Have you done a privacy checkup?

Topic

New Reply

Video here January 24 to January 28 was data privacy week. It’s okay if you missed it, rather we should have a privacy year. Start by reviewing this c
[See the full post at: Have you done a privacy checkup?]

Susan Bradley Patch Lady/Prudent patcher

7 users thanked author for this post.

lmacri, KP, Steve S., SueW, Kathy Stevens, Alex5723, DrBonzo

Reply | Quote

Replies

Personally, I’ve used (Firefox ESR) with NoScript uBlock, Privacy Badger, https-everywhere, (2005 for some and later for others 2014 for other extensions/add-ons)

I also use IBM Trusteer Rapport (since 2005) on any sites where I exchange any personal or, especially banking data. P.S. its free and is recommended by a lot of banks in UK, US,… and I have used it since 2005, had some stability and performance issues 2005-2009 but nothing since then (but cannot use FireFox std due to 6wk update cadence, hence I use FF-ESR.

<Rant – Begin 🤬>

The real issue is that advertising companies have always been kings of poor practice, e.g. in the UK the Advertising Standards Authority’

Regulation of Online Advertising: A Briefing – ASA | CAP

has historically had to slap down many companied in TV ads for misleading ads and poor practices so what could you expect them to do when they had a new playing field that the punters are (mostly still) completely oblivious to (unless it is pushed under their noses) that tracking IS a potential issue…

Given the proportion of people that actually trust mobile OS’s enough to do online transactions on their phones…

{Many of which have only recently started supporting adblocking (I’m looking at you Android + FireFox […Chrome is a joke since it still doesn’t support any extensions… probably to justify not having adblocking (it is against their core corporate raison d’etre after all)] }

… especially when all smartphones are currently where PC’s were in the windows 98 era, in terms of online privacy & security support… << 3-5 years unlike on PC’s… and they’re still claiming they don’t need antimalware …

– because Apple/Google app stores are safe (ROFL x 1E+06)

… so I put Sophos Mobile (free for non-business users) on my and all family’s smartphones… but I still do no financial transaction via that device – PC only…

<Rant – End 😊>

Reply | Quote

Thank you Susan

During the week we will be reviewing the use of our VPN and the privacy settings on all of our machines.

It seems as if we are spending progressively more of our time on Windows updates, ability to recover after a meltdown, security, and privacy.

Thanks again for the “checklist”

 

Reply | Quote

As far as the VPNs recommended by CR, Mozilla has to be excluded because their HQ is in the USA. Other very good security information can be found on Michael Horowitz’s Defensive Computing site.  FWIW, I am using Nord now, but will switch to Mullvlad when it is time to renew my service.  Too much tracking going on with Nord.

Reply | Quote

Always with the people wanting me to not use google search…  duckduckgo seems to be highest rated, but the simple reason, though I have tried others, that I return to google search is that when I search for something it quickly gives me what I want. Others haven’t even come close.

I value my time.

I use firefox and uBlock origin.

On my phone I usually use Brave.

1 user thanked author for this post.

Alex5723

Reply | Quote

I hear ya.  On technical searches Google still wins.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Fred

Reply | Quote

I also find on non-technical searches it also gives me a MUCH better set of sites. I find myself very limited on other search engines. so I just don’t use them. Interestingly/amusingly I can immediately tell if my default search engine has been changed (some updates like to change FF’s default to yahoo, etc.)

Reply | Quote

I have been using Firefox ESR starting from one of the Firefox 78 ESR versions, and the search engine has not been changed by any updates so far.

Reply | Quote

I agree on Google depth, but there are ways of getting that without necessarily going to Google directly.

Bruce Schneier indicates that he uses DuckDuckGo to search Google by prepending “!Google” to DDG searches, and where DDG is filtering Google’s results stream: https://www.schneier.com/blog/archives/2022/01/people-are-increasingly-choosing-private-web-search.html

I’ve also found that I like StartPage.com (including being able to save personal search preferences as a URL, rather than having to log in, or maintain a persistent cookie).  StartPage does initiate a Google search and streams Google results without the user ever touching Google.

