by the government to give consumers access to end-to-end encryption. That is also why users looking for genuine end-to-end encryption have to use external software designed for the specific purpose of providing uninfluenced end-to-end encryption.

 

14.       Is My DNS Activity Saved?

Contacting the DNS and communicating with it to be forwarded to the website’s server address can take up precious seconds, which is why internet browsers are designed to save DNS histories. Your DNS history is cached but not exactly placed in a secure vault. As a result, anybody who gets his/her hands on it can track your internet activity using the DNS history like breadcrumbs.

 

15.       How To Clear Cached DNS Entries?

Fortunately, flushing your DNS cache hardly takes a minute.

1) Open the command prompt

2) Type in “‘ipconfig /displaydns” and hit enter to view your cached DNS entries

3) Type in “ipconfig /flushdns” and hit enter. You’re done!

 

16.       What Are Flash Cookies And How Do They Work?

You can delete your history all you want, but Flash cookies will still remain and bypass your browser’s cookies privacy settings. A Flash Cookie is essentially a ‘Local Shared Object’ that websites use to keep track of users’ browsing activities.

Websites claim that they use Flash cookies in order to identify returning traffic, but fail to explain why users who wish to delete their browser’s cookie cache are not given control over the management of Flash cookies.

The unmonitored installation and unpreventable execution of flash cookies is possible because big shot internet browsers like Chrome, Firefox and Mozilla are heavily reliant on cookies to monetize their services.

 

17.       How Do I Delete Flash Cookies?

There are user-friendly applications that can help you gain control over flash cookies. Users who don’t want to install additional software to get rid of flash cookies can access Adobe’s Flash Player Help portal to delete the flash cookies manually by following these simple steps.

  • Go to the Flash Player Website Storage Settings
  • Click on the button marked ‘Delete all sites’
  • Uncheck the box for “Allow third-party content to store data on your computer”

You can also disable the automatic storage of Flash cookies in two steps.

 

18.       What Are Zombie Cookies?

True to the name, the Zombie Cookie is like a Zombie, and comes back to life after it has been killed (deleted). Unlike a Flash Cookie, you do get to delete a Zombie Cookie, but that doesn’t mean it’ll be gone for good.

Zombie Cookies survive deletion by remaining alive outside the standard cookie storage area. There are about a dozen client side storage locations where Zombie cookies can hide. Websites use Zombie cookies to track users’ websites visits, as well as to block banned users. The unauthorized functionality of these cookies is often categorized as a security breach and frowned upon by privacy advocates.

 

19.       What Is A DNS?

Each website is hosted on a server, and each server has a unique IP address that is the actual name of the website. A URL is like a nifty packaging that helps users access websites by memorizing website names instead of IP addresses. Every time you enter a URL and hit ‘GO’, the Domain Name System (DNS) functions like a telephone directory and redirects your website request to the respective IP address.

Domain Name Systems are often used by ISPs and governments to control internet access in specific regions. This is accomplished by editing the DNS library so that it reroutes all requests for a specific website to an alternative defined page.

 

20.       How Can I Control My DNS?

However, DNS are publicly accessible and users can switch DNS through a little bit of manual tweaking that is allowed by almost all modern internet enabled devices.

Internet enabled devices cannot function without using a DNS, which is why it is made to be configurable. You can replace your device’s DNS of choice by simply copy pasting the details of your preferred DNS in the settings.

 

21.       OpenSSL

OpenSSL was built over SSL (Secure Socket Layer), which was developed by Netscape, and is now implemented in its much more evolved version: TLS (Transport Layer Security). Websites that use SSL have URLs starting with HTTPS. OpenSSL was built to provide an open-source version that allowed mass implementation.

TIPS

 

1.  The Threat Of Untrusted Websites

Sometimes, your internet browser will stop you from accessing a website and tell you that the “Connection is Untrusted”. You will have the choice of bypassing the block and proceeding to access the website. However, it is strongly recommended that you do not proceed as your browser may have detected that the site does not support HTTPS and will not facilitate any form of data encryption.

