This guide is a complete update to include all of our privacy and security tool recommendations.
The world is changing fast and your private data is at risk. Numerous entities, both public and private, are working hard to track, monitor, and record your digital activities. There are many reasons for this:
- Advertisers (including Google and Facebook) want to know everything about you, including your web browsing history, location data, contacts, and more. This makes it easier (and more profitable) to serve you targeted ads and influence your purchases.
- In an age of pandemics and lockdowns, many governments around the world are working hard to track movement and biometric data of their citizens.
- ISPs (internet service providers) are spying on their customers and feeding this data to various government agencies. In many countries, this is not only legal, but required. See for example in the United Kingdom (with the Investigatory Powers Act), United States (Senate Joint Resolution 34), and now also in Australia (mandatory data retention).
- The internet is also becoming less free due to censorship efforts and content blocking. Whether it is China, Germany, the UK, or the United States, various groups are working hard to censor content online.
But don’t get discouraged. Alternative technologies are experiencing a renaissance as awareness about these issues grows and people seek out solutions. Indeed, for all of the problems listed above, we find excellent solutions to give you more privacy, security, and freedom in your digital life. And that is the purpose of this guide: to give you solutions. Here’s what we’ll cover in this guide:
- Secure and privacy-focused browser
- Virtual Private Network
- Ad blocker
- Password manager
- Secure and encrypted messaging
- Private search engine
- Private email
- Operating system
- Antivirus software
- Conclusion
But before we begin, one key consideration is your threat model. How much privacy and security do you need given your unique situation and the adversaries you may face?
Most people today are seeking protection against online tracking by advertising networks as well as a higher level of privacy and security. Others, such as investigative journalists working with sensitive information, would likely need an even higher level of protection. So keep this in mind as you proceed. Everyone is unique in their approach to privacy and security; there is no one-size-fits-all solution.
So here’s what you need:
1. Secure and privacy-friendly browser
Everyone needs to be using a secure and privacy-friendly browser for three important reasons:
- Browsers have a large attack surface and can be compromised in many ways.
- By default, most browsers contain lots of private information, including your browsing history, usernames, passwords, and autofill information, such as your name, address, etc.
- Browsers can reveal lots of identifying information about your location, system settings, hardware, and much more to third parties.
Secure Browsers: Based on my own tests and experience, here are the most secure browsers that also respect your privacy:
- Firefox (modified) – Firefox is a great browser for both privacy and security after doing some modifications. It is highly customizable to give you the level of security and privacy you desire, while also being compatible with many browser extensions. See my guide on how to modify Firefox for more privacy.
- Iridium – Iridium is a Chromium-based browser configured for privacy, with the source code published on Github. It might be a good option if you need a Chromium browser (don’t use Chrome).
- Brave – Brave is a chromium-based browser that is very privacy-focused right out of the box, unlike Firefox, which requires some customization. By default, it will block ads and trackers, and it’s also customizable, fast, and has built-in protection against browser fingerprinting.
- Gnu IceCat – GNU IceCat is another fork of Firefox, created by the people at the GNU free software project. IceCat meets the definition of “free software” and it also includes some privacy add-ons and tweaks by default.
- Tor browser – The Tor browser is hardened version of Firefox that also utilizes the Tor network by default (but this can be disabled).
- Ungoogled Chromium – As the name suggests, Ungoogled Chromium is a stripped-down Chromium browser that has been “Ungoogled” for more privacy. Source code is here.
- Bromite – Bromite is a Chromium-based browser for Android platforms only (no support for desktops). It is a great mobile browser with ad blocking and built-in privacy protections.
Of course, there are many browsers on the market and choosing the best one all comes down to your own needs and tastes. Chrome, Opera, Safari, and Vivaldi also get some attention, but they’re not the best choices from a privacy standpoint.
Browser add-ons worth considering – As discussed in the Firefox privacy guide, here are a few good browser add-ons that you may want to consider using:
- uBlock Origin – A powerful blocker for advertisements and tracking.
- HTTPS Everywhere – This forces an HTTPS connection with the sites you visit.
- Cookie AutoDelete – Deletes those unwanted tracking cookies.
- uMatrix – While this may be overkill for many users, this powerful add-on gives you control over requests that may be tracking you on various websites.
- NoScript – This is a script blocker that allows you to control which scripts run on the sites you visit.
Worth mentioning: Don’t use a browser-based password manager, which will store your usernames and passwords in plaintext, thereby leaving them vulnerable to exploitation (discussed more below).
2. Virtual Private Network (VPN)
Using a good VPN (virtual private network) is one of the simplest and most effective ways to protect your privacy, secure your devices, and also access blocked content online. A VPN is a critical tool to be using, especially with internet service providers spying on their users.
Here are some of the problems that VPNs solve:
- ISP Spying – A VPN will encrypt and anonymize your internet connection. This makes your traffic completely unreadable to your ISP and other third parties.
- Blocked content – A VPN will let you easily get around blocked content and censorship. Simply connect to a VPN server in the region you need and access the website or stream as normal.
- IP and location tracking – Many websites and advertisers track users through their IP address. With a VPN, your IP address and location will be replaced by the VPN server’s IP address and location.
- Copyright issues – Torrenting and streaming media from third-party sources can come with some risk in the form of copyright issues. A VPN will anonymize your IP address and help keep you safe.
I have tested all of the popular VPN services and the results can really vary. Below the the top 3 best VPN services for 2021:
$3.71
[68% discount]
(30 day refund)
Review
(NordVPN)
$2.49
[81% discount]
(30 day refund)
Review
(Surfshark)
$6.67
[3 Months Free]
(30 day refund)
Review
(ExpressVPN)
Above are the top three VPNs that performed well in testing for the respective reviews. We have other recommendations and providers in our guide on the best VPNs for 2021.
And if you are new to VPNs, we have a general VPN overview here, which covers all the important details.
3. Advertisement, tracker, and malware blocker
A good ad blocker is essential for privacy and security reasons. From a privacy perspective, it’s important to block ads because they also function as tracking by recording your online activity to create an intimate user profile. This data is then used for targeted ads and/or sold to other parties.
Ads are also risky from a security perspective because they can contain malicious code that can infect your device when a web page loads – no clicks required.
Effectively blocking all ads is the only way to go. Here are a few different options from our guide on the best ad blockers:
- Browser ad blocker extensions – Browser-based ad blocker extensions, such as uBlock Origin are quite popular, but they also come with some tradeoffs. Online ads may still be using up resources and tracking you, even if the ads are not being displayed. Choose your ad blocker carefully – some ad blockers, such as Ghostery and Adblock Plus will collect user data for profit and/or show you “approved” ads.
- Ad blocker apps – A dedicated app will most likely do a very good job blocking ads on your device. One popular and well-regarded option is AdGuard.
- VPN ad blocker – Another option is to use a VPN that offers an ad blocking feature (VPN ad blocker). I tested various options for the VPN ad blocker guide and found most to work well.
- Ad blocking on a router – Ad blocking on a router can be accomplished various ways – from using ad blocking DNS to loading custom filter lists onto your router.
- Pi-hole – Pi-hole is a network-wide ad blocker that functions as a DNS server and can be deployed in various ways. It is most often used on a Raspberry Pi, connected to your home router (but there are many other different setup options).
The best ad blocking setup will depend on your situation and needs. If you have numerous devices you use at home, setting up a network-wide ad blocker would be a good solution for blanket protection. uBlock Origin remains a popular option for browser-based ad blockers. I like NordVPN with the CyberSec feature.
4. Password manager
The topic of passwords is actually quite large, encompassing password strength, password management, and password storage. In this section we’ll focus on password management and storage. Many people store passwords directly in the web browser — but this can be risky.
A more secure method is to use a dedicated password manager app. And note that a dedicated password manager can also offer browser extensions that are convenient and secure. Here’s a screenshot of Bitwarden, which is one of our favorites:
Here are the best password managers we have tested:
- Bitwarden – A free and open source password manager that is user-friendly and secure. (See our Bitwarden review.)
- NordPass – From the makers of NordVPN and NordLocker, NordPass is a secure, user-friendly password manager that has also passed a third-party audit. (See the NordPass review here.)
- 1Password – Another great option is 1Password, with many features and strong security standards for all types of devices (our 1Password review has more info).
- KeePassXC – As a locally-hosted password solution, KeePassXC differs from the others on our list. See the pros and cons of this password manager in our KeePass review.
Start using a good password manager today.
5. Secure and encrypted messaging apps
Many people are turning to secure and encrypted messaging apps over concerns with privacy and security of other popular messengers. For example, WhatsApp collects and shares data from your phone with Facebook, the parent company of WhatsApp. If you find this concerning (and you should), then consider some of the secure alternatives below.
Lastly, with the inherent limitations of email, we recommend a secure messaging app for those wanting the most secure messaging platform possible. The secure messaging apps below utilize strong encryption standards and work well for teams or individual use on various operating systems and devices.
- Signal – This is probably the most popular secure messenger with a rapidly-growing user base. It is free, open source, and very secure. We really liked how it performed in our Signal review — but also noted some drawbacks, such as the need to use your phone number for verification.
- Wickr Me – This is another great option for secure messaging, with some unique privacy and security features. Like Signal, Wickr Me is also free. See our Wickr Me review for the good and bad.
- Wire – Based in Switzerland, Wire is another great option that is secure, user-friendly, and fully featured. While there is a free version for personal use, it is hard to find, as described in our Wire messenger review.
- Threema – This is one of the few paid encrypted messengers, but it’s only $2.99 for a lifetime license. Threema is also based in Switzerland and is open source. See our Threema review here.
- Telegram – Telegram is a very popular encrypted messaging app out of Russia, but it also is not encrypted by default. See the pros and cons in our Telegram review.
With all of the people abandoning WhatsApp and going over to Signal, there’s a better chance to connect with people you know on a secure platform. This trend kicked off in early 2021 and we hope to see it continue!
Note: Also keep in mind that standard SMS text messages are not secure or private. They can be read by your phone service provider and are susceptible to man-in-the-middle attacks and also eavesdropping by Stingray devices. When privacy matters, use a good secure messaging app.
6. Private search engine
The big search engines (Google, Yahoo, Bing) record and track your searches, which helps them to build a user profile for their advertising partners.
Consider these privacy-friendly search engines instead:
- MetaGer – An open source metasearch engine with good features, based in Germany.
- SwissCows – A zero-tracking private search engine based in Switzerland, hosted on secure Swiss infrastructure.
- Searx – A privacy-friendly and versatile metasearch engine that’s also open source.
- Qwant – A private search engine based in France.
- DuckDuckGo – A private search engine based in the US.
- Mojeek – The only true search engine (rather than metasearch engine) that has its own crawler and index (based in the UK).
- YaCy – A decentralized, open source, peer-to-peer search engine.
- Givero – Based in Denmark, Givero offers more privacy than Google and combines search with charitable donations.
There are also a few “private search engines” that are now owned by advertising companies. For example, Startpage was bought out by System1, a pay-per-click ad company. For more information, see our guide on private search engines.
7. Private email
Many of the popular email providers, such as Gmail, Yahoo, and iCloud are not good choices when it comes to privacy. Would you want random people having full access to your emails, collecting data for targeted ads, or passing the information on to third parties? This actually happens.
- Gmail gives third parties full access to emails and also tracks all of your purchases by reading the receipts in your inbox.
- Advertisers are allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo was found to be scanning emails in real-time for US surveillance agencies.
If you care about privacy and the security of your data, consider these secure email services:
Email Service
Storage
Price/mo.
Website
Up to 20 GB
€4.00
(Free to 500 MB)
Up to 20 GB
€2.50
(Free to 500 MB)
20 GB+
€1.00
(Free to 1 GB)
50 GB+
€1.00
Up to 20 GB
€1.00
Up to 25 GB
$1.66
4 GB+
$4.00
(Free 1 week trial)
Up to 50 GB
$6.00
2 GB+
€4.41
Up to 20 GB
$5.00
25 GB
€3.25
Up to 100 GB
$2.95
Note: We also have a guide on encrypting email.
8. Operating system
Consider using the free and open source Linux operating system. There are many different versions of the Linux operating system designed for different types of users:
- If you want the look and feel of Mac OS or Windows, check out Elementary OS.
- Ubuntu, Mint, and Debian are other popular options.
Tails is another privacy-focused operating system that can be run live on a USB drive, CD, or SD card.
Problems with Windows and Mac OS
Windows – The latest version of Windows (Windows 10) is a platform built for total surveillance – giving corporations and governments complete access to everything you do on your machine. Aside from data collection concerns, most malware targets Windows users – another serious drawback and security risk.
Mac OS – While Apple may be slightly better in terms of privacy, it too has problems. Just like Microsoft, Apple has configured its operating systems to collect vast amounts of your private data, whether it is browsing history through Safari, connection data, location services, and more.
9. Antivirus software
While not necessarily a “privacy” tool, using good antivirus software may be wise depending on your situation. The problem, however, is that many antivirus solutions abuse your privacy and may come with some invasive and “unwanted” additions.
Just like with sketchy free VPN services, free antivirus software can also be problematic. In testing eight popular free antivirus suites, Emsisoft discovered that seven of them were bundled with PUPs (potentially unwanted programs), which can be harmful and very annoying. Tip: avoid free antivirus software!
Another major issue is privacy. Many popular antivirus suites utilize invasive data collection, to include browsing history, “suspicious” files, metadata, and more. Carefully read through the privacy policy of your antivirus before installing.
Although Restore Privacy does not devote much attention to antivirus software, one solution that offers the highest levels of security while also respecting user privacy is Emsisoft. Another potentially good option, which is entirely FOSS, is Clam AV.
See also the antivirus privacy guide.
Conclusion: Restore your privacy in 2021
That’s all for now, although this guide will continue to be updated with more privacy tools and information.
Comments?
If you have any feedback, tips, or suggestions based on privacy and security tools you are using, feel free to drop a comment below!
Do you know about fastmail, i know (australia) is part of the 14 eyes, the mailing address is located in australia. Can you do a review or more analysis on it.
Thank You.
Yep, here you go:
Fastmail Review
Hi Sven,
Thanks so much for updating this. Since I found Restore Privacy, it has been my #1 security and privacy reference tool.
While I have made the switch to Signal last year, it has taken a while to transition people from Messenger and WhatsApp over. I have now uninstalled and deleted both apps so the only way to message me is either through Signal or text messaging. As you mentioned, text messaging is not secure or private either but some opted for this option. Is there any way to secure this, however minimally?
Thank-you.
“Is there any way to secure this, however minimally?”
Not that I’m aware of.
Hello , briar is work on Bluetooth !!!
For most secure connections use SIGNAL
Best cheets
Goodluck .
Could you do a review of peer to peer messenger app Briar please?
Thanks
Please update the messenger list!
remove Keybase.io messenger as its flawed with security issues statet on your own website.
and add/review ‘Session Messenger’ instead.
thanks
For anyone who has a really old computer:
I had to revitalize a computer from ’03. It was running XP and had very low RAM and space.
These old ones do not boot from USB and must have a CD. It took all night to figure this out. So I want to help.
First, a simple OS which is very small and can be loaded on and booted from a CD is called AntiX.
This will take a little while to get your drivers working but it is really good for its size.
It comes with FF but DON’T WASTE YOUR TIME! FF is way too big and it will slow you down. Use the app store and uninstall FF and load up Pale Moon. Not blazing fast but good.
Yes, there are some steps and it must be booted from the CD but if I can save someone from spending hours of researching, I hope I can.
Hi, thansk for this awesome list. I’d also recommend privacy.sexy for Windows (also will support macOS and ubuntu distros according to dev). Open-source, rich, clean interface and does not require you to download anything.
https://github.com/undergroundwires/privacy.sexy
Websites know when I use a VPN, how to hide that? I tried to sign up with Protonmail using my Surfshark VPN. Protonmail wanted me to provide a mobile number so they could send me an SMS confirmation. Tried the TOR browser, same thing happened. I also tried to get an email account with Tutanota, but I could not sign up at all if I used a VPN or TOR. But if I connected directly with my ISP, both Protonmail and Tutanota allowed me to sign up without any problems (Protonmail asked for an existing email for confirmaition, which is a smaller security breach).
Obviously they buy lists of IP addresses that are used by the VPN providers. Is there any way to bypass that? I was thinking of using my VPN and then connect to a proxy server, but my guess is that they also have a list of IP addresses used by proxy servers. (Or use a facemask and go to a public library and sign up?)
Hi Patrick, I can almost always get through any of these services by switching VPN servers. It may take a couple of tries, but it always seems to work. Multiple signups from the same IP address will typically get the IP blocked.
One good solution is to just use a VPN with a dedicated IP that only you are using.
We here at TechNerds Inc use NordVPN as our favoured VPN.
20 of the best free tools for monitoring devices, services, ports or protocols and analyzing traffic on your network.
[https://techtalk.gfi.com/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/]
Canonical (makers of Ubuntu) has a questionable history regarding privacy…
https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
And prism-break.org is not even recommending GNU/Linux distros based on Ubuntu because of reasons discussed here:
https://github.com/prism-break/prism-break/issues/334
Still, I’m going to try out Linux Mint though, either the Ubuntu-based or Debian-based and decide for myself.
What are the good tools to see about software you have installed then it’s phoning home or literality anywhere?
I don’t know if good but i’m thinking these wouldn’t hurt in your knowledge.
Wireshark is the world’s foremost and widely-used network protocol analyzer.
Microsoft Network Monitor is a deprecated packet analyzer. It enables capturing, viewing, and analyzing network data and deciphering network protocols. It can be used to troubleshoot network problems and applications on the network. But, Microsoft quietly added a built-in network packet sniffer to the Windows 10 October 2018 Update, and it has largely gone unnoticed since its release.
A packet sniffer, or network sniffer, is a program that monitors the network activity flowing over a computer down to an individual packet level.
This can be used by network administrators to diagnose networking issues, see what types of programs are being used on a network, or even listen in on network conversations sent via clear text.
While Linux users always had the tcpdump tool to perform network sniffing, Windows users have had to install third-party programs such as the Microsoft Network Monitor and Wireshark.
This all changed when Microsoft released the October 2018 Update as then Windows 10 comes with a new “Packet Monitor” program called pktmon.exe. With the release of the Windows 10 October 2018 Update, Microsoft quietly added a new network diagnostic and packet monitoring program called C:\Windows\system32\pktmon.exe.
This program has a description of “Monitor internal packet propagation and packet drop reports”, which indicates it is designed for diagnosing network problems.
Similar to the Windows ‘netsh trace’ command, it can be used to perform full packet inspection of data being sent over the computer.
ProcMon or Process Monitor, monitors and records all actions attempted against the Microsoft Windows Registry. Process Monitor can be used to detect failed attempts to read and write registry keys. It also allows for filtering on specific keys, processes, process IDs, and values. In addition it shows how applications use files and DLLs, detects some critical errors in system files and more.
The tool monitors and displays in real-time all file system activity on a Microsoft Windows or Unix-like operating system. It combines two older tools, FileMon and RegMon and is used in system administration, computer forensics, and application debugging. Originally ProcMon was only available for Microsoft Windows. In November 2018, Microsoft confirmed it is porting Sysinternals tools, including ProcDump and ProcMon, to Linux. The software is open source.
NoScript (or NoScript Security Suite) is a free software extension for Mozilla Firefox, SeaMonkey, other Mozilla-based web browsers and Google Chrome, created and actively maintained by Giorgio Maone, an Italian software developer and member of the Mozilla Security Group.
By default, NoScript blocks active (executable) web content, which can be wholly or partially unblocked by allowlisting a site or domain from the extension’s toolbar menu or by clicking a placeholder icon.
In the default configuration, active content is globally denied, although the user may turn this around and use NoScript to block specific unwanted content. The allowlist may be permanent or temporary (until the browser closes or the user revokes permissions). Active content may consist of JavaScript, web fonts, media codecs, WebGL, and Flash. The add-on also offers specific countermeasures against security exploits.
Because many web browser attacks require active content that the browser normally runs without question, disabling such content by default and using it only to the degree that it is actually necessary reduces the chances of vulnerability exploitation.
Here is one to consider adding to this topic. Or simply expand your browser fingerprint topic to every kind of possible fingerprinting type.
Most people don’t know about device graph fingerprinting, where information about the types and number of connected devices can be used as a source of information entropy.
There’s been a fair bit of academic work about the utility of IoT traffic shaping (like-https://arxiv.org/pdf/1708.05044.pdf) but again, no practical solutions. Example only, plug a connected glucose meter in your home and your ISP collects and sells that data to the ad ecosystem.
Is there any products software/hardware which injects real device traffic in to your network and completely eliminates the situation that an eavesdropped has your true device graph.
