A VPN is a Virtual Private Network.
VPN Apps. MullVad VPN, and Proton VPN.
Learn more about VPNs at Brockwell's YouTube channel.
Showing posts with label Naomi Brockwell. Show all posts
Showing posts with label Naomi Brockwell. Show all posts
Sunday, February 18, 2024
Decentralized Storage
Sunday, February 4, 2024
Thursday, December 14, 2023
13:40. When you're using WiFi, you're just transmitting a whole lot of data on radio waves and that's publicly accessible and I think a lot of people don't realize how much information is being sent out because we can't see these things we're not quite clear about what sort of privacy violations or privacy weaknesses we are creating for ourselves so the thing with Wi-Fi access points and a site like Wigle.net is they've done a great job in highlighting this information so what wiggle net is it's a website that at their website you'll see a map of the world you'll see all these little Speckles everywhere and you're like oh how pretty Speckles you zoom in then you see a lot more of them and you zoom in and then you zoom in you can zoom in on your house and you will see the name the SSID of every Wi-Fi network that means Naomi's Wi-Fi at home or Heidi phone hotspot or whatever you're calling a network they're all listed there but it's a lot worse than that so wiggle what they do is it's all community Driven and they create this database to get people's awareness going about what's going on and what information is accumulated and it's a little scary what you can do and their database alone a lot is just like for example in their and their database some reasons why this would be a threat is because for example if you turn on a hotspot on your phone that becomes a wireless access point and so your transmitting information and people are connecting to you you can actually see what devices are connected to Wi-Fi spots, like your phone or whatever, and every device has a MAC address or an SSID and I always get those confused because . . . SSID basically your phone has an identifier. Now it's a name and that is publicly available information. Now why might this be bad? First, let's look at hotspots themselves.
15:55. Let's say you have a hotspot on your phone and you're using your laptop, you can actually track on these websites where that hotspot has moved to, what time it was available, you can look in perpetuity. You can also see what devices were connected to it. Let's say your laptop was connected to it, I now can see okay what laptop with that Mac address it was connected to. Let me search for that Mac address. Oh that Mac address was also connected to these Wi-Fi hotspots here and there. Oh, she happens every 5 o'clock to leave that hotspot to go to this one. That's probably her work; that's probably her home address. You start to see what kind of security vulnerabilities in a system like that if you're just publicly putting out this information. One thing Snowden says is don't use Wi-Fi at home, because that's just extra information you don't need to be broadcasting. Just plug your phone into an Ethernet cable. Also, Wi-Fi is a lot less secure there are a lot more ways for hackers to get into your network if they can access your internet network then they can basic only from accessing your devices whatever firewall and protection you've had on your individual devices. Televisions are probably connected. The thermostat is probably connected. All these things are things that hackers can then access. If they can get on to your network and you're just relaying on the actual Hardware protection to stop them, there are all kinds of issues with having this Wireless home. You can set up . . . a few want that sort of accessibility. There are companies that do that sort of thing that don't connect it to the Internet. But these issues with Wi-Fi, I think people need to be aware. I'm in the middle of doing a video on Wi-Fi probe requests.
To connect to a WiFi hotspot, devices send out a probe request to available network access points (APs) in their surroundings. An available network sends a probe response, initiating the connection. While this process is standard, these requests “also serve as a means to track, trilaterate [locate], and identify devices for attackers who passively sniff network traffic,” the paper said.
So probe requests reveal your physical address to hackers by way of triangulation. Wow, it's not enough to condemn these fuckers or label them as perverts, but you've got to protect yourself beyond the standard tools that come built in on your device.
17:56. So if you have your phone on for example if I go in my Wi-Fi settings on my phone first it lists all the Wi-Fi spots that are available nearby also on your phone you know how when you go and visit your parents house it just automatically connects to the Wi-Fi why does it do that because your phone stores a list of every Wi-Fi network you've ever connected to if you're using an iPhone you can't even access that list there's no way to actually find a list and delete things from it and I know Android there are different ways to do it on a computer.
18:30. On my Mac I've seen you can you can say forget this network.
18:35. On your Mac, you can; yeah, on your computer but not on your phone. You know how it's so seamlessly connects when you go to someone's house you where you've connected before it just automatically happens. Why does that happen? Because every few seconds your phone emits this probe request that says, "Hey every single Network that I've been connected to, are you available right now?" That's a unique identifier that says that you're the only person in the world that has all of those Wi-Fi addresses that setting up for probe requests at any given time. Because you're the only person who's been to my house and then to your best friend's house and your parents house and your work and so it's a unique identifier.
19:27. Now how is this exploited this is a huge security threat but what we know is that these things are publicly available what other people are collecting this information we know the Google and apple have treasure troves of information that they're collecting at all times you know those driverless cars that drive around the waymo cars they are also sending out probe requests to be picked up Wi-Fi Wi-Fi probes picking Wi-Fi networks they're accessing all those information and creating these databases so wiggle.net is a site that tries to cut a log of a lot of information but they don't have nearly as much information if you're terrified by the information you can search for on their site you should be doubly terrified of what Apple and Google have because what this means is that a database exists, a database exist that has all this information and if it exists it can be exploited. What kind of oversight is being given to these? What kind of security measures to protect them? What kind of leverage do governments who are trying to extradite people have to access this information? They probably have a huge amount of leverage.
