Choose style:

Author Topic: Data Privacy for Ordinary People  (Read 2459 times)

0 Members and 1 Guest are viewing this topic.

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Data Privacy for Ordinary People
« on: August 18, 2017, 11:45:35 am »
Hello everyone. This is my first post on the General Discussion board and I hope I've chosen the right board for this topic.

I've been reading some of the threads on this forum that relate to/ touch upon the issue of data privacy, and thought people might find it useful to discuss what the average computer and phone user should to in this regard.

The following may help set a context:

1) When I say average computer user or ordinary person, I mean exactly that: people who aren't doing anything that needs to be hidden, but who should nevertheless have the right to privacy. So you're not a criminal, or a journalist who knows being monitored is an unfortunate occupational hazard, or someone dealing with classified documents, or any of those obvious kinds of people. You're just a regular person who may occasionally share confidential family or business information over messages or emails, or you may just be watching videos of kittens gambolling about. The main point is the principle of it. The kind of data collection happening today looks dangerously close to monitoring people's thoughts. Say you think of something and look it up online, that starts another thought and you look that topic up, and so on: someone with access to that data can see some version of your thought process that you naively believe to be private.

2) Much of our most sensitive data, such as medical records and banking-related details, are only as secure as kept by the numerous governmental, corporate, or non-profit entities that have them; which is to say not very secure at all. There appears to be little we can do about this other than participate in efforts to make such organisations more accountable.

3) An ordinary person can do very little about complex things like hardware and BIOS backdoors.

4) For the purpose of a layperson's understanding, could data collection and monitoring of online activities be seen in two categories? One, surveillance, which is meant to track criminal/ illegal activities as well as activities like reporting of human rights violations that bother powerful regimes. Two, collection of data by companies like Google, Facebook, Microsoft, Amazon etc. for the purpose of... frankly, apart from advertising I don't even know what other dubious uses they put our data to!

5) Is it worthwhile for an ordinary person to take significant steps to protect their privacy on the internet? How much is reasonable and doable?

The steps commonly recommended on websites like the EFF, such as using end-to-end encryption for emails and messaging, using disposable and multiple email addresses, using VPN and Tor and things like that; is this beneficial for regular people, or does it only attract undue attention from surveillance agencies?

How meritorious is the argument that we should just leave things as they are so it's just a whole lot of noise being generated, with no signal in it?

What is the trade-off between convenience and privacy? (Do we need to give up Google?!)

If any of this is worth doing, how does one convince people who do not know anything about privacy and don't see the effort involved as being worth it? For example, large companies like Google provide some very useful services for "free"; most people don't realise that instead of paying in money, one pays them in personal information, which is both more valuable and more damaging for you. But data is an abstraction in this context, while money is concrete.

What are some good ways in which we regular folks can deal with this massive juggernaut of data collection and surveillance? Notice I don't say "the best way", because I have no idea if there is one best way, and because different people will find different trade-offs reasonable. I, for instance, would be willing to put in effort to change a great deal if it's worth doing, while many other people I know would not.

P.S.: I hope the discussion can be global rather than US-centric, though given how many of these companies and agencies are U.S.American, it is quite understandable for discussions to focus heavily on the U.S. and sometimes the U.K.
« Last Edit: August 18, 2017, 12:02:22 pm by N »

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3731
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Data Privacy for Ordinary People
« Reply #1 on: August 18, 2017, 01:24:37 pm »
Hello everyone. This is my first post on the General Discussion board and I hope I've chosen the right board for this topic.

I've been reading some of the threads on this forum that relate to/ touch upon the issue of data privacy, and thought people might find it useful to discuss what the average computer and phone user should to in this regard.

Hello N, and welcome to Peppermint.

I like to begin in my modem with OpenDNS using Cisco's free DNS service with FamilyShield.  Then I add DNSCrypt after updating my Peppermint installation.  The I use 4 F.O.S.S., or open source extensions in Chromium, or in a Chromium-based browser --SafeScript (for Canvas and WebGL fingerprinting only), uBlock Origin, first in order "to prevent WebRTC from leaking local IP addresses" and then using only uBlock's default filters (including "experimental". and its 3rd-party malware domain's filters enabled* (I do this because of the malicious intent behind malware, not because I'm worrying about the harm malware will do me using Peppermint.)  I also use Privacy Badger (with Peppermint forum whitelisted) and HTTPS Everywhere.  All of these are from Chrome's web store.

