Online privacy and security
Introduction
Technological revolution permanently changed the meaning of computer in human life. Back in the days, computers were just the machines, which could be operated only by skilled and knowledgable people. Nowdays, pretty much all kids have smartphones, tablets, personal computers or laptops. These devices are becoming more and more user-friendly, so that literally everybody can use them without specific knowledge requirement. Same thing happens to the web: sites become more colorful and understable. Unfortunately, most people do not realize that this ease of use comes a with huge privacy drawback, for both "online" and "offline" activities. We will discuss some tips and recommendations to protect yourself and enchance your overall digital privacy.
#1 Prefer local computing over cloud computing
The tendency of forcing people to use cloud services, cloud computing and, basically cloud-based solutions instead of local ones has became more and more popular in the last few years. Cloud computing is such a popular thing nowdays that some experts think that it would soon become a new industry standart and completely wipe out traditional or, how it is called, "local" computing. A great example for this can be Microsoft Office. Everybody knowns Microsoft Office. And, of course, everybody knows that it is not free. Back in the days, Microsoft Office was one time purchase. Today, you can still get it via one time purchase, but it is not the true way Microsoft wants you to use their products. They want you to either pay wapping 150+ US dollars for yearly subscription or use fully featured and "completely" free Office 365 on the web. Unfortunately, most people use solution number 2 either because they do not have enough money to actually sign up for subscription or simply because they are not tech-savvy enough to actually find a legit pirated Office copy. Another example can be Google products. Google is having quite the same strategy here with forcing people to use their cloud ecosystem: Google documents, Google presentations etc. At this point, you would better choose Google solution over Microsoft, since google provides end users with some more advanced features such as online collaboration and access control (there are more features).
But Google and Microsoft are not the things we are discussing today. The real question is: Why these services are free ? For sure, it takes those companies a lot of effort to develop and maintain those service, but you can use them for free ? What is the profit model here and does one even exist ? Unfortunately, for majority of these services users this is not a question really - they just do not care, since, well "its free". The answer to this question is actually fairly simple - when the software is free, you are the product. Clearly, you data is the product. All your documents, emails, contacts - everything, that you are storing in the cloud is being backed up, scanned and analyzed; sometimes manually, sometimes with an assistance of an AI. Not only your data is being analyzed, it also gets associated with you and with your activity (even if companies claim not to do that). At this point, you might still think, that you can get away with this, for example by storing your files and sensitive data in a password-protected ZIP archive, right ? Well no. As I said already, all your data is being analyzed. For example, if you were to store the password protected ZIP archive in a Microsoft SharePoint and then you email your friend that password to that zip archive is "billgatesvisitedepsteinisland37times", than Microsoft knows the password to the archive. Hence, it would be decrypted and analyzed. Even if you delete your data from the cloud, there is no way for you to somehow verify that it actually got deleted, meaning that there is no way for you to be sure that your data stays confidential and secure, since you are no longer controlling it. Why ? Because, essentially, what is the "cloud" ? It is just some other guys computer, and if it has your data, there no restriction for people owning that computer to do everything they wish with it. At this point, it is easy enough to understand how, for example, Google, a company worth over a TRILLION DOLLARS, gained its revenue. It stores and analyzes your data to either show you targeted advertising or sell this data to some 3rd party company. Google does not profit much (or even does not profit at all) from their applications like Chrome, Gmail etc - they are free to use for anyone. But these services help Google to gather user data and show targeted advertisements.
Another important problem with cloud services which many people do not really pay much attention to, is the security of those cloud services. People think, that backing up their data to the cloud can prevent it from being affected by malware or ransomware attacks on their computers. This is "sort of" true, because if malware ends up taking over their computers, user data would still be safe. However, what most end users do not realize is that this malware or ransomware could potentially affect cloud servers as well. If you think that is impossible, you are completely incorrect. In fact, hackers tend to be more interested in compromising cloud services, than single people's computers. New security breaches and critical vulnerabilities pop up and hit various cloud ecosystems pretty much every week. There is also a possibility of simple human error, which can cause major data leak. For example, 4 weeks ago a database containing over 2TB worth of sensitive personal data such as phone numbers, address, zip codes etc of citizens of some chinese provice was sold on the dark web (approximately 20-30 BTC). How this major (actually one of the biggest in history) data flow actually happened ? In a sentence, a chinese enginner, who was writing a blog post, accidentally put production database credentials in it, so hackers were able to quickly grab them and download and export the data to their servers.
