Vanguard News Network
VNN Media
VNN Digital Library
VNN Reader Mail
VNN Broadcasts

Old February 16th, 2013 #1
Alex Linder
Administrator
 
Join Date: Nov 2003
Posts: 45,378
Blog Entries: 34
Alex Linder
Default Privacy

[go thru bottom link to get links to these five softwares]

Five tools to protect your privacy online

by Simon Black on February 15, 2013

Reporting from the 6th Region, Central Chile

We’ve discussed many times before—hardly a month goes by without some major action against Internet users… from Obama’s ‘kill switch’, to ACTA, SOPA and PIPA, to stasi tactics against people like Kim Dotcom.

Online privacy is becoming more important by the day. And nobody is going to give it to you, you have to take steps yourself to secure it.

Below are five different tools and services that will get you started:
1. Tor Browser

Tor is a great weapon in the fight for online anonymity as it allows you to surf the web without giving up your location and other personal data to the websites you visit.

The Tor Browser Bundle is the easiest and most secure way to get started; simply download it, and start surfing the web with the Tor Browser. It’s available for Windows, Mac, and Linux.

Learn more about and download the Tor Browser Bundle here
2. Duck Duck Go

If you want privacy, don’t search with Google.

Google store all of your searches to customize ads for you, but even worse, they can hand over the whole list of searches to any government agency that are curious about what you’ve been looking at for the last couple years.

A better alternative is Duck Duck Go, a completely anonymous search engine that does not store any information about you or your searches. The search results are essentially identical to Google’s, so there’s no loss of quality.

Search with Duck Duck Go here
3. HTTPS Everywhere

HTTPS Everywhere is a plug-in for Firefox and Google Chrome that tries to force a website to connect in secure mode, thus encrypting your traffic with the website you are visiting. This makes your browsing more secure because it prevents eavesdropping thieves or state-mafia from intercepting your unencrypted Internet traffic.

Download HTTPS Everywhere here
4. Cryptocat

Cryptocat is an encrypted chat that beats Facebook and Skype when it comes to security and privacy. If you want to chat in private then this is one simple solution. It’s also open source, which means you can see the full code and be sure there are no government “backdoors” built in.

Read more about and download Cryptocat here
5. Silent Circle

Silent Circle is a new player on the market, but it is founded by “old” players in the security and encryption industry. One of the founders, Phil Zimmerman, is also the creator of PGP, one of the most-used encryption platforms in the world.

Silent Circle is a suite of products offering:
Encrypted email
Encrypted video chat
Encrypted phone calls
Encrypted text messaging

Silent Circle is the only service on this list that is not free. But having the gold standard of encryption may be worth it for you. It is for me.

Read more about Silent Circle here
Bottom Line

You can set up most of the tools we discussed in 5 minutes. Each of them will go a long way in securing your privacy online.

http://www.sovereignman.com/personal...y-tools-10859/
 
Old February 17th, 2013 #2
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default Truecrypt file and disk encryption

Truecrypt file and whole system drive encryption: http://www.truecrypt.org/

Encrypting files by creating a new volume:
Encrypting entire system drive (know what you're doing before doing this) :

Last edited by varg; February 20th, 2013 at 06:25 PM. Reason: .
 
Old February 20th, 2013 #3
Ed in CT
Good Guy
 
Ed in CT's Avatar
 
Join Date: Aug 2007
Posts: 490
Ed in CT
Default

On password creation, security and how secure passwords are compromised.

http://arstechnica.com/security/2012...under-assault/
 
Old February 20th, 2013 #4
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default Eraser

http://eraser.heidi.ie/

Basically when you delete a file under Windows, it doesn't actually delete the data. The file is still there and is just hidden from you. The file can still be recovered using programs like Recuva and other more advanced forensic recovery tools.

The file's data is only wiped when it's overwritten. Either when your hard drive is filled up to capacity, or if you use special tools that will write random data over your file multiple times.

If you want to delete specific files you can simply right click the file and use 'eraser' and choose a different level of secure deleting, Gutman being the strongest because it uses 35 passes of random data.

If you've never securely deleted files before then your hard drive still has lots of recoverable files and you'll want to do a clean of 'Unused space' to remove traces of old stuff. Having it scheduled biweekly isn't a bad idea either. Don't use Gutman on the whole unused space clean, it will take way too long on large HDs and might deteriorate the drive's performance over time.

