Safe Surfing - Online Condoms, Privacy

There's a lot of misinformation and informational black holes `out there' on computer safety and safe surfing. I figured I'd add mine. More to come, as time allows...


Let's start easy, with the HOSTS file.
Very briefly, when your computer needs to go somewhere, it looks at your HOSTS file, and if not found, it looks on the net. The link takes you to a site where you can download a replacement HOSTS file, with a load of known malware/advertising/bad content sites. Your computer finds these addresses and sends them to the digital trash can. You don't have to do anything, other than put a new HOSTS file in as they become available. This also helps when you're surfing: if the page tries to direct you to a bad site, HOSTS will likely prevent it. This works on any operating system. If you have Android, you need to have it rooted (if you don't know what rooted is, move on). Can't tell you about iOS, but you need to be able to get to the file itself and have necessary permissions.

You need to keep your operating system and antivirus patched and up to date. This is very important, because hackers will try to use known vulnerabilities.


One of the most important parts of your network (or jumble of wires) is your browser. This is where you probably do most of your business, even if your business is porn surfing.

At the current time, Chrome is the most popular browser, both for the speed and because other browsers are built on it. Chrome is built on top of the open source Chromium and is a Google product. Anything with Google in it is a bad idea, largely because it phones home (with your data).  If you cannot live without your Chrome, use Chromium or De-Googled Chrome.

My main browser is Firefox. It runs on just about anything. It's very secure, with a little tweaking, and has addons that perform wide varieties of actions.  There is a Firefox account you can sign up for that will let you transfer bookmarks and wash your car (just kidding about the bookmarks). I don't use it.

Part of making Firefox even safer is cleaning out the pipes a little.
  • bring up a blank page
  • type about:config  and hit enter
  • ignore warnings 
  • you will see a search box - type google
  • This gave me a lot of satisfaction: ignore the left column, but take everything out of the right column. Delete entire lines if possible. This stops the browser from going to Google for any reason. It legitimately goes to Google to get bad site lists, but we're going to work around that.

Go to Restore Privacy  - there are simple instructions to follow. This page will help you really highten Firefox's defenses. Follow them top down. They list addons - install all of them. You will go back into about:config and do some more tweaking.

You will learn a few things during the above steps. You can apply them to other browsers, but I don't recommend other browsers. Most of the info also applies to Firefox for Android, but addons are less available.


How well does this work?
I went to Amazon and it didn't know where I lived or any other personal information that automatically pops up when you visit. My HOSTS file is huge and blocks an unbelievable amount of garbage. If you keep getting a site you don't want to see, add it to the HOSTS file, using their syntax.



You may not like this, but here's what I don't want to hear:
But I use that. But I like auto-filling out forms. I need my browser to tell sites exactly where I am. Why can't it fill in my password and credit card information?  If you ask any of these questions, you're not paying attention.



ANDROID

As mentioned, I don't use iOS so I don't have a lot of suggestions. It's inherently more secure, as you're not allowed to touch most of it. Also, all browsers sit on top of Safari, so you're only as safe as Safari. If you install Firefox, you're essentially getting the Firefox interface.  [NOTE: this is changing]

Phone security is an oxymoron. It's so poorly done as to be laughable.
You have no privacy at all. To start, your provider knows where you are at all times the phone is on. There are records kept, in case you do anything nasty, or if it can help them market to you better.  You can't protect it with a HOSTS file unless it's rooted. I'd recommend Firefox as your browser, with any of the above adjustments made. Most of the android browsers are total crap, especially the ones that promise Free This and Free That. There's a particularly safe browser called Privacy Browser, available from the F-droid repository, along with a ton of other open source software. Brave and Bromite are ok. Bromite has a version that will replace the regular (Chrome) browser. You can also de-Google your android phone by not using a gmail account when setting it up. There are plenty of places to get legit software. Duckduckgo has a good browser. Firefox Klar is a safe, lighter Firefox. 

Turn off Location. There is simply no reason for it.

Tinfoil hat wearers like me use a firewall on their phone. 
Before you call me any more insulting names, you should see what happens when you start a program, then when you use that program. Right off the bat, many programs go to FB (probably ad-related). Then there are a ton of mobile ad providers that you know nothing about, but most of your software sends information to them every time you use it. It's a very interesting exercise, which I should probably demonstrate at some point. But this is a time-consuming project, so unless you have serious control and privacy issues, you might want to avoid this.

When you leave the house, turn off wifi on the phone. This is one of the ways you are tracked in stores. If you feel like it, turn off the phone itself.

