I’m looking at this experiment as a learning tool for my current studies in cyber/info security.
I’m also looking at it from the perspective of the potential benefit (or lack thereof) that I may derive in terms of greater (perhaps future) privacy (what good is a site called “A Little BIT Safer” if not for this?)
I started by changing my email address. I know that NO unencrypted email is safe, regardless of address – but using a non-Gmail address gives me more control, and is one step on the way towards extracting myself from the Google product labyrinth.
I spent several HOURS attempting to eliminate all current connections and product links from same on the Google site. Everything – even location information. Where necessary, I put in ‘incorrect’ information – if a form field required it.
I do not think I completed the tasks – but I did spend at least 4 hours eliminating whatever stored details that I COULD control.
I could have probably taken a simpler route (who knows if it works) and simply deactivated or closed my entire Google account. I was not prepared to do this since I am still working on saving my emails locally using Thunderbird.
This will be INCOMPLETE at best, and it certainly has (from what I’ve learned thus far) little or even NO effect on ‘history.’ I entered into this experiment fully aware of that. There is nothing that I currently know how to do (maybe some day) that can change that.
Once I have taken care of what I CAN control vis a vis Google and the other social media sites, I can use my LastPass Vault to access the dozens of sites that I log into and change their login credentials to suit my needs. That is one good thing about having gotten comfortable using LastPass. I don’t have to remember all of the places I actually use since they’re all collected in the Vault.
Other tools I am using or planning to use/experiment with (I know… yawn… many have been around for ages – all are free):
1. I use Comodo’s IceDragon (a modified version of Firefox) – it is excellent.
2. I use Thunderbird for my email client – and I use a digital certificate to digitally sign my emails (but I need a new one for my new non-gmail address)
3. I am using DuckDuckGo (see vid below) for my search engine – I like their explanation of how they work.
4. I use SpiderOak for cloud storage (because of their zero-knowledge policies)
5. I use 3 layers of anti-malware/antivirus: Comodo Internet Security 2012 Pro (free for me , Malwarebytes Anti-Malware, and Spybot Search & Destroy – all resident in the system tray and all tailored for max. benefit w/o too many false positives.
6. I also use a bunch of other utilities like Glary and CCleaner and Speccy. You can get a lot of great, crap-free (no extra junk) stuff from a site they taught us about in school called Ninite.com I HIGHLY recommend it. The ‘installer’ is COMPLETELY free of extra junk. Just the program. Also, if you already have a version of a program that is ‘newer’ than Ninite has, it will know just to ‘skip’ it and tells you that it did so. You can’t go wrong. They certainly do not have everything – as you can see from what I use – but it’s a good starting point. It’s good for Windows and Apple and Linux I think.
U.S. Inquiry of Google Is Expected to Press On
Google must submit a plan in January to change its practices to avoid a fine or finding of wrongdoing, Europe’s top antitrust enforcer said.
I think that the real issue isn’t going to be these ‘revelations’ and court cases – but the issue of how we can all learn what we can and maybe ‘should’ do to protect ourselves to the best of our abilities.
I have nothing personally against Google or Facebook. They’re companies and they make a lot of good products that billions of people like. They are just corporate entities though – and if history teaches us anything it’s that 99.9% of corporate entities do not act in our personal realm of ethics and morals – or at least the don’t until they get caught or forced to do so. It’s why we have regulations and laws that go along with capitalism, obviously. We all know that the game (usually) is to maximize profitability and shareholder value. It’s kind of absurd to argue otherwise.
I started this blog because I wanted to educate myself (and others) regarding things like the safest means of using email, learning where and how my data is stored online, and perhaps continuing to investigate and understand what my digital fingerprints have touched, and if there is anything I can do about it.
I don’t know why it takes these governmental investigative agencies so long to act.
I suspect that for a lot of people the fingerprints are permanently etched and what can be ‘done’ is less than many people (including myself) would like to do in terms of clean-up.
I do want to give people a sense that there is HOPE though – with proper training and (hopefully) simple enough tools.
I do know that many hundreds of writers, bloggers, podcasts, security specialists, and countless end-users have been stating the ‘obvious’ long before I came along.
I’m just trying to figure out what to do about it.
Hopefully as I gain the cybersecurity education (formally) and mix it in with my life/work experience I will be able to help myself and others do what ‘can’ be done.
Maybe even help a bit in training newer users regarding how to (like my tagline) ‘navigate the digital(mines) and play IT Safe(er).’
This seems like a pretty simple question. But I know that I probably could NOT answer it with any degree of certainty…. which is kind of scary.
If you had to list all (or even 90%) of the Websites that have your credit card information stored on their sites…. COULD YOU?
Did you even know that some of these sites do this without even telling you that they do so?
The one that I use – without naming names – is one of the biggest in the world and certainly does this. There may be something buried in the fine print.
