Sunsetting Statement

This post marks the last of the active life of this blog, which was always intended as a short-term endeavor, an experiment if you will. That said, I have learned quite a bit both in the writing and the research for the posts during this time. Part of it was being consistent about writing these posts even though a lot of times I thought about just blowing them off due to sleepiness, lack of motivation, or any number of other reasons. Second, having to think about how to best explain the function of many of the apps/services I wrote about helped me to make connections to other things, which as a side effect led me to a better understanding of what I was writing about. Arguably I was already somewhat knowledgeable about the subjects beforehand, what prompted me to write about them was what I perceived to be a lack of information as to what the common citizen could do to help protect their security/privacy online, so I made a move to fill the void.

As to the experimental nature of the blog, I was testing the effectiveness of a short-term limited-scope blog in capturing and directing my explorations of a particular subject, in this case computer security for the everyman. In that regard it was very effective, admittedly I made a list of subjects to write about from the very beginning to simplify the process later on, and this helped immensely, as not knowing what to write about was never a possible excuse. I see this as great for future short-term explorations, making a list of everything I might want to look into, then subsequently researching it, and writing about it as proof of having done the legwork.

The public nature of this experiment is another interesting facet. I found that having an imaginary audience online made me feel accountable, anyone could look at my blog and see if I'd skipped a day, of course no one would have cared enough to call me out on it as no one is exactly who read my blog. The perception that this could hypothetically happen however kept me writing. The actual audience of my blog is difficult to estimate, right now it sits at almost 300 views, but with so few it could be google spiders or other bots that are causing the numbers to increase as opposed to actual readership.

Overall I call this experiment a smashing success, its most important contribution that it opens the gate for similar short-term experimental blogs in the future, guiding and documenting research & experimentation.

Most Secure Browser

With all this online security talk, you might be wondering wich browser is the most secure. While I could launch into a discussion on the security merits and flaws any particular browser, that would go beyond the non technical scope of this blog, and be largely pointless since it can be boiled down to this: No browser is the safest.

I can say this with fair certainty because while any particular browser excels in one area, it falters in another, leaving it vulnerable. The essential idea is that nothing is bullet proof,  maybe youve been getting that from this blog, maybe not, but thats all there is to it. No system is 100% safe, or 100% virus-proof, or 100% whathaveyou, given enough inventiveness, you can break anything.

Where does this leave you when looking to use the "safest" browser? At a minimum I would suggest using a browser compatible with the security add-ons that I´ve written about, and others that I haven´t, so probably Firefox or Chrome. Just remember that having all this security isn´t a gurantee (of anything), apply the usual caution when visiting sketchier websites, or downloading suspicious files, & stay safe on the net.

Use Tor

Tor, which stood for "The Onion Routing Project" was originally developed by the navy to aid in concelaing the identities of its users online. It accomplishes this by running a users internet traffic through the Tor network, eventually sending it out to the internet and then routing the response back through the network to the user. These constant reroutings are what provides the anonymity, as it is extemely dificult to track where the traffic travels within the network. Essentially, it protects you from the surveillance of your online activites by third parties. 

Usage case scenarios for this app includes needing to comunicate with others confidentially, avoid surveillance, or being just plain paranoid. Download it or find out more at the Tor website. They also have an android app to privatize your internet traffic while on the go. 

Keep in mind that like Tor, your security depends on having various layers for maximum effectiveness.
 

Antivirus Software

Antivirus software is what rallies the forces once the castle has been stormed, these days antivirus software is a must for anyone connected to the internet, so what are the best antivirus applications for Windows/Mac? Yes, I know Mac users like to think of themselves as immune to viruses, but malware for Mac is on the rise, so it doesn’t hurt to know what your options are (I myself don't use an antivirus for Mac). Since this is a more technical subject, I am deffering to Lifehacker for suggestions of the best antivirus apps.

Windows

Avast! is what Lifehacker recommends as the best antivirus for windows, you can read their article over here, but basically it amounts to its ability to catch viruses, combined with relative ease of use, and the added bonus of being free.


For Mac

Sophos is the recommendation for those who choose to run an antivirus on their Mac, it blocks both Mac and Windows viruses, and is fairly light on system resources. Get the full scoop here.

Send Secure Text Messages

Text messaging is notoriously insecure, anyone can read your messages in transit or on your phone, so what are some options for rendering your communications unreadable while on the wire?

