|
|
Other reader web safety tips
I got the note below in December 2002:
I was reading your article about Internet Security and keeping your identity
safe. I work in IT, so I thought I'd pass on what I know in case someone finds
it useful.
Running Windows? Try the opera browser (www.opera.com) it can be set to throw
away all cookies, what sites you've been to and empy it's own cache when you exit.
Evidence Eliminator is a paid for product, but you can get fully working
copies of it from Computer magazines (if you're lucky).
There's also a freeware program that performs a similar function - you can
get that from http://www.securitysoftware.cc/apps.html
Have a look for "wipeout".
If you plan on doing a reasonable amount of email - consider an extra email
client to Outlook Express. Eudora, Pegasus, etc are all good
email clients and you can hide them away on your computer to reduce risk of
being caught in the act.
I received this in August 2003:
Web browsers:
I use Mozilla Firebird (http://www.mozilla.org/products/firebird/) as my
web browser. It's cache/cookies/history are easily cleared with a couple mouse
clicks.
Web-based email services:
I would NOT use Hotmail, Yahoo, Excite, AOL, or anything else that offers
web-based email services. Your login is secure with Hotmail for example, but
any email you read can be monitored. (Snort, http://www.snort.org, run that
on your computer while surfing the web and all sorts of things will be turned
up) I'm sending this from a Hushmail.com account, with an automatically generated
email address, reading my email over 128-bit SSL and then further encrypted
by 2048-bit security for anyone sending me an encrypted email. The subject
line might give something away, however.
AIM, MSNIM, YahooIM, etc.:
These are easily monitored, just like HTTP traffic can be. Jabber (http://www.jabber.org/)
can run over SSL can connect to the AIM, MSNIM, YahooIM networks, keeping
your side of the communications secure.
Registering your own domain:
GoDaddy.com offers privacy-protected domain name registrations for only $9.00
extra a year. They simply put a valid front company in your WHOIS record.
Putting fake information into a WHOIS file for a domain could be grounds to
get it removed.
This also came in during August 2003:
Just reading your safety tips, maybe there is another one you could add.
It's a very sad case, I corresponded with a woman like myself (I transitoned
finally in 1974) and we got to know each other. She was married, and just
her husband knew about her.
She liked hopping around the internet and sometimes even disclosing her past.
One guy got her even in such a state of believe in his true interest into
all things TS, so she sent him a pic of her with minimal blackening of her
face. Because, as she believed him, he was from another city several 100 miles
away from her own (which she wisely had not disclosed to him).
However, after some days there was something strange goin on in her circle
of friends. And on one evening her husband came back full in arms, a friend
has not openly told him about his wive being a former TS but had made strange
comments.
So, to keep that letter short, finally she found out that this man, she sent
the picture, not being from a city far away but living just some houses away
from them. He used that city because he was born there and wanted to hide
his wherabouts for unknown reasons.
And now my advise: had she put his emailadress into Google, she would have
found out his adress, as I have shown her after she has told me all that story.
NEVER EVER believe a stranger ANYTHING online. Check her/his email. put the
name(s) into the search form and/or any personal information she/he may have
given.
For her it's too late, her husband left her because he could not stand all
that whispering around him anymore.
A reader wrote in July 2004, "I just had to offer an addendum to your
series on internet safety and privacy, because it comes from personal experience.
Please feel free to use it if you can. I think it is pertinent, especially since
the 9/11 incident."
Ever since 9/11, the world is a different place. People are more cautious,
protective and scared. Governments and Corporations are working harder than
ever to stop the flow of important information out of their companies, and
also to stop the flow of unwanted items back in. Hackers and cyber spies are
working extra hard as well; some to steal government and corporate secrets,
others just to break into websites and information storage spots, just for
the sake of saying they can (a power play). Some employees are even paid to
sneak information out of places. As a result, many organizations have hired
information “security specialists,” whose sole purpose is use an
arsenal of tools and countermeasures to monitor and stop this type of activity,
and hopefully prevent it from happening in the first place. Sounds like international
espionage, doesn’t it? It is ;). Specialists are armed with unique tools
and certifications, and one of them is called a “sniffer.” These
little utilities (usually software programs) are designed to track pieces
data flowing in and out of places, and also track where it is going, and where
it started. It has been said that Safe Surf sites can avoid this sort of thing,
but not entirely.
For example, let’s say you work at the West Coast Widget factory. While
they can’t see what you are sending, if you are behind their security
firewall, they can see that you spent some time using a safe surfing site,
and that could arouse suspicion. What’s more, today’s sniffers and
snoopers are getting to where they can actually decipher some of that data,
so if you are sending personal information, it might be readable, if they
wanted to. This goes back to the notion that any public place is at risk.