This combo of things allows me to access more news sites without being blocked, or being thought of as a frequent visitor.
 These tricks even have Panopticlick thinking it knows my Canvas and WebGL fingerprints --which it doesn't! ;D

As for my Android phone, I don't root the phone, and I stay within the Play Store for software.  I use an open source launcher and keep turned off data and Wi-Fi access most of the time.**

Needless to say I uncheck most default settings in my computer's browser such as prediction and navigation services, and I block third-party cookies and enable the Do Not Track service for the handful of sites that honour it.

Finally, I usually use DDG search engine (from Peppermint), or StartPage, or Qwant, or SearX search engines.  Sometimes, when I want to plant a tree, I use Escocia --knowing I'm being tracked. :)

* I don't use "Malvertising filter list by Disconnect​​​​​​​​​." 

** During the writing of this post, my wife informed me that our smartphone bills are going up in price at the end of the month.  Right now I feel like going back to my dumb phone again.  That would keep things even more private.

« Last Edit: August 18, 2017, 01:26:52 pm by perknh »
We're all Peppermint users and that's what matters...
-- AndyInMokum

Offline 10i

  • Trusted User
  • Member
  • *****
  • Posts: 467
  • Karma: 126
  • Peppermint Enthusiast
    • View Profile
    • My Peppermint Blog
  • Peppermint version(s): Peppermint 8 - 64 bit
Re: Data Privacy for Ordinary People
« Reply #2 on: August 23, 2017, 08:35:43 am »
Hi and welcome from a windy South Africa.

Your question is complex, I am not sure where to begin answering it really.

Sent from my HUAWEI GRA-L09 using Tapatalk

Running Peppermint 8- 64 bit on my Lenovo i3 laptop.

View my Linux blog:  http://myiceadventure.blogspot.com

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Re: Data Privacy for Ordinary People
« Reply #3 on: August 26, 2017, 03:42:05 am »
Thanks, perknh and 10i, for your replies, and apologies for my own delayed one.

perknh, I've been looking into this subject over the last few days. It's so technical and hard to understand that I'm trying to focus on learning what to do. Amongst the tools you name in your post, I know of the extensions and use some too (uBlock Origin and uBlock Origin Extra). I cannot remember now why I don't have Privacy Badger and HTTPS Everywhere installed. I did switch to DuckDuckGo.

I'm looking into OpenDNS at the moment, as well as good VPN services. Also thinking of ditching Chromium for Firefox, and using a password manager.

I haven't rooted my Android phone and I do stick to the Play Store for apps, but I detest how much data Google can nevertheless collect about me. I installed Disconnect on my phone when I first bought it, but somehow never used it. The convenience-over-privacy trap?

One of the big stumbling blocks to increasing your privacy on the internet is other people's reluctance to do the same. You can choose an excellent IM app with end-to-end encryption and all that, but what good is it if the people you communicate with won't install it/ set passwords for their devices/ encrypt their devices?

The other is what to do about all the data that's already out there.

Yet another block is that a lot of the information on these subjects isn't systematic for newbies; as in, here is baby step 1, now do baby step 2, and so on! Nevertheless, I'll share some of the more informative links I've come across in a later post. Hopefully others will find them useful too.

P.S.: perknh, I'm guessing you live in a country where phones must be got from carriers? This is not the case in my country, you can buy any device you want and choose any operator you want. You can have multiple SIM cards from different operators on the same phone. You can switch to another operator without changing your number (or device) any time you want, though you do need to stick with each operator for a certain amount of time before making the switch. Pricing is very competitive. I currently pay the equivalent of about 8 USD a month; my plan gives me enough local + national minutes and SMS to be practically unlimited, and some 2-3GB of 4G mobile data every month.

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Re: Data Privacy for Ordinary People
« Reply #4 on: August 26, 2017, 03:45:55 am »
I forgot to add: there should be more mobile operating systems! It's easy to choose a more secure one for your computer, install it and set it up the way you want. For a phone, not only is the number of operating systems available small (with even fewer compatible with your actual device), but it also seems rather tricky to do.

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Re: Data Privacy for Ordinary People
« Reply #5 on: August 26, 2017, 05:43:49 am »

I like to begin in my modem with OpenDNS using Cisco's free DNS service with FamilyShield.  Then I add DNSCrypt after   going back to my dumb phone again.  That would keep things even more private.

I followed the instructions here to set up OpenDNS:
https://support.opendns.com/hc/en-us/articles/228007087-Ubuntu
https://support.opendns.com/hc/en-us/articles/228007167-Linux-Mint-Cinnamon

I installed dnscrypt-proxy from Synaptic, but in trying to configure it as per these instructions (https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration) I ran into a hurdle. These are a bit difficult to decipher, but more importantly, when I try to use cisco (aka OpenDNS) as the "ResolverName" via the command line, I'm told that cisco doesn't support DNS security extensions, and it logs information.