20:35. So what's something that you can do? Turn off your Wi-Fi when you're not using it. Don't just keep it probing something you can keep in mind with iPhones is when you go in your settings if you have at the control center and you turn it off that doesn't turn it off that just says forget this until tomorrow you know like don't try to access until tomorrow so your Bluetooth and Wi-Fi are going to be on until you go into the settings and turn them off
Brian Krebs has a site, Krebs on Security. He put out a report titled, "Hackers Gaining Power of Subpoena Via Fake 'Emergency Data Requests'," Brain Krebs, Krebs on Security, March 29, 2022.
Like all privacy reports, you're thankful for the news and terrified by the results. There's a terrifying and highly effective method [that Krebs] says that criminal hackers are now using to harvest sensitive customer data. They're getting this from all kinds of companies, from internet service providers and phone companies and social media firms, and basically any tech company that you can think of.
They are doing this by compromising email accounts and websites that are tied to police departments and government agencies so what happens is that they will hack someone's email account or hack someone's website and then get access or create a shell account at the back end and create more email accounts for them and then they will send unauthorized demands for subscriber data. So they'll be like, "Hey Twitter, you need to send me this data on this user." Now usually when companies are asked for this information, along with it comes a court order; there's a subpoena; there's official documentation. What Brian Krebs has pointed out is what hackers are doing is they're saying, you know, send us this information, Twitter, and the information being requested can't wait for a court order, because it relates to an urgent matter of life and death. This is a specific thing that law enforcement can do, called an Emergency Data Request.
But in certain circumstances — such as a case involving imminent harm or death — an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents.
It is now clear that some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.
In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person.
“We have a legal process to compel production of documents, and we have a streamlined legal process for police to get information from ISPs and other providers,” said Mark Rasch, a former prosecutor with the U.S. Department of Justice.
Monday, December 11, 2023
Your email address is the one identifier that links all of your activities together--financial records, shopping preferences and histories, etc. Your email is easily findable on the internet. In countless data breaches where it's used to tie all kinds of personal information about us and track us all over the internet. Data brokerage is a billion-dollar industry
Microsoft Data Breaches Expose Customers' Info and Emails, Sergiu Gatlan, Bleeping Computer, October 19, 2022.
Allowing people to learn so much about us by using a unique identifier for everything we do is really dangerous this is where burner email address is an aliases come in really handy. These allow you to have many different email addresses that you use for different purposes to help silo different parts of your life.
mydoctor@myemailaliases.com.
myfood@myemailalias.com.
nightsout@myemailalias.com.
You can even use a unique email address with every contact is this unmanageable you want me to set up a new email for every person I interact with you don't actually have to set up these addresses with multiple email accounts no you just have to have one account.
To use different email addresses you don't need to set up multiple accounts or log into different accounts you don't even need to create these email addresses in advance they don't need to be created at all.
2 SOLUTIONS FOR YOUR EMAIL WOES THAT ARE SUPER EASY TO IMPLEMENT
These will give you back more control over your inbox and digital identity.
1. CATCH ALL EMAIL ADDRESSES.
2. AN ALIAS SERVICE CALLED SimpleLogin.
Why use different email addresses instead of giving everyone we interact with the same email?
1. Controlling the spam being able to filter out messages that have been sent to certain addresses or even shut off addresses completely is a really powerful tool for controlling how much spam or unsolicited communication enters your inbox.
2. Protection from identity theft if you have one email that ties together all aspects of your life it's easier for someone to find out enough information about you to impersonate you and do things like open a line of credit in your name.
3. Using unique email addresses makes it easier to see which sites are sharing or selling your data if you give cute dresses.com and email address you need to them and suddenly you start getting emails to that address from political campaigns they've probably done something to dodgy with your data so then you can just block that address or dispose of it.
Tuesday, November 7, 2023
Everything you do on Google Maps get sent back to Google's servers that allows them to learn more about you and, it turns out, that Google is tracking your movements even when you explicitly tell them not to. There's an AP article titled, "Google Tracks Your Movements, Like It or Not," Ryan Nakashima, AP News, August 13, 2018. For example Google Maps stores a snapshot of where you are every time you open the app it's so difficult to prevent your location from being tracked when you have Google apps installed. "Google sued by multiple States over how it handles your location data," Sean Keane, CNET Tech, January 24, 2022. That's a pretty good reason to not have any Google apps on your device including Google Maps.
So what are your alternatives? Apple Maps is surprisingly good when it comes to privacy they don't collect personal information associated with your map usage and GPS tracking in their Maps app is something to opt in to rather than opt out of location services can be easily turned on information about routing traffic in nearby points of interest used to improve maps is all anonymized. Apple has a process called "fuzzing."
