IP/Privacy/Security Issues

[Richard]

These days almost all sites send some kind of data on you back to facebook, If you use Firefox you can block that with this https://addons.mozilla.org/en-US/fir...ebook-blocker/

Whenever you visit a page that has the "I like"-Button, the button tells FB about that visit. And if you are logged in to FB, FB will be able to save the information that YOU visited THAT PAGE at THAT TIME. And
since you are logged in to FB all the time out of convenience, FB has a complete profile of all pages that you ever visit (i.e of all the pages with this fiendish button, when was the last time you saw a page without?).

Facebook Blocker is a tiny Addon that blocks the flow of information from third-party sites to FB, but still lets you use FB itself and even the "I like"-Button. The only difference is that your data is ONLY submitted the moment you click the button, and not just by only looking at a page.

With Facebook Blocker you can surf the web while being logged-in to FB for convenience, but without FB being able to link the visits of third-party sites to your FB account.

[Dex]

Thank you Richard. Is there a possibility of simply disabling the Facebook link for all of Nexus? Or maybe it is worth it. I don't know.

So, even if I don't click the "like" button on Nexus, Facebook still can track my Nexus behaviors?

[Richard]

Good question Dex, depends how many members are using the bridge, i'll post a poll and we'll see.

[Nazirite]

hank you Richard. Is there a possibility of simply disabling the Facebook link for all of Nexus? Or maybe it is worth it. I don't know.

So, even if I don't click the "like" button on Nexus, Facebook still can track my Nexus behaviors?

There was a similar issue at ATS with either FB or Google and a lot of people weren't pleased.

It was discussed and the explanation was that unless you elected to press FB I like button it would not activate the tracking function.

[InCiDeR]

Summary:
1. Use a more Secure Operating System (OS)
2. Make sure you subscribe to security patch updates (Ubuntu does this automatically)
3. Us a secure browser. Firefox is the best and it is regularly updated with security patches.
4. Protect your privacy with add-ons (Ghostery and Better Privacy are excellent)
5. Use a password vault and never write down passwords in clear or save them to your computer unless you encrypt the file.
6. Use the highest security protection for your Wi-Fi access (At least WPA-PSK)
7. Admin and user passwords must be used and as strong as possible
8. Use a hardware Firewall/Router
9. Use a software firewall for each computer if your operating system can cope with it.
10. Us encryption to protect your privacy and encrypt emails that contain personal information.

Nazirite, I salute your day and being. This is a very excellent summary, and in my opinion it provides enough security steps for a private person that do not have anything special to hide. I was about to go into detail when it come to security, but then I realized it will just cause unnecassary fear mongering for no reason at all.

Because a "common" person on internet will not draw the attention from the government or the "hacker community"... if you not are very unlucky or are totally "wide open"... and if you ever draw their attention there is really nothing much you can do anyway (if you not very skilled yourself).

So... I will not go into any detail... just point onto some good free software to consider:
http://nexus.2012info.ca/forum/showt...-Best-Freeware

UPDATE: I might have to check this softwares up so they still up to date...

Free online virus check of your files that uses ALL of the wellknown anitvirus motors
https://www.virustotal.com

VirusTotal is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

VirusTotal’s mission is to help in improving the antivirus and security industry and make the internet a safer place through the development of free tools and services.

In my opinion the best site when it comes to firewalls, testing and security:
http://www.matousec.com/projects/pro...e/#latest-news

This project examines security software for Windows OS that implement application-based security model – i.e. most of the products called Internet security suites, personal firewalls, HIPS, behavior blockers and similar products on the market. A product must meet some fixed criteria in order to be included in this project. The list of products suitable for this project that we are aware of is available on the product list page.

[InCiDeR]

Forgot to mention this service:


Disposable Temporary E-Mail Address
This website provides you with disposable e-mail addresses which expire after 24 Hours. You can read and reply to e-mails that are sent to the temporary e-mail address within the given time frame.

http://filzmail.com/

This is really good to use if you have to enter your E-mail anywhere on internet (or other occasions) and don't want to use your private one...

[knapsack]

So would this be because Windows is from a big company monopoly, designed to control us?

I am wondering why a Mac from Apple would be better.

Sorry for basic questions. I had never thought about this issue before.

Jeanette

Sorta.

At the core of any OS is something called the kernel, which has direct access to the computer's hardware. It is the program that is left when you strip down everything else.

When the OS is booted up and running, the various software programs running have to interact with the kernel through an interface, so essentially, whatever they need to do, they have to 'ask' the kernel and the kernel may allow it immediately, it may put the request in a queue, or it may disallow it altogether.

The interface, or API is a set of functions, the protective layer around the kernel, sometimes referred to as system calls. As you may imagine, the behavior of these system calls follows a complicated set of rules. And because they are so complex, behavior under certain conditions can be unpredictable, which leaves them open to exploitation.

AT&T has control over UNIX, which is more a paradigm than an actual product. Like a blueprint, specifying which system calls were required, and outlining the complex set of rules that should be used to govern them.