Don't scream into your phone. It's a privacy issue, but mostly it's an annoyance for everybody around you. The phone's mic is sensitive enough to pick your voice up, even if you whisper. We also don't want to hear the other end of your conversation. Hold the phone to your ear or use headphones, you sociopath.

Get off Faceyspaces, fer chrissake. When you installed it, you gave it permissions to access everything on your phone, including contacts. Remember that? If you have a small addiction problem, at least use it from your browser.

Happy Flappy Yappy Birds? You can bet these and any others are mining your information or sending state back home. Store loyalty apps? They keep track of what you buy and where you buy it, as well as any of their stores you're near.




Other Sage Advice (worth what you're paying for it):



Do not use the computer in the bathtub (whether it's plugged in or not).


Assume everything is hostile, from a flash drive to a web page to an email. Your best bet for protection is to act paranoid. Or, as a coworker says, "I'm not paranoid; I'm acutely aware." Most of the people who wind up with malware invite it through commission or omission. Don't recognize the name of the email's sender? Don't open it. Turn off the preview pane because this is the same thing as opening the email - do you want a virus? If you recognize the sender but the subject looks weird, send them an email asking if they sent the previous one. If not, someone got virused. Virus scan all downloads - virus scan every file. The huge ransomware explosion that knocked entire cities offline were generally allowed in because somebody clicked on a link. Forget about 'free' email: all of them scan your emails to market to you, at very least. Yes, Gmail, MS, Yahoo.


Virus scan everything you download. Everything. If you torrent, this is even more of a requirement. You should probably look at a few torrenting suggestion sites to help you gain some semblance of safety.

Do not use free antivirus, like AVG and AVIRA and whatever else. When it's 'free', your data and privacy are the cost (FB, Google anyone?). Read their terms very carefully to see what I mean. This is a parallel to your phone: anything you run is most likely to go back to advertisers, the app company, and the operating system. Try a Fitbit and see what I mean. Your data goes right back to Fitbit, etc.  If they did not make a ton of money from ads and your data, Candy Crush couldn't afford tv commercials.


Windows has more holes in it than Swiss Cheese, some on purpose. Consider switching to an operating system that takes your safety seriously: Mac or linux.  As of Windows 10, you are nothing more than an advertising target. You also need a Microsoft account to log in. Read the privacy notices.


Do not, under any circumstances, use Internet Explorer. More leaky software that you cannot secure. MS killed Internet Explorer and recommends Edge. Edge is based on Chrome. Not for me, thank you. Strangely, Edge and Teams both have linux versions.


* mmmm...... cookies: cookies are little text files that sites put on your hard drive, sometimes to help navigation or remember who you are, other times to track you. Banking sites will require them, as will others. I shut them off unless absolutely needed. Sometimes I keep one browser for cookies and another without them enabled. Most browsers are now site-specific as to whether or not you want cookies. I'd rather put my login and password in each time than be remembered (tracked). Sites can tell a lot from your cookies, like where you've been and when. Is it really any of their business? On Firefox, use CookieMaster and Autodelete Cookies extensions.


Set your browser to Private Mode. Private Mode is a misnomer: it does not help you gain privacy - it just deletes your history when you close it. So while it might protect your from your spouse and kids, Hamsterpron.com will still know you were there.


Javascript is a mess. It fries my patience so I turn it off. Some sites require it but I only turn it on for very important sites. Otherwise I'd have crapware all over my computers. Most people leave it on because they don't know any better and because most sites use it.


Malware/spyware/crapware cleaners: Most are no good, unfortunately. I used to use Ccleaner but they had some problems (and I stopped using Windows). Malwarebytes is decent.


DO NOT UNIVERSALLY HIT YES OR NO TO MAKE IT GO AWAY. Pay attention to what it's asking you. If you don't, you'll wind up with all sorts of things you're trying to avoid.


Hijack This is a tremendous tool (or used to be). Unfortunately it's also very detailed and can do a lot of damage if you use it incorrectly. If you're not careful, you could wind up learning a lot from this.


Firewall: you should not be connected to any network without a firewall. Yes, recent versions of Windows come with a firewall. No, you can't completely trust it. You can, however, find some nice freeware to install that will do the job admirably. Click the next link to check out some. A firewall is just that: a wall between you and THEM, which protects you from THEM. No firewall? You're hacked. Your wireless router likely has a rudimentary firewall - take a look.


Set your wireless router to WPA. Anything less is like leaving it open. Do not set up any autojoin or single button join. Make sure you don't give access to the WAN (incoming) side of the router (or people will walk right in). Require a password to get to the (inside/LAN) router setup.