2:46. Where rather than requesting a specific route they send off multiple requests with multiple identifiers which helps hide where you're trying to go. Apple doesn't store any information about where you where you've been or what you've been searching for personalized features in maps such as parked car like upcoming destinations are created using data generated on your device and stored on your device not sent off to Apple's servers for them to see and you can delete it at any time.
3:22. And any information that is sent out to an external server is disassociated from your Apple ID and anonymized. One way they anonymize data is when you search a route, a random identifier is created and exists just for the duration of your navigation session. This means the route isn't tied to your Apple ID or phone ID and is therefore not tied to you. On top of that, after 24 hours Apple Maps converts your precise location to a less exact one. Individual usage metrics are associated with a temporary identifier that rotates multiple times per hour and is not tied to your Apple ID there are no longer lived identifiers used to
Thursday, November 2, 2023
"virtual credit cards are actually a great interim solution that give you back some more control over your finances"
Credit cards are a notoriously insecure means of payment.
Credit card fraud remains the most common type of identity theft in the United States.
About 11 billion dollars worth of losses due to credit card fraud. The vast majority of that is online.
It's just a piece of plastic with a number on it and anyone who knows that number can make a charge to your account.
As we go about doing our business online we tend to give away our credit card information to so many different companies and that really spreads our risk across a lot of different places instead of just our bank. --Josh Summers
Josh Summers teaches people about security products in the digital age.
It makes me a little and easy whenever I am handing out my information to all these different places. --Summers
And we do it anyway because we like the convenience. But there are a bunch of companies that offer things called virtual credit cards that allow you the convenience of credit cards well giving you more privacy and control of your purchases, like
Premium, PRIVACY, Capital One, and Wise. They work kind of like a VPN shielding your payment information from merchants.
1:05 I'm not giving out my actual banking information. I'm not giving out my actual credit card or debit card number. I'm masking it with one that gives me a little more control. --Summers
1:18. Increased privacy is a big reason why someone might want to use a virtual credit card. Maybe you don't want your payment information to be a way that marketers can Target you or perhaps you just don't want to reveal your home address to people you don't know.
1:32. Not only are we masking that credit card number, we also have the ability to mask our address, our zip code, and our name if we wanted to. You can use any name, any address, any zip code, and they will Auto approve that charge. --Summers
1:46. I decided to give this a go and used privacy.com to purchase an online dance class with a fake name and a fake address it was a virtual product so there's no reason I should have to give them my home address and second it said in their terms and conditions that they were allowed to sell my data to 3rd parties. No thank you. The purchase worked a treat: one less company harvesting my data! But the virtual card company itself is still collecting your data. The great thing about Privacy.com, the service I used, is they promise never to sell user data in any capacity, and a lot of these virtual credit card companies have similar policies. Another reason you might use a virtual credit card is a layer of insulation from the world of online fraud,
"How could someone get a hold of your credit card number?" -- Joey Tribbiani from Friends
2:31. We've become so inoculated to using our credit card that now we almost trust anybody with it.
2:36. But if this number falls into the wrong hands,
2:39. . . . they will take you for everything you have without any compassion whatsoever.
You're basically saying when you have this number you have the ability to pull money from my account and yet we freely hand that number out to almost anyone. Virtual credit cards allow you to put all kinds of parameters in place that stop those people from pulling money from your account without your permission.
2:58. I can say that this is a one-time use card. I can pause or cancel those cards at any time once I use that card once with a merchant it gets locked to that merchant. -- Summers
3:09. For example you might create a virtual card to pay your Netflix subscription.
3:13. That card is locked to my Netflix account and it cannot be used anywhere else. Not only that, but my liability is limited to $9 per month because that's what I've set it at. Netflix cannot charge any more than that. Or perhaps, it's just a one-off payment. I had some yard work done on a house of mine the contractor basically asked me, "Can you please just email us your credit card information?" and when I sent my information I made it a single-use credit card and for a specific amount for the invoice. So once they hit the card for that amount, the card was closed 2 minutes later. Add after they charged that $800, anything else that they want to charge on top of that will also get declined.
3:52. Even if someone gets access to the email and the card number it will be useless to them but it's not just sending credit card numbers over insecure methods like email that should concern us it's how the company stores that information once they have it.
4:06. We are giving all this information to companies that we may or may not be really confident about their security measures . . . Summers
4:14. the small businesses your local pizza chain or your dentist that are also collecting your payment data you know they don't have necessarily these big it departments to make sure that their infrastructure is secure. -- Julie Conroy, Research Director, Aite Group's Fraud AML Practice
4:26. Instead of spreading our risk across a lot of different companies getting our credit card information all those were kind of trusting one company
4:33. Privacy.com, for example, takes great pains to store your data safely using things like password hashes, split key encryption for sensitive information, and isolating data. Most of these companies have similar practices, but again make sure you read the fine print before you sign up. A third reason why you might want to use a virtual credit card is that it's the best way I've found to eliminate auto-renewals for stuff you don't want anymore or forget about. A lot of these services depend on you just forgetting that you have a subscription somewhere until you find it on your bill and you're like, "Oh, I better cancel that," by which time you've already paid for another month that you're not going to use.