VPNs claim to provide privacy benefits because they cloak your IP address. The problem is that IP tracking stopped really being effective years ago with the rise of modern smart phones, because your IP address is changing constantly. Tracking companies have multiple ways of getting around that now – as this given above.
Sven,
What is your view of the the EARN IT and LAED bills in the U.S. Congress? Will they prevent Internet users from having access to encrypted mail, private browsers or VPNs?
Yeah it’s really bad news for technology and privacy-oriented companies operating in the US. However, I’ve never recommended US companies when privacy is a big consideration, as I explained in my Five Eyes article. So this further matches up with the trends we’ve seen, going all the way back to when Snowden brought these issues to the forefront in 2013.
Dear Sven,
Thank you for this amazing list! Do you have any recommendations regarding 2FA apps?
Yep, we have a new post discussing 2FA here.
@Sven,
Just tried to use Wire. It required a registration of email and phone number.
I was reading elsewhere and you said you liked Wire more than Signal. Partly because of the number. Can you please expound on this for me? Thanks.
I created an account a while back and it never required any phone number. Heinrich is working on a Wire review, which should cover the issue, and should be published within the next week. So we’ll look into it.
Ok. Thanks.
Hey J.M. – Heinrich has got his Wire review out now.
https://restoreprivacy.com/secure-encrypted-messaging-apps/wire/
wire requires phone number if you are using it on your phone. you dont have to put your name. just use a handle, and email is required. desktop wire does not need phone. just email and a user name. any user name.
Sven,
Found this handy resource index and if you vet it’s offering of purpose, and like that it can consolidates people effort to have one resource to have at hand.
Place it in your Tools category page so that it’s available and easily RP reader found. Also it can help people to understand if a Web Service is all that much of a desired, after a look to it, in how difficult it is to remove an account from some of these web services…
A directory index of direct links to delete your account from web services.
https://justdeleteme.xyz/
Not only is it listing of a lot WEB SERVICES it offer’s, has a simple GUIDE, this can help people used as in knowing NOT to signup to some as the difficulty or the impossibility of some SERVICES to get their information REMOVED.
Laid out alphabetically and are colour-coded to indicate the difficulty level of an account deletion.
GREEN / easy – Simple process
YELLOW /medium – Some extra steps involved
RED / hard – Cannot be fully deleted without contacting customer services
BLACK / impossible – Cannot be deleted
Many companies use dark pattern techniques to make it difficult to find how to delete your account. JustDeleteMe aims to be a directory of URLs to enable you to easily delete your account from web services.
*Got a site you think should be added? Fork the project on GitHub.
[https://github.com/jdm-contrib/jdm]
Thanks / Sven
Interesting. Thanks Sonar.
Your Internet Experiences Dominated by Unwanted Tracking and Advertising
First let me get this out of the way, all cellphones/smartphones are tracking devices. Ha you say and a reply is Yes. But, that’s not going to be addressed today, other than your looking into Faraday bags.
Faraday bags are named after the scientist known as Michael Faraday. The concept originated from the Faraday cages, which were built by Michael Faraday to block electromagnetic fields or electromagnetic pulses. Any electric technology that you have emits these pulses, and for the most part, they are harmless. But these electric pulses are still signals and can be used for communication.
Some of Faraday blocks all major signals: 2G, 3G, 4G, 5G, Bluetooth, WiFi (2.4Ghz and 5Ghz). Not all Faraday bags offer the same protection.
Indeed, Have we entered into the age where electronic spying lurks around every corner of the web, quasi-craftily skulking in the dark shadows and slipping through the cracks to access our information that doesn’t rightfully belong to them. An image one may harbor is that of men in black trench coats and dark glasses.
Though, I’m sure their out there, most of all beings in wait periods of the offline as well the online world we are all living now. Today although, we are actually talking about technology giants, internet companies, advertisers and information brokers that occupy the undertow of search in our Internet’s use of modern day contrivance as applied science fields.
These companies that are riding that tide, as unity we must begin to turn. However, as a consumers grows more aware of how their personal information is being collected and sold, leads us to become more skeptical about whether the companies we have engaged with online. A theirs not really have our backs nor a users best interests in mind.
These entities have fundamentally turned against all consumers. They have grown up in vast empires now, profitable and powerful by trading in our information — your own personal identifiable information. The information economy has become the surveillance economy because of them. You are marked as the bull-eyes on a target of their investigations. Your every post, click and purchase becomes you as in their product of income — and most people are unaware of this profiling for profit that’s long been going on.
The neophyte rumblings have been growing louder as consumers are becoming more apprehensive of the threats to their online privacy and personal data, and increasingly doubtful to all internet companies having their best interests in mind.
People are either a little concerned or very much concerned about the issues of personal online privacy when data is taken down without any users consent. Some consider themselves as being “privacy conscious”, where they are concerned about how their personal data is tracked and used online, or another privacy sect in sociology consider themselves a “privacy activist” as they are very concerned about how their personal data is tracked and used online, and want to take actions to curb it by some restraints in changing that for themselves and others.
As most consumers don’t know where to start when it comes to protecting themselves in this electronic data age.
Over half of Americans believe that tech companies are listening to them on all of their devices. Over three quarters of Americans agree that advertising companies should not be able to collect data about them without their consent. Mostly every American strongly agree that people have lost control over how personal information is collected and used by all kinds of online entities…
Yet despite consumers fears and doubts, and their purported willingness to take some action, other data studies reveals they are unsure how to start or where to turn. A 2019 privacy survey from IBM’s Institute for Business Value found that while 81% of consumers say that in the past year they have become more concerned with how online companies are using their data. Most consumers aren’t taking any first steps action to protecting their personal data. Fewer than half (45%) reported that they have updated their privacy settings.
The National Science Board has found similar evidence of a disunion between the consumers desires to protect their privacy and their ability to take a solid actions path in conservancy. Any studies as these are just a handful among the many that echo similar consumer sentiments, while these look only at how people feel, other data examined that were focusing on internet companies methods to glean users private information indicates the real story may be even more unsettling than most consumers have actually realize in their electronic data.
The Internet or web has a dark chromospheric level and a few parts here we are to know these as:
– Online price discrimination is real.
Lets look at a afterthought as my age tells.The brick-n-mortar venue has been practicing inelasticity methods for awhile, say remembering when a pound or 3-pound container of coffee was just that in weight. Not a 10-12 ounce bag for the pound that was once sold as 16 oz. Then the 3-pound coffee containers today yields only 32-34.5 ounces, where it had been a full weights measured of 48 oz. Sugar is another example, the 5-pound bags now holds about 4-pounds of sugar. The container looks the same size and the price is close to what a full measure did cost but, the volume is quite less when studied.
By economics terms only ‘inelastic’, to a person means their relatively unresponsive to changes, as their demand for the decrease in price compared to it’s decrease in proportional size.
In practical strategies like of direct and indirect segmentation of people, there are used by companies to charge different prices to different sectors of consumers, through methods like coupons, or as buyers where student, military and even senior discounts happen and so on for catching a discount.
When price discrimination occurs online, it’s much more hidden, and the majority of consumers are unaware that it happens. In fact, many consumers haphazardly believe price discrimination is illegal — even though it isn’t. In general consort, as the Robinson-Patman Act of 1936 (called the Anti-Price Discrimination Act), it was written to control the behavior of product manufacturers and distributors, not at the consumer-facing enterprises level.
A research paper concluded that while personalization of experience has become an important feature on websites in recent years, there is mounting evidence that e-commerce sites are using personalization algorithms to implement price steering and discrimination against all pricing knowledge.
It mentions the few examples as-
* Home Depot was found to steer users on mobile browsers toward more expensive products, and noted that Android users in particular were shown prices 6% higher than other groups (this varied by products).
* Travel sites use device a type, (iOS versus Android) to present different offers to different users — Orbitz, showed iOS users more expensive hotels than Android users.
* Many travel sites perform A-B price testing, as permanently by assigning users (via cookies), to different test categories. In this study found, that Expedia was steering users toward more expensive hotels.
As Third-Party Tracking Is So Massive in Scale.
As websites go, the owner or team playing in the advertising and tracking ecosystem requires a great deal of technical skills and legal expertise. Because of these two factors, most companies online do not engage in first-party tracking — that is they do not track a user’s activity themselves. Instead, the vast majority of websites contract with advertising networks and fingerprinting companies, allowing these third parties tracker to place different trackers on their own web sites to glean in valuable user data.
When the company you are actually doing business with doesn’t really know what information is being collected, or how it is being used. It has massive implications to it’s users base and by relinquishing their WEBSITE control, online web companies have made these third-party trackers the powerful gate-keepers of user information. According to a research paper on online tracking. Website operators are often in the dark about third-party tracking technics on their own domains as well.
If a website owners can’t control who’s digging around in it’s delivery to you, and with trackers as them diggers have potentially gained the right in selling off your personal data, how are you supposed to protect yourself?
How do you know the steps in where your data ends up, or who ends up with it overall? Being able to track peoples internet usage today, including purchases, clicks, likes, sites visited and more, is akin to being able to view someone’s credit report. Third-parties trackers can access the consumer’s banking information, purchase history, demographics, political leanings, the number and ages of children, and frighteningly a lot more.
Furthermore, the third parties trackers don’t hold or sit quietly on this highly profitable personal information. They sell it off many times to those that can use it. Scared, you’re not at all alone. That means eventually any third parties trackers are driving the web when it comes to tracking it’s consumers, news to you? Surprisingly, No I’ll admit as I have studied this for some time now.
If you consider there are ten of thousand of third parties trackers present on at least two first parties sites of the top 500 most visited by U.S. web audience. Then say, perhaps unexpectedly you would relate them of the News websites having the most trackers in their effort to monetize on their content. Truly I say to you they are not alone in the tracking game.
Welcome to the age of online Surveillance my friends.
Lets Refresh – Understanding Online Tracking & Other Online Tracking Kinds:
Here are a few common online tracking methods — how it works and how you can control it.
Understanding Cookies – . . . What is a cookie?
A cookie is information saved by your web browser, the software program you use to visit the web. When you visit a website, the site might store a cookie so it can recognize your device in the future.
Later if you return to that site, it can read that cookie to remember you from your last visit. By keeping track of you over time, cookies can be used to customize your browsing experience, or to deliver ads targeted to you!
Who places cookies on the web . . . ?
First-party cookies are placed by the site that you actually visit. They can make your experience on the web more efficient using their site.
For example, they help sites remember:
– . . . items in your shopping cart
– . . . your log-in name
– . . . your preferences, like always showing the weather in your home town
– . . . your high game scores.
@ – Third-party cookies are placed by someone other than the site you are on. For example, the website may partner with an advertising network to deliver some of the ads you see. Or they may partner with an analytics company to help understand how people use their site.
These “third party” companies also may place cookies in your browser to monitor your behavior over time. Over time, these companies may develop a detailed history of the types of sites you frequent, and they may use this information to deliver ads tailored to your interests. For example, if an advertising company notices that you read a lot of articles about running, it may show you ads about running shoes – even on an unrelated site you’re visiting for the first time.
What are Flash cookies . . . ? It’s another storage area to consider!
A Flash cookie is a small file stored on your computer by a website that uses Adobe’s Flash player technology. Flash cookies use Adobe’s Flash player to store information about your online browsing activities.
Flash cookies can be used to replace cookies used for tracking and advertising, because they also can store your settings and preferences. Similarly, companies can place unique HTML5 cookies within a browser’s local storage to identify a user over time.
When you delete or clear cookies from your browser, you will not necessarily delete the Flash cookies stored on your computer.
What is device fingerprinting . . . ?
Device fingerprinting can track devices over time, based on your browser’s configurations, settings and your system basics – fonts, language, time, extensions, etc… Because each browser is unique, device fingerprinting can identify your device, without using cookies. Since device fingerprinting uses the characteristics of your system and browser configuration to track you, deleting cookies won’t help.
Device fingerprinting technologies are evolving and can be used to track you on all kinds of internet-connected devices that have browsers, such as smart phones, tablets, laptop and desktop computers.
How does tracking in mobile apps occur . . . ?
When you access mobile applications, companies don’t have access to traditional browser cookies to track you over time. Instead, third party advertising and analytics companies use device identifiers — such as Apple iOS’s Identifiers for Advertisers (“IDFA”) and Google Android’s Advertising ID — to monitor the different applications used on a particular device.
Does tracking of other “smart devices” occur . . . ?
Yes. More and more, consumer IoT devices, in addition to phones, are capable of being connected online. For example, smart entertainment systems often provide new ways for you to watch TV shows and movies, and also may use established technology to monitor what you watch – voice assistants.
Look to the settings on your devices to investigate whether you can reset identifiers on the devices, or use another web interface (browsers app), link on to another device to limit some of the ad tracking.
Controlling Online Tracking : : :
How can I control cookies . . . ?
Various browsers have different ways to let you delete cookies or limit the kinds of cookies that can be placed on your computer. When you choose a browser, consider which one really suits your privacy preferences best.
To check out the settings in a browser, use the ‘Help’ tab or look under ‘Tools’ for settings like ‘Options’ or ‘Privacy.’ From there, you may be able to delete cookies, or control when they can be placed.
Some browsers allow add-on software tools to block, delete, or control cookies. And security software often includes options to make cookie control easier. If you delete cookies, companies may not be able to associate you with your past browsing activity. However, they may be able to track you in the future with a new cookie. If you block cookies entirely, you may limit your browsing experience on the web. For example, you may need to enter information repeatedly, or you might not get personalized content that is meaningful to you. Most browsers’ settings will allow you to block third-party cookies without also disabling first-party cookies.
@ – How can I control Flash cookies and device fingerprinting and online tracking . . . ?
The latest versions of Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer – let you control or delete Flash cookies through the browser’s settings. If you use an older version of one of these browsers, upgrade to the most recent version, and set it to update automatically.
If you use a browser that doesn’t let you delete Flash cookies, look at Adobe’s Website Storage Settings panel, [http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html]. There, you can view and delete Flash cookies, and a choice gives you control whether you’ll allow them on your computer at all.
Like regular cookies, deleting Flash cookies gets rid of the ones on your computer at that moment in TIME. Flash cookies can be placed on your computer the next time you visit a website or view an ad unless you block Flash cookies altogether.
How can I control tracking in or across mobile apps . . . ?
You can reset the identifiers on your device in the device settings. iOS users can do this by following Settings > Privacy > Advertising > Reset Advertising Identifier.
For Android, the path is Google settings > Ads > Reset advertising ID. This control works much like deleting cookies in a browser — the device is harder to associate with past activity, but tracking can start anew using the new advertising identifier you’ve changed to. Reset often!
You also can limit the use of identifiers for ad targeting on your devices. If you turn on this setting, apps are not permitted to use the advertising identifier to serve consumers targeted ads.
For iOS, the controls are available through Settings > Privacy > Advertising > Limit Ad Tracking. For Android, Google Settings > Ads > Opt Out of Interest-Based Ads. Although this tool will limit the use of tracking data for targeting ads, companies may still be able to monitor your app usage for other purposes, such as research, measurement, and fraud prevention.
Mobile browsers work much like traditional web browsers, and the tracking technologies and user controls are much the same as for ordinary web browsers, described above. Mobile applications also may collect your geolocation to share with advertising companies. The latest versions of iOS and Android allow you to limit which particular applications can access your location information.
What is “private browsing” . . . ?
Many browsers offer private browsing settings that are meant to let you keep your web activities hidden from other people who use the same computer. With private browsing turned on, your browser won’t retain cookies, your browsing history, search records, or the files you downloaded.
Privacy modes aren’t uniform, though; it’s a good idea to check your browser to see what types of data it has and does store.
@ – But note that cookies used during the private browsing session still can communicate information about your browsing behavior to third parties.
So, private browsing may not be effective in stopping third parties from using techniques such as fingerprinting to track your web activity.
What are “opt-out” cookies . . . ?
Some websites and advertising networks allow you to set cookies that tell them not to use information about what sites you visit to target ads to you. For example, the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA) offer tools for opting out of targeted advertising — often by placing opt-out cookies.
If you delete all cookies, you’ll also delete the cookies that indicate your preference to opt out of targeted ads.
Cookies are used for many purposes — for example, to limit the number of times you’re shown a particular ad. So even if you opt out of targeted advertising, a company may still use cookies for other purposes.
What is “Do Not Track” . . . ?
Do Not Track is a setting in most internet browsers that allows you to express your preference not to be tracked across the web. Turning on Do Not Track through your web browser sends a signal to every website you visit that you don’t want to be tracked from site to site. Companies then know your preference. If they have committed to respect your Do Not Track preference, they are legally required to do so. However, most tracking companies today have not committed to honoring users’ Do Not Track preferences.
Can I block online tracking . . . ?
Consumers can learn about tracker-blocking browser plugins which block the flow of information from a computer to tracking companies and allow consumers to block ads – on the servers end that deliver to the sites visited. They prevent companies from using cookies or fingerprinting to track your internet behavior. Still these aids see where you go which mean what you’re doing. To find tracker-blocking plugins, type “tracker blocker” in your search engine. Then, compare features to decide which tracker blocker is best for you. For example, some of them block tracking by default, while others require you to customize it as when you’ll block tracking and he ads.
Remember that websites that rely on third party tracking companies for measurement or advertising revenue may prevent you from using their site if you have blocking software installed. However, you can still open those sites in a separate browser that doesn’t have blocking enabled, or you can disable your blocking on those sites, and yet again app’s and extensions can circumvent the block if in constant development.
[https://www.consumer.ftc.gov/articles/0042-online-tracking]
Great overview, thanks Sonar.
Thank you Sven,
eikelein, posted over in antivirus about his customers being – “home users, computer illiterate, often reluctant to learn and mostly above 45-50 years old.”
I replied back he should guide them this way as not to being remote jockeys any further and for them to get some privacy exercise here, reading of the hazards to their digital world on this site they’ve not learnt yet and what counter methods there are to know. This is just an installment of overlooked – forgotten knowledge…
So, I see people as not lazy but being generally lost in it all as the web has many bits and pieces of information, spread out, laying in wait to find. I just try to band much of it together for your readers, with this sites contained and related articles and guides contents.
And yes mid 40’s up just as junior/high school folks need to refresh or pick it up. Internet use all boils down to data that is about you and people are profiting off of it as if it were a disease we had. That’s why it’s gotten so invasive to hit the power on switch and open the Internet.
I’m wondering about how to set up a website with a hosting provider that will respect privacy. I’ve ended up in the position of constantly leaving website options that sync up with Facebook, such as Weebly or Meetup, and despite lacking much money would like an option that is more private. While getting a domain name is done, I have been looking at shared hosting for wordpress, and am confused by the idea that hosting providers such as SiteGround use Google infrastructure. I wonder if you know if this shared infrastructure means that privacy will be lost? I realize that probably if I spent more, that privacy would come easier, but I don’t have that much, so am looking at shared hosting. I very much appreciate your website as privacy is something I find very worthwhile.
Mirimir was working on an Anonymous Hosting guide, but he had to take some time off for personal reasons. Here’s something from his draft post:
A few other options are Bahnhof in Sweden and Orange Website in Iceland.
I hope MIRIMIR fairs well and it’s not for a loss or ravage that he should need our thoughts and prayers at this time.
…So good people don’t happen to bad things I hope his guild will start off as a Hosting guide at heart with a department on Anonymous use.
A simply way of say, a domain name is a name that is used to identify an address on the Internet for a particular website and any e-mail addresses configured for that site.
Most people find it hard to picture a website as more than a bundle of content. This often makes explaining the mixture of languages used and the way everything comes together, a difficult task for someone trying to do so.
If looking for distinct image, because what makes up a website can be related and linked to the physiology of a human body.
Head = |META| – |TITLE| / Body = |IMG| |A| |P| |ACRONYM|
Assembly as mundane to the extraordinary, pittance needs be impressed of the vital overlay understood to built as an anatomical look delivered.
Which the The Anatomy of a Website https://www.webfx.com/blog/web-design/anatomy-of-a-website/ would be a good link Mirimir could guide his readers.
Mirimir if you catch this – please that guide be a full tantamount relationship. At any rate, looking forward to it and your good being, as well your quick return.
Maybe covering NEWs facts.
[https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996]
[https://www.theregister.co.uk/2018/02/07/namecheap_subdomain_security_hole/]
@Kirstin
Do have a look at [https://www.namecheap.com/wordpress/] EasyWP will be
answering your privacy questions first in their Privacy Policy, the support is a great avenue as well.
