Search Here
MISC
Parts List
Robot Forum
Chat
Member Pages
Axon MCU
Robot Books
Shop
Contact
SKILLS
How To Build
A Robot
Tutorial
Calculators
Mechanics
Programming
Miscellaneous
Robots
Space
HARDWARE
Actuators
Batteries
Electronics
Materials
Microcontrollers
Sensors
SCIENCE
Robot Journals
Robot Theory
Conferences
Worried about hackers stealing your identity, credit card info, etc.? Wear a tin-foil hat? Want to annoy the NSA? Stuck in a country with annoying internet censorship? Then this tutorial is for you!
While some people are technically skilled, or paranoid to the extent of jumping through hoops, the average person just wants to add a reasonable level of protection to his/her data without a lot of effort.
This tutorial is written for the common lazy person who wants to protect their data.
My Political Rant (Optional Reading)
There are people who don't use Facebook, or don't post to it, or don't "Like" links because they do not
want to be tracked or incriminated against for those online activities.
This is called 'self-censoring', meaning you are actively denying yourself freedom of speech.
If you self-censor what 'they' don't want you to say, then 'they' have already won.
Freedom isn't free.
How do Governments and Hackers Process Your Data?
The internet has ~3 billion people currently using it - a huge amount of personal data!
It's impossible for any government to manually trawl through all of it, just to spy on it's citizens.
So instead they employ automated/computerized methods to scan through that data, applying a drag-net.
Their algorithms are looking for key information and mapping it out to make sense of it all.
It only takes seconds for a computer to process your entire Facebook (or whatever site) account history.
Now, the NSA has the computational capability, expertise, man power, and financial resources to 'get you' no matter what you do online. It's only a matter of the time required to do it. And that's what this tutorial is about - how to make it take so much time it becomes infeasible to do drag-nets. Anyone profiling you will then have to be very selective in whom they target. Additionally, the manual effort per person becomes so high it would be economically unviable for hackers to bother.
In other words, you will make your online footprint very difficult to datamine.
Anyway, let's get started . . .
HTTPS Everywhere is a Firefox and Chrome extension by the trusted non-profit EFF that forces your browser to encrypt your data with any websites that offers encryption. While most major websites offer encryption, or at least partial encryption, it does not encrypt data for all websites. Consider it like a Swiss-cheese layer of protection - better than nothing but still has holes.
It only takes seconds to install, requiring no further effort. So why not?
further reading: Their FAQ is highly informative, too.
A firewall is software which acts like a gait-keeper to data going in and out of your computer. It only allows the data you approve, rejecting the rest. A hacker installed malware on your computer to collect credit card info, and wants to transmit that data by internet? Spyware or a trojan somehow managed to install itself? No problem, the firewall will not only stop it but inform you of the specific offending programs.
But there is one flaw with firewalls - you. To properly use a firewall you need to actively manage it, giving approval to 'good' programs and denying 'bad' programs. This means you must be somewhat technically minded. If you have no idea what programs are running on your computer or why, or you're the type that just clicks 'yes' and 'ok' to all prompts without reading, then an actively managed firewall is not for you. You'll just end up blocking good software and approving malware!
The recommended free firewall to use is Comodo, but there are others available. We do not recommend ZoneAlarm . . . it's too spammy and buggy.
note: If you aren't technically minded, Windows has a built-in passively managed firewall. It's limited, but better than nothing.
further reading: learn about firewalls on Wikipedia
note: As of this writing, Chrome is denying access to the Tor webpage over an incorrect security certificate. Firefox however can still access it.
Tor anonymizes your internet connection, hiding your location, IP, and other identifying information. It does this by passing your data through other intermediary servers around the world. Tor also anonymizes the data you are accessing, allowing you to bypass government internet censorship.
There are a few issues with it though . . . it requires minor technical understanding, and only works with programs set up to use Tor. And given that the data is bounced around and the limited number of world-wide servers are limited (a choke point), your internet browsing can go at a snail's pace. And it isn't 100% flawless, security wise.
After installing Tor (step 1), you must then install the Chrome extension, Cupcake, or the Firefox Extension, FoxyProxy.
The relay nodes for Tor consist of volunteers, so consider helping and running your own node.
By running this webpage, you are actually offering your browser as a temporary Tor node using Flash Proxy:
side note: Tor was written by the US government to help foreign activists bypass internet censorship and such. It's open source and has been verified to not have any backdoors. The US government isn't all that evil, eh?
further reading: Tor overview, Tor tutorial by EFF, Tor on Wikipedia
A VPN, or virtual private network, is a bit like TOR in that it anonymizes you and your data. The difference is that it's going through the servers of a particular known entity. And some VPNs are a service for a fee, so they retain your personal credit card information and may or may not allow government access to that data. There are also free VPNs but they usually spam you with ads and probably can't be trusted with personal information.
The advantage of a VPN is it gives you an IP address for the country you'd like. For example, some websites block international visitors to reduce bandwidth from mostly non-paying customers, or even from foreign hackers. BBC, the US Postal Service website, and streaming music sites are great examples of websites that limit foreign access.
The VPN I've used is HotSpot Sheild, but their software is spammy and annoying. You can try out a few and also give OpenVPN a try (I've never used it).
further reading: VPN on Wikipedia
True Crypt encrypts files, USB sticks, and even your entire harddrive if you'd like. It's perfect for when carrying sensitive data you don't want stolen, or forcefully inspected when crossing borders or at the airport.
There are two drawbacks. If you forget your password, the data is lost. There is also a performance hit when accessing the data.
further reading: FAQ, EFF encryption tutorial
While encryption is never 100% safe from being cracked, it's so computationally expensive to crack that it'll block 'the powers that be' from drag-net datamining.
image source: xkcd
If someone manages to install spyware on your computer, manually or through a trojan, how do you know and then remove it? HiJackThis is a tool that let's you know what programs run during the startup of your computer. There are many others like it but this is the one I prefer. Not only can it help you identify malware/spyware, but it can also help you speed up the startup process by removing programs you don't need.
It's a very powerful tool for more experienced computer users, so you need to understand what each program does before you disable it. Clever malware are known to make themselves look like common legit software, too. Verify file locations and tricky spellings of fi1e names.
MICROSOFT WINDOWS PROCESS EXPLORER
For programs that are already running, Microsoft Process Explorer is a great tool to help you see what your computer is doing in the background.
Misc Comments
Text is really easy to datamine, while images require significantly more processing power for computers to understand.
When you post something online you believe to be 'sensitive', consider posting the text as an image instead.
Cellphones are an entirely new vector for privacy issues. The EFF has a lot to say about it here. Their web security tutorials are in general worth reading.
It doesn't matter if you used any of the above software if you don't follow basic security practices of choosing strong passwords for all websites, not installing unsafe software, running an anti-virus (with a second anti-virus as backup), keeping your software up-to-date, password protecting your laptop/phone, etc. etc. Knowledge is power, and if you don't have knowledge of basic computer security, start reading. And teach your friends - forward this page to them!
Lastly, our tutorial for beginners on how to protect your website from hackers.
Society of Robots copyright 2005-2014