TextSecure

We've talked about Whisper Systems before, and now we're featuring them again for their Secure texting app, TextSecure. TextSecure is a full replacement for the default texting app on your phone. As you might imagine, it enables the encryption of text messages stored on your phone, and, once configured, the sending of encrypted text messages to others who have TextSecure installed. You choose the key messages are encrypted with, making the security as strong as you like. 



Gliph

Another option is to use a completely separate app for sending secure messages. If this is what you're looking for, take a look at Gliph. It works by choosing a set of "artifacts" to be your glyph, to get in touch with others, instead of swapping phone numbers, you swap glyphs. All correspondence between any two users is encrypted, and messages on your device are also encrypted with a user-selected password. An interesting bonus to Gliph is that it allows users to make Bitcoin transactions free of charge. 


Some might propose Snapchat as a secure means on communication since the messages are deleted after a certain interval of time. This is not so because the messages are "deleted" not deleted. Basically what happens is that the app changes the message staus from unread to read, so the app will ignore the ones marked as "read", but they are still on your phone, and can be retrieved fairly minimal effort by anyone with a little know-how. So much for ephemeral messaging. Aside from being able to retrieve supposedly deleted messages, they lack any encryption while in transit, and are as insecure as regular texts in that respect.

Hopefully these suggestions have you sending safer messages instantly.

Alternatives to Google Drive

With Google on the list of companies that (willingly or begrudgingly) handed over data to the NSA, what alternatives are there to Google drive where some of your most personal data may be stored? Lets take a look at a few different options.


Dropbox
 
I've mentioned Dropbox before, but its worth putting on this list too. You get 2 GB for free to start, but if you send out some invites to friends and they accept, you get a 500 MB bonus for each person that signs up with a current maximum of 18 GB. Beyond this, Dropbox offers a few different storage options starting with 100 GB for $9.99/month. In addition, your data is encrypted in their cloud, the downside being that y0u don’t choose the encryption key.



Dump Truck 

Dump Truck by Golden Frog offers 5 GB of space on sign-up, and features 500 MB of additional storage per referral, same as Dropbox. In addition, its pricing plans are nearly identical to Dropbox, though Dumptruck's offeings start at 50 GB for $5/month, followed by 100 GB for $9.99/month. From there, the pricing/GB is the same as Dropbox, minus the discount if you pay for a year of service upfront. It even offers the encryption, though it claims to be more secure than "other services" as it made its own apps, and owns its network and servers, therefore having a higher degree of privacy for users.




SugarSync

SugarSync offers 5 GB free, and slightly different pricing plans than Dropbox & Dump Truck, though the 100 GB for 9.99/month is the same, with a maximum of 250 GB for 24.99/month, it also has special options for businesses. Like the other two, it also offers apps for Windows/Mac/iOS/Android, to easily sync files/folders across devices. This is all done securely as SugarSync, like the others, features file encryption measures for your privacy.

Prey: Recover your stolen devices

                                        

Prey is an app for Windows, Mac, iOS and Android that helps you get back your lost/stolen devices. Its easy to set up and simple to use, the free version lets you track up to 3 devices, like your phone, laptop, and tablet for example. 

All you have to do is install it, login to your account, and your devices can now be tracked making them easier to find if they get lost/stolen. Prey also offers some other tools to help, such as displaying a message on the screen, sounding an alarm, or remote wiping the device. Overall it's a great tool to have in your tool kit and may get you out of a pinch.

You can get it here.

Back up your computer

Backing up your data is an important step in securing your information, because if your hard drive crashes, chances are you still want access to your files. There are several ways to go about this, you can get an external hard drive and store your data on there (possibly with the help of a backup  utility) or you can use a cloud service like Dropbox and sync just your most important files, or your entire computer if you're willing to cough up some cash. Lets take a look.




Dropbox

Dropbox offers 2 GB free on sign-up, and for $9.99/month, you can get 100 GB, with other plans offering 200 or 500 GB, which is probably plenty for most people. The advantages here are that you can download an app that will sync the contents of a folder from your computer to the cloud, the bonus being that you can access them anywhere. Best of all, it encrypts your data for extra security.



External Hard Drive

If you go the external hard drive route,  you probably want to use a back-up utility to handle backups for you & help keep you sane. On Mac you can use the built in Time Machine tool to manage backups, if you're running Windows, then Crashplan is for you! It comes in both free and paid flavors.





Another important thing to remember about backups is to have one off-site that way if your house burns down and everything is destroyed, your data is safe on the hard drive you keep at work, or in the cloud.

