1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Online Privacy and Security

Discussion in 'The Learning Center' started by twp, Aug 13, 2018.

  1. twp

    twp Administrator Staff Member

    Joined:
    Jun 16, 2018
    Messages:
    2,102
    Likes Received:
    1,970
    WARNING: This is a draft version. It is a work in progress... More later
    twp

    Online Security and Privacy for the Prepper


    Lesson 1: Personal Security and Privacy Risks
    Lesson 2: Software Risks
    Lesson 3: Hardware Risks
    Lesson 4: Online Risks

    Disclaimer:

    I am a proponent of the Linux Operating System. Within the context of this document, Linux represents a safer option for the Prepper, indeed for all computer users.

    Many of the risks addressed in this document are worse for those who use the Windows® Operating Systems. There are several reasons for this greater risk, but the primary one is the very large target presented by the numerous personal computers which have Windows® installed. That large target (many users) makes it more likely that a given attack will succeed. Windows® users could be said to be wearing a target on their backs...

    DO NOTE: I’m not saying the Linux is immune to online risks. Part of that is due to the fact that What you do on your computer is Your choice. Make a poor choice and you expose yourself to those risks. The other part of the Linux risk exposure is that there really are some malware which specifically target Linux systems. The good part is that they are fewer in number than their Windows® counterparts and they are more targeted at the Linux Servers than Linux personal computers. Remember, they are still out there…

    In respect to the previous statement, remember that the Servers used for online and off-line data processing are Overwhelmingly run by Linux Software.

    This is a good thing. It is also mostly outside of your control.

    Some terms to be used here:

    Computer
    : That means any device which you use to do digital work.
    The list of computers includes:
    • Mainframe Systems and File Servers
    • Desktops
    • Laptops
    • Tablets
    • Cellphones
    • “Smart" phones
    • Home "smart" power meters
    • Your digital automotive system
    • Digital Assistants such as Amazon's Echo© (Alexa) or Apple's© Siri
    • Plus devices which can communicate with each other such as: digital ovens and refrigerators (yes, they exist)
    The list is Very Long. Welcome to the age of robots.

    RISK:

    Let me start by defining Four Levels or Areas Of Risk to your online privacy and security. Each Area of Risk may involve what you do and where you are when you do it.

    Personal: That means your actions and choices while doing work with any computer.

    Software: This refers to programs or apps which you allow to run on a computer.

    Hardware: This is the physical computer you are using (see the definition above).

    Online: This is by far the largest area of risk and the most dangerous. It is NOT limited to the World Wide Web (WWW), commonly called the Internet. It also includes any connection which you make beyond the physical limits of your computer.

    The Class

    This class will consist of four sections (Lessons) which will address each of the Four Areas Of Risk. Successful completion of each section will NOT mean passing a test. Most of you are adults and as Preppers, you have voluntarily begun a learning process. For those who are not yet Adults, this may be a challenge…

    Let me make a point, as a former college instructor. The public education system, for those in it right now or who been "graduated" from it, has trained you to expect verification via testing and recognition of your accomplishment by some kind of ceremony. Welcome to the real world… You are the one who must verify your own competence. You are allowed to treat yourself to a pat on the back and a hearty "Well Done" as you finish each section. Ice cream is optional.

    Lest you feel cheated by not having to pass tests, this class will offer a set of self administered Question and Answer forms with which you can judge your own understanding of the material. Nobody said it would be easy.

    Lesson 1 – Personal Privacy and Security When Using A Computer

    By “Personal” I mean as related to yourself and your actions while using a computer. Those actions include being aware that you have a responsibility to protect yourself, your identity and your data. By extension, you also have a responsibility to protect others, such as your immediate family and friends, including their identity and data.

    Physical Security

    This responsibility means you know what is at risk. That begins with your physical security. Let’s take it as a given that you know not to stick your finger in the power socket. But do you know how to handle your computer wiring? Can you, safely, attach any peripheral equipment, connect the device to power and turn it on? That may seem too simple, but remember that everyone learned these things starting from scratch (you knew nothing about it when you started).

    Configuring your hardware

    We can’t even begin to try to tell you how to do this because there are far too many devices, each with a different set of peripheral equipment, cables and control buttons. It is your responsibility to read the instruction manual, or to have a competent person show you how to do this. End of Lesson 1. Congratulations.

