Jump to content

Search the Community

Showing results for tags 'privacy'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 475 results

  1. Worried about privacy issues in Windows 10? Here's what you can do. Thinkstock There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft's operating system crosses the privacy line or just want to make sure you protect as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes. Note: This story has been updated for the Windows 10 October 2018 Update, a.k.a. version 1809. If you have an earlier release of Windows 10, some things may be different. Turn off ad tracking At the top of many people's privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person's interests that is used by a variety of companies to target ads. Windows 10 does this with the use of an advertising ID. The ID doesn't just gather information about you when you browse the web, but also when you use Windows 10 apps. You can turn that advertising ID off if you want. Launch the Windows 10 Settings app (by clicking on the Start button at the lower left corner of your screen and then clicking the Settings icon, which looks like a gear) and go to Privacy > General. There you'll see a list of choices under the title "Change privacy options"; the first controls the advertising ID. Move the slider from On to Off. You'll still get ads delivered to you, but they'll be generic ones rather than targeted ones, and your interests won't be tracked. IDG You can turn off Windows 10's advertising ID if you want. You'll still get ads, but they'll be generic ones. (Click any image in this story to enlarge it.) To make absolutely sure you're not tracked online when you use Windows 10, and to turn off any other ways Microsoft will use information about you to target ads, head to the Ad Settings section of Microsoft’s Privacy Dashboard. Sign into your Microsoft account at the top of the page. Then go to the “See ads that interest you” section at the top of the page and move the slider from On to Off. After that, scroll down to the “See personalized ads in your browser” section and move the slider from On to Off. Note that you need to go to every browser you use and make sure the slider for “See personalized ads in your browser” is set to Off. Turn off location tracking Wherever you go, Windows 10 knows you're there. Some people don't mind this, because it helps the operating system give you relevant information, such as your local weather, what restaurants are nearby and so on. But if you don't want Windows 10 to track your location, you can tell it to stop. Launch the Settings app and go to Privacy > Location. Underneath “Allow access to location on this device,” click Change and, on the screen that appears, move the slider from On to Off. Doing that turns off all location tracking for every user on the PC. IDG If you click the Change button, you can turn off location tracking for every user on the Windows 10 device. This doesn't have to be all or nothing affair — you can turn off location tracking on an app-by-app basis. If you want your location to be used only for some apps and not others, make sure location tracking is turned on, then scroll down to the "Choose apps that can use your precise location" section. You'll see a list of every app that can use your location. Move the slider to On for the apps you want to allow to use your location — for example, Weather or News — and to Off for the apps you don't. When you turn off location tracking, Windows 10 will still keep a record of your past location history. To clear your location history, scroll to "Location History" and click Clear. Even if you use location tracking, you might want to clear your history regularly; there's no automated way to have it cleared. Turn off Timeline The Windows 10 April 2018 Update introduced a new feature called Timeline that lets you review and then resume activities and open files you’ve started on your Windows 10 PC, as well as any other Windows PCs and devices you have. So, for example, you’ll be able to switch between a desktop and laptop and from each machine resume activities you’ve started on either PC. In order to do that, Windows needs to gather information about all your activities on each of your machines. If that worries you, it’s easy to turn Timeline off. To do it, go to Settings > Privacy > Activity History and uncheck the boxes next to “Store my activity history on this device” and “Send my activity history to Microsoft.” IDG Here’s how to turn off Timeline so that Microsoft doesn’t gather information about your activities on your PC. At that point, Windows 10 no longer gathers information about your activities. However, it still keeps information about your old activities and shows them in your Timeline on all your PCs. To get rid of that old information, in the “Clear activity history” section of the screen, click “Manage my Microsoft account activity data.” You’ll be sent to Microsoft’s Privacy Dashboard, where you can clear your data. See the section later in this article on how to use the privacy dashboard to do that. Note that you’ll have to take these steps on all of your PCs to turn off the tracking of your activities. Curb Cortana Cortana is a very useful digital assistant, but there's a tradeoff in using it: To do its job well, it needs to know things about you such as your home location, place of work and the times and route you take to commute there. If you’re worried it will invade your privacy by doing that, there are a number of things you can do to limit the information Cortana gathers about you. Start by opening Cortana settings: place your cursor in the Windows search box and click the Cortana settings icon (it looks like a gear) that appears in the left pane. On the screen that appears, select Permissions & History. Click “Manage the information Cortana can access from this device,” and on the screen that appears, turn off Location so that Cortana won’t track and store your location. Then turn off “Contacts, email, calendar & communication history.” That will stop the assistant from gathering information about your meetings, travel plans, contacts and more. But it will also turn off Cortana’s ability to do things such as remind you about meetings and upcoming flights. Towards the bottom of the screen, turn off “Browsing history” so that Cortana won’t keep your browsing history. To stop Cortana from gathering other types of information, head to the Cortana’s Notebook section of Microsoft's Privacy Dashboard. You’ll see a variety of personal content, ranging from finance to flights, news, sports, and much more. Click the content you want Cortana to stop tracking, then follow the instructions for deleting it. If you want to delete all the data Cortana has gathered about you, click “Clear Cortana data” on the right side of the screen. IDG Here’s how to delete all the information Cortana has gathered about you. There’s some bad news for those who want to ditch Cortana completely: Back when the Windows 10 Anniversary Update was released in August 2016, the easy On/Off setting for turning it off was taken away. However, that doesn't mean you can't turn Cortana off — it just takes more work. If you use any version of Windows 10 other than the Home version, you can use the Group Policy Editor to turn it off. Launch the Group Policy Editor by typing gpedit.msc into the search box. Then navigate to Computer Configuration > Administrative Templates > Windows Components > Search > Allow Cortana. Set it to “disabled.” If you have the Home version, you'll have to muck around in the Registry. Before doing that, though, create a Restore Point, so that you can recover if anything goes wrong. Once you've done that: 1. Type regedit into the search box and press Enter to run the Registry Editor. 2. Go to the key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search. (If the Windows Search key doesn't appear in the Registry Editor, go to HKEY _LOCAL_MACHINE\Software\Policies\Microsoft\Windows. Right-click the key and select New > Key. It will be given a name such as New Key #1. Right-click it, select Rename, and then type Windows Search into the box.) 3. Create the DWORD value AllowCortana by right-clicking Windows Search and selecting New > DWORD (32-bit) Value. Type AllowCortana in the Name field. 4. Double-click the AllowCortana value. Type 0 in the Value data box. 5. Click OK. You'll have to sign out of your Windows account and sign back in again (or restart Windows) to make the setting take effect. Ditch a Microsoft account for a local account When you use your Microsoft account to log into Windows 10, you’re able to sync your settings with all Windows devices. So, for example, when you make changes to your settings on a desktop PC, those changes will also be made on your laptop the next time you log in. But maybe you don’t want Microsoft to store that information about you. And maybe you want to cut your ties as much as possible to anything Microsoft stores about you. If that’s the case, your best bet is to stop using your Microsoft account and instead use a local account. It’s simple to do. Go to Settings > Accounts and select “Sign in with a local account instead.” A wizard launches. Follow its instructions to create and use a local account. Keep in mind that when you do this, you won’t be able to use Microsoft’s OneDrive storage or download and install for-pay apps from the Windows Store. You can, however, download and install free apps from the Windows Store. Change your app permissions Windows apps have the potential to invade your privacy — they can have access to your camera, microphone, location, pictures and videos. But you can decide, in a very granular way, what kind of access each app can have. To do this, go to Settings > Apps. Below “Apps & features” you’ll see a list of your installed apps. Click the app whose permissions you want to control, then click Advanced options and set the app's permissions by toggling them either on or off. IDG Setting permissions for the Fitbit app. Note, though, that very few apps have an “Advanced options” link. And of those that do, not all let you customize your app permissions. However, there’s another way to change app permissions. To do it, go to Settings > Privacy and look under the “App permissions” section on the left-hand side of the page. You’ll see a list of all of Windows’ hardware, capabilities and features that apps can access if they’re given permission — location, camera, microphone, notifications, account info, contacts and so on. Click any of the listed items — for example, Microphone. At the top of the page that appears, you can turn off access to the microphone for all apps. Below that you’ll see a listing of all the apps with access to the microphone, where you can control access on an app-by-app basis. Any app with access has a slider that is On. To stop any app from having access, move the slider to Off. Control and delete diagnostic data As you use Windows 10, data is gathered about your hardware and what you do when you use Windows. Microsoft says that it collects this data as a way to continually improve Windows and to offer you customized advice on how to best use Windows. That makes plenty of people uncomfortable. If you’re one of them, you can to a certain extent control what kind of diagnostic data is gathered about you. To do it, head to Settings > Privacy > Diagnostics & Feedback. In the Diagnostic data section, you can choose between two levels of diagnostic data to be gathered. Note that there’s no way to stop Microsoft from gathering diagnostic data entirely. Here are your two choices: Basic: This sends information to Microsoft “about your device, its settings and capabilities, and whether it is performing properly.” If you’re worried about your privacy, this is the setting to choose. Full: This sends the whole nine yards to Microsoft: “all Basic diagnostic data, along with info about the websites you browse and how you use apps and features, plus additional info about device health, device usage, and enhanced error reporting.” If you’re worried about your privacy, don’t make this choice. IDG Go here to control what diagnostic data Windows 10 gathers. Next, scroll down to the “Tailored experiences” section and move the slider to Off. This won’t affect the data Microsoft gathers, but it will turn off targeted ads and tips that are based on that information. So while it won’t enhance your privacy, you’ll at least cut down on the annoyance factor. Now scroll a bit further down and in the “Delete diagnostic data” section, click Delete. That will delete all the diagnostic data Microsoft has gathered about you. However, after you delete it, Microsoft will start gathering the data again. Finally on this screen, consider scrolling up to the “Improve inking & typing recognition” section and moving the slider to Off. That will stop Windows 10 from sending to Microsoft the words you input using the keyboard and inking. One final note about diagnostic data. You may have heard about a tool Microsoft has been hyping, called the Diagnostic Data Viewer, which you can download from the Microsoft Store. Microsoft claims it lets you see exactly what kind of diagnostic data Microsoft gathers about you. Don’t believe it. It’s something only a programmer could love — or understand. You won’t be able to use it to clearly see the diagnostic data Microsoft collects. Instead, you’ll scroll or search through incomprehensible headings such as “TelClientSynthetic.PdcNetworkActivation_4” and “Microsoft.Windows.App.Browser.IEFrameProcessAttached” with no explanation of what it means. Click any heading, and you’ll find even more incomprehensible data. Use Microsoft’s Privacy Dashboard Microsoft has built an excellent, little-known web tool called the Privacy Dashboard that lets you track and delete a lot of information Microsoft gathers about you. To get to it, go to https://account.microsoft.com/privacy/. As covered earlier in this story, here you can turn off ad targeting and limit the data gathered in Cortana’s Notebook. You can also view and delete your browsing history, search history, location activity, voice activity, media activity, LinkedIn activity, and a lot more. (Note that for you browsing and search history, it only tracks your activity when you use Microsoft Edge or Internet Explorer. It doesn’t track data when you use other browsers, like Chrome or Firefox. And it only tracks your location history when you’re using Microsoft devices, not those that use iOS or Android.) IDG Microsoft’s little-known Privacy Dashboard is a great place to delete much of the information Microsoft gathers about you. Using it is a breeze. Simply head to the information you want to view and clear, then click the “View and Clear…” button. You’ll see all your activity in that category, and be able to delete individual instances (such as a single web search, for example), or all of it at once. Get granular in the Settings app All this shouldn't take that long and will do a great deal to protect your privacy. However, if you want to dig even deeper into privacy protections, there's something else you can do. Launch the Settings app and click Privacy. On the left-hand side of the screen, you'll see the various areas where you can get even more granular about privacy — for example, in the Windows permissions section you can change your global privacy options for things such as speech recognition and inking. And here’s where you’ll get access to all app permissions, as outlined earlier in this article. These steps can take you a long way towards making sure that Windows 10 doesn't cross the line into gathering data you'd prefer remain private. This article was originally published in January 2016 and most recently updated in April 2019. Source: How to protect your privacy in Windows 10 (Computerworld - Preston Gralla)
  2. mona

    Best VPN 2018

    Best VPN 2018 February 24, 2018 by Sven Taylor With all the alarming developments in mass surveillance, ISP spying, online censorship, and content restrictions, you are probably looking for the best VPN to stay safe online. But be careful! To find the best VPN, you’ll need to watch out for VPN scams, VPNs that lie about logs (PureVPN), VPNs that leak IP addresses (VPN Unlimited), and even malicious VPNs with hidden tracking libraries (Betternet). So tread carefully my friends. The rankings of the best VPN services below are based on extensive test results to check for IP address leaks, DNS leaks, connection issues, app performance, reliability, speed, and whether the features work correctly. Additionally, I also considered company policies, jurisdiction, logging practices, and the trustworthiness of the provider. Best VPNs 2018 Now we will take a deep dive into the top five best VPN services for 2018, discussing the pros, cons, features, and testing results for every provider. ExpressVPN ExpressVPN is a trusted and highly-recommended service that remains one of the best all-around VPNs on the market. It is based in the British Virgin Islands and offers a great lineup of applications for all devices. Extensive testing for the ExpressVPN review found the apps to be very secure, with exceptional performance throughout the server network. ExpressVPN is also a service that continues to get better. In the past six months they have made significant improvements to their apps to protect users against rare leak scenarios. These efforts culminated in the public release of their leak testing tools, which can be used to test any VPN for flaws/failures (open source and available on GitHub). ExpressVPN’s logging policies (only anonymized stats) were recently put to the test when authorities in Turkey seized one of their servers to obtain user data. But no customer data was affected as authorities were not able to obtain any logs (further explained here). This event showed that ExpressVPN remains true to its core mission of protecting customer privacy and data. ExpressVPN is also one of the best VPN providers you will find for streaming. Whether you are using a VPN with Kodi or streaming Netflix with a VPN, ExpressVPN offers applications to support all devices as well as a high-bandwidth network with great performance. Their support is also superb, with 24/7 live chat assistance and a 30 day money-back guarantee. Exclusive discount – ExpressVPN is currently offering an exclusive 49% discount on select plans, which reduces the monthly rate down to $6.67 (the non-discount price is $8.32 per month). ExpressVPN Windows client. + Pros User-friendly and reliable apps Exceptional speeds throughout the server network 30 day money-back guarantee Split tunneling feature (for Mac OS, Windows, and routers) Great for Netflix and other streaming