Nowadays we live security in a different way we used to several decades ago. With all the new laws, regulations and government surveilance it is really hard for a regular user to keep privacy on the net. Lately I have been a little absent from writing anything about security because I wanted to know where it was heading. Tight with job and homework deadlines I had little time for myself to really work something out about security. In a matter of fact, lately I haven't got much time to do anything related to IT besides studying and working in the field.
Having a new job working for a PaaS (platform as a service) outsourcing company as a Unix System Administrator, I have kept myself motivated with IT and burned the rest of my time finishing up my degree with highest honors. After finishing my degree, I decided to begin my Bachelor's degree in Cyber-Security. Now I can see myself with a little more time to keep up to date learning new security methods, techniques and products. After hearing about the whole Edward Snowden case, I was urged to write something about our daily-diminished freedoms but first I wanted to touch base with basic guidelines to keep yourself secure from the web. Since this blog covers a wide variety of audieces (beginner, medium and advanced), I thought it would be a great idea to start with simple steps to maintain your anonymity and here it is. Enjoy and keep learning my friends.
Nothing is What It Seems
Like any of you might know privacy cannot be obtained if we sacrifice it to gain security. Both must go linked and never lose their characteristics or quality, otherwise we lose both (Benjamin Franklin). Also, security is a two-faced concept: feeling secure and being secure. You can be safe and feel safe as well as not being safe and feeling it, but this concept really makes sense and opens up to arguments when there is a courtain which prevents us from seeing what is really going on. For example, we can be secure and not feeling it or feeling secured even we are not. Even the latter is the most common one, both ways are not what they really seem, thus the name of "security by obscurity". This psychology trick is practiced by many lawyers, law enforcement, the media and many governments, entities, organizations and organizations. Even though they might be playing with this concept to achieve their goals, our achievement, the 99% of population's goal is to achieve the feeling of being secure AND the reality of being secure.
How to Determine Real Security
By experential knowledge (learning from experience) we can avoid getting scammed again and identify a safe or unsafe environment a little better. The problem arises when there is no transparency in the security controls or the lifestyle that we live today with biased and mis-informative media, excess of gadgets, unprotected access points, mobile Internet and on-line banking. The best way to be a little more secure and feeling secure is to mitigate the risks of being watched and this is done by limiting (if not eliminating) our bad and lazy habits. Everywhere we go, we leave not only physical tracks but digital ones. Every-time we turn on our car engine, play our favorite satellite radio, browse Facebook, Twitter or LinkedIn, commute, text and call using our phones, browse the Internet, shop on-line and physically using a POS (point-of-service) device by swiping our credit or debit card we are leaving a lot of physical and digital tracks - and this is only half a day-. Jot down your daily activity and what technology models you use. After having a list of all the technology models (car, phone, credit-card, computer, etc) determine if it is better off to mitigate if not eliminate one of all of these models. One example is to take out cash once a week instead of paying with your debit card every time you want to eat out or put gas on your car. This is real security. To avoid risks by mitigating them you achieve real security. Next, there are some examples and ways to mitigate risks of digital and psyical trails. First (on the further left) there will be the technology model, next the risk, next the solution and ultimately (further right) the accomplishment using the solution given. Let's examine:
Using car -> People know where you are -> Use public transportation -> Spend less money. More security.
Using satellite radio -> interest tracking -> Use iPod -> More privacy. Still listen what you want.
Pay with credit/debit card -> digital trail -> use cash -> more privacy, avoid
Use phone -> calls eavesdropping, less privacy -> Use Red Phone -> encrypted calls.
Use texting-> metadata and message content collecting-> Use TextSecure to encrypt texts.
Chat with friends -> messages being eavesdropped -> Use ChatSecure -> Provides end to end encryption, more privacy
Surf the Intenet -> Data Mining, less privacy -> Use TOR (anonymizing software) -> More secure.
Surf in public shop -> eavesdropping communication -> Use VPN -> Encrypted tunnel for your communication.
Note: For red phone, chat secure and textsecure to work as with end to end encryption, both parties (sender and receiver) must have the same application installed on their smart-phones.
The point here is to not avoid have 100% privacy and security because that is impossible in this digital and physical world. What we must aim is to have the most privacy as possible while keeping ourselves out from the stack of potatoes that governments and entities like Google and Facebook use to watch our every-day habits and use them for their own good. Being aware is the first step, now you have to step up and make it a habit.