But AT&T were trying to move in the same direction as Microsoft, creating a proprietary kernel around it. The way their copyrights were worded, someone could legally reverse-engineer UNIX and call it anything else but UNIX. So you may sometimes see it referred to as UN*X, or Unix-like.

Linux has its own kernel based on this paradigm, and its source code is openly available. The system calls specified for UNIX were renamed and rewritten by a project called GNU (stands for GNU's Not UNIX), and at the core of a Linux distribution you have a Linux kernel, and a set of GNU functions you can use to make system calls. BSD also did something similar to this. Mac OSes are based on UNIX, and are partially open-source.

in the In a windows system, Microsoft has complete control over the behavior of their system calls. The complex set of rules are not made completely available to the public, and their implementation (the kernel), the finished product is available, but not the source code used to make it. So when a method is found to produce unpredictable behavior, the users are completely dependent on Microsoft to fix it.

With UNIX-like systems, since they are open source, the internal workings are known to many thousands of developers, and have been optimized over the years. Linux distributions have their own systems for bug reporting, but the big difference here is that fixes can be submitted by any of these developers and after a consensus is reached, may or may not be incorporated into the next release.

But if something you propose is not included, there is nothing stopping you from putting it in your own personal system, because you would have (packaged with the OS) everything you need to rebuild the OS.

The long term effect of this is the reason you don't see these systems as vulnerable to viruses as Windows systems. Since there are always thousands of eyes looking at the code, most of the big and medium-sized holes have already been found and addressed.

This is also true for parts of Mac OSes, since its foundation contains open-source components.

So every system will always be vulnerable to something, but to virus writers, windows OSes are the low hanging fruit.

[Nazirite]

Sorta.

At the core of any OS is something called the kernel, which has direct access to the computer's hardware. It is the program that is left when you strip down everything else.

When the OS is booted up and running, the various software programs running have to interact with the kernel through an interface, so essentially, whatever they need to do, they have to 'ask' the kernel and the kernel may allow it immediately, it may put the request in a queue, or it may disallow it altogether.

The interface, or API is a set of functions, the protective layer around the kernel, sometimes referred to as system calls. As you may imagine, the behavior of these system calls follows a complicated set of rules. And because they are so complex, behavior under certain conditions can be unpredictable, which leaves them open to exploitation.

AT&T has control over UNIX, which is more a paradigm than an actual product. Like a blueprint, specifying which system calls were required, and outlining the complex set of rules that should be used to govern them............

Thanks Knapsack - superbly put - I understand it a lot better now.

[sjkted]

Thanks Richard. I've never understood why Macs are more secure (and I'm not very techie, so I won't be offended if you explain this as if speaking to a 5 year old!).

Since Macs moved to OS X, they started using UNIX as the core of their system. UNIX was designed with security in mind. One analogy I've often heard is having a house with one entrance and no windows versus a house with many windows and multiple entrances. Windows is the house with multiple windows and multiple entrances. There are so many ways to break in and thus it is always harder to secure.

Another point is that there are not as many people using Macs, so when people write viruses they often target Windows to get a larger number of people. As more people start using Macs, the more viruses and security issues you will see as it is not perfect.

--sjkted

[Bryn]

The safest way is to not buy a computer & if you do, never switch it on.

This site lists the top 10 [sic] operating systems that the average Joe can use.

10 Pentesting Linux Distributions You Should Try
http://blog.rootcon.org/2012/02/10-p...tions-you.html


Edit:
InCiDeR Hi,
I'm sorry to split hairs, but I need to point this out. Several times you have mentioned the "hacker community" when you are in fact refering to crackers/scriptboys.
The Hacker community is the Glider community, who are the good guys & are the coders/programmers, the very builders from a digital clock upto the space station & beyond.
The media, Govt & Co have corrupted the true meaning.
Hackers = Build...
Crackers = Break...

[Nazirite]

The safest way is to not buy a computer & if you do, never switch it on.

I
I agree with that. If you or we were to go into really paranoid territory - we would come to the conclusion that all and every computer could be hacked/cracked or otherwise compromised.
But the reality is that someone has to be singled out and targetted.
Not everyone is or will be targeted.

Therefore, logically, one should explore how and why someone will appear on the "targeted" radar.

[Bryn]

I
I agree with that. If you or we were to go into really paranoid territory - we would come to the conclusion that all and every computer could be hacked/cracked or otherwise compromised.
But the reality is that someone has to be singled out and targetted.
Not everyone is or will be targeted.

Therefore, logically, one should explore how and why someone will appear on the "targeted" radar.

Hi,

I agree, hence why I posted the link also.

[Nazirite]

I agree, hence why I posted the link also.

You said it - I'm just agreeing.

I believe it is a point that should be driven home - by informed people like yourself.

[InCiDeR]

The safest way is to not buy a computer & if you do, never switch it on.

This site lists the top 10 [sic] operating systems that the average Joe can use.

