Category Archives: Privacy

Cloud Storage – Great Idea or Security Risk?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.


“On no, we’ve lost all of little Johnny’s birthday snaps”, the woman cries as she holds her smashed smartphone aloft. With a knowing smile, her husband responds, “Don’t fret dear, they’re all in the cloud”. All is well, peace and harmony reign again.

wps_clip_image-27753

Even less than a decade ago, any mention of “cloud storage” or “data in the cloud” would have almost certainly elicited a puzzled response. Today though, I’d imagine just about everyone would be familiar with the concept. “The cloud”, it’s a rather exotic term which simply means your data is uploaded to and stored on somebody else’s server, essentially on an internet connected hard disk owned and operated by the cloud service provider.

There is no doubt that the advantage of being able to access data from anywhere on any device creates a massive appeal factor, especially for multiple device users. Not to mention the automatic backup element which is clearly demonstrated in the opening paragraph.

It all sounds like a great idea, that is until you start considering what might and can go wrong. Of course, cloud storage providers take the utmost care with your data, at least according to them. They apply top notch security measures including encrypted data transfers. Trouble is, the encryption key is also stored on their machines, which means any of their staff can access those files as can any hacker who manages to break into the system.

I realize every method is susceptible to hackers, whether the data is stored locally or in the cloud. However, which do you think would represent the most desirable target – a local disk containing only your own personal data or a mega database containing data uploaded from thousands (if not millions) of users, all in one place?

Another concern involves the future viability of a chosen cloud storage provider – just ask those who entrusted their data to Kim Dotcom’s Megaupload. What happens to your data if the company is sold, goes bankrupt, or just closes down? Then there’s the scenario where cloud storage providers can simply change the terms of their plans, exactly as Microsoft did recently when the company drastically reduced the amount of data storage available under its free OneDrive plan.

wps_clip_image-14964

I guess though, when it comes to data in the cloud, the greatest concern for most people is privacy. While Microsoft OneDrive openly scans all your files – for illegal content of course, most providers will collect data to share with “trusted third parties”. Naturally, many of these providers need to process sensitive information, such as your name, email address, phone number, credit card details and mailing address, in order to “improve their services”. And Santa Claus visits once a year around Christmas.

Despite the cynicism, I do believe that cloud storage can be decidedly useful and I’m certainly not dismissing the practice out of hand. However, as is the case with many situations… everything within reason.

I would not, for example, store any sensitive data in the cloud, whether encrypted locally beforehand or not. Family photos, life-memories, items which are valuable only to the user and serve no purpose for anyone else… sure, no problem.

Regardless, the important thing to remember is that any backup is preferable to no backup at all. If you don’t fancy storing your data in the cloud, dust off that external drive and use that instead. Works for me.

image

Advertisements

3 Comments

Filed under cloud storage, cybercrime, Don't Get Hacked, Internet Safety, Privacy, Technicians Advise, Windows Tips and Tools

PrivaZer – An In-depth Free PC Cleaner and Privacy App

imagePrivaZer is an extremely powerful cleaning tool and as such, it is not a tool that you need to use on a daily basis. If CCleaner is your daily system optimization, privacy, and cleanup tool, stay with it – it’s  the granddaddy of all system cleaners with good reason. In my view CCleaner is as close to perfect at its assigned task, as a free program can be.

However, if you have a need to get deeper into your system – then PrivaZer (recommended by super user and regular reader Chris A.), is a free application which has been designed to do just that. The “fast facts” listed below will give you a good overall view of  PrivaZer’s capabilities.

PrivaZer, like many recently released privacy tools, should not be run without the user taking time to fully understand the power inherent in this application. Further on in this review, you’ll find a number of suggestions for getting you up to speed quickly.

During the installation process, shown below, you will have an opportunity to choose various installs.

image

An additional choice you will have is – selecting (or not), to install context menu commands.

image

I’ll jump ahead here for illustrative purposes. For this test, I selected the context menu install which I’ve shown in the following screen capture. Note, this screen shot shows only one of  the four context menus – “For drives, Storage”.

image

Prior to the first run (as shown below), the developer has designed the interface so that less experienced users can choose to be guided by a series of recommended actions.

image

One such recommended action (subject to user input), is shown below.

image

Once I had made the choices appropriate for my needs (including cleaning any traces in the free space on the Hard Drive) ……..

image

… the application allowed me the option to continue as planned, or to back out of individual choices. As well, as illustrated below, selecting any specific action will bring up a menu which provides additional information.

