Monday, April 20, 2015

Be Very Quiet: Advertisers and the NSA Are Watching You

We here at Thermionic Emissions are very keen on privacy, or what little we can rescue of it. Allow me to share some ways to keep yourself safe(r) and less visible in these weird times. Follow most of them and you'll get the Thermionic Emissions Honorary Tinfoil Hat<tm>. Follow all of them and you won't be able to surf or see your email.

Here are the overwhelming, important items for any operating system and program: Use up to date software, patch your software, use a good antivirus. I'm a linux and occasional Windows user, plus android. While you won't find Mac-specific info here, some of this info will apply and most of the programs run on Mac or iDevices.


I hate to sound like a cave dweller but I long for the days of text-only email. No viruses.  Because we have to have formatted text, smilies, blinky lights and animated signatures, we're using HTML mail.

  • You can adjust Outlook or Thunderbird (probably most others) to use plain text or RTF, which is a good first step, although you will miss the graphics and blinkies.  
  • Turn off the preview pane, as this can set off a virus, although Outlook allegedly patched this. Better safe.
  • STOP CLICKING ON LINKS. I don't care if it's allegedly from your BFF - don't click. Ask first.
  • DON'T OPEN ANYTHING you don't recognize. Better yet, don't open anything. Check first.

  • Don't surf - it's dangerous.
  • If you must search, use a safer browser. This means don't use Internet Explorer unless absolutely necessary. 
  • Lock the browser(s) down. Turn off Flash, Javascript and cookies. Only use at highly trusted sites and get an extension that allows them per-site to make things easier for yourself. Surf in Privacy Mode or set the browser to delete everything when you close it.To surf more anonymously (but not totally invisibly), use TOR (The Onion Router). It's a little slower but worth it. Do not torrent or watch video - it will be painful and tax the system. It is composed of a specially configured version of Firefox and some invisible routing components. Read up at the site. It is available for multiple platforms.
  • ALWAYS use HTTPS. This is a secure connection and much more difficult to eavesdrop upon. Don't bother typing it in - go to the EFF site and download their HTTPS Everywhere plugin for your browser. This will automatically search for an HTTPS version of the site and go to it.
  • Do NOT set the browser to remember passwords, unless you want anybody in your house and the authorities to be able to use them too.
  • When you set your browser to FORGET EVERYTHING after you're done, don't forget that History has to go also. This is also handy to hide some of those interesting sites you visit.
I use a bunch of browsers for different circumstances. Since I use linux, the only browser I can't run is Internet Explorer, which is good thing, as I don't like to use it when I use Windows.  Firefox is my main browser, which I keep pretty locked down. Qupzilla is a new, very fast browser that runs on most operating systems. It's not as full-featured as Firefox, which is probably why it's faster. Don't forget Opera, which is still around and even includes email. I use Qupzilla and Opera in various degrees of lockdown or open for different sites. 

Why not Chrome?  I'll tell you why not: it phones home. Isn't enough of your life sent to Google already?  If you absolutely insist on Chrome, use Iron or Chromium; they're both open source, free, the same code minus spying, and use all the same plugins. While we're speaking of Google, don't use it for searching: use Duckduckgo instead. It does not identify you or phone home. You can even make it the default search engine in all of your browsers. I use it exclusively.

One of the main reasons I use Firefox is plugins. Although other browsers have them, FF seems to have the best and most comprehensive plugins.  Here's what I recommend:

  1. Adblock Plus: stops all ads, period. Just make sure to uncheck 'allow unobtrusive ads' if you want to.
  2. Adblock Plus Pop-up Addon: self-explanatory.
  3. Better Privacy: cleans up after you by deleting leftover garbage like tracking cookies.
  4. Cookie Monster: allows you to block, accept or accept all but 3rd party (tracking) cookies on a per-site basis. I block all cookies by default.
  5. Ghostery: blocks trackers and will show you what it blocks as the page loads. Comprehensive.
  6. Noscript: blocks javascript on a per-site basis. I block everything by default.
  7. Self-Destructing Cookies: blows away cookies when you leave the page. Very satisfying blow up notice.
Versions of most of these plugins are available for other browsers. (Hopefully) buried within the plugins' infomation is their privacy policy. This is very important, as it tells you what info is kept (leaked), if any. Be very careful here. Most leak info, some are downright unsafe.  If in doubt - AVOID.  Be aware that number of plugins will affect performance in all browsers. Check all available configuration options to get the best protection.


