Results 1 to 8 of 8
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    377
    Thanks
    1
    Thanked 29 Times in 24 Posts

    Readers' best personal-privacy tips




    LANGALIST PLUS

    Readers' best personal-privacy tips


    By Fred Langa

    When asked, "What do you do to protect your personal privacy?" you answered!

    The e-mails poured in for this special issue, and here are some of the very best privacy-related tips, techniques, and tools recommended by your fellow readers.

    The full text of this column is posted at windowssecrets.com/langalist-plus/readers-best-personal-privacy-tips/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    May 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    No, No, Fred. NEVER use 7-Zip for encrypted private information, contraryto your Windows Secrets article of May 25. Yes, it handles encryption/decryption. But when you decrypt something it also often leaves unencrypted copies of the file lying around on your hard drive afterwards. This is a long standing error that has been reported for literally YEARS without getting a fix from the developer. I have seen it on my own system and stopped using 7-Zip because of this problem.

  3. #3
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    301
    Thanks
    65
    Thanked 39 Times in 30 Posts
    Let's be realistic. Most security approaches do not work well.
    How in the world can you remember so many passwords and passwords of 10-16 length of random letters and numbers? If some experts say change them frequently, we might as well shoot ourselves! AND ... Ohhhh, poor seniors!

    Try that on accessing a car. Will you buy it? Totally anti-consumer solution.

    Imagine: You have 100 keys. Do you remember which one is for your front door. Oh, by the way, you change the lock every 3 days.
    Hah! Use a master password or password management software. (It needs only ONE password.) If I break this one SINGLE master password, I break them! (I can try out all the passwords in the list. Beats using brute force password breaker.)

    My method (against key logger too):
    Create a long passwords, 16 to max length, prefer max length allowed, with random, upper/lower case, numbers, special characters.
    A random generator software helps a lot.
    Use a random generator software, or type randomly. fill the entire page(es) in Notepad.
    Copy the password and embedded it in the random text. Place a marker, such as "!", or something (such as !&AbBy!, I!!) in the beginning and end of the password to ID it for yourself. Or use different beginning-ending markers (This is the only weakness. So do it wisely.)
    Now encrypt this text file with a password you can remember or write the file password down; surely not to putting this paper on the computer table for everyone to see. (If you're that careless, so what if someone reads the file ... BUT FIRST, IF they can associate the password to the file.)

    When you need to use the real password, decrypt the text file. Open it in Notepad. Locate the password (between markers). Copy and paste it to the web page. No key entry! Not even key logger can get your password.

    You say the text file is an open book with easy to crack password. So what? All you see in the text file is gibberish. (If you have someone enters your house, looking over your shoulder, or he puts a gun on your head ...)

    You can embed several passwords into one page, one password a line (surely not in consecutive lines and not always start at the same column). Or even continuous, only separating with marker.

    To protect the encrypted file. You can even use a long gibberish password. Embed this password in random characters in another text file. May have no obvious markers even (just remember the location, such as the 3rd line from beginning). This 2nd text file could be encrypted as well, or simply unencrypted.

    Be creative. Most important, make it easy for youself.

    You can even put encrypted text file(s) in a USB drive for convenience.

    For seniors: Print the page out and store it securely. May even put red ink quotes on the passwords, just to remind your old brain. You say, that'll beat the security. Not true. Someone has to get into your house, find the paper, and make sense out of it.

    The security measure is called security depth: layers of securities.

    It is like the open-sesame magic phrase to the main treasure safe. Make it gibberish and the hardest to crack. If a thief wants to get it, it is stored in a small safe. To get to the magic phrase, you need the key to to the small safe first. But before you do that, you need to find the safe. Once you do all this, the paper in the small safe has tons of words. Which is the open-sesame magic phrase?

  4. #4
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Hi, Fred! I enjoyed your ("our"?) article on online privacy. Thanks for including my tips. It was great to read what other readers are doing to protect ourselves and improve our online privacy. I really like it when we readers and Windows Secrets contributors can collaborate like this on articles.

    I wouldn't call my little project massive, but I do pay attention to online privacy ever since getting my TCF Bank Account hacked, and an Earthlink recurring charge showed up in the account. This was very difficult to remove, as I was not receiving the actual billing statements from Earthlink. The Bank was not eager to help either. (This was a few years ago.) So I began developing methods to protect myself from future privacy and security breaches.

