Russ Harvey Consulting - Computer and Internet Services

Restoring Privacy

Take Back Your Privacy | Safer Browsing | VPNs | Reset the Net

Your Privacy At Risk

Your privacy is at risk like it has never been before, yet most folks think they have no need for concern. They are wrong!

See Your Privacy at Risk to understand the unprecedented attacks on personal freedom being perpetrated by corporations and governments worldwide.

Privacy is a Basic Human Need

Privacy is NOT about hiding wrongs. It is a basic human need.

The fear of surveillance is realistic and stifles personal expression.

Protection Against Terrorism Undeliverable

Governments are promising us something that is undeliverable (protection against terrorists) in exchange for the loss of our privacy. They are also allowing corporations unprecedented access to our private data.

Attitudes are Changing

Attitudes about privacy are changing. Slowly.

Recent surveys regarding Americans' attitudes about privacy, security and surveillance show that people have little confidence that their data will remain private and secure — particularly in the hands of government:

Just 6% of adults say they are ‘very confident’ that government agencies can keep their records private and secure.

Privacy Legislation Outdated

The definitions used in most privacy legislation are more suited to the pre-Internet and pre-computer era.

Today were our every move is tracked in real-time and we store our innermost thoughts on portable devices.

Even without the increasingly permissive data disclosure practices enabled by C-51, federal government agencies have seen over 3000 breaches of the highly sensitive private information of an estimated 750,000 innocent Canadians in recent years. — The Star

Protecting the Privacy of Canadians: Review of the Privacy Act (PDF) has more discussion about these issues.

Websites Are Tracking You

Websites use Google Analytics, web beacons, cookies, LSO (Flash) cookies, and more to collect detailed information about who comes to a site, where they land, how long they spend there and where they go afterwards.

In a visit to forbes.com, Ghostery told me that there were 27 trackers and Forbes accused me of using an ad-blocker. Ghostery is not preventing sites I visit from displaying ads, only preventing their ad suppliers from tracking me.

Most such advertising trackers have a poor privacy policy — or none at all.

Crippling the Web

These exploits are crippling the Web's ability to transform information.

Many site no longer allow you to simply view a video or read the comments left by other site visitors. Instead, they hide these features from you unless you allow their cookies to track your every action.

Return to top

Take Back Your Privacy

But you're not powerless. There are things you can do.

Avoid Giving Information Away

As well as taking steps to avoid giving away unnecessary information, you can also:

Everyone that asks you to fill out a form — whether a paper form or on-line — is collecting personal data.

Once you provide that information, it is no longer in your control. While everyone is diligent in collecting your information, they are less likely to be as careful in protecting that information — particularly if an opportunity to profit comes along.

Protect Your Privacy

Be selective in the information you provide.

Avoid giving it away without thinking about the potential consequences first.

  • Does this site need that information?
  • How will they use that information?
  • Will they share that information with others?
  • How will they protect my personal information?
  • If they fail to protect it, what are the consequences for me? For them?

Does This Site NEED My Information?

If you are ordering a product, the company will need your shipping address and payment information. However, you have choices in how that is accomplished. For example, by using PayPal “ABC Gizmos” won't have your credit card information.

Many sites and online games offer the option to create a unique log-in identity or use your Facebook profile. If you choose to create a unique identity you're providing them with far less information (usually your email address plus a password) than giving them access to your Facebook profile.

How Will They Use That Information?

Depending upon the site, you should be very selective in providing information. For example, sites don't need your birth date, only to know if you're old enough to enter into a binding legal agreement. Yet many sites choose the birth date because that provides them with much more precise information about you.

Using your photo for a profile picture or avatar may personalize your experience, but facial recognition software can relate the information to data found on other sites with the same photo. Combining seemingly innocuous information with trackable information (your IP address, email address, etc.) can create a profile that can be used to direct advertisements or to sell to information brokers.

Will They Share With Others?

Unless specifically stated, you have to assume that they will share your information with others if it is profitable. If the company is sold or if they receive a government warrant, the new company is not bound by any promises made to you.

Will They Protect My Information?

Most companies spend much more protecting their own information than protecting yours. Remember, most of the security breaches only affect consumer data, not corporate data. After all, you provided it for free!

Governments could enforce protection with significant penalties, yet choose not to do so.

What is their Privacy Policy?

You should always read and understand the privacy policy of any site before you choose to give personal information.

You need to check this policy from time-to-time as the privacy policy might change for a number of reasons including purchase of the company or a new business plan.

Any site without a privacy policy probably does NOT have your best interests at heart.

That said, it becomes increasingly impossible to read the privacy policy of every website (or to understand the complex language used) A study by researchers at Carnegie Mellon concluded:

…if the average American were to actually read every single privacy policy of every single web service that she used in a year…[t]he average user would have to spend between 181 and 304 hours each year reading privacy policies. — “Disappearing Phone Booths: Privacy in the Digital Age”

Privacy Policies are Changing

You only need to look at the way Facebook, Hotmail and others so quickly changed their privacy policies to enhance their profitability. You're on your own when it comes to protecting your identity.

