Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please feel encouraged to suggest newsletter topics.

There are many new computer gadgets appearing. Buyers can be certain of one thing when buying most of these devices — many will connect to the Internet and tracking and data mining are at the core of the design. Protecting privacy online might seem like an uphill challenge, but the journey is not Sisyphean. Curing ignorance is possible. Just add knowledge.

For example, when going on vacation do not change the telephone answering machine or email auto-replies to, “Hi, we’re on vacation and not at home. Please leave a message.” Such a message is an invitation for thieves to raid the house. The answering machine message might as well be, “Hi, we’re on vacation and not at home. You are free to rob us.”

A similar approach is needed to protect privacy and security on the web. Like the old carpenter’s adage of “measure twice, cut once,” protecting privacy is something that requires conscious effort.

The most popular web sites are the worst for privacy concerns, creating a Panopticon effect. The owners are active with respect to protecting privacy from other users, but do everything they can to garnish information about users.

Lesson number one is simple but direct: these people do not care about your privacy. Do not pretend otherwise. All users are treated as commodities. This behavior is fueled by the normal but infinite human desire to want more. The pursuit has become an obsession with many web site owners. The goal is to amass data about every human — mostly for the purpose of targeted advertising.

Accept the basics of human nature and social engineering. Humans are social creatures and tend to enjoy sharing with one another. While this sharing nature created fewer problems in the days before the world wide web, sharing personal information on the web is a potential recipe for disaster.

Tracking includes non users too. Find that a challenge to believe? Search the web for any friend or neighbor who does not own a computer or smart phone.

At the top of this privacy-invasive food chain are the search engine and social media providers such as the Google, Facebook, and Twitter folks. With Windows 10 the Microsoft folks want to be a member of this club. Video and music streaming services are designed with tracking too, as well as popular news sites.

An obvious way to avoid this tier of tracking is not creating accounts with these providers and avoiding related services and products. This approach is much like the climactic punch line from the 1983 movie War Games, “A strange game. The only winning move is not to play.”

Sadly many people accepted the lure that these services and products are “free” and now have accounts. There is no such thing as being partly pregnant — one foot in and you are in. The next step then is to review account profiles to reduce the tracking.

Google services and products include the Google search engine, Google Maps, GMail, Google+, Chrome web browser, Google Store, and Android. Android is an operating system used primarily in smart phones and tablets, but is used in other hardware products. There are many web sites offering information about Google account settings.

Facebook users might be surprised to learn of the many services and products available — all designed to track users. The biggest challenge with Facebook privacy — with any social media site — is most users willingly share secrets and personal information. Like Google, there are many web sites offering information to help protect privacy when using Facebook.

Remember that web site “Like” and “Share” buttons are tracking tools.

Windows 10 users can start protecting privacy by using a local login account rather than an online account. The Windows 10 search function defaults to searching online as well as the local computer and that data is tracked. Disable this online search function and search the web only through a web browser.

Consider that most if not all of the major online merchants track not only what is purchased but what products are browsed. To reduce some of this tracking look for account options related to web site related browsing history. This is the web site account browsing history and not web browser history.

The most popular search engines track users through user accounts. The Google, Yahoo, and Bing (Microsoft) search engines all tie search engine queries to user accounts and retain a history of searches. Like online merchants, look for ways to disable or reduce this type of tracking in the account settings.

Online video and music streaming services require an account. The same approach applies — review the account settings for privacy related options.

While a good start, these initial efforts are little more than white washing. These precautions do not reduce broad scale tracking. To really protect privacy online requires determination and grunt work.

A popular way to track users online is through web browsers. There are many ways to track users through web browsers. Common tracking mechanisms include traditional web browser cookies, DOM cookies, Flash cookies, Java, JavaScript, Flash, Silverlight, drive-by downloads, web bugs, ads, referrer headers, finger printing, and browser hijackers.

More than enough to make heads swim.

The choice of web browser is important. Google Chrome and Microsoft Edge are products designed to track users. Security and privacy often are touted as serious features in these browsers — but not with respect to the owners who provide the product. (We protect you against everybody except us.) Other proprietary web browsers are worse. The Mozilla Firefox browser is the only web browser that allows users to deeply configure the app to protect privacy. The default settings in Firefox are not optimal with respect to privacy, but are easily modified by those with the desire. There are many web sites offering information about protecting privacy with Firefox.

From a security standpoint, a simple technique to help protect passwords when using web browsers is to use HTTPS rather than HTTP and SSL/TLS with email clients. Without HTTPS and SSL/TLS passwords are transmitted in clear text. HTTPS sends all packets to a server using end-to-end encryption. The connection is not anonymous, but the data packets are not readable between the web browser and destination server. Any web site that requires a password should use HTTPS. Avoid any site that does not use HTTPS but requires passwords. Firefox users can install the HTTPS Everywhere add-on to help ensure HTTPS is used when available.