    My experience with computers goes all the way back to Windows 95, Windows 98, Office 95, and even DOS-6 (WordStar and VisiCalc). So I have had some time to get the big story about security and privacy when using Windows computers. My research actually consists largely of reading relevant stories in InfoWorld, CNet News, Windows Secrets, and PC World. Total time per week is not more than an hour or two, but multiply the time investment over many years, and things begin to add up. I include this information to let Windows Secrets readers know that it does not take a massive amount of research, nor a large time investment to uncover some things we all can do to become better and safer PC (or Mac or Linux) users. Local Computer User Groups arre also a great way to stay informed and share knowledge with fellow computer users. And of course, The Lounge and other online forums are invaluable resources in staying informed.

    A few further comments:

    @Charlie --

    When considering encryption and deletion of private information, I'd like to add that deletion methods such as Secure Deletion in CCleaner (multiple-pass overwrites of deleted data) can also help preserve privacy, even when the original files were encrypted. Some Secure Deletion schemes are not easily recoverable even with modern computer forensics.

    Yes, scanning on a different computer can help in finding and removing some deeply embedded infections, but usually this is unnecessary for routine scanning for most folks.

    @Fred --

    7-Zip isn't really that good for encrypting compressed files. Too many hackers have studied 7-Zip, and it can be a bit leaky.



    And a special comment to those who are looking for no-cost shortcuts which avoid using password-storage software:

    Quote Originally Posted by scaisson View Post
    Let's be realistic. Most security approaches do not work well.
    How in the world can you remember so many passwords and passwords of 10-16 length of random letters and numbers? If some experts say change them frequently, we might as well shoot ourselves! AND ... Ohhhh, poor seniors!

    Try that on accessing a car. Will you buy it? Totally anti-consumer solution.

    Imagine: You have 100 keys. Do you remember which one is for your front door. Oh, by the way, you change the lock every 3 days.
    Hah! Use a master password or password management software. (It needs only ONE password.) If I break this one SINGLE master password, I break them! (I can try out all the passwords in the list. Beats using brute force password breaker.)

    My method (against key logger too):
    Create a long passwords, 16 to max length, prefer max length allowed, with random, upper/lower case, numbers, special characters.
    A random generator software helps a lot.
    Use a random generator software, or type randomly. fill the entire page(es) in Notepad.
    Copy the password and embedded it in the random text. Place a marker, such as "!", or something (such as !&AbBy!, I!!) in the beginning and end of the password to ID it for yourself. Or use different beginning-ending markers (This is the only weakness. So do it wisely.)
    Now encrypt this text file with a password you can remember or write the file password down; surely not to putting this paper on the computer table for everyone to see. (If you're that careless, so what if someone reads the file ... BUT FIRST, IF they can associate the password to the file.)

    When you need to use the real password, decrypt the text file. Open it in Notepad. Locate the password (between markers). Copy and paste it to the web page. No key entry! Not even key logger can get your password.

    You say the text file is an open book with easy to crack password. So what? All you see in the text file is gibberish. (If you have someone enters your house, looking over your shoulder, or he puts a gun on your head ...)

    You can embed several passwords into one page, one password a line (surely not in consecutive lines and not always start at the same column). Or even continuous, only separating with marker.

    To protect the encrypted file. You can even use a long gibberish password. Embed this password in random characters in another text file. May have no obvious markers even (just remember the location, such as the 3rd line from beginning). This 2nd text file could be encrypted as well, or simply unencrypted.

    Be creative. Most important, make it easy for youself.

    You can even put encrypted text file(s) in a USB drive for convenience.

    For seniors: Print the page out and store it securely. May even put red ink quotes on the passwords, just to remind your old brain. You say, that'll beat the security. Not true. Someone has to get into your house, find the paper, and make sense out of it.

    The security measure is called security depth: layers of securities.

    It is like the open-sesame magic phrase to the main treasure safe. Make it gibberish and the hardest to crack. If a thief wants to get it, it is stored in a small safe. To get to the magic phrase, you need the key to to the small safe first. But before you do that, you need to find the safe. Once you do all this, the paper in the small safe has tons of words. Which is the open-sesame magic phrase?
    This method is terribly insecure. I don't care how you disguise text, it only takes a competent hacker less than twenty minutes to fully expose all the passwords. Even less if they use decrypting computer programs. Windows copy-paste can be recorded by modern keyloggers, and many "keyloggers" also take screen shots at intervals or during mouse-initiated operations. Your method is completely insecure.

