Online Privacy

Posted by iheartubuntu on Tuesday, April 16, 2013

I'm not going to soapbox here what is right or wrong and Im not claiming to be an expert on online privacy. What I am doing is giving you some food for thought and maybe some actionable ideas you can implement as you see fit. What I'm writing here are things I do for myself for my own privacy.

BETTER PASSWORDS

I admit for many years using the simplest of passwords.... "dogxyz" or "dog 1234". This was totally out of laziness. With hundreds of websites out there Ive purchased from, joined, or what have you I used basic passwords. Every time a site would get hacked or compromised, I would then have to change all my passwords across the board. It was time consuming. There had to be something easier.

There are many many methods to come up with secure passwords... I'll just mention one of them here.

I like to use a basic random password that only has minor changes in it. These changes are associated with the individual website you're accessing.

For example, start with your "core code". It could be whatever you want. Memorize this core code. It will never change.

Heres an example of a core code... GLD@ss1

Then pick a "variable code" which could be the 1st and 4th characters of the website you are on. If you are on Newegg.com your variable code would be "ne"

Now combine your core code and variable code by putting it together however you would like. My example would be: nGLD@ss1e

My password for a site like washingtonpost.com would then be: wGLD@ss1h

A bit tricky at first but this sort of technique becomes easy to use and memorize. Pick your own codes, length of codes, arrange them in whatever order you want. The passwords appear random to an outsider so if one account were to ever get hacked its going to be difficult to use it elsewhere.

ONLINE ANONYMITY

Online anonymity is possible. If you are concerned and need to make some banking transactions or perform some other incognito tasks you might want to check out this liveCD called Tails which uses Debian and TOR.

https://tails.boum.org/index.en.html

With Tails you can use the internet anonymously, it leaves no trace and uses state-of-the-art cryptographic tools.

An easier solution that I use is to go through a VPN (virtual private network). There are many of them foundonline, but two I could recommend.

VPN Reactor has a free VPN service. Its fairly quick, but it logs out every 30 minutes...

https://www.vpnreactor.com/default.aspx

A better VPN (in my opinion) is CryptoHippie. CryptoHippie has been around for several years now and has established itself as a reputable service. Its servers are under contract in several continents and uses multiple hops for all of your data. It also uses disappearing encryption keys, traffic crowding, erased IP addresses, and more. They have a great tutorial for Ubuntu users also.

For a one week free trial you can sign up on this link I found...

http://www.cryptohippie.com/expatworld.php

The moment you log onto the VPN no one knows who you are, where you are, or what you are saying. You may think its taking things too far by using a VPN but consider this. Lets say you are traveling in the FSU (former soviet union), or in Columbia, or heck even in Italy and need to check your online bank info. With all of the hackers out there, which would you feel more comfortable using... a naked wi-fi connection or one that you could go on with your secure VPN tunnel? You can even use Skype video or instant messaging through a VPN.

CryptoHippie costs money, but I feel its well worth it at $275 a year (or about 75 cents a day). Along with the VPN service they have encrypted email thats easy to set up.

OFFSHORE EMAIL

Lets face it. All of your email is being read now. Everything. From the photo of the mole on your butt, the recipe you sent granny, to the purchase of gold you just made now that gold prices dropped. Its all being recorded and profiles being made on everyone. There is no harm in keeping your Gmail account to talk to granny, but when communicating with a foreign lawyer or broker, or sharing information with a business partner outside of the US, using an e-mail account based outside the US makes a lot of sense these days.

JumpShip is an email provider that has its parent company in Hong Kong, servers in Switzerland, DNS from Canada, TLD in Colombia and security certs in Israel. Talk about reducing risk. If you or your business is ever investigated you will be glad your correspondence is all offshore. Getting a divorce? Buying land overseas? Hey, whatever. Its none of my business and its none of anyone elses business either.

https://www.jumpshipservices.co/jumpmail/

I get absolutely no compensation from the companies listed above. They are services I use and am comfortable recommending.

There are free options to companies like JumpShip such as using the Enigmail add-on in Thunderbird which offers OpenPGP encryption. (Yeah, OK. I will cover how to set this all up in another article.) For now, refer to Enigmails page here:

http://www.enigmail.net/documentation/quickstart.php

That it for now. The coffee has worn itself off! Look for another article later in the week.

Leave a Reply