10 Pentesting Linux Distributions You Should Try
http://blog.rootcon.org/2012/02/10-p...tions-you.html


Edit:
InCiDeR Hi,
I'm sorry to split hairs, but I need to point this out. Several times you have mentioned the "hacker community" when you are in fact refering to crackers/scriptboys.
The Hacker community is the Glider community, who are the good guys & are the coders/programmers, the very builders from a digital clock upto the space station & beyond.
The media, Govt & Co have corrupted the true meaning.
Hackers = Build...
Crackers = Break...

Bryn, I salute your day and being. Do not worry to split hairs with me, that is one of the reasons I enjoy this forum ... for me it is a way of learning, understanding and growing. Otherwise I had no reason to visit this place because everybody had consensus, then I could talk to my cat instead!!!

The reason why I use "hacker community" is because that is what I consider myself being a part of before... and all the members there refered to it like that as well... therefore it comes natural for me. But I am aware that the word "hacker" or "cracker" are used differently depending who you ask, for example wikipedia put it like this:

Hacking means finding out weaknesses in an established system and exploiting them. A computer hacker is a person who finds out weaknesses in the computer and exploits it. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.[1] The subculture that has evolved around hackers is often referred to as the computer underground but it is now an open community.[2] While other uses of the word hacker exist that are not related to computer security, they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker,[3] not making a difference between computer criminals (black hats) and computer security experts (white hats). Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers. (...)

READ MORE:
http://en.wikipedia.org/wiki/Hacker_(computer_security)

So am I wrong refering to "hacker community"? Both yes and no... I believe it comes down to the eye of the beholder!

[Amer]

Lots of interesting reading here, will try to implement some of the suggestions when I find someone to help me - unfortunately I am not up to speed on computer technology, will have to do some more study.

At the moment though can anyone tell me a safe enough email provider to use immediately? I need to change from hotmail as I continue to get a message that says someone is trying to interfer with my connection, to close the site as it is not secure.

Suggestions anyone? How about gmail?

[Amer]

How about gmail?

Ok didn't know that gmail belonged to Google- this shows my level of ignorance regarding these things

Anyway today Google's new norms regarding our privacy go into practice. The following article suggests ways to limit the damage but what I'm not clear on is do I have to have an actual account, as in gmail/Google/Youtube in order for them to collect data? The article suggests going into Google Dashboard to see just the level of information they hold on you, and if you want to cancel your web history to go into Google History; I tried both of these but they ask me for a password- which I don't have. does that mean the data collected on me is that of an anonymous user?

http://www.businesspost.ie/#!story/T...8-ad7020420121

---------- Post added at 09:30 ---------- Previous post was at 09:26 ----------

Techie question for Richard - I see you've added the Google Search to the forum in place of the previous setting that was there- so also from here at Nexus Goggle will be collecting information on our "unusual" searches ?

[InCiDeR]

(...)do I have to have an actual account, as in gmail/Google/Youtube in order for them to collect data? (...)

Both yes and no. When it comes to the official version YES. So if you don't have any google account you have no history to erase.

Here you have an alternative online mail:

http://www.hushmail.com/services/hushmail/features/

[Amer]

Here you have an alternative online mail:

Thanks so much InCiDeR. That's really helpful.

[DogstarRising]

"These days almost all sites send some kind of data on you back to facebook, If you use Firefox you can block that with this https://addons.mozilla.org/en-US/fir...ebook-blocker/" Hi Amer I just did this. After you see the message "Add-on will install after you restart Firefox", should there be something visible so I can tell it installed?

For anyone interested in using Ubuntu, search for a local Linux users group. You'll probably find someone who can help you partition and install, or replace Windows with Ubuntu. It is so hassle-free. I also use Centros, another Linux OS. They look a little different but once you get used to it, it's great.

[Dex]

Just curious: what happens if I click the little Google icon in the upper-right-hand corner?

Thanks!

[Nazirite]

RU Teasing Dex?

Or are you on planet X-ray at the moment?

[Dex]

RU Teasing Dex?

Or are you on planet X-ray at the moment?

Nope. Why? Sorry if this has already been explained and I missed it.

Curious about things like:

• Where does the link go?
• If I have my gmail account open and click the Google link, will it associate my gmail username with the search? (assuming that the link goes to search)
• Assuming this is the app driving the search function, is there less-evil alternative to Google?

Thanks!

PS: It's Planet deX-ray!

[Nazirite]

Curious about things like:

Where does the link go?
If I have my gmail account open and click the Google link, will it associate my gmail username with the search? (assuming that the link goes to search)
Assuming this is the app driving the search function, is there less-evil alternative to Google?

When you said about the google link in the top right corner I was confused - I dont see a google link on this page but now I see you were talking generally about a google link that may be on a page you are looking at....I think.

PS: It's Planet deX-ray!

Thats right, just turn it round to be all about you

[Dex]

When you said about the google link in the top right corner I was confused - I dont see a google link on this page but now I see you were talking generally about a google link that may be on a page you are looking at....I think.

upper right hand corner of the nexus frame, just below "Advanced Search" (in the gold bar in the Zen II layout, anyway).

[Nazirite]

upper right hand corner of the nexus frame, just below "Advanced Search" (in the gold bar in the Zen II layout, anyway).

Well spotted Dex - never noticed that before. Click it and see what happens - go on I dare you.