Bruce Schneier on Security Risks in the Hyper-Connected Era
Bruce Schneier (Link to Schneier’s Security Blog) explains how we can best use the internet to fit our needs without falling victim to its lack of security. He shares why its so difficult to find security in a world where “everything is a computer”. Most software works at a very low level. It doesn’t fully incorporate security by design and doesn’t consider vulnerabilities from the beginning of the development process.
Don’t Use Social Media (Facebook, Twitter, Instagram)
Social media is the biggest privacy villains on the internet. Not only do these sites collect your personal information to advertise to you, but they also share your data with third-parties. Social media sites are basically data aggregators, mostly for advertising purposes. Without social media, websites and other onlines businesses would have a much harder time collecting data and targeting ads.
Isolate Your Social Media
When you’re logged into your Facebook account on your computer, Facebook can track your other internet browsing even on websites besides their own. The best way to avoid this tracking is by using “containers”, browser isolation, or virtual machines to log in to Facebook.
Mozilla created a “Facebook Container” extension for Firefox that isolates your Facebook activity from your other internet browsing. These containers keep your Facebook cookies within the isolated window. If you click a non-Facebook link, it will open in a normal window with none of the Facebook tracking cookies normally associated with these links.
Browser isolation and virtual machines are similar as they each “move” the location of your browser or computer to a remote location. Isolating your browser will obscure the link between your browser and your physical location. This will make it more difficult for websites to track your location or your other information they may be able to collect from your browser if you use a traditional browsing method.
Virtual machines are like have a computer within your computer, but rather than being connected to your network and appear to be in your location, they can connect through other locations or IP addresses to hide your identity. Virtual machines are also useful in isolating your internet activity from any sensitive information you may have on your computer. If you are “hacked” on a virtual machine, there is much less risk because the hacker will only have access to the information on the virtual machine.
Use Decentralized Social Networks
- diaspora*: Diaspora* calls itself “the online social world where you are in control.” It’s focused on decentralization, freedom, and privacy. Diaspora uses “pods”, which are groups of users all based on different interests and in different locations.
- Mastodon: Mastodon has a number of communities for people in different locations or with different interests. You can use separate accounts to sign up for separate communities to isolate your activity in each community. If you’d like to set up your own server for your friends and family, you can do this with Mastodon. Mastodon is free, open-source software and is supported by user donations.
- Friendica: Friendica is a decentralized platform with no central authority or owner. It runs with many different nodes, but also allows users to post on other users’ walls even in different nodes. Friendica lets you expire your old content after a set amount of time to limit the digital footprint you leave behind on the platform. It also has built-in support for other decentralized social networks, including GNU social , Quitter and diaspora*.
- Minds: Minds a privacy-centric, decentralized social platform founded by Bill Ottman in 2011. According to Minds’ FAQ page, “The goal of Minds is to help create a free and open Internet where privacy is ensured and people are fairly compensated for their efforts online with viral reach and revenue opportunity.” Minds uses an Ethereum based token that users can exchange for different services on the platform.
Don’t Use Your ISP Provided Router
According to RouterSecurity.org, “you are safest using both a modem and a router that you purchased on your own.” The routers that you receive from your ISP are often set up with low level security by default. ISPs have on many occasions cooperated with spy and surveillance organizations by providing back doors into users’ devices. Since ISPs often distribute the same devices to all of their customers, finding vulnerabilities in a single device can provide access to all the other users with the same set up. By providing your own router or modem, you can at least make it more difficult for someone to hack your network.
Set up pfSense as your Router/Firewall
pfSense is a free, open source firewall service that can replace a commercial firewall. It’s based on FreeBSD operating system and is provided by Netgate. In addition to it’s firewall, pfSense also sells pfSense enabled routers, and other network hardware to make securing your personal network easier.
Always Use a VPN
A VPN alone is not enough to keep your browsing anonymous. If you want the best possible privacy from government agencies or your ISP, a VPN is just one tool in a complete privacy toolkit. For everyday browsing, VPNs are a simple way to add some identity protection to your network requests. For more sensitive browsing, you should use Tor rather than a VPN. With a VPN you still have to rely on the data practices of your VPN provider, while Tor is a fully anonymized network.
Read More: 22 VPN Services to Protect Your Privacy
Use a Private Search Engine
Private search engines generally don’t track your search terms and use some sort of encryption to hide your search terms from your ISP, or other people connected to your network. Traditional, non-private search engines use your search terms and other information they collect from you to serve you targeted ads.
If you feel like the ads you see on the internet are listening to your conversations and following you around, that is likely due to your search engine tracking your searches. Google operates the largest advertising network on the internet, so any information it collects about you, it uses to target those ads.