Could you share how you set it up?

P.S.: If this should be another thread, I'd be happy to start one.

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Re: Data Privacy for Ordinary People
« Reply #6 on: August 31, 2017, 10:07:26 am »
I like to begin in my modem with OpenDNS using Cisco's free DNS service with FamilyShield.

While trying to set up DNSCrypt, I learned that Cisco, which owns OpenDNS, logs data. I looked a bit more into and this and found that OpenDNS doesn't have a separate privacy policy but is governed by Cisco's quite permissive one.
https://www.cisco.com/c/en/us/about/legal/privacy-full.html

The interesting thing is that Google's Public DNS has a more specific and user-friendly privacy policy which spells out what logs are kept and how long they're kept for.
https://developers.google.com/speed/public-dns/privacy
BUT no DNSCrypt support here.

« Last Edit: August 31, 2017, 10:18:20 am by N »

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3731
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Data Privacy for Ordinary People
« Reply #7 on: August 31, 2017, 04:07:29 pm »
Hi N,

Maybe a good way to get the best of Google DNS and the best of DNSCrypt would be to set your DNS to Google Public DNS and change your browser to Yandex.

You can read more about Yandex browser with DNSCrypt here and here.  That combination ought to cover you! ;)

perknh
We're all Peppermint users and that's what matters...
-- AndyInMokum

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3731
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Data Privacy for Ordinary People
« Reply #8 on: March 20, 2018, 03:25:04 pm »
Data Privacy for Ordinary People

Here's quick peek at what my data privacy extensions are saying about various email providers from within their inboxes,

First, from Peppermint's Chromium browser:


Outlook:

Privacy Badger:  1 potential tracker blocked, 4 domains don't appear to be tacking me.

ScriptSafe:  2 blocked webbug items, 11 allowed items.

Ghostery:  1 advertising item blocked.


Yahoo Mail:

Privacy Badger:  0 potential trackers.  1 domain doesn't appear to be tracking me.

ScriptSafe:  3 webbug items blocked.  1 canvas fingerprint blocked.  1 allowed item.

Ghostery:  1 advertising item blocked.


Gmail

Privacy Badger:  No tracker detected at all.

ScriptSafe:  4 browser plugin enumerations blocked.

Ghostery:  0 trackers.


Now, from Opera browser:


AOL Mail (Standard version):

Privacy Badger:  9 potential trackers, of which 6 are blocked.  9 domains don't appear to be tracking me.

ScriptSafe:  13 blocked items.  1 allowed item.

Ghostery:  6 advertising trackers, 1 essential tracker. 1 customer interaction tracker, and 2 site analytics trackers are blocked.


Yandex Mail:

Privacy Badger:  1 potential tacker blocked.  4 domains don't appear to be tracking me.

ScriptSafe:  4 blocked items.  30 allowed items.

Ghostery :  2 site analytics blocked.


Tutanota:

Privacy Badger:  No trackers!

ScriptSafe:  No external resources.

Ghostery:  No trackers.


ProtonMail:

Privacy Badger:  No trackers!

ScriptSafe:  No external resources.

Ghostery:  No trackers.


Zoho Mail

Privacy Badger:  No trackers!

ScriptSafe:  No external resources.

Ghostery:  No trackers.






Note

The X factor here seems to be Ghostery.  Here are my results for Yahoo Mail if I pause Ghostery.


Privacy Badger:  12 potential trackers, 1 blocked.  3 domains don't appear to be tracking me.

ScriptSafe:  43 blocked items (38 are webbugs).  1 allowed item.

Ghostery:  20 advertising trackers.
« Last Edit: March 21, 2018, 02:11:11 pm by perknh »
We're all Peppermint users and that's what matters...
-- AndyInMokum

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3731
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Data Privacy for Ordinary People
« Reply #9 on: April 25, 2018, 10:38:13 pm »
Gmail's new 'confidential mode' offers more privacy controls but don't get too comfortable

By Jaclyn Cosgrove for the LA Times

http://www.latimes.com/business/technology/la-fi-tn-gmail-confidential-20180425-story.html
We're all Peppermint users and that's what matters...
-- AndyInMokum

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3731
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Data Privacy for Ordinary People
« Reply #10 on: May 02, 2018, 02:47:28 pm »
I've been questioning lately whether or not the extension called HTTPS Everywhere is really necessary anymore.  I'm wondering this because there's been a strong movement over the last several years towards HTTPS everywhere  -- thanks, in large part, to Google.  Also, I ask in part because Firefox, and most Chromium-based browsers, now do a good job of showing a user whether or not the site he or she is on is authenticated and secure.  Finally, I don't like to install and run an extension on my computer if it is not really necessary, or very, very helpful .

