Data Privacy Day 2016

It’s that time of year again! Data Privacy Day! What follows after the jump is an aggregation of posts I’ve written about data security as well as a commentary on web-browsers and a how-to guide for using TOR safely.

image

Web Browsers: In my previous post I said the following which I still hold to be relatively true:

Now let’s all be honest here Mozilla’s Firefox is objectively the best browser for security, flexibility, and customizability. Now that that’s over with, let’s talk more importantly, addons.

  • The first add-on everyone should have is called Adblock Plus. It’s a free add-on that, as the name implies, blocks advertisements from websites. While it’s not perfect, there’s a reason it’s number one on Mozilla’s most popular list. Just navigate here and click “+Add to Firefox”.

  • Next we have DoNotTrackMe. This free add-on sends messages to websites that you don’t want to be tracked as well as blocking tracking attempts by third parties. To get it, headhere and click the green button. (Alternatively, this can be replaced with Ghostery which is functionally the same, yet it does have a better UI. To get that, head here)

  • The next one comes right from our friends at the Electronic Frontier Foundation and it’s called HTTPS Everywhere. This is probably my favorite add-on and with good reason: it forces your connections to websites to be routed through the encrypted HTTPS protocol as opposed to HTTP. There are tons of reasons why HTTPS is good but basically all you need to know is that, if used properly, it encrypts the data going to the site as well as verifies the integrity/security of the site. To get this add-on, head over to the EFF page here and click the “Install in Firefox” button.

  • Next is another one of my favorites, Web of Trust. Web of Trust is a pretty fantastic add-on that has saved my ass on countless occasions. Web of Trust works like a crowd-source type thing where websites are rated by users according to trustworthiness and child safety. Additionally, it allows users to comment about specific websites giving you more information. All this comes in the form of a little circle in the upper corner of the address bar that is either green, yellow, or red. (Green indicates it’s probably safe, yellow is meh, and red is most likely un-safe) What’s more, when you Google something, the same circles will show up next to the results showing you which sites are good, and which aren’t. And if that wasn’t enough, if you accidentally get redirected to a “red” site, it automatically stops the connection and ASKS you if you want to continue. So with Web of Trust, you don’t need to worry if “awesome-free-movies-and-software.com” is a good site or not… To get this add-on, head over here and click the green button. (I can’t stress this enough, this is probably the best add-on in existence, there is one downside however***)

  • Next there is one called Best Proxy Switcher. I do not use this one because I use a VPN, but this has good reviews and is basically a proxy add-on to hide your IP address. You can get it here.

  • The next one is a just there – it’s called NoScript and it blocks Java Script from running. This can either be good (for privacy), or a pain in the ass (if you go to websites that use lots of Java). I personally don’t use this one, but it’s an important add-on for security. Get ithere.

But LifeHacker has an interesting and pretty good article on secure web browsers and below is their explanation of one of them, Epic.

Epic Privacy Browser is based on Chromium, is open-source, and is available for Windows and OS X. We’ve highlighted Epic before, and while there’s good, genuine skepticism about the browser—and its roots in Chromium (the open-source platform upon which Chrome is also based), overall Epic does what it promises. The browser blocks ads, tracking cookies, social boxes and widgets (until you interact with them), blocks tracking scripts and modules from loading (which results in faster-loading web pages), and sandboxes third-party processes and plugins. Epic Browser even encrypts your connection whenever possible (largely by shunting to HTTPS/SSL whenever it’s available), routes your browsing through a proxy, and protects you from widgetjacking or sidejacking when you’re browsing over Wi-Fi.

All of these features are great, but the browser itself is fast and works smoothly. Of course, it doesn’t support extensions or plug-ins (this is by design—the more you add to a browser the more potential holes you open up for your data to leak through), and it’s a little heavier than your normal Chrome install, but once it’s up and running you shouldn’t have a problem actually using it. You’ll also have to give up some of the conveniences you may be used to to save your privacy—autofill, address saving, password saving, history, cache—all of those things are either never stored, or deleted when you close the browser. Of course, your privacy is worth it, but they’re all things to keep in mind if you want to use Epic as your daily driver, or even as a more secure option if you’re working with sensitive data.

I still maintain that if you utilize Firefox with the above addons and follow basic internet security procedures, you’ll be fine.

Using TOR Safely: With the recent identification by the FBI of between 1,300 and 1,500 TOR users who accessed child pornography sites and claims that TOR has been “cracked”, there has been a resurgence in the discussion about whether or not TOR is actually safe. Everywhere you go you will hear different things with /g/ saying that Freenet is the best while the TOR project made $200,000 after its first crowdfunding effort and still asserting that they are the best method for secure internet access. Like many things in life, however, the successful functionality of something depends almost entirely on whether one is using it correctly and with TOR being so complicated, users often do not use it correctly. Because there are so many ways to find out information about a person (from malicious Javascripts to IP leakage), the success of staying secure in using TOR is contingent upon how much effort one puts into being secure. For the average user, the TOR Browser Bundle, discussed in my post Happy Data Privacy Day! – Security Setup, is enough to provide modest security so long as one is not doing anything illegal.

If one wants to go to the next level (and peel back the onion, so to speak), isolating TOR within a Virtual Box running a secure version of Linux is typically a good strategy. Running BSD, Arch Linux, or even Whonix inside of a virtual machine and then running the TOR Browser Bundle from within there is a good way to isolate your computer from what TOR. What’s important and ought to be kept in mind, however, is that there is still the risk of IP leakage and the most secure thing you can do is NOT use the internet outside of the Virtual Box and, ideally, route all connections through the Virtual Box.

If one really wants to use TOR in the most secure way, one needs to utilize Tails, an operating system built around TOR, and run it off a live disk/flash drive. Here’s how to do that:

  1. Go to the Tails website and click “Install Tails”
  2. Follow the steps listed and decide which scenario is best for you. The default is to fun Tails off a flash drive, but you can burn it to a CD or run it in a virtual box.
  3. Read this page.
  4. And this.

Once Tails is successfully installed on your flash drive or CD, you can either run Tails on your home computer or, ideally, use a public computer. Booting from a CD/flash drive sounds complicated, but it’s really not. The steps are:

  1. Restart your computer and wait for that first screen to pop up. Often, it’ll say something like “Press F12 to Choose Boot Device” somewhere on the screen. Press that key now.
  2. Give it a moment to continue booting, and you should see a menu pop up with a list of choices on it. Highlight your CD or USB drive and press Enter.

If you followed all the instructions, made sure nothing is compromised, and are knowledgeable about the warnings and issues, you should be secure.

Of course: Happy Data Privacy Day 2k16!

Previous Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.