So we should all surf from home, right? That way all I have to worry about
is my family, right? Maybe not. Online services (like America Online), and
Internet Service Providers (ISP’s), since 9/11 and the Oklahoma City
Bombing incident, have taken steps to make sure that their customers are not
going to contribute to that sort of thing in the future. New laws have allowed
them some leeway to implement such monitoring to an extent. “Great, you
say, this means no place is safe…” Well, yes and no; there is some
hope (read on). When you log in from anywhere, you get a unique number (the
ubiquitous Internet Protocol, or IP address). This may be just within your
internet company, or it may be a unique world number. And if you have one
of those nifty router firewall things, you are not immune either, because
it still has one that the internet company gives it. Ever had one of those
popups that shows you your IP address and tries to sell you some bogus protection
software? “WARNING: you are broadcasting 123.456.78.90!” That’s
the number (the popups are mostly silly jokes, by the way). You can also visit
http://www.whatismyip.com, if you want to know what it is.
Don’t freak out yet, there is more. Safe surfing sites sometimes act
as “proxies,” and act on your behalf to send a pretend IP address
to make it look like you are in Norway when you are in New York. But remember,
the site itself that you are browsing through can see your IP address too,
so make sure you trust that safe site as well. IPs are unique out on the net,
and specific ranges of numbers are unique to certain companies. So if you
are with blahblah Internet, that number tells whoever may see it that you
are in that part of the world, IF they can figure it out. If you log into
irc or a chat program, it’s sometimes easy to tell generally where you
are, because sometimes it will show as blahblah@int.internetcompany.net, or
part of your IP address (which is safe) and so forth. Well ok, so that gives
a vague, sometimes 10 state range of where you could be since the internet
company can be very big, and AOL is everywhere. The problem is if someone
has your IP address, programs and utilities that do a thing called route tracing
can follow a piece of data over the internet, back to where your IP address
is. Suddenly they can see the town I am in, and the internet company I am
using. Now consider that and the fact that internet companies can monitor
the data going between you and their service, and THEY know exactly who you
are (or who is paying the internet bill, right down to the street address).
Ack!
Well, remember I said there was hope? While AOL is probably the best at tracking
data like this (they can log AIM chats too), as they are an online service,
regular internet companies can too. BUT, remember what they are looking for
is in relation to matters of national and international security, not our
personal health concerns. *phew* AOL simply cannot afford the time and people
it would need to watch everything, so you are going to be safe for the most
part. Everything on the internet has a trail, but if you don’t arouse
suspicion, no one will ever bother to care. Most individuals don’t care
either, unless you are doing something suspicious. But maybe there is something
to be said for those random internet cafés and libraries after all.
This is the most important: especially if you are young, please “Watch
what you say,” no matter where you log in from. If you start using words
like “Anarchy,” “Bomb,” and “President,” particularly
in the same sentence, their little monitoring software might wake up and wonder
what is going on. Then again, if you WANT attention, well, that just might
be a good way to do it J. But it’s not that likely if you use yer noggin’.
You have to decide what you want to share, just don’t get carried away
like I did (see below). Also remember that almost all messenger chat programs
and emails can be logged by the company or service offering them. This includes,
AIM(icq) as I said, but also, MSN, Yahoo Messenger, Jabber, irc, (and others)
and even mobile phone TXT messages.
I have always been called “too trusting,” and I realized how much
one day. I was lonely, and had wanted soo much to reach out to someone, anyone
almost, so I trusted a little when I should have waited. Suddenly I was informed
there was a doctored picture of me on a smut site. I had been taken advantage
of, and ended up losing my job, not to mention a lot of friends, and ended
up going into hiding for a while, all because I was a bit too naieve. I had
used a safe surfing site, and an IP proxy, deleted my browsing history, all
of it, and I thought I was completely untraceable. I was wrong. Both at home
and at work, I was still visible. In fact it was someone (a then friend) who
was a moderator on a message board I visited. Turns out this person also happened
to work at my then internet service, (I had no idea). Message boards often
record the IP number to make sure it’s the right person logging in, which
is perfectly in the board’s rights to do so. But in this case, it was
over the line, and taking that login and home IP number back to the ISP, got
a match. I was humiliated, and the rules of respecting privacy were broken.
I could have made something out of it, but I was stuck because I didn’t
want or need that kind of publicity. The course in common sense has only one
class period, and I learned fast. And this was before 9/11 even happened.
Some years later, I still needed people to talk to, and decided that I could
trust people here, and so I am back, but a lot more timidly now, and with
more street smarts. I have decided to take that risk once again.