    But there is one valid point in here. It is the length (number of characters) of the password or pass-phrase, not its internal complexity (special characters, punctuation, etc.) which determines how difficult it is to crack. I have frequently posted in The Lounge that Roger Grimes of Infoworld.com and other security professionals have written about this rather unintuitive fact of security. So it's not just my own opinion.
    Last edited by bobprimak; 2011-05-27 at 13:34. Reason: merge my comments
    -- Bob Primak --

  5. The Following User Says Thank You to bobprimak For This Useful Post:

    Dick-Y (2011-05-27)

  6. #5
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by bobprimak View Post
    I don't care how you disguise text, it only takes a competent hacker less than twenty minutes to fully expose all the passwords. Even less if they use decrypting computer programs. Windows copy-paste can be recorded by modern keyloggers, and many "keyloggers" also take screen shots at intervals or during mouse-initiated operations.
    So there is no real protection. How depressing!

    I already find it tiresome - and insecure - having to type out the master password everytime I access my bank, credit cards or my trading/ spread betting account many times a day. Conesquently i keep the master password in ClipMagic and paste it into Lastpass whenever required. But if keyloggers can detect copy/paste and even use screenshots no password, however long or complex can be considered safe.

  7. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 575 Times in 478 Posts
    A 'Live' Linux disc goes a long way to protecting your privacy on your own computer.

    It doesn't protect every junction along the data highway though.

    Nor does it belong in a forum dedicated to 'Windows Secrets' ... is there a Windows PE equivalent available?

  8. #7
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by georgelee View Post
    So there is no real protection. How depressing!

    I already find it tiresome - and insecure - having to type out the master password everytime I access my bank, credit cards or my trading/ spread betting account many times a day. Conesquently i keep the master password in ClipMagic and paste it into Lastpass whenever required. But if keyloggers can detect copy/paste and even use screenshots no password, however long or complex can be considered safe.
    When you enter a master password into a program like LastPass, you come about as close to rendering the screenshots of some spyware useless as is possible in Windows. I mentioned copy/paste because some people think this is not recorded by spyware. It is. ClipMagic would reintroduce the same copy/paste insecurities into LastPass that the program is designed to minimize. But LastPass, when used with its own Master Password, is reasonably secure.

    Of course, if you have a keylogger on your computer in the first place, you have much bigger problems than a loss of privacy anyway. Best to detect and remove the spyware. Most good anti-spyware programs are pretty good at getting rid of keyloggers, especially if you use several different scanners when searching for spyware on your computer.
    -- Bob Primak --

  9. #8
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    301
    Thanks
    65
    Thanked 39 Times in 30 Posts
    Security is a mental thing. There is no 100% security, if you ask my opinion.

    The practical side of it is to make it a tedious job to break your security. The more worthy your stuff, make it the more tedious to break in. If your stuff is infinitely valuable, the corresponding security should be infinitely tedious. But then the break-in person is infinitely patient to break it. And it will!

    No security is fail-safe.
    Depressing? Yes and no.
    As I said, it is a mental thing.

    A car is valuable. But the security is only a lock. And now with wireless (keyless entry), it is relatively easy to break in.
    Do you worry your car got stolen? For most people, the answer is no.
    As long as you lock your car, the key+lock is tedious enough to prevent theft! Ditto for your home.
    It only takes few minutes to break into your locked home. For starters, just break the window!

    Nothing can stop a determined thief, and nothing helps if you are the target.

    So why bother with overly tedious security procedure?
    Recommendation? Yes (as usual, the disclaimer: Do it at your own risk):

    1. Use long (10-16 characters with numbers and alphabets). The longer, the better.
    In it should have nothing related to you, such as name, phone number, birth date, etc. Hint: If you have to, use your distant friends' street number, for example.
    2. Do write it down on a piece of paper, especially for seniors. Losing your account is worse than a slight chance of being stolen.
    3. But put the paper away from the PC. The modern fancy tech term is "off site".

    If you need the paper frequently, don't lock it up. It is not convenient. Put it away to avoid casual 'eyes'. A professional does not need to search for this paper. All he needs is get into your house, with a gun on your head. Your brain is the greatest security breach. The only true security is a dead brain.

    If you listen to experts, you would let your daughter keep the paper, and she is in South Africa and you are in Canada, polar opposite places. Now, the 'security breach' is when you call her to obtain the password over plain phone, aka 'unencrypted'.
    And if you listen to experts further, you would create secret codes, enigma machine, (prefer changing every hour(!)), such as, you say, "The rain in Spain..." And she would answer back, "Rains mainly in the plain." Now you know it is you and your daughter.
    OK, it is out of my hands now ... Ask the experts how to transmit that password through the open phone voice line...

    Oh, I forgot to ask, "How much in your checking account?" "Already overdraft?!!"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •