Regaining your anonymity online

Anonymity has been a longstanding hallmark of the Internet but you should no longer assume that your online activities are anonymous.

A vast amount of information is collected as you use the Internet. Search engines store the key words you search for and the pages you visit, browsers store web history, which may be integrated with the cloud, and websites store information your activities on their sites. Your IP address provides information on your general location and many applications can track your location data, obtained from your address or from GPS.

It takes a concerted effort to regain your anonymity. Anonymity must be protected from end-to-end starting with the operating system and then progressing to your network address, browser and search engine.

Operating System

Last month I wrote about the privacy features and flaws of Windows 10. What many don’t realize is that their operating system is collecting information on their activities which could be retrieved by malware or published to the cloud for data mining. This can be avoided by using an operating system that runs off a CD or DVD. Such systems, called “live” operating systems, run in memory, a storage component of your computer that retains data only while the computer is powered on. This data is not retained when you shut down the computer or restart it. CDs or DVDs are typically read-only, meaning that data cannot be written to them. Files that you are working on can be saved to a flash drive but operating system logs of activity are not stored with live operating systems. Similarly, spyware, malware and other junk cannot install on a live operating system. This further protects you against threats to your anonymity.

Network Address

Each device that connects to the Internet identifies itself with a unique IP address. This address can indicate your location and it can be used to correlate activity collected from multiple sources in order to build a profile on you. One method of obscuring this address is to use a proxy. A proxy requests Internet resources on your behalf and then presents them to you so that the requests appear to originate from the proxy rather than you.

However, one must be careful in using proxies because not all are intended for anonymity. Some send a forwarder that indicates where the data originated and others send data in the clear so that it can be potentially intercepted. Choose a proxy that uses SSL encryption and does not use http “forwarded for” headers. Another limitation of proxies is that attackers see them as a potential target because of the high volume of traffic traversing them. Compromised proxy servers could put your information in the hands of cyber criminals.

The Onion Router (TOR) extends the proxy model by bouncing connections between many computers within its network and then delivering the final request from one of many endpoints. Data within TOR is encrypted using SSL. It is still possible for a TOR server to be compromised but that server would only see a small portion of your traffic or possibly none at all depending on how your traffic was routed through the TOR network. The downside of using TOR is that connections are often slow due to the latency incurred by traversing so many computers.

Browser

The most common browsers are Internet Explorer, Mozilla Firefox and Google Chrome. Internet Explorer or its replacement, Edge, is the default browser on Windows machines. Linux variants often come equipped with either Firefox or Chrome, depending on the distribution. Each of these browsers has their share of privacy flaws but your choice of browser is much less important than the privacy settings you select within the browser. Restrict cookies and set your browser security settings to the highest level that still allows you to browse with ease. Many browsers also include a private browsing mode. This is very useful for restricting information from being collected by your browser on your activities while in this mode.

Search Engine

Most of the search engines collect data on your browsing habits so they can target ads to you and improve their search rankings. Some search engines share or sell this information with other parties. However, Duck Duck Go is a search engine that does none of these things and it is a valuable tool for searching the web anonymously.

These technologies and techniques can all be used to protect your anonymity. However, they provide the best protection when used together. It may not be feasible for you to use all of them. For example, you may need to use an application at the same time while you browse, making a live operating system impractical or you might want to test searches in a specific search engine. I encourage you to use as many as possible.  You may additionally use a virtual private network (VPN) to connect to your workplace or other common resources so that traffic between your computer and the VPN is encrypted and you can use wiping tools to more effectively erase data from your machine after deleting it. However, a discussion on these tools will have to wait for another article.

Continue reading

What you need to know about Windows 10 Security and Privacy

Microsoft officially launched its successor to Windows 8.1, Windows 10, on July 29, 2015, and millions have already downloaded this free upgrade or utilized Microsoft’s queued digital delivery system. Windows 10 offers users many new features including a new browser and integrated Cortana search which essentially means that your operating system is integrated with the cloud. However, don’t let all these features and launch celebrations distract you from its security, which is somewhat in the fine print.