Password Managers

A good password should be at least 8 characters long, be alphanumeric, use special characters, not written down on a post-it, and of course you should never use the same password for more than one site. Most of us have no doubt heard this advice before, but how many actually follow it? The good news is that you can make it much easier to create and store secure passwords by installing a password manager add-on to your web browser. 

What these managers feature is secure password generation so you can easily replace all your insecure passwords with secure ones. All your passwords are stored in an encrypted "vault" which you open using the one and only password you have to remember now, the password to your password manager of choice. These add-ons can also help you fill out forms and securely store credit card numbers and other information if you so choose.

 Here are two quick options for password managers:

Lastpass: Avalibe as an add-on compatible with all major web browsers and operating systems, including iOS and Android. It comes in both free and paid flavors.

1password: This one is a sandalone  application for Windows & Mac as well as Android & iOS. It has a 30-day free trial or you can buy it upfront.

Online Tracking Blockers

Whenever you visit a site, chances are it installs cookies on you computer, these can be used to track what other sites you visit and beam the information back to the mothership, which can then sell the information to advertisers or use it to serve ads itself, including the kind that seem to follow you around from website to website. Enter tracking blockers. These add-ons for web browsers silently block cookies attempts to track you by preventing them from phoning home to report the data they gather. Here are three easy-to-use options to choose from:


DoNotTrackMe

Made by Abine, this tool is probably the simplest of the three (and meant to be so). The icon shows the number of trackers blocked on any particular site, and the drop-down menu shows a graph displaying the total number of tracking attempts blocked. In addition, there is a small dialogue box at the bottom that prompts you to click and learn more about a particular tracking company. Overall, it's drop-dead simple to use, you can get it here. If you're interested, Abine also has some other privacy tools worth looking into.

Disconnect

Disconnect brings all the same functionality of DNTM and then goes just a bit further, adding the ability to secure your wi-fi connections, and short cuts for enabling/disabling common social networks on a particular site, or white/blacklisting entire sites. Visually it is more streamlined than DNTM, giving it some added appeal. Though it doesn't tally blocked tracking attempts, instead it shows a small graph displaying the amount time & bandwidth saved from using the extension on loading the current page. Currently it is the favourite tracking blocker of this blogger, you can download it for yourself here.

Ghostery

Ghostery may be the most user-friendly of the three...or annoying, depending on how you feel about a pop-up style list of blocked and unblocked trackers on whatever page you just loaded. Mercifully, this can be turned off in the settings. Like DNTM, Ghostery gives you a list of the trackers on the current page and the option to block/unblock them or whitelist the site. Unlike DNTM, it has a one-word description under the name of the tracker telling you if it's an advertiser, beacon, widget, analytics, etc, to help you decide if that element needs to be blocked or not. You can find it here.

Encrypt your hard drive

As Edward Snowden confirmed, encrypting your hard drive is an effective way to keep people from easily reading your files if they manage to get a hold of them. Lets look at some tools for encrypting your hard drive.

Mac users are in luck, as OS X has a built in solution called FileVault which can be turned on in the system preferences. When you go through the set up you will be given a recovery key which will let you decrypt your data if you ever forget your password, you should record somewhere safe. Once this set-up is complete, you can use your computer as normal while it encrypts your hard drive in the background. All files saved on your drive from now on will be automatically encrypted. For full instructions, here's a step-by step guide. One of the downsides is that a small handful of programs are not compatible with FileVault, Diablo III being one example.

Windows users can download TrueCrypt, a free disk encryption utility that is a bit more robust than FileVault, in additon to encrypting you drive, it enables you to create hidden disk partitions and encrypt them to further increase security. Unfortunately I can't vouch for how well TrueCrypt works as I have not used it, but here are instructions for setting it upon your machine. (Alternatively you can use Bitlocker.)

Alternatives to Google & Yahoo search

 Word is that the NSA was getting it's data from a slew of tech companies, limiting your use of their services is on sure-fire way to ensure they don't have a much data to hand over should it be requested, so what are the alternatives to doing a Google/Yahoo! search?

Duckduckgo started in 2008, and as a privacy-minded search engine, it doesn't track your IP, forward you search query to the sites you click on, install cookies, or otherwise track you or your searches, and its default is the more secure HTTPS. it does however compile the results of 50+ search engines, and filters out content mills designed to rank high in Google search rankings.