[https://www.namecheap.com/legal/general/privacy-policy/]
Then with their given comparisons…
Company – Fully Loaded Time – Time to First Byte – Price Per Month
EasyWP . . . 0.7 seconds . . . . . . . 192 milliseconds . . . $3.88
GoDaddy . . 0.8 seconds . . . . . . . 200 milliseconds . . .$9.99
Bluehost . . 0.8 seconds . . . . . . . 396 milliseconds . . .$24.95
Kinsta . . . . 1 .29 seconds . . . . . . 491 milliseconds . . .$30.00
WP Engine.. 0.9 seconds . . . . . . .245 milliseconds . . .$35.00
Based on price only as the first is of the linked to it’s information above.
Then this may assist you for questions not realized yet-or come to mind [https://www.namecheap.com/support/knowledgebase/category/2239/easywp/]
Your data stays safe with us:
We use our own servers so your data stays between you and us, far away from snoopy eyes. We even give you free WhoisGuard so spammers don’t trace back to you.
Customer Approved:
Our customer service is one of the most well regarded in the industry. With EasyWP you get 24/7 customer support available all year, for free.
As the end of 2019, there were 3.84 Billion social media users worldwide.
2.2 Billion Active Facebook Accounts
800 Million Active Instagram Accounts
330 Million Active Twitter Accounts
260 Million Active Linkedin Accounts
225 Million Active Snapchat Accounts
Because our life as active web users, the elife mirror is recorded online, and a lion’s bounty we share of incriminating evidence ends up here. The Trojan Horse element, which misleads users of its true intent. The stratagem subterfuge effect if you will.
Sven what do you mean by having this on the site and it based how to it?
AS FEATURED IN:
lifehacker, YAHOO!, PCMAG()COM, ZDNet, engadget
It’s a list of publications that have discussed RP and linked to the site.
Could you add a section on MS Windows telemetry blockers, such as O&O ShutUp10 and alternatives (https://alternativeto.net/software/shutup10/), e.g. effectiveness, ease of use, whether the app includes malware or unasked for installers, etc.?
Thanks, and thanks for this entire site!
at MoisheP,
If your on win 10 I would not wait for a review to come on such products.
Get the free | donation soft I offered mentioned down some in where
sonar says says MARCH 3, 2020 in reply to h76D4Kf74 says FEBRUARY 28, 2020.
Go ahead and check it out to whats offered as it’s to do list, and with an ability to roll back any changes it’s made.
Then find a Block By Default third party Firewall that’s installed on but functions separate from the OS and could run jointly with wins baked in OS firewall. If you so wanted this. I’d not.
Cause and effects:
1) no telemetry from win 10 till next update and then run BB thereafter each time an update rolls out.
2) control any in and out bound network traffic to the system by zones as rules for installed third party apps and parts of windows OS as you see any traffic happen – once the rule and zone are set you can forget them.
3) simplest way for anyone not versed so will and less time invested for user.
IS YOUR SMART TV – TOO SMART?
•Be careful when you’re setting up your TV. Don’t agree to all the terms automatically, so you don’t miss the chance to opt-out of the data collection. If you’re reading this before you get started with a new smart TV, then consider yourself in the luckier set, because manufacturers make it harder to find and opt-out of their content-collection features once you’ve already consented to them. The way to change the settings varies for every TV, so you will need to look up the specs for your own model.
•You can simply choose to go “dumb” and not put your smart TV online. You could then, for example, run your favorite streaming service from your laptop and connect it to the TV’s HDMI port. Of course you will still be subject to whatever innate tracking is happening within the streaming service you’re using, but you’ve somewhat limited its spread.
•If you want to keep your TV smart and online, a VPN or Winston privacy box can help. Securing your home router with a VPN is a great way to encrypt your connection online, which will protect you against hackers and enhance your anonymity online thought that’s only on a software level. Winston is hardware between your modem and router and requires no VPN being used because of it’s encryption mesh network, and most ad blockers aren’t recommended as their inferior to winstons blocking methods.
ACR: Everything is connected … a little acronym or automatic content recognition. This smart TV feature makes use of just a few pixels of whatever you’re watching and sends that information back to a massive database. This data about what you watch is then used to target you with ads inside and outside your TV viewing experience. Since your smart TV is probably linked to your home router, it shares the same IP address that identifies your specific household. That shared address means that you can then be targeted — using that TV data — across all the devices connected to your home network. In other words, the same ad you saw on your smart TV can easily reappear on your smartphone.
Perhaps this practice sounds particularly scary because TV was preceded by the internet, and people remember a time when watching TV seemed to be more of a unidirectional relationship. But your smart TV can also be online, and so what’s happening behind the scenes when you watch TV is basically the same as when you go online on your laptop or smartphone — you’re being tracked and hit with ads and content geared to your perceived interests.
The way your viewing data is collected is not all that different from the way sites like YouTube or Facebook target you, often by recommending you content. After all, who doesn’t want more of what they like? A content recommending service like Samba TV, which is used by Sony and many other brands, is just one such smart TV platform that uses ACR to offer a more personalized viewing experience, while simultaneously using that data to help advertisers target you.
On an internet-connected smart TV, this collected content isn’t limited to digital information from shows that you stream via internet services like Netflix, but can also include pixel signatures from regular cable TV and DVDs. And that information can be transmitted from your TV back to the companies every few seconds.
Pressure on companies for transparent data collection:
Part of the problem here is something that’s been plaguing every facet of internet regulation: user consent and transparency. Smart TVs have been around for a while, but it wasn’t until 2017 that the FTC brought some real heat against the smart TV manufacturer Vizio, which ultimately had to pay $2.2 million for collecting viewing data without user consent. Since then, the regulatory eye has been more focused on smart TV makers. There is now more pressure on companies to be clear about what they’re collecting in the initial terms of service you see upon setting up your smart TV. But there is clearly still a problem.
When users of Samba-enabled TVs set up their system, a whopping 90% of them consent to having their viewing data collected.
Concerns about surveillance:
Now, even the FBI is cautioning people to secure their smart TVs. But, as it turns out, law enforcement is a strange bedfellow with corporate wantonness. To sum up the security connotations of TVs, phones, and the multitude of other smart (IoT) devices that are available today, a recent Harvard University report states that we can look forward to “a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will ‘go dark’ and beyond reach”. In other words, the current data-mining business model many tech companies enjoy will make the Feds quite happy too.
Like laptops and smartphones, some smart TVs have microphones and cameras in them (though the cameras have reportedly become scarcer in newer models). These cameras and mics pose the same problem that plagues every smart device that can see/hear you as well, namely that corporations can get an audiovisual window into your life and so can hackers. And while the FBI might be cautioning you against TV raiding by hackers, perhaps they should also caution you against TV raiding by the CIA — monitoring you through the camera or microphone while your TV appears to be off — something that the agency has been exploring according to Wikileaks-released documents.
How can you protect your smart TV? In 2018 114 million smart TVs were sold worldwide. In the United States, around 45% of homes had at least one smart TV. And part of the reason smart TVs have been so accessible is that their tracking capabilities help keep prices down. As smart TVs and other smart devices become more tempting to buy, it’s important that the average user knows how to limit the invasion of data-collecting by their machines.
Our devices have gotten smart (maybe too smart), but that doesn’t mean you have to be dumb about how you use them. The next time you set up a new smart device, make sure you consider what its capabilities are and what you can do to protect your privacy.
IS YOUR SMART TV – TOO SMART?
•Be careful when you’re setting up your TV. Don’t agree to all the terms automatically, so you don’t miss the chance to opt-out of the data collection. If you’re reading this before you get started with a new smart TV, then consider yourself in the luckier set, because manufacturers make it harder to find and opt-out of their content-collection features once you’ve already consented to them. The way to change the settings varies for every TV, so you will need to look up the specs for your own model.
•You can simply choose to go “dumb” and not put your smart TV online. You could then, for example, run your favorite streaming service from your laptop and connect it to the TV’s HDMI port. Of course you will still be subject to whatever innate tracking is happening within the streaming service you’re using, but you’ve somewhat limited its spread.
•If you want to keep your TV smart and online, a VPN or Winston privacy box can help. Securing your home router with a VPN is a great way to encrypt your connection online, which will protect you against hackers and enhance your anonymity online thought that’s only on a software level. Winston is hardware between your modem and router and requires no VPN being used because of it’s encryption mesh network, and most ad blockers aren’t recommended as their inferior to winstons blocking methods.
ACR: Everything is connected … a little acronym or automatic content recognition. This smart TV feature makes use of just a few pixels of whatever you’re watching and sends that information back to a massive database. This data about what you watch is then used to target you with ads inside and outside your TV viewing experience. Since your smart TV is probably linked to your home router, it shares the same IP address that identifies your specific household. That shared address means that you can then be targeted — using that TV data — across all the devices connected to your home network. In other words, the same ad you saw on your smart TV can easily reappear on your smartphone.
Perhaps this practice sounds particularly scary because TV was preceded by the internet, and people remember a time when watching TV seemed to be more of a unidirectional relationship. But your smart TV can also be online, and so what’s happening behind the scenes when you watch TV is basically the same as when you go online on your laptop or smartphone — you’re being tracked and hit with ads and content geared to your perceived interests.
The way your viewing data is collected is not all that different from the way sites like YouTube or Facebook target you, often by recommending you content. After all, who doesn’t want more of what they like? A content recommending service like Samba TV, which is used by Sony and many other brands, is just one such smart TV platform that uses ACR to offer a more personalized viewing experience, while simultaneously using that data to help advertisers target you.
On an internet-connected smart TV, this collected content isn’t limited to digital information from shows that you stream via internet services like Netflix, but can also include pixel signatures from regular cable TV and DVDs. And that information can be transmitted from your TV back to the companies every few seconds.
Pressure on companies for transparent data collection:
Part of the problem here is something that’s been plaguing every facet of internet regulation: user consent and transparency. Smart TVs have been around for a while, but it wasn’t until 2017 that the FTC brought some real heat against the smart TV manufacturer Vizio, which ultimately had to pay $2.2 million for collecting viewing data without user consent. Since then, the regulatory eye has been more focused on smart TV makers. There is now more pressure on companies to be clear about what they’re collecting in the initial terms of service you see upon setting up your smart TV. But there is clearly still a problem. When users of Samba-enabled TVs set up their system, a whopping 90% of them consent to having their viewing data collected.
Concerns about surveillance:
Now, even the FBI is cautioning people to secure their smart TVs. But, as it turns out, law enforcement is a strange bedfellow with corporate wantonness. To sum up the security connotations of TVs, phones, and the multitude of other smart (IoT) devices that are available today, a recent Harvard University report states that we can look forward to “a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will ‘go dark’ and beyond reach”. In other words, the current data-mining business model many tech companies enjoy will make the Feds quite happy too.
Like laptops and smartphones, some smart TVs have microphones and cameras in them (though the cameras have reportedly become scarcer in newer models). These cameras and mics pose the same problem that plagues every smart device that can see/hear you as well, namely that corporations can get an audiovisual window into your life and so can hackers. And while the FBI might be cautioning you against TV raiding by hackers, perhaps they should also caution you against TV raiding by the CIA — monitoring you through the camera or microphone while your TV appears to be off — something that the agency has been exploring according to Wikileaks-released documents.
How can you protect your smart TV? In 2018 114 million smart TVs were sold worldwide. In the United States, around 45% of homes had at least one smart TV. And part of the reason smart TVs have been so accessible is that their tracking capabilities help keep prices down. As smart TVs and other smart devices become more tempting to buy, it’s important that the average user knows how to limit the invasion of data-collecting by their machines.
Our devices have gotten smart (maybe too smart), but that doesn’t mean you have to be dumb about how you use them. The next time you set up a new smart device, make sure you consider what its capabilities are and what you can do to protect your privacy.
THIS IS A DUP OF THE FIRST
Fraudulent communications adopt many different forms and are the unauthorized actions of third parties. These messages, sometimes referred to as “phishing” or “spoofing,” are becoming more common and may appear legitimate at first by incorporating company brands, colors, or other legal disclaimers. Companies should take a hard stance against fraud and in the protection of their customers information seriously. To want as helping make sure you don’t fall victim to phishing or other types of fraudulent activity whether it’s through email, text, phone, or social media.
Here are some tips to keep in mind:
• Companies will not request personal information, financial information, account numbers, IDs, passwords or copies of invoices in an unsolicited manner through email, mail, text, phone or fax, especially in exchange for any sort of goods and services as free gimmicks incentives.
• If you receive a message that appears to be from a company you use that you believe is fraudulent, send a screenshot of the message or forward it to their fraud investigation department. Requesting some conformation by them.
• Learn more about how to avoid phishing scams in this article from the U.S. Federal Trade Commision: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Really enjoy reading your tools, reviews, etc.
Do you have any thoughts about Winston (https://winstonprivacy.com/)?
Also any thoughts/experience with virtual credit card services like privacy.com?
Thanks!
at O*p.cm
No but would like too. Please tell any associations you have of the two mentioned. Honestly if it’s a baiting or sincere query you make:
Have many questions myself as one, can winston be run with a persons ad blockers and vpn’s just as well? Two, paypal discourages active VPN connections while then logging in to a users PP account to pay, any trouble with winston and paypal used tandemly?
High price for the hardware of winston and then looks to have a subscription thereafter to use the hardware purchased. Turns me off!
I am just a random user so there’s no way to know if you can trust me–but I have used the privacy.com free tier for a couple months, have had excellent communication and support, it’s easy to use and have had no problems
hey ST
Which os for desktops is best for the least amount of telemetry for a new install and beyond fair to new users?
Too, since Win 8.1 end of support nears as the next in line and mates not going 10’s direction any advise today in how to think 4 years down the road to not loose the ground again in bad choice being made.
Answering myself.
Meet The Linux Desktop That Wants To Be An Ideal Upgrade For Windows 7 Users – ‘so I’d say applies to Win 8 8.1 users just as easily when they need it.’
“Redmond is pushing 7 users to upgrade to Windows 10, many in the Linux community are vying for attention by pitching their respective distribution (aka Linux desktop OS) as a superior alternative to Windows 10. One such example is KDE Plasma, a desktop praised in the past for its surprising leanness and wealth of customization options.”
https://www.forbes.com/sites/jasonevangelho/2020/01/08/meet-the-linux-desktop-aiming-to-be-the-perfect-upgrade-for-windows-7-users/#6c3b857c22c8
“Instead of migrating to Windows 10 and putting up with hours of updates, intrusions on your privacy and annoying ads built into your apps, install a Linux operating system with Plasma. In 30 minutes you will be up and running and you will have all the security and stability of a Linux system, with all the features and ease of use of Plasma.”
Event Viewer in Windows 10 seems to me, to have an awful amount of information available to any forensic analysis, beit direct access or remote intrusion. I want to know how to disable it and all logs.
Then get rid of 10 and go back or jump on another platform.
Get a soft like Spybot’s Anti-Beacon or Follow Windows 10 Build Tracker. To know as much as it becomes recorded there at ITProToday (use) com,
we have maintained a set of build trackers to bring all of the build release information into one central location. They track public releases to assist you in monitoring what builds are available for enterprise testing. It’s a low down on versions within 10.
Surely you can change services and tasks set to actively run by disabling them. Search long and hard for tested registry changes or just pick the best overall soft to do these and more to stopping 10’s telemetry.
Hi Sona, thanks for those suggestions. I can’t open the Windows 10 Build Tracker at IPProToday page because of my settings, and I won’t allow their cookies, especially 3rd party ones. I looked at the Spybot’s Anti-Beacon App but for me, it’s a bit too general for my purpose. Win 10 telemetry is monsterous and I’m working on that, in as much as I can, and have implemented a lot of Svens advice in his articles, but that’s not really the task that I am focused on right now, which is, removing all Event Viewer logs and then to disable it completely, so as to have no event logs whatsoever. I don’t know if this is possible … there are some things there that have multiple triggers to log, and although I clear them they pop up again, for example… the log of my clearing of them.
Yes windows overwhelms the OS in the amount of telemetry going on, so I looked back down in the comments here. Very bottom, the cat called HardSell mentions this Blackbird (free-donation) program (no installation) for taking care of this and runs on all recent desktop editions (Home, Pro, etc.) and versions of Windows (Vista, 7, 8, 8.1, 10). https://www.getblackbird.net/
I’ve seen a new 10 update rollout can change a lot back to their standard installed settings, where the user has set certain things to cut down and counter on the telemetry. So take a update of 10 and run the portable blackbird. I had downloaded this way earlier from another form talking about , they spoke then as it was a bat file extension and adding txt extension to it let you see what it was going to do. Must of put it in exe to keep their hard work secret from copycats and M$ itself.
Seems he’s (HardSell) a strict policy on cookies too as he’s offered these. Then he runs two cleaners that work on cookies as well.
Quote, Maxa Cookie Manager = DATED / but still works covering many browsers – cleans cache, history, timed auto cookie deletion, w/ cookie evaluation – white/black lists, last update was 12 February 2014.
Adguard = ad blocker w/ personal privacy modules and stealth settings, really a lot more it has to offer than blocking ads.
To me the (adguard) mention looks promising as your able to set your time values for self destructing 1st and 3rd party cookies.
0 – means no cookies allowed at all and the sites that you’d login to, your able to delete it’s cookies minutes thereafter / as long as you don’t do anything that requires being logged in to do something. Where a password manager can get you logged back in – in a snap.
US federal grand jury has indicted four members of China’s military on charges of hacking Equifax to exploit the personal data of 150 million Americans.
According the indictment, the four defendants conspired to hack into Equifax’s computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information of nearly half of all American citizens
Lawmakers and regulators failure in the U.S. government to safeguard the personal data of Americans has placed American consumers at risk.
Today our country is facing cyberattacks from foreign adversaries and it is the personal data stored by companies that is the target.
When these companies engage in lax security practices or freely disclose consumer data without consent, they are placing not only consumers, but also our nation at risk.
There is a call for passage of the Online Privacy Act, H.R. 4978, and the creation of a U.S. data protection agency. Find out more here.
https://lofgren.house.gov/media/press-releases/eshoo-lofgren-introduce-online-privacy-act
Sven,
Regarding your Little Snitch paragraph only being available for MAC OS.
There is now an Open Source equivalent port for Linux called Opensnitch, see github
https://github.com/evilsocket/opensnitch
https://itsfoss.com/opensnitch-firewall-linux/
Does take some effort in the Command line to install but well worth it.
I have Opensnitch running on Linux Mint 19.3.
Very cool, thanks for sharing! I’ll include it with the next update.
Hi,
I have been reading your blog for only a few weeks and Thank you! for doing what you do. Do you have any recommendations for free software that mimics MSFT Office?
Yep, check out LibreOffice. Another option is OpenOffice.
Use this for my NPO. LOVE IT! There is a learning curve and it is a little like the original Word, but it is amazing.
Little things are bad but that is personal. One thing that bothers me is in the outline, the point III has a larger margin than others.
LibreOffice that is.
Hi J.M.
I was looking at software cleaners and followed some telemetry topics. Seen this-
LibreOffice has it’s telemetry disabled by default currently, but is able to submit telemetry data to The Document Foundation when set up to do so. DON’T know if that’s on M$ side of the OS it taps into or it’s own thingy.
Something could change this setting in an update and could be possibly turned on – true?
Anti-Beacon was the product to allow users to unset it from within it’s user interface. Anti-Beacon Plus even addresses telemetry of popular browsers and some pre-installed manufacturer software.
[https://www.safer-networking.org/products/spybot-anti-beacon/]
Thought I’ll throw this out and the other ‘larger margin’.
[https://ask.libreoffice.org/en/question/10973/permanently-set-default-page-style/]
Peace 4 the planet ; )
@HardSell,
Sorry, just saw the reply. If you catch this, thanks for the info.
Hope you’re doing well.
Hi,
why don’t you do a review about privacy aspect of office softwares such as OnlyOffice, Softmaker Office, WPS Office, Google Docs?
it would be great.
Alan,
I would run, fast and far, from Google Docs.
I use Libre office and Apache Open Office may get a personal test run, I am not sure.
I heard rumor that Proton Technologies (Protonmail and VPN) is planning on ProtonDocs.
I will wait to see on that. But it could open some new doors.
Waterfox browser may not be in development anymore.
I use Palemoon, but didn’t know it was better for privacy. Can you elaborate on this? And also, you might want to have a look at PL’s add on list ( they are continuing with supporting the ones made using old software, XUL, I think) and recommend which can be used to enhance privacy on PL.
> Waterfox browser may not be in development anymore.
Any sources on this?
Of course it’s in development. What are you talking about?
Sven,
Though we’d see and as well a readers replies abilities over the stated idea below, to throw up this part again.
Taken from the link – see the following thoughts in full.
https://restoreprivacy.com/privacy-tools/#comment-64434
Recap:
[As basically a new means of supporting this site’s contents for everyone.
Importantly – you don’t have to check and moderate this separate RP members support site as much for spam, bots, shrills posts as these support members are cleared in most of the checks you’d make against them on the backend.