Sure, all of us want to surf or check email when not home.  ALWAYS use HTTPS, especially on someone else's wireless network.  It's best to just not trust them.  Any of them.  Be paranoid.  Think before you act. Cell phones are especially troublesome, privacywise. Here are a few things I do with a new (android) cell phone:
  • turn OFF all location tracking services (any locators or programs that suggest things based upon your whereabouts or allow you to check in).
  • turn off GPS
  • try to use (android) apps from F-droid. They're free and open-source and don't track you.
  • go to your camera app and DISABLE geo-location, which stops your pictures from having your location on them. Ladies: what happens when you post a picture online with your precise location?
  • be VERY careful what apps you use. Only download from F-droid or Google Play, otherwise you may get malware/adware/viruses. Only use apps with a privacy policy with which you agree.
  • don't use the default browser - it doesn't get updated. Firefox and Dolphin are pretty good. Don't forget to have them delete everything when you're done or there will be a complete record. You can also get TOR (w/Firefox) on your android device to browse more privately. Don't play with Firefox's settings if using TOR or you could compromise your location or identity.
  • Turn OFF your wifi when you leave the house. It's now being used to track and identify you at the mall, where a shopper profile will be built. It can't get your name but when combined with other databases, it will. All you need is two data points to get the third.
  • Do you use voice control? Google and Apple  keep voice samples and, coincidentally, the FBI is very interested in obtaining voice samples around the world.


Being the antisocial network guy, I avoid all the obvious sites and services. Let's face it: Facebook is the front page of the NSA.  Everything on the web is designed to track you, mostly for advertising, also for violation of your Fourth Amendment protections against unwarranted search (it's for the children). Just don't use social media (I told you this was unpopular).  People are putting their schedules and locations and sensitive info online. This is just stupid. Don't be stupid.

Don't use online (CLOUD!) services if you can help it.  I'm speaking of storage, like Dropbox, or reminder or social services. Remember: if you can't touch your data, it's no longer yours. Do you really need a to-do list accessible with your browser?  Use a piece of paper or get an app for your phone (that doesn't leak info or store data on someone else's server). Think about what you're downloading and where it stores your information. If you MUST use online storage, encrypt everything first. Encryption is beyond the scope of this post but there are many programs that will do this for you safely, like Truecrypt (still safe, although no longer updated) or its successor. Or zipped with an incredibly long, complex password (encryption is the first choice).


Don't allow any browsers to remember passwords or save information, as I said above. Everyone has so many passwords these days that no one can remember them. The solution is a password program, so you only have to remember one password, then you can get to the rest of the passwords, URLs and logins.  I really like Keepass. It's free, safe and available for most platforms, so you can run it on your phone (which is always with you) as well as your computer or tablet.  As you would expect, I strongly recommend not using online password services. There are other good programs for keeping passwords - check online and read the reviews first.


We love our buzzwords.  Just when we've had more than enough CLOUD, we're faced with the Internet of Things (IoT, or Idiots on Tour). These are very slippery, ill-defined terms. CLOUD is anything you're not doing on your home devices. Internet of Things is anything that you can access or control outside of the house. Guess what I'm going to say next..... go ahead.. guess!  Do you seriously want a light bulb that you can check on from work? A baby monitor or camera local people can eavesdrop on or remote people can tap into? A refrigerator that keeps track of what's inside and can order food? There is a search engine that tracks open devices all over the world. Some of yours might be there. There are unsecured video baby monitors listed. Do you want the entire internet to spy on your baby?

The security on these devices is non-existent or really not thought out well.  This speeding car is going to crash and it's not going to be pretty.  It's bad enough that your medical records are out where any two cent hacker can get them - soon your house will get hacked.  If you want that for the sake of monitoring lightbulbs, be my guest.  Same with smart watches, phones and your new car.


Oh yeah, your car. If it's been made recently, it has a 'black box'. If you have an OnStar-like service, it can be listened to and you will be located with it. Do you have a toll saver so you don't have to pay? That will track you too. In some cases it has been used to locate 'criminals' and it's being considered as a tool to fine speeders (your time between getting the ticket and paying is too short, therefore you've been speeding).

Yeah, kids, it's not pretty out there. Do your best to stay under the radar. If you have questions, please ask or look up the info. You probably won't be able to access ThermionicEmissions from prison.

No comments:

Post a Comment