Reaching Out
Nowadays we live security in a different way we used to several
decades ago. With all the new laws, regulations and government
surveilance it is really hard for a regular user to keep privacy on the net.
Lately I have been a little absent from writing anything about security
because I wanted to know where it was heading. Tight with job and
homework deadlines I had little time for myself to really work something out
about security. In a matter of fact, lately I haven't got much time to do
anything related to IT besides studying and working in the field.
Having a new job working for a PaaS (platform as a service)
outsourcing company as a Unix System Administrator, I have kept myself
motivated with IT and burned the rest of my time finishing up my degree with
highest honors. After finishing my degree, I decided to begin my Bachelor's
degree in Cyber-Security. Now I can see myself with a little more time to keep
up to date learning new security methods, techniques and products. After
hearing about the whole Edward Snowden case, I was urged to write something
about our daily-diminished freedoms but first I wanted to touch base with basic
guidelines to keep yourself secure from the web. Since this blog covers a
wide variety of audieces (beginner, medium and advanced), I thought it would be
a great idea to start with simple steps to maintain your anonymity and here it
is. Enjoy and keep learning my friends.
Nothing is What It Seems
Like any of you might know privacy cannot be obtained if we sacrifice
it to gain security. Both must go linked and never lose their
characteristics or quality, otherwise we lose both (Benjamin Franklin). Also,
security is a two-faced concept: feeling secure and being secure.
You can be safe and feel safe as well as not being safe and feeling it,
but this concept really makes sense and opens up to arguments when there is a
courtain which prevents us from seeing what is really going on. For
example, we can be secure and not feeling it or feeling secured even we are not.
Even the latter is the most common one, both ways are not what they really
seem, thus the name of "security by obscurity". This psychology
trick is practiced by many lawyers, law enforcement, the media and many
governments, entities, organizations and organizations. Even though they might
be playing with this concept to achieve their goals, our achievement, the 99%
of population's goal is to achieve the feeling of being secure AND the
reality of being secure.
How to Determine Real Security
By experential knowledge (learning from experience) we can avoid
getting scammed again and identify a safe or unsafe environment a little
better. The problem arises when there is no transparency in the security
controls or the lifestyle that we live today with biased and mis-informative
media, excess of gadgets, unprotected access points, mobile Internet and on-line
banking. The best way to be a little more secure and feeling secure is to
mitigate the risks of being watched and this is done by limiting (if not eliminating)
our bad and lazy habits. Everywhere we go, we leave not only physical
tracks but digital ones. Every-time we turn on our car engine, play our favorite
satellite radio, browse Facebook, Twitter or LinkedIn, commute, text and call
using our phones, browse the Internet, shop on-line and physically using a POS
(point-of-service) device by swiping our credit or debit card we are leaving a
lot of physical and digital tracks - and this is only half a day-. Jot
down your daily activity and what technology models you use. After
having a list of all the technology models (car, phone, credit-card, computer,
etc) determine if it is better off to mitigate if not eliminate one of all of
these models. One example is to take out cash once a week instead of
paying with your debit card every time you want to eat out or put gas on your
car. This is real security. To avoid risks by mitigating them you achieve
real security. Next, there are some examples and ways to mitigate risks of
digital and psyical trails. First (on the further left) there will be the
technology model, next the risk, next the solution and ultimately (further
right) the accomplishment using the solution given. Let's examine:
Using car -> People know where you are -> Use public
transportation -> Spend less money. More security.
Using satellite radio -> interest tracking -> Use iPod ->
More privacy. Still listen what you want.
Pay with credit/debit card -> digital trail -> use cash
-> more privacy, avoid
tracking.
Use phone -> calls eavesdropping, less privacy -> Use
Red Phone -> encrypted calls.
Use texting-> metadata and message content collecting->
Use TextSecure to encrypt texts.
Chat with friends -> messages being eavesdropped -> Use
ChatSecure -> Provides end to end encryption, more privacy
Surf the Intenet -> Data Mining, less privacy
-> Use TOR (anonymizing software) -> More secure.
Surf in public shop -> eavesdropping communication -> Use VPN -> Encrypted tunnel for your communication.
Note: For red phone, chat secure and
textsecure to work as with end to end encryption, both parties (sender and
receiver) must have the same application installed on their smart-phones.
Conclusion
The point here is to not avoid have 100% privacy and
security because that is impossible in this digital and physical world. What we must aim is to have the most privacy as
possible while keeping ourselves out from the stack of potatoes that governments
and entities like Google and Facebook use to watch our every-day habits and use
them for their own good. Being aware is
the first step, now you have to step up and make it a habit.