Well being as registered RP support members and have a good standing, their posting reputations, {maybe a Pin you’d assign} you’d know them safer.
Help me out people – what’s your thoughts here.
Thumbs up or not ?
> Sven Taylor says JANUARY 2, 2020
Not a bad idea, Hard Sell.
Some have suggested setting up a forum or a ‘RestorePrivacy’ subreddit, but I don’t care for reddit too much.
I’m still looking at different options. Thanks for the suggestions!]
_
This class of readers in your site could be called Ambassadors.
That help you advocate for privacy – hence privacy ambassadors in support of the main site’s contents w/ account perks.
I’m out of any more replys to this so don’t direct to me.
@@@ what are OTHER READERS thoughts of this and maybe any of their ideas – directions to see the site’s development of a strong support foundation in the roaring digital 20’s.
Thanks all
Anyone outside California know about this-
The new law — the California Consumer Privacy Act, A.B. 375 — affords California residents an array of new rights, starting with the right to be informed about what kinds of personal data companies have collected and why it was collected.
The law notably establishes a broad definition of “personal information,” drawing in categories of data including a consumer’s personal identifiers, geolocation, biometric data, internet browsing history, psychometric data, and inferences a company might make about the consumer.
Perhaps, firms are contending with the law’s requirements could threaten established business models throughout the digital sector. For instance, companies that generate revenue from targeted advertising over internet platforms — such as Facebook, Twitter, and Google — must, as the law is currently written, allow California residents to delete their data or bring it with them to alternative service providers.
These measures might significantly cut into the profits these firms currently enjoy, or force adjustments to their revenue-growth strategies.
https://hbr.org/2018/07/what-you-need-to-know-about-californias-new-data-privacy-law
California Raises the Bar on Data Security and Privacy
https://corporate.findlaw.com/law-library/california-raises-the-bar-on-data-security-and-privacy.html
California has lead the nation in matters like these before, and the nation followed suite some time later.
Man I hope it’s sooner than later now as it officially 2020.
Dear Sven & family – site crew and it’s readers,
May your New Year be totally blessed and secure as you go through the yearly cycle of life once more.
Thank you very much for a sane site in helping people to understand a private digital hygienic’s and/ for calming /boosting their sanity by being plugging into the intrusive eye’s of the world web matrix’s.
As well the platform here to interact with other readers of the world over gaining /sharing in different insights.
As we grow older – the Internet grows as a life’s necessity staple for business and Governments connected by commerce (or war/terrorism), and now advancing to eCommerce / legal authority treaty’s /etc in relations being digitally involved.
Weathering the ages then, will the internet have us all, leg ironed to it (monitored), able to even exist as a monetary unit in an aging and populous growth system, stemmed by a digital world and economics ecosystem.
The Internet – – is a loaded GUN and your site I believe helps your readers realize how big it’s load can spread as we read of the casualties. (Toll exacted)
~ ~ ~ ~ ! ~ ~ ~ ~
Allow me to reflect-
The thing with age and time as your path in life slows you down to a retirements faze, everything else speeds past so much faster as it seems! Time doesn’t really change but the value of it in your life does,
because of our maturing perspective to TIME and as it becomes short for life itself. These changes witnessed as we age throughout the stages of life itself.
The internet cheats us out of time – not in giving us more of it, think about US life in the 40’s-70’s of the personal time one did have – to today’s life style.
Yes an hour can seem like a lifetime at times, when your schedule pulls you in many directions in the prime seat of your life.
I’d just ask you to remember back, hearing the many times as a youth = your not old enough, or wait till your as old as your brother/sister.
Then with reaching an age to sports, scouts, driving, graduating school, and voting…
All being age confinements govern by time – to an youth’s aptitude/cognition as in the responsibility and appropriateness levels for a hands on experience in a REAL WORLD reality to the conditions it present.
Where’s the mental health value for today society’s youth to land, when these age related hands on staged life event values of real life lessons to be learnt.
All as being stripped away with ability in simulations to alter life values in their youthful perspective to their real life – as to what’s known by them.
By their changing reality as it’s known by them with virtual augmented and mixed environments way before even having reached a maturation to weighing it all out in known differences.
That a parents govern authority also stands to verify in the youths real hands on perspective of and to life.
But most parents see the internet as a baby setter for their youth today, and miss out on the harm factor it presents mentally/socially for the young and growing.
Aren’t we in fact seeing more and more mental health issues air today which has connections back to the digital age and internet? Films and games are right up there too. Those supposedly have age rating limits – do they work?
Then, as one person can have millions+ of people following or hedged with every post they make now – delivering one a sided view, thought, idea being echoed X’s times the following.
As the internet’s reach and ability to spread any word is to fast as in the “soap pods” challenge we seen this past year.
At that kind of thing – in my day, was trapped at the local level in such a challenge – not going out worldwide everywhere.
Further, that kind of harm and alarm would of reached out much slower just some 10-25 years ago.
Today it’s in almost every last neighborhood as soon as known – that’s harmed by the web, for lack of insights and the young users ability to accept their responsibility for the faceless victims that the internet reach harms and is harmed by for mere prank-sport-evil as being a bored youth.
To me it’s also stripping away the imagination and creativeness of any hands-on learnt abilities in today’s youth… The internet as offered – is a one size fits all mode relying on parents to govern their youths, while taking or making it all a much harder task in process to accomplish for parents that care to raise their children with guidance.
Toy’s are for a purpose as the child couldn’t operate a real like item without harm coming to them. The internet is not a toy… So why is a real gun loaded as the INTERNET in the hands of our children ??????????????????
Happy New Year to you as well, HardSell. Yes, tech has gone too far and I believe children are much better off avoiding screens and gadgets. Mobile phones and social media are addicting, and this is intentional. Children should learn how to type and basic computer skills, but this push for tablets and total WiFi connectivity with everything and every device is just insane. Every device that can connect to the internet can be hacked. The whole “Internet of Things” idea allows hackers and corporations to get 24/7 access to your personal life and data – but many people fall for this scam. And again, all of these devices can be hacked and the appliance companies will NOT be on top of security updates for their firmware as these devices age and get replaced with newer models. [end of rant]
Yeah I do that a lot too (rant).
I was taught given any serious situation I was involved in with another person(s), to use my logic in 3 options to observe with looking out for self preservation…
1) follow – till (astray from right)
2) lead – when awry (amiss proper direction)
3) GTFOOTW – get the fudge out of the way, if the prior two options are non-negotiable.
Maybe for “Rants” something like a community news topic where it’s open to anything (proper) by anyone, – – live chat box ? . . . . tab on site opens to live view (100-200 character count comment box)- live and 48-hrs recent conversations window ???
Be a Cool tool for the site – yes ?
First lets understand it’s the posts that are logged for 48 hours only and deleted, not the account set up to make posts or it’s info and activity needed to maintain the proper site this accounts made on.
That would probably need an RP comment account structure being setup on the site (See below), which might not be a direction you’d want to go, or the kind of linking info (email verification) people want to give you as for having a posting name guaranteed and used only by them.
It’s never been pointed out that I’ve seen – but can anyone use a name already having posts made under it and impersonate them.
I’ll submit this as commenter ‘Sven Taylor by HS’ and if you let it post as is – we’ll see then if that would be possible – to have impostors posting as someones name used prior on here.
Last thought, keep the site as is but offer the ‘Chat Box’ tab to where it opens the live window overlay visible to everyone on the site who’s interested to see.
This could all be done from another site you’d make for readers wanting to use this feature in making live chat comments that run visible here.
I could see something used as like the software/commerce sites offering customers of the live chat function – except this is an open end running session for all users logged in.
Verification of email address for a IP address needed for the 48 hours retention of each comment.
(so you use it daily and your IP is in the system constant) – VPN
I’d see you would have guaranteed additional expenses. So offer free use of it up to X posts monthly, anything over X it’s a dollar a month $12. to signup for a year as the whole only option.
Also this would be another avenue to donate to the Restore Privacy site.
Don’t fill the account info – but a donate button offered.
(Posteo/VPN.ac, either one I think it was stated – CC and account info where never link-able.
That’s an idea.
A min of $12 is required but users can enter another amount for the year if wanting to make a donation on top of min…
The mission statement here would stay intact as it reads in purpose. Though, a CB snap-in of sorts is used for people wanting their posting name as well as the ability to make live comments on Chat Box and supporting the RP site possible.
The CB set-up thingy might be a challenge, as it might be just a reflection here as all comments are being made while logged in from the other site needed to keep everything towards this sites privacy separate.
It’s only for people interested as I’ve pointed out.
Then people interested have to be verified to offer such a feature to them.
As well for payment and that side of the separate site’s liability.
Hope this gets alot of hits and reply’s. ; )
HardSell – Sir thanks
Hi Sven,
“It’s never been pointed out that I’ve seen – but can anyone use a name already having posts made under it and impersonate them.
I’ll submit this as commenter ‘Sven Taylor by HS’ and if you let it post as is – we’ll see then if that would be possible – to have impostors posting as someones name used prior on here.”
Well it was changed (reflecting me), so it was a reply and not a new comment, and then I did give a heads ups of what I was trying.
I might see again at another time – if it’d be different without any heads up given.
That account mentioned before – could offer avatars choice/upload as with the guaranteed users/posts name.
Thanks
The email address entered helps to prevent that from happening. The email is visible on the backend, but not to visitors.
Thanks Sven
Sites do/must advertise or sell users info or offer up links to % of a sale to existing online today – none mostly of which your doing. Your content is not LOCKED behind a paywall scheme. You don’t do anything invasive as in the majority of sites to learn of our identity.
I’M NOT saying to change any of that……
I’am saying, let us help you be creative to exist and possibly in offering this site for a long time to come! That’s all I’d want us to see.
I know it’s not good to discuss everything to much in the open… Then some comments can have tons of replies to the one – ratio. (guilty…here myself)
All taking up the time you’d spend elsewhere on/for the site.
Leads to very little compensation / productivity all the way round I would see for yourself.
After the first reply’s made (a to b – b to a) – it’s not reply’s anymore but a conversation that has started up.
Warn people of a change (trial) in 2020/2021 as one reply to one comment per day’s (24hrs) ratio to guests – will you offer them – – to free up some of your daily time needing invested.
And for this site to be as it was intended as more of an informative one in purpose – than as a medium for socializing about privacy and security with the breaking new related, as its turning out now.
I’m kind of saying too, it don’t have to be that way for everyone – just the unregistered guests on here.
Not as in a paywall but a supportwall membership you’ll offer to any people interested, and to a way of lessening your time involved here as I purposed this. Allowing us to have a part, be a part with some benefits beyond a donations goodwill.
Registering/verification with the other site (mentioned), for use of a live running chatbox offered on here your Restore Privacy homepage.
This other site (membership based) in offering your readers to become paid support members of RP as in a locked up a users name choice and having an avatar’s (choice) – – could also be used for PM (personal messages) between paid support membered users. A privacy – security socializing medium for that support audience.
Then the FULL comment section resides there as well, to where what’s seen on the Restore Privacy site (here) – becomes minimized as like you do in any months archive. So the new month brings no old comments/replies as shown on the main site.
As basically a new means of supporting this site’s contents for everyone. Importantly – you don’t have to check and moderate this separate RP support site as much for spam, bots, shrills posts as these support members are cleared in most of the checks you’d make against them on the backend. Well being as registered support members and have good standing reputations you’d know it’s safer.
Help me out people – what’s your thoughts here.
Thumbs up or not ?
Not a bad idea, Hard Sell. Some have suggested setting up a forum or a ‘RestorePrivacy’ subreddit, but I don’t care for reddit too much. I’m still looking at different options. Thanks for the suggestions!
Ohhhhh Shiiiiiiiii_t
Google announced “quantum supremacy” a couple months ago, which is a technological achievement that has HUGE repercussions !!!!
Not only for the company and its role in the World, but FOR ALL OF US INDIVIDUALS who want to maintain a sheer semblance of the right to privacy.
Google researchers have developed a computer called Sycamore, which is exponentially more powerful in its processing power than a “standard” supercomputer.
The workings behind Sycamore are what make it such a breakthrough, since it uses an algorithm that would take 10,000 years to give a similar output on a classical computer – – but it’s only 200 seconds on Google’s processor.
We should all be very concerned that with an industry leader of such a questionable (flip/flop) track record on data protection, privacy and political neutrality – along with a continued abuse towards market dominance,
now in fact has it’s very hands on the world’s most powerful computer.
These alike privacy issues came to a head around the Cambridge Analytica scandal, where Facebook was implicated in allowing a Russian-linked firm to harvest a huge amount of personal data, including political preferences, and allowing that knowledge to be used to meddle in the 2016 US presidential election.
Now that the processing power available to manipulate and use large amounts of data has increased, the stakes are raised in what big data can be used for.
The Big Tech industry, however, doesn’t seem to accept these growing dangers. The implicit aim of Big tech companies is to 1)acquire more users, 2)more data, and 3)ultimately more advertisers.
The symbiotic relationship between these three factors underpins most any tech companies’ business models, including the current wave of startups in Silicon Valley and elsewhere.
This will not change.
But what must change is the privacy regulations roll around data, it’s security as a standard set and its implementation with a solid body of enforcement. Regulation is, by and large, already present:
in almost every developed country, it is illegal for someone to hold data without a range of rigorous checks and balances on how it is sourced, held and transferred between parties.
A range of international treaties, such as the European Union’s General Data Protection Regulation (GDPR) and the EU-US Privacy Shield mean that data can only achieve “freedom of movement” by fulfilling Strict Criteria.
The largest data owners like Facebook and Google tend to follow these rules closely, meaning that the main concern is not control of data, but the data’s actual power.
Big data can already predict an individual’s consumer habits and personal desires to a somewhat eerie extent.
As processing power grows exponentially, will we have Facebook ads that can penetrate deeper and deeper into our lives and consciousness?
What will be the effect on our mental health?
Our family relationships?
And at the macro level, our economies as a world macroeconomics?
None of these personal, society and socially deeper questions appear to be being asked by either the industry or the regulators. Inevitably, they will become relevant as quantum processing power increases.
It is a matter of when, not of if – when people rise up against and push back.
There is still time for our governments to play catch up and protect consumers. Although Google’s Sycamore is advanced, it is still not capable of fulfilling every data scientist’s deepest desires. The Sycamore chip is a 54-qubit processor. That is relatively limited, and is one of the many reasons that the discovery is not practically useful.
Researchers want a 100-qubit – or even 200-qubit – system before they are really able to put it to the test and see whether the dreams of quantum computing are realized.
Rather than in just controlling the data’s transfer, it is time for a wider conversation about the data’s usage. Which uses of data – regardless of who owns it and how it has been sourced – are ethical and safe when it’s profiled on an individual?
And then which are unethical and dangerous uses?
Instead of moving from the outer edge of the circle inwards – we should be focused on an overview of center outwards as well. Both encompassing the examination like a gridiron marked off into squares or a network of squares.
Proofing in other words, somewhat like livestock plants or drugs research is done with checks and balances.
As lawmakers like US congresswoman Alexandria Ocasio-Cortez seem to enjoy grilling tech executives like Mark Zuckerberg on the minutiae of data usage, I hope we do not lose sight of the bigger picture.
The stakes are too high, and the processing power is now too great for us to be complaisance. Hope you see and agree…
Inspired by:
https://www.euronews.com/2019/10/28/big-tech-achieving-quantum-supremacy-for-the-first-time-is-bad-news-for-our-privacy-view
Somewhat related:
US, UK reach deal to make it easier to get electronic data
The deal would let American and British authorities seek electronic data in investigations directly from technology companies based in the other country, instead of the time-consuming process of going through the government.
[https://www.texomashomepage.com/news/political-news/us-uk-reach-deal-to-make-it-easier-to-get-electronic-data/]
Interesting news:
New computer chip allows information to be sent using a one-time unhackable Future-proof communication security.
While current standard cryptographic techniques allow for information to be sent quickly, they can be broken by future computers and quantum algorithms. However, according to the international research team, their new method for encrypting data is unbreakable and uses existing communication networks. It also takes up less space on these networks than traditional encrypted communications.
Associate professor of electrical engineering at KAUST and leader of the study, Dr. Andrea Fratalocchi explained why the team’s new security system will be essential in the quantum era.
https://www.techradar.com/news/new-uncrackable-security-system-may-make-your-vpn-obsolete
Related:
https://www.scotlandis.com/blog/new-security-system-to-revolutionise-privacy/
https://www.forbes.com/sites/daveywinder/2019/12/20/scientists-develop-absolutely-unbreakable-encryption-chip-using-chaos-theory/#648edf915ba8
@HardSell, @Sven
I read that they are saying it is a single communication. As easily as possible, does that mean you use the chip once and then need a new one?
I honestly do not understand. I was able to piece together the Chaos Theory and a few other things but that is the one area I did not know.
Heck J.M.
It’s over my head, but no, the chip is probably the expensive part.
For now as it’s all so new – that may change as everything does cheapen as it’s adapted and adopted too. It’s a wonder what a nanostructured materials is to look like when used with the word crystal.
Fetching any mental picture I can by reading it again.
It’s as greek to me -as- them there ‘password managers’ you use on sites without any need of a pre-made password for it / the concept there lost me too…
Looking at the parts-
https://onlinelibrary.wiley.com/doi/abs/10.1002/lpor.201600086
“an all‐optical laser‐driven transition from order to chaos in integrated chips on a silicon photonics platform. A square photonic crystal microcavity at telecom wavelengths is tuned from an ordered into a chaotic regime through a perturbation induced by ultrafast laser pulses in the ultraviolet range. The chaotic dynamics of weak probe pulses, with high spatial accuracy.”
-and-
https://www.scotlandis.com/blog/new-security-system-to-revolutionise-privacy/
“The proposed system uses silicon chips that contain complex structures that are irreversibly changed to send information in a one-time key that can never be recreated nor intercepted by an attacker.
Keys generated by the chip, which unlock each message, are never stored and are not communicated with the message, nor can they ever be recreated, even by the users themselves, adding extra security.”
– Ok what mental picture can I get, I need to see an image of the square photonic crystal microcavity.
What I do fish out unknowing – is maybe like a sea sponge and it’s pores when filled with h2o and squished at different hand pressures and content levels.
Each squish represents a generated new key and message sent.
The Key or Key pairs is what vagues me to, would that be omnipresents as something to alpha and omega one timer.
Since no mention of exchange or key banks – they must be created in use for one time – once only.
Since all email server to server transmissions (generally most), are one time and one way direction transmissions I can see the transit encrypted.
When it lands at the destination then further mailbox storage encryption is needed as it seems to me. Then what is quantum proof encryption for now, other than no server storage but local on the device.
Could the transmissions encryption abstractly laymen wise be seen as if your holding up a mirror to a bigger mirror.
That tunneling affect is the encrypted tunnel.
By the elements in the photonic crystal, at telecom wavelengths having tuned ordered into a chaotic regime through a perturbation induced by ultrafast laser pulses in the ultraviolet range.
So move the held mirror a fraction and a new keyed tunnel for a new message is realized.
That’s a headache to think about for sure.
Related:
In quantum optical devices, microcavities can coax atoms or quantum dots to emit spontaneous photons in a desired direction or can provide an environment where dissipative mechanisms such as spontaneous emission are overcome so that quantum entanglement of radiation and matter is possible.
https://www.nature.com/articles/nature01939
http://copilot.caltech.edu/documents/71-high_q_prb_rapids.pdf
https://www.researchgate.net/publication/234959441_Square-lattice_photonic_crystal_microcavities_for_coupling_to_single_InAs_quantum_dots
https://ir.nctu.edu.tw/bitstream/11536/26240/1/000285749500104.pdf
@HardSell,
I appreciate the thought and it helps. So it is not the chip that is one time use but the output.
I think the interesting concept is that Chaos Theory is being used in a practical way. The very aspect of Chaos Theory in itself is a powerful multiplyer for privacy.
It basically would render the quantum computer unable to compute the code. If the computer processes one part, it will corrupt the second part. Straightening out the second will mess the third. By the time the code is worked through the first parts would be scrambled again due to chaos.
I will not pretend to understand more than that but it does give plausable concepts to securing keys and data.
I should say that I do not believe that Chaos Theory will replace the 2nd law of Thermodynamics (hence one is a theory and the other is a law) in matters of science as some hope it will, but in computer modules and data retention and security, Chaos Theory may be very powerful.
Or, I could be missing how Chaos Theory may be used and not know what the plans are.
Hey Thanks
I like that 1-2-3\1 example you gave.
I skimmed over the links posted and the quantum dots part was referred to as having cross applicably in a large industry.
If one stops and thinks about the scale of nano (to me) the human eye cant see the nano dimension.