services Strong encryption and leak protection settings 24/7 live chat support – Cons Apps collect anonymized connection stats, but users can opt out (IP addresses not logged) Perfect Privacy After testing out many different VPN services, Perfect Privacy holds the top spot as the best VPN for advanced online anonymity. You may have never heard of Perfect Privacy because they largely ignore marketing and instead focus on providing a high quality, privacy-focused service with very advanced features. Nonetheless, this is a well-respected VPN provider that has earned high praise from the tech community for exposing massive vulnerabilities with other VPNs. Their network is composed entirely of dedicated servers that provide you with fast speeds, great reliability, and plenty of bandwidth at all times (you can see real-time server bandwidth here). They have also passed real-world tests when two of their servers were seized by Dutch authorities last year. However, no customer data was affected due to no logs and all servers operating in RAM disk mode with nothing being saved on the server. For features they offer multi-hop VPN chains, advanced firewall configuration options (DNS and IP leak protection), port forwarding, NeuroRouting, Socks5 and Squid proxies, obfuscation features to defeat VPN blocking (Stealth VPN), and a customizable TrackStop feature to block tracking, malware, advertising and social media domains. They also give you an unlimited number of device connections and offer full IPv6 support (giving you both an IPv4 and IPv6 address). While Perfect Privacy offers very advanced features that you won’t find anywhere else, it also comes with a Swiss price tag at €8.95 per month. Additionally, these advanced features may be overkill for some users, especially if you are new to VPNs. Nonetheless, for those seeking the highest levels of online anonymity, security, and overall performance, Perfect Privacy is a solid choice. The Perfect Privacy Windows client, using a four-hop VPN cascade. + Pros Unlimited number of device connections Multi-hop VPN chains, up to 4 servers (self-configurable) NeuroRouting (dynamic, server-side multi-hop that can be used with all devices) Absolutely no logs without any restrictions Dedicated servers operating only in RAM disk mode Full IPv6 support (provides both IPv4 and IPv6 addresses) Customizable firewall/port-forwarding options TrackStop advertisement, tracking, and malware blocker – Cons Higher price Full VPN Manager client not available for Mac OS (but BETA client available, along with other installation options) VPN.ac VPN.ac is Romania-based VPN service with excellent overall quality for a very reasonable price. It was created by a team of network security professionals with a focus on security, strong encryption, and high-quality applications. Their VPN network is composed entirely of dedicated servers with secure, self-hosted DNS. VPN.ac’s server network provides you with great speeds and reliability (see the review for details). Performance is maximized with reliable applications and excellent bandwidth on their network at all times. (You can see their real-time bandwidth stats by selecting VPN Nodes Status at the top of the website.) For a lower-priced VPN service, VPN.ac offers an impressive lineup of features: maximum encryption strength, obfuscation features, double-hop VPN server configurations, and a secure proxy browser extension. All support inquiries are handled internally by the network security professionals who built the infrastructure. The one drawback I found is that VPN.ac maintains connection logs – but all data is erased daily. , which they clearly explain on their website. When you consider everything in relation to the price, this is one of the best values you’ll find for a premium VPN service. The VPN.ac Windows client, using a double-hop configuration. + Pros High-security VPN server network (dedicated servers, with self-hosted encrypted DNS) Excellent speeds with lots of available bandwidth Multi-hop (double VPN) server configurations Obfuscation features – Cons Advanced encryption (7 available protocols) Low price for a very advanced VPN (good value) Connection logs (no activity, erased daily) NordVPN NordVPN is a popular no logs VPN service based in Panama. Just like with ExpressVPN, NordVPN is a service that has made significant improvements over the past year. It performed well in testing for the latest update to the NordVPN review. The NordVPN apps have undergone some great updates to further protect users against the possibility of data leaks, while also adding a newly-improved kill switch to block all non-VPN traffic. As another improvement, NordVPN has rolled out a CyberSec feature that blocks advertisements, tracking, and malicious domains. And finally, NordVPN continues to work with Netflix and other streaming services. NordVPN is a great choice for privacy-focused users. Aside from the Panama jurisdiction and no-logs policies, NordVPN also provides advanced online anonymity features. These include double-hop server configurations, Tor-over-VPN servers, and also a lineup of obfuscated servers to conceal VPN traffic. NordVPN’s customer service is also top-notch. They provide 24/7 live chat support directly through their website, and all plans come with a 30 day money-back guarantee. NordVPN discount – NordVPN is currently offering a massive 77% discount on select plans, which drops the monthly rate down to only $2.75. (This is significantly cheaper than their standard rate with the annual plan at $5.75 per month.) The NordVPN Windows client. + Pros User-friendly apps 30 day money-back guarantee Multi-hop (double VPN) server configurations 24/7 live chat support No logs Competitive price Ad blocking feature – Cons Variable speeds with some servers VPNArea VPNArea is not the biggest name in the VPN industry, but this Bulgaria-based provider did well in testing for the review. They take customer privacy very seriously, with a strict no logs policy, good privacy features, and Switzerland hosting for business operations. Being based in Bulgaria, they do not fall under data-retention or copyright violation laws, which further protects their users. Aside from being a privacy-focused service, VPNArea also offers numerous servers that are optimized for streaming and torrenting. It continues to work well with Netflix, BBC iPlayer, Amazon Prime, Hulu and others. Torrenting and P2P downloads are allowed without any restrictions. They continue to improve their service with new features, including obfuscation (Stunnel) and ad-blocking through their self-hosted DNS servers. VPNArea is also one of the few VPNs that offer dedicated IP addresses. VPNArea Windows client. + Pros Competitive price No logs Great for streaming and torrenting Ad-blocking DNS servers 6 simultaneous connections (which can be shared with others) Dedicated IP addresses available – Cons Apps are somewhat busy DNS leak protection must be manually configured # # # Considerations for finding the best VPN As we already discussed, choosing the best VPN all boils down to determining which factors you consider the most important. In other words, it’s a very subjective process. Here are seven important factors to consider: Test results – How well does the VPN perform in testing? This includes both performance testing (speed and reliability) and leak testing (IP leaks and DNS leaks). Privacy jurisdiction – Where the VPN is legally based affects customer privacy. Many people avoid VPNs based in the US and other surveillance countries for this reason. For more of a discussion on this topic, see the guide on Five Eyes / 14 Eyes and VPNs. Server network – Three considerations when examining VPN servers are quality, locations, and bandwidth. Some VPNs prioritize server quality, while others prioritize locations. Also, see if you can find a real-time server status page to get an idea of available bandwidth, which will indicate performance. Privacy features – One good privacy feature for more online anonymity is a multi-hop VPN configuration. This will encrypt your traffic across two or more servers, offering more protection against surveillance and targeted monitoring. Operating system – Be sure to check out if the VPN you are considering supports the operating system you will be using. Obfuscation – Obfuscation is a key feature if you are using a VPN in China or anywhere that VPNs may be blocked. Obfuscation is also key for school and work networks that may restrict VPN use. Company policies – It’s always good to read through the company policies to see if it’s a good fit. Privacy policies, refund policies, and torrenting policies are all good to consider before signing up. There are many other factors you may want to consider when selecting the best VPN – but this is a good starting point. Best VPN speed and performance Many people are wondering how to achieve the best VPN speed. Others are wondering which VPNs are fastest. If you are using a good VPN service, you really shouldn’t notice a huge reduction in speed. Of course, the extra work that goes into encrypting/decrypting your traffic across VPN servers will affect speed, but usually it’s not noticeable. To optimize your VPN speed and achieve better performance, here are some factors to consider: Internet service provider interference – Some ISPs interfere with or throttle VPN connections. This seems to be a growing problem. Solution: use a VPN with obfuscation features, which will conceal the VPN traffic as HTTPS. (Perfect Privacy with Stealth VPN, VPN.ac with the XOR protocol, and VyprVPN with the Chameleon protocol are all good options.) High latency – You can generally expect slower speeds when you connect to servers further from your location. Using multi-hop VPN configurations will also increase latency and slow things down. Solution: Use servers closer to your location. If you utilize a multi-hop VPN chain, select nearby servers to minimize latency. Server congestion – Many of the larger VPN services oversell their servers, resulting in congestion, minimal bandwidth, dropped connections, and slow speeds. All of the recommendations on this page performed well in testing and offer adequate bandwidth for good speed. For example, see the Perfect Privacy server page and the VPN.ac server page (VPN Nodes Status at the top). Antivirus or firewall software – Antivirus and third-party firewall software often interfere with and slows down VPNs. Some software will implement their firewall on top of the default (operating system) firewall, which slows everything down. Solution: Disable the third-party firewall, or add an exception/rule for the VPN software. WiFi interference – WiFi interference or problems are unrelated to the VPN, but it can make a difference in overall speed. Solution: It may not be convenient, but using a wired connection will improve speed and security. Processing power – Many devices don’t do well with the extra processing power that is needed for VPN encryption/decryption. This is especially the case with older computers, routers, and mobile devices. Solution: Switch devices or upgrade to a faster processor (higher CPU). Network setup – Some networks do not work well with certain VPN protocols. Solution: The best solution is to experiment with different VPN protocols and/or ports (OpenVPN UDP / TCP / ECC / XOR, IPSec, etc.). Some VPN providers also allow you to modify MTU size, which may improve speed. To achieve the best VPN speed possible, it’s a good idea to experiment with the different variables. Assuming the servers are not overloaded with users, the two main ways to optimize performance are choosing a nearby server with low latency and selecting the right protocol. As mentioned above, the best protocol may vary depending on your unique situation. Best VPN services for streaming Many people who enjoy streaming are turning to VPNs to unlock content that is blocked or restricted and also gain a higher level of privacy. As mentioned above, the best all-around VPN for streaming is ExpressVPN because it always works with Netflix and other streaming services, it offers a huge lineup of apps, and the customer support is great. Another solid choice for streaming is VPNArea. Using a VPN with Netflix will allow you to access all the content you want wherever you are located in the world. Below I am accessing US Netflix from my location in Europe, using an ExpressVPN server in Washington, D.C. VPNs to avoid in 2018 There are a lot of different VPNs on the market – so it’s a good idea to consider your choices carefully. The problem, however, is that the internet is full of disinformation concerning VPNs. Large sites are often paid lots of money to promote inferior services. But this is no secret. With that being said, here are some important details that many of the larger websites are hiding from their readers: PureVPN – PureVPN is recommended by some big websites, but there are many red flags. When testing everything for the PureVPN review, I found IPv4 leaks, IPv6 leaks, DNS leaks, broken features (kill switch) and a host of other speed and connection problems. Also concerning, I learned that PureVPN was caught logging user data and handing this information over to US authorities – all despite having a “zero log policy” and promising to protect user privacy. Betternet – Betternet is a Canada-based provider that is known for offering a free VPN service. Unfortunately, when I tested everything for the Betternet review I found the service to leak IP addresses (both IPv4 and IPv6) as well as and DNS requests. An academic research paper also listed Betternet as #4 on the Top 10 most malware-infected Android VPN apps, while also embedding tracking libraries in their apps. Scary stuff, considering that VPNs are supposed to provide privacy and security (but that’s why you don’t use a free VPN). Betternet’s Android VPN app tested positive for malware by 13 different antivirus tools (AV-rank 13) !!! Hotspot Shield – Hotspot Shield is another troublesome VPN service with a well-documented history or problems. Hotspot Shield VPN was directly identified in a research paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. The same study also found a large presence of tracking libraries in the VPN app’s source code. Hotspot Shield was also in the news for a critical flaw in their VPN app which reveals the user’s identity and location. Hidemyass – HideMyAss is a UK-based VPN provider with a troubling history. Despite promising to protect user privacy, HideMyAss was found to be turning over customer data to law enforcement agencies around the world. VPN Unlimited – Extensive testing of the VPN Unlimited apps identified numerous leaks. This screenshot illustrates IPv6 leaks, WebRTC leaks, and DNS leaks with the VPN Unlimited Windows client. Leaks with VPN Unlimited Of course, there are many examples of problematic VPNs. But you can test your VPN to also check for issues that may affect your privacy and security. If you’re serious about privacy and online freedom… Start using a VPN whenever you go online. In just the last few years we’ve seen a number of unprecedented developments in corporate and government mass surveillance: Internet service providers in the United States can now legally record online browsing history and sell this data to third parties and advertisers. Mass surveillance also continues unabated… Residents of the United Kingdom are having their online browsing history, calls, and text messages recorded for up to two years (Investigatory Powers Act). This private information is freely available to various government agencies and their global surveillance partners. Australia has also recently implemented mandatory data retention laws, which require the collection of text messages, calls, and internet connection data. Free speech and free thought are increasingly under attack all around the world. While this has traditionally been a problem in China and other Middle Eastern countries, it is increasingly common throughout the Western world. Here are a few examples fo what we see unfolding: YouTube videos that are blocked or censored. Social media accounts, tweets, posts, and/or entire platforms that are blocked. Websites of all different varieties (torrenting, Wikipedia, news, etc.) blocked. What you are seeing is the continual erosion of privacy and online freedom. And it’s happening throughout the world. The point here is not to sound alarmist, but instead to illustrate these trends and how they affect you. The good news is that there are very effective solutions for these problems. You can protect yourself right now with a good VPN and other privacy tools. Stay safe! Recap – Best VPNs for Privacy, Security, and Speed SOURCE
  3. Dear friends, Nowadays our privacy is very important. I am interested to know which VPN service do you use and which is the best according to your opinion. Not to all vpn services are enough secure. Recently, has been discovered that HotSpot Shield in some cases could show your real ip. Have a look here : 1.Android 2. Windows Thanks for your time spent with this poll ! :)
  4. Wilson Drake

    Happy Safer Internet Day 2019

    This year lets all raise our hands to make Internet a safer place on Safer Internet Day