image

For this test, I went “whole hog” which included cleaning up the drive’s free space. The complete task (analyzing the system and cleanup), ran roughly 30 minutes. The developer makes the point, that future cleanup tasks will run much faster.

image

Fast facts:

With simply one click, PrivaZer is able to clean securely

Internet browsers

Index.dat

Cookies

Cookies Tor

Cookies Flash

Cookies Silverlight

DOM Storage

IndexedDB

AppCache

Registry

RAM

Pagefile.sys and Hiberfil.sys files

Use of software

Messengers

Histories of visited websites, viewed videos, use of software, opened docs, etc

Jumplists

Recycle bin

Temp files

Log files

Invalid Prefetch entries

Indexing service

ThumbCaches, Thumbs.db

Residual traces of deleted files

Free space

File table (MFT or FAT)

INDEX attributes in MFT

USN Journal, etc

The developer provides a short video which illustrates the basic functions of PrivaZer. I highly recommend that you take the two and a half minutes to view the video. Click on the graphic below to go to the developer’s home page.

While there, I suggest that you scout around the page for additional information on this super application.

image

System requirements: Windows XP, Vista, Win 7 – 32 bit & 64 bit (tested on Win 8 32 bit).

Download at: Developer’s site.

A complete User’s Guide is available here in PDF format. I highly recommend that you take advantage of the opportunity.

This application offers a straightforward interface, a ton of options, and it’s free – but, it should only be run by experienced users who have a good grasp of system operations.

7 Comments

Filed under 64 Bit Software, Cleaning Your Computer, downloads, Freeware, Portable Applications, Privacy, System Utilities

The Stigma of Being a Private Person – The Ad Industry Is Losing The Battle

imageTry as they might – apologists for the Internet’s ad industry push to overwhelm common sense in the creation of a bizarre concept – personal openness – appear to be losing. Despite an invasive and manipulative strategy, which has led to a manic drive to strip consumers of any semblance of privacy, it seems we just aren’t buying it.

Contrary to the claims by pseudo social scientists, supported by far to many tech pundits (who, in the real world, wouldn’t know their ass from a hole in the ground), that personal privacy is dead – that consumers don’t care about personal privacy – uncomfortable facts (uncomfortable for the ad industry, that is), appear to tell a different tale.

Hardly surprising, given that these pundits and social scientists deal in “bought and paid for” points of view. Manipulation and deception – by any other name – propaganda – has lost its luster. It’s been recognized for what it is – bullshit.

We are not as complacent, when it comes to personal privacy, as we have been led to believe. More users than ever, have come to the realization that the price of admission to active interaction with the Internet, should not be the complete stripping of the right to personal privacy. Consumers are advancing the notion that the right to privacy is a “natural right”, and should be recognized as such.

Better yet, consumers are pushing back against privacy predators who continuously boost the “creep factor”. In a just released survey from TRUSTe – one more in a long line of recent surveys which refutes the bought and paid for assertions of the ad industry’s propaganda merchants – it’s clearly apparent that these “lie merchants” are taking it on the chin.

Survey highlights:

94 percent think privacy is an important issue, with 55 percent saying that online privacy is a really important issue they think of often.

69 percent say that they trust themselves most when it comes to protecting their own personal information online (up sharply from 45 percent in 2011).

40 percent say a targeted advertisement has made them feel uncomfortable.

53 percent (52 percent in 2011) believe personally identifiable information is attached to browsing behavior.

Consumers take a variety of precautions to protect their privacy online, such as:

76 percent do not allow companies to share their personal information with a third party (up from 67 percent in 2011).

35 percent say that they have stopped doing business with a company or using their website because of privacy concerns.

90 percent say they use browser controls to protect privacy, including deleting cookies (up from 84 percent in 2011).

40 percent say a targeted advertisement has made them feel uncomfortable.

53 percent (52 percent in 2011) believe personally identifiable information is attached to browsing behavior.

For far too long, the Internet’s ad industry (and, the bad actors who support it), have gotten away with their attempts to stigmatize those of us who believe in the concept of the “private person”  – those of us who have sought a balance between the public and private. I’m hopeful, that we may have reached a stage where consumer action will result in tighter controls being implemented against what has turned out to be, a largely unethical Internet ad industry.

9 Comments

Filed under Point of View, Privacy

Open Source BleachBit 0.9.3 – Deletes HTML5 Cookies

imageI considered just giving up – but, I’ll be damned if I will. I take every precaution I can to guard against the invasive parasitic practices of data collectors who are persistent in their attempts to collect “anonymous” data on my personal browsing habits. But, it’s never enough.