5:11. Subscription services are notoriously hard to cancel they do this on purpose.
"I want to quit the gym," Chandler Bing.
STAFF: "You do realize you won't have access to our full service Swedish Spa."
I WANT TO QUIT THE GYM, Chandler.
I pressed the cancel button, and a little pop-up said, "We're sorry that you are interested in canceling. You'll have to email this email address in order to continue," and I'm like that is not a cancel. So what I did is that I went in and I canceled their card, so when they run that charge and find out that it's declined they will stop their services quicker than it would take me to actually do the cancel service.
5:45. Some caveats about these virtual cards: let's go back first let's go back to the VPN analogy the same way that a VPN hides your IP from websites you visit but the VPN company has access to everything you visit a virtual credit card hides your sensitive information from Merchants but the company sees everything you do keeping mind that this is not an anonymous service now just because the virtual credit card company knows what you're doing it doesn't mean your bank needs to some virtual credit cards let you choose from a selection of fake Merchant names and how you want your charge to show up on your on your bank statement.
6:22. And they've got a list of like four or five, it's like H&H Hardware, like some random names that you can put on so you can hide it from your bank.
A couple more caveats that I'll mention. A lot of people like credit cards because they get cash back rewards. You miss out on those rewards if you're using a virtual credit card. But some would argue that it's a small price to pay to save you from the inevitable headache of credit card fraud.
6:49. The other caveat is that I personally think crypto provides better protection in privacy and you get the added bonus of saving money on each purchase if you're using services like Dash Direct or Bitrefill or Purse.io. but recurring payments still I think the crypto doesn't do well at all so virtual credit cards are actually a great interim solution that give you back some more control over your finances. All in all, the less data you give to the least amount of places online, the smaller your digital footprint and the more control you have over your privacy. Virtual credit cards are really cool product that I recommend people check out.
7:25 Being able to mask my information kind of add in that anonymous or pseudonymous layer between my actual information and who I'm giving it to me it just gives me a little more confidence as I move forward with my number, my address, and my credit card, whatever.
Find Josh Summers' YouTube channel here.
Wednesday, November 1, 2023
Thank you to Naomi Brockwell.
Andrea Amico, Privacy4Cars.
Modern cars are spying on us, but to what extent?
Dale Wooden, aka, Woody, is a digital tracking expert and former instructor for a vehicle forensic company.
Sam Curry, a famous car hacker who researches car vulnerabilities.
"Car Hacking: The New Frontier of Cybersecurity," Conner Ivens, Tanium, October 3, 2022.
TOPICS COVERED IN THIS SERIES
* How easy it is to hack modern cars?
* And how strangers can get real-time access to your car cameras.
* Explores trackers in cars that you had no idea existed like the radio signals beaconed out by your tires that can be used to track you even if you're doing 70 miles an hour down the freeway.
* We dive into the perverse incentives that drive companies to collect as much data about you as possible and look at the history of when this all started.
"Toyota Japan Exposed Millions of Vehicles' Location Data for a Decade," Zach Whittaker, Tech Crunch, May 12, 2023.
Spoiler alert: it's been going on far longer than you ever imagined. And don't even get me started on used cars. We look at how the previous owner of your car might still have access to all your car's remote features, tracking tools, and cameras. And we explain how to wipe your own information and location history from your car before you sell it. These are the kinds of things we investigate as we dive under the hood of car privacy in the series.
WHAT DATA IS YOUR CAR COLLECTING?
What data is siphoned from your car every time you hit the road?
John McElroy,
"Your car knows where you're going it knows your kind of driving habits."
In short the modern car has become a privacy nightmare.
Andrea
Cars collect a lot of data and I don't know that consumers really understand how much data is being collected by vehicles the new trend in automotive is to talk about the software defined vehicles
"All about Software Defined Vehicle," Renault Group, April 24, 2023.
Which essentially means turning cars into smartphones.
In what ways are cars like smartphones? Well first, they both act as tracking devices, emitting all kinds of radio signals that can be used to pinpoint your location.
Woody,
Your car is a cell phone. Your car is a wireless hotspot. Your car is a Wi-Fi receiver, and your car is a Bluetooth transmitter and receiver.
But there are other important similarities too. Just as we often think of our phones as singular entities that send off data to Google and Apple, we regard cars the same way, sending off our data to Mazda or Toyota. But with our phones, data sharing doesn't stop with the device manufacturer because we then go ahead and install a hundred different apps on it and each of these apps also sends our data to countless companies. It turns out that car is actually working a similar way cars are platforms where a lot of other services are bolted on top most consumers don't realize that when they're driving you know there's a hundred s of companies literally that are collecting data from that vehicle and profiling you.
Lauren Smith,
Some information might be going to the manufacturer. Some may be staying locally on the car. Some may be going to your insurance company. Some may be going to a technology that you've opted in to use.