  5. Privacy: Several States Consider New Laws After California Takes Bold Action, Other States Ponder Privacy Protection Measures Several U.S. states, including Oregon, North Carolina, Virginia and Washington, are considering new legislation to shore up consumer data privacy laws in the wake of California passing strict privacy requirements last year. See Also: Key Drivers to Enable Digital Transformation in Financial Services The European Union's General Data Protection Regulation, which has been enforced since last May, is inspiring renewed efforts worldwide, including at the federal and state levels in the United States, to boost privacy protections. Democrats in Congress have once again introduced national breach notification and privacy legislation, but many previous efforts to pass similar measures have failed (see: Democratic Senators Introduce Security Legislation). Meanwhile, federal regulators are considering changes in HIPAA aimed at reducing "regulatory burdens," including ways to improve secure data sharing for patient care coordination, by, for example, easing certain privacy requirements (see: HHS Seeks Feedback on Potential HIPAA Changes). State Proposals Rather than wait for Congress or federal regulators to take action, more states are considering a variety of measures designed to strengthen consumer data protections. For example, Oregon is considering a bill that would prohibit the sale of de-identified protected health information without first obtaining a signed authorization from an individual. The measure also would provide patients the right to be paid for authorizing the de-identification of their PHI for sale to third parties, such as for research and other uses. In North Carolina, pending legislation would strengthen ID theft/fraud protections. Under the proposal, ransomware attacks would be considered a security breach, and a breached entity would need to notify the state attorney general's office within 30 days. In Virginia, a bill proposes new requirements for businesses related to disposal of certain consumer records. It also features new requirements for manufacturers pertaining to the design and maintenance of devices that connect to the internet. A business would be required to "take all reasonable steps to dispose of, or arrange for the disposal of, consumer records." But that provision would not apply to HIPAA covered entities and business associates, because HIPAA has its own disposal requirements. And Washington is considering a bill that would require companies that collect personal data to be transparent about the type of data being collected, whether consumer data is sold to data brokers, and upon request from a consumer, delete the consumer's personal data without undue delay. These provisions are very similar to requirements in the EU's GDPR. GDPR as Inspiration "The European Union recently updated its privacy law through the passage and implementation of the General Data Protection Regulation, affording its residents the strongest privacy protections in the world," the Washington bill notes. "Washington residents deserve to enjoy the same level of robust privacy safeguards." "We may find that there is a sufficient number of these new proposals that there will be an additional push to implement a federal law that applies a common standard." —Kirk Nahra, Wiley Rein California's new law enacted last year also requires businesses to disclose the purpose for collecting or selling the information, as well as the identity of the third-party organizations receiving the data. Consumers can also request data be deleted and initiate civil action if they believe that an organization has failed to protect their personal data (see California's New Privacy Law: It's Almost GDPR in the U.S.). "The California Consumer Privacy Act was passed last year and compliance is required next year, but 2019 is when California's attorney general compliance guidance is expected, and legislative fixes may be needed," says privacy attorney Adam Greene of the law firm David Wright Tremaine. "Each of the 50 states now has its own breach notification laws, with nearly one-half adopting data security and/or data disposal requirements to protect consumers' personally identifiable information from unauthorized disclosure," says privacy attorney David Holtzman, vice president of compliance at security consultancy CynergisTek. "While most states are not taking a sectorial approach to the type of PII that must be protected, New York, Ohio and South Carolina have adopted cybersecurity requirements that target industries that include health plans and insurers," he adds. "A theme seen in state legislation to update breach notification laws in recent years is to set shorter notification periods. Some argue that this would give consumers more time to take action to protect themselves against the threat of financial fraud or identity theft by notifying major credit reporting agencies." Under Pressure Privacy attorney Kirk Nahra of the law firm Wiley Rein notes: "The states continue to examine the possibilities for increasing privacy and data security protections, both in currently regulated areas and in situations where federal law is not directly applicable through a specific law or regulation." Could all the various state activity put more pressure on Congress to adopt national privacy legislation? "We may find that there is a sufficient number of these new proposals that there will be an additional push to implement a federal law that applies a common standard - although that is still a long way away," Nahra says. "And one of the critical elements of the debate will be how to handle these state laws." Nahra expects other states, "including some traditional red states," will introduce privacy legislation. A Downside? New state privacy laws can potentially have adverse effects, Nahra contends. For example, the Oregon proposal tightening up permitted uses of de-identified PHI "might seem appealing at first blush but actually would primarily have negative impacts," he claims. The Oregon proposal, he argues, "would reduce any of the useful research, public health and other benefits that are provided by de-identified information today, and would at the same time create privacy and security risks for individuals by forcing companies to retain a link between the de-identified data and an identifiable individual. "So, we see potential risks from some of these proposals, particularly where they move through a more chaotic and sometimes less thoughtful state legislative debate." Greene says the Oregon legislation would be difficult to implement. "For example, de-identified data may be created for multiple purposes, some of which might require authorization under the law," he notes. "Identifying what is the true purpose may be challenging. Also, it is not clear whether aggregate data, which is no longer at a person-by-person level, qualifies as de-identified data that may be subject to the law." Source
  6. Psiphon Pro By Psiphon Inc. This is the pro version of Psiphon which is a secure VPN application for Android. The application allows you to navigate freely on the internet. You will be connected to all hindered sites that are blocked due to censorship or other factors. You will also be safe when you do this. You will be able to connect to any site that has been exposed to Psyphon Pro and has blocked access. Psiphon’s work structure is quite simple. As with other VPN applications, a tunnel opens and you appear to be connecting through other countries. Whether you want to use the application only on the browser, you can use it in all applications. One of the features that Psiphon has provided is the ability to display your internet traffic. If you want to use the internet for free, Psiphon is for you. Site: https://workupload.com Sharecode: /file/twX2cTvJ Site: https://file.bz Sharecode: /UcD2R2rfb2/Psiphon_Pro_214_apk
  7. The VPN industry has exploded over the past few years. Fuelled by a greater awareness of online security, a desire to watch geo-restricted content, and yes, piracy, more people are hiding their online identities than ever. But did you know that many VPN providers are owned by the same few companies? A report from The Best VPN, shared exclusively with TNW, looks at five companies in particular — Avast, AnchorFree, StackPath, Gaditek and Kape Technologies. It found that over the past few years, these companies have acquired a total of 19 smaller players in the VPN space, including HideMyAss and CyberGhost VPN. AnchorFree The company with the most brands under its belt is AnchorFree. That’s not surprising since it’s the only firm on our list founded primarily to serve the VPN market. While the other three companies on the list own well-known and established VPN products, they also have a lot of other interests, particularly when it comes to information security services and products. The Best VPN was able to draw links between AnchorFree and seven smaller VPN brands. These include Hotspot Shield, Betternet, TouchVPN, VPN in Touch, Hexatech, VPN 360, and JustVPN. The report notes that AnchorFree isn’t consistently transparent when it comes to telling consumers what brands it owns. While some products carry the AnchorFree logo clearly (like Hotspot Shield), others require you to dig deep into the site’s terms-and-condition to find out who owns what StackPath The next company on the list is StackPath. The Best VPN describes it as a “huge cyber-security company,” and that’s accurate. The firm has raised over $180 million, with revenues of more than $157 million in 2017. Driving this success is a Batman’s utility-belt’s worth of sub-brands and products. These include several VPN brands (like IPVanish, StrongVPN, Encrypt.me), as well as CDN, cloud computing, and information security products. StackPath also provides the infrastructure required to launch a VPN service to other brands, thanks to its WLVPN service. This powers Pornhub’s VPN offering (predictably called VPNHub), as well as Namecheap VPN. Avast Avast is a Czech cybersecurity firm best known for its free antivirus software. Over the years, the company has quietly carved itself out a respectable position within the competitive VPN market. It owns three brands: HideMyAss, Avast Secureline VPN, AVG Secure VPN, and Zen VPN. It’s interesting to note that Avast got its hands on two of these products — namely HideMyAss and AVG Secure VPN — through its $1.3 billion acquisition of AVG Software in 2016. Kape and Gaditek With only two VPN brands apiece, Kape and Gaditek are the smallest companies on this list, but they couldn’t be any more different. Kape is primarily an investment vehicle focusing on the tech sector, and is listed on the London Stock Exchange. Gaditek, on the other hand, is a sprightly Pakistani startup based in the bustling city of Karachi. The jewel in Kape’s crown is Romania’s CyberGhost VPN, which it acquired for €9.2 million (roughly $9.7 million) in March, 2017. The following year, it bought another top-tier VPN provider, ZenMate. ZenMate claims more than 40 million users. Gaditek, on the other hand, focuses on the budget end of the market. It owns PureVPN and Ivacy, both of which offer ultra-affordable plans. Does this matter? There’s nothing wrong, or even especially inappropriate, about a larger player acquiring smaller rivals. Just look at Google, a company that has acquired more than 200 companies over its 20 year life. Acquisitions are the heart and soul of the technology business. But that doesn’t explain why the VPN market is so fragmented, with hardly any brands absorbed into their larger owners. Liviu Arsene, Senior E-threat analyst at Bitdefender, suggests that this merely reinforces the sense of privacy that’s vital for the success of a VPN product. Arsene also argued that allowing VPN providers to retain their independence after an acquisition could allow them to remain agile and innovative. “Large VPN providers that operate a single large-scale infrastructure have a harder time integrating new privacy-driven technologies because of compatibility, integration, and deployment issues,” he said. “The VPN industry is all about having as many servers around the world as possible, in order to ensure both availability and coverage for their customers. Acquiring smaller VPN companies and allowing them to operate independently makes sense because these infrastructures need to be agile, flexible, dynamic, and constantly integrating new privacy-drive technologies in order to allow for more privacy for their clients,” Arsene added. This argument was echoed by a representative from Hide.me, who also suggested that having separate providers allows larger VPN conglomerates to target all segments of the market. “It is more profitable to obtain users through the acquisition of smaller VPN providers than to obtain those users by using standard marketing channels. Once they have that access, they are using a smaller brand for test runs of different business models without direct harm to the mainstream brand. Usually, acquired smaller VPN providers have another price structure than the main brand, and they can cover a more significant chunk of the market,” they explained. Original post : https://thenextweb.com/tech/2019/01/23/youd-be-surprised-how-many-vpns-are-owned-by-the-same-company/ By: MATTHEW HUGHES
  8. New survey finds Americans want online services to collect less of their data According to a new survey from the Center for Data Innovation, only one in four Americans want online services such as Google and Facebook to collect less of their data if it means they would have to start paying a monthly subscription fee. Other surveys have gauged Americans' ideas regarding online privacy but few have asked about such tradeoffs which is why the organisation decided to test their reactions to a series of likely consequences of reducing online data collection. The survey found that when potential tradeoffs were not part of the question, approximately 80 per cent of Americans agreed they would like Google, Facebook and other online services to collect less of their data. However, support waned once respondents considered these tradeoffs. Initial agreement dropped by six per cent when respondents were asked whether they would like online services to collect less data even if it meant seeing ads that are less useful. Support dropped by 27 per cent when they considered whether the would like less data collection even it means seeing more ads than before. Collecting user data The largest drop in support by 53 per cent arose when respondents were asked whether they would like online services to collect less data if it meant they had to pay a monthly subscription fee with only 27 per cent agreeing with reducing data collection in this circumstance. The Center for Data Innovation's survey also gauged American's willingness to have online services collect more data in exchange for various benefits. The survey found when potential benefits were not part of the question, approximately 74 per cent of Americans are opposed to having online services collect more of their data. This figure decreased by 11 per cent when respondents considered whether they would like online services to collect more data if it meant seeing ads that were more useful. The largest decrease in opposition (18%) occurred when they were asked whether they would like online services to collect more of their data if it meant getting more free apps and services with 16 per cent supporting such a tradeoff, 63 per cent opposed and the remaining respondents did not take a position on the issue. Source
  9. The vast majority of televisions available today are "smart" TVs, with internet connections, advertising placement, and streaming services built in. Despite the added functionality, TV prices are lower than ever — especially from companies like TCL and Vizio, which specialize in low-cost, high-tech smart TVs. There's a simple reason that smart TVs are priced so low: Some TV makers collect user data and sell it to third parties. Did you get a 4K, HDR-capable TV this past holiday, perhaps on sale? Millions of Americans did. Massive TVs with razor-thin frames, brilliant image quality, and built-in streaming services are more affordable than ever thanks to companies like Vizio and TCL. If you want a 65-inch 4K smart TV with HDR capability, one can be purchased for below $500 — a price that may seem surprisingly low for such a massive piece of technology, nonetheless one that's likely to live in your home for years before you upgrade. But that low price comes with a caveat most people probably don't realize: Some manufacturers collect data about users and sell that data to third parties. The data can include the types of shows you watch, which ads you watch, and your approximate location. The Roku TV interface on TCL's smart TVs comes with a prominent ad placement on the home screen. A recent interview on The Verge's podcast with Vizio's chief technology officer, Bill Baxter, did a great job illuminating how this works. "This is a cutthroat industry," Baxter said. "It's a 6% margin industry. The greater strategy is I really don't need to make money off of the TV. I need to cover my cost." More specifically, companies like Vizio don't need to make money from every TV they sell. Smart TVs can be sold at or near cost to consumers because Vizio is able to monetize those TVs through data collection, advertising, and selling direct-to-consumer entertainment (movies, etc.). Or, as Baxter put it: "It's not just about data collection. It's about post-purchase monetization of the TV." And there are a few ways to monetize those TVs after the initial purchase. On TCL's Roku TVs, users can opt out of the full scope of ad tracking. How much you're able to block yourself from data tracking varies by TV manufacturer. "You sell some movies, you sell some TV shows, you sell some ads, you know," he said. "It's not really that different than the Verge website." It's those additional forms of revenue that help make the large, beautiful smart TVs from companies like Vizio and TCL so affordable. Without that revenue stream, Baxter said, consumers would be paying more up front. "We'd collect a little bit more margin at retail to offset it," he said. The exchange is fascinating and worth listening to in full — check it out right here. Source
  10. The news was first reported by the German newspaper Bild am Sonntag, German regulators are going to request Facebook changes in its platforms aimed at protecting privacy and personal data of its users. The German watchdog want to ask the social network giant to change the way it collects and shares users’ personal data to be compliant with privacy laws. The Federal Cartel Office is monitoring Facebook’s conduct since at least 2015, focusing on the way the company gathers data and share it with third-party apps, including WhatsApp, Instagram. “Germany’s antitrust watchdog plans to order Facebook to stop gathering some user data, a newspaper reported on Sunday.” reported the Reuters. “The Federal Cartel Office, which has been investigating Facebook since 2015, has already found that the social media giant abused its market dominance to gather data on people without their knowledge or consent.” Cambridge Analytica privacy scandal and misinformation campaigns carried out by Russia-linked APT groups raised discussion about the importance of monitoring the activity of the social network. At the time, it is not clear how Facebook will have to comply with the German request. Experts believe the German watchdog will set a deadline for compliance rather than urging to immediately apply the changes. “A Facebook spokeswoman said the company disputes the watchdog’s findings and will continue to defend this position.” concludes the Reuters. Source
