Security Privacy Anonymity
These three concepts should go hand-in-hand, right? The truth is, they don’t. In fact, as any single one of these increases, the others tend to decrease. To make matters worse, people often do not understand the level to which privacy is now being violated. So that brings us to the question. Security, Privacy, or Anonymity? Which is most important to you? How far are you willing to go to achieve it? Let’s break each area down and look at how you can bolster all three.
First thing’s first: you’re going to need a basic understanding of what each term means.
People have a pretty good grip on security. Security is protection from whatever you might not want to deal with. An alarm system is security against burglars. A bank vault is security against the theft of whatever is stored inside.
Privacy is knowing something is tied to you but not knowing exactly what it is. That bank vault in security, for example, is known to be owned by you but the contents therein are unknown to others. They are private.
Anonymity is something which is known but does not trace back to you. Say you post something to an online forum (that doesn’t need accounts) from your library’s computer. The public can see this post but no one knows you made it.
Before I even begin to break this down, I need to dispel a myth. There is no such thing as 100% security. Well, there is no such thing as 100% security with the item in question still being usable. Take your laptop, line it with lead, and toss it into a vat of wet cement. Congratulations, that laptop is now 100% secure… and you need to go buy a new laptop to actually use. So long as software (that includes operating systems) exist, there will always be vulnerabilities which can be exploited.
Security is broken down into measures put into place for the protection of your data. Many people think simply having antivirus means that you are secure. In fact, antivirus actually ranks at the #3 thing you can do to secure yourself. Let’s check out a few options here.
1: Update update update. Does Windows have (important) updates? Install them! Does your program have a new update? Install it! You can have the most secure information around but that doesn’t matter if you haven’t installed the updates needed to fix whatever new vulnerabilities have been discovered. Optional updates are not as important and should only really be installed if that particular update does something of particular importance to you.
2: Use your computer as a standard user rather than an admin user. Does this create more hassle sometimes? Sure. It’s an extra step whenever you need to do something requiring that admin privilege level. But you know what it also does? It stops 94% of all critical Windows exploits from being able to happen on your machine. What’s worse? Having to enter your admin password when you want to install a program or having your computer taken over?
3: Antivirus. And not just any antivirus but one that actually does its job. I won’t get into this one too much as we already have an antivirus Article covering the subject.
4: Strong/unique passwords. At least one is needed but both are obviously recommended. Strong passwords are harder to guess. If you use unique passwords for each site requiring login, you only lose a small portion of data should one site ever be breached. Whereas if you only have one password, an attacker then gains access to every account you own.
This is where it gets trickier. Can you increase security beyond those important steps? Yes. Does it start becoming burdensome or impacting privacy and anonymity? Yes.
1: Website screening services. This actually ties a bit into antivirus too but really encompasses anything that verifies websites are safe before you visit them. This increases your security but also sends your browsing data to external companies (including incognito browsing… not that incognito really hides all that much anyways).
2: Cloud file/service scanners. Like #1 here but more widespread to include files and services running on your computer. In order for them to be assessed by a program or company, they must first be uploaded to that program/company. This typically means a log is created of what you are doing with the computer.
3: Use a VPN (we talked about this a bit in a previous privacy post). The traffic encryption offered by a VPN works to protect you (to an extent) from web-based attacks like would be performed on open networks. This is due to the fact that your traffic is encrypted and can no longer be manipulated. The person who owns the server your information is passing through, however, could still manipulate it on their end. When picking a VPN service, it is important to understand what information the company keeps, where they are physically located (so you know what laws they are forced to follow) and their stance on privacy. Please do ask us if you are interested in this. We have done all of this research already and would be happy to help.
4: Utilize virtual machines. This one is pretty unique and handy in more than one way. Virtual machines are entire computers being emulated by your computer. They are actually fairly easy to set up (we can help). They boost your security by isolating attacks against your physical computer. The idea is that what is in the virtual machine stays in the virtual machine. Did it get infected? Not a problem, just reset it. Also of particular interest is that the more advanced malware will actually delete itself if it detects that it is running in a virtual machine. This is a defense mechanism to stop it from being analyzed by cybersecurity labs.