So exactly what information is being collected and where it's going is pretty hard to figure out. Varying by the make and model of the car, however, one thing we know for sure about basically all modern cars is: data is being harvested by the trunk load.
Sam Curry:
The easiest way to figure out what exactly your car is tracking and has access to is to just open the app.
Sam Curry has spent a lot of time examining these car apps where you do things like check the engine status and check your vehicle's cameras.
If you ever wanted to see where your car is at, or like start your car, or unlock your car, you can now do that with your phone.
The actual data that gets logged by the car includes video feeds, microphone feeds. The actual GPS location like overtime is 100% being logged. Your car has the systems built in that'll actually log every interaction with the vehicle so whether or not you unlock the car, turn the engine on, the air conditioner on, starting an engine, or finding a vehicle's location.
These are generally marketed as really convenient features for consumers.
Being able to control and locate your vehicle via like your phone is like a really cool thing.
But it's also important to remember this fundamental principle:
Woody:
If the app is free you are the product.
Sam Curry:
By just like using the apps, you're kind of just giving that data to that company. They'll probably . . . hold it in perpetuity.
And often we're not just handing our data to those companies . We are granting carte blanche to share our sensitive information with countless third parties.
Sunday, June 25, 2023
ISPs are notorious for collecting data about us and SELLING IT.
ISPs are notorious for collecting data about us and SELLING IT. Take a look at your ISP's Terms of Service. If it's not spelled out in big clear and bold letters, like "WE NOT USING YOUR DATA. WE WILL NEVER USE YOUR DNS DATA," they're probably using your DNS data. They could be building a profile of you looking at the websites you're browsing.
Even though most of your internet activity is encrypted once you connect to a website, DNS pokes a giant hole in this privacy. DNS stands for Domain Name System. DNS acts as the phone book for the internet so computers need IP addresses to communicate with each other they actually don't understand names so what the DNS does it translates the names that you're most commonly familiar with, like www.quod9.net and turns that into an IP address.
The way that DNS does this look up is you contact a series of different authoritative name servers and ask each one where to find a separate piece of the URL. They'll each send you a new name server to get the next bit of information you need until finally you've reached the authoritative name server responsible for maintaining a record of the IP address for the website you're trying to visit.
Although this process happens in milliseconds it takes a lot of work to make all these queries so typically your computer or your phone will outsource the task to what's called an upstream DNS recursive resolver. That resolver will do these lookups for you which means that you're sending the resolver every URL you want to visit so that it can find the IP address for you.
We're going to let someone see all our internet activity by sending them our DNS requests.
Well, whoever we're sending this to is trustworthy, right?
Whoever we're sending this to is trustworthy, right?
Everybody should be very aware where they are sending their DNS queries.
Yeah, I bet that most people actually have no idea who is handling these DNS requests for them, nor how they're using this data. Most people's DNS requests are handled, by default, by their ISP or internet service provider, and this is very bad because isps are notorious for collecting data about us and selling it and many people might already have a hunch that something like this is going on.
They sort of have a vague understanding that their ISP might be watching what they're doing.
But you should really take the time to find out specifics take a look at your ISP's terms of service
If you ask the telephone book how to get to a certain website it's kind of a given that's where you're going to be going so they can build a profile even just based on the queries that you're sending to the DNS recursive resolver.
And when critical infrastructure like isps get this information you can bet that means governments get access to it .
If you are seeing going to a site which is illegal or is frowned upon depending on what country you're in that may be a risk to your freedom there is more and more focus on it now as a method to determine what people are doing it's it's not just observation but now it's actually being used as a method of control governments are starting to say well you know we're not going to allow certain DNS lookups to occur they're actually blocking certain DNS lookups from happening which should be very worrying to everybody.
So what can you do one option is to use a DNS resolver that you can run yourself instead of sending your DNS queries to someone else as explained in previews videos we recommend using the open source router software PF sense. And using a service inside of PF sense that's called Unbound for your DNS resolution.
Unbound is a recursive resolver so you have the ability to send out queries all over the Internet to all of the various authoritative servers.
Essentially this means that you are bypassing your isps resolver entirely.
That's great that means that you control your own DNS completely and there's no one else involved.
But there are two big downsides to this. First, the authoritative servers that you are sending the request directly to who see who you are and what your querying. Second, it's not possible to encrypt the connection from a recursive resolver to these authoritative servers which means . . .
There's nothing that prevents anybody from sitting downstream from you and seeing what you're doing.
So running your own resolver in sending your unencrypted DNS queries directly to authoritative servers doesn't stop your ISP or snooping governments from seeing your activity but there is a solution it seems like we are having to choose either Outsourcing DNS queries to someone else or handling it all ourselves but while only one DNS resolver will ultimately be used for each transaction.
That's not to say that you can't stack them.
You could use both a local DNS resolver and an upstream resolver so you'll set up Unbound as described but . . .
You want to actually use it as a forwarder instead of Unbound doing all of the this recursive work for you it's going to forward the queries to the DNS servers you set in the general configuration options.