Startpage has been protecting users privacy since 2006, and enhanced its privacy procedures in 2009. It doesn't log IP addresses, set cookies, or otherwise track its users. In addition it has the European Privacy Seal for data protection. It also uses HTTPS to increase security, and unlike Duckduckgo, it offers image and video search.  

Using either of these two options will increase your online privacy instantly.

Fake identities for websites that dont matter

Fake Name Generator does exactly what you'd think, it generates made-up names complete with addresses, emails, job titles, height & weight, even (invalid) credit card numbers and national identity numbers (depending on the country you choose). Apart from the obvious use of coming up with your secret Alter-Ego's identity, the information generated can be used to gain access to overseas websites that are meant for only local traffic, or filling out forms for websites you don’t trust with your real information, such as those on the sketchier side of the web. There are fun uses for it too, as it can generate hobbit, ninja, and Latin names, as well as the names & information for an entire family, or you can generate identities in bulk. Of course any use of the information generated for nefarious purposes is illegal.

Other sites by the same company offer a Fake Music Generator (complete with album art, & downloadable tracks), and a Fake Mail Generator (that you can actually send mail to).

Discover your new identity here.

DNSCrypt

DNSCrypt (developed by OpenDNS), though technically a preview release, is an application that encrypts your DNS requests. DNS requests are your computer communicating with a DNS server asking it to translate your human-readable urls into machine-readable urls, for example, duckduckgo.com becomes 50.18.192.250. Encrypting these requests prevents snoopers from knowing what websites you’re visiting, spoofing a url and presenting you with a false page, or from mucking around with your packets in general. This program may accidentally break your connection if it can't access its servers, if you want more reliability, open up the preferences and check the option "fall back on insecure DNS", and yes, this is another install-it-and-forget-it application.

DNSCrypt for Windows & Mac can be downloaded here.

Keep Software Updated

Keeping your computer up to speed on the latest patches and updates is one of the easiest ways to plug holes in your digital fortress. If you’re running Windows, go to the start menu & look for Windows Update under all programs, open it up & hit "check for updates" and install anything that comes up, especially if it's security-related, I'll wait. If you’re on a Mac its even easier, when you’re on the desktop, click on the apple icon in the top left and select "check for updates" and install anything that shows up.  If you haven’t done this in a while the download/install process may take some time. 

In the meanwhile, you should consider turning on automatic updates so that the latest patches get downloaded & installed automatically, here's a quick guide on how to do this for Windows, Mac users can head over here to accomplish the same thing.

Chrome & Firefox check for updates automatically, though Firefox may prompt you to restart the browser to complete the installation. Since you’re thinking about it (and you're reading this), check for updates to your browser plug-ins! Mozilla provides a visual way to see what needs to be updated here.

Other programs like your anti-virus and firewall are probably configured to update automatically, though it never hurts to check and make sure.

With your computer updating itself and plugging security holes on its own, you can have a little more peace of mind.

Encrypting Mobile Phone Calls

RedPhone is an Android app developed by Whisper Systems, (which oddly enough, is owned by Twitter). Rather than being a hotline to the Kremlin, once installed and configured, it gives you the option of encrypting calls you make to others who also have RedPhone installed on their phones. the integration is seamless, as you can continue to use the built-in dialler as normal, with the added bonus of RedPhone giving you the option of encrypting the call if it detects that the person you called also has RedPhone installed.

RedPhone can be downloaded here. I also recommend checking out their blog, as it's much more interesting (and less technical) than you'd expect.

HTTPS Everywhere

HTTPS Everywhere is an add-on for Firefox & Chrome developed by the Electronic Frontier Foundation and The Tor Project. Once installed, it forces an encrypted connection with websites whenever possible. The advantages of this are that it helps prevent tampering with the packets sent to/from the website servers to your computer, as well as inhibiting others on the web from knowing what content you’re currently viewing. while it isn’t bullet-proof (most things rarely are), it will help prevent casual eavesdropping on your connection over public wi-fi and the internet at large, and should prevent man-in-the-middle spoofing attacks. The down side: if the NSA decides they need your records, https wont save you. Some of the websites it encrypts include Google, Facebook, Twitter, and hundreds of others, Firefox users can type "about:addons" in the address bar then select preferences under HTTPS Everywhere for a complete list.

The best part about this add-on? Install it, then forget about it, as it encrypts your connections automatically. 

You can Download HTTPS Everywhere here. For more information, see their FAQ.