Quote:
Welcome to the Eraser Home Page!

Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.

Why Use Eraser?

Most people have some data that they would rather not share with others – passwords, personal information, classified documents from work, financial records, self-written poems, the list continues.

Perhaps you have saved some of this information on your computer where it is conveniently at your reach, but when the time comes to remove the data from your hard disk, things get a bit more complicated and maintaining your privacy is not as simple as it may have seemed at first.

Your first thought may be that when you ‘delete’ the file, the data is gone. Not quite, when you delete a file, the operating system does not really remove the file from the disk; it only removes the reference of the file from the file system table. The file remains on the disk until another file is created over it, and even after that, it might be possible to recover data by studying the magnetic fields on the disk platter surface.

Before the file is overwritten, anyone can easily retrieve it with a disk maintenance or an undelete utility.

There are several problems in secure file removal, mostly caused by the use of write cache, construction of the hard disk and the use of data encoding. These problems have been taken into consideration when Eraser was designed, and because of this intuitive design and a simple user interface, you can safely and easily erase private data from your hard drive.
Quote:
The best erasure method for you is really depending on what level of security you require. The greater the number of passes, the better the security, at the cost of execution time. However, since most people do not need that high levels of security, one pass is sufficient for most people, and there is currently no evidence that once data has been removed via a one-pass erase any data can be recovered. Having said that, there are some people who would like to use a greater number of passes.

Last edited by varg; February 20th, 2013 at 06:02 PM. Reason: .
 
Old February 20th, 2013 #5
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default CCleaner

https://www.piriform.com/ccleaner

Cleans unnecessary temporary files, freeing up space, but also clears out various tracking history data and unwanted browser cookies.

You can schedule it to run on a daily basis. Just make sure to exclude trusted websites from the cookie cleaner through settings, otherwise your 'remember me' auto-login details will be deleted on sites and you'll always have to be logging back in to your accounts.

Quote:
Features

CCleaner supports the cleaning of temporary or potentially unwanted files left by certain programs, including Internet Explorer, Firefox, Google Chrome, Opera, Safari, Windows Media Player, eMule, Google Toolbar, Netscape, Microsoft Office, Nero, Adobe Acrobat, McAfee, Adobe Flash Player, Sun Java, WinRAR, WinAce, WinZip, GIMP and other applications[6] along with browsing history, cookies, recycle bin, memory dumps, file fragments, log files, system caches, application data, autocomplete form history, and various other data.
[7] The program also includes a registry cleaner to locate and correct problems in the Windows registry, such as missing references to shared DLLs, unused registration entries for file extensions, and missing references to application paths.[6] As of v2.27, CCleaner can wipe the MFT free space of a drive, or the entire drive itself.

Last edited by varg; February 20th, 2013 at 06:08 PM. Reason: ...
 
Old February 20th, 2013 #6
Ed in CT
Good Guy
 
Ed in CT's Avatar
 
Join Date: Aug 2007
Posts: 490
Ed in CT
Default

A password manager that encrypts your password database and you secure it with one master password. Free, open source software.

http://keepass.info/

Quote:
KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.

The complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.
SHA-256 is used as password hash. SHA-256 is a 256-bit cryptographically secure one-way hash function. Your master password is hashed using this algorithm and its output is used as key for the encryption algorithms.
In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.

Protection against dictionary and guessing attacks: by transforming the final master key very often, dictionary and guessing attacks can be made harder.
In-Memory Passwords Protection: Your passwords are encrypted while KeePass is running, so even when the operating system caches the KeePass process to disk, this wouldn't reveal your passwords anyway.

[2.x] Protected In-Memory Streams: When loading the inner XML format, passwords are encrypted using a session key.

Security-Enhanced Password Edit Controls: KeePass is the first password manager that features security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren't even visible in the process memory of KeePass.

The master key dialog can be shown on a secure desktop, on which almost no keylogger works. Auto-Type can be protected against keyloggers, too.
Also see the security information page.
 
Old February 20th, 2013 #7
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default

Keep in mind the software you linked to is different from the software in the description you gave.

The link goes to LastPass, the description is for KeePass.

Lastpass stores your encrypted (supposedly) passwords in the cloud on their servers.