  11. Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook. What does it do? Facebook Container works by isolating your Facebook identity into a separate container that makes it harder for Facebook to track your visits to other websites with third-party cookies. How does it work? Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook. The next time you navigate to Facebook it will load in a new blue colored browser tab (the “Container”). You can log in and use Facebook normally when in the Facebook Container. If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container. Clicking Facebook Share buttons on other browser tabs will load them within the Facebook Container. You should know that using these buttons passes information to Facebook about the website that you shared from. Which website features will not function? Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity. In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected. What does Facebook Container NOT protect against? It is important to know that this extension doesn’t prevent Facebook from mishandling the data that it already has, or permitted others to obtain, about you. Facebook still will have access to everything that you do while you are on facebook.com, including your Facebook comments, photo uploads, likes, any data you share with Facebook connected apps, etc. Rather than stop using a service you find valuable, we think you should have tools to limit what data others can obtain. This extension focuses on limiting Facebook tracking, but other ad networks may try to correlate your Facebook activities with your regular browsing. In addition to this extension, you can change your Facebook settings, use Private Browsing, enable Tracking Protection, block third-party cookies, and/or use Firefox Multi-Account Containers extension to further limit tracking. What data does Mozilla receive from this extension? Mozilla does not collect data from your use of the Facebook Container extension. We do receive the number of times the extension is installed or removed. Learn more Other Containers Facebook Container leverages the Containers feature that is already built in to Firefox. When you enable Facebook Container, you may also see Containers named Personal, Work, Shopping, and Banking while you browse. If you wish to use multiple Containers, you’ll have the best user experience if you install the Firefox Multi-Account Containers extension. Learn more about Containers on our support site. Known Issues When Facebook is open and you navigate to another website using the same tab (by entering an address, doing a search, or clicking a bookmark), the new website will be loaded outside of the Container and you will not be able to navigate back to Facebook using the back button in the browser. NOTE: If you are a Multi-Account Containers user who has already assigned Facebook to a Container, this extension will not work. In an effort to preserve your existing Container set up and logins, this add-on will not include the additional protection to keep other sites out of your Facebook Container. If you would like this additional protection, first unassign facebook.com in the Multi-Account Container extension, and then install this extension. What version of Firefox do I need for this? This extension works with Firefox 57 and higher on Desktop. Note that it does not work on other browsers and it does not work on Firefox for mobile. If you believe you are using Firefox 57+, but the install page is telling you that you are not on a supported browser, you can try installing by selecting or copying and pasting this link. (This may be occurring because you have set a preference or installed an extension that causes your browser to obscure its user agent for privacy or other reasons.) How does this compare to the Firefox Multi-Account Containers extension? Facebook Container specifically isolates Facebook and works automatically. Firefox Multi-Account Containers is a more general extension that allows you to create containers and determine which sites open in each container. You can use Multi-Account Containers to create a container for Facebook and assign facebook.com to it. Multi-Account Containers will then make sure to only open facebook.com in the Facebook Container. However, unlike Facebook Container, Multi-Account Containers doesn’t prevent you from opening non-Facebook sites in your Facebook Container. So users of Multi-Account Containers need to take a bit extra care to make sure they leave the Facebook Container when navigating to other sites. In addition, Facebook Container assigns some Facebook-owned sites like Instagram and Messenger to the Facebook Container. With Multi-Account Containers, you will have to assign these in addition to facebook.com. Facebook Container also deletes Facebook cookies from your other containers on install and when you restart the browser, to clean up any potential Facebook trackers. Multi-Account Containers does not do that for you. Report Issues If you come across any issues with this extension, please let us know by filing an issue here. Thank you! ----- Release Notes: This release also asks for permission to clear recent browsing history, so we can improve its protection and its integration with Multi-Account Containers. 83ae8bf fix #183: Can't search Google/other sites with string "fbclid". Add-on's Permissions: This add-on can: Access your data for all websites Clear recent browsing history, cookies, and related data Monitor extension usage and manage themes Access browser tabs ----- Homepage/Download https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
  12. malakai1911

    Comprehensive Security Guide

    Comprehensive Security Guide NOTE: As of 1/1/2019 this guide is out of date. Until parts are rewritten, consider the below for historical reference only. i. Foreword The primary purpose of this guide is to offer a concise list of best-of-breed software and advice on selected areas of computer security. The secondary purpose of this guide is to offer limited advice on other areas of security. The target audience is an intermediately skilled user of home computers. Computer software listed are the freeware versions when possible or have free versions available. If there are no free versions available for a particular product, it is noted with the "$" symbol. The guide is as well formatted as I could make it, within the confines of a message board post. ii. Table of Contents i. Foreword ii. Table of Contents 1. Physical Security a. Home b. Computer c. Personal 2. Network Security a. Hardware Firewall b. Software Firewall 3. Hardening Windows a. Pre-install Hardening b. Post-install Hardening c. Alternative Software d. Keep Windows Up-To-Date 4. Anti-Malware a. Anti-Virus b. HIPS / Proactive Defense c. Malware Removal 5. Information and Data Security a. Privacy / Anonymity b. Encryption c. Backup, Erasure and Recovery d. Access Control (Passwords, Security Tokens) 6. Conclusion 1. Physical Security I just wanted to touch on a few things in the realm of physical security, and you should investigate physical and personal security in places other than here. a. Home How would you break in to your own home? Take a close look at your perimeter security and work inwards. Make sure fences or gates aren't easy to climb over or bypass. The areas outside your home should be well lit, and motion sensor lights and walkway lights make nice additions to poorly lit areas. If possible, your home should have a security system featuring hardwired door and window sensors, motion detectors, and audible sirens (indoor and outdoor). Consider integrated smoke and carbon monoxide detectors for safety. Don't overlook monitoring services, so the police or fire department can be automatically called during an emergency. Invest in good locks for your home, I recommend Medeco and Schlage Primus locks highly. Both Medeco and Schlage Primus locks are pick-resistant, bump-proof, and have key control (restricted copying systems). Exterior doors should be made of steel or solid-core wood and each should have locking hardware (locking doorknob or handle), an auxiliary lock (mortise deadbolt) with a reinforced strike plate, and a chain. Consider a fireproof (and waterproof) safe for the storage of important documents and valuables. A small safe can be carried away during a robbery, and simply opened at another location later, so be sure and get a safe you can secure to a physical structure (in-wall, in-floor, or secured to something reasonably considered immovable). You may be able to hide or obscure the location of your safe in order to obtain some additional security, but don't make it cumbersome for yourself to access. b. Computer Computers are easy to just pick up and take away, so the only goal you should have is to deter crimes of opportunity. For desktop computers, you may bring your desktop somewhere and an attacker may not be interested in the entire computer, but perhaps just an expensive component (video card) or your data (hard drive), and for that I suggest a well-built case with a locking side and locking front panel. There are a variety of case security screws available (I like the ones from Enermax (UC-SST8) as they use a special tool), or you can use screws with less common bits (such as tamper resistant Torx screws) to secure side panels and computer components. There are also cable lock systems available for desktop computers to secure them to another object. For laptop computers, you are going to be primarily concerned about a grab-and-go type robbery. There are a variety of security cables available from Kensington, which lock into the Kensington lock slot found on nearly all laptops, which you can use to secure it to another object (a desk or table, for example). Remember though, even if it's locked to something with a cable, it doesn't make it theft-proof, so keep an eye on your belongings. c. Personal Always be aware of your surroundings. Use your judgment, if you feel an area or situation is unsafe, avoid it altogether or get away as quickly and safely as possible. Regarding hand to hand combat, consider a self-defense course. Don't screw around with traditional martial arts (Karate, Aikido, Kung-Fu), and stay away from a McDojo. You should consider self-defense techniques like Krav Maga if you are serious about self defense in a real life context. I generally don't advocate carrying a weapon on your person (besides the legal mess that may be involved with use of a weapon, even for self-defense, an attacker could wrestle away a weapon and use it against you). If you choose to carry any type of weapon on your person for self-defense, I advise you to take a training course (if applicable) and to check with and follow the laws within the jurisdiction you decide to possess or carry such weapons. Dealing with the Police Be sure to read Know Your Rights: What to Do If You're Stopped by the Police a guide by the ACLU, and apply it. Its advice is for within the jurisdiction of the US but may apply generally elsewhere, consult with a lawyer for legal advice. You should a;so watch the popular video "Don't talk to the police!" by Prof. James Duane of the Regent University Law School for helpful instructions on what to do and say when questioned by the police: (Mirror: regent.edu) Travelling Abroad Be sure and visit the State Department or Travel Office for your home country before embarking on a trip abroad. Read any travel warnings or advisories, and they are a wealth of information for travelers (offering guides, checklists, and travel advice): (US, UK, CA). 2. Network Security As this is a guide geared towards a home or home office network, the central theme of network security is going to be focused around having a hardware firewall behind your broadband modem, along with a software firewall installed on each client. Since broadband is a 24/7 connection to the internet, you are constantly at risk of attack, making both a hardware and software firewall absolutely essential. a. Hardware Firewall A hardware firewall (router) is very important. Consider the hardware firewall as your first line of defense. Unfortunately, routers (usually) aren't designed to block outbound attempts from trojans and viruses, which is why it is important to use a hardware firewall in conjunction with a software firewall. Be sure that the firewall you choose features SPI (Stateful Packet Inspection). Highly Recommended I recommend Wireless AC (802.11ac) equipment, as it is robust and widely available. Wireless AC is backwards compatible with the earlier Wireless N (802.11n) G (802.11g) and B (802.11b) standards. 802.11ac supports higher speeds and longer distances than the previous standards, making it highly attractive. I generally recommend wireless networking equipment from Ubiquiti or Asus. Use WPA2/WPA with AES if possible, and a passphrase with a minimum of 12 characters. If you are really paranoid, use a strong random password and remember to change it every so often. Alternatives A spare PC running SmoothWall or IPCop, with a pair of NIC's and a switch can be used to turn a PC into a fully functional firewall. b. Software Firewall A software firewall nicely compliments a hardware firewall such as those listed above. In addition to protecting you from inbound intrusion attempts, it also gives you a level of outbound security by acting as a gateway for applications looking to access the internet. Programs you want can access the internet, while ones you don't are blocked. Do not use multiple software firewalls simultaneously. You can actually make yourself less secure by running two or more software firewall products at once, as they can conflict with one another. Check out Matousec Firewall Challenge for a comparison of leak tests among top firewall vendors. Leaktests are an important way of testing outbound filtering effectiveness. Highly Recommended Comodo Internet Security Comodo is an easy to use, free firewall that provides top-notch security. I highly recommend this as a first choice firewall. While it includes Antivirus protection, I advise to install it as firewall-only and use an alternate Antivirus. Alternatives Agnitum Outpost Firewall Free A free personal firewall that is very secure. Be sure to check out the Outpost Firewall Forums, to search, and ask questions if you have any problems. Online Armor Personal Firewall Free Online Armor Personal Firewall makes another great choice for those who refuse to run Comodo or Outpost. Online Armor 3. Hardening Windows Windows can be made much more secure by updating its components, and changing security and privacy related settings. a. Pre-install Hardening Pre-install hardening has its primary focus on integrating the latest available service packs and security patches. Its secondary focus is applying whatever security setting tweaks you can integrate. By integrating patches and tweaks, you will be safer from the first boot. Step 1 - Take an original Windows disc (Windows 7 or later) and copy it to a folder on your hard drive so you can work with the install files. Step 2 - Slipstream the latest available service pack. Slipstreaming is a term for integrating the latest service pack into your copy of windows. Step 3 - Integrate the latest available post-service pack updates. This can be done with a utility such as nLite or vLite, and post-service pack updates may be available in an unofficial collection (such as the RyanVM Update Pack for XP). Step 4 - Use nLite (Windows 2000/XP) or vLite (Windows Vista/7) to customize your install. Remove unwanted components and services, and use the tweaks section of nLite/vLite to apply some security and cosmetic tweaks. Step 5 - Burn your newly customized CD, and install Windows. Do not connect the computer to a network until you install a software firewall and anti-virus. b. Post-Install Hardening If you have followed the pre-install hardening section, then your aim will be to tweak settings to further lock down windows. If you hadn't installed from a custom CD, you will need to first update to the latest service pack, then install incremental security patches to become current. After updating, you'll then disable unneeded Windows services, perform some security tweaks, and use software such as xpy to tweak privacy options. Disable Services Start by disabling unneeded or unnecessary services. By disabling services you will minimize potential security risks, and use fewer resources (which may make your system slightly faster). Some good guides on disabling unnecessary services are available at Smallvoid: Windows 2000 / Windows XP / Windows Vista. Some commonly disabled services: Alerter, Indexing, Messenger, Remote Registry, TCP/IP NetBIOS Helper, and Telnet. Security Tweaks I highly recommend using a strong Local Security Policy template as an easy way to tweak windows security options, followed by the registry. Use my template (security.inf) to easily tweak your install for enhanced security (Windows 2000/XP/Vista/7): 1. Save the following attachment: (Download Link Soon!) 2. Extract the files. 3. Apply the Security Policy automatically by running the included "install.bat" file. 4. (Optional) Apply your policy manually using the following command: [ secedit /configure /db secedit.sdb /cfg "C:\<Path To Security.inf>\<template>.inf" ] then refresh your policy using the following the command:[ secedit /refreshpolicy machine_policy ] (Windows 2000), [ gpupdate ] (Windows XP/Vista/7) This template will disable automatic ("administrative") windows shares, prevent anonymous log on access to system resources, disable (weak) LM Password Hashes and enable NTLMv2, disable DCOM, harden the Windows TCP/IP Stack, and much more. Unfortunately my template can't do everything, you will still need to disable NetBIOS over TCP (NetBT), enable Data Execution Prevention (AlwaysOn), and perform other manual tweaks that you may use. Privacy Tweaks xpy (Windows 2000/XP) and vispa (Windows Vista/7) These utilities are great for modifying privacy settings. They supersede XP AntiSpy because they include all of XP Anti-Spy's features and more. You should use them in conjunction with the security tweaks I've listed above. c. Alternative Software Another simple way of mitigating possible attack vectors is to use software that is engineered with better or open security processes. These products are generally more secure and offer more features then their Microsoft counterparts. Highly Recommended Google Chrome (Web Browser) Mozilla Thunderbird (Email Client) OpenOffice.org (Office Suite) Alternatives Mozilla Firefox (Web Browser) Google Docs (Online) (Office Suite) Firefox Additions Mozilla has a Privacy & Security add-on section. There are a variety of add-ons that may appeal to you (such as NoScript). And although these aren't strictly privacy related, I highly recommend the AdBlock Plus add-on, with the EasyList and EasyPrivacy filtersets. d. Keep Windows Up-To-Date Speaking of keeping up-to-date, do yourself a favor and upgrade to at least Windows XP (for older PC's) and Windows 7 (or later) for newer PC's. Be sure to keep up-to-date on your service packs, they're a comprehensive collection of security patches and updates, and some may add minor features. Microsoft Windows Service Packs Windows 2000 Service Pack 4 with Unofficial Security Rollup Package Windows XP Service Pack 3 with Unofficial Security Rollup Package Windows XP x64 Service Pack 2 with Unofficial Security Rollup Package Windows Vista Service Pack 2 Windows 7 Service Pack 1 Microsoft Office Service Packs Office 2000 Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office XP (2002) Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office 2003 Service Pack 3 with the Office 2007 Compatibility Pack (SP3) and Office File Validation add-in. Office 2007 Service Pack 3 with the Office File Validation add-in. Office 2010 Service Pack 1 After the service pack, you still need to keep up-to-date on incremental security patches. Windows supports Automatic Updates to automatically update itself. However, if you don't like Automatic Updates: You can use WindowsUpdate to update windows periodically (Must use IE5 or greater, must have BITS service enabled), or you can use MS Technet Security to search for and download patches individually, or you can use Autopatcher, an unofficial updating utility. In addition to security patches, remember to keep virus definitions up-to-date (modern virus scanners support automatic updates so this should not be a problem), and stay current with latest program versions and updates, including your replacement internet browser and mail clients. 