One way to stifle tracking is use a web browser’s Incognito or Private Mode. These features delete all cookies and web browser history when closing the browser. That means each time the web browser is started, users must always login to web sites because there are no cookies stored to remember passwords. Some people find this inconvenient, but this is an easy way to impede tracking efforts.

Web browser cookies are a cornerstone tool for tracking users. Cookies contain unique user identifiers. All web browsers can be configured to control cookies.

While browser cookies can be controlled, Flash cookies are centrally stored outside the web browser. Usually an external “cleaning” program is needed to delete Flash cookies. Deleting all Flash cookies will break some web sites, typically video sites that use Flash.

Many online trackers use device and web browser finger printing to track users. With web browsers the primary mechanism that allows this type of tracking is JavaScript. JavaScript can be disabled or configured for specific sites in all web browsers. While a modest learning curve, Firefox users can benefit from the NoScript add-on to control JavaScript.

There are many additional tips. A common sense approach includes the following:

• Think twice before sharing personal information online.
• Before posting information or photos online: do you have the informed consent of other people involved? If not then you are violating their privacy.
• Use pass phrases not based on facts, truth, or personal information.
• Use privacy oriented search engines such as startpage, ixquick, or duckduckgo.
• Use ad blocking techniques.
• Remember that digital photos often contain geolocation data.

• Sign out of social media to reduce cookie tracking.
• Use session-only cookies.
• Never allow third-party cookies.
• Do not use email addresses as a user or login name.
• Do not use work or employer computers for personal email.
• Email is not secure and unencrypted email provides no expectation of privacy.
• Use email services not located in a privacy invasive jurisdiction.

• Use alternate and one-time disposable email addresses.
• Use different email address for different purposes.
• Don’t use publicly knowable email addresses for online accounts.
• Don’t use the same name with different email addresses.
• Don’t link online accounts.
• Use different passwords for all online accounts.

• Use different web browsers or browser profiles to access online accounts versus general web surfing.
• Use browser add-ons to avoid common avenues of exploit (JavaScript, Java, Flash, iFrames).
• Don’t use a regular email account as a means to sign up to a new service.
• Carefully review online account privacy settings.
• Don’t store credit card information with online accounts (requires manually entering information each time).

Want to get more serious about online privacy?

Obfuscation is a fun way of throwing sand into the gears of this data collection. When creating new online accounts, use aliases rather than given names and use incorrect information for birth dates and location. This effort increases the amount of noise being collected. Do not commit fraud when using an alias.

Many people use Virtual Private Networks (VPNs) to help protect online privacy. VPNs do not provide end-to-end encryption but protects data between the client and VPN server.

Some people configure their computers with an alternate user account. They use one account at home or the office where they trust the network connection. They use this login account to handle private and sensitive information. The alternate account uses a restricted Public firewall setting. The user does not send any sensitive information when using this account. With this alternate account they configure their web browser in private mode to avoid saving browsing history, cookies, or passwords.

Another option is to use a portable or “live” operating system. The operating system is run from an optical disk or USB flash drive. The system contains no personal or private data or information. This strategy is useful mostly for web surfing because any access to online accounts requires typing passwords. When finished surfing the web in this manner, powering down or rebooting destroys all data such as web browser cookies and history.

Similar to portable operating systems are portable apps. They work much the same way. Rather than use the web browser that is installed on the computer’s hard drive, a separate version is used on an optical disk or USB flash drive. When the web browser is closed all sensitive data is destroyed.

A common protection used by many people around the world is called The Onion Router (TOR), especially in areas where political persecution is a problem. Using a TOR enabled web browser creates an encrypted connection for the web browsing session. Similar to a VPN, the encryption is not end-to-end but everything between the client and final exit node is encrypted. Browsing sessions tend to be slower than normal because of the way the connections works, but does provide a high degree of anonymity.

These strategies and ideas are only the tip of the iceberg. There are many ways to protect privacy online. Users need only start the journey by taking the first step.

Technical tip: All web browsers support the ability to manage cookies. This is done through the concept of “white lists.” A cookies white list allows only certain web sites to create a cookie and blocks all other sites from creating cookies. Allowing only a handful of web sites to create a cookie helps reduce online tracking.

Next issue: Online Censorship

Wazzupp!
Video

• Author
• Recent Posts

Backwoods Geek

Backwoods Geek wrote his first computer program in 1977. He started using desktop computers in 1982 to write training and job aids. These days his home includes routers, switches, computers, a home theater PC, a laptop, and bluetooth phones. His professional career includes instrumentation and controls, computers, industrial training, technical writing, and teaching computer classes. Pastimes include sitting on the front porch, observing wildlife, cutting firewood, reading, watching movies, and tinkering with computers. He is uncomfortable around morning people until afternoon, likes dry and off-the-wall humor, and usually tells jokes with a straight face. He is a believer in the old adage that, "No matter where you go, there you are."

Latest posts by Backwoods Geek (see all)

• Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
• Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
• VPNFilter Router Malware (Notice 2018-007) - May 30, 2018