    Startup Procedures.

    This is not a simple as it may sound. Yes, you will need to press the Start or Power button. Before you do that, check your power connection, and ensure that you have power at the wall plug by plugging in a lamp and turning it on. If you’re using battery power, ensure that your battery is charged and installed in the right position. If your device is battery powered, do you want to start it from battery or while it is connected to the charger? Most battery powered computers will let you do either.

    Press the power button now. Expect to see either a power-on light or the screen will light up. This should happen almost immediately. If you get no response after a few seconds, recheck your power connections. If battery powered, are you sure the battery is charged? This is where using a plugged in charger cable during startup is usually safer. Almost every battery powered computer device will allow startup while the charger is connected. Again Read The Manual

    If the battery powered device does NOT start, leave it plugged in for a few minutes to allow some charging to occur. 15 to 30 minutes is usually adequate. Push the power button again.

    If your device is NOT battery powered, and it does not start when the power button is pushed, then recheck your power cord connection AND check that you have power available at the wall plug. Do the lamp test, as described above. If you have power, but the device fails to start, consult someone who knows your device. That may mean taking it to the store where you bought it, or to a repair shop.

    Normal Shutdown Procedures.

    At this point, you should ask yourself: “Did I save my work?” Did you save the document in your word processor or copy a file to safe storage? Are you ready to turn off the device? Do this first, then continue.

    Let me start with this simple warning. Don’t unplug a computer from the power socket while it is running. Don’t remove the battery while it is running either. Always do a “shutdown” using the commands built into the Operating System. This allows that system to safely save any data and then do a series of internal steps to properly close down the electronics. This protects both the data and the hardware. Remember this is Your data…

    But, what if it won’t shutdown when I mouse click on the shutdown button?

    Glad you asked. This does happen and more often than it should. The causes are many and vary from device to device. We can’t give you precise diagnostic advice here. If it happens frequently, then take the device to someone who can diagnose the problem such as the manufacturers representative or the store from which you bought it. So, what can you do right now? What should you do right now?

    How do you get your device to shutdown

    Emergency or Forced Shutdown

    Remember the mantra, Don’t Unplug A Running Computer. That means don’t pull the power plug or remove the battery.

    WARNING: you do risk losing any work which you did not save before doing this… Save your work before shutting down.

    The next step is actually part of the system itself. The power button, on most computer devices, works in both directions. It can turn On the machine and it can turn Off the machine. Read the Manual… The normal procedure is to hold the power button down and wait until the device responds. This can take several seconds.

    If the device does shutdown, after this forced shutdown action, you don’t know if there was any damage done to your data. Sorry, but that is a fact of computer life. The recommended action, if you have time, is to restart your device (power button again). If it restarts, that is a good sign. Next, check the status of the last thing you were using before the forced shutdown. For instance, if you were writing a document in the word processor, check that document, be sure that it was saved correctly.

    If you don’t see any damage to your data, then do the normal shutdown procedure again. Our experience is that Most of the time, it will work as expected. You can heave a sigh of relief. If it DOES NOT shutdown normally, do the emergency shutdown procedure (see above). Then you have a problem with the device and should take it to a competent repair shop or to someone you trust who knows how to repair it.

    Congratulations. You know how to safely start and stop your device. You know how to deal with one of the known problems (failure to shutdown) which can happen to most computer devices.

    We’ll admit to being a little condescending with this, because if you are running something like a mainframe computer, the above problem would be a major error. First, most mainframes never get shutdown entirely. Parts of them may be taken “off line” while the rest of the system continues to operate. With smaller computer devices, it is normal to turn them off when not in use. If you are using a mainframe system, then you have already had extensive training in operation of the machine. Right?…

    Personal Security

    This section is about protecting yourself and your computer before, during and after you use it.

    Let’s start with where you are when you decide to use a computer device. It could be literally anywhere with hand-held devices.

    Check the area

    As a Prepper, you should be aware of your surroundings, right? It is part of being prepared… So, look around you and assess how safe it might be to turn on and use a device. Are you blocking the path? Are there people around you? Is there traffic? Are you walking? Did you see that tree before you walked into it? Not a joke, it happens more frequently than you may expect…

    If it looks safe (you’re the judge of this), then set up your device and turn it on. While you use it, DO remember to keep a watch around you. If you’re outdoors, watch for other people approaching. Watch for cars driving by, especially if they stop near you. This is basic Situational Awareness and should be familiar to you as a Prepper.