I do KNOW that in order to make a purchase using a credit/debit/whatever card I have to enter it and it gets auto-stored (as I call it).
There is NO option for this NOT to happen. NONE.
After the purchase is complete then I have to go back in every, single time and manually delete the card it just stored.
Me no like that. I asked them about it and I just got the runaround – about how safe it was and so forth. I want the option (wouldn’t we ALL????) to have this NOT be the case?
Am I alone in this? Did you take a look at the list of data breaches on privacyrights.org ?
Another related question:
If you had to list all of the so-called ‘cloud storage’ sites that you either use or have used (which usually means they still have your info) – COULD YOU?
I know I had a hard time with this one too: Mozy, Dropbox, SkyDrive, Google Drive, CX.com, Sugarsync, SpiderOak – and do you actually know WHAT is on each of them? Oh, and let’s not forget about some of the ‘sync’ programs like Crashplan, that I had to spend hours and 20 emails on to get my account deleted? Do I even know if it is really done?
This is something to think about. Just these things – the stored credit cards and the offsite/cloud-storage/data-synch/whatever name they go by companies.
It certainly is for me.
I want ta program that I can use that tells me where everything is stored so I can go and see if I think it’s safe there. There ARE ‘safe enough’ places for certain kinds of data – and then there are places where nothing is probably entirely safe. I like SpiderOak because of it’s security policy. But I have a LOT of work to do regarding the credit cards and other GB of stored data.
Consumers, small business people, and just about anybody with an interest in learning what’s really going on can benefit from two sites I have recently started to use much more frequently to try to understand some of the basics of what people ACTUALLY face every day (and it applies to online and offline transactions and things you would not necessarily even think about)
As a cybersecurity student and blogger, I have, of course, had to face the avalanche of daily information from such diverse sources as blogs, podcasts, e-zines, mainstream media, LinkedIn groups, other social media sites, and on and on when it comes to trying to filter and understand the who/what/when/where/how and why of information security.
Two sites that are extremely well known and are not news to any of those experienced people – but are pretty new to me:
Privacyrights.org Privacy Rights Clearinghouse: Empowering Consumers, Protecting Privacy
Electronic Freedom Foundation (EFF.org) Electronic Frontier Foundation: Defending Your Rights In The Digital World
There is lots of really straightforward, practical advice on how to begin to protect yourself.
The list of data breaches that privacyrights.org has collected since 2005 (something over 605,000,000+) was enough to scare me silly
This seems like a good approach – It is targeted towards 6th-8th graders. I do wish there were similar ‘games’ for high-school aged kids as well. There may be… if you know of any that are like this let me know. This is a joint effort between the Army and the National Science Center.
Security Awareness without making it overly complex, intimidating, and filled with jargon. It seems like an approach that could actually work for all age groups if done in a clever manner. The feedback I get from adults is that it is absolutely overwhelming to try to learn all of the things that they ‘need’ to learn to be safe and have a modicum of privacy.
I can relate to that. It may be that as generations move on it will become second nature and the tools will be much more user-friendly – or even transparent and require no user knowledge. I understand that that is how technology usually works. BUT – what about the hundreds of millions of people right now, who are too busy and stressed and on information overload to try to absorb yet another body of knowledge.
I know people might respond that we can, perhaps, incrementally train each other – but from what I understand, even the ground-rules keep changing… one day you hear that you should always use sites with HTTPS and not HTTP for transactional/personal ID stuff… and then you (or I) read that even that isn’t entirely true or safe – my own textbook states that these HTTPS sites can be spoofed as well.
And… from what I understand, even though something like HTTPS has been around for quite a LONG time, many people aren’t even AWARE of its existence or use (or LACK thereof – which is what ‘matters’).
I’m just speculating out loud – as a second semester cybersecurity student. I see that from my LinkedIn groups there are dozens, if not hundreds of articles on all of this – and in blogs – and in podcasts. It’s so overwhelming that even I don’t know how to filter it.
That’s the truth (or my truth at the moment).
Kleiner Perkins calls it “Re-Imagination” in the context of the changes that have been/are taking place in this arena.
Indeed, as some have suggested, the future might not have as many open Windows as you might think!
But who really knows? There are always unforeseen obstacles and circumstances that these companies and their products run into along the way that can temporarily or permanently derail them. For example, which of them will end up using Numenta’s (Jeff Hawkins) GROK before the other and to what end? (see my previous posts on this paradigm shift)
This is a great slideshow to flip through though.
(I want to thank my brother for providing me with the link to this material – he’s in the tech field and very up to date on trends/analysis)
I think that this is one of the pages that seemed to clearly indicate a major market change – a decline in Microsoft’s control and dominance – and perhaps (and I say this very cautiously) a decline or even ‘fall’ of Microsoft to whatever extent that is possible:
Now I really feel like a Borg – it’s like we’re all thinking (and writing) about the same thing. It’s hard to tell where the ideas come from sometimes.