Yesterday, I read an interesting, funny but alarming blogpost that there is a company that did a test on the police of Berlin to see if they would believe a fake email and a fake link to a website that says they should enter their user-password into a special database. 252 out of 466 opened the email and 35 police officers entered their login credentials. So everybody can become a victim and that’s why it is important to raise awareness about cyber security.
Last week, I stumbled upon a tweet from BeeSecure that said:
Interesséiert drun wéi een seng Donnéeë ka verschlësselen? Dann ass den Digital Privacy Salon, déi richteg… https://t.co/qiKUId3fPA
— BEE SECURE (@BEESECURE) 26. November 2015
This caught my interest as I think, Digital Privacy is something that really concerns everybody who browses the internet today. As soon as you’re connected to the World Wide Web, that means also that you are vulnerable and open to cyber threats. And also, you’re tracked all the time. In fact, the big companies like Google, Facebook etc. – well – their business is big data. Do you pay anything to use their services? No. And yet, they have huge infrastructure, facilities with servers etc.
Although cyber security may be very complex nowadays, there are however several things you can do as an enduser to ensure more privacy and more security on the web. These are not complicated. And that’s what the Digital Privacy Salon Luxembourg is all about. These sessions are free, intended for everyone and no prior technical expertise is assumed.
„Digital Privacy Salons are skill & knowledge sharing sessions which aim to teach people the basic ways of protecting themselves and their data from intrusive surveillance. Generally the salons deal with how to have private conversations over instant messaging, how to encrypt emails, how to browse anonymously amongst other things. It is very important that you leave the Privacy Salon with tools & knowledge you can use on a daily basis, and explain to your friends how to do it too. All the attendees should come with device(s) they want to install tools on.“
In the meantime I want to share with you the tools we have been discussing.
We are being watched
I love the TV show „Person of interest“. Although it is fiction, many things they’re talking about, are not really far from reality. In this case, I mean by „being watched“, being followed and tracked on the intenet. This happens on nearly every site you browse. For example you go to a news website like welt.de, then there are 19 companies in total that will get your data. Well not all your data, but for example your IP address, browsing habits you can see these connections on the interesting website Trackography:
Why are we being tracked? Online tracking is part of a larger industry which makes a profit out of our data. The data industry makes billions of dollars from collecting data about who we are and what we are interested in by tracking the websites we access every day.“
So what to to about that? There are tools that can help us to avoid or minimize this.
System and browser
To access the internet, you need some tools. Most people use Windows computers nowadays, so this is of course the most vulnerable system. It’s susceptible to viruses, malware, trojans etc. Then there are Mac-Systems and Linux-Systems which fewer people use, so also less threats. As with SmartPhones, the Android-system is very widerspread, vulnerable and open. It is very difficult to secure. The iPhone OS is more closed as also proprietary. Good browsers to use are still Firefox and Google’s Chrome. In any case, ermm forget about Internet Explorer ;-)
One simple thing to check at every website, is if the connection is secure, above all when you enter login data. It is important to check the URL address. It should says https:// instead of just http://. The „s“ means: secure. It means that your communication is encrypted by SSL.
The first interesting plugin we looked at is called:
HTTPS Everywhere from EFF (Electronic Frontier Foundation)
You can install this plugin to your browser. Chrome, Firefox or Opera are supported. This plugin ensures to use the secure version of a website whenever it is possible.
Block ads and tracking
Above I presented Trackography which shows that we are tracked by various sites by embedded code in websites. One tool we can use to prevent most of this is:
It is simple to install and works quietly in the background.
Evil scripts that run in the background may harm your computer. So it would be a great idea to deactivate scripts in your browser. The problem is however, that without scripts, a lot of websites are no fun and no more interactive as maybe too many contents are blocked. However here is the link to NoScript, only for Firefox though.
Since several years, experts say, Adobe’s Flash technology will die. In fact, Flash often had security problems in the past and since Apple said, it would rather go with technologies like HTML5, Flash development has decreased. Today, Adobe even released the new Creative Cloud Apps, and astonishingly, Flash has disappeared, been rewritten and now been integrated into Adobe Animate CC. So whenever you can avoid Flash and that there is an alternative, then use the alternative. Like for YouTube for example you can simply go to:
and check the option „the HTML5 Player is currently used whenever possible“.
Is this link secure to click?
Before clicking a link, you often don’t know if it leads to a website which can be trusted. So here is the next interesting plugin:
www.mywot.com Web of Trust puts a little icon next to your links. If it is green, it is safe to click. When it’s red: be careful.
Nowadays there are tons of applications to connect to your friends, to chat, to share data, like Facebook Chat, Messenger, Facebook Chat, WhatsApp, Viber. All these are not secure. If you want to be on the secure side you can use
crypto.cat: „Cryptocat is a fun, accessible app for having encrypted chat with your friends, right in your browser and mobile phone. Everything is encrypted before it leaves your computer. Even the Cryptocat network itself can’t read your messages.“
A good Skype alternative would be: Jitsi Meet.
I like to use services like Dropbox or GoogleDrive to store documents and to be able to access them from every machine. This is really handy. However Dropbox has been a victim of password stealing in the past. If you have critical data, it would be better to use other services. If you have to transfer data like Edward Snowden, you better use:
They say: „Our baseline premise is the user alone holds the key to decrypt their data. Data shall never be transmitted or stored in a non-encrypted state and we never store the encrypted data along with its keys except on the user’s computer.“
A good review on Spideroak can be found on the Cloudwards Blog here.
Our mobile phones are mini computers. So they’re as vulnerable as their big brothers. To ensure secure communication (phone calls, SMS) with end-to-end encryption on your mobile, there are these great tools from:
Passwords have to be used all the time in our modern world. For every service you need a password, mostly online. Most critical of course are those services that have to do with your money. Your online banking or services like Paypal etc. Two days ago, I read an article that 1 of 10 internet users use the same password on every site they use. That’s really the thing you really should neverrrr everrrr do. Most people find passwords very annoying and nobody can remember all the passwords if they have to change for every site. However there is a solution, that is a password manager.
www.KeePass.info. KeePass is a password manager that lets you save all your passwords encrypted with a masterpassword. I can also help you create secure passwords that are not like 12345 ;-)
I personally like to use Pastor on my Mac, which has basically the same functionality.
Unfortunately, this topic is complicated because when you want to use encrypted e-mail, the one receiving the e-mail also has to use that service, otherwise it makes no sense. So we skipped that topic. However, when you really want to encrypt, then GPG is interesting to look at. Or EnigMail. There are other systems out there, for example ProtonMail and even Google Extensions for GMail.
A good article on how to encrypt your emails can be found on the Cloudwards Blog here.
Go even more anonymous
There is a project that is very interesting if you even want to go more anonymous on the web. Issue with this is, more security also means the less fun.
„Tor is free software that protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.“
Search engine alternatives
Everybody uses search engines, everyday. Google knows everything :-) However, these search engines also track what you are looking for and they’re saving your search history and are evaluating it. When you check out the Tor project, you can discover that it uses a different search engine:
or here is yet another you can use that won’t track or hack you: www.ixquick.com
At the end of this Digital Privacy Salon, we looked at these resources to stay up-to-date:
Report Web Abuse
„URL Abuse is a public CIRCL service to review the security of an URL (internet link). Users regularly encounter links while browsing the Internet or receiving emails. When there are some doubts regarding an URL (e.g. potential phishing attacks or malicious links), users can submit an URL for review via URL abuse.“
Finally: Thank you BeeSecure for the Pizzas and Red Wine :-) And thank you Hackerspace / Level2 / Digital Privacy Salon for the insights!