    If you’re indoors, check your area for anything abnormal. Is the dog barking, strange cars visible outside? Do you see anyone through the window? Are the doors locked?

    Bet you didn’t think it was this complicated, did you? The point is that, for personal security and privacy while using computer devices, many of us (me included) tend to tune out the world and submerge into our screens. This is “unwise” and can come back to smack you upside the head. Learn to fight the urge to submerge (pat. pend. And ©). Remember to do a periodic security sweep of your immediate area and then outside that area. Yes, it it hard to remember to do this. Practice.

    If you’re in a public area, such as the library or a restaurant, where you can use your device and frequently even connect to the ‘net, learn to exercise Situational Awareness. That is not just a Prepper buzzword. It means to keep some of your attention on your surroundings and don’t let yourself be caught up in what is happening on your screen. Really, practice this Every. Single. Time.

    Personal Precautions While Online

    These precautions are your actions and behavior in whatever you are doing with your device. It covers several areas; protecting your passwords, avoiding giving out personal information like name and address, learning to recognize “Phishing” invitations on websites and email, not believing everything you read online is the truth (really!). One online area in which to Be Especially Careful are the Social Media websites. You must know someone who is unable to stay away from one or the other Social Media sites. Perhaps it is even you… Be honest because it is your online security… You are tested every time you use Social Media.

    If you don’t know what I’m discussing here, consider using an anonymous search engine to look up terms. That means NOT using the “big engines” like Google©, Bing©, Yahoo©, or similar search engines. Use an engine which DOES NOT keep a record of your search results and does not record your identifying information. I recommend two: Startpage.com and DuckDuckGo.com. These are “meta search engines” which will use your search terms but Not your IP address when they submit those terms to the big engines. You get to see the same results, but you remain anonymous. Startpage and DuckDuckGo use their own IP address to send a search request, not your IP address.

    One action you can take, with your browser, is to REMOVE the default search engines and replace them with Startpage and DuckDuckGo. Almost all browsers offer an editor to change the search engines. I have removed Google®, Yahoo®, Bing®, etc. from all of my various browsers. Everything is done using Startpage as the default search engine and DuckDuckGo as the alternative. You can reverse that priority if you wish. Keep your privacy.

    Remember, the Meta Search Engines will still return search results from engines such as Google®, Yahoo® and Bing®. You don’t lose anything using the Meta Search Engines. Be aware that the result will NOT be in the same sequence because nobody is paying to have their sites placed higher in the ranking, ie. no paid ads at the top of the search results...

    Lesson 2 – Software Risks With Your Computer

    This section will discuss the types of risk which may be part of the software installed on your computers.

    These risks can be broadly classified:

    Malicious programs (Malware) intended to stop your system from running or to damage your files and/or your actual computer hardware.

    Malicious programs (Malware) which hold your system for ransom.

    “Phishing” attempts via website, phone, email or social media which want you to give away your financial and/or identifying information.

    Phishing - Infogalactic: the planetary knowledge core

    Tools which will track you on the Internet and record your actions in their database(s).

    Malicious Programs (Malware) to both avoid and be aware of when you encounter them.

    There are many of these and this class cannot begin to cover them all.

    From the InfoGalactic Knowledge Database, this general definition will give you a good idea of what Malware is.

    ...'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

    This URL will do a search of the InfoGalactic Knowledge Database using the search term “malware”:

    https://infogalactic.com/w/index.ph...h&search=Malware&ns0=1&ns4=1&profile=advanced

    Note the number of ‘hits’ returned, which will give you some idea of the scope of this problem. The results should be sorted in order by Date.

    The reason we are using search URL’s to help define this problem is because there are simply too many “malware” instances to address in the limited space of this document. You’ll need to do some research on your own.

    Lesson 3 – Hardware Risks

    The devices you are using may present a risk to your Privacy and Security. These devices include all of those listed at the start of this document.

    Many of these computing devices allow you to download and install software which is not trustworthy. This was covered in Lesson 2.

    This lesson will focus on features of the devices themselves, which can be used by malicious software.