Reply | Quote

Read his update…

EDITED TO ADD (1/12): I was wrong. DuckDuckGo does not provide privacy protections when searching using Google.

I am quite surprised someone like Schneier could miss this, i always assumed it was obvious that G would know what you’re searching for since you get redirected but i guess not. Although it does seem to offer some protection from G snooping which i didn’t realise.

Reply | Quote

I try to use DuckDuckGo for searches but sometimes Google does a better job.

1 user thanked author for this post.

Fred

Reply | Quote

I had recently read CR’s report about VPNs and was also a bit surprised by their recommendations. Their methodology seemed  skewed toward issues of “presentation” or “education” rather than “function” and the report didn’t offer much in the way of technical depth. I’ve noticed a lot of CR’s other product analysis and recommendations seem to be moving in the direction of being more superficial and dumbed down for the masses. They may be doing deeper evaluations of products than it appears but the reports sure seem wanting to me. Of course, then, I’m an engineer. 😉

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

2 users thanked author for this post.

wavy, a

Reply | Quote

Agreed. I don’t think CR is worth anything. Hasn’t been for years. Used to be long long ago. imho.

2 users thanked author for this post.

wavy, Steve S.

Reply | Quote

Lots of interesting items to go thorough in the privacy checkup.

Just happen to figure out Chrome Extensions last week and put in Privacy Badger. NoScript does not seem to be from the same developer as the Firefox version so I didn’t install yet.

Just figured out Apple’s App Privacy Report: Settings -> Privacy -> App Privacy Report -> Turn on App Privacy Report
source: Apple Support

Reply | Quote

A few more discoveries related to this blog and posts:

Firefox Add-ons: DuckDuckGo Privacy Essentials

NoMoreGoogle has a link for a Chromium download

Microsoft Edge Add-ons (like Google Chrome Extension / Chrome Web Store)

Reply | Quote

Thanx all. Have any of you experiences with the Vivaldi.net browser?

Norwegian origin it is.  Their free email looks very promishing on privacy.

 

* _ ... _ *

Reply | Quote

I am normally not a fan of Consumer Reports for authoritative technical information, but https://www.consumerreports.org/vpn-services/should-you-use-a-vpn-a5562069524/ is very well researched, and echoes several things that I’ve been advising for a couple of years, namely that not everybody needs a VPN, and that many VPNs may cause more problems than they solve.

In particular, the world continues to change, especially with Google’s push for HTTPS for everything has produced enough that many of the compelling reasons for VPN that were present 5 or 6 years ago are not nearly as pressing now.

This article notes that VPN may help some, but for many, more aggressive defense against various forms of ad tracking may provide more than VPN will.

For me personally, the two primary tools in my box are blocking of scripts with NoScript, and use of uBlock Origin. With NoScript, I only allow scripting from sites that I trust, or others when I know that they’re necessary.

I’ve also found that if I follow instructions to “see what Google has on you”, when I check that, what’s there is virtually nothing, because I don’t use Chrome, and I rarely log into google. I do have a gmail account that I use infrequently, but I believe that there’s far less tracking that goes on from a POP or IMAP client than by using Google’s preferred interface through Chrome.

As for Google-hosted scripting, it’s often necessary to set NoScript to enable google.com, or Google’s AJAX scripting or even gfonts, but I do that only after I’ve found that blocking doesn’t allow me to get to what I want. On the other hand, it does seem to be a zero-loss proposition to block access to google-analytics. For now, I’m blocking via NoScript, but I may consider more permanent blocking with null-routing that through an entry in my HOSTS file.

3 users thanked author for this post.

OscarCP, wavy, a

Reply | Quote

Just a couple comments:

“not everybody needs a VPN, and that many VPNs may cause more problems than they solve.” yes definitely, including a 50% load on the system, etc.

“blocking of scripts with NoScript” – I tried this briefly and found myself having to allow an exception for nearly every site I usually visit, but in the right hands and in the right circumstances I do think this can be a VERY powerful tool!

