Tech Talk #5 with Salina Media Connection! In this tech talk we cover increasing and maintaining your online privacy. We start with simple steps and work our way into some more complicated measures that support the most online privacy. We encourage you to check out the video! Below is a write up by our assistant manager, Zach, on the topic with links about what we discussed to follow.
Why worry about online privacy?
People often say, “I have nothing to hide so why should I care?” The truth of the matter is, while people may feel like they have nothing to hide, they handle a lot of important information on their devices. Would you be okay with a stranger looking at your credit card information? How about a stranger on the street, with no warning, picking up your phone and going through all your text messages? People, even the ones I have heard utter this statement, frequently use their devices for payment and banking, and private conversations/romance.
Another reason privacy is important is because big tech regularly makes billions of dollars off YOUR data, and you do not get a dime of it. These companies like Facebook, Microsoft…etc. use profiles they build off you because you accept their “terms of service.” They sell your data to companies in bulk for unfathomable amounts of money to then target it all back towards YOU through ads.
The following discussion and steps can help combat this! And do not fret, links for further information will be posted at the end.
Use privacy focused search engines like DuckDuckGo instead of Google and Bing.
Google and Microsoft’s Bing utilize targeted ads anytime you use their services. They build a profile for you and tailor your experiences using that profile. DuckDuckGo does not build a profile about you! They do not collect identifiable information from their users, and they do not place trackers on websites to aid in their profile construction. They also do not tailer search results based on a profile, like Google and Microsoft. On Google and Bing results will be specific to you. Two people searching the exact same thing will get different results because their profile is different.
Adjust Software settings of apps/social media.
Many popular companies that offer software enable data to be sent to them by default about usage and the device. Some of these companies: Microsoft, Google Chrome, Instagram, Reddit, Facebook…etc. This data is sometimes anonymous, but this isn’t always the case. Firefox, my favorite web browser, still does this, but it is anonymous. It can also be turned off completely. Some of the former cannot be turned off at all…Windows. Majority of current systems, programs, and apps can be adjusted in their settings to limit or disable the sending of this information.
Install anti-tracking add-ons to web browsers. Disable cookies/third-party cookies.
Web browsers can have add-ons installed into them that do various things. These things can range from changing the format and how the browser is presented, to blocking ads and trackers, which is what this will focus on. Popular ad blockers like “Ublock Origin” and “AdBlock” block the following:
Ads from showing.
Trackers and finger printers.
Third-party cookies.
Some web browsers are starting to implement built in blockers, like Firefox and Brave!
Cookies are a tool that web pages and big tech use to track your usage on the internet to better target ads to you. They are placed directly onto your computer. Cookies, or in this case 1st -party cookies, are not always used in this way. They save log in information for web pages, allow you to still access a saved cart on shopping sites…etc. Not using them at all can even prevent websites from working entirely. With Cookies, disabling all of them can make browsing the web more of a challenge depending on where you usually go. On the flip side, third-party cookies, however, should always be disabled. These 3rd – party cookies are cookies that services have placed on web pages in addition to the useful 1st-party cookies we discussed. These are primarily for tracking and advertising; the primary purpose being to harvest your data.
Ensure mobile device is clearing photo meta data before you post it.
When an image is taken, more than just what you captured is saved in that image. A digital print of where, when and the camera settings are also captured with the picture. If you do not remove this data, when you post the image online, that meta data is posted with it. You can check your photos for saved location data by swiping up on the image in the photo’s app on either iPhone or Google phones. You can check images on a desktop for metadata using programs like “exiftool”, which pulls the metadata and presents it to you within the exiftool program.
On mobile, to combat this, you need to limit the shared hardware and location data in the settings of your device. When you download phone applications, you give these apps access to various areas of your device. A lot of the time, apps ask you to give the permissions when downloaded, or if they do not, they are usually listed in the app store. Another note, it is good to pay attention to what an app is accessing when you download it. A mobile game probably does not need access to your camera, or photos. Apps that try to access parts of your device it should not need is indicative of that app doing more than what is advertised. This is NOT GOOD.
On desktops, metadata can also be cleared using meta data tools like exiftool. You may need to tailor how you do it based on your operating system, but a link of how to use the tool will be linked at the end of this post.
Use a VPN (Virtual Private Network)
On a local network, anyone with the right software can analyze the network and see what all the users are doing. Where they are browsing and, in some cases (HTTP websites), even information they enter on the website. HTTP is “Hypertext Transfer Protocol”. It is an application layer (OSI model) protocol that computers and web browsers use to communicate. The HTTP is not encrypted, which means anyone analyzing network traffic can see in plain text the information going back and forth from a computer to a website. If you log into an HTTP website, people on your network could see your log in name and password. Same goes for anything you communicate to the website.
HTTPS is the new standard. A lot of websites are now using HTTPS instead of HTTP, so most of the time you do not have to worry. HTTPS is the encrypted version of HTTP. When interacting with an HTTPS website, your network traffic to that website cannot be read in plane text, so there is little need to worry about people seeing your information through a sniffer. One way you can tell if you are on an HTTP or HTTPS website is to look for a small lock icon next to your URL address bar in your web browser. If there is a lock, HTTPS is in use. If there is not a lock, HTTP is in use.