Despite my precautions – despite the tools I use in an attempt to respond to the insidious nature of web tracking – I find myself fighting a constant rear guard action. No sooner do I reach a plateau from which I can exert a functional level of control over the “behind closed doors nature” of Internet tracking – than I’m forced to deal with an even more insidious method of personal data collection.

Let’s spin back for a moment, to the time when the so called LSO (Flash Cookie) was introduced as a response to users gaining control over standard HTTP cookies. Control which allowed for the acceptance, the rejection, and the wiping of private data – including wiping cookies.

The Flash Cookie changed all that. By design, a Flash Cookie (Super Cookie)remains active on a system even after the user has cleared cookies and privacy settings. BetterPrivacy – a free Firefox add-on, stepped into the battle to address this issue, and gave users an opportunity to identify, and delete, Super Cookies.

When a Tracking Cookie is not obvious to a casual Internet user and, when that cookie cannot be deleted without the aid of a specialty cleaner, then Internet tracking has been taken to a level that borders on deception. Hell, let’s call it what it really is – crooked, immoral, fraudulent, illegal, ……..

When I first wrote on Super Cookies in September 2009, I made the following comment –

“……….with little resistance being offered by the “sheeple”,  and a failure by regulatory authorities to enact appropriate consumer protection laws, we can expect privacy intrusions , like this, to accelerate.”

It’s hardly surprising then, that we are now faced with the Evercookie (HTML5 Cookies)

From Wikipedia:

An Evercookie is not merely difficult to delete. It actively “resists” deletion by copying itself in different forms on the user’s machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:

  • Standard HTTP cookies
  • Local Shared Objects (Flash cookies)
  • Silverlight Isolated Storage
  • Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
  • Storing cookies in Web history
  • Storing cookies in HTTP ETags
  • Storing cookies in Web cache
  • window.name caching
  • Internet Explorer userData storage
  • HTML5 Session Storage
  • HTML5 Local Storage
  • HTML5 Global Storage
  • HTML5 Database Storage via SQLite

Hold on – there’s more:

The developer is looking to add the following features:

  • Caching in HTTP Authentication
  • Using Java to produce a unique key based on NIC information.

We’re not quite finished.

With this tool it is possible to have persistent identification of a specific computer, and since it is specific to an account on that computer, it links the data to an individual. It is conceivable this tool could be used to track a user and the different cookies associated with that user’s identifying data without the user’s consent. The tool has a great deal of potential to undermine browsing privacy.

I don’t know what your definition of hacking, or illegal access encompasses – but, in my view, the placement of an Evercookie steps over the line into the realm of cybercrime. I suggest to you, that if a government were to penetrate a user system to plant an Evercookie as a matter of course – the outrage would be immediate. But, private enterprise does it – and the “sheeple” happily bow to what they consider the inevitable.

The tracking industry (a multi-Billion dollar industry), has gone too far on this one. I predict the litigation lawyers, and privacy advocates, will run out the big guns in a justifiable attempt to eradicate this spyware.

Personally, I believe that criminal charges should be laid against the executives of those organizations currently using Evercookie. I see no difference between these yahoos, and Russian cybercriminals.

Additional statistics on which web sites are currently using Evercookies can be had by reading an eye opening article by one of my favorite Tech writers Ed Bott – here.

In the meantime, you might consider installing BleachBit – an open source application which will delete Evercookies from your system.

In the following screen capture I have focused on a Firefox cleanup – including wiping HTML5 cookies.

image

In this screen capture the focus is on deleting Flash cookies ((Super Cookies).

image

Lets take a look at a preview of what’s going to be deleted –

image

Choosing the same parameters using CCleaner (a Flash and Firefox cleanup), leads to a considerable difference.

image

Fast facts:

BleachBit quickly frees disk space and tirelessly guards your privacy.

Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn’t know was there.

Designed for Linux and Windows systems, it wipes clean 90 applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more.

Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster.

Better than free, BleachBit is open source.

System requirements: Window, Linux.

Languages: This application is available in 56 languages.

Download at: SourceForge

BleachBit is a powerful application; I recommend that you spend some time becoming familiar with its operation and capacity, before using for the first time.

You should consider viewing a tutorial video available here.

30 Comments

Filed under downloads, Evercookies, Flash Cookies, Freeware, Open Source, Privacy, Software

An IT Professional’s Internet Privacy Tips – Simple And Effective

https://i0.wp.com/it.sheridanc.on.ca/images/internetprivacy.jpgInternet privacy tips are often complex and mind numbing and, generally promote an overblown reliance on technology. In this guest article, IT professional Robert Coulter, cuts through the knarly knot of the usual wooden security tips with a range of suggestions designed to keep hackers and other nefarious types away from your important private data while online.