If the service is free, then you are the product. — The Day We Lost Everything

Who Has Your Back?

EFF 2015 report on the track record of companies in protecting your privacy

Who has your back? EFF released the 2015 track record for social media, communications and other companies in releasing private information to the government.

Do You Protect Others' Privacy?

Learn how to avoid giving information away (including protecting other people's email addresses).

Check Your Privacy Settings

Check your progress in improving your privacy awareness and changing habits by taking the Mozilla privacy survey. There is more information about privacy on this page and on related pages on this site.

Social Media

Social media is a very important aspect of privacy because so much personal information is collected including facial recognition software, comparative and linked data (such as the "Like" button) as well as the content and nature of our everyday posts.

Are you sharing too much?

Return to top

More About Restoring Privacy

Return to top

Safer Browsing

Cookies Report on Your Web Habits

People have become more aware of the amount of information that is collected about them while they are on the Internet using such devices as cookies. You can deal with cookies using some of the many utilities available on the Net or by using the tools provided by modern browsers (Firefox recommended).

Do Not Track

Current browsers have the capability of telling a site that you don't want to be tracked. But that assumes that a site will bother to respond. There are few, if any, such mechanisms in place.

Do Not Track is a browser setting where the user can indicate that they don't want to be tracked. However, without a consensus about how to interpret DNT, most sites ignore the setting.

[D]espite the fact that only a small number of companies respect it — a significant number of companies like Twitter, Medium and others do respect it. — Jules Polonetsky

Hopefully, when there is a universally-accepted standard in place, all websites will honour them.

Even when Do Not Track is enabled, some facilities also track store visitors via their cell phone using Mobile Location Analytics.

Panopticlick is an online test that analyzes how well your browser and extensions protect you against online tracking techniques, even if you are using privacy-protective software.

Opt-Out Cookies

Another option is to use the services of a site such as the Network Advertising Initiative which offers to place an opt-out cookie on your computer for certain ad servers such as DoubleClick.

Flash Cookies

Many sites use flash cookies (Local Shared Objects or LSOs) that are not deleted when you remove traditional cookies. Adobe provides information on how to manage or disable LSOs, but ignorance makes most users vulnerable to exploitation by sites that use them.

CCleaner is capable of cleaning LSOs, but this is not enabled by default.

Flash is listed as one of three programs that make Windows vulnerable to malware (as well as Linux and Mac if Flash is installed). As technology moves away from Flash, the risk of LSOs should diminish.

Have a look at my listing of Firefox extensions. Some allow you to manage or remove LSOs but status can change quickly so I won't duplicate the listing here.

Your Choice of Browser Matters

Firefox Recommended | Internet Explorer | Google Chrome

The browser you use to surf the Web will make a different in not only what tools are available to you or how convenient the browser is, but also in terms of how much information you share in the process and what those gathering that information do with it.

Ixquick's StartPage privacy page has information about how simply using a search engine can leave behind a history that can last for years.

The problem is made even more dangerous as companies like Google become more powerful, purchase companies in areas they traditionally didn't have access, then combine data about their users between these companies. Running their free Gmail and Chrome browser will provide even more information about yourself, helping to create a more accurate profile to serve ads to. Google never forgets!

Firefox: A More Secure Browser

Firefox is my recommendation. Not only is it more secure, but it more closely follows web standards, making your experience a better one.

Firefox is made under the principle that security and privacy are fundamental and must not be treated as optional. Firefox is the only major browser not targeted by the NSA scandal and we're fighting to reform government surveillance for you. — Mozilla

Share what kind of Web you want. A human face is placed onto technical concerns in the related Firefox video.

Clear Private Data

Clear Private Date dialogue box

You should clear your privacy data (cookies, saved form information, cache and authenticated sessions) before and after on-line banking (or similar sites where there is the risk of revealing personal information of greater value).

These settings are on the Privacy tab in the Firefox Options settings. Firefox Options is located different ways:

  • Firefox 29 or newer: the Firefox menu is on the top right (3 horizontal lines).
  • Firefox 4–28: the orange Firefox button on the left contains the Options menu..
  • The Firefox Menu Bar (turned off by default starting with Firefox 4) has Options in the Tools menu.

Once the Options dialogue box appears, click on the Privacy tab and check Clear history when Firefox closes. You can choose which items get removed by clicking the Settings button on the right (see dialogue box above).

Internet Explorer: Simply Too Vulnerable

Internet Explorer (IE) is a major security vulnerability within Windows and therefore should not be used as your primary browser when surfing the Internet.

When the CVE-2014-1776 vulnerability affected IE versions 6–11 the US-CERT team (U.S. Homeland Security) recommended moving to an alternate browser. This is good advice even after the vulnerability is patched.

Microsoft made IE a key component of the Windows installer — a significant security vulnerability when surfing the Web. You can help reduce the risk by enabling the following settings:

  • Current versions of IE can check sites for forgeries (sites looking to exploit your trust of the real site) if you authorize it during installation.
  • Check "Prevent programs from suggesting changes to my default search provider" in IE's extensions.