BACK UP your stuff. This is so important I'm going to type it again: BACK UP your stuff. I don't back up the operating system, as they can all be reinstalled. That said, there are programs like Apple's Time Machine(?) that will take operating system backups at intervals, so you can put things back after you make a few 'adjustments' and hose the system. Backing up is a large topic and not worth going over extensively here. You need to figure out how you're going to do it and where you're backing up to. Backing up to the machine itself isn't very useful, especially if you combine Feline Aviation and Laptop Aviation.  You can burn backups to DVD or send to flash drive or portable hard drive, provided there is enough space. There are a number of services that will automatically back up your machine and send the backups to The Cloud. I really don't like The Cloud: the moment your data is out of your view, you can no longer touch it and it is no longer yours. Ymmv - I'm a security and privacy nazi. If you use DVD or flash, you have the option of keeping it in the house or outside, at a friend's or relatives (provided they don't look through your backups for goodies either). Safe deposit box is good too. Make 2 copies, 1 local, 1 not..You can also use online space, for example, Google or MS drive. If you do this, encrypt the backups. Google and MS already know too much about you. Ymmv - I don't like MS or Google. How about Meta or Mega or whatever it's called - Kim Dotcom. Back up as frequently as you want or need to.  If your data or OS changes a lot, back up frequently. Back up as though your laptop committed suicide by leaping from an airplane and you need to start from scratch. Here's a sentence you never want to say: "Yeah, I know, I should have backed up." You also want to test your backups by restoring a file or 2. There is some hope that after your operating system bit the big one, all your data is still there on the hard drive. You can hook the drive to another system and get your data back. Yay! BACK UP your stuff.

Do yourself a favor and use a password locker, like Keepass. You can generate and keep all your passwords there and you only have to remember the locker's password.   Again, you have the option of using The Cloud. Keepass doesn't, which is why I use it. It runs on anything. Lastpass is in The Cloud. Lastpass just got breached and your passwords are now in the hands of the hacker, if not everyone else by now. Install it on a few different devices, which will act as a backup. Put it on your laptop and your phone, maybe your tablet. Yes, The Cloud is convenient. No, The Cloud isn't as safe. This advice is the safest advice for your data and worth what you're paying for it. However. do NOT go into work tomorrow and tell the CIO that putting the company's data in The Cloud is idiotic. It is, but keep it to yourself.

Do NOT use the same login/password for any sites. If one site gets hacked, someone now knows your login/password for every site. Do not log into a site through another site. In other words, Google might let you sign in with your FB account. Do not do this. Keep everything separate. Again, if one gets hacked, so will the other.


PRIVACY 

Get your head out of your buttocks and do something, while you have any privacy left.

Get off FB. It's the most ridiculous info-suck on the net. If the NSA needs any information (that they don't get through Windows), they ask FB. Don't put any information on social media. Don't tell me when and where you're vacationing so I can visit your house while you're away and eat your goldfish. Don't tell me how many kids you have, their ages, and names. Your home address. Turn off metadata on your phone's camera: I don't need to know the date and location of where you took the picture. Imagine being an attractive woman, taking selfies all over the house, like a typical narcissist. The latitude and longitude of your house is attached to the pictures. Now people can visit you to see how hot you are. Some of them can pick locks. Get the idea? Putting your information on social media is an invitation for others to use it, as well as the money FB makes marketing to you and selling your info to their friends. FB has info on people who don't even have accounts. This goes for all social media. There are guides on how to delete yourself from these sites. No idea how accurate or permanent they are.


Just DON'T

This is a great rule for anything online or in email. Don't click on that link. Don't fall for that email or text scam. Don't use HTML email (just text, no pictures or emojis). Nobody from Nigeria is really going to give you part of their inheritance. If it sounds too good to be true, it is.The IRS doesn't email you, and Fedex didn't send you a package (unless you opted in for alerts). Even if the email says it's from your friend, if anything's slightly off or they're asking you to do something involving money, contact them and ask if they sent you that email. Odds are they didn't. Comcast didn't just charge you $1435 and you shouldn't use the email's link to log in and find out. The slimebag who tells you he has your password (probably an old one) has not really virused your computer and cannot see you through the laptop's camera. Just delete the email and go about your day. If you still use that password - CHANGE IT NOW.  Also, put duct tape over your laptop's camera or buy a few of those stick-on camera blockers that you can open and close. FB's Lord Zuck covers his - you should too.

Privacy is a state of mind. Approach everything you do online thinking about how it could affect your privacy. Don't fill out anything that asks for information, even your email address. Even if you want daily updates from 1-800-CHOCOLATE, understand they will mine your info too. Start reading privacy policies, instead of clicking past them. 