So anything with a screen could benefit as it’s a delivery means of light in a sense. But thinking about resolutions of how the screens detail could be built in the nano dimensions or multiples in unison of nano structures to give us 10D dimensions level or whatever a holo display would be.
Going far out in my thoughts tying to gather in a ?, what isn’t possible about this technology that couldn’t led to hologram displays and communication purposes via holo over optics. The chaotic regime scrambles the information in transit only as I UNDERSTAND – thus once it reaches the point of delivery it’s released from the scrambled state to display. It’s sent through a light form so why can’t the information be displayed other than digital texts.
Once there is understood how to create a field harmless to users to display holograms by quantum properties – why not ?
One thing right there with it all is the original string theory that focused only on boson particles. And what I recall of strings is their layered or stacked in fashion where multi-dimensions of the same matter can exist.
What’s So Special About a Boson?
Bosons are sometimes called force particles, because it is the bosons that control the interaction of physical forces, such as electromagnetism and possibly even gravity itself.
https://www.thoughtco.com/boson-2699112
Interesting.
Hey SVEN, HEINRICH, MIRIMIR
Any statistics for this holiday seasons in electronic sales that have the potential to being hacked ???
Been a lot in the news of security cams being hacked lately (lest around here).
Got any words of wisdom in those new gifts for people to heed warnings of ?
Sven, will Heinrich and Mirimir answer in their articles/reviews or is it their part just to add content to the site?
Well, not anything really new regarding holidays, but I’ve seen a lot of news lately about ransomware hitting different cities and government agencies.
They’re mainly focused on content.
Maybe we can get Heinrich and Mirimir interested to look at https://restoreprivacy.com/privacy-tools/#comment-63787
Where the prospects could possibly tie in with current concepts being broken by future computers and quantum algorithms.
Again maybe to inspire either one to have a full look as 2020’s date will be on everything shortly.
Most of what the site has covered (in encryption’s use) is then affected beside the more specific articles to-
https://restoreprivacy.com/let-pgp-die/
https://restoreprivacy.com/email/reviews/tutanota/
This Professor Andrea di Falco of the School of Physics and Astronomy at the University of St Andrews is interesting as his name is mentioned alot here-
https://phyesta.supa.ac.uk/staff/109998/publications
“It can be used to protect the confidentiality of communications exchanged by users separated by any distance, at an ultrafast speed close to the light limit and in inexpensive and electronic compatible optical chips.”
Keys generated by the chip, which unlock each message, are never stored and are not communicated with the message, nor can they ever be recreated, even by the users themselves, adding extra security.
Dr Aluizio Cruz, co-founder and CEO of the Center for Unconventional Processes of Sciences (CUP Sciences) in California and study author, said: “This system is the practical solution the cyber security sector has been waiting for since the perfect secrecy theoretical proof in 1917 by Gilbert Vernam.
Dr. Al Cruz agrees that it is true there is no such thing as uncrackable software but says, “what makes this method of cryptography so different from anything else out there is that the encryption is done using physical measurements of properties of nature, such as light.” Because it is “all hardware and physics,” Dr. Cruz says, “it would require advanced degrees in physics to even begin to understand what is happening inside this chip.”
Again, Dr. Cruz reiterated that there is no code to manipulate, and the limited software is ROM based, so traditional methods of hacking encryption are irrelevant. “At the same time,” he says, “the embedded math is based on axioms of the law of physics such as the second law of thermodynamics and chaos theory, so even if a malicious actor were to gain physical access to the chips, copy them or otherwise tinker with the components, it would prevent the encryption scheme from working, but would not reveal the key (which is never stored or shared anyway), nor would it provide any other avenue for cracking the code.”
https://www.forbes.com/sites/daveywinder/2019/12/20/scientists-develop-absolutely-unbreakable-encryption-chip-using-chaos-theory/#648edf915ba8
“It’ll be a key candidate to solving global cyber security threats, from private to national security, all the way to smart energy grids.”
https://www.scotlandis.com/blog/new-security-system-to-revolutionise-privacy/
Related:
https://onlinelibrary.wiley.com/doi/abs/10.1002/lpor.201600086
https://iopscience.iop.org/article/10.1088/1361-6528/aa593d
Hello Sven
THIS IS THE BEST PLACE TO MENTION THIS.
With your sites categories good in coverage I’d like to see two more added here under your privacy tools page information.
*Secure Payment
*Network
Something like my alphabetical list sums up the page for privacy tools.
Privacy Tools Categories:
Ad Blocker
Antivirus software
[*Network] = ?
Operating system
Password Manager
Private Browser
Private Email
Private Search Engine
Secure messaging app
[*Secure Payment] = ?
Virtual Private Network (VPN)
Secure Payments practical part, is it separates your digital payment information (card(s) number – security code) from the seller having direct access to it. Never mind having to know with a needed research of the selling site’s policies, in how long they could retain that specific payment data.
Secure Payments security part, would have included verifying your linked cards and/or bank account’s added as payment methods from within your SP account. Which also verifies your mailing address for shipping when using SP as the payment method.
Secure Payments served by a middle grounds source, as a payment link to giving your card details some anonymity over the seller having it in the payment process, and it is not intended for an anonymous use to hide self individuality.
A seller still gets your full personal information for the sell to complete and/or to contact you about anything related to it.
EX: name and address, contacts of email, cell #
[Even if you would have an account on the sellers site, all online site sales require the same basic information from you at check out – name and address, payment details, contacts of email, cell # ]
Network – is where we can understand and learn as well discuss ways to help guard if not secure our privacy and security over the device networks.
Network topology is the arrangement of the elements (links, nodes, etc.) of a communication network.
Network topology as to define or describe the arrangement of various types of telecommunication networks. It’s the computer networks we should focus.
https://en.wikipedia.org/wiki/Network_topology
In computer networks, computing devices exchange data with each other using connections (data links) between nodes. These data links are established over cable media such as twisted pair or fiber-optic cables, and wireless media such as Wi-Fi.
Topological structure of a network and may be depicted physically or logically.
Physical topology is the placement of the various components of a network (e.g., device location and cable installation), while logical topology illustrates how data flows within a network.
Computer networks support an enormous number of applications and services such as access to the World Wide Web, digital video, digital audio, shared use of application and storage servers, printers, and fax machines, and use of email and instant messaging applications as well as many others. Computer networks differ in the transmission medium used to carry their signals, bandwidth, communications protocols to organize network traffic, the network’s size, topology, traffic control mechanism and organizational intent. The best-known computer network is the Internet.
https://en.wikipedia.org/wiki/Computer_network
Thanks Sven
Great suggestions, HardSell. I’m going to work on this. Thanks for the feedback!
That sounds great Sven, for your privacy tools page to get it’s due attention(s) as we slip into 2020 forevermore. That is as welcoming as the new reviews, and sometimes the (drop everything) topics we’ve gotten this year.
Possibly, Sir please do include a piece on ‘Threat Model – Threat Mode” as for anyone ‘not having’ realized one for themselves.
Still yet – lost then, and whoever’s left to be surely wondering what to do in understanding the ways – one can set up their ends as productively from their devices face side (in it’s settings/programs) relating in a stronger privacy state to all their data going through it.
We see of the many things and fields covered on your RP site – it’s spoken similarity, [ everyone’s “will be different” ] pertains especially to a threat model/mode they have.
And for each user having a set of applied specifics in their own needs by the degree of an alarmed state they feel a call to answer.
By itemizing of the top important areas and down ladder, as where they should show interests and in giving their attentions to and may have need in spending some money as fortifying. They could go from an abstract view as it appears to most of us, to a knowledgeable image of an 3-D perspective in threats seen – to knowledge as applied of their own base as bottom line in model / mode as to protecting against.
I think if we were to imagine a pie or pizza (if preferred), and cut one piece in (that’s always there) for establishing a base starting point where everyone’s privacy is in need of direction, and then in fashioned course to gaining much of it back just by visiting and reading your site.
– Call that first slice by the name of personal privacy, concerning it’s for all as the -first tier Threat Mode- where everyone’s in it, however they uses or tap into any part of the internet’s stream today.
I mean this,, as needing done before spending any money, (don’t crank-up the furnace with the house wide opened), in where they had locked down their devices. Which means the OS, apps and their own web practices – all being understood as related in their own personal privacy’s loss.
There’s always more ways to look at, understand, practice, implement of the different areas involved here from any web users requisites or perspective. Though, we need a start and finish point in basics.
It’s my point that Sven brings forth the most common areas overall for the novice, that no matter to what the make, model of the device is …. ‘common’ traits do carry across them all. It’s those commons factors in all modern devices that link us to the first threat model / mode.
The Threat Mode/Model as the #1 spot would be just from their devices side in it’s standpoint or placement of the chain – which is where they can actually help themselves without a dime to invest.
If they understood how.
By ensuring OS receive updates, choosing to harden OS-Firewall settings, run less browser extensions, understand terms of TLS, DNS, etc, etc…
I don’t see that you Sven, personally should be going into each device here but, conduit in the links of info could be offered for your readers.
You might even devote a page to readers contributions for a specific Operating System and it’s platform, to where you’d not need as much research to bring the readers posted facts into the devices body of the article’s knowledge.
I’m going on the bases in my knowledge where Win 7 to Win 10 share much still in the dark undersides of their separate operating systems.
You could try with a page for Windows (platform) of nothing more than a sub-list as to where the areas are the OS and default programs needs the proper attention for users privacy.
All my own ideals – yes it’s more work for you Sven our privacy advocate, but nothing on the web comes close to being like it – I’ve ever seen.
Thank you Advocacy King of the lost privacy hearts.
Anyone
http://web.simmons.edu/~chen/nit/NIT'96/96-025-Britz.html
“Privacy is an important right because it is a necessary condition for other rights such as freedom and personal autonomy. There is thus a relationship between privacy, freedom and human dignity. Respecting a person’s privacy is to acknowledge such a person’s right to freedom and to recognize that individual as an autonomous human being.”
Thank you for the feedback and idea, HardSell. Another great suggestion.
What about the messaging app Wickr? It seems pretty secure.
Sven, I see you still recommend Wire messenger, even though they are sold to an advertising company, a case similar to StartPage. Do you still consider Wire safe?
This is wrong. Wire is a Swiss GmbH, Untermüli 9, CH-6300 Zug (“Wire”). Wire does not rent or sell your data to third parties. Moreover, the service jurisdiction is still based in Swiss and the servers are still based in UE (out of 14 eyes).
Wire blog:
In connection with the financing, our holding company moved from Luxembourg to the U.S., as we believe this will be helpful in future fundraising necessary to support our strong growth. Notwithstanding the foregoing, our current and future customers are licensed and serviced from Wire Switzerland, our software development team remains in Berlin, Germany, and our hosting is European-based. Our enterprise customers can deploy their own instance of Wire in their own data center.
Wire jurisdiction is Swiss and servers are based in EU.
Accepting outside financing does not change the legal jurisdiction of a Swiss company, operating in Switzerland.
Wire is still a better option than Signal which completely (100%) is owned and operated by a US entity, which also requires one to register a phone number, whereas you can use a burner email to use Wire.
See this brother: https://blog.privacytools.io/delisting-wire/
The Brazilian company Privacy Tools (www.privacytools.com.br) also offers privacy services
Hi Privacy Manager,
The Restore Privacy site mostly deals with anyone’s personal online privacy.
The mentioned, wouldn’t be useful to family, single users outside of a CO.’s structure.
https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fwww.privacytools.com.br%2F
AS- “We are a Privacy Tech, a privacy management platform.
Privacy Tools is the right platform for your company to comply with LGPD – GDPR – CCPA personal data protection.”
Thanks anyways ; )
Hi All,
So as we find ourselves living in tall shadows of a digital revolution age bearing from 1950’s to 1970’s era of modernization, which in turn has introduced us to an inherent evil called “privacy economics”.
– Leveraging on Data mining in the trappable, retention, and trading of your personal data having you profiled with about 1500 pieces of information and digitally preserved to live longer than YOU from all the sources you’ve generated any data.
.
Internets exposure today has increasingly deemed a nakedness in our privacy it affords ourselves in that we now prefer to cover and shield than be caught naked in the raw using it.
Beings it’s at 2020 door causes now a pressing question of should I self-secure in shutting down of whatever I can control being exposed from my side as countermeasures.
.
Then as the Fourth Amendment protects people, not places.
What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment’s protection…
To what if any protections are placed on this material and the information derived from what merit in purpose-intent-plan in objectives first to generate individual profiles and then with keeping it updated as we live our life.
https://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html
In the digital world, information can be captured, copied, shared, and transferred at high fidelity and retained indefinitely.
Regulation attempts have failed https://en.wikipedia.org/wiki/Information_broker
.
A wide range of companies known as ‘data brokers’ collect and maintain data on hundreds of millions of consumers, which they analyze, package, and sell generally without any consumer permission or input to do so.”
https://en.wikipedia.org/wiki/Information_broker
.
Data and Metadata, in the course of ordinary web activities have users emit lots of “digital exhaust,” or trace data, that leaves behind more fragmentary bits of information.
Such as the geographical coor-dinates of a cell phone transmission or an IP address in a server log to name as two providing personal data generated, recorded, and retained.
Then advent of more powerful analytics, which can discern quite a bit from even small and disconnected pieces of data, raises the possibility that data gathered and held by third parties can be amalgamated and analyzed in ways that reveal even more information about an individuals life.
.
Data brokers collect a huge volume of detailed information on hundreds of millions of consumers.
Data brokers sell products that identify financially vulnerable consumers.
Data broker products provide information about consumer offline behavior to tailor online outreach by marketers.
Data brokers operate behind a veil of secrecy.
.
Considering as in your own defensive privacy stance then, should it’s scale depend on the Nut to shell ratio, as today the nuts size to your PRIVACY loss aspect has grown very big…
Maybe something scaled down to start you’d prefer, I just say anything (done rightly so) is better than nothing, and all you do now is not enough for the future.
You must diligently stay on top of your privacy’s loss.
.
Where to start ?
Read this to understand in that perspective where you could control easily as habits-
https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fprivacyrights.org%2Fresources%2Fguia-basica-de-proteccion-la-privacidad-como-tomar-control-de-su-informacion-personal
.
And this perception to see how the future invents new hazards to us-
“Session replay scripts” can be used to log (and then playback) everything you typed or clicked on a website.
https://www.vice.com/en_us/article/59yexk/princeton-study-session-replay-scripts-tracking-you
.
Having significance in a meaningful purpose to your end results would entail partly to your apprehending in the knowledge mindfully as well of your perceptual understanding in how the web works.
Growing of your abilities to locate the data giving multi-surface (facets like a gemstone) areas that are in need to defend against in where the personal privacy factor fragments and yours is lost.
Then with that acquired knowledge to understanding what it is exactly that your up against or must fend from. (Hope to add Part # to explain)
.
For the most part advice what as has helped in knowing what kind of protections and practices I should use as helping me guard against or defending off from my privacy’s loss as I go online.
As I’m a simple man bear with, so only as I can understand the big picture from this minds perspective, I’ll try to help advise other readers gain their knowledge.
(Some people may see and understand a more complete picture than I, so please do share with us then – as mines just a base point in understanding).
– I will be adding more related details to this comment as Parts # in reply or with new comments parts # if reply box is acting wrong.
PART #1 , Thanks all
Thanks Hard Sell.
Hey all battery operated smart device owners,
Anybody herd of Juice Jacking, it’s a type of cyber attack involving a charging port that doubles as a data connection, typically over USB. This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or other computer device.
https://en.wikipedia.org/wiki/Juice_jacking
.
*Be on guard during the shopping/traveling holiday season.
As USB public charging stations are becoming more common, popping up in airports and shopping malls, as well down the line to where a public wifi connection is being offered for patronage or free – there might be a charging cube/kiosk available.
– The scam works similar to skimmers found at ATMs and gas pumps.
– When someone loads malware into the charging stations or one of the cables, thus, infecting the device charging.
– In as little as one minute, a virus can be transferred to unsuspecting users devices. Then, the virus begins exporting sensitive data and passwords directly to the scammers.
.
Here’s how the scam works:
A computer is concealed within the charging kiosk or on cables left plugged in that are programmed to automatically pair with smartphones when they are plugged in. The rogue computer can then freely access all the information stored on electronic devices, from passwords to emails, to address books to photos to text messages. It can even do a full backup of your phone, all of which can be accessed wirelessly by the crooks.
.
Another concept closely related, Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.
.
Juice/Video jacking is not possible if a device is charged via the AC adapter shipped with the device, a battery backup device, or by utilizing a USB cable with only power wires and no data wires present.
– – I’m wondering when this makes it to the car charges for electric cars.
As an bad example (I can’t think of another), a thief breaks into your locked car in your driveway, gets your garage opener and opens the garage, thief now has access to your home and you gone.
RELATE – then to a public car charging station that you’ve put your car to charge from, your car is also now port charging your phone to, all while your gone doing whatever.
Or say a mechanic plants malware in your cars computer system !
So be careful with all smart devices… Please
Hi M.D,
I’m with you in a concerned watch – “seems like privacy-oriented companies are being bought left and right lately.” It’s true but why?
It’s not just of lately, but of near the past years too.
https://restoreprivacy.com/antivirus-privacy/#comment-35948
–
I’d not only see the “US as a Five Eyes jurisdiction”, but like the king pin at the core of all the eye’s nations unified, as the (spider tending it’s web) if you will.
– That reach in (web data), can be extended by way of the United States Mutual Legal Assistance Treaties and Agreements.
https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/#comment-58133
* Where most every nation outside of the 5, 9 and 14 eye’s abide by cooperation’s to the US king pin in these MLATs deals.
@That blurs things a great deal when the nations (outside the 14 eyes) and that already have good privacy laws in place – having agreed to these MLATs. Wouldn’t you agree?
So as I said in the link on MLATs, “a jurisdictions to privacy provisions (it’s laws) may have less importance than I would of guessed” !
–
{Remembering – TOR , “was developed in the mid-1990s by United States Naval Research Laboratory employees, with the purpose of protecting U.S. intelligence communications online.} It was years later (2002) the alpha version released and the first public release occurred a year later still.
https://en.wikipedia.org/wiki/Tor_(anonymity_network)#History
–
The Grid:
– – As an example to the “spider tending it’s web for web data” (the grid)
Seeing the highways and interstate’s road systems in the US going from top to bottom and across the nation, as only one web system.
– – – At some early point in the nations frontiers advancement, as the least path of resistance going from point A to point B – routes were established.
Then the roadways paved on over these frontier routes for the nations road system.
My POINT being, as the internet routes nations together on the grid – your studied for any data, for there is not another route to use other than the spider’s web or grid – that exists either as centralized or decentralized.
***We may catch word today – but it’s done developed into a spying purpose –
as I feel it was intended…
I wished it wasn’t this way as a pipe line into our lives.
Thanks for bringing this up…
Hello once again Sven, seems like privacy-oriented companies are being bought left and right lately. Wire (end-to-end encrypted chat service) has been bought by an US entity (essentially moving Wire into Five Eyes / US jurisdiction):
(Blog post from wire.com): https://wire.com/en/blog/wire_business_update/
(r/privacy reddit post): https://old.reddit.com/r/privacy/comments/dvry9f/wire_holding_company_moved_from_luxembourg_to_the/
This is quite concerning, considering that US is a Five Eyes jurisdiction, which severely lacks privacy laws alongside with (now possible) subpoenas directly from US court. However, that is not as concerning as the fact that the company behind Wire has not been open about the acquisition, and *only spoke up once people started questioning them*. Now the question is – is it still safe to use? Should people seek for an alternative? Or does this acquisition means nothing, as other secure end-to-end encrypted chatting methods exist (such as Keybase and Signal), who are also based within US jurisdiction? I would really like to hear your thoughts on this, and you should probably update this article with more up-to-date information about the jurisdiction of Wire.
I’m looking into this.
Hi M.D
I see an answer is give by Sven – that’s related ?
https://restoreprivacy.com/privacy-tools/#comment-61222
I’ll admit that the fog and haze given off of all these companies to users privacy is unreal in today’s knowledge age era. Facts to immediate inform their users never takes president, are revealed months later and/or if at all.
A tree’s view in structure of top down CO.’s entities should be given for any company operating where it’s based on users privacy intents of protection.
Hope you noticed that startpage is bought by the ad-company system1.
Yes, I saw that and will revise the article accordingly with the next update.