Security risks are not unique to Internet Explorer but its reach is deep into the Windows operating system, making it more vulnerable to security issues than any other browser.

You may need to use IE for some legitimate tools:

  • Microsoft's Fix it solutions need to run in Internet Explorer.
  • Symantec's AutoFix Tool must run in Internet Explorer in order to be able to make the necessary changes to Windows files.

Windows XP used IE to run Windows Update, a program that makes significant changes to your system and requires access to key Windows components. Microsoft Update is now built into Windows Vista and 7 making IE more secure.

Microsoft's Windows Update plug-in for Firefox as an alternative to using Internet Explorer is not recommended because this makes Firefox more vulnerable. It is better to use Internet Explorer only where necessary (and safe).

Move to Firefox and launch Internet Explorer ONLY where it is absolutely necessary. If a normal page won't load properly except in IE, you're probably better off going elsewhere for your information.

Google Chrome: Quicker, Convenient, Zero Privacy

Google Chrome (initially based upon the open source Mozilla code) has become very popular because it is much smaller and potentially faster than other browsers (at least as long as you don't use extensions).

Collecting, Collecting, Collecting…

Chrome does this, in part, by keeping the user's data on their servers rather than on the user's computer. People have access to their data from any number of computers, phones and tablets.

This is convenient but eliminates your ability to fully control your own information. Google uses this information to serve more appealing ads based upon what you've viewed with Chrome.

Free Email Costs You Your Privacy

So many people have moved to using “free” cloud-based webmail programs that the market has virtually collapsed for independent stand-alone email programs.

No Privacy

The biggest issue is privacy.

Services like Gmail, Yahoo! Mail and Outlook.com (formerly Hotmail) sift through your emails to build a profile on you to sell advertising.

No Security

However, the Yahoo! data breach should tell you that your privacy is NOT a priority. Not only did they lose enough information to commit identity theft using the stolen data — “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and even security questions and answers” — but they took several years to bother telling anyone.

Gmail Difficulties

Gmail has made it more difficult to simply download your Gmail to a standalone email client (an email program that stores your messages on your computer rather than on Google's servers).

Google wants you to leave a browser window open with Gmail running. By knowing the sites you're visiting they can present “more relevant” ads (i.e. ads that you're more likely to click on based upon your surfing history). Of course, if you're running Chrome, they already know this.

StartMail Recommended

StartMail ($59.95 per year) provides an alternative to ‘free’ email services that aren't free — you pay for them by sharing the most intimate details of your life with corporations and marketers. StartMail's privacy policy.

Return to top

www.RussHarvey.bc.ca/resources/restoreprivacy.html
Updated: April 4, 2017

Check the privacy settings for your devices and software/apps

VPN Services

A Virtual Private Network, or VPN, is often used by businesses to secure their private network over a public network.

For most users this will mean securing your access over the Internet using a private VPN service so that your communications are encrypted.

The most important thing you need to know about a VPN: It secures your computer's internet connection to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes. — LifeHacker

Be careful in how you select your VPN. There are lots of VPN services.

Free services have to make money somehow and that might be by selling your private data (paid services could also do this).

These resources will help you choose what is right for you:

Return to top

Reset the Net

One year after Snowden revealed just how much governments were collecting, Reset the Net launched splash screens like the one below.

Reset the Net. Take back your privacy and freedom.

This program urged people to take back their privacy in response to government spying by signing the pledge and taking other action:

The Pledge

Mass surveillance is illegitimate. I'm taking steps to take my freedoms back and I expect governments and corporations to follow in my footsteps and take steps to stop all mass government surveillance.

The Nature of the Problem

The nature of the problem, its solution and a plan was laid out.

The Problem

The NSA is exploiting weak links in Internet security to spy on the entire world, twisting the Internet we love into something it was never meant to be: a panopticon.

The Solution

We can't stop targeted attacks, but we *can* stop mass surveillance, by building proven security into the everyday Internet.

The Plan

First, get hundreds of sites & apps to add proven security (like SSL). Then on June 5, we'll run a splash screen *everywhere* to spread NSA-resistant privacy tools.

While that date has passed, the issues haven't. I urge you to take the initiative to follow the recommendations (and those elsewhere on this page) to restore your privacy.

Recommendations

The pledge was backed by some recommendations.

For Website Owners

Pledge to add SSL, HSTS & PFS protection this year; it matters! …[P]romote free software for end-to-end encryption. Already rocking SSL & HSTS? Consider approaches to end-to-end crypto.

For Mobile App Developers

If your app talks to a server, use SSL & cert pinning, and make sure all third party code like ads & analytics does too. If it's a messaging app, consider end-to-end encryption.

For All of Us

Pledge to try & share NSA-resistant privacy tools, and join the Thunderclap to protest on social media. In the meantime, join the #ResetTheNet Twitter brigade & help get more sites to join in.

Reset the Net Privacy Pack

See the recommendations on the Reset the Net Privacy Pack.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!