    Four of the main problem hardware, beyond the computer itself:

    Cameras
    Microphones
    Wireless Connections
    Routers

    To a lesser degree, these hardware devices may also pose a risk:

    Internet connected Televisions
    “Smart” appliances such as refrigerators, microwave ovens and clothing washer/dryers.

    Computer Camera and Microphone Security

    For this purpose, any camera which is connected to your computer poses a risk to your security. It doesn’t have to be “built-in”.

    The software which uses the camera data feed is reading and storing the information, either on your memory device (hard drive, SSD, USB drive etc.) or in temporary RAM storage. All of these storage locations are vulnerable to hacking by other software.

    In additions, some cameras have built-in memory which may also be accessed and read by malicious software.

    The Risk:

    Your image, or that of family and friends may be stolen from your camera data.

    Images of the interior of your home/office/business may be stolen from that data.

    Your actions may be recorded by your computer camera. Think about being watched when you enter a password on your keyboard or dial the combination to your safe. Paper documents may be viewed by the camera if they are in range.

    See the next section on microphones which may be used along with the camera to record your conversations.

    What can you do?

    The most obvious action, on your part, is to turn off or unplug the camera from your computer. If the camera is built-in, this may not be sufficient because the camera can be activated by software control without your knowledge.

    Next, you may (should) put a piece of opaque (not transparent) tape over the camera lens. Never take it off unless you absolutely must use the video data feed of the camera output. When you are done recording, put the tape back over the lens…

    Now you have to ensure that the recorded data is stored in a secure location… Ask yourself if you are absolutely sure that only one copy of the camera data was saved… Malicious software may have made a second copy.

    Sadly, there are instructions available, on the Internet, on using your computer camera as a “security” camera to watch your home… That means either storing a copy of camera images on your computer, for later review by someone, OR it means making the camera data feed available to the Internet (a Webcam) for viewing from another location… This kind of defeats the whole purpose of home/office security… It is also not limited to only your built-in camera, as more than one “security camera” may be attached to a computer at the same time. For instance, you may want to watch all the rooms of your home/office or even place camera outside the home/office. This is a two edged sword.

    Since you may have a valid reason to make video data recordings of your home/office, for security purposes or for business use, I HIGHLY ADVISE that you do some serious study on the risks and how to avoid them. Remember that there IS NO SECURE WAY to be 100% sure that your data remains private.

    The best advice I can offer: Don’t make the recording in the first place and Always keep your camera lens covered.

    Microphone Usage

    For many of the same reasons as using a camera, the microphone, either built-in to your computer or externally connected, pose a very similar risk to your security and privacy.

    Consider that the microphone may “hear” everything which is said in a room. Everything… It may be digitally recorded, either on the local computer memory or via a wireless connection to other devices.

    Worse, you cannot block the microphone, even if you put a plug over the microphone “hole” in your computer.

    Even if you go into your computer software configuration and turn the microphone “off”, it may still be reactivated by malicious software.

    Some people have gone to the effort of opening the computer case and cutting the wires connected to the microphone. Not everyone has the technical knowledge to do this. Better buy a computer which has NO built-in microphone or camera.

    Of course, if it is too late, and you already own a computer with camera and microphone, you can exercise Situational Awareness and guard what you do and say in range of these devices. Keep your mouth shut. You’ll need to advise guests to do the same when they are near enough to be seen/heard by the devices… Yes, it is a PITA.

    Consider selling that computer and replacing it with one which does NOT have a camera and/or microphone. It is safer (not 100%) to us external cameras/microphones and only attach them when you must make a recording.

    Paranoid? Absolutely. Better safe than sorry.

    Wireless Device Security

    Obviously, again, the most secure action is to NOT use these devices in the first place.

    Just as obvious is that this is not feasible for the great majority of computer users. We (myself included) need to have access to the world of the Internet. While that may be done using hard wired (non-wireless) connections, that is becoming less common, being replaced with wireless connections.

    So What Can We Do For Wireless Security?

    First, learn the habit of password security. Stop using simple passwords (“password123”). Stop using the same password for multiple applications (guilty here too). If one application is “broken” by malicious software, your password may be used to break into other applications. Simple idea, but...