4. Anti-Malware There are many dangers lurking on the internet. Trojans, viruses, spyware. If you are a veteran user of the internet, you've probably developed a sixth-sense when it comes to avoiding malware, but I advocate backing up common sense with reliable anti-malware software. a. Anti-Virus Picking a virus scanner is important, I highly recommend Nod32, but there are good alternatives these days. Check out AV Comparatives for a comparison of scanning effectiveness and speed among top AV vendors. Highly Recommended Nod32 Antivirus $ I recommend Nod32 as a non-free Antivirus. Features excellent detection rates and fast scanning speed. Nod32 has a great heuristic engine that is good at spotting unknown threats. Very resource-friendly and historically known for using less memory than other AV's. There is a 30 day free trial available. Alternatives Avira AntiVir Personal I recommend Avira as a free Antivirus. Avira is a free AV with excellent detection rates and fast scanning speed. (Kaspersky no longer recommended, due to espionage concerns.) Online-Scanners Single File Scanning Jotti Online Malware Scan or VirusTotal These scanners can run a single file through a large number of different Antivirus/Antimalware suites in order to improve detection rates. Highly recommended. Whole PC Scanning ESET Online Scanner Nod32 Online Antivirus is pretty good, ActiveX though, so IE only. There is a beta version available that works with Firefox and Opera. b. HIPS / Proactive Defense Host-based intrusion prevention systems (HIPS) work by disallowing malware from modifying critical parts of the Operating System without permission. Classic (behavioral) HIPS software will prompt the user for interaction before allowing certain system modifications, allowing you stop malware in its tracks, whereas Virtualization-based HIPS works primarily by sandboxing executables. Although HIPS is very effective, the additional setup and prompts are not worth the headache for novice users (which may take to just clicking 'allow' to everything and defeating the purpose altogether). I only recommend HIPS for intermediate or advanced users that require a high level of security. Highly Recommended I highly recommend firewall-integrated HIPS solutions. Comodo Defense+ is a classic HIPS built into Comodo Internet Security, and provides a very good level of protection. Outpost and Online Armor provide their own HIPS solutions, and the component control features of the firewalls are powerful enough to keep unwanted applications from bypassing or terminating the firewall. If you want to use a different HIPS, you can disable the firewall HIPS module and use an alternative below. Alternatives Stand-alone HIPS solutions are good for users who either don't like the firewall built-in HIPS (and disable the firewall HIPS), or use a firewall without HIPS features. HIPS based on Behavior (Classic) ThreatFire ThreatFire provides a strong, free behavioral HIPS that works well in conjunction with Antivirus and Firewall suites to provide additional protection. HIPS based on Virtualization DefenseWall HIPS $ DefenseWall is a strong and easy-to-use HIPS solution that uses sandboxing for applications that access the internet. GeSWall Freeware GeSWall makes a nice free addition to the HIPS category, like DefenseWall it also uses sandboxing for applications that access the internet. Dealing with Suspicious Executables You can run suspicious executables in a full featured Virtual Machine (such as VMware) or using a standalone sandbox utility (such as Sandboxie) if you are in doubt of what it may do (though, you may argue that you shouldn't be running executables you don't trust anyway). A more advanced approach to examining a suspicious executable is to run it through Anubis, a tool for analyzing the behavior of Windows executables. It displays a useful report with things the executable does (files read, registry modifications performed, etc.), which will give you insight as to how it works. c. Malware Removal I recommend running all malware removal utilities on-demand (not resident). With a firewall, virus scanner, HIPS, and some common sense, you won't usually get to the point of needing to remove malware... but sometimes things happen, perhaps unavoidably, and you'll need to remove some pretty nasty stuff from a computer. Highly Recommended Anti-Spyware Spybot Search & Destroy Spybot S&D has been around a long time, and is very effective in removing spyware and adware. I personally install and use both Spybot & Ad-Aware, but I believe that Spybot S&D has the current edge in overall detection and usability. Anti-Trojan Malwarebytes' Anti-Malware Malwarebytes has a good trojan detector here, and scans fast. Anti-Rootkit Rootkit Unhooker RKU is a very advanced rootkit detection utility. Alternatives Anti-Spyware Ad-Aware Free Edition Ad-Aware is a fine alternative to Spybot S&D, its scanning engine is slower but it is both effective and popular. Anti-Trojan a-squared (a2) Free a-squared is a highly reputable (and free) trojan scanner. Anti-Rootkit IceSword (Mirror) IceSword is one of the most capable and advanced rootkit detectors available. 5. Information and Data Security Data can be reasonably protected using encryption and a strong password, but you will never have complete and absolute anonymity on the internet as long as you have an IP address. a. Privacy / Anonymity Anonymity is elusive. Some of the following software can help you achieve a more anonymous internet experience, but you also must be vigilant in protecting your own personal information. If you use social networking sites, use privacy settings to restrict public access to your profile, and only 'friend' people you know in real life. Don't use (or make any references to) any of your aliases or anonymous handles on any websites that have any of your personal information (Facebook, Amazon, etc..). You should opt-out from information sharing individually for all banks and financial institutions you do business with using their privacy policy choices. You should opt-out of preapproved credit offers (US), unsolicited commercial mail and email (US, UK, CA), and put your phone numbers on the "Do Not Call" list (US, UK, CA). Highly Recommended Simply install and use Tor with Vidalia to surf the internet anonymously. It's free, only downside is it's not terribly fast, but has fairly good anonymity, so it's a tradeoff. Keep in mind its for anonymity not for security, so make sure sites you put passwords in are SSL encrypted (and have valid SSL certificates), and remember that all end point traffic can be sniffed. You can use the Torbutton extension for Firefox to easily toggle on/off anonymous browsing. POP3/IMAP and P2P software won't work through Tor, so keep that in mind. Portable Anonymous Browsing The Tor Project now has a "Zero-Install Bundle" which includes Portable Firefox and Tor with Vidalia to surf anonymously from a USB memory stick pretty much anywhere with the internet. It also includes Pidgin with OTR for encrypted IM communications. Note: These won't protect you from Trojans/Keyloggers/Viruses on insecure public terminals. Never type important passwords or login to important accounts on a public computer unless it is absolutely necessary! Alternatives I2P functions similar to Tor, allowing you to surf the general internet with anonymity. IPREDator $ is a VPN that can be used to anonymize P2P/BitTorrent downloads. Freenet is notable, but not for surfing the general internet, it's its own network with its own content. b. Encryption For most people, encryption may be unnecessary. But if you have a laptop, or any sort of sensitive data (whether it be trade secrets, corporate documents, legal or medical documents) then you can't beat the kind of protection that encryption will offer. There are a variety of options available today, including a lot of software not listed here. A word to the wise, please, please don't fall for snake oil, use well established applications that use time tested (and unbroken) ciphers. Regardless of what software you use, the following "what to pick" charts will apply universally. If you have to pick an encryption cipher: Best: AES (Rijndael) (128-bit block size) Better: Twofish (128-bit block size), Serpent (128-bit block size) Good: RC6 (128-bit block size) Depreciated: Blowfish (64-bit block size), CAST5 (CAST-128) (64-bit block size), Triple-DES (64-bit block size) When encrypting large volumes of data, it is important to pick a cipher that has a block size of at least 128-bytes. This affords you protection for up to 2^64x16 bytes (264 exabytes) . 64-bit block ciphers only afford protection of up to 2^32x8 bytes (32 gigabytes) so using it as a full disk or whole disk encryption cipher is not recommended. The depreciated list is only because some of you might be stuck using software that only supports older encryption methods, so I've ordered it from what I feel is best to worst (though all three that are on there are pretty time tested and if properly implemented, quite secure). If you have to pick a hash to use: Best: Whirlpool (512-bit) Better: SHA-512 (512-bit), SHA-256 (256-bit) Good: Tiger2/Tiger (192-bit), RIPEMD-160 (160-bit) Depreciated: RIPEMD-128, SHA-1, MD-5. With all the recent advances in cryptanalysis (specifically with work on hash collisions) These days I wouldn't trust any hash that is less than 160-bits on principle. To be on the safe side, use a 192-bit, 256-bit, or 512-bit hash where available. There will be cases where your only options are insecure hashes, in which case I've ordered the "depreciated" list from best to worst (they are all varying levels of insecure). Many older hashes (MD4, MD2, RIPEMD(original), and others) are totally broken, and are not to be used. A quick software rundown, these applications are popular and trusted: Highly Recommended Freeware Whole Disk Encryption TrueCrypt Based upon E4M, TrueCrypt is a full featured disk encryption suite, and can even be run off a USB memory stick. TrueCrypt supports the whole disk encryption of Windows, with pre-boot authentication. Very nice. If you can't use whole-disk encryption (WDE), you can use the TCTEMP add-on to encrypt your swapfile, temp files and print spooler, and you can use the TCGINA add-on to encrypt your windows home directory. (Note: TCTEMP/TCGINA is less secure than WDE, and only preferable if WDE is not an option. WDE is highly recommended.) Freeware PKI Encryption GnuPG (GPG) GnuPG provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, and encryption and decryption of documents and email messages. Freeware Email Encryption Enigmail Enigmail is truly a work of art, it integrates with GnuPG and provides seamless support for encryption and decryption of email messages, and can automatically check PGP signed documents for validity. (Enigmail requires both Mozilla Thunderbird and GnuPG) Alternatives Encryption Suite (with Whole Disk and Email Encryption) PGP Full Disk Encryption $ PGP provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, encryption and decryption of documents and email messages, volume disk encryption, whole disk encryption, outlook integration, and instant messenger encryption support. c. Backup, Erasure and Recovery // This section is under construction. Backups Your data might be safe from prying eyes, but what if you are affected by hardware failure, theft, flood or fire? Regular backups of your important data can help you recover from a disaster. You should consider encryption of your backups for enhanced security. Local Backup Cobian Backup Cobian Backup is a fully-featured freeware backup utility. SyncBack Freeware, Macrium Reflect Free SyncBack Freeware and Macrium Reflect Free are feature-limited freeware backup utilities. Off-site Backup SkyDrive (25GB, filesize limited to 100MB), box.net (5GB) SkyDrive and box.net offer free online storage, useful for easy offsite backups. Be sure to utilize encrypted containers for any sensitive documents. Data Destruction It would be better to have your data residing in an encrypted partition, but sometimes that may not be possible. When sanitizing a hard drive, I recommend using a quality Block Erase tool like DBAN followed by a run-through with ATA Secure Erase if you really want a drive squeaky clean. Block erasing is good for data you can normally reach, but ATA secure erase can hit areas of the drive block erasers can't. As for multiple overwrite passes, there is no proof that data overwritten even one time can be recovered by professional data recovery corporations. For moderate security, a single pseudorandom block-erase pass (random-write) followed by an ATA Secure Erase pass (zero-write) is sufficient to thwart any attempts at data recovery. For a high level of security, a "DoD Short (3 pass)" block-erase pass followed by an ATA Enhanced Secure Erase will ensure no recovery is possible. Single-File/Free Space Erase If you are interested in just erasing single files or wiping free space, you can use the Eraser utility. Block Erase For hard drive block-erasure, use DBAN. ATA Secure Erase For ATA Secure Erasing, use the CMRR Secure Erase Utility. CMRR Secure Erase Protocols (.pdf) http://cmrr.ucsd.edu...seProtocols.pdf NIST Guidelines for Media Sanitation (.pdf) - http://csrc.nist.gov...800-88_rev1.pdf File Recovery Software This is kind of the opposite of data destruction. Keep in mind no software utility can recover properly overwritten data, so if it's overwritten there is no recovery. Highly Recommended Recuva Recuva is an easy to use GUI-based recovery utility. Alternatives TestDisk and PhotoRec These tools are powerful command-line recovery utilities. TestDisk can recover partitions, and PhotoRec is for general file recovery. Ontrack EasyRecovery Professional $ EasyRecovery is one of the best paid utilites for file recovery. d. Access Control (Passwords, Security Tokens) // This section is under construction. Secure Passwords //Section under construction. Your security is only as strong as its weakest password. There are a few basic rules to follow when creating a strong password. Length - Passwords should be at least 12 characters long. When possible, use a password of 12 or more characters, or a "passphrase". If you are limited to using less than 12 characters, you should try and make your password as long as allowable. Complexity - Passwords should have an element of complexity, a combination of upper and lowercase characters, numbers, and symbols will make your passwords much harder to guess, and harder to bruteforce. Uniqueness - Passwords should avoid containing common dictionary words, names, birthdays, or any identification related to you (social security, drivers license, or phone numbers for example). Secret - If you have a password of the utmost importance, do not write it down. Do not type them in plain view of another person or share them with anyone. Avoid use of the same password in multiple places. Security Tokens Security Tokens are cryptographic devices that allow for two-factor authentication. Google Titan Yubikey 5 Series 6. Conclusion And here we are at the end! I would like to thank all of you for taking the time to read my guide, it's a few (slow) years in the making and I've kept it up to date. This guide is always changing, so check back from time to time. Revision 1.10.020 Copyright © 2004-2012 Malakai1911, All Rights Reserved The information contained within this guide is intended solely for the general information of the reader and is provided "as is" with absolutely no warranty expressed or implied. Any use of this material is at your own risk, its authors are not liable for any direct, special, indirect, consequential, or incidental damages or any damages of any kind. This guide is subject to change without notice. Windows_Security_Template__1.10.015_.zip