And the Upstream DNS resolver your set to handle these forwarded queries will be privacy focused one we like quad 9 and that's for a number of reasons first they are a non-profit based in Switzerland whose mission is to help make the internet safer and more private. Due to Swiss data protection laws, . . .
We can't sell or reuse or or in any way divulge personal information about anybody we've chosen a place that is extraordinarily strict to be housed to give and you and users the assurance that we are doing what we say we're going to do and that were not actually storing their personal data or logging logging it or even looking at it.
Another big reason that we like them is that they're one of the few DNS providers that allow client side encryption what does this mean we already mentioned that a DNS resolver connection with authoritative servers can't be encrypted but it is possible to encrypt the connection from your device to an upstream DNS resolver like quad 9.
In the last couple of years major encryption protocols have Arisen that's DNS over TLS was the first one it came out with and the other one is DNS server https most isps do not Implement them.
But Quad9 does.
We were actually the first major public resolver to actually offer standard based encryption and that means that all of the DNS transactions between those devices in our services cannot be observed by anybody sitting on The Wire in the middle.
Encrypting this DNS traffic out of your devices is super important for stopping anyone like like your ISP from being able to Snoop on it so using an upstream resolver like quad 9 has huge privacy benefits now as mentioned it's not possible to encrypt the second part of this journey that goes from quad nine to the authoritative service so what quad 9 does is once a receive your DNS query, . . .
We mix that query in with all the other millions of people that are making queries at that moment in time and then we send that out in an unencrypted fashion to all the different authoritative servers on the internet and get answers and give it back to you so anybody observing even past our system can't tell what queries you're doing.
Now let's explain how to set all this up it's actually a very simple process first we'll give you a quick recap of how to set up Unbound on PF sense as your local resolver if you want to dive deeper into PS sense take a look at our previous video then we'll put Unbound into forwarding mode point to quad nine as our Upstream recursive is over and show you how to turn on encryption so that the connection between your device and quad nine is private so let's begin.
The first thing you need to do if you're on PF sense is that you need to enable your DNS resolver so that enables Unbound to start working on your PF sense box.
Go to services and select DNS resolver and under the general settings tab . . .
You're going to click on the box that says enable DNS resolver.
This sets Unbound to be your local DNS resolver now scroll down in the general DNS resolver options.
Network interfaces should be all outgoing network interface should be WAN.
Now scroll down to where it says DNS query forwarding.
You definitely want DNS forwarding turned on.
We'll configure where to forward your DNS to in a moment.
Use SSL TLS for outgoing DNS queries to forwarding servers yes you want to turn that on as well that means encrypt the connection between Unbound and quad nine so no one can see where you're going or what you're doing with the DNS.
The rest of the settings you can leave as the default we're going to publish an addendum to this video for a deeper dive into what each of these settings means including the ones that we skipped so that you can better understand some of your other PF sense capabilities now it's time to tell Unbound which Upstream DNS resolver we want it to forward queries to.
You're going to then point Unbound to an external resolver such as quad 9 go into the system settings under under General setup and there you're going to see DNS servers settings.
We are going to add 3 different DNS servers the addresses belonging support not all IP addresses belonging to quad nine in the first field . . .
9.9.9.9 and then you'd add another one 149 112 112 112 and then you got another one if you have IPv6 and that's 2620:fe::fe.
Not every ISP offers IPv6 but you can add one anyway . . .
It's not something that will hurt and it won't slow anything down especially if you listed as the last one.
Then you'll have the host names:
Put dns.quad9.net, . . .
And put that next to each of the three DNS servers you've added you may have another setting in there which is the Gateway which you can just leave as none or if you don't have that option just ignore it and that's it changing these DNS settings is a huge step in improving your online privacy DNS request can be a gold mine of information about our internet habits preferences and routines.
This is the last piece of data that is able to be observed.
And every piece of this data that we send across the internet can be collected analyzed and we don't know how it might be used in the future but we do know that this DNS data is already being used by governments all over the world to monitor online activity and it can be used for the censorship and targeting of dissidents activists persecuted minorities you name it.
Governments are not just simply trying to observe what people are doing but they're trying to control it.
Protecting DNS privacy should be apart of everyone's online safety practices we want to be able to navigate the internet safely and with the peace of mind that not everything we're doing is under constant surveillance better privacy online is achievable you just have to learn how and now that you know about DNS leaks you are one big step further along as always we have no partnership with quad 9 or any other company we just like to spread awareness of tools that we think will help people Preserve their rights online NBTV is actually a non-profit that is funded by Community donations. If you'd like to support our free educational content, please visit nbtv.media/ support we also have a book titled beginners introduction to privacy that also supports our Channel also liking and sharing and commenting on our videos also really helps thank you so much for watching through till the end.
Saturday, June 3, 2023
"If you're not doing anything wrong, you have nothing to hide." That's not what privacy is about.
you may not be doing anything wrong today, but regimes come and go. And social norms change. You don't know who'll be in power tomorrow, and that data is forever. It is not going anywhere. It is in silos that is permanently stored in permanent bases all over the world that is just being maintained by people who love collecting data. So I would be really careful thinking that just because you're safe today that you're going to be safe tomorrow.