As revealed in Wired Magazine, every piece of electronic communication is able to be intercepted by someone, somewhere. Even Internet giants like LinkedIn can be compromised, as an estimated 6.5 million password were hacked earlier this month. With that in mind, the only real way to guarantee complete online security is to never go online at all. Since this is neither practical nor desirable, by most people, there are still steps you can take to protect your online security and protect your personal information while enjoying the benefits of the Web.

Don’t overshare.

This first tip is simply common sense. Don’t share more than is necessary on the Web, especially on social networking sites such as Facebook and Twitter. While it can be fun, consider the risks from sharing every last detail of your life with the world, such as birth date, where you go (check-ins), pictures of your children, details of your job and relationships.

All of these details make social engineering hacks easy to perform and open you up to identity theft. Do your bank accounts have common security questions like “Mother’s Maiden Name?” or “City of Birth?” protecting your passwords in the event you need to reset them? Well, chances are this information is easily found by snooping around your social media profiles, making it an easy matter to reset passwords on sensitive accounts.

If you do insist on sharing, at least tighten up your Facebook privacy settings and keep your circle of friends small and limited to those you actually know. Also, disable the most invasive features, like check-ins and photo tagging.

Use a cloud-based antivirus rather than a signature-based one.

Cloud-based antivirus solutions, such as those offered by Webroot and Symantec, do away with large signature file downloads, which eat up bandwidth and can take up to several gigabytes of hard drive space. Instead, all of the signatures reside in “the cloud” and every file and Web request gets run against this ever-growing, real time database using the provider’s resources rather than your computer’s, speeding things up greatly and providing the most up-to-date protection.

Set stronger passwords.

ElcomSoft recently did a study that estimates just 25% of people regularly change their password. Setting a strong password, and changing it frequently, is key to protect your identity. Many experts suggest using long strings of random gibberish with special characters for greatest safety, but these can become nearly impossible to remember, leading to the insecure solution of storing them in an unprotected spreadsheet or on little bits of paper which can get lost.

One way to get a strong password that is easy to remember is to use a four word phrase, such as “kayaking beats drudge work” and substituting the spaces for a special character, such as “#” or “_.” The length and randomness will take a hacker more time than it is worth to figure out, while also being easy to commit to your own memory.

Use a Mailinator account on potential spam sites.

Mailinator is a great tool for signing up for web offers without actually providing your real email address. Mailinator works by allowing you to invent a disposable email address, which you can check without a password and which keeps messages for only 24 hours before being automatically erased. This is great when signing up for a site which seems to offer something enticing, but which might be spammy or even a hacker site, as your real email address is never revealed.

Deactivate old or unnecessary accounts.

Old accounts might leave your information scattered across the Internet for anyone to mine, especially on sites past their prime and maintained very irregularly by their administrators, as they tend to have lax security measures. The answer is to delete these old accounts. Even Facebook now has a “delete” feature, rather than just the “deactivate” one, so take advantage of this to clean up your online traces and reduce the temptation for hackers to learn more about you in an unwholesome way.

In conclusion, online threats are constantly evolving, and the best guardian of personal data is truly the individual user himself. Be smart and be skeptical when online it just might save you thousands of dollars and countless hours of heartache.

Guest author Bio: Robert Coulter works in the security industry at authentify.com which offers two-factor verification solutions for companies who need increased security protection for their clients.

11 Comments

Filed under Cyber Crime, Guest Writers, Internet Safety, Privacy, Social Networks

A Breath of Internet Fresh Air –The Wall Street Journal Discloses Its Tracking Cookies

imageWhen, on the odd occasion, I write on Internet privacy – especially when I rant on the invasiveness of Tracking Cookies – reader comments are generally supportive. But, not always and, certainly not all readers.

For example – following a recent article – Collusion – Internet Trackers Are All In It Together – a reader wrote the following comment:

Bill, I’m curious to know what you consider to be “insidious” about a tracking cookie and what privacy rights do you think are being violated?

A fair enough question, I think. I’ve reproduced my response below, and while not all of this response is apropos to this current article, I’ve italicized those points that are. You’ll see why in a moment.

When a Tracking Cookie is not obvious to a casual Internet user and, when that cookie often cannot be deleted without the aid of a specialty cleaner, (a Super Cookie for example), then it fits within my definition of “insidious.”