And in the name of all that is holy, don't post pictures of what you just ate. It's not so much a privacy issue as an etiquette issue. Nobody cares and followers will be driven away. Do you know what foodie rhymes with? Furry. Nuff said. 



LINUX

I got fed up with Windows breaking and crashing and having to be fixed or reinstalled. I checked into linux and never looked back. You can check too, without disturbing Windows.

1. WSL - Windows Subsystem for Linux will allow you to run linux under Windows.

2. Virtual Box: free software that allows you to run whatever operating system you want. Does not interfere or interact with Windows unless you tell it to. You can even run another instance of Windows.

3. Live linux: most linux distributions allow you to run a live mode. You turn your computer off, then boot up to a linux DVD or USB flash drive. It will bring up linux, running only in RAM. It will not touch your hard drive or leave any traces of itself. If you like it. you can choose to install it.

4. Dual boot: when you boot up, you are given a choice of Win or linux.

5. Another computer: if you've got something hanging around, it doesn't have to be latest and greatest - linux runs on almost anything. There are lighter versions also.

It depends on what you want. If you want both running on the same computer at the same time, Virtual Box or WSL will do this. I have never used WSL, but have been using Virtual Box for years. I started with 2 pc's - Win and lin. As I got more familiar, I stopped using Win. Now I have a Virtual Box Win virtual machine, for the once a year I need to run Win. You may not want to stop using Win or may be forced to use it at work.

Linux is not intentionally full of holes, like Windows. The patches don't usually break things. It's open source, so you can see exactly what's going on, unlike Windows. You can modify or add to it if you want. There is a huge amount of free software for it, including some that are very similar to programs you know and use now.

But it's so hard to use 

Total BS. I set linux up on a laptop for my wife, who had never seen it before. She was up and running in no time. There's a start button with menus of programs. Programs have menus that work the same way. PRINT is print, regardless of which operating system. If you're really bored and anal, you can make a linux desktop look like Windows. Or Mac.

But it's all command line stuff 

You can make it that way if you want, but it's actually just like Windows. You pretty much don't have to interact with command lines at all - there is a graphical program that does whatever you want. If you want it, the command line is there.

But I have to use MS Office 

There is an equivalent program, sometimes several, which will read and write to MS formats. There's an email client or 2 that look and run like Outlook. They look the same and work the same as the Win versions. A spreadsheet is a spreadsheet.

There is a program called WINE that will run many Windows programs, and a website that tells you if it does and how well. I just installed the new version of Winamp, because I could. I mostly use VLC.

What about Internet Explorer? 

What about it? MS is getting rid of it. Firefox is Firefox and Chrome is Chrome on any operating system. There is an Edge for linux, but that's just silly. There is a Teams for linux. There is a linux equivalent for most Win programs. And they're free, open source. There are sites that tell you if you use a Win program, what you can use in linux. If it runs in a browser, like Netflix, it will most likely run under a linux browser. If not, there are sites that will help and people working on software to make it happen. These people are not paid - they do it for the fun of it and to help others.

But my hardware 

Running a live version of linux will tell you if it will work ok on your hardware. There are sites that list what peripherals work and don't work (mainly printers). Another site lists laptops and whether they're compatible. I managed to get linux onto every laptop I ever had. All printers worked except one. HP wrote part of the printing system, so their printers are almost guaranteed to work. HP.com will let you know or get you help.

But support 

You can learn to be more self-sufficient if you like. You probably have a LUG (linux user group) in your area. They're generally pretty friendly and helpful. There are a ton of sites with info. Linux is no longer an OS that 10 people use. Linux servers run the internet. They may run some things where you work. A ton of my coworkers use it at home as their only OS.

I recommend running Win and lin simultaneously or on 2 pc's. This way you can look up whatever you need to while you learn (or if linux isn't cooperating, but that's rare). In a work environment, you can pay for support. You are not paying for the OS, which is free - just the support. Red Hat is one.

No charge. No license. No registry. Better security (because of security and because it's less popular than Windows, so less fun to attack, but starting to ramp up). Stable as hell. Little to no rebooting, depending on function. Runs on old or new hardware, faster than Windows, less bloated. No backdoors. Servers are also free. You are not an advertising target that requires a connection to MS and an account to log in. You are not subject to random graphical interface changes for no apparent reason. Nobody changes where buttons are or hides things. If you don't like something, you can change or move it. With Windows, MS is the boss, and you will do as you are told. With linux, it's all you

And after you start using linux, you can make all sorts of rude comments about Windows. People love when I do that. Except for MS reps: they have no sense of humor.



If you've got questions, feel free to ask via the comments. You'll get an honest answer, even if it's "I don't know." If you have tips, let us know.