  13. The secrecy surrounding the work was unheard of at Google. It was not unusual for planned new products to be closely guarded ahead of launch. But this time was different. The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. In February 2017, during one of the first group meetings about Dragonfly at Google’s Mountain View headquarters in California, some of those present were left stunned by what they heard. Senior executives disclosed that the search system’s infrastructure would be reliant upon a Chinese partner company with data centers likely in Beijing or Shanghai. Locating core parts of the search system on the Chinese mainland meant that people’s search records would be easily accessible to China’s authoritarian government, which has broad surveillance powers that it routinely deploys to target activists, journalists, and political opponents. Yonatan Zunger, then a 14-year veteran of Google and one of the leading engineers at the company, was among a small group who had been asked to work on Dragonfly. He was present at some of the early meetings and said he pointed out to executives managing the project that Chinese people could be at risk of interrogation or detention if they were found to have used Google to seek out information banned by the government. Scott Beaumont, Google’s head of operations in China and one of the key architects of Dragonfly, did not view Zunger’s concerns as significant enough to merit a change of course, according to four people who worked on the project. Beaumont and other executives then shut out members of the company’s security and privacy team from key meetings about the search engine, the four people said, and tried to sideline a privacy review of the plan that sought to address potential human rights abuses. Zunger — who left his position at Google last year — is one of the four people who spoke to The Intercept for this story. He is the first person with direct involvement in Dragonfly to go on the record about the project. The other three who spoke to The Intercept are still employed by Google and agreed to share information on the condition of anonymity because they were not authorized to talk to the media. Their accounts provide extraordinary insight into how Google bosses worked to suppress employee criticism of the censored search engine and reveal deep fractures inside the company over the China plan dating back almost two years. Google’s leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said. Only a few hundred of Google’s 88,000 workforce were briefed about the censorship plan. Some engineers and other staff who were informed about the project were told that they risked losing their jobs if they dared to discuss it with colleagues who were themselves not working on Dragonfly. “They [leadership] were determined to prevent leaks about Dragonfly from spreading through the company,” said a current Google employee with knowledge of the project. “Their biggest fear was that internal opposition would slow our operations.” In 2016, a handful of Google executives — including CEO Sundar Pichai and former search chief John Giannandrea — began discussing a blueprint for the censored search engine. But it was not until early 2017 that engineers were brought on board to begin developing a prototype of the platform. The search engine was designed to comply with the strict censorship regime imposed by China’s ruling Communist Party, blacklisting thousands of words and phrases, including terms such as “human rights,” “student protest,” and “Nobel Prize.” It was developed as an app for Android and iOS devices, and would link people’s search records to their personal cellphone number and track their location. (Giannandrea could not be reached for comment.) The company managed to keep the plan secret for more than 18 months — until The Intercept disclosed it in August. Subsequently, a coalition of 14 leading human rights groups, including Amnesty International and Human Rights Watch, condemned the censored search engine, which they said could result in Google “directly contributing to, or [becoming] complicit in, human rights violations.” Employees who opposed the censorship staged protests inside the company. Meanwhile, a bipartisan group of U.S. senators called Dragonfly “deeply troubling,” and Vice President Mike Pence demanded that Google “immediately end” its development. Google employees who had worked on Dragonfly watched the furor unfold and were not surprised by the backlash. Many of the concerns raised by the human rights groups, they noted, had already been voiced inside the company prior to the public exposure of the plans, though they had been brushed aside by management. Every new product or service that Google develops must be reviewed by legal, privacy, and security teams, who try to identify any potential issues or problems ahead of the launch. But with Dragonfly, the normal procedure was not followed: Company executives appeared intent on watering down the privacy review, according to the four people who worked on the project. In January 2017, Zunger, the 14-year veteran engineer at the company, had been tasked with producing the privacy review. However, it quickly became apparent to him that his job was not going to be easy. His work was opposed from the outset by Beaumont, Google’s top executive for China and Korea. Beaumont, a British citizen, began his career in 1994 as an analyst for an investment bank in England and later founded his own company called Refresh Mobile, which developed apps for smartphones. He joined Google in 2009, working from London as director of the company’s partnerships in Europe, Asia and the Middle East. In 2013, Beaumont relocated to China to head Google’s operations there. He described himself in his LinkedIn biography as a “technology optimist” who cares about “the value and responsible use of technology in a range of fields.” According to Zunger, Beaumont “wanted the privacy review [of Dragonfly] to be pro forma and thought it should defer entirely to his views of what the product ought to be. He did not feel that the security, privacy, and legal teams should be able to question his product decisions, and maintained an openly adversarial relationship with them — quite outside the Google norm.” Three sources independently corroborated Zunger’s account. Beaumont did not respond to multiple requests for comment, and Google declined to answer questions for this story. During one meeting, Zunger recalled, Beaumont was briefed on aspects of Dragonfly that Google’s privacy and security teams planned to assess. He was told that the teams wanted to check whether the Chinese search system would be secure against state and non-state hackers, whether users in China would have control over their own data, and whether there may have been any aspects of the system that might cause users to unintentionally disclose information about themselves. “I don’t know if I want you asking those questions,” Beaumont retorted, according to Zunger, who said the comment was “quite surprising to those in the room.” Beaumont micromanaged the project and ensured that discussions about Dragonfly and access to documents about it were tightly controlled. “Different teams on the Dragonfly project were actively segmented off from one another and discouraged from communicating, except via Scott’s own team, even about technical issues,” said Zunger. This was “highly unusual,” according to Zunger. Normally, even for extremely confidential work inside the company, he said, there would be “open and regular communication within a project, all the way up to senior leadership.” With Dragonfly, the opposite was true. The restrictions around the project limited the ability for discussion and seemed intended “to prevent internal objections,” Zunger said. Some members of the Dragonfly team were told that if they broke the strict confidentiality rules, then their contracts at Google would be terminated, according to three sources. Despite facing resistance, the privacy and security teams — which together included a total of between six and eight people — proceeded with their work. Zunger and his colleagues produced a privacy report that highlighted problematic scenarios that could arise once the censored search engine launched in China. The report, which contained more than a dozen pages, concluded that Google would be expected to function in China as part of the ruling Communist Party’s authoritarian system of policing and surveillance. It added that, unlike in Europe or North America, in China it would be difficult, if not impossible, for Google to legally push back against government requests, refuse to build systems specifically for surveillance, or even notify people of how their data may be used. Zunger had planned to share the privacy report and discuss its findings during a meeting with the company’s senior leadership, including CEO Sundar Pichai. But the meeting was repeatedly postponed. When the meeting did finally take place, in late June 2017, Zunger and members of Google’s security team were not notified, so they missed it and did not attend. Zunger felt that this was a deliberate attempt to exclude them. By this point, Zunger had already decided to leave Google, due to a job offer he had received from Humu, a startup company co-founded by Laszlo Bock, Google’s former head of human resources, and Wayne Crosby, Google’s former director of engineering. Had Zunger not received the offer to join Humu when he did, he said, he would likely have ended up resigning in protest from Google over Dragonfly. “The project, as it was then specified, was not something I could sign off on in good conscience,” he told The Intercept. Zunger does not know what happened to the privacy report after he left Google. He said Google still has time to address the problems he and his colleagues identified, and he hopes that the company will “end up with a Project Dragonfly that does something genuinely positive and valuable for the ordinary people of China.” Google launched a censored search engine in China in 2006 but stopped operating the service in the country in 2010, saying it could no longer tolerate Chinese government efforts to limit free speech, block websites, and hack activists’ Gmail accounts. At that time, Google co-founder Sergey Brin had advocated inside the company to pull out of China because he was uncomfortable with the level of government censorship and surveillance. The “key issue,” Brin said, was to show that Google was “opposing censorship and speaking out for the freedom of political dissent.” The Dragonfly revelations prompted questions about whether Brin had dramatically reversed his views on censorship in China. But in a meeting with Google employees in August, Brin claimed that he knew nothing about Dragonfly until The Intercept exposed it. According to three sources, employees working on Dragonfly were told by Beaumont, the company’s China chief, that Brin had met with senior Chinese government officials and had told them of his desire to re-enter the Chinese market, obeying local laws as necessary. However, the Dragonfly teams were instructed that they were not permitted to discuss the issue directly with Brin or other members of Google’s senior leadership team, including Pichai, co-founder Larry Page, and legal chief Kent Walker. Two sources working on Dragonfly believed that Beaumont may have misrepresented Brin’s position in an attempt to reassure the employees working on Dragonfly that the effort was fully supported at the highest levels of the company, when that may not have been the truth. “How much did Sergey know? I am guessing very little,” said one source, “because I think Scott [Beaumont] went to great lengths to ensure that was the case.” Inside Google, a deep ideological divide has developed over Dragonfly. On one side are those who view themselves as aligned with Google’s founding values, advocating internet freedom, openness, and democracy. On the other side are those who believe that the company should prioritize growth of the business and expansion into new markets, even if doing so means making compromises on issues like internet censorship and surveillance. Pichai, who became Google’s CEO in 2015, has made it clear where he stands. He has strongly backed Dragonfly and spoken of his desire for the company to return to China and serve the country’s people. In October, Pichai publicly defended the plan for the censored search engine for the first time, though he tried to play down the significance of the project, portraying it as an “experiment” and adding that it remained unclear whether the company “would or could” eventually launch it in China. Staff working on Dragonfly were confused by Pichai’s comments. They had been told to prepare the search engine for launch between January and April 2019, or sooner. The main barrier to launch, the employees were told, was the ongoing U.S. trade war with China, which had slowed down negotiations with government officials in Beijing, whose approval Google required to roll out the platform in the country. “What Pichai said [about Dragonfly being an experiment] was ultimately horse shit,” said one Google source with knowledge of the project. “This was run with 100 percent intention of launch from day one. He was just trying to walk back a delicate political situation.” The launch plan was outlined during a July meeting for employees who were working on Dragonfly. The company’s search chief, Ben Gomes, instructed engineers to get the search engine ready to be “brought off the shelf and quickly deployed.” Beaumont told employees in the same meeting that he was pleased with how things were developing for the company in the country, according to a previously undisclosed transcript of his comments obtained by The Intercept. “There has been a really positive change in tone towards Google during [Pichai’s] recent visits” to China, Beaumont said. “Part of our task over the past few years has been to re-establish that Google can be a trusted operator in China. And we’ve really seen a pleasing turnaround, relatively recently in the last couple of years. We are fairly confident that, outside of the trade discussions, there is a positive consensus across government entities to allow Google to re-engage in China.” A few weeks later, details about Dragonfly were emblazoned across international newspapers and the internet, and the company was scrambling to contain the outpouring of internal and external protest. Beaumont was furious that information about the project had leaked, said two sources familiar with his thinking, and he told colleagues that he feared the disclosures may have scuppered the prospect of Google launching the platform in the short term. “[Beaumont’s] endgame was very simple — his ideal circumstance was that most people would find out about this project the day it launched,” said one Google source. “He wanted to make sure there would be no opportunity for any internal or external resistance to Dragonfly, but he failed.” Source
  14. Facebook’s founder is facing pressure to accept an invite from eight international parliaments, with lawmakers wanting to question him about negative impacts his social network is having on democratic processes globally. Last week Facebook declined an invitation from five of these parliaments. The elected representatives of Facebook users want Mark Zuckerberg to answer questions in the wake of a string of data misuse and security scandals attached to his platform. The international parliaments have joined forces — forming a grand committee — to amp up the pressure on Facebook. The U.K.-led grand committee said it would meet later this month, representing the interests of some 170 million Facebook users across Argentina, Australia, Canada, Ireland and the U.K. But Facebook snubbed that invite. Today the request has been reissued with an additional three parliaments on board — Brazil, Latvia and Singapore. In their latest invite letter they also make it clear that Facebook’s founder does not have to attend the hearing in person — which was the excuse the company used to decline the last request for Zuckerberg. (Which was just the latest in a long string of ‘nos’ Facebook’s founder has given the committee.) “We note that while your letter states that you are ‘not able to be in London’ on 27th, it does not rule out giving evidence per se. Would you be amenable to giving evidence via video link instead?” the grand committee writes now. We’ve asked Facebook whether Zuckerberg will be able to make time in his schedule to provide evidence remotely — and will update this report with any response. (A company spokesman suggested to us that it’s unlikely to do so.) Of course Zuckerberg is very busy these days — given the fresh scandals slamming Facebook’s exec team. His political plate is truly heaped. Last week a New York Times report painted an ugly and chaotic picture of Facebook’s leaders’ response to the political disinformation crisis — which included engaging an external public relations firm which used smear tactics against opponents. (Facebook has since severed ties with the firm.) The grand committee references this controversy in its latest invitation letter, writing: “We believe that there are important issues to be discussed, and that you are the appropriate person to answer them. Yesterday’s New York Times article raises further questions about how recent data breaches were allegedly dealt with within Facebook.” The U.K.’s DCMS committee, which has been spearheading efforts to hold Zuckerberg to account, has spent the best part of this year asking wide-ranging questions about the impact of online disinformation on democratic processes. But it has become increasingly damning in its criticism of Facebook — accusing the company of evasion, equivocation and worse as the months have gone on. In a preliminary report this summer it also called on the government to act urgently, recommending a levy on social media and stronger laws to prevent social media tools being used to undermine democratic processes. The U.K. government chose not to leap into action. But even there Facebook’s platform is implicated because Brexit — which was itself sold to voters via the medium of unregulated social media ads (with the Electoral Commission finding earlier this year that the official Vote Leave campaign used Facebook’s funnel to bypass electoral law) — is rather monopolizing ministerial attention these days… One of the questions committee members are keen to get an answer to from Facebook is who at the company knew in the earliest incidence about the Cambridge Analytica data misuse scandal. In short they want to know where the buck stops. Who should be held accountable — for both the massive data breach and Facebook’s internal handling of it. And it is very close to getting an answer to that after the U.K.’s data protection watchdog, the ICO, gave evidence earlier this month — saying it had obtained the distribution list for emails Facebook sent internally about the breach, saying it would pass the list on to the committee. A spokeswoman for the DCMS committee told us it has yet to receive this information from the ICO. An ICO spokesperson told us it will not be publishing the list — adding: “At this stage I’m not sure when it will be sent to the committee.” Source: techcrunch
  15. Betternet Free VPN is a free multi-platform app that allows users to connect anonymously to the internet. A VPN or virtual private network sends your internet connection through a separate server meaning that any website you visit will not be able to track your location. This can be used for a number of reasons from accessing region-locked content to simply wanting to avoid being tracked. While many VPN services have an annual charge Betternet Free VPN does not. Homepage: https://www.betternet.co/ Download: https://control.kochava.com/v1/cpi/click?traffic_source=organic&campaign_id=kobetternet-windows-0xvqb82z5431ed7d40d2f&network_id=6184&site_id=1&device_id=device_id ============================== Cracker/Team: Jasi2169 / TEAM URET Medicine: Crack File Size: 0.99 MB Site: https://www.upload.ee Sharecode[?]: /files/8473047/Betternet.VPN.For.Windows.v4.1.0_Crack-URET.rar.html ==============================