Find Tom's show notes for "Episode 2342: Naomi Brockwell on Protecting Your Privacy."
His guest is Naomi Brockwell. Find her on YouTube. And on Twitter.
If you're not doing anything wrong, you have nothing to hide." That's not what privacy is about.
As someone who believes in a free society, we should not be normalizing surveillance. If you look at any dystopian sci-fi film, it always centers around the government having access to all of your activities. In every historical authority, in every authoritarian government that we can point to throughout history, they've always had surveillance as a main tool for control. So you do not want to normalize a society where the government knows every single that's going on. The other thing is that we're all feeding this permanent treasure trove of information about us and that data is forever.
Now, you may not be doing anything wrong today, but regimes come and go. And social norms change. You don't know who'll be in power tomorrow, and that data is forever. It is not going anywhere. It is in silos that is permanently stored in permanent bases all over the world that is just being maintained by people who love collecting data. So I would be really careful thinking that just because you're safe today that you're going to be safe tomorrow. And I would also say about that argument that I'm not doing anything wrong kind of flies in the face of what half the people in the world are facing. Not everyone is lucky enough to live in a semi-free country. Some people around the world are literally fighting for their lives, and privacy is the only tool that is keeping them safe. If they cannot have private communications with people, if they cannot find a way to mask their transactions, they are going to be persecuted. And that happens in so many countries, countries where the black market doesn't just reverse it, drugs or whatever else is on there; maybe it applies to medicine maybe it applies to clothing, maybe you've had too much of your food quota and you're trying to feed your family so we have to realize that norms across the world vary so dramatically and so this idea, when people are snarky about privacy "Ugh, you know, it's just something for bad people. Why do you want to hide your conversations? Why do you want tm hide your money? Encryption is just a tool for drug dealers or money launderers," or whatever else, it really is a very privileged position that they're talking from, right, because this is a tool for freedom for so many people across the globe. CryptoChat is a tool for freedom. Tor is a tool for freedom. Private money is a tool for freedom that is keeping people alive. And even if it weren't, I think it's the individual's right to keep their lives private. That's what the 4th Amendment was made for: it was to stop unreasonable searches and seizures. And for some reason that 4th Amendment never carried over into our digital lives. For some reason the government is like "Well, we're not allowed to look through your belongings without a warrant, and all of that, if it's physical, but your digital life, yeah, let's just take all of that, let's collect all of that, and rifle through it whenever we want. And if you want it protected, we'll try and get a backdoor into it." Like it's a complete perversion of the balance power we're meant to have, and I think it's so sad when people have this knee jerk response of "If I'm not doing anything wrong." Well that's not really what privacy is about. It's not about doing something wrong. It's about the right to selectively reveal to the world what you want to reveal and I think that we all should have the right to make that choice, which data we want to release, what information we want known about us. And if the government wants more than that, they can get a warrant.
7:45. Search engines. Google is synonymous with lack of privacy.. They're actively sharing your data to the CIA.
9:15. We're in the age of machine learning, data points like how long you hovered over a search result before scrolling past it actually get collected. Your mouse movement, you know, whether you're about to click things. Did you know that if you type into the Google search bar and you don't even press enter . . . let's say like, ah, I want to type in Tom Woods, and I type in "Tom Woods . . . and I say, nah," those key strokes were already captured and sent to Google, so it doesn't matter that you didn't send it. They already have that information. And I think that people don't realize how good Google is about taking all of these abstract data points and putting them together in a way that humans can't really find patterns in these things but computers absolutely can because they have way more computational power. So Google is taking all these data points and is painting an incredible picture of who we all are. And I think it was the Irish Civil Liberties Association . . . they put out a report where they got hold of . . . basically, the database of all the identifiers that Google uses. So, that we all know that Google is a search engine, it's a browser, but really it's an advertising company. It's the largest advertising company in the world. And what they're doing everytime you load a page, there's a couple of seconds where there's some empty boxes or maybe it's milliseconds and suddenly they're filled with things that are trying to capture your attention--articles, or things to purchase, or whatever. And what's happening behind the scenes is that Google has said, "Okay, everyone Naomi has just opened her browser and gone to this page, we have these boxes to fill. These are all of the things we know about her. Who wants to buy it?" And so what they're essentially doing is taking everything they know about me and just blasting it to the thousands of approved buyers in their real-time bidding system. And you can think, who are these people collecting this data? They don't even have to bid on the ad space to collect it. They can just be sitting there passively collecting this data. And those companies are not just ad companies, they're data brokers. They're government agencies. And those people are collecting that data that are passing it into thousands more. Sowe have no control over whose hands this data falls into, and that's a pretty scary prospect. So I would just be really mindful of all of the ways that we're leaving digital exhaust. You know you mentioned Google as a search engine but there are more private alternatives. If you even wanted Google search results, you could use something like StartPage, which is a more private front end for the Google search engine. So