I’m new to VPNs and need help to understand how I can overhaul all of my devices connected to the internet that are not private at this moment. If I subscribe to ExpressVPN for 15 months, can you please clarify the steps to take back my privacy? For example, I already have 2 existing gmail accounts linked to my home IP, which I also access on my iphone. Of course my Gmail and YouTube are linked, so Google has tons of information on me about my viewing preferences, etc. I want to make this more private. I read I need to clear all of my cookies and then if I subscribe to ExpressVPN, do I have to also create a totally new Google identity through which I will now surf the web and watch online content on YouTube so that Google isn’t sharing my proverbial data file with the highest bidder? I’m assuming that even if I clear my cookies and subscribe to ExpressVPN, if I login to sites using my login/password, then the servers will know who I am and see that I am merely using a private IP, right? Can you clarify for me also that if I have ExpressVPN and am mobile, like at the gym where I typically use their wifi since I don’t have an unlimited plan (and I want to stream videos), does my ExpressVPN service carry over? I assume not, since I assume it’s through your own internet connection…Thus, does using ExpressVPN mean that you also have to buy unlimited data on your phone so that when you are mobile you can access ExpressVPN and not be using unsecure wifi connections? For payment, I don’t use bitcoin, so what is the next more private way to pay ExpressVPN? I prefer using credit cards, but, in this case, I don’t want it on them….I have Paypal….What do you all recommend for the next best thing to bitcoin for keeping payment to ExpressVPN private? Thanks for any help!
A VPN will work with any internet connection. You connect to the VPN server and encrypt your traffic through the internet connection, regardless of where you are at. There are no bandwidth limits with ExpressVPN (unlimited data transfer).
Yes, it would be good to create a new secure email account to replace Gmail. There are free options as well as cheaper options.
If you need a Gmail account to log in to YouTube or other google services, you could create a new one that is basically a dummy account that you don’t do anything with and is not connected to your previous accounts or identity. Once you transfer over everything in Gmail to your new email provider (such as Mailfence) then you can delete your old Gmail account.
I wouldn’t worry about private payments so much. Owning a VPN is not illegal and VPNs are becoming mainstream for privacy and security. And don’t get overwhelmed. Just go step by step on your own time frame.
Thanks for the fast response, Sven! I am looking at Mailfence. Do they have the functionality to transfer all pre-existing emails from another account? Is that an easy process? I used the gmail account for a almost a decade and have 50,000 business related emails I need to keep as records…I don’t want them to be deleted in a transfer. I assume that when you transfer emails from an account it just sends a copy and leaves a set, too? It would be a disaster if they were erased….
Also, I noticed in the past that when I went to delete my cookies on my Macbook Pro, it often said there were a core group that could not be deleted…I vaguely recall them being linked to corporations….Would I need to get an entirely new laptop and start with Express VPN and tighter security controls to prevent that from happening again? I saw you recommended an app called something like Cookie Delete that continuously deletes your cookies, but then at least one person commented that it logs you out of your email each time….that would get annoying….if I use Mailfence, for example, I want to be able to leave the browser open and not have it log out at home….Is that possible when using a VPN? Or do you always have to establish a connection with the VPN each time you want to see your new email on Mailfence?
Thanks!
Hi Kate,
GOOD overview of what you’ve envisioned needing done because of ?
The ? = ISP your subscribed at sourcing the internet to you…
Which ? = your IP address as well to an electric identity on you.
– Liken to your street address used to find your location, your IP address is need to go online – so it’s you that identified or can easily be as the things are setup this way.
A VPN in this link is always good but not really the magic bullet needed alone. A VPN alone can’t pull it all off, but think about an encrypted tunnel now that everything of your devices system passes through where you’ve installed the VPN Client(s) and their set active (at system start ups).
–
As in using a VPN, your moving your trust, speed, viewable web data from an ISP you’ve paid for over to the encrypted VPN service.
The ISP no longer can easily intercept, snoop and view your data.
– You’ll still use the ISP to connect to the internet.
A VPN is not a replacement for it. But, instead of the ISP communicating directly with a web page, the ISP now talks to the VPN server that talks to the web page through the encrypted tunnel. *It’s the VPN server that connects to the website you wish to reach.
The achieved key point now is the connection between your device and the VPN server is encrypted in what’s called a VPN Tunnel.
–
The ISP can still intercept the data, but that data is no longer viewable to it. In other words, the ISP is aware you’re sending and receiving things but has absolutely no way of knowing what those things are.
That is till a dropout occurs in the VPN service at anytime.
The moment a VPN connection drops, the encrypted VPN Tunnel is lost, and the ISP can once again view and analyze anything of your transmitted data.
Good paid for VPN’s have a KILL SWITCH for this purpose and then likely will handle all you DNS requests on their ends as well.
–
Pay for a VPN please to get-
1. More privacy.
Your connections cannot be linked to your computer…and you. You can visit any website and your ISP doesn’t know where you’ve been.
2. More security.
VPN connections are super encryption secure. The network is hack proof and all of your Internet activity is encrypted (coded) and unreadable in transit.
3. More website access.
No more blocks or censorship. Whoever can’t now prevent you from getting to websites based an your IP address location.
4.More anonymity.
Your true IP address is hidden! You’re unidentifiable online because you can constantly be using a different IP address, never your ISP assigned one.
In fact, it typically looks as if you’re in a different part of the world from wherever you really are if you choose to be.
I JUST USE A CLOSE-(ER) STATE SO SPEEDS ARE ALWAYS GOOD.
Hope this is informative help : )
https://restoreprivacy.com/vpn/
https://restoreprivacy.com/vpn/best/
https://restoreprivacy.com/vpn/reviews/
https://restoreprivacy.com/vpn/coupons-discounts-deals/
Thanks for the clarification, HardSell. I was in Europe a lot last year and noticed that when I tried to access a lot of US websites I normally use, I was blocked purely for being in the EU. It surprised me since many sites are common retail sites like William Sonoma. I guess their logic is that they don’t want competitors in Europe copying their products, even though they manufacture a lot of them in Europe? My question for using something like ExpressVPN is will I get blocked from sites? Years ago, I used Tor a lot, and it always blocked me from using mainstream sites, stating I was using a banned IP…..I then stopped using Tor because I read it was government run anyway, so nothing was private anymore…..With ExpressVPN, will the IPs be banned by any websites, or will they be ok?
> My question for using something like ExpressVPN is will I get blocked from sites?
No, just connect to an ExpressVPN server in the US and you’re good to go.
> With ExpressVPN, will the IPs be banned by any websites, or will they be ok?
This does sometimes happen with lower-tier VPNs, but it should not be an issue with ExpressVPN as they have a huge selection of IPs that they ensure are working well with different sites, including Netflix and other streaming sites (that normally block VPNs).
@Kate,
Sven would know more than I, but it’s time to get off the fence and start your journey – agree.
Experience it – learning in small steps, in goal of designing a tailored path as addressing the needs required by yourself – platform – profession – offerings avail. – all with regards in your threat model protections sought.
*(overkill usually means overpriced – if interested take a smaller piece first and adjust in – as your knowledge becomes learnt)
–
Make a ‘Draft’ for an OUTLINE to use of your starting point and end goal. [tree is a good example image, you trunk – branches and limbs not hidden as being exposed on web – root system hidden from being exposed on the web]
Scroll to bottom of this page/all RP pages, for “Simple Privacy Setup” – as 7 key ingredients / fields to include.
– When you take a privacy/security stance and want a path defined it’s yours only – your song that no one else sings like you do. The ingredients and measures are but your own recipes creation. Get my drift – one size, unisex fit meanings won’t work for anything threat specific to and in your own privacy quest but possibly a mere vague guide. Research / read reviews / GOOD LUCK
Best
@Blocked because of IP – VPN change to any server in that region should work.
Hi Sven.
I’m wondering why you mention “Worth mentioning: Don’t use a browser-based password manager, which will store your usernames and passwords in plaintext, thereby leaving them vulnerable to exploitation (discussed more below).”
Later on you mention KeePass and LessPass, which both have a browser extension.
Or do you mean those built-in password managers that remember logins?
And I’d also like to know your thoughts on a PW Manager as LastPass?
I’ve been using it for a while and like it, but is there a specific reason why it’s not on your list?
I find it very easy to use as I use it both in my home as well as on work and mobile without having to remember a “key file” etc. to login as with KeePass :-).
I hope to see your reponse.
I mean don’t store your passwords into the browser itself, such as Firefox or Chrome remembering your passwords. Password manager browser extensions are fine. I like Bitwarden but haven’t tested many other options, such as LastPass, but it also looks good.
Hi Sven Taylor,
Thank you for this article. I always find the information you provide to be very enlightening and helpful.
I was wondering if you have any suggestions for a privacy-conscious calling app for Android that would serve as a secondary phone number so i would not need to give out my real phone number.
I came across an app a few months ago but unfortunately i flashed my phone and i did not have a backup of that app and of course I can’t recall what it was called.
That app allowed me to choose a phone number starting with area codes f my choosing and it allowed me to make and receive both phone calls and text messages just like a normal phone number. The first 30 days were for free but then you would have to pay for a subscription which was not expensive.
I would appreciate it if you can suggest an app that does the same.
Thanks
Hi Oleg, you might check out Line2, which I’ve used and it works well. Other options include VOIP.ms and also OpenPhone. For privacy, you can also use a fictitious name and pay with a virtual card through privacy.com, which allows you to use a fictitious name and address.
Hey all !
A Worldwide Survey of Encryption Products (yes from 2016), but it’s something I’v not seen altogether broken down by country and OS amongst other categories.
You seen ???
“In 1999, a group of researchers from George Washington University attempted to survey the worldwide market for encryption products [HB+99]. The impetus for their survey was the ongoing debate about US encryption export controls.
By collecting information about 805 hardware and software encryption products from 35 countries outside the US, the researchers showed that restricting the export of encryption products did nothing to reduce their availability maround the world, while at the same time putting US companies at a competitive disadvantage in the information security market.
Seventeen years later, we have tried to replicate this survey.”
https://www.wired.com/wp-content/uploads/2016/02/A-Worldwide-Survey-of-Encryption-Products.pdf
EX: just a part of the listed
Germany—112
United States—304
Netherlands—19
Romania—4
Australia—21
–
See what your country had/has to offer.
Related ?
CRYPTOGRAPHY AND LIBERTY 1998
AN INTERNATIONAL SURVEY OF ENCRYPTION POLICY
http://gilc.org/crypto/crypto-survey.html
2019 CIGI-Ipsos Global Survey on Internet Security and Trust
https://www.cigionline.org/internet-survey-2019
for privacy messenger
may u should have a look on briar.
https://briarproject.org/
– decentralised
– uses the tor network
– fully end2end
– open source
plz. dont recommend Privacy Badger
it can be used to get fingerprinted
best regards
Awesome advice, can I ask for a review or recommended options on personal privacy such as personal files, IP on corporate computers. How to setup and protect yourself from big brother too ? Possible ?
Hi scollops
You’ve asked a lot without giving specifics of Operating system(s), device(s), etc…
Sven’s got pages of good stuff and to telling the dangers of being online.
Helpful guides and articles (I take from his own experience) in his use, testing, researching and exploring this field that’s a big loss to us in it’s vast knowledge to understand.
There’s to much lead-way in each’s own scenario for him to be specific to anyone personally unless it touches close to home for him, as he’s been there.
Thanks….just trying to get a handle on where to start Mac mainly then MS laptop. Really about personal files and IP. Protecting especially when you forget to remove your IP..i.get the whole policy and company line. But oddly doesn’t work both ways. Anyway good to learn also for home as a Mac user.
Hello scollops,
Surely it would began within the devices foundation you’d set. Any order you’d want in your research and implementation.
A/My devices Strong Foundation:
– Hardened OS. (Root access if possible)
– Third party FireWall. (Firewall that blocks everything’s contact to the web by default, and the first time anything tries to enter or leave your system, your alerted (pop-up) to set an action for it from that point onward regarding it’s role in your devices setup.
– VPN service. (Hides your true location and encrypts all your devices generated traffic – installed to the system / because browser extension(s) VPN’s ARE NOT CAPABLE OF THE SAME FUNCTIONS Device Wide or simply their being offered as a watered down version to mimic a real VPN’s functions.
– Private Secure Browser /W/ Private Search Engine. (Separate programs and Working in Tandem when going online).
– Ad blocker. (Install to the system, some do their work in blocking online ads, but also on your installed apps that display ads too when opened and ran on the system. Kudos for the ones (Ad Blockers) offering advanced settings that dials into the specifics of your devices privacy – Ex: hides search queries, strips tracking parameters, hides your user agent, hides your IP address, etc, etc…).
– Password Manager. (Besides securely storing passwords and other personal and accounts info [locally is my preference/never trusted cloud storage]. CS is basically for syncing same info to multiple devices you own and that would go online.
Password Managers are capable of your longer stronger passwords generation than the average person would normally use and retain on their own).
– Secure email /W/ Secure Messenger. (Separate programs again – Look to them offering end-to-end encryption of your data for a true zero-access provider. That would be the encryption happens locally on the device (browser – app) and it’s done (only with access) from the users end to decrypting said data / and never the only encryption offered is to happen on the servers end. ‘Employees and the company partners’ then may very well have access to the servers decryption key and then to accessing your data.
.
Todays Best Secure Email Providers
https://restoreprivacy.com/secure-email
Some there may offer a full office suite to alleviate your need for a separate program to share your personal files. If your needing a cloud file service for uploading files so people can download them, then look at comments on Alternatives to Google Products – the Complete List (2019)
https://restoreprivacy.com/google-alternatives/
.
Hell I could go on and on, least I’d try the outline I’ve given above. I’ve not named any specific programs here. Then I can’t really see that if any applications redundancy of the the others in your basic foundation (system armor) you’d set harming you. Systems and associated hardware are beefier than early units, so redundancy with regards to system resources not an issue.
SCROLL DOWN to the first comment left here for helpful Windows information – and then up a few for other info. too – yes most will be my comments.
Mac – not a lot to offer as Apple – well you know doesn’t want you melding there.
https://restoreprivacy.com/vpn/best/mac-os-macbook/
– – – If you’ve a small footprint web wise (devices -or-
accounts) I’d not link any of them to a same online account by an IP address. VPN services do allow for multiple devices use on one account – set your other devices to another servers location to change it’s reflected IP address.
As well as not letting all our devices sink to/from cloud services – keep it (your data) stored locally on the device, and update them (all devices) yourself. By coping contents of folders or the folders tree themselves to the other like folders of a same program installed on your other devices.
Hope this helps and your welcome : )
Why isn’t EteSync ( https://www.etesync.com ) on this list?
It’s the only secure contacts, calendars and tasks solution out there…
Hi Jess.
Just a few points:
-Sven’s just one man running the site that has grown in new content, and still has to be updated in the existing already covered guides and articles. (Sounds like I know him, guaranteed I don’t), BUT HE HAS A GOOD WELL as we’ve talked some over his Secure Communication Center here-
https://restoreprivacy.com/secure-communication-center/
-It takes people like you to give all readers a heads up here on the RestorePrivacy site or by making contact by the link above ^ to Sven.
.
He as I (*this I believe), quest for only clients and server(s) to be ran on an open source(d) code base. *Term ‘- open source’ refers to something (code in this case), where people can modify and share their results because of its design, (the code) is publicly accessible.
*Then being offered at it’s foundation (server) – a hardened Linux installation, updates in patching any vulnerabilities as they become known, using safety mechanisms like TLS, CSPA, HSTS and in making sure to disable their weak ciphers.
*Then the encryption being used of an account, is in a way that only the USER (ends) and not it’s SERVER have access to your stored data’s information. Unfortunately, most of the communication services we can use are not end-to-end encrypted.
.
While any strong assurances of privacy, encryption and safety for your personal information are thrown out and about by different programs/services on the web.
STOP and consider that data (yours), is being kept (stored) in someone else server(s). Especially, in a case where the server synchronizes the users data with an app/device – any one ! in the chain are vulnerable to get hacked, or a government forces the hosting provider to hand over their server.
– – Anyone give thoughts to – of, that in ten years (or less) up the road THIS AGE of encryption may be broken !!! In Ten years I’ll bet your still alive – to what wide repercussions if today’s encryption gets broken? Your in life?
Remember the server back-ups and the fact that your not controlling the server – you’ll simply have no ideal to the copy and back-up counts made on said server containing your data… When the account is deleted spelled out time when all your generated data is totally deleted?
Point I make, wouldn’t double or triple encryption of data be something for a communications programs/services to look at for storing any users data. Servers encryption, then users encryption twice of TWO separate passwords/paraphrases or keys.
.
-I don’t find info. to when ‘EteSync’ was founded except ‘Posted on Wed 05 April 2017’ here-
https://stosb.com/blog/introducing-etesync/
Looks like a nice find on the surface Sir.
“EteSync is a journaled end-to-end encrypted contacts and calendar provider for Android and the desktop. Or to put it more plainly, it’s an app that backs up and syncs your contacts and calendars across devices and to the cloud in a secure way while maintaining a full history of the changes.
Our servers are located in Austria and are hosted by EDIS, so our server is safe, but the beauty of EteSync is that you don’t need to trust the server.”
– – -Botom line:
How’s the EteSync TOS and PP read?
How’s Austria’s privacy policy as a country in Central Europe comprising nine federated states?
Journaled – your data’s full change history in a secure way while maintaining a complete history of your changes both locally, and securely on our servers – – “”may be a handicap to some if they can’t control the time set – ex: 2 year max versa forever as account remains open.””
It’s not only your money but data given up by you. When you delete your data and then would delete your account – what assurances do you get – that you indeed owned the data ON the server used to store and/or back-up the said data. Proof and guaranties are just words in that all the copies and back ups will get deleted as well…
Tom from EteSync here.
Not sure I understand what you are saying, but just wanted to clarify a few topics that weren’t clear from your comment.
1. You were talking about having both the client and the server open source. Almost none of the recommended tools above satisfy this requirement, so no idea why you said it. With that being said, EteSync *IS* open source, client and server.
2. We obviously patch our servers all the time and maintain them.
3. EteSync is end-to-end encrypted, it says that on the home page.
4. Your data is not encrypted on the EteSync servers, only the end-to-end encrypted data, which we can’t access. We use strong encryption, if it’s ever cracked (like you suggested), every service above would be vulnerable, not just EteSync.
5. If the above point is still a risk for you, you can just self-host: everything is open source.
6. EteSync was released around March 2017. The blog post you mentioned is my public announcement post. You can also see all of the source on github to see when code was originally pushed.
7. TOS and PP: very simple and legible, less than a page long. Have a read.
8. Austria is probably better than Germany and Switzerland nowadays.
Thanks for your comment, and I hope this answers some of your questions and clarifies things.
Hi Tom, thanks for stopping by and clarifying things.
Hello Tom from EteSync,
No I got a way of doing things that suites me, so sorry if I’m hard to follow.
I did give EteSync a thumbs up here just for whats in print and for the direction in a mission it has.
Couldn’t you tell by my words…
.
Basically in answering to Jess, as why not every good, worthy, and related privacy/security application/service isn’t listed somewhere herein, and where Sven’s time (I’VE SEEN) has been utilized for the site.
As well, I had thrown out some flags for people to look for in anyone’s research of the service/app (yours – or any other).
.
The ‘quest’ part is just a longing for everyone who is connected to the web in some fashion, and that be as you’ve done and confirmed by your reply in the #1 and #2 answers. Hey you might be the first on the site to offer this – to the user.
I’d have that in the first paragraph of anything printed about EteSync.
Besides in the section topic above all listed in the article are not offering their client and the server as open source that your right on this.
Sven should add note of that feature if their offered.
I can only say, if Sven’s the time to test yours – you might be listed on the site.
– Glad to see you’ve tied up some loose ends for me by your answers.
Though in #4 answer it mentions ” Your data is not encrypted on the EteSync servers”.
* What of the users/account holders data does the non-encrypted data consist of /and/or about the account / then it’s owner?
* As for offering the service/app on a fee basics – how else does EteSync support itself ? Worthy of an answer…
** Do you ever see (at present) EteSync to becoming a full fledged communication platform as an email service.
Thanks and greetings Sir
What do you think of the new ‘sign in with apple’ feature?
I wouldn’t use it, because Apple.
Did anyone test this secure message app: https://www.goldenfrog.com/cyphr ?
They are from the same company as VyprVPN, so maybe it is not a bad option…
Hello,
First, thank you for sharing your knowledge and making our life more private.
Have you already heard of dissenter browser? Currently, it’s a fork of Brave, but built for people. If I am not mistaken, he removed Brave rewards and add his dissenter extension that is focus on free speech.
I’ve heard of it, but have not tested/used it.
Hey Sven and readers,
Had some deep thoughts today that I didn’t like in what I could imagine happening.
But usually I can also see a silver-lining to any darkness I envision.
That silver-lining, would need to be a global entity of some form of a governing body grounded on and with a foundation of global personal user internet privacy laws that has some teeth enforcement’s action.