Thanks in advance for any thoughts and opinions on this matter.

perknh
We're all Peppermint users and that's what matters...
-- AndyInMokum

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24472
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Data Privacy for Ordinary People
« Reply #11 on: May 03, 2018, 07:01:58 am »
Well I stopped using it a while ago if that means anything .. pretty much everywhere now redirects to https if you use http, and the few sites that don't probably haven't got an SSL version anyway, so if you want to access those sites you'll have no choice.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 4952
  • Karma: 899
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Data Privacy for Ordinary People
« Reply #12 on: May 03, 2018, 07:33:29 am »
Depends on where I'm at, and what I'm doing. In descending order ...

All devices on my LAN, here at the abode, are behind a NAT. So, good luck penetrating that. For the most part, I depend on the built-in privacy and security features in Opera, when I'm surfing the web, for peace of mind - properly setup, of course.

I practice due diligence and take extra precautions when I'm on the trot, exposed to the whole world from high-rise hotel rooms, on unsecure networks, and so forth.

'Smarties' are a whole different ballgame. You might as well be swimming in a sewer full of toilet sharks. For the most part, I turn on my [personal tracking device] only when needed, then immediately turn it back off again, and remove the battery. I also carry a totally devoid and barren flip/drop phone for certain activities.

One needs to make themselves a moving target, you know?  ;)


Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3731
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Data Privacy for Ordinary People
« Reply #13 on: May 03, 2018, 09:28:34 am »
Well I stopped using it a while ago if that means anything .. pretty much everywhere now redirects to https if you use http, and the few sites that don't probably haven't got an SSL version anyway, so if you want to access those sites you'll have no choice.

Yeah, it matters to me, PCNetSpec.  I'd been leaning in that direction but I hadn't taken the leap.  Now, I'll take the leap.  (I'm also using Decentraleyes along with uBlock Origin now, and ScriptSafe for some canvas/device fingerprint protection.) ;)

Depends on where I'm at, and what I'm doing. In descending order ...

All devices on my LAN, here at the abode, are behind a NAT. So, good luck penetrating that. For the most part, I depend on the built-in privacy and security features in Opera, when I'm surfing the web, for peace of mind - properly setup, of course.

I practice due diligence and take extra precautions when I'm on the trot, exposed to the whole world from high-rise hotel rooms, on unsecure networks, and so forth.

'Smarties' are a whole different ballgame. You might as well be swimming in a sewer full of toilet sharks. For the most part, I turn on my [personal tracking device] only when needed, then immediately turn it back off again, and remove the battery. I also carry a totally devoid and barren flip/drop phone for certain activities.

One needs to make themselves a moving target, you know?  ;)

I know of nobody who ducks and dodges better in cyberspace better than you, VinDSL.  Nobody!!  I hope my NAT and LAN modem settings are okay.  I had to reset this darn modem once.  At least it's configured with Quad9's DNS service.  That offers some peace of mind against malicious intent.  Though I sometimes use Firefox and Chromium, I tend to default to Opera as my browser of choice too.  As for my old smartie, I lost it -- and suspect it was stolen.  But after 11 months of using a smartie (running KitKat  :o ), I've found that daily life after returning to a basic cell phone feels less stressful.  But how long I'll be able to function well without a smartie, I do not know. (For instance, I haven't given up my smartie plan, in case I return.)


@PCNetSpec & VinDSL

Thank you gentlemen.  I appreciate your thoughts of this matter.   From what I can gather, HTTPS Everywhere was terrific tool in its day, but its day is pretty much over.   
We're all Peppermint users and that's what matters...
-- AndyInMokum

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 4952
  • Karma: 899
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Data Privacy for Ordinary People
« Reply #14 on: May 03, 2018, 07:35:19 pm »
I know of nobody who ducks and dodges better in cyberspace better than you, VinDSL [...]

I know this sounds melodramatic, but it's simply a matter of survival, or not, for me.

I was vindicated in one of the first 'internet cases' in the US, in the 90's, and don't want to repeat that experience again. Actually, that's the origin of my nick, i.e. I was VINdicted of all charges, in a written decision, and was running a DSL connection, both then and now. True story.

I've had my identity stolen 3 times. I'm locked down so tightly that it took me 3 months to get a passport from the U.S. Department of State.

I keep my nose clean. I don't want to end up in prison - be discovered at the bottom of the Bellagio swimming pool - nor, 'accidentally' fall from a balcony on the 27th floor.

I'm not involved with anything nefarious, but being a little paranoid is a good thing in my line of work.

LoL! Let's just leave it at that ...  :)