    As noted earlier in this document, I use Linux, which is a password aware operating system. This is in contrast to the Windows® Operating Systems, which, while they may use passwords for some operations, are not designed with security in mind. A word to the wise…

    Router Passwords

    Many of use use a wireless router, frequently provided by our ISP (Internet Service Provider). That router has a password. Usually, the password is supplied by the ISP and is included in your documentation for the router. DO CHECK THIS! Sometimes, the ISP or the router manufacturer will use a generic password such as “guest123” or other common, easily guessed password. CHANGE THIS PASSWORD… You may need to discuss this with your ISP, but it is a major access hole in your privacy. Pick a secure password: Long, at least 20 characters, secure, using both letters, numbers and other characters ( !@#$%^&*_+-= ).

    Don’t worry about trying to remember it, you will configure your wireless connection to remember this password. DO write it down in a secure location. Yes, some people advise never writing down your passwords. I disagree because I have Many passwords and could never remember them all…

    Password Keeper Software

    This topic is why bar fights break out… This is my view on why and why NOT to use such tools:

    Pro:
    • They make remembering unnecessary (too easy?).
    • They can be backed-up on a USB stick.
    • The passwords are stored in encrypted form.
    Con:
    • They use a Master password for access to the list. One key to the treasure chest of all your passwords…
    • Malicious software may be looking for this, making theft easy.
    • The Master password you choose may be too easy to guess (see above).
    Creating Passwords

    I recommend this method;

    1) Pick a sentence which is at least 20 words long. For example:

    “The Quick Brown Fox went to the local bar looking for chicks to pickup and take home to meet his Mother”

    2) Create a password using the initial letter of each word:

    “TQBFwttlblfctpathtmhM”

    Notice the mixed case (upper and lower case characters).

    3) Pick one or two words to change to special characters, for instance;

    the = “$”

    to = “*”

    “TQBFw*$blfc*th*mhM”

    4) Add a random 3 digit number to the beginning or end of the password;

    “TQBFw*$blfc*th*mhM943”

    Now, you know the sentence and you know the special characters changes. You must remember the random 3 digit number.

    This may seem difficult, at first, but that makes it much harder to crack this password using software.

    There are other ways to generate passwords, some are totally random and long enough to make them difficult to remember. Do some research for “random password generator” and you will find many of these. BEWARE! If you run these password generators while online, then your password will be sent over the open Internet… Remember, There Is Nothing Private On The Net. TINPOTN

    Lesson 4 – Online Risks

    This lesson covers the broadest area of risk to your Privacy and Security. Once your device is connected to the Internet OR it is connected to local wireless tools, it is accessible to outside inspection and operation by someone or something which is outside of your control.

    Let’s start with websites which include code to track your IP address. The IP (internet Protocol) address is a unique identifying number for your computer or the router through which you are connected to the ‘net.

    To Be Continued
     
    Last edited: Sep 6, 2018
    hypnos likes this.
  2. hypnos

    hypnos Well-Known Member

    Joined:
    Aug 7, 2018
    Messages:
    806
    Likes Received:
    823
    Bang up job on that!
    Tor Browser

    The Onion Router is a very useful tool to allow you to see all of the hidden content of the internet, while helping you remain anonymous.

    I also use the duckduckgo.org web browser almost exclusively. With extensions to view YouTube videos without visiting the website. With the demonitization of progun channels, i dont feel bad about not viewing the ads.
     
    Atlas likes this.
  3. hypnos

    hypnos Well-Known Member

    Joined:
    Aug 7, 2018
    Messages:
    806
    Likes Received:
    823
    Speaking of data related privacy, and protecting those items during a possible EMF/EMP surge, my mental standard operating procedure is to place my electronic devices in a microwave oven. The shielding built into it to protect the household from harmful frequencies escaping could probably work well in reverse.
    According to the frequency diagnostics on my cellphone, the signals of 4G and WIFI are completely blocked by this technique.
    Since almost every home, workplace, and building has a microwave oven, I see at as being a fairly simple and effective way at gaining some privacy.
     
    Atlas likes this.
  4. Atlas

    Atlas Administrator Staff Member

    Joined:
    Mar 4, 2016
    Messages:
    3,172
    Likes Received:
    1,259
    I've heard that the microwave trick works good, but have never tested it. Thanks for that tip.
     
    hypnos likes this.
  5. hypnos

    hypnos Well-Known Member

    Joined:
    Aug 7, 2018
    Messages:
    806
    Likes Received:
    823
    it is a little bit on the Jason bourney side of things but it actually does seem to work.
     
    Atlas likes this.