Featured

Published on April 3rd, 2013 | by seanbutnotheard

6

The KBMOD Guide to Safer Surfing, Part III: Habits

Share

In part 1 and part 2 of the Safer Surfing Series, we shared what we feel is an important collection of software for keeping yourself safe and your information protected on the internet. In this third and final instalment, we’ll discuss some good personal habits to form to achieve the same ends.

Software can only do so much

The usefulness of the software we’ve touched on  can only go so far; you will only be as safe as your everyday habits make you. By far, the most important step to be safer on the internet is to think. Scammers are everywhere, and you can’t afford to let your guard down. Don’t blindly run programs without knowing where they came from, and always be suspicious when things look a bit different on your favorite download sites than they did during your last visit. Here’s a tangible example that I ran into at work recently: One of our staff members went to download a copy of VLC media player by searching for “VLC” in her browser. The site that came up first in the search results was an almost-legit looking 3rd party site where, yes, you can download VLC player, but it came packaged with several spyware programs. So when possible, get software directly from the original vendors. To this end, what I typically do is rely heavily on my browser bookmarks rather than search engines whenever possible. (For future reference, VLC’s real home page is videolan.org.)

Here are a couple of other habits that will contribute to the safety of your internet experience:

  • Hide yourself. Once you’ve secured and encrypted your internet traffic, you’ll want to make your online presence harder to find. There is no real secret to hiding your information from Google searches: just be careful about what information you put on the internet. Use the following sites to dig up dirt on yourself, and take action to remove anything that you might not want others to find: Spokeo and Pipl.
  • Obfuscate your accounts. A good rule to follow to ensure a dichotomy between your online presence and your real-life presence is to avoid using the same username/email for different sites unless you want the same people to find both accounts. For example, if you have the twitter handle of @twitter123 don’t make your Facebook URL /twitter123 unless both accounts have the same target audience. This is also true of pictures: Never post the same pictures via your online persona and your persona that directly interacts with your real life. It’s very easy for anyone (such as potential employers) to perform a reverse image search and find the same pictures linked to multiple accounts. On a related note: many websites do not scrub EXIF data (i.e., embedded metadata; potentially including GPS coordinates) from photos you’ve uploaded to their website. The iPhone, in particular, embeds this GPS geotagging information within the photo itself when you use its camera. A nice piece of software which will remove the EXIF metadata from your photos is XnView. To remove EXIF data from a photo using XnView, go to Edit > Metadata > Remove EXIF data.
  • Ditch the privacy-invading social networks altogether. I don’t care what the terms of service or the privacy policy says. If your data is on someone else’s server, you aren’t in full control over it. The moment a site’s privacy policy changes to suit advertising partners, or if some piece of legislation gets passed that allows a government access to that data, your privacy is in danger of being invaded. Even if you create different online personas, information about your “real self” is still out there. The only way to truly protect yourself — short of going completely off-grid — is to stay away from services you can’t trust. Shifting completely away from the big social newtorks would certainly be a daunting task, and I realize that most people can’t or won’t ditch them on a whim… but I’d encourage you to keep an eye on some of these growing, decentralized, open-source alternatives, and try them out in the future:
    • Diaspora – a Facebook alternative (find a Diaspora server, or pod to join here)
    • Identi.ca – a Twitter alternative (not itself decentralized, but runs decentralized software called StatusNet)
    • Yacy – a peer-to-peer powered search engine
    • DuckDuckGo – not open-source or decentralized, but they don’t track your search data
    • Bitcoin – a peer-to-peer digital currency
    • Jitsi – One of many open-source Skype alternatives, utilizing SIP or XMPP protocols for secure VoIP communication.
  • Encrypt your Hard Drive.  What’s the use of keeping your information secure on the web, if a thief can just come take it from your place of residence?  Encrypting your hard drive using a utility such as Truecrypt will help ensure that even in such an event your valuable data stays out of intruders’ hands.  We’ll post our own how-to here in the future but for now there are plenty of guides out there already (like this one for example).  However even with your data encrypted, you still run the risk of physically losing that data, which makes it all the more important to…
  • Always have backups.  It’s essential to run a backup utility and keep separate physical copies of all of your data, preferably on a separate computer, or better yet, a removable drive that you can take with you.  Many people use Dropbox or a backup service for their offsite storage, and while that’s one way to do it, both your storage space and the security of your data is limited when you’re using someone else’s servers.  If you do use Dropbox, or any other service, make sure you store anything sensitive in an encrypted container.  Another option, which we’ll detail in a how-to guide the future, is to set up a SparkleShare server.  SparkleShare is  a host-it-yourself alternative to Dropbox that you can set up in your own home (for backing up files on your laptop while you’re abroad), or in someone else’s house.

Help Us Help You

That’s it for our safer surfing series, at least for now. Our hope is that this series will serve as a launching point into a future stream of tutorials and updates about the changing state of internet security. We also hope that if nothing else, we’ve encouraged you to start learning more about the technologies that make the web work.

And of course as before, we want to hear what you do to keep your information secure. Let us know here in the comments, or jump over to the appropriate section in our forums for a more in-depth conversation.

Tags: , , ,


seanbutnotheard

seanbutnotheardSean

Dweller of forests, pubs, and Linux terminals. You can call me Grampappy.


View seanbutnotheard's posts



  • Hasimir Fenring

    You mentioned Jitsi as a skype alternative. I’ve been using Dolby Axon for the same purpose, from a user’s point of view it’s just like Skype.

    What I’m wondering though, how secure is it? Does anyone know anything about how open it is to attack or how exposed your IP is on Dolby Axon?

    • It depends which communication protocol you use. If you’re using XMPP (Jabber), encryption and OTR (off-the-record chat) is supported. That reminds me, I wish I had thought to mention the OTR encryption plugin for Pidgin, which adds another alternative.

  • Wheelzz
    • Thanks for the tip… there’s also a file sync app built into Amahi, haven’t tried it myself though.

      • Wheelzz

        According to Aero’s website, they also have a Android app in development.

  • Huh?

    Does anyone here use StartPage for searches? or have you heard if it’s any good?

Back to Top ↑