Privacy is different than security in that you are now trying to control access to data. Privacy measures are those you put in place to limit who can access information which is important to you. This includes both information which you possess such as your files and documents and information which third parties are trying to gather about you.
1: Know what companies do with your data. We’ve mentioned Facebook a few times in the past for how much information they harvest and share with others. Google loves to track you as well (online and offline). You can see our online privacy Article for a few measures to help against online tracking. Better yet, before you give your data to a company, head over to tosdr.org (Terms of Service – Didn’t Read) and see what they say about how that site uses your data.
2: Tune your computer and program settings. Windows 10 is a pretty good operating system but has standard settings to share your information. Open up your privacy settings and turn off all of the sharing settings you don’t need. Many programs have usage monitoring agreements as well for “improvement studies.” Watch for those check boxes while installing. And remember, any time a program has to go online to retrieve information, that means it is sending out information as well. For example, Windows Media Player, while capable of retrieving song/album info online, also calls back to Microsoft at the same time to update them on your music.
3: Cloud storage… not near as secure or private as you might hope. There are actually encryption programs you can pair with your cloud storage to keep everything private and only accessible to you. You can also even host your own cloud storage from your own network. Interested in either one of these but don’t know where to start? Give us a shout.
4: Use a VPN. While great for security, it also provides an amazing boost to privacy. Did you know your ISP actually harvests and sells your browsing history? With a good VPN running, they can only tell you are using the internet but lose the capability to monitor what you are doing.
5: Encryption. I listed this for cloud storage but it goes much further. In fact, encryption is pretty well your #1 tool when it comes to privacy. Want to keep your computer’s data private? Encrypt the hard drive. Want to keep emails private (and insure people know only you could have sent them)? Encrypt the emails. Anything encrypted using a secure password and algorithm pretty well insures privacy.
Having anonymity means your online actions do not trace back to you. Anonymity can function with or without privacy. Consider a Facebook profile (we’ll assume you are doing something to stop Facebook from tracking your IP here). You can create an account using a fake name and fake email address. This makes your posts from that account anonymous as they no longer tie back to you. They are not private however; anyone on Facebook can still read them. If you then set that account to private so that only select people can find it and read posts, it is both anonymous and private.
Anonymity can be harder to achieve online being that so many different services try to track your every action. And the truth of the matter is, you can’t really be anonymous online if you aren’t somewhat anonymous offline as well. These tracking systems are simply so advanced that they can pair related behaviors online and offline in order track people. But here’s a few things you might consider:
1: Have I mentioned a VPN? Security, privacy, and anonymity. I put this under privacy but realistically, it’s keeping you private by anonymizing your traffic. That said, if you use a VPN and then sign into Facebook or some other account, it’s still pretty easy to trace your actions during that internet session back to you…
2: Use virtual machines. There are virtual machines designed purely for anonymity. They definitely aren’t for everyone but they are relatively easy to install and work with. Also, actions taken within the virtual machines aren’t really recorded by your actual computer. Have an issue with the virtual machine or think it may have been compromised? Not a big deal… a brand new one can be implemented in minutes.
3: Tor. I touched on this at the end of our online tracking article. Tor is an internet browser based off of Firefox. It is set up for security and connects you into the Tor network to anonymize your traffic. What this network does is bounce your traffic around multiple relay nodes before it gets to its destination. This prevents the traffic from being tied back to you. It’s slower than traditional browsers because your traffic is moved between nodes and not as full featured as normal browsers but does serve to allow for an anonymous connection. You can read more about how it works here.
4: Fake accounts. In my short intro to anonymity I mentioned creating a Facebook account using a fake name (note that this does violate their policies and they may delete the account if they decide it is fake… but if you are using like legitimately as you would a normal one, this is not likely to happen). Having your online presence functioning under a pseudonym provides you a layer of anonymity.
one last note:
Each option I’ve