A VPN or Virtual Private Network eliminates the ability of sniffing your network traffic entirely. All your traffic, instead of going to its destination, will first go to the host of the VPN and then from there it will go to its destination. People who are network sniffing will only be able to see that your traffic goes to the VPN host and not your destination. On the other end of the traffic, a destination website will not be able to identify (not without a lot of effort) where the traffic is originating from. They will see that the incoming traffic is coming from the host VPN and not your public IP address.
Use a different web browser.
As with everything, some services are better than others and some services have trade-offs. Google Chrome is a quick browser, but it is RAM intensive, and they collect a ton of your information. Try using Firefox or Brave, which are much more privacy focused than Google Chrome. Firefox and Brave have built in utilities that block trackers and are conscious about what happens with your data. As said above, data collection can entirely be turned off with these two web browsers, and Firefox, will delete anything it collects after 30 days. Apple’s Safari is also getting better about their privacy, but they still do a bit of data collection for themselves.
If you want to take this step to the next level, try using a deep web browser like Tor, Freenet or i2P. The most popular, Tor aka “The Onion Router”, uses a traffic routing system much like peeling an onion (hence its name). People set up relays all over the world. Internet traffic goes through three relays before arriving at its destination. These browsers can also access hidden internet services which people call The Deep Web. Normal browsers do not have the ability to access these, but Brave has Tor integrated into its browser. How well this works is still a bit in question by me, but I also have not tried very hard at getting it to work either. These services are very anonymous because of the relays involved. Tor acts a lot like its own VPN because of how it works. A small trade off using these kinds of browsers is the decrease in speed. Since the traffic must go to several places before it gets to its destination, it is much slower in comparison to Firefox or Chrome.
The deep web is notorious for illegal activity, but it is nothing to be afraid of!! A lot of illegal activity also happens on the clear net and a lot of normal activity happens on these hidden services. These web browsers are incredibly important for users who are ruled by oppressive governments. They allow these people to get out to the rest of the world to let everyone know what is happening. They can also enjoy the benefits of the normal internet, instead of their local web services. Accessing hidden internet services IS NOT ILLEGAL and using these kinds of browsers is not illegal either. They are perfectly legal, and trying them are great for learning, even if it is not something someone wanted to use permanently.
Use a different operating system.
Getting more into the weeds, you can switch operating systems entirely. Microsoft and even ChromeOS are not the only operating systems, and they are notorious for data collection. MacOS is better in its own way when it comes to privacy. They are incredibly good about keeping other people out, but Apple still collects information on their own customers.
Another operating system that holds a whopping <2% of the computer market is called Linux. Linux is the core of hundreds of different types of operating systems, many of which are free. These different types of Linux are known as distributions, or “distros” for short. Linux is open source, meaning that the code involved is available to be analyzed and edited by the users. This is also why there are so many different distributions. People take some from others, tweak it, and then release it as under a different name. People can also build their own Linux machine from complete scratch. Many of these Linux distributions have some incredible desktop environments and graphical interfaces, some I think, being better than the popular Windows. Linux, unless you want it to be, is not a command line operating system anymore. These desktop environments are also endlessly customizable. One day you can have a desktop environment that looks like Windows, and a couple hours later you can have something that looks like a Mac desktop! It is all up to the user, but I digress.
Linux tends to be much more privacy oriented because of its user base. A lot of people who use Linux want their computer to do what they want it to do and nothing more. They do not want the operating system sending information to a server about how it is used in the background. If a distribution of Linux is caught doing this, users will tell the community, and people who do not like this can stop using it. In a sense, they have a checks and balances system! Majority of Linux distros entail a lot more privacy than Windows, Chrome, and Mac by default, but there is a solution for people who want even more. Some distributions are extremely privacy focused. The distributions commonly associate with privacy are TailsOS, ParrotOS, and QuebesOS.
Use a privacy operating system on a USB drive.
People who want the absolute most privacy when it comes to computing combine all these previous steps into this last one. All the computing is done off a USB drive that clears its data every time the jump drive is disconnected. A popular combination is TailsOS running the TOR browser on a USB drive. There is no hard drive data stored, no web browsing data stored, and little traceability (not impossible though) as to what webpages you accessed.
The Wrap Up
A lot of information in a short period of time! You may be wondering, “okay, so what should I actually do?” I do not expect the ordinary everyday computer user to change their operating system and start using a browser that can access hidden services. What I do recommend though, is to switch your web browser to Firefox or Brave, install an ad blocking extension, and go through your current device and adjust its privacy settings to the most private options. For mobile devices, I recommend always keeping your location services off until you need them. It takes less than five seconds to flip it off and on using voice commands (on iPhones anyways).
JAB IT PC recently received a job to install 16 cameras at Salina, Kansas YMCA!
They are going to be going through a huge upgrade from their outdated security system to a brand new one! We will be using new tips that we learned from #CES2020 this year!
Official Rules for the “Springbean Jellybean Contest” event. How to Enter Contest Event Information Event Prizes JAB IT LLC will be giving away over a thousan...
Increasing Online Privacy Tech Talk #5 with Salina Media Connection! In this tech talk we cover increasing and maintaining your online privacy. We start with si...
