Tag Archives: Security

Protect Your Privacy

encryptedLast month I shared my concern about our diminishing privacy. Now I hope to share some ideas about how you can protect yourself. The key is encryption. Below I’ll give practical steps that you can take. I’ll cover a lot of different areas, I recommend doing as much of this as you’re comfortable with. The strategy is to encrypt everything. Most of these are easy to implement, so regardless of your background or technical ability you’ll be able to make a difference. The goal here is to become more secure in your daily life.

Connection
Your connection to the web should always be secure, which means enabling WPA2 encryption on your router at home and avoiding public networks. If you do need to surf on public wifi (coffee shops, airports, etc) then I strongly recommend that you take precautions to protect yourself. Disable sharing, turn on your firewall and use a VPN. I’ve used OpenVPN while traveling and I loved it. There are plenty of VPN services available. Protip, the Premium version of Disconnect blocks malware and is a VPN as well.

Websites
The best option here would be to avoid the companies known to have leaked to the NSA, but I’ll concede that isn’t realistic. Fortunately you have options. First, get the HTTPS Everywhere plugin for your browser and turn it on. Second, try DuckDuckGo or StartPage instead of Google, Bing or Yahoo.

Block ads & tracking scripts
Start with the simple, enable do not track within your browsers. Next, get the Disconnect browser plugin and configure it to block your browser from responding to requests. Finally, get Ad Block Plus and turn it on.

Encrypt your computer
This one used to be a challenge, but recently operating systems have appropriately taken over and now its a pretty straight forward task. For Windows you’ll enable BitLocker. For OS X you’ll turn on FileVault. Both of these are robust, well supported and easy to turn on. Just don’t forget your password. There are options for Linux as well, but my guess is that if you’re using Linux you don’t need my help.

Encrypt your data in the cloud
If you use a cloud storage service like Dropbox, Google Drive, iCloud or Box, your connection may be secure but if your files are unencrypted than anyone that gains access to those services has your pictures & files. These services have become a target for precisely this reason. There are a couple of options. If you already have files stored in one of the above services, you can use Boxcryptor or Viivo to encrypt what’s already there. These are freemium services so there’s a free option that will work for most, and a subscription option for more advanced features. They support most storage providers and most platforms, which makes them a great option. The next level would be choosing SpiderOak or Tresorit, which are zero-knowledge, secure cloud storage services. They both offer a free plan and modest fees for increased storage.

Encrypt your phone
Your phone goes everywhere with you. If it is lost or stolen, all of your data is ripe for the picking. Passwords aren’t enough to keep people out, you need to encrypt it so that the data is hidden. The good news is that it’s simple. Android, iPhone & Windows Phone each have native tools to easily enable this feature. In fact, for these devices phone encryption is just a setting.

Secure Email
This is the trickiest one of all. Until recently encrypted email has been challenging enough that for most people it wasn’t worth the effort. It’s also, in my opinion, the most important. Your email tells just about everything there is to know about you in one spot. Your friends, your interests, your calendar updates, where you bank, and more. This really could be its own series of blog posts, but my goal here is to keep things simple. For Gmail, Yahoo & Hotmail, you want Mailvelope, which is a browser plugin for Firefox or Chrome that simplifies the steps involved in PGP encryption. A better option would be to switch to a free secure email provider like ProtonMail or Tutanota. These services handle end-to-end encryption for you.

If you take these steps, you’ll both protect yourself from being a target for hacking, and protect your identity while online. Without the keys to decrypt it, it just looks like static or junk data. In fact, it IS junk data.

I’ve covered these topics pretty quickly. If you’d like to know more, I’d encourage you to do some investigating and educate yourself.

Craigslist Scammers

I’ve listed a couple of things on Craigslist recently. I generally prefer selling on Craigslist because its free, but you do have to deal with scammers. Generally my policy is to avoid them, but this week I decided to let the story play out just to see what happens. The “person” that wants to buy my iPod is ibrojsmelbar@gmail.com (aka Banderos Smith), and he’s “paying” for it to be shipped to Nigeria.

When he wrote me back, he offered me more than I was asking. Just to jack with him, I raised the price even further, and of course he went for it (when you don’t plan to send any money at all, what’s another $30 or $40?). So first I get a spoofed email from Paypal, saying that my account has been credited. I have to say that its a pretty bad spoof. But then it gets more interesting, I’ve gotten a total of three spoof emails so far.

The first email was sent by pp305@ultimateemail.com, with the name showing as service@paypal.com. If you use gmail (or Google apps) then you’ll see right off that the email was not sent by Paypal. The email asks you to send the shipment tracking number to “Paypal” at the same pp305 email address. Any astute user will note right off that Paypal does not send their emails through any free email service, ultimate email or otherwise.

Paypal spoof email from scammers

Paypal spoof email from scammers

Within minutes of receiving that email I got a second, again from pp305@ultimateemail.com. This one is a reminder of the safety measures that Paypal takes to ensure the security of my account. Once again, its pretty easy to identify it as a fake.

Fake Paypal Safety Email

Fake Paypal Safety Email

At that point, I sent Banderos an email saying nice try, and I figured we were done. I forwarded both of those emails to Paypal so that they’re aware of them, and went about trying to sell my iPod. This morning when I woke up I had an email supposedly from the FBI, threatening that if I didn’t provide a tracking number within hours that I’d be facing legal consequences. This one was sent from f_b_i_crimeteam@ultimateemail.com.

Spoof FBI email

Spoof FBI email

Each of these emails was obviously a fake. I’ve pointed out a couple of obvious errors, there are several others that I won’t mention here because I don’t want to make it easier for them to fool someone else. Lets just say that there is quite a bit of evidence suggesting that this is a scam, for anyone that has the inclination to look.

Seller beware. The fact that they’ve put so much thought into this scam indicates that they’re taking advantage of enough people to make it worth their while, which is pretty sad. I still prefer Craigslist to eBay because its free. I’m sure I’ll be dealing with more cretons like these soon enough.

Secure Gmail

Do you use Gmail? You know how when you log in its a secure connection, but then when you get to your mailbox its NOT secure? That always bugged me, but I didn’t think there was anything to be done about it. Yahoo is the same way, you log in over a secure page, but then when you access your email its not secure.

Just this morning I learned the solution. You can work with all of your Gmail, Google Calendar, and Google Documents through a secure internet connection. And it won’t cost you a cent.

You just have to update your links to include https://.

I don’t think Yahoo & Microsoft (Hotmail) even offer this with their premium accounts. All of the webmail providers keep increasing the account storage capacity thinking that will win new clients. Having a secure connection is more important to me than infinite capacity.

Way to go Google, keep up the great work.