If you’d think about it we as governments and nations have rules and laws within our own borders for just about anybody on anything.
.
As mankind advances in life with technology we loose our borders, that it opens up our lands and people to be victims of lawless enforceable actions as it mostly stands now.
We’ve seen or herd of nations going after nations (it’s people-interstructure-elections) using the internet.
Then you have the representation of other nations within a host country where a special revisions of it’s own laws are given making them useless to enforcement to these visitors.
[Kind of like the internet it’s happening to be border-less crime that hits a country]
Stop – picture this, land and water touches somewhere there are borders – laws usually change crossing that physical boundary into the other.
Now – think of the internet as air, a vast ocean, even electricity of a small sense to strength/power/grand or in other words something to big for any one nation to police on it’s own.
Just as we join alliances in time of wars, friendly nations need to join and sponsor a global eninity foundation of personal user internet privacy laws. As we keep budgets for troops and war machinery so to a nation needs to budget for global internet defense.
.
Some dark future thoughts:
Big tech (you know them) all come out with the new wave virtual personal assistants.
You are now able to do everything from your assigned virtual personal assistant (think of your shadow with an ID or in USA your SSN).
So all the new devices, apps and software/firmware versions are now designed to use your assigned virtual personal assistant or you don’t have an electric identity or worst outlet to interact on the web.
– A nations government steps in and uses this “taps” the wealth of new information down to (.) in com you type.
Now in short time – this virtual personal assistant technology has ability to track groups of devices, people, auto’s, purchases down to the last 10 seconds.
Then can disable any electric device connected to the internet, able to turn it on or off at that moment or simply once it had been tracked within the hour. (good and bad use here)!
.
In US you know of traffic light cams for red light runners.
What if you thought your neighbor had just got some kind of security severance service as you’d seen the worker install a couple cameras.
Then you come to know it’s making them money every month – as it’s scans and monitors the neighborhood.
– If you’d get on some high value list I could see this happening (advertising co. – prospect for CEO or like job), even like with a crime stopper program in rough neighborhoods – where every other house is scanning all the time.
To many more dark thoughts !
Any merit to worry yet ?
Hi, Sven
What do youu think about “the next gen VPN”:
[https://impulse.com/sdp/]
I’d stick with OpenVPN as it has been thoroughly audited and proven over many years (safe and secure).
Hi Sven,
I wonder why the Epic Privacy Browser for desktop didn’t meet your ranking.
They are coming out soon with an android version.
Regards,
That’s discussed in the secure browser guide.
I wonder why Telegram (encrypted) app isn’t under “Secure messaging app”. Have you tried it and what are you thoughts on it?
Hey John, yep, that’s a good option too, I’ll add it with the next update.
How would you rate Qubes OS ?
For those of us who have to use Windows for Adobe CC, a future article suggestion: “How to keep Windows 10 from spying on you” (apart from not using it, of course 🙂
Quick answer: Download Virtualbox (free and open source) and run Windows inside a virtual machine. You can use Windows 10 for free and you never have to register it. (I do this for testing software.)
According to Adobe, CC with an individual license will not work with a virtual machine. PlayOnLinux no longer works, Crossover doesn’t work. Wine never works with anything. If Adobe would only make a Linux version (go here and vote!: https://adobe-video.uservoice.com/forums/911233-premiere-pro/suggestions/36257581-yes-please-support-linux-this-would-be-a-huge-m) then I think Linux might well get a lot more users seemingly overnight. Perhaps they have a deal with Microsoft . . . ? So anyway, unless I’m mistaken (which is entirely possible–I’d love to be wrong about this!) I’m pretty sure that CC users are stuck with Windows 10, at least for the moment.
I don’t believe that will ever happen. This kind of talk has been going on since Linux was introduced. If one’s intent is simply browsing the web, I’d agree.
There’s way too few Windows applications and sites eg. financial institutions, insurance plans, governments and so on that do not support Linus browsers.
Not many people know of Oracle’s Virtual machine. It’s not user-friendly whatsoever. In fact, it’s pretty darn complicated just to try to load your OS of choice and install an application. The website to find and choose the hyperlink is nothing short of frustrating.
I suppose the majority of people who would want to use that particular VM are the ones who live a complex life and have a similar mindset.
For a couple of months or so I’ve been trying Blokada ad blocker on my android phone. So far I’m really impressed. Recently, they even added VPN service (paid, but pretty affordable). Notably, for example, the battery life is SO Much improved! Mobile data usage is used for a much lower amount per month (killing ads obviously saves a lot of data). These guys are doing tremendous job, and quietly, without much fuss and bells. Hope they will develope a good privacy package. So far, so good!
Yeah, Bronco. I using blokada for a while and, I agree with you, but I would like what you guys tink. And you Sven Taylor, what you tink about Blokada? You know? Have tested?
Looks good. I have not tested it.
Hi Sven, I am blown away, but not really that surprised at all the comments/questions you’re receiving now on this topic. I just have a few as they relate to browsing confidentiality/releasing details and prevention.
I visited a site that lists all your devices (that name is part of the URL) including screen resolution, video card, OS and so, so much more. I was terribly shocked to see the results.
I opened up TorBrowser (as we know Tor is slow as molasses) and I can’t disable a la carte the encryption or settings to improve speeds. However, Tor browser blocked a LOT of the info which was revealed in Chrome. It blocked RAM quantity, Graphics Card Name / Driver and many more system details.
When I reviewed the info on screen, the test results indicated the info which was concealed was “blocked” by browser “extension”. Yet, I see no add-on in TorBrowser.
As such, I wonder if there’s an actual extension or means of blocking the system info which Tor blocked on Chrome or use another browser which is faster, but does the same in terms of blocking system details?
Hey there, this is a tricky issue, but there’s a lot you can do to improve browser fingerprinting. See my main guide on browser fingerprinting for more info.
Hi Sven,
I think you should add to this article suggested ad-blockers, AVs, VPNs etc for mobile users – ios and android. Reality is that most people today use mobiles predominantly.
He Bronco, thanks for the feedback.
What do you think of 1password as a password manager? I tried bitwarden, but 1password works so much better for me.
Did you use Bitwarden with the browser extensions? It works like a charm (for me at least). I have heard good things about 1password from a usability perspective, and it’s been around a while, but I have not tested it. Main drawbacks: closed source and expensive.
I think this extension should be included in the privacy kit, here’s why:
https://lifehacker.com/clean-up-urls-before-you-share-them-with-the-tracking-t-1826459457
Thanks for the article!
But i have one question, why do you choose for this article exactly this messengers? Signal is abandoned, Threema is not free and open source, and Wire isn’t free. On my phone i have Signal and recent Utopia beta next with telegram on my pc. It’s actually a lot of great private messengers over there, why you mention only 4?
Hey there, Wire messenger is 100% free for personal use, and I use it all the time (free plan). There are business plans, but you don’t need that unless you want to use the premium features. I do plan to update the guide with more options soon, and I’d also like to have a secure messenger guide up in the coming weeks. Riot is another option as well.
Telegram is not as secure as the company’s marketing campaigns might lead you to believe. I prefer Utopia ecosystem. I guess that in the near future this decentralized P2P app will completely replace Telegram. All my confidential data shared is safe via Utopia messenger.
In 2019 already the majority of VPN providers claim that they are not keeping logs at all. One question is sitting deep in my brain, how those providers are checking the maximum allowed devices / connections?!
Yeah that’s a convoluted question. There’s usually some form of authentication mechanism that authenticates active connections, ensuring an account does not go over, without logging anything to the server. The exact method of authentication varies with the VPN.
Hi everyone,
Any concerns about the Webroot Secure Anywhere product? It’s based in the US, so… Any reports of personal data misuse?
Thanks in advance,
Kimi.
I everyone,
Does anybody here have information about the ExpanDrive app? Any concerns on privacy leaks, personal information logging, and selling, etc.?
Is there any alternative to it?
Thanks in advance,
Kimi.
Given that Microsoft take most your data anyway, what are your thoughts on Windows 10 Defender as an AV solution. At least you are eliminating 1 additional (3rd party AV) company from the privacy feeding frenzy.
Yes, that’s actually not a bad choice.
Hi Sven,
Awesome blog. I appreciate the contents you publish.
One question: how safe are the aforementioned messengers, namely Signal, Wire and Threema? All of them use WebRTC/STUN, thus all leak your IP, right?
Is there any workaround?
Kindest regards.
Hi Kimi, I’m not certain about the use of WebRTC in messenger apps, but there shouldn’t be any issues with IP leaks if you are using the messenger app. Of course, this is very different from surfing the internet through a browser with WebRTC enabled, when a website you visit could hit your browser with STUN requests, so not really an issue.
Hi Sven, how are you? Need your opinion about the operating system issue.
Lately i’ve been worrying a lot about privacy, but still worry more about security. I use MacOS in my laptop but am considering changing to one of your suggestions. So, in terms of security, the Linux based systems are equal to/better than MacOS?
If not, do you think its a good solution to keep MacOS but use Tails through USB whenever i need more privacy?
Hello, yes, generally speaking, Linux offers more privacy and security than MacOS. That being said, everyone has their own unique needs and preferences, including applications for work and other needs, so it can be a tradeoff.
When you need more privacy and security, you may also want to run a virtual machine on your Mac OS. This is very easy to do, simply install VirtualBox (FOSS) and then install Ubuntu to start learning the ropes of Linux. This will be free and very easy to use. VirtualBox will just run from your dock like any app. You can use as many different VMs as you want, clone environments, run different VM operating systems, it’s a great tool. Tails also isn’t a bad option, but everything is routed through Tor, which has drawbacks.
Hi Sven,
I’ve been using a secure instant messenger client for a while now called qTox, which is at present the most polished client for Tox ( https://tox.chat/ ).
–
Simply put it’s a distributed (peer-to-peer) protocol supporting instant messaging, voice, video that offers end-to-end encryption.
–
There is also P2P file transfers and desktop viewing. The desktop viewing was a little quirky and I am unable to test the video calling since I have no camera.
–
It utilizes DHT swarms (like BitTorrent) to find and connect to your friends so it can be a bit heavy on a cellphone battery compared to centralized services like Wire and Signal. Tox has no signup, no account and no business entity.
–
All that is required is to download the Tox client of choice for your platform, run it to generate your ID, give your ID to someone and then people who know your ID can find you in the swarm.
JN
should we use debian or ubuntu for security in laptop.
It all boils down to personal preference, but Debian probably has an edge in terms of security.
Hi Sven,
will you make a guide for android users?
Hi John, I made a basic Android privacy guide a while back, but it is a bit outdated. I don’t spend too much time on Android, aside from occasionally testing Android VPN apps, but I’ll keep your feedback in mind for either updating that guide or coming out with something better.
Hello all.
I have a recommendation in the category “password managers”:
Password manager is more and more a must have, even more if you use 2FA’s in everyday life.
So, I work mainly with 1password and enpass. Enpass is a good alternitive to 1password.
Very important for me is the security, like “AES-256 Encryption” and “data are stored locally by default” (lesspass is only a online based password manager, I think). Bitwarden has some negative critics, because, there are lines in the code, who allows reload JavaScript from third party sources. In additional to this, in the app for iOS and Android are tracker included (Google Analytics, Google Firebase Analytics, HockeyApp).
An another recommendation in the cetagory “Advertisement, tracking, and malware blocker” is:
For the firefox user, Ghostery should be mentioned here as a very good add-on.
Thanks.
Hello, yes, a very in-depth password manager guide is upcoming (sometime in the next month or so). This page will get updated as well. Thanks for your feedback.
I have a question about Telegram message app. Is it still safe? I’ve researched a lot but haven’t found a decent answer
No, there is a reason why it is not included in the recommendations.
Messaging is not encrypted by default and even when enabling it, it is not end-to-end encrypted, allowing traffic to be intercepted at the server.
I would suggest using Signal, which is similar to WhatsApp (owned by Facebook), with the added privacy.
I looked at Signal, then wrote it off. They make big claims about being open source, but there’s no source on their web site, nor a pointer to anywhere it might be found. The only thing they have is a compiled binary, which is *only* available through the Google Store. Which involves creating a Google account, which is a deal-breaker in itself.
There’s a github project that claims to be the source for Signal, but since there’s nothing about it on the Signal page, it could be any random malware site looking for suckers.
Even if it’s all on the up-and-up, just looking at their web site showed an astonishing cluelessness about how trust and security work.
“Just say no.”
Interesting…Signal seemed to be one of the best, but from what you’re saying maybe I should rethink that. If not Signal, what would you suggest? Wire?
Signal website with links to source code
https://signal.org/docs/
“Over a billion monthly active users across the world are now using the Signal Protocol for end-to-end encryption.”
Over a billion monthly active users across the world are now using the Signal Protocol for end-to-end encryption.
Love your site/ blog!! Incredibly useful info here.
What about Whonix?
Any thoughts about the Whonix OS?
Vm inside a VM…..
F
Yep, Whoinx is a Debian Linux bistro that’s a good option for privacy and security.
Hi Sven, which operating system do you recommend of these? Mint, Elementary, or Zorin OS?
There are many factors to consider and nobody agrees lol. I’d opt for Mint, but that’s just me.
https://puri.sm/posts/purism-becomes-pia-first-oem-partner/
It seems that PIA is the new OEM partner of Purism and will be fully integrated in future Librem 5 phone. Sven, do you think that it is an advantage?
Hi Vector, I saw that. Well, they are both in the privacy business, but I’m not a fan of bundling unnecessary software on devices. I’m testing out PIA for a new review right now and I have to say it has certainly improved in the past year.
Hello all. I would like to purchase a laptop that still has Windows 7. This is obviously for reasons of privacy. However with support and updates ended for this OS is it still possible to set it up and still have safety and good performance? Thanks
If Windows 7 is no longer supported, and you need Windows, you could get a Linux laptop and run Windows inside VirtualBox.
Whatever happened to the ‘UnaPhone Zenith’ that Tutanota back in 2016-04-29 was thrilled enough to partner with?
https://tutanota.com/blog/posts/una-phone-zenith-crowdfunding/
–
How IT can spy on your iPhone or Android smartphone
https://www.computerworld.com/article/3259868/how-it-can-spy-on-your-smartphone.html
.
You Are the Product:
In an Internet world dominated by Facebook and Google, most people understand the phrase “If you aren’t paying for it, you are the product.” What people don’t understand is that this concept has also landed on the shores of the privacy industry. History has proven that as any industry becomes “hot,” marketers will inevitably enter it. Companies that have demonstrated little regard for privacy are now using misleading marketing messages to tout their free privacy services, all the while supporting themselves through advertising and selling user data. This leads to important questions, such as why did Facebook pay $120 million to buy a free VPN app? Why did a popular free browser proxy turn its free users into a botnet for hire? And, what’s next?
https://www.goldenfrog.com/blog/price-of-free-in-online-privacy-industry
What if I cant afford a new laptop? Any way to get security updates for Windows 7 from a third party or something after Microsoft stops putting out their own (And same question about Win7 support)?
Any other ideas?
I don’t think so as the code is not open source.
I have been using Mint and it has been great. A little learning curve.
Try different flavors and see what you like best.
Hi Miguel,
I’d say no to your security questions of Win 7, M$ not supporting patches any longer is like being dropped into a pit of lions or vipers.
– If you persist, try looking for just the Win 7 OS and add it to a partition on the laptop. (Duel boot w/ perhaps Win 10).
Being on the latest hardware will always be a performance driver.
Ebay has listings yet for Win7.
Win 7 wikipedia page mentions paid support for Windows 7 Professional and Enterprise for three years after the end of extended support.
See: Support lifecycle > https://en.wikipedia.org/wiki/Windows_7
Here’s an article mentioning more on end-of-life –
https://www.extremetech.com/computing/276582-microsoft-relents-confirms-extended-support-option-for-windows-7
–
If your not wanting go with Sven’s mention of Linux w/ Win 7.
Go with Win 10 and use some/all of these-
Edited Host file with every URL you can find calling out Windows telemetry. Still everything is doing telemetry today, drivers too.
.
Sphinx Win10FC = firewall that blocks everything by default, uses its own rules, it doesn’t set any in the Windows firewall, you can switch the WINDOWS Built-in Firewall ON or OFF at your option due to the completeness of Sphinx Win10FC products independence.
– Free version has limits, as it can not manage system applications (located in c:\windows\*) .
– Note: originally called the Windows Vista Firewall Control it updates to the latest name of Windows OS to sound current.
*From your computers stand point the Sphinx Win10 Firewall Control stops all the telemetry leaving your device.
https://www.sphinx-soft.com/Vista/
.
The Windows OS has plenty of it’s own telemetry going on, so the Blackbird (free-donation) program (no installation) takes care of
this and runs on all recent desktop editions (Home, Pro, etc.) and to the versions of Windows (Vista, 7, 8, 8.1, 10).
https://www.getblackbird.net/
–
Not knowing how you’ll go with an OS – anything Windows Updates are covered on this site (ex: safe, not, security only, risks, etc…) from the menu on the lower right.
https://www.askwoody.com/
Hope this is helpful : )
So, I should not trust a free AV, but trust a password-manager like the ones you mentioned above…. (??)
Anyone willing to put some light on this?
Recommended password managers = open source
Antivirus = closed source (and much more potential for invasive/malicious activity going on behind the scenes)
Hi Ghis,
You can see it this way –
Addon password managers = specific data stored securely in a vault area on your device accessible by a master password you’ve given.
*Browsers should never be used for saving login credentials…
**Local device storage is better than cloud storage that has the benefit to sync to your other devices – – but clouds are a bigger risk target to hacks, as not only yours but everybody’s data stored there.
Where as –
A / V security products have access to the whole device and it’s access to all sections data because it runs at a high system level privileges.
Think ‘administer’ versus ‘user’ privileges…
You can restrict it’s access by excluding drives, folders, files but unless that’s done it reach is the greatest of anything you’ll install to a device.
* It may even access the installed files of the ‘password manager’ but as I understand can not reach the vault area because your master password locks it out.
* * So if you’d consider both like dogs, a lap hound compared to a guard dog. Which bite impacts greater harm and who’s poop is more substantial…
Both you invite into a device but a wise choice of understanding and a research of the TOS and Privacy Policy, along of users experiences documented should weed out bad actors.
Hope my off the wall rendition – helps : )
What about AppMoat by Seventh Knight?
https://www.seventhknight.com/appmoat.html
https://www.seventhknight.com/eula.html
https://www.seventhknight.com/privacy.html
What about it – this an advertisement?
Since you can’t buy it yet – it’s to new to be trusted, no user reviews!
Why mention it then ???
Very Quick look seams similar in functions like VoodooShield.
What about Firefox Focus aka “Firefox Klar” ?
https://support.mozilla.org/en-US/kb/focus
https://blog.mozilla.org/blog/2016/11/17/introducing-firefox-focus-a-free-fast-and-easy-to-use-private-browser-for-ios/
Mainly on android and ios. Doesnt have as many downloads as the main firefox though.
It’d be cool to take a look at this browser and see if its worth all the hype or if its just another free tracking scheme like Opera.
Can it be configured just like normal firefox in your guides?
Hi Kevin, yes, that is a great solution for mobile devices (Android and iOS).
You have great confidence in Emsisoft antivirus. I have used Emsisoft antivirus in the past. It was fair in performance and it was not difficult to find better. At that point, I came to the conclusion that Emsisoft is itself, a virus. Have you tried to get that POS out of your computer? It invades everywhere and regenerates crap you remove. For months, elements keep cropping up everywhere. Emsisoft is a malignant hemorrhoid in a computer system.
Grover is it your cold and need to get your temperature going to warm up something. Without any facts and links in support of your proof, your just spouting useless and false tales around about your own opinions that are groundless and useless to anybody else otherwise… Lets be fair by proving some proof for everyone : )
–
As I see it, there is no best Antivirus marketed today and I’m a little put off by the AV industry as my research into it leads me to hope for better of them in 2019 onward. https://restoreprivacy.com/antivirus-privacy/
– But, at lest Emsisoft makes the point to tell people about their security and privacy practices. As Emsisoft is pushing the knowledge out about how both benefits you and other helpful articles in their Blog posts. https://blog.emsisoft.com/en/
–
Besides an A/V’s roll covering the whole system – this leads to infringing on users’ privacy. As they then can be a backdoor to devices of your personal data, documents, and files. As far to going in intercepting the web traffic run on it. You can’t block them by a firewall as need for verifying file maliciousness and updating itself exists.
– As A/V’s run it’s access with high system level privileges, then for an whoever entity that leverages them – they have to comply with the laws of the countries in which they are established.