By default, Windows 10 collects information from your microphone, location, camera, handwriting, and searches. According to Microsoft’s privacy statement, this information is used to provide services. For example, Cortana uses location, speech, handwriting and searches to provide intelligent information to you. The information is also used to send product and service information, distribute security notices and display advertisements. Information is shared with Microsoft affiliates, subsidiaries and vendors. This is a common practice for many companies and Microsoft explicitly states that they do not collect information from email, chat, video calls, voice mails, and personal files for advertisement targeting. However, unlike the web, your operating system is resident on your machine, potentially collecting information even when you are not actively using the computer.

The good news is that the default tracking can be disabled by editing Windows 10 and the Edge browser privacy settings. Microphone, location, and camera settings can be managed by clicking start and then going to settings and finally privacy. This will open the privacy menu. Search privacy is managed by opening the Edge browser then going to advanced settings under settings. After viewing advanced settings, you will see a privacy section where you can turn off the Cortana search assistance called “Have Cortana Assist Me in Microsoft Edge.” You can also manage some settings online by opting out of ads based on browsing history and interests here.

As a side note, Windows 8 integrated Microsoft online accounts with local accounts which allow Microsoft to combine data gathered from multiple computers linked to a Microsoft account and online activities together. This is also present in Windows 10, but you still have the option to use a local account rather than a Microsoft account. Using a local account will disable some application downloads and synchronization features, but it will limit the data collected to that machine so that it is not integrated with usage on other platforms or the Microsoft online community. This also prevents someone who compromises your online account from remotely accessing your computer using that account or vice versa.

Windows 10 includes a feature called Wi-Fi Sense. This feature allows your contacts to connect to your wireless network, and it has received a lot of negative press after its release. However, initial concerns raised were premature or exaggerated. Wi-Fi sense is not turned on for all your contacts automatically. Contacts are not granted access to your network unless access has been assigned and this is only available after you make a wireless network available for sharing. This feature makes it easier to allow friends to connect to your network without providing the wireless password to them, and the feature can be disabled if and when it is not needed.

What about the good features?

Windows 10 also comes packed with new security features. It has Device Guard to protect against unsigned applications, support for biometric authentication through Windows Hello, new security features in Microsoft’s Edge browser and a suite of parental controls.

Device Guard blocks unsigned applications from running on the machine. This helps prevent malicious programs and infected program files from executing malicious code on your computer. For a program to run, the software company must sign the installer file with a key that only they have. Windows checks this key to verify that the file originated from the software company and not some other third party such as a hacker and allows the installation if the key is verified.

Second, Windows 10 now supports multiple ways to log into your computer including face, eye, and fingerprint authentication through a feature called Windows Hello. The software is built into the operating system, and users just need to attach biometric devices that are Windows Biometric Framework supported to use the feature. Third party support has existed for biometric authentication for quite some time, but Microsoft’s adoption allows for enterprises to integrate biometrics into their identity management systems through native Microsoft technologies.

Microsoft’s built in browser, Edge, helps prevent websites from tampering with your machine or stealing credentials through new security controls. Edge is equipped with an even better version of SmartScreen phishing detection that checks the reputation of sites you visit while Passport encrypts saved passwords. The browser also supports W3C content security policy and strict transport security standards. Furthermore, the browser is remarkably fast with all these controls under the hood.

Lastly, Windows levels the parental controls playing field with Mac OS and even adds a few new features through Family Features. These features allow parents to better control the programs their children run and the content they view online. Parental controls include time limits on logins, block or allow rules for applications and games, web filtering and activity logging.

In the end, I think Windows 10 is a good step forward in both features and security, but it can be enhanced by turning off a few features, especially if you are not using those features. Remember that Windows 10 is still new so there will most likely be many updates as these features are put under the strain of attacks and normal workloads.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell’s thought leadership site PowerMore. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

Interesting questions on virtual reality and gaming

We are getting closer and closer to virtual reality.  Some companies such as Google and Oculus have already produced virtual reality headsets and others are on the way such as the Sony PlayStation VR.  These systems offer only the headset component of virtual reality.  We have yet to develop two-way communication to and from the brain so that VR so that stimuli can be sent directly to the brain and so that players can interface with the VR system by sending the appropriate physical signals that are translated into virtual ones. However, the introduction of these initial systems will likely generate the support and refine existing technologies to bring us closer to that point.