Of course, it is not easy to live without cloud services today. Avoiding using them is great, but it is not the perfect solution for the majority of the people, so as a recommendation I can only suggest using more privacy respecting services, than the ones mentioned before.
#2 Do not use products that seem "free"
As I have already stated before, when the software is free, you are the product. So what are products that seem "free" ? Most obvious examples which everybody know are VPNs and antiviruses. Not only VPNs monitor your internet traffic and domains you have visited, either to provide you with targeted advertisements or sell your data to some kind of 3rd party company, they also track you activity (if you allow them to do it) and provide website vendors with that information. Antiviruses are even more simplier to understand: those are evil programs, which YOU are giving explicit permission to constantly scan your files for "potential malware". Of course, since most of these programs are proprietary (closed source), again, there is no way for you to actually verify that antivirus you have installed on your computer does not monetize you chat logs with your AI girlfriend. Back in 2020, Avast antivirus company was caught selling sensitive user data such as browser history, bookmarks, applications installed on the system and other things to some 3rd party company. By the way, if you are using avast antivirus just go ahead and uninstall this crap right now. It does not make your system secure. Windows defender does a pretty good job on its own. But that is completely different story.
#3 Prefer open source software over proprietary
You might think that proprietary software is better, because some bad guys such as hackers are not able to study its source code for potential attack vectors. The only problem is that if you are developing closed source program, you are essentially betting that your developers and your security expers are better at implementing and securing things than the rest of the world. Linux kernel is completely open source and as the result it had much less critical security flows than Microsoft Windows had recently (it had approximately over 3 major security vulnerabilities, which forced microsoft developers to immediately publish an update patch). Another example to show how proprietary software security sucks, is a popular online password manager, called LastPass. Now, before I talk about what is the deal with LastPass, another quick security tip: using a password manager is definitely a good idea, but using on online password is the worst thing you can do for your passwords safety. Obviously, as you might have already guessed, LastPass got hacked ... a bunch of times ... pretty much every half of the year since 2015. Every time after LastPass got hacked it administrators and developers had been claiming that secure passwords vaults were safe, no data was leaked blah blah blah. But since you do not own the servers and, hence, again, you do not explicitly own you data basically, there is no way for you to verify whether what they are claiming is true. Open source software on the other hand gets checked and analyzed over and over again by millions of developers, security experts or just students and thus it more stable and secure. If you do not trust open source developers, you are free to verify source code integrity on your own.
#4 Use more privacy respecting browser (extra)
As statistics says, Google Chrome is the world most popular web browser, with over 80% of people using it on a daily driver. The problem with this browser is that it is developed and maintained by Google - a corporation, which main profit model is to sell targeted advertising, as we have discussed earlier. Obviously, Google has the financial initiative to turn their browser into spyware. Because of that, Google Chrome ships with awful default privacy settings which the majority of end users do not even bother changing. My personal recommendation would be to avoid using pretty much all chromium based browsers and to switch to one of the Firefox's forks as the Firefox itself is pretty crap nowdays.
#5 Use more privacy respecting operaton system
Tips described before, such as avoiding cloud computing and using open source software would not make much sense if you are using operation system that does not respect your privacy. We are talking about Microsoft Windows here by the way. Similar to Office, Microsoft does not sell Windows operation system anymore - anybody can download it from their official website. The problem with Windows is that the computer with Windows operation system installed on it is not your computer, it is now a property of Microsoft. And Microsoft exercises that property by adding all kinds of spooky stuff to their operation system. First of all, targeted advertisements are everywhere: on login screen, in applications menu, even in powershell. Second, windows collects absolutely incredible amounts of telemetry, which includes information ranging from all applications you have launched since boot to how many times you have pressed certain key on a keyboard. If you are using Windows with default settings, Microsoft might know more about you, than your parents do (settings customization does not help). The only solution here to avoid spyware for you is to quit using windows right now and switch to green pastures GNU Linux without any thinking.
Conclusion
To sum up, I would like to discuss some pretty well known and obvious tips. You might be familiar with all of them, but they are still very important:
- Use different passwords for all your online accounts.
- Use 2 factor authentication where possible. It helps you to keep your account safe even if your weak passwords gets compromised.
- Always use private or incognito browsing mode when browsing on unknown/public computer.