E-Mail 'Remain Anonymous Online and Protect Information- Part 2, by Contributor' To A Friend

9 Comments

1. This is an interesting article, even though I am not a computer geek. I have at least heard of many of the tools the author suggests in this article. One question that came up is, what happens if all these steps are taken and the user then uses Google maps, for example? Are the multiple levels of security then rendered ineffective? To this question, in the section “Creating New Accounts”, the author writes, ” For this, you can google for services that will give you random usernames”. Did the author intend this to mean “search for services…..” or did he actually mean “use Google to search”?

2. Great info. Now. I think the reality is that the snooping has been in process from the very earliest days of personal computers and that our right to privacy was compromised long ago. In my opinion all this amounts to is closing the gate after the cows have left the pasture. All it will really accomplish is drawing more attention to ourselves when a long-established trail goes dark. I am careful, and try to be secure, but come on! I refuse to live in fear, and if I get scooped up for reading articles and posts then I’ll be in company in whatever ditch I end up in.

3. I’ll be in – GOOD – company in whatever ditch I end up in.

4. Why Windows rather than Linux?

5. Windows, Linux, or what ever other OS, doesn’t matter anymore. The expectation of Privacy is Moot.

   If you haven’t noticed what has transpired in just the past 10 years, then you are as blind as a bat.

   1. lol actually most bats not all have pretty good eyesight.

6. Does anyone know anything about hushmail?

   Claims to use PGP-encrypted e-mail, and, “If public encryption keys are available to both recipient and sender, Hushmail can convey authenticated, encrypted messages in both directions”

   Its based in Canada… nothing against my Canadian brothers, but I wonder about Five eyes/PRISM surveillance sharing agreements.

7. found this regarding Hushmail privacy (note this info is about 6 years old):

   “To quote from an article in The Register:

   Hushmail has updated its terms of service to clarify that encrypted emails sent through the service can still be turned over to law enforcement officials, providing they obtain a court order in Canada.

   September court documents from a US federal prosecution of alleged steroid dealers reveals that Hush Communications turned over 12 CDs involving emails on three targeted Hushmail accounts, in compliance of court orders made through the mutual assistance treaty between the US and Canada. Hushmail is widely used by privacy advocates and the security-conscious to send confidential emails.

   Hush Communications, the firm behind Hushmail, previously claimed “not even a Hushmail employee with access to our servers can read your encrypted email”.

   However an updated explanation states that it is obliged to do everything in its power to comply with court orders against specified, targeted accounts. Unlocking targeted accounts involves sending a rogue Java applet to targeted users that captures a user’s passphrase and sends it back to Hush Communications. This information, when passed onto law enforcement officials, allows access to stored emails and subsequent correspondence sent through the service.

   The possibility that law enforcement officials can tap targeted accounts exists whether or not Hushmail users use the supposedly more secure Java applet option or a simpler web server encryption set-up. The updated terms of service explain:

   “Hushmail is a web-based service, the software that performs the encryption either resides on or is delivered by our servers. That means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user’s privacy.”

8. Where to start? Well, the START button – Windows 10 will listen to everything you say (Cortana), track your location (location services), rember your network information …

   I use Windows 7 and it takes me over an hour to defang it. It would take me over a day to remove all the “phone home and tattle” in windows 10.

   DO NOT USE TAILS IN A VM, BOOT FROM THE CD DIRECTLY.
   I can’t emphasize this enough. Windows 10 tracks you as badly as Google and Facebook. You might use a VPN, but DNS lookups and other things are still tracked by Win 10, and can be passed to the VM.

   ProtonMail is good provided:
   1. You use 2 factor authentication.
   2. Only communicate with another protonmail user.
   3. Do so in a verified secure browser and environment (TAILS).
   4. You do NOT give them your password so they have no way of recovering it or your encrypted data.

   You can use PGP (GPG) to sign and send mail to verify it is the same identity since only you should be able to access your private key (sans spoofing, so it isn’t trivial)

   Eraser will NOT work on SSDs. It can burn them, but not erase them. That would require something special (TRIM). The way SSDs work is they copy data to new blocks when modified and only erase when needed, but the old blocks still have the data. Even hard drives will find sectors that go bad but where 99% of the info is recoverable but mark them bad and map a “spare”. But that data in the “bad” sector isn’t erased. Nor are earlier copies of files, e.g. copy X.doc to Y.doc, delete X.doc, the contents of X.doc is still on disk, so you would have to scrub the “unallocated area”.

   I know the intentions are good, and some of the tips are reasonable, but others are not and will result in something you think is secure but isn’t. Like a lock that breaks or is easily picked, or if you buy “insurance” but when you file a claim only then you find it is a fraud.

   (I’m trying to write something on simple tech tip security and other tips for the contest, but it keeps expanding and I already have enough material for a weekly or twice weekly article until the end of the year).

Comments are closed.