I suggest to you, that if, on those occasions where a Tracking Cookie is installed on a user’s machine, if full disclosure was made as to its usage, an educated user, given an opportunity to reject the placement of such a cookie, might in fact, reject the cookie.

As for my privacy rights? I have the right not to be tracked, not only on the Internet but, as I go about my daily life – by it’s very nature, tracking is a breech of my right to privacy. Most assuredly, I have the right not to be tracked without my express permission. Moreover, I have the right not to be tracked in secret. It’s this behind closed doors nature of Internet tracking, that I find most offensive.

The solution, it seems to me, is fairly simple. If a company wants to track me (and, I fully understand the business need to generate revenue) – then, that company needs to be above board. Anything less than full disclosure, as to the intent and purpose, is unacceptable.

It’s no accident that the privacy issue continues to rage. Nor is it an accident, that politicians have taken up the cause of Internet privacy.

As I wrote in the article – “every business organization has the right to generate income and make a profit”. But, too often, on the Internet, the bullshit baffles brains theory is in full bloom.

Again, in the article, I made the observation that “It’s fair to say, that many users do not object to being tracked.” A true state of affairs, I think, But, I’m not one of those users.

So, my position is – it is not unreasonable to expect that a website I chose to visit should disclose relevant information on Tracking Cookies, resident on the site. A pipedream you might think – but, maybe not.

On a recent first time visit to The Wall Street Journal’s technology blog AllThings D – I was taken aback (blown away really), by the following notice. You can expand the graphic to it’s original by clicking.

image

A note about tracking cookies: Some of the advertisers and Web analytics firms used on this site may place “tracking cookies” on your computer. We are telling you about them right upfront, and we want you to know how to get rid of these tracking cookies if you like.

This notice is intended to appear only the first time you visit the site on any computer.

So, no pipedream. Disclosure can be done – it should be done. And, kudos to The Wall Street Journal for recognizing its obligation to do so.

Can we expect then, that this form of disclosure will become the new norm on the Internet? I doubt it – fixed attitudes, especially those that routinely generate income, are difficult to reverse.

Your negative views of Tracking Cookies, or mine, are unlikely to have a significant impact. Even so, from my personal perch, I’ll continue to peck away at those sites that abuse my right to privacy.

6 Comments

Filed under Personal Perspective, Point of View, Privacy

EraserDrop – Drop Files Unto An Icon To Erase Securely

image

This little Icon pictured here, is not just an Icon – it’s an active Icon. Let me explain – when the free portable application EraserDrop is active, this Icon is what you see. The Icon floats on the Desk Top or, on top of any opened applications. Simply by dragging and dropping selected files, or folders, onto this Icon, permanently, and securely, erases the files/folders from your system.

You may change the position of the Icon by holding down the “Left Shift” key and moving it to a desired position. As well, you may “Hide” the Icon by choosing “Hide” from the context menu.

A quick walkthrough:

For this review, I’ve selected 14 files from an old download folder (1773 Files – 17.5 GB – I download a lot of stuff for testing, most of which never makes it to these pages), dragged and dropped them onto the EraserDrop Icon – and ……

image

gone – deleted – securely – never to be seen again. Following an erasure, an “Erasing Report” is provided, as shown below.

image

The erasing method can be set by opening the right click context menu and, selecting from a variety of increasingly more complex erasure settings.image

You can choose to wipe both the Recycle Bin, and wipe the HD’s free space, from within the context menu.image

The options menu will allow you – amongst other selections – to choose a “target image” for the Icon that is more to your liking.

image

Since this is a portable application –  it will not show up in installed applications –  so, it’s best to install to a new folder that’s easily accessible.

System Requirements: Windows 2000, XP, Vista and Win 7.

Download at: PortableApps

Why should you bother to erase files/folders permanently?

If you’re a typical computer user, you quite likely believe that the files you’ve deleted and sent to the recycle bin, are gone forever.

Not quite true however. When a file is deleted from your Hard Drive, what really gets deleted is the system link pointing towards the file, but not the file itself. Surprisingly, it is relatively easy to retrieve the deleted file using specialized file recovery software (often available as a free download), which takes advantage of shortcomings in the Windows operating systems.

In order to delete or shred files permanently – to protect your privacy and potentially your security – or, for any other reason for that matter, you need a program  that is capable of overwriting the file with a random series of binary data multiple times. That way, the actual content of the file has been overwritten and the possibilities of recovering such a shredded file, becomes mainly theoretical.

6 Comments

Filed under downloads, Freeware, Privacy, Secure File Deletion, Software