I trust KeePass more than Lastpass, since KeePass's database is only stored locally on your computer.

LastPass is easier to use because it will fill the login forms out for you and doesn't require as much user intervention. Supposedly they encrypt your database that's housed on their servers and they claim it's unreadable to anyone but you, but I really don't trust anyone that well.

If you want to make KeePass easier to use and automated, get the KeePassHTTP plugin. Though it might be more advanced to set up that way. You need the Chrome or Firefox extension too.

Last edited by varg; February 20th, 2013 at 08:57 PM. Reason: .
 
Old February 21st, 2013 #8
Ed in CT
Good Guy
 
Ed in CT's Avatar
 
Join Date: Aug 2007
Posts: 490
Ed in CT
Default

Fixed it Varg, thanks.

I had LastPass URL on the clipboard, forgot to copy the correct one.

I prefer to not have my passwords on a server, encrypted or not, I like them here.

Assuming that Mega.co.nz is totally secure, that might be a safe place to store an encrypted password list. They claim that even the server admins cannot decrypt files that are stored there.

Last week Mega offered rewards for anyone that could find security holes in the site and evidently some were found, Mega patched them and paid the people they said they would.

Quote:
Originally Posted by varg View Post
Keep in mind the software you linked to is different from the software in the description you gave.

The link goes to LastPass, the description is for KeePass.

Lastpass stores your encrypted (supposedly) passwords in the cloud on their servers.

I trust KeePass more than Lastpass, since KeePass's database is only stored locally on your computer.

LastPass is easier to use because it will fill the login forms out for you and doesn't require as much user intervention. Supposedly they encrypt your database that's housed on their servers and they claim it's unreadable to anyone but you, but I really don't trust anyone that well.

If you want to make KeePass easier to use and automated, get the KeePassHTTP plugin. Though it might be more advanced to set up that way. You need the Chrome or Firefox extension too.
 
Old January 18th, 2014 #9
Alex Linder
Administrator
 
Join Date: Nov 2003
Posts: 45,378
Blog Entries: 34
Alex Linder
Default

on 'jihadists' using internet

http://www.vice.com/read/how-jihadists-use-the-internet
 
Old January 18th, 2014 #10
jclark
Junior Member
 
Join Date: Jan 2014
Posts: 25
jclark
Default TOR Compromised by NSA

Quote:
Originally Posted by Alex Linder View Post
This article is really interesting, if TOR is compromised by the NSA, then it make me wonder about all the other solutions we have for privacy are as well. They are really secretive on revealing how they are gathering information on us and the laws made now destroy the Constitutional Rights of being able to refute evidence because the government is afraid if the source or how it is gathered the arab terrorist will get around them. So much for our privacy, the government privacy keeping things a secret from us is more important than ours.
 
Old January 19th, 2014 #11
Hugo Böse
Jeunesse Dorée
 
Hugo Böse's Avatar
 
Join Date: Jan 2004
Location: Four Seasons Jalalabad
Posts: 8,594
Hugo Böse
Default

If I were a government spy agency I would pay particular attention to all those services which purport to offer privacy and encryption. If a business offering online privacy is located in the West it is liable to be forced to secretly provide government agencies access to its clients, we´ve already seen this in that Email company whose owner shut down the business rather than cooperate with the government, I forgot what the name was.

__________________
_______
Political correctness is an intellectual gulag.
 
Old January 19th, 2014 #12
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default

The US govt funds a large percentage of TOR's development. I think something like 90% .

It's not a 'secure' protocol either. It just proxies your traffic through other hosts to add a layer of anonymity, without much attention given to encryption. It's not known whether tor is entirely anonymous, or if the NSA can still trace it.

The problem with TOR are the exitnodes. Anyone can set up a fake TOR exitnode and watch all the traffic going across the wire, even eavesdrop on passwords. I've read that the US govt sets up fake/honeypot tor exitnodes. Also there's been proof of concepts for removing the encryption from HTTPS sites (ssl encryption), eavesdropping on the data, and sending it back to the user while they're fooled into thinking their traffic is being encrypted. It's also theoretically possible for the exitnode to inject malicious code or viruses into websites and send it back to the user without them being aware.

Do not login to any private accounts while using tor.

Last edited by varg; January 19th, 2014 at 10:00 AM. Reason: .
 