I recently started watching an anime called Sword Art Online and I have to say that I am fascinated with it.  The series chronicles various players in a virtual reality massively multiplayer online game (VRMMO) while discussing a variety of important topics such the psychology, ethics, social costs and benefits, relationships and gender.  While VR has been discussed in science fiction for quite some time now, I found that the questions raised by the series were more relevant to today’s technological and social landscape.

Here are some of the questions that were raised in the series or ones that I asked myself as I watched the series:

1. How “real” are in-game relationships and in-game experiences as compared to real life?

2. When games present an immature culture, lacking in societal norms, how ethical is it to exploit the differences between real-world and in-game expectations?

3. Are the actions taken by persons in a video game indicative of their character or heart condition?

4. What are the consequences of exploring repressed or recessive character traits by allowing them to become dominant in an in-game persona?

5. At what point does protecting your privacy online cross the line and become dishonesty or misrepresentation?

6. Can gaming be used as a healthy tool for emotional recovery from a traumatic incident?

7. Will virtual reality blur the lines between fantasy and reality?  What about augmented reality? (Google Glass, Microsoft HoloLense)

8. Are advertisements that influence your thoughts and desires directly through a video game simply a more advanced way to appealing to human psychology and physiology or are they ethically wrong?

9. What are the social consequences of virtual research and simulation involving human subjects?  What are the consequences for researchers conducting virtual research or simulation on non-human subjects?

10. Is a game just “a game”?

11. What are the economic consequences of integrating game economies with real economies through real money exchange rates?  Should in game markets that utilize real money exchanges be subject to oversight and by whom?

12. Should there be a standard for in-game rights and legal recourse for those who violate those rights?  Legal issues might include in-game property rights, defamation of character/game persona/avatar, sale of virtual assets, transference of virtual assets or online personas upon death.

13.  Does the immediate gratification of a video game reduce a person’s motivation for self-development in the real world?

An elegy for privacy

In childhood I dreamed of a world quite grand
Where my name and face were far from mystery
A life far removed from one boring and bland
Popular, famous, in fact, pure fantasy

How could I know that my dream would become real
My name and identity are known far and wide
Governments, stores, and thieves don’t need to steal
I’ve given it freely, when asked, I provide

Now everything is different, complex, distorted
Reportedly the data on me is vast
All that I do is electronically recorded
Much of it collected to chronicle my past

I’m lacking in answers but mired in questions
How do you know data collectors will be honest?
If they’re not tracking me, explain ad suggestions
Is this the future that technology promised?

Oh give me the life that was simple and understood
When I was myself as no other could be
Alas it is gone and lamenting is no good
All that I want is a little privacy

No Place for Privacy

While many people think that a person’s social media posts, photos and conversations are protected as private information, especially if the user has “private” settings, courts have thus far denied this privilege. In one case in Virginia, an attorney advised his client to delete incriminating photos from his Facebook and later deactivate the account. This spoliation led to fines for both the client and the attorney – and may have ended the attorney’s career.

For more information on this case, click here.

Search Activity Correlation

I looked at my Google search history today and wondered if my search history is directy correlated with my productivity. If so, my most productive times are at 11:00 AM and 4:00 PM with the surrounding times slightly less productive. I have frequently said that I gear up from Monday and peak at Thursday but then start to die down on Friday. The search activity shows that, for the most part, this is true except that I do a little bit more searching on Mondays than I do on Tuesdays.
Search Activity

Great Firewall of China

Computer experts from the University of Cambridge were able to breach the “Great Firewall of China” and also have found a way to use the firewall to launch DoS (Denial of Service) attacks.
The firewall was tested by sending data packets containing the word “Falun” to it. This word is a reference to the Falun Gong religious group, which is banned in China. By using forged packets, they were able to circumvent the firewall’s filters.
Furthermore, the Chinese firewall can also be used to launch denial-of-service attacks. The system can essentially be turned around on the Chinese government. Sites could be blocked that the Chinese government wants people to see and others could be let in.