 

2.  Third Party Apps

Installing a third party app is basically allowing your phone to pass on your information to others. According to a research by Kaspersky, almost 90% of the mobile malware is designed to hit the Android platforms. Even though iOS is considered as a heaven for the app users, it has also been subjected to various malicious app hack attacks.

Apple – known for its strong SSL web protection and jailbreak-free app store, was affected with more than 400 third party apps that did not only expose the users to the hackers but also left them vulnerable to the online surveillance agencies. The attack was, however, confined to the Chinese region only.

 

3.  Third Party Ads

Similarly clicking on the fancy ads in the Android apps is also one of the reasons why your security is regularly compromised without your knowledge. There is a reason why President Obama is asked to stick too BlackBerry for official use, even though, he personally likes to use the Apple products.

If you think your online security should not be violated, stop using third party apps. If you are an Apple user, do not jailbreak your device. It destroys the additional layer of security that works as a shield to protect you from the snoopers. Similarly if you are an Android user, do not download and install an app, outside of the Google PlayStore.

The apps in the PlayStore are safe (most of them) and are included after Google clears them of all sorts of malware. Before installing and agreeing to the terms of apps, always check what the app will access in return. If the app isn’t popular and asks for the access to your Gallery and Messages, rethink, would you want to install something that might harm your online privacy in return.

 

4.  Google Search History

How often do you delete your search history? In addition to your internet browser’s history, Google maintains a search history that does not get deleted when you delete your browser’s history.

Visit ‘google.com/history’ to see your search history and you will be given an immediate listing of the websites you visited most frequently in the previous days, weeks, months and years. Google records all search and browsing activity that you carry out when logged into Google. Anybody with access to your Google account will be able to see your search history.

Google Search also includes your YouTube history and your Location history.

 

5.  Secure Your Email

An email always has three copies. One gets stored in your Sent items folder, another stays in the recipient’s Inbox, and a third gets stored on the email server. You can delete your copy and have the recipient delete theirs, but you have no actual control or oversight over the third copy, which can be duplicated and circulated without your knowledge.

Moreover, understand that any email service provider that does not offer encryption is not equipped to ensure your email privacy.

ProtonMail provides an excellent example of an encrypted email service. The free open-source email service is web based and works a lot like Gmail. It is one of the most commonly used and widely trusted email provider that offers end-to-end encryption.

 

6.  Secure Mail For Gmail

Google knows that you don’t like the way it snoops around your data, but it doesn’t want to lose you either. That is why Google made Secure Mail for Gmail.

Secure Mail for Gmail is a Google Chrome extension that allows you to encrypt your email with a cipher key that will be required to decipher the email. Google claims its servers will not be able to understand your data as it will be encrypted by the cipher key when it passes through, and will only be readable by the recipient when they enter the cipher key upon receiving the email.

This is a classic example of symmetric encryption (explained above).

The first limitation is that you will have to trust Google not to read your email as you type it in or in its unencrypted form. The second limitation is that it only works for Gmail, and does not support any other email services. Also, Secure Mail for Gmail only helps encrypt the email message and does not secure attachments in any way.

 

7.  Security Issues With Backing Up Data On The Cloud

Any data you store online is stored on the cloud and not all cloud storage is safe. For instance, you might recall that Apple’s iCloud got hacked in 2014. Apple offered users automatic backup services and saved their data on the iCloud servers.

Backing up your data is a naturally sensible decision, but using an encrypted storage platform is a choice. Apple’s iCloud hack revealed that the larger they come the harder they fall. Instead, users now choose to trust services like SpiderOak, Wuala, etc., instead of popular choices like Dropbox, SkyDrive, and Bitcasa.

 

8.  Mobile Options

Users who don’t want to get into the Cloud mumbo jumbo use local encryption options to encrypt data without placing it on an external server. A viable alternative in such cases is to encrypt files on your device.

(i)     Password Protection

Place a lock on your mobile device as well as all sensitive applications and data folders in it. Lock you data folders, all applications containing your personal information and information about your contacts, and on your camera.

(ii)   Data Protection

Protect your data by using mobile encryption options. One way to do this is to use a VPN. You can either use a VPN every time you connect to the internet, or use Orbot – Tor’s mobile app for Android.