Old January 19th, 2014 #13
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default

Chrome extension author talks about how malware companies offer extension programmers money in exchange for injecting malicious code, or collecting user data used for marketing. Same thing probably happens to other software and other browsers.
http://www.reddit.com/r/IAmA/comment...opular_chrome/

The NSA often tries to pay off security companies to keep their software's encryption weak or infected with a backdoor.

http://rt.com/usa/rsa-nsa-deal-weaken-encryption-581/

http://www.pcworld.com/article/20871...e-routers.html
 
Old January 19th, 2014 #14
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default

Researchers pay to have the popular encryption program TrueCrypt audited for any backdoors:

http://www.pcworld.com/article/20612...ing-goals.html
 
Old January 19th, 2014 #15
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default

Good news source for privacy, NSA, security, and other tech related issues here: http://www.reddit.com/r/privacy
 
Old January 19th, 2014 #16
jclark
Junior Member
 
Join Date: Jan 2014
Posts: 25
jclark
Default

Quote:
Originally Posted by varg View Post
Chrome extension author talks about how malware companies offer extension programmers money in exchange for injecting malicious code, or collecting user data used for marketing. Same thing probably happens to other software and other browsers.
http://www.reddit.com/r/IAmA/comment...opular_chrome/

The NSA often tries to pay off security companies to keep their software's encryption weak or infected with a backdoor.

http://rt.com/usa/rsa-nsa-deal-weaken-encryption-581/

http://www.pcworld.com/article/20871...e-routers.html
A friend of mine owns a tech company that specializes in encrypted products for high level executives and to prevent corporate espionage. The NSA contacted him after seeing his products at a trade show demanding that he provide backdoors to his products and accusing him of violating US export laws if he didn't put backdoors in his products. The NSA was a bunch of bullies and were not willing to pay anything to him to create the backdoors. They also demanded that he get his product FIPS-140 compliant which is some NIST NSA testing to ensure that the product does have any other secret backdoors that are unknown. His product did not have any backdoors even their tech support so if you get locked out, the product is worthless. The testing was $250,000 to test a product at an approved NSA lab. What a racket so companies have to bend over to the NSA or they put you out of business. He decided to only sell his products in Europe and not live here anymore.
 
Old January 24th, 2014 #17
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default more on tor weaknesses

Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users - http://thehackernews.com/2014/01/mal...it-relays.html



Quote:
Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship.
When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination.

According to a recent report 'Spoiled Onions: Exposing Malicious Tor Exit Relays', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users’ encrypted traffic using man-in-the-middle techniques.

Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called "exitmap" and detected suspicious behavior somewhere in Russian network. They identified 25 nodes that were tampering the web traffic and stripping out the encryption using 'sslstrip' attack.

They found some faulty nodes, may be because of configuration errors or ISP issues, but 19 nodes were caught using a bogus SSL certificate to perform man-in-the-middle attacks on users. Those buggy nodes were programmed to intercept only traffic to the Facebook website.
 
Old January 24th, 2014 #18
varg
...
 
Join Date: Apr 2004
Posts: 9,701
varg
Default

https://en.wikipedia.org/wiki/Tor_%2...ity_network%29

Quote:
Originally sponsored by the U.S. Naval Research Laboratory,[11] which had been instrumental in the early development of onion routing under the aegis of DARPA, Tor was financially supported by the Electronic Frontier Foundation from 2004 to 2005.[13] Tor software is now developed by the Tor Project, which has been a 501(c)(3) research-education nonprofit organization [14] based in the United States of America [1] since December 2006. It has a diverse base of financial support;[13] the U.S. State Department, the Broadcasting Board of Governors, and the National Science Foundation are major contributors.[15] As of 2012, 80% of the Tor Project's $2M annual budget comes from the United States government, with the Swedish government and other organizations providing the rest,[16] including NGOs and thousands of individual sponsors.[17] On December 17, 2013, the Tor Project announced that it would begin accepting bitcoin, thus becoming, to its knowledge, the first 501(c)(3) non-profit organization to test the compatibility of bitcoins with the U.S. government's A-133 Audit Standard.
 
Reply

Tags
privacy

Share


Thread
Display Modes


All times are GMT -5. The time now is 01:52 PM.
Page generated in 0.16382 seconds.