  16. Google Chrome is the most popular browser in the world. Chrome routinely leads the pack in features for security and usability, most recently helping to drive the adoption of HTTPS. But when it comes to privacy, specifically protecting users from tracking, most of its rivals leave it in the dust. Users are more aware of, and concerned about, the harms of pervasive tracking than ever before. So why is Chrome so far behind? It’s because Google still makes most of its money from tracker-driven, behaviorally-targeted ads. The marginal benefit of each additional bit of information about your activities online is relatively small to an advertiser, especially given how much you directly give Google through your searches and use of tools like Google Home. But Google still builds Chrome as if it needs to vacuum up everything it can about your online activities, whether you want it to or not. In the documents that define how the Web works, a browser is called a user agent. It’s supposed to be the thing that acts on your behalf in cyberspace. If the massive data collection appetite of Google’s advertising- and tracking-based business model are incentivizing Chrome to act in Google’s best interest instead of yours, that’s a big problem—one that consumers and regulators should not ignore. Chrome is More Popular Than Ever. So is Privacy. Since Chrome’s introduction in 2008, its market share has risen inexorably. It now accounts for 60% of the browsers on the web. At the same time, the public has become increasingly concerned about privacy online. In 2013, Edward Snowden’s disclosures highlighted the links between massive, surreptitious corporate surveillance and the NSA’s spy programs. In 2016, the EU ratified the General Data Protection Regulation (GDPR), a sweeping (and complicated) set of guidelines that reflected a new, serious approach to data privacy. And in the U.S., this year’s Cambridge Analytica scandal sparked unprecedented backlash against Facebook and other big tech companies, driving states like California to pass real data privacy laws for the first time (although those laws are under threat federally by, you guessed it, Google and Facebook). Around the world, people are waking up to the realities of surveillance capitalism and the surveillance business model: the business of “commodifying reality,” transforming it into behavioral data, and using that data and inferences from it to target us on an ever-more granular level. The more users learn about this business model, the more they want out. That’s why the use of ad and tracker blockers, like EFF’s Privacy Badger, has grown dramatically in recent years. Their popularity is a testament to users’ frustration with the modern web: ads and trackers slow down the browsing experience, burn through data plans, and give people an uneasy feeling of being watched. Companies often justify their digital snooping by arguing that people prefer ads that are “relevant” to them, but studies show that most users don’t want their personal information to be used to target ads. All of this demonstrates a clear, growing demand for consumer privacy, especially as it relates to trackers on the web. As a result, many browser developers are taking action. In the past, tracker blockers have only been available as third-party “extensions” to popular browsers, requiring diligent users to seek them out. But recently, developers of major browsers have started building tracking protections into their own products. Apple’s Safari has been developing Intelligent Tracking Protection, or ITP, a system that uses machine learning to identify and stop third-party trackers; this year, the improved ITP 2.0 became the default for tens of millions of Apple users. Firefox recently rolled out its own tracking protection feature, which is on by default in private browsing windows. Opera ships with the option to turn on both ad and tracker blocking. Even the much-maligned Internet Explorer has a built-in “tracking protection” mode. Yet Google Chrome, the largest browser in the world, has no built-in tracker blocker, nor has the company indicated any plans to build one. Sure, it now blocks some intrusive ads, but that feature has nothing to do with privacy. The closest thing it offers to “private” browsing out-of-the-box is “incognito mode,” which only hides what you do from others who use your machine. That might hide embarrassing searches from your family, but does nothing to protect you from being tracked by Google. Conflicts of Interest Google is the biggest browser company in the world. It’s also the biggest search engine, mobile operating system, video host, and email service. But most importantly, it’s the biggest server of digital ads. Google controls 42% of the digital advertising market, significantly more than Facebook, its largest rival, and vastly more than anyone else. Its tracking codes appear on three quarters of the top million sites on the web. 86% of Alphabet’s revenue (Google’s parent company) comes from advertising. That means all of Alphabet has a vested interest in helping track people and serve them ads, even when that puts the company at odds with its users. Source: The EFF
  17. Cyrobo Clean Space Pro 7.26 Multilingual This program was designed to rid your computer of electronic garbage and protect your online privacy. Your computer's garbage includes a lot of objects (for example, cache and temporary files of various programs and Windows OS itself), internet cookie files, internet browsing history, logs, index.dat files, registry entries, etc. Those objects are scattered throughout your computer, usually in hidden system folders, wasting gigabytes of precious disk space. Faster Computer Cleaning your unwanted cache will enable your Windows OS and other programs to run more efficiently. Improving computer performance is one of the primary goals of our program. Privacy Nobody will be able to track your online activity. Protection of your privacy is of utmost importance to us. Security Deleted data are unrecoverable, so you physically stay secure. Even special magnets would not be able to restore deleted data. Awards Our program has received multiple awards from notable rating agencies and bloggers. We have been in business since 2002 and are very experienced. Home Page: www.cyrobo.com Download installer: https://www.cyrobo.com/core-public/xfiles/clnspc/setup_clnspc.exe Radixx11 Fix: Site: https://www.upload.ee Sharecode[?]: /files/7566713/CRPA.zip.htm l
  18. Block Tracking on Discord Quick Information Time required: ~10 minutes. Requirement: Google Chrome, Chromium or Opera. Difficulty: ⚫⚪⚪⚪⚪ Tracking on Discord You do not realize it but Discord tracks every mouse click and keypress you do. You could think that they just track when you're typing and you somehow have the option to 'opt out' in your account settings. That's wrong, they track everything you do and the requests are still sent even when you opt out. Discord just tells you to trust that they won't do anything with it, when the requests should not be sent to begin with. If you open the Reactions box, do a right-click or interact in anyway with the page your browser sends this info back to Discord. Here is a collection of tricks to enforce your tracking opt-out decision instead of just trusting Discord not to do anything with it. The HTTP Request Blocker add-on In order to pull out our tracking opt-out enforcement we will use a Chrome add-on called HTTP Request Blocker. This add-on works on any Chromium derivative which includes Chromium itself and Opera since its version 12. Download the HTTP Request Blocker add-on on the Chrome Webstore or download the CRX file directly instead. Note that you if you want to download the CRX file instead you have to save the link instead using the right-click: If you downloaded it on the Chrome Webstore it will already be installed, if you downloaded the CRX file install it manually: When the add-on is installed you'll get a new button on your your toolbar: You're now ready to show Discord some love! Block URLs using HTTP Request Blocker To block URLs using HTTP Request Blocker, you can use two methods: absolute and pattern matches. Absolute means that you provide the URL without wildcards (e.g.: *) while pattern means the URL cans have many variations. The Discord tracking is done via the Discord API which includes the API version in th URL, so we will use pattern matches. To help you understand what that means, I will show you below two examples of both absolute and pattern matches. Absolute: *://discordapp.com/api/v6/command Pattern: *://discordapp.com/api/v*/command Pattern means that you can use wildcards to replace elements that are not static and can be different without listing everything. The first wildcard is used to include both HTTP and HTTPS and is required by the HTTP Request Blocker add-on. Add a new URL entry by clicking on the add-on icon and clicking on add new: Clicking multiple times on the add new hyperlink will spawn multiple entries. To remove an entry you can use the red cross icon as shown in the spoiler above. When you add URL entries to your list or make changes save it by clicking on the blue Save button. This is how you will be able to add the URL entries I will show you further in this guide. Block the Typing signal Unlike Skype and other popular Instant Messaging services Discord doesn't allow users to hide their when they're typing. Typing signals allow people to wait for someone else to finish his message before posting yours, but they're invasive. You should have a say in whether you want to tell people you're typing or not. Typing URL: *://discordapp.com/api/v*/channels/*/typing Block the Interface Tracking Discord tracks literally everything you do, even simple things like clicking on any Interface element. Not only when you open them but also when you close them and when they lose your focus. Tracking URL: *://discordapp.com/api/v*/track Block read receipts There's no read receipt feature on Discord yet, but their API actually is ready for it. It's just a matter of time until Discord starts showing read receipts to their users. When you receive a message focus on the Discord tab, the browser sends ACK requests. These requests confirm that you've read the message so Discord stops showing them as new. Read receipt URL: *://discordapp.com/api/v*/channels/*/messages/*/ack Side-effect: This applies everywhere to all channels and PM threads. If you block them Discord will think you didn't read the messages and continue showing them as new to you. You can also make the blocking more granular by specifying which channels should have receipts blocked: Read receipt URL: *://discordapp.com/api/v*/channels/XXXXXXXXXXXXXXXX/messages/*/ack The channel ID is the one in your URL bar when you're in a channel or in a PM thread: Block Fingerprinting Discord has a tracking URL that generates a fingerprint of the computer you're on. That means they get details about your computer that are none of their business. This for example includes your locale and screen size which should not be needed. For the screen size they already have CSS media queries (that's more technical ). Fingerprinting URL: *://discordapp.com/api/v*/science Block promotion watch receipts When you open your user settings page, Discord displays promotional content on it. They're also tracking whether you've seen them by sending ACK requests back to Discord. This URL will block the promotion watch receipts to make Discord think you didn't watch them. Watch receipt URL: *://discordapp.com/api/v*/promotions/ack Block Discord experiments When you connect to Discord, the browser requests a file that contains experiments and whether you're enrolled. This file defines whether Discord wants to enroll you on them and you have no option to opt-out if you are. This URL prevents the browser from running Discord experiments even when you're enrolled. Experiments URL: *://discordapp.com/api/v*/experiments The End That was it, the six URLs you can block to further improve your Privacy on Discord. By the way, you might have noticed the Allavsoft add-on is not official but that's intended
  19. Privacy, keeping things separate, and IoT, connecting everything, may never be truly compatible. Nonetheless, manufacturers, developers, and end-users must still try to ensure privacy in an increasingly interconnected world. We call it the Internet of Things (IoT), but what we often really mean is the Internet of Personal Data. If data is the new oil, then personal data is the lubricant of IoT. Internet-connected devices are awash with sensitive information. And in the age of hyper-connectivity, we are feeling the brunt of the inexorable connection between data and device in the form of privacy violations. When Privacy Goes Wrong In the last few years, data privacy has had a shiny makeover, put on its heels and swanky black dress, and entered the mainstream media ball. Data privacy is no longer only talked about in dusty conferences frequented by specialist lawyers; no, data privacy is here to stay and regulations like General Data Protection Regulation (GDPR) are being updated to reflect this. It’s all Snowden’s fault, of course. He opened the surveillance “can o’ worms.” But his was but a whisper compared to the outrage caused when Facebook and Cambridge Analytica so flippantly disregarded our personal data privacy. It’s in the wake of this heightened awareness of data privacy issues that we look at some of the IoT-based privacy violations of recent times. Privacy is touching us all. It isn’t just a personal issue; it’s also entering the boardroom. Here are five trending reasons to hold onto your data: Alexa: A Witness For The Prosecution What if evidence were collected by IoT devices? What would be the implications for judicial processes? In 2015, James Bates of Arkansas, US, was accused of murdering his friend who had been found dead in Bates’ hot tub. The prosecutor built the case around the data held on Bates’ Amazon Echo and his smart meter. Amazon refused to release the data collected by Alexa. The case could have stopped there. However, Bates gave permission for the data to be used during the case. The case was dismissed in December 2017, but the story hit the news and the defendant’s personal life was brought into the public domain. The saying “no smoke without fire” was undoubtedly especially meaningful to Bates during that time. In another (still ongoing) case involving a Connecticut woman who was murdered in 2015, FitBit data has come under the spotlight. Prosecutors are basing the case on the woman’s GPS-related data. The data has helped identify her last movements. It placed her husband in the frame. “Creepy Tech” and IoT The IoT has opened up a lot of new ways to interface with users. One such interface cuts across the visible spectrum (e.g. cameras)—and we’re an image-hungry species. Facebook, for example, has 147,000 photos uploaded per minute. But there’s something about the watchful eyes of a digital assistant that’s creeping many of us out. Many consumer IoT products come with a camera. Vulnerabilities can leave that camera open to abuse. Recently, researchers at PenTestPartners located a serious flaw in a Swann IoT video camera that allowed a hacker to view video footage from another user’s camera. The hack was really simple: by adding a serial number of the camera into an app, you could view live coverage of that camera (the serial numbers are easily accessible). Thankfully, Swann fixed the issue very quickly. But camera security flaws have plagued consumer IoT devices since their advent. Possibly the most sinister of hacks is when baby monitors are targeted. In 2015, Rapid7 failed 8 out of 10 baby monitors for security compliance. Moreover, privacy concerns still plague monitors today. A recent case in which a U.S. mother found her FREDI baby monitor panning across the room and pointing at the spot where she breastfed her baby. How Are IoT Manufacturers Affected? It’s likely that IoT devices will be used in more court cases. The data IoT devices collect constructs daily “data journals” of individuals and organizations. Manufacturers may find themselves in the middle between the data owner and the justice system. Cameras in IoT products offer important visual functionality. Many vulnerabilities found in consumer IoT products are based on issues and resolutions that are well-known in the cybersecurity world. Flaws such as unencrypted communication channels and programming interfaces (APIs) allow interception and hijacking of cameras. Other flaws, such as having an easy to guess administration password or device identifier, can also be easily fixed. Abusive Surveillance With IoT When we think of surveillance, we generally think of the government spying on citizens. However, the issue with IoT surveillance may be closer to home for many folks. A study by University College London (UCL) into the use of technology in domestic abuse found that technology can provide the “means to facilitate psychological, physical, sexual, economic, and emotional abuse as well as controlling and coercive behaviour.” The UCL report considers how abusive individuals can use IoT technology, in particular, as a means to control others. However, more parties than UCL are concerned with the harmful potentials of new, somewhat unstable technologies. eSafety Women is an Australian project that teaches women how to stay safe around technology. As IoT begins to take hold in our homes, the opportunities to use the devices as a tool for spying and abusive control increases. Manufacturers can help to make sure that there are mechanisms in place to prevent this. This isn’t easy, but certain measures can be used. For example, systems that have delegated access need to be designed with abusive users in mind. Data auditing can also offer the potential for abusive behavior tracking, however, auditing also has privacy implications. Police forces should also be educated in the potential for IoT devices to be abused. A Perfect Storm: Health Data and IoT Kaspersky has identified that smart device attacks increased by three-fold in 2018. Couple this with analysis by the Ponemon Institute and IBM, which shows that health data is the most targeted by cybercriminals. And there you have it: a perfect storm for damaging data exposure. As more of our highly sensitive health data resides on an ever-expanding security matrix, the likelihood is that the privacy of patient data is at risk. This was nicely demonstrated in Singapore with an attack on SingHealth, which exposed the data of 1.5 million patients—including DNA repositories. It’s expected that 87% of healthcare organizations will incorporate IoT devices in some form into their operations by 2019. Services using healthcare IOT devices are often under strict regulatory control, such as HIPAA and GDPR, to ensure patient data is safe. Manufacturers need to ensure that correct security measures can be used to secure data against exposure. Smart Privacy, Smart Grid The smart grid offers an opportunity to optimize the use of energy consumption. However, some concerns have been raised over the privacy of smart grids and the smart meters they rely on. Behavioral privacy is the big issue with smart meters. The Electronic Privacy Information Center (EPIC) is big on consumer profiling and behavioral privacy. EPIC has listed 14 areas where smart meter use can expose privacy gaps. These include tracking the behavior of renters/leasers and identity theft. Notably, California has a “smart meter” privacy law (Assembly Bill No. 1274), which defines best practices for smart meters to protect users privacy. EPIC suggest that user-centric control over the “collection, use, reuse, and sharing of personal information” should be built into smart meters. Anonymization of the data should also be a design remit. A Shared Future For IoT and Privacy The data privacy genie is well and truly out of the Internet-connected bottle. As consumers of IoT devices, we must all be aware of how our privacy becomes compromised through technology. As manufacturers of such products, however, there are two drivers to which we should adhere to ensure good privacy practice. The Specter of Compliance Regulations like GDPR are tightening the belt of data privacy. Others that are industry-specific, such as HIPAA, and location specific, such as the California Consumer Privacy Act (CCPA), are baking data privacy into law. Privacy = Trust Respect for customer privacy is part of building a loyal brand following. Data privacy should never be an afterthought. Instead, it should always be a design remit. Source