basically, you can look at proxy sites. You don't have to look at the real websites, your IP address isn't collected, all of these things can really add up and really dramatically decrease the amount of data that companies like Google are collecting about you. And it's not just Google. I mean there are people who think that the private and the public are so distinct, and "Why do I care if Google has my information, do they just want to sell me a pair of shoes?" Actually, it's a lot more insidious than that. I think a lot of people are thinking about this in a pre-Internet world. And what's that world look like? Well, that was a world where private companies had very limited insight into our lives, very limited amount if data that they collected. And governments had very limited ability to collect that data, too, from private companies. What is the situation now? Private companies are collecting every single thing about us and the government has a free-for-all. There is no 4th Amendment protecting any of this data due to things like the 3rd party doctrine that basically says that if you hand your data over you use the infrastructure of the internet which relies on 3rd parties for everything. YOU HAVE NO REASONABLE EXPECTATION OF PRIVACY. So they can basically get every single thing about you. So I don't think there's this straight forward private public divide because at the end of the day Google is collecting all this information and all these companies are collecting all this information and they're basically amassing it into giant treasure troves of data that governments can subpoena, that they can break into it, they can get back doors into it, and as we learned through the Snowden revelations that there are programs like Prism programs where they're just getting direct access to the servers of a lot of these companies. So I think we need to step away from this divide and just realize how bad the situation has gotten in the digital age that things are so blurry that you do as a conscientious citizen who wants the right to privacy, who wants the right to freedom in their life that we should really be mindful to how much data we're giving to everyone knowing that that data is not protected at all. And there are so many ways that we can start to protect our data. Like I said, StartPage is one. Brave Search is another.
14:18. A story in her book about Tank Man from that famous photograph of a man standing in front of a tank on Tiananmen Square in 1989. And one day he disappeared from major search engines. Can you explain what happened there and what the significance of that is?
On Tiananmen Square Massacre, this came up.
TIANANMEN 1989: WHAT REALLY HAPPENED
— Thomas Hon Wing Polin (@thonwingp) June 3, 2023
1/8 This is a post that needs to be repeated every year — until the biggest of the West’s Big Lies against China is properly buried. pic.twitter.com/G1fL5htaPD
14:42. Search engines we often think of as just a privacy violation, but search engines are our portal into the internet at large. They're in charge of indexing all if the pages, getting these little spiders that crawl all over the internet that collect all of the URLs and basically put them into this index that is searchable. That also means they have control over what they can show us and it's been shown that there is a lot of censorship of this information. And people should really be mindful of the things that they're being shown are the things that these companies WANT to show them. It's like Google, Microsoft, for example, I think it was two years ago now on the anniversary of the Tiananmen Square massacre. And Tank Man, that famous image that we all know, the day after the massacre there are ranks rolling down the street, and this anonymous man, I don't think we ever learn his identity, just decides to stand in front of them holding grocery bags. And it's this amazing image of revolution and fighting against authoritarian control. Of course, it's banned in China. They don't want anyone to know about Tiananmen Square. They don't want anyone to know about this image. But what was very suspicious was in the United States, in the Western world, on the anniversary of the Tiananmen Square Massacre, suddenly, if you were to look up in a search engine, such as Google, Bing, and Yahoo, I think there were, I can't off the top if my head which search engines they'd applied to but there were a bunch of them but Bing immediately comes to mind. But you wouldn't fund any result about Tank Man. Now this is an incredibly famous, famous picture. You type that in your search engine and you would get zero results. What's going on there? What other things are we not being shown? And how do we get around that? And I think it was Bing who came out soon after and said "Oh, this is a big mistake. It was just a bug. It was fixed now." So it did come back online. So it wasn't like China completely infiltrated the Western world and was able to censor. Obvious from this was that they were able to force these companies to censor these things and were successful. And it makes you think what other things are they censoring? What are some of the things that the U.S. government is censoring? The EU, what do they not want us to see? Tweak the algorithms. Brave search allows you to search for what kind of materials would you like to be shown. Left-wing or right-wing? Would you like to be getting better sources from PBS? Only sources from PBS? You can set parameters where you affect the algorithm. All we're getting with MSM searches is complete opaqueness when it comes to the results. They all say no, we're neutral and we just build some information but generally, we're showing you all the things on the internet. Just not true. We don't know what they're showing us is just completely opaque there's no way to verify that that we're actually being shown the correct things there are so many things that go on it's not just censorship it's also what is being shown first and how is this influencing people's conception of the world. They did some experiments with autofill and it was influencing people in certain directions.
18:32. So if you look up Naomi Brockwell, all you get is "Naomi Brockwell is . . . a terrible person . . . is lazy . . . is ugly . . . is really bad," you'd start to get an impression of who Naomi Brockwell is. If you looked up Naomi Brockwell and the autofill reads "Naomi Brockwell is intelligent . . . is the best . . . is amazing . . . conquering the world of privacy . . . helping people," completely different picture. They did experiments in the last election where they looked
Subscribe to:
Posts (Atom)