More hope to allay your fears: Consider that ANY type of communication can
be misinterpreted, gossiped, lied about, etc. That’s just life. The internet
does allow for more misleading stuff, but it’s still communication, so
the basic common sense rules apply. And when you talk to someone else, phone,
in person, or on the net, there will always be some inherent risk. I learned
this the hard way, even though it was an extremely rare occurrence. Here is
a good rule of thumb, if it feels wrong, DON’T. Common sense is an oxymoron.
Other web resources
The following excellent links were submitted by my clever deep
stealth readers.
TOR (http://tor.eff.org/)
There is also a program called TOR http://tor.eff.org/ that you could have a look at. It defends users against traffic analyzing. Protecing against sites that tries to profile internet usage.
SamSpade (http://www.samspade.org)
This site has several great tools, but the best for surfers is their safebrowser
option. It opens a page through their website, so there is no trace back
to you. This browser lists source code and not images, though. That means
you'll get the text, but you'll also get the code that formats the web page,
which can make it hard to read. For text-based sites, this is good, but
you will not be able to see any photos. To see a page as it's laid out,
I suggest looking at the cached version of a page through Google's search
engine. This is only available for pages catalogues by Google, though.
Fravia's Pages of Reverse Engineering
(currently available at: http://www.anticrack.de/fravia/noanon.htm)
Encription for the Masses (http://www.e4m.net/)
The Freedom Project (http://freedom.gmsociety.org/)
is maintained by the George Mason Society
Identity theft protection
Identity theft is the fast-growing crime in America and is tightly linked to
the concerns listed above. I know a woman in our community whose identity was
stolen, and the perpetrators got ahold of all her personal information, including
old name, addresses, etc. It is extremely important to protect your privacy
whenever possible.
A corporate attorney sent the following out to the employees in his company.
1. The next time you order checks have only your initials (instead of first
name) and last name put on them. If someone takes your checkbook they will not
know if you sign your checks with just your initials or your first name but
your bank will know how you sign your checks.
2. When you are writing checks to pay on your credit card accounts, DO NOT
put the complete account number on the "For" line. Instead, just put
the last four numbers. The credit card company knows the rest of the number
and anyone who might be handling your check as it passes through all the check
processing channels won't have access to it.
3. Put your work phone # on your checks instead of your home phone. If you
have a PO Box use that instead of your home address. If you do not have a PO
Box, use your work address. Never have your SS# printed on your checks. (DUH!)
You can add it if it is necessary. But if you have it printed, anyone can get
it.
4. Place the contents of your wallet on a photocopy machine, do both sides
of each license, credit card, etc. You will know what you had in your wallet
and all of the account numbers and phone numbers to call and cancel. Keep the
photocopy in a safe place. I also carry a photocopy of my passport when I travel
either here or abroad. We've all heard horror stories about fraud that's committed
on us in stealing a name, address, Social Security number, credit cards, etc.
Unfortunately I, an attorney, have firsthand knowledge because my wallet was
stolen last month. Within a week, the thieve(s) ordered an expensive monthly
cell phone package, applied for a VISA credit card, had a credit line approved
to buy a Gateway computer, received a PIN number from DMV to change my driving
record information online, and more.
But here's some critical information to limit the damage in case this happens
to you or someone you know:
1. We have been told we should cancel our credit cards immediately. But the
key is having the toll free numbers and your card numbers handy so you know
whom to call. Keep those where you can find them
2. File a police report immediately in the jurisdiction where it was stolen,
this proves to credit providers you were diligent, and is a first step toward
an investigation (if there ever is one). But here's what is perhaps most important:
(I never even thought to do this.)
3. Call the three national credit reporting organizations immediately to place
a fraud alert on your name and Social Security number. I had never heard of
doing that until advised by a bank that called to tell me an application for
credit was made over the Internet in my name. The alert means any company that
checks your credit knows your information was stolen and they have to contact
you by phone to authorize new credit.
By the time I was advised to do this, almost two weeks after the theft, all
the damage had been done.
There are records of all the credit checks initiated by the thieves' purchases,
none of which I knew about before placing the alert. Since then, no additional
damage has been done, and the thieves threw my wallet away this weekend (someone
turned it in). It seems to have stopped them in their tracks.
The numbers are:
Equifax: 1-800-525-6285
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
In this section:
Transgender web safety
Safely visiting transgender websites
Safely interacting with others online
Putting up your own website: pros and cons
How to minimize an existing web presence
Readers who have been outed online
Reader tips: online safety
Other web resources
|
|