– Not only do A/V security software’s reduce the HTTPS connections security, but also introduce vulnerabilities such as in a failure to validate sites certificates properly. https://zakird.com/papers/https_interception.pdf
–
So Emsisoft gets mentioned here, not as perfect but, as a conscientious antivirus provider who respects their users private data, and to only using it when absolutely necessary, while other A/V’s are much less scrupulous in the very same roll.
@ Sorry but it almost sounds like your torrenting or download pirated stuff that puts your infections there or it respawn from. With an A/V software turned off – is in NoWay going to protect the system it’s installed on. Excluding hacks, cracks with it = same…
https://blog.emsisoft.com/en/category/protection-guides/
Please don’t torment yourself without supplying the facts/links in making such further accusations about any A/V – friend : )
ON A WINDOWS BOX ? Give this a thought…
Should a local or a Microsoft account in Windows 8 and/or 10, be used?
–
What is a local offline account in Windows ?
A local account is a ‘username and password’ combination that you have likely used to log into any of the legacy Windows operating systems of the past – that is before 8 and 10 came to be.
It grants you access to the system’s resources and allows you to customize it of your settings and preferences. As a local user account in Windows 8, 10, it will allow you to install the traditional desktop apps, personalize your settings and use the operating system the old fashioned way (desktop) or limited somewhat in the Metro UI.
{Please offer knowledge on Metro, I’ve stripped most of it out long ago.}
Of course, in using a local offline account it must be created for a single system each time, so if you have any multiple of systems/devices, you will need to use a different local account for each of them.
–
What is a Microsoft account?
Starting with Windows 8, Microsoft has tried to push users to sign into Windows with a Microsoft linked account. Some features of Windows 8 and Windows 10 require access to the Microsoft cloud, and you therefore have to authenticate the device with a Microsoft account.
-[For a complete list, just type “sync” in the Start menu or Start screen.]-
A Microsoft account is the rebranding of any in the previous accounts for Microsoft products. If you have ever used services like Hotmail, Outlook.com, Skype, or devices like Xbox game consoles or Windows smartphones, then you are sure to have a Microsoft account already.
– By rebranding and combining all these different accounts, Microsoft allows for a complete integration of all their services into a single online account. This means that you can use it to get access to everything connected to the Microsoft ecosystem. It means M$ knows a lot about U.
–
The main difference – mostly it’s about trusting your privacy with M$.
The big difference from a local accounts stance, is that you use an email address instead of a username (in local account) to log into the operating system. So you must use either a Microsoft indentured email address (hotmail.com, live.com or outlook.com), or Gmail, and even your ISP specific email address to create your Microsoft account. This type of sign-in as the cloud process is meant that you cannot remove your system account password protection.
You can only change it.
– Also, signing in with Microsoft account allows you to configure a two-step verification system of your identity each time you sign in. This requires you to enter a security code each time you sign into a device that is not on your trusted list.
– Is this not as bad as using Google products for most everything as well ?
https://restoreprivacy.com/google-alternatives/
–
Some Pro’s and Con’s
This is all on top of Windows known Telemetry in it’s OS systems.
– You’ll likely have access to the Windows Store but, if you use Windows 8, 10 Home, you cannot download and install apps without a Microsoft account supplied. Windows 8, 10 Pro, Enterprise or Education, you can download and install apps from the Windows Store, but only if they’re free. You must sign in using a Microsoft account so that their paid licenses are associated with you.
– A local offline account in Windows, pertaining to your system settings will not be synchronized across any of the computers and devices you may also have.
– Ensure signing up/in Windows by creating a local account – simply disconnect your computer from the Internet when you install Windows 8, 10 it’s that easy to see a different menu.
– A downside of this Windows account feature is that whenever you log on to your Windows computer, you’ll also sign in to the Microsoft’s cloud. *This means that Redmond knows when you sign in, and from where. NOT everyone feels comfortable with this power given to M$ by itself.
Boa tarde Sven gostaria de usar o Starpage mais possuo problema com imagens sexy poderia me ajudar com indicação de um filtro para imagens ou até total remoção de imagens do Star page .
Good afternoon Sven would like to use the most possible Starpage with sexy images could help me with the indication of a filter for images or even the total removal of images from the Star page.
Hi dwg,
Try looking here for what your wanting to do or settings changed.
https://support.startpage.com/index.php?/Knowledgebase/Article/View/192/5/what-is-your-family-filter-and-how-does-it-work
or
https://support.startpage.com/index.php?/Knowledgebase/Article/View/1162/19/the-family-filter-is-blockingreturning-too-much-content-how-do-i-turn-it-off-or-tighten-it
or
https://support.startpage.com/index.php?/Knowledgebase/Article/View/1237/19/video-results
Great site Sven! Regarding another privacy site, privacytools.io, that site is contradictory. It says that “You need your browser to look as common as everyone else. Disabling JavaScript, using Linux, or even the TBB, will make your browser stick out from the masses.” And yet it advertises the like of NoScript and Linux systems. Does the person running it not know that making all the changes to Firefox’s about:config as shown, and installing the advertised browser extensions, will make a person’s browser stand out more?
Hi Paul, yes, that is the tricky issue with browser fingerprinting, it is a catch-22.
Hi Paul,
It’s comments like yours I keep hoping to see show up here as more people find the site. I try to offer insights that I understand as well.
Good points you’ve brought up – Sir : )
Hi Sven,
I currently use VoodooShield (VS) and it seems to me that the privacy terms related to product are not abusive – at least it looks like VS just collects very minimal information that is not aimed for re/selling.
https://voodooshield.com/
https://voodooshield.com/Privacy.aspx
https://voodooshield.com/Terms.aspx
VoodooShield is a kind of security software that complements the AV programs and it simply locks the system (something like a NoScript for Windows system) by preventing any process to run outside those who has been white-listed. It is not open source but it seems to me like a good option for security reason which impacts to certain extend the privacy. I was wondering have you ever tried VoodooShield and would you please share your opinion? In this regard, do you know any website similar to the one of https://thatoneprivacysite.net/ where the terms and conditions related to AV products have been analyzed? I am thinking that probably after the Kaspersky public issues maybe someone has publish some interesting article about the privacy aspects of the AV products. Thanks.
Hi Vector,
I’ve tried VoodooShield for a short time and couldn’t get the knack of my system running it. That was back some years ago…
You can see some favorable users opinions here about two years ago and beyond that – https://malwaretips.com/threads/voodooshield-have-you-tried-it-would-you-recommended-it.61800/page-4
Then an extensive users talk and time coverage of it here – https://www.wilderssecurity.com/threads/voodooshield.313706/
–
I use to used KIS by Kaspersky back 3 years ago till VPN.ac said not too as they said it’ll cause me problems with their clients. Same troubles I suppose happened with AdGuard, as it ran into priority problems with the order of some kind of KIS driver calls made in my system – in about the same time frame of events before loosing KIS.
Then I caught word that the US defense departments dropped it from their ‘to use list’ of software’s as it’s founders were suspected of KBG ties as reviled – all before the last presidential election scandal’s broke.
I completely moved over to Emsisoft Internet Security that’s gone now. It has since merged with Emsisoft Anti-Malware.
https://blog.emsisoft.com/en/28245/merging-emsisoft-internet-security-with-emsisoft-anti-malware/
–
AV products have been analyzed? About your metadata privacy you mean? Good point, what else has free run to every nook and cranny of your system. Even to whats known of VirusTotal, as I use it as a second opinion or first understanding to a lot of things.
There are others in this lineup of file uploads in online checking services, even the online scanners of the most popular anti-virus/malware vendor’s to run scans and check out your PC for free. What else do they find out about you?
–
Only one study I know of was done in 2014 by AV-Comparatives, for Data Transmission in Internet Security Products.
http://www.av-comparatives.org/wp-content/uploads/2016/12/avc_datasending_2014_en.pdf
Emsisoft Blog had a post JUNE 26, 2015 covering Antivirus software: protecting your files at the price of your privacy.
https://blog.emsisoft.com/en/17153/antivirus-software-protecting-your-files-at-the-price-of-your-privacy/
AV Comparatives did not include questions about data retention which is unfortunate. Some companies may use the transmitted data only to determine the correct course of action, while others may save it for a period of time or maybe even forever.
It has been suggested that users only download and install products of reputable companies, and that they read the End User Agreements before they do.
–
Despite claim’s they anonymize any user’s data that’s collected. If they anonymize your data, don’t you think they are able to un – or de-anonymize this same data just as easily on their end?
– Then when you do install something run the terms through the below program-
EULAlyzer Personal / Free for personal & educational use – https://www.brightfort.com/eulalyzer.html
Would be nice if thatoneprivacysite would branch out and cover the A/V likes there too…
Thanks : )
Disposable email addresses providers like Burner Mail and Blur are also privacy tools.
Good point Mark, I’ll consider that for the next update.
33MAIL is another one I can say works very well.
[ Create a new e-mail address whenever you need one. Maintain complete control over active addresses. Forwards all mail to your existing e-mail address. You can even reply anonymously to emails forwarded by 33Mail. Never receive unwanted e-mail again! ]
Hi Sven and Mark,
@Sven I don’t know if disposable email address are really a privacy tool, when Private Email >Best Secure Email Providers list on your site already, offers Aliases – through their services. Although most of the encrypted mail services offered there, you can’t easily delete an alias but only disable it from being active.
–
@Mark did you know Abine Blur recently compromised it users. I don’t believe this was out of wilful miss-conduct but more to a problem of gross negligence.
https://www.abine.com/blog/2018/blur-security-update/
–
Even my own mention of 33MAIL deserves scrutiny, as I don’t see a Privacy Policy offered on it’s site but only a TOS, and usually one or the other gives an indication to their actual address of location and/or jurisdiction.
And a whois look up doesn’t offer much to their location – https://www1.domain.com/whois/whois.bml
– FYI, the US may be headed to a recession as the trade wars and now General Motors layoffs lay the indications of more to come.
What is your opinion on Riot? It is based on the Matrix protocol.
https://about.riot.im/
How do you like the open-source XMPP clients like Gajim? Particularly Gajim may use the OMEMO protocol.
https://gajim.org/
Hi Vector, I like Riot quite a bit. I haven’t looked into Gajim much yet.
Unfortunately, Gajim is not multi-platform messenger (no iOS, no Android support).
I am not sure what’s happened with Jitsi and particularly with the support of OMEMO protocol. They implement the OTR protocol but I am not sure whether it is not a bit obsolete.
https://jitsi.org
is https://jitsi.org similar jabber ? thanks a lot
The most widely used privacy tool anyone has is setting right behind their eyes. Called common sense or that gut feeling, trust your instincts that your brain gives to you.
-One practice I find helpful is to limit the installed programs to what I need and use, uninstalling those that have had little use to me in 6 months of the year.
–
How many people actually read a ‘EULA’ license agreement of the software they install?
Or for that matter of a Website’s Privacy Policy to make sense of the nonsensical?
Don’t just write off the ‘EULA’ license agreements and Privacy Policies as too long and verbose to read…
And other similar documents, including language that deals with:
Advertising – Tracking – Data Collection – Privacy Related Concerns
Installation of Third-Party / Additional Software
Inclusion of External Agreements By Reference
Potentially Suspicious Clauses
–
You know in todays world that it’s important to know things like-
1. If the software you’re about to install, displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, or much more.
2. Of a website’s privacy policy for potentially interesting words and phrases, then what roll Third-Party External Agreements play.
–
Know What You’re Getting Into – Pop it into EULAlyzer .
This ones free as you do some work for the results.
http://www.brightfort.com/eulalyzer.html#Overview
–
EULAlyzer Pro for powerful and instant analysis using EULA-Watch, supports automatic license agreement detection and scanning for most major software installers.
http://www.brightfort.com/eulalyzerpro.html#EULAWatch
Note: This program does not provide legal advice.
You should always consult a lawyer for advice on legal issues.
http://www.brightfort.com/privacypolicy.html
The Good Trustworthy Antivirus programs should be in the Ranks above.
To thwart off malicious and unwanted software, and to reliably prevent phishing- and ransomware-attacks.
STAY away from the Free versions and you really don’t need their Internet Suites that some offer in all the bundled sub products.
I like to call these Jack of all Master of none…
–
Privacy – (taken from #5) https://blog.emsisoft.com/en/29702/choosing-antivirus-software-2018/
Some are extensively collecting data about your computer usage to improve their products. While simple product usage telemetry is usually anonymized, some products may also upload suspicious files from your computer to the vendor’s scanning cloud. You need to be able to fully trust that the vendor will handle your files responsibly, ethically and securely. After all, a private document could be part of such an upload, too.
–
Free Versions – “Has the antivirus industry gone mad?”
https://blog.emsisoft.com/en/11550/has-the-antivirus-industry-gone-mad/?ref=offer000012&utm_source=newsletter&utm_medium=newsletter&utm_content=mainnews&utm_campaign=offer000012
Fact: 7 out of 8 tested free antivirus suites bundle with PUPs
Comodo AV Free: changes home page and search engine provider to Yahoo during the installation process, unless the user unchecks the box.
–
Avast Free: offers Dropbox during installation by default, unless you uncheck the box.
–
Panda AV free: installs Panda Security toolbar, yahoo search takeover and MyStart (powered by Yahoo) home page takeover.
–
AdAware free: installs WebCompanion by default unless user unchecks the box. Also installs Bing Homepage takeover and Bing search takeover by default, unless opted out.
–
Avira free: offers Dropbox after installation. Takes over search with Avira Safe Search, which is a a white-labeled version of the Ask toolbar. Avira does disclose that it partners with Ask.
–
ZoneAlarm free AV + Firewall: with Custom Install: Zonealarm homepage and search takeover.This is a rebranded Ask toolbar, which is not mentioned on ZoneAlarm’s website.
–
AVG free: installs Web Tuneup, including AVG SafeGuard. Sets AVG Secure Search as homepage, new tab page and defaults search engine. Toolbar is Ask powered, although this is not explicitly stated. Also offers AVG Rewards, which displays popup advertisements with coupons and deals.
–
When the product is free the real product is YOU
Excellent points, Hard Sell, thank you. I’m going to update this guide with that information. Emsisoft is a solid choice and is one of the few AV’s that give you both security and privacy.
I agree about Emsisoft’s security and privacy practices, and then their always trying to get the word out about both.
Here’s some interesting facts you may find helpful to reference of anti-virus companies.
https://www.ivpn.net/blog/are-anti-malware-products-uploading-your-private-data
–
https://sanfrancisco.cbslocal.com/2017/03/08/wikileaks-cia-documents-antivirus-software-reviews/
–
https://blog.emsisoft.com/en/17153/antivirus-software-protecting-your-files-at-the-price-of-your-privacy/
Hello all
If – one key consideration is your digital threat model.
I’d definitely set the privacy bar HIGH there – as with all the Corporate, Government, and Web advertising entities collecting your data massively like never before.
A picture develops from all your collected data that can be like looking at a cross-cut of an adult tree growth rings, they’ll see an extended picture of your online life with all the collected data – just think of a two year period online what could be learnt of ourselves.
–
Did you know some advertisers attach the MAC address of a users devices to their demographic profiles so they can be retargeted even if the user clears their cookies and browsing history.
Clearing cookies doesn’t help you with web bugs and respawning cookies by the way.
–
If that old saying – Fruit doesn’t fall far from the tree – think about your offspring and relatives having similar likes as yourself, that your online habits and interests could most likely & will affect them.
How I try to guard my privacy and remember once it’s captured by one entity it can be shared, hacked in to, or go into a data base to live on for a very long time.
–
I’m running a 8.1 x64 Windows rig with IE 11 / Slimjet browsers, SSD and 16GB Ram. No Pen or Touch for display, no camera.
I’ve cleaned out most of the Metro crud for mostly a desktop experience as of the older Windows OS’s.
StartPage = my homepage and search engine.
Emsisoft = my main anti-malware.
Malwarebytes = 2nd line layer for malware defense.
RoboForm = (locally) not cloud, password manager for website logins with a strong password generator (usually at 20+ characters).
Maxa Cookie Manager = DATED / but still works covering many browsers – cleans cache, history, timed auto cookie deletion, w/ cookie evaluation – white/black lists, last update was 12 February 2014.
Adguard = ad blocker w/ personal privacy modules and stealth settings, really a lot more it has to offer than blocking ads.
VPN.ac = hides real IP – server side DNS, never surf without it.
VPNCheck Pro = DATED / DNS leak fix, changes your MAC address automatically but also your Hostname and Computer name, this also applies for all the Computer ID sniffer algorithms on networks.
Shadow Defender = runs your system in a virtual environment with no change to your real environment.
AOMEI Backupper Pro = is a complete yet simple backup software for Windows PCs and laptops, supports system/disk/files/partition backup & restore, file sync, and system clone as well as provides scheduling backup, merge images, dynamic volumes backup, UEFI boot, and GPT disk backup.
Sphinx Win10FC = firewall that blocks everything by default, uses its own rules, it doesn’t set any in the Windows firewall, you can switch the WINDOWS Built-in Firewall ON or OFF at your option due to the completeness of Sphinx Win10FC product independence – free version has limits as can not manage system applications (located in c:\windows\*) .
Note: originally called Windows Vista Firewall Control it updates to the name of current OS to sound current.
The most understandable detailed review I’ve seen here-
https://msfn.org/board/topic/174417-sphinx-windows-er-10-firewall-control/?tab=comments#comment-1107771
–
Most of the above have free versions but, all these I use are paid for except the web browsers – search engine.
Although free has more of a consequence to an individuals privacy, there is really no guarantee that a paid product by way of your paying for it, offers you any more of a guarantee that of your data won’t be collected and then sold on to others. From your computers stand point the Sphinx Win10 Firewall Control stops all the telemetry.
The Windows OS has plenty of it’s own telemetry going on, so the Blackbird (free-donation) program (no installation) takes care of
this and runs on all recent desktop editions (Home, Pro, etc.) and the in versions of Windows (Vista, 7, 8, 8.1, 10).
https://www.getblackbird.net/
–
I also run two system cleaners-
R-Wipe & Clean = automatically at browser close for browser / user set tasks, and at system shut down for full computer task list.
PrivaZer = automatic and manually at browser close for internet traces, and once weekly on the c\:drive.
HOPE this helps some people to know what steps I feel necessary in todays era of the internet.
I said ‘The most understandable detailed review I’ve seen’ about ‘Sphinx – Win10FC’ was with that above link, I forgot about this more detailed one.
Allowing network access to only trusted programs is a fundamental step in increasing your security and privacy. Windows 10 Firewall Control is a simple free/paid third party program to control and monitor the network activity of applications. It prevents undesired information leaks for incoming and outgoing connections for applications running locally or remotely on Windows.
–
Windows 10 Firewall Control puts you in control of all network communications your PC has. It can prevent applications from “phoning home”, sending “telemetry”, showing advertisements, checking for updates without your permission and so on. It’s very useful to detect and stop zero-day malware by blocking its network activity. By adopting a block-everything-by-default approach and allowing access to only whitelisted apps, Windows 10 Firewall Control gives you full control over network communication.
–
The application is very compact, has a small installer and low memory footprint. It’s compatible with Windows 7, 8, 8.1 and 10. The installer includes both 32-bit / 64-bit versions and automatically installs the appropriate version. Both IPv4 and IPv6 protocols are fully supported.
What’s special about Windows 10 Firewall Control is that it blocks connections by default, automatically detects when a program on your computer is trying to connect and shows a clear notification prompt asking your permission to allow or disallow it. Although the built-in Windows firewall includes a prompt for inbound connections, Windows 10 Firewall Control goes one step further and shows you prompts for outbound notifications too. The ease and transparency in setting up it’s firewall permissions for desktop and Store apps is what sets this program apart.
–
You can set the desired network permissions for any program easily with a single click. The most safe and reasonable permissions are advised automatically. A rich set of predefined permissions is available, you can choose and apply the chosen permission anytime.
It has an optional balloon notification that instantly pops up and includes detailed activity of each app and a description of why the app was blocked or allowed.
Both, already established and potential app connections are listed. In the paid versions, a predefined set of permissions (security zones) can be set for each program and activity type. A zone can be applied to any application with a single click. You can customize a predefined zone or create a new one that fits your needs precisely.
–
Many other features are included and the application is continuously being improved for many years. For instance, there is a way to automatically configure hardware routers/firewalls, create a safe virtual sub-network inside a single local network and control network permissions remotely. The application’s features are configurable such as disabling popup for new detected program trying to connect, suppress the log balloon, change the sound used for the prompt, import/export settings, password protect the settings panel and others. Windows 10 Firewall Control runs from the notification area (system tray) and also has taskbar integration.
–
The program has a simpler, free version but the advanced features are available in paid versions. All versions and editions are available in English, German and French. Very careful and personal support is available for free. You can compare the features available in the free version and the paid versions here: http://sphinx-soft.com/Vista/order.html