“use of uBlock Origin.” – yeah, that one’s a keeper!

” I don’t use Chrome” – agreed. I avoid it for the same reason.

No comment on the rest simply because I have no experience.

1 user thanked author for this post.

OscarCP

Reply | Quote

I had to stop using NoScript for the same reason as Krism. I am less concerned about using Chrome, but yes, there is a reasonable worry there.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I’ve been using Firefox for years and doing this for a bit over three years, now.  I changed to DuckDuckGo about a year or so ago when Startpage was sold.  My extensions now include Privacy Badger, AdGuard AdBlocker, DuckDuckGo Privacy Essentials, Facebook Container, Malwarebytes and HTTPS Everywhere.

I don’t see ads anywhere, and I’m reasonably confident that I’m not being tracked.  Indeed there are certain protocols that, in Windows, belong exclusively to Edge and Bing, however if one only uses those protocols in such a manner that Microsoft doesn’t consider to be browsing or searching, there is no associated tracking, either.

My cable modem/router is a Motorola MG7550 and decently configurable.  I’ve set it such that it won’t respond to a Ping, and there are no unnecessarily open ports.  So yes, overall I do feel my privacy is secure.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

Fred

Reply | Quote

Referring to your post above, about Edge and News & Interest: I prefer to grab the Microsoft Edge / News & Interest web links (Microsoft Start), then put them in Firefox and bookmark them.

To clean up a bit, run BleachBit against the Microsoft Edge browser.

Reply | Quote

I don’t use Google.

From the linked article, “I struggle to give Google the benefit of the doubt here since the end result of all these changes just happens to be “more user tracking.”

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I am using NordVPN – not 100% of the time but when I am on a public WIFI (e.g. hotel).   Of course I don’t do any banking or logon to anything I can’t afford to have compromised.  I am not sure I need a VPN going forward  and will check things out when my subscription expires in Sept. I read CR report on VPNs. It’s a little discouraging in that most VPNs are just another form of tracking with their own privacy issues and behavior that is detrimental to consumers/users.  E.g One of my pet peeves is the difficulty, if not impossibility of having your data purged when you leave a service or request they do that. Hardly any one removes user data – I think it’s my right to have it removed.  The report says many of the VPNs do not delete user data when service is cancelled, among many other issues reported.

I have been using Safari on my ipad (had been using duckduckgo) with Apple security settings.  I use FF on my laptop.  Google does provide better results-they have the advantage and it shouldn’t be so, but they’re in control. I try to limit my social media access – I have Facebook and logon via the web on occasion,  it provides some value for me in staying connected there plus I am using FB Messenger.  I deleted everything I had posted on FB and shut down privacy as much as possible using their settings, but it’s Facebook so they are tracking me.

I do not have anti-malware on my IOS devices – been around the block with that (discussions here on Askwoody forums) and am reasonably confident that for now, there is no value in having it on IOS.  I run Defender and MBAM Premium on my Windows 10 laptop, but I’ve been mostly using my IPAD lately.

I removed all the add-ons I had (UBlock, Privacy Badger, HTTPS anywhere) bc you have to provide them access to everything and then you have to trust that they will do the right thing with your information. I know everyone says they’re trustworthy, but  I don’t like it.

I don’t have any blockers on my IOS devices (I don’t even know what they would be!) or my laptop.  I try to confirm email validity and not click on any links in emails (unless I can determine it is valid). I am careful when browsing.  I use Virus Total before going to websites.  I clear history and cookies constantly.  Am I wrong in thinking this behavior is protecting me from infections and tracking?  I know I’m being tracked, but I’m trying to do what I can to limit/erase some tracks.   All that being said – that’s me and my practices. I’ve tried to instill the same in my husband and it has rubbed off some, but I have no idea what sites he is going to and he doesn’t know/care like I do. So you are only as strong as your weakest link.

I have to try to remain vigilant with privacy and security.

Reply | Quote