  20. Psiphon Pro By Psiphon Inc. This is the pro version of Psiphon which is a secure VPN application for Android. The application allows you to navigate freely on the internet. You will be connected to all hindered sites that are blocked due to censorship or other factors. You will also be safe when you do this. You will be able to connect to any site that has been exposed to Psyphon Pro and has blocked access. Psiphon’s work structure is quite simple. As with other VPN applications, a tunnel opens and you appear to be connecting through other countries. Whether you want to use the application only on the browser, you can use it in all applications. One of the features that Psiphon has provided is the ability to display your internet traffic. If you want to use the internet for free, Psiphon is for you. Site: https://www52.zippyshare.comSharecode: /v/d24qihdV/file.html Site: https://workupload.comSharecode: /file/EjqUjJ4h
  21. With the launch of a new national cyber strategy, President Donald Trump has authorized the use of “offensive cyber operations” against U.S. adversaries, National Security Adviser John Bolton told reporters on Thursday. The U.S. hopes by deploying offensive measures it can deter cyberattacks targeting critical infrastructure and other systems, Bolton said, by demonstrating to adversaries that the cost “is higher than they want to bear.” In a letter, Trump said the new guidelines demonstrated his commitment to securing America from digital threats. “It is a call to action for all Americans and our great companies to take the necessary steps to enhance our national cybersecurity,” he said. “We will continue to lead the world in securing a prosperous cyber future.” Trump’s strategy, which he calls the “first fully articulated cyber strategy in 15 years,” replaces one implemented under the Obama administration. It is said to considerably relax rules surrounding the use of cyberweapons by the Pentagon and other agencies. “We’re going to do a lot of things offensively,” Bolton said. The move comes as U.S. intelligence warns of ongoing foreign operations aimed at undermining the 2018 midterm elections, including cyberattacks against voting infrastructure and computer intrusions targeting election officials. Asked if he considered the U.S. to be actively involved in a “cyberwar,” Bolton said he didn’t accept that “characterization.” But with its hands no longer tied, he said, expect the U.S. to strike back more frequently. Source
  22. Psiphon Pro By Psiphon Inc. This is the pro version of Psiphon which is a secure VPN application for Android. The application allows you to navigate freely on the internet. You will be connected to all hindered sites that are blocked due to censorship or other factors. You will also be safe when you do this. You will be able to connect to any site that has been exposed to Psyphon Pro and has blocked access. Psiphon’s work structure is quite simple. As with other VPN applications, a tunnel opens and you appear to be connecting through other countries. Whether you want to use the application only on the browser, you can use it in all applications. One of the features that Psiphon has provided is the ability to display your internet traffic. If you want to use the internet for free, Psiphon is for you. Site: https://www58.zippyshare.comSharecode: /v/mQaCFhq8/file.html Site: https://workupload.comSharecode: /file/5mnKbywy
  23. Only 34.5 % of the approximately 500 professionals responsible for compliance to the European Union (EU) General Data Protection Regulation (GDPR) report maintaining practices that are in keeping with the regulation, a recent Deloitte poll. According to the poll, one-third of respondents (32.7 %) hope to be compliant within 2018. And, 11.7% plan to take a “wait and see” approach amid uncertainty over how EU regulators in various countries will enforce the new regulation. “The fact that the GDPR effective date has come and gone,” (it became law in May 2018), “and many are still scrambling to demonstrate a defensible position on GDPR compliance reflects the complexity and challenges as the world of privacy rapidly changes,” said Rich Vestuto, a Deloitte Risk and Financial Advisory managing director in discovery for Deloitte Transactions and Business Analytics LLP. There were a number of other serious issues brought to light, including a very low number of professionals feeling that their organizations knew the state of their third-party data access, and the extent to which artificial intelligence was applied to that data. At issue here is the prevailing culture of cyber-insecurity and privacy de-damned-ism. The poll found that many issues facing organizations on the privacy front may actually be made easier to track in the wake of the GDPR, but the prevailing sense found in those polled out there still seems to be that compliance costs money—much more than fines. Source
  24. Microsoft’s Obscure ‘Self Service for Mobile’ Office Activation Microsoft requires a product activation after installing. Users of Microsoft Office currently are facing trouble during telephone activation. After dealing with this issue, I came across another obscure behavior, Microsoft’s ‘Self Service for Mobile’ solution to activate Microsoft Office via mobile devices. Microsoft describes how to activate Microsoft Office 2013, 2016 and Office 365 within this document. There are several possibilities to activate an installed product, via Internet or via Telephone for instance. Activation by phone is required, if the maximum Internet activation threshold is reached. But Office activation by phone fails Within my blog post Office Telephone activation is no longer supported error I’ve addressed the basis issue. If a user re-installs Office, the phone activation fails. The activation dialog box shows the message “Telephone activation is no longer supported for your product“. Microsoft has confirmed this issue for Office 2016 users having a non subscriber installation. But also users of Microsoft Office 2010 or Microsoft Office 2013 are affected. A blog reader posted a tip: Use Mobile devices activation… I’ve posted an article Office 2010: Telefonaktivierung eingestellt? – Merkwürdigkeit II about the Office 2010 telephone activation issue within my German blog, back in January 2017. Then a reader pointed me within a comment to a Self Service for Mobile website. The link http: // bit.ly/2cQPMCb, shortened by bit.ly, points to a website https: // microsoft.gointeract.io/mobileweb/… that provides an ability to activate Microsoft Office (see screenshot below). After selecting a 6 or 7 Digits entry, an activation window with numerical buttons to enter the installation id will be shown (see screenshots shown below). The user has to enter the installation id and receives the activation id – plain and simple. Some users commented within my German blog, that this feature works like a charm. Obscurity, conspiracy, oh my God, what have they done? I didn’t inspect the posted link until writing last Fridays blog post Office Telephone activation is no longer supported error. My idea was, to mention the “Self Service for Mobile” page within the new article. I managed to alter the link to direct it to the English Self Service for Mobile language service site. Suddenly I noticed, that both, the German and also the English “Self Service for Mobile” sites uses https, but are flagged as “unsecure” in Google Chrome (see the screenshot below, showing the German edition of this web page. The popup shown for the web site „Self Service for Mobile“ says, that there is mixed content (images) on the page, so it’s not secure. That catches my attention, and I started to investigate the details. Below are the details for the German version of the web site shown in Google Chrome (but the English web site has the same issues). First of all, I noticed, that the „Self Service for Mobile“ site doesn’t belongs to a microsoft.com domain – in my view a must for a Microsoft activation page. Inspecting the details, I found out, the site contains mixed content (an image contained within the site was delivered via http). The content of the site was also delivered by Cloudflare (I’ve never noticed that case for MS websites before). The image flagged in the mixed content issue was the Microsoft logo, shown within the sites header, transferred via http. The certificate was issued by Go Daddy (an US company) and ends on March 2017. I’ve never noticed, that Go Daddy belongs to Microsoft. I came across Go Daddy during analyzing a phishing campaign months ago. A compromised server, used as a relay by a phishing campaign, has been hosted (according to Whois records) by Go Daddy. But my take down notice send to Go Daddy has never been answered. That causes all alarm bells ringing in my head, because it’s a typical behavior used in phishing sites. Also my further findings didn’t calm the alarm bells in my head. The subdomain microsoft used above doesn’t belongs to a Microsoft domain, it points to a domain gointeract.io. Tying to obtain details about the owner of gointeract.io via WhoIs ended with the following record. Domain : gointeract.io Status : Live Expiry : 2021-03-14 NS 1 : ns-887.awsdns-46.net NS 2 : ns-1211.awsdns-23.org NS 3 : ns-127.awsdns-15.com NS 4 : ns-1980.awsdns-55.co.uk Owner OrgName : Jacada Check for 'gointeract.sh' --- http://www.nic.sh/go/whois/gointeract.sh Check for 'gointeract.ac' --- http://www.nic.ac/go/whois/gointeract.ac Pretty short, isn’t it? No Admin c, no contact person, and Microsoft isn’t mentioned at all, but the domain has been registered till 2021. The Owner OrgName Jacada was unknown to me. Searching the web didn’t gave me more insights at first. Overall, the whole site looks obscure to me. The tiny text, shown within the browser’s lower left corner, was a hyperlink. The German edition of the „Self Service for Mobile“ site opens a French Microsoft site – the English site opens an English Microsoft site. My first conclusion was: Hell, I was tricked by a phishing comment – somebody set up this site to grab installation ids of Office users. So I deactivated the link within the comment and I posted a warning within my German blog post, not to use this „Self Service for Mobile“ site. I also tried to contact the user, who has posted the comment, via e-mail. … but “Microsoft” provides these links … User JaDz responded immediately in an additional comment, and wrote, that the link shortened via bit.ly has been send from Microsoft via SMS – after he tried the telephone activation and selected the option to activate via a mobile device. I didn’t noticed that before – so my conclusion was: Hell, this obscure „Self Service for Mobile“ site is indeed related to Microsoft. Then I started again a web search, but this time with the keywords Jacada and Microsoft. Google showed several hits, pointing to the site jacada.com (see screenshot below). It seems that Jacada is a kind of service provider for several customers. I wasn’t able to find Microsoft within the customer reference. But I know, that Microsoft used external services for some activities. Now I suppose, that somebody from Jacada set up the „Self Service for Mobile“ activation site. The Ajax code used is obviously able to communicate with Microsoft’s activation servers and obtain an activation id. And Microsoft’s activation mechanism provides an option to send the bit.ly link via SMS. Closing words: Security by obscurity? At this point I was left really puzzled. We are not talking about a startup located within a garage. We are having dealing with Microsoft, a multi billion company, that claims to run highly secured and trustable cloud infrastructures world wide. But what’s left, after we wipe of the marketing stuff? The Office activation via telephone is broken (Microsoft confirmed that, after it was reported by customers!). As a customer in need to activate a legal owned, but re-installed, Microsoft Office is facing a nasty situation. Telephone activation is refused, the customers will be (wrongly) notified, that this option is no longer supported. Internet activation is refused due “to many online activations” – well done. But we are not finish yet. They set up a „Self Service for Mobile“ activation site in a way, that is frequently used by phishers. They are sending links via SMS to this site requesting to enter sensitive data like install ids. A site that is using mixed content via https, and is displaying an activation id. In my eyes a security night mare. But maybe I’ve overlooked or misinterpreted something. If you have more insights or an idea, or if my assumptions a wrong, feel free, to drop a comment. I will try to reach out and ask Microsoft for a comment about this issue. Article in German Source Alternate Source reading - AskWoody: Born: Office activation site controlled by a non-Microsoft company
  25. In Changing Our Approach To Anti-Tracking, Mozilla revealed plans to improve the privacy protection of Firefox users and the performance of the browser through the improved implementation of content blocking in the web browser. Firefox will protect users by blocking tracking by default and improve performance at the same time according to Mozilla. We reviewed the new content blocking options that Mozilla tests in Firefox Nightly currently already in July. The new feature, called Content Blocking in Nightly, integrates Firefox's long standing feature Tracking Protection and other content blocking options, and makes these more accessible in the browser. Mozilla launched Tracking Protection in 2014 in Firefox Nightly but enabled it for Private Browsing only in Firefox 42. Two years later, Firefox users could enable Tracking Protection for regular browsing sessions as well. Competing browsers introduced ad-blocking and content blocking functions of their own. Brave browser with its block-all approach, Opera browser with its integrated ad-blocking feature, and even Google launched a content blocker in Chrome to block advertisement on sites that use certain ad formats the company deems undesirable. Mozilla's privacy push in Firefox Mozilla plans to test and implement several privacy-improving features in the Firefox browser in the coming months. A new blog post on the official Mozilla blog highlights three key areas of importance. Page Load Performance improvements thanks to the blocking of slow-loading trackers. Blocking storage access and cookies from third-party tracking content. Blocking harmful practices such as crypto-currency mining or fingerprinting. Starting in Firefox 63 and dependent on a Shield study that Mozilla plans to run in September, Firefox will block slow-loading trackers automatically for all users in all browsing modes. Any tracker with a loading time of 5 seconds or longer is classified as a slow loading tracker by Firefox. Mozilla has high hopes that the blocking of slow loading trackers will improve the performance for Firefox users. In Firefox 65, Mozilla plans to strip cookies from third-party tracking content and block storage access provided that a Shield study in September will yield satisfactory results. Last but not least, Firefox will block harmful scripts and practices by default . Mozilla did not reveal a target version for the implementation only that it will land in a future version of the web browser. Firefox Nightly users can test the content blocking functionality right now already. Current versions of Nightly display content blocking options in the preferences and when users click on the information icon next to the site's address in the address bar. Current options allow users to block slow loading trackers, all detected trackers, and third-party cookie trackers or all third-party cookies. The content blocking functionality supports exceptions to allow certain sites to run identified trackers, e.g. to avoid site breakage. Is it enough? Firefox will block some forms of tracking in the near future and that is definitely a good thing. Some may question why Mozilla makes a distinction between slow-loading trackers and all trackers in Firefox, and why Firefox does not block all trackers automatically by default. One possible explanation for that is that blocking all trackers may prevent certain pages from loading correctly. Still, with Google not being able to implement full-scale ad-blocking in Chrome, it is an area that Firefox could really outshine Google Chrome if implemented correctly. The blocking of slow-loading trackers may be beneficial to privacy as well, but it is first and foremost an attempt to improve the performance of Firefox since any other tracker that is not slow-loading is still loaded by default. Now You: What would you like to see in Firefox in this regard? Source
×
×
  • Create New...