(iii) App Vigilance

Don’t install apps that demand unnecessary access permissions and make sure to read up on any app you want to install before you hit the ‘Download’ button. Increasing ransomware and malware threats can make your life miserable.

(iv) Identity Protection

Your identity is your most precious asset, and hackers know this even if you may not. If possible, use secondary email accounts on your smartphone so that your mobile activity cannot be linked to your primary accounts. Never reveal all your personal details to any app or platform.

 

9.  Antivirus

An anti-virus is only as good as the virus definitions it is equipped with. Make sure to allow automatic updation of your Virus definitions and to install the latest version of the software. Do not install two anti-virus software at the same time as doing so may result in a barrage of errors.

Most AntiVirus software function on the freemium system. This means that you will get basic protection at the basic level, and advanced features will only be unlocked once you have bought the premium plan.

Most internet users are under the impression that the basic packages are suitable for domestic use and only buy the premium service for their work systems. Unfortunately, privacy threats are well aware of this trend and are therefore designed to target users during regular internet activity instead of official internet activity.

Common Antiviruses include Avast, Avira, Norton, Kaspersky, McAfee, AVG, BitDefender, Sophos, etc.

 

10.       Anti-Malware

Any software that can cause damage to your data security and privacy is classified as malware. However, this does not necessarily have to be a software, and can be a script, code, etc.

Malware can cause damage to your privacy in numerous ways. Common examples include:

  • Worms use networks to spread and are usually stand-alone data predators
  • Viruses usually destroy or edit data openly and damage is instantly visible
  • Trojan Horses are malware threats dressed as legitimate software
  • Backdoors allow exploitable weaknesses and/or loopholes in the original code

Most AntiVirus are good enough to detect and remove most Malware threats that are in the form of software. But AntiVirus is rarely able to identify malware that is pretending to be legitimate and has been installed as a component to a legitimately installed application.

 

11.       Switch To Linux

Moving to Linux can be difficult because it is open source doesn’t have the same streamlined distribution and support back up as Microsoft’s Windows OS. But picking a commonly used Linux distro like Ubuntu, Linux Mint or Fedora can solve that problem. That way you can avoid any cumbersome installation process, and take advantage of the Live Boot feature.

(i)     Support

Linux may not have the same support as Windows and Mac, but exposure to the open source community has helped make it one of the most secure Operating Systems in the world at this time.

(ii)   Security

Most malware, spyware and viruses are built to target Windows and Mac users, leaving Linux users safe and unthreatened. This doesn’t mean that you won’t need an antivirus, but it will tilt the odds in your favor.

(iii) Control

Linux is a secure, lightweight, free and fast OS that is as flexible as it is customizable. There are no free reigns or unmonitored background processes in Linux, placing your data privacy and security squarely in your control.

 

12.       Password Protect Your Bios

Setting up a BIOS password is one of the oldest techniques to ensure your data privacy. It works by restricting access to your Operating System. Simply put, nobody will be able to edit, delete or exploit your files if they cannot access them. Even though the BIOS password is fairly popular amongst desktop users, it is usually recommended for laptop users as cracking/bypassing it requires tampering with the hardware.

If you don’t already have a BIOS password setup, your OS will allow you to enter the BIOS on system startup. Depending on your OS and the version of your OS, you will be required to press a designated key to enter BIOS during the startup process. Some users might see UEFI settings instead of BIOS, which is pretty much the same.

Make sure to edit the boot order so that booting is only possible through the hard drive. Particularly if your system is located at a public place and is frequently used by people you have no reason to trust.

 

13.       Using Secure Passwords

Setting a safe password is the first step to ensuring privacy and security. There are a few cardinal rules that must be followed in order to create a secure password:

  • Don’t use any word that can be found in a dictionary
  • The longer the password, the harder it is to crack it
  • Make sure to use capitalization, punctuation, and integers in your password
  • Don’t use any word that directly relates to you or your contacts
  • Don’t reuse old passwords
  • Don’t share passwords across multiple accounts
  • Don’t type your passwords out on any email, chat IM, etc.
  • Make minor changes in your passwords every month

The password is the core of all data security. All the security and privacy measures in the world are useless if your password is vulnerable in any way.