Private search engines sometimes show ads in your search results, but these ads are based only on the search term you’re looking at. Soon after you start using a privacy-friendly search engine, you’ll notice that these “creepy” ads start going away.
Read More: Why Using a Private Search Engine Actually Matters
Delete Your Old Internet Posts and Accounts
One way to track anyone down on the internet is to find their social media and other online profiles and collect information from there. Even though you no longer use a given account, it’s still out there for anyone to find. This is a sort of “internet footprint”. The best way to get rid of these footprints is to delete your old accounts, and to delete your old posts often.
Use Linux OS and Update Often
Windows is by far the most popular operating system for personal and enterprise use. While Windows has continued to improve its security features and protection, it’s still used by around 88% of computer users. Because it’s so widely used, hackers are more incentivized to find weaknesses in Windows. If they find a vulnerability they could steal information from 88% of computer users.
Another reason Linux is better than the other popular operating systems is that there are multiple distributions to choose from. Linux is open-source, which means that anyone can make changes or updates to its code base. You can select a version of Linux that aligns with your needs.
Read More: Why Linux is Better Than Windows or MacOS for Security
Don’t Leave Wi-Fi Enabled on Your Mobile Device
Leaving Wi-Fi enabled when you’re not on your home network presents another opportunity to track you. Even if you don’t connect to a network, there is still a data transfer that takes place. By turning Wi-Fi off, you eliminate the chance for unwanted tracking from the networks you come into contact with.
Don’t Connect to Public Wi-Fi Networks
Public Wi-Fi networks, especially public networks without WPA/WPA2 security, pose a number of security vulnerabilities. You could fall victim to a “man-in-the-middle” attack, which involves someone gaining access to the network and monitoring your internet activity. With public Wi-Fi networks it’s hard to know how the network is setup and
Remember: Free Tools Are Almost Never Totally Free
Free internet tools are enticing, they often provide great convenience AND they’re free. The catch, though, is that you often pay for the services with your personal information. This applies to free file storage, free VPN and free apps. Your smart TV may even have some convenient services for free but these are also data collection tools for the companies behind them.
Big data companies buy and sell data to compose the data-profile they store about you.
Services that rely on user data don’t even collect all of the data they use on their own. In many cases they buy data from big data companies and process it for their own needs. This means that if you are able to protect yourself from one companies tracking, it may still be able to purchase your data from another company.
Don’t Use Customer Loyalty Apps or Cards
While loyalty or rewards programs can save you money, most often they are marketing tools used to collect information about your spending habits. If you have a rewards “app” on your phone, like the Starbucks app, you grant other permissions for the app to collect your information. Surveys are another method that businesses use to gather your information. These surveys are almost always optional, and often ask for your contact information which the business then uses for marketing.
Don’t Use Smart Home or IoT Devices
Smart Home devices, like Google Home or Alexa, provide convenience at the expense of privacy. Each “smart” device is another point of contact to collect your private information. While you may be willing to let businesses or government agencies conduct surveillance on your neighborhood for your own security, you shouldn’t let these companies do the same in your home. The stakes of someone hacking into your devices and monitoring you without your knowledge are much higher in your home than elsewhere.
Giving companies like Amazon access to information about your conversations in your home is privacy intrusive and benefits them much more than you.
Read More: Every Consumer IoT Device Should Be Free
Use Your Mobile Browser Instead of Apps
Smartphones let you access the internet at all times. With this, there are more opportunities for big data companies to track you. While it may take a few extra seconds here and there we recommend using your mobile browser to access social media sites and other internet services, rather than their dedicated apps. When you download apps you typically have to agree to its requested permissions. This lets apps collect even more information than the website alone.
Encrypt Everything (Seriously, Everything)
The best way to protect your data is with encryption. You can encrypt your messages, your files, and other information. In encrypted form, it’s nearly impossible for anyone besides you and intended recipients
Encryption Can Protect Your Data from Surveillance States
If you are located in the United States, government surveillance is likely very low on your list of cybersecurity worries. However, in other countries that operate widespread surveillance programs, citizens have to be proactive with protecting their private information.
In some parts of China, for example, police may demand access to people’s phones to delete pictures or other content as they please. One New York Times reporter explained how he used two phones and hid certain content on his phone disguised as harmless apps or content.
Does Privacy Matter To You? Use a Threat Model
It’s easy to say that you care about privacy. However, the level of privacy that you need depends on your level of concern, the sensitivity of your internet activity, and the amount of time and effort you’re willing to devote to privacy. A threat model takes all of these factors into consideration and then determines the best path forward. Obviously if you don’t care about privacy at all, you wouldn’t be willing to adopt high-level security and privacy measures. But if the stakes are much higher for you, because you’re a public official handing sensitive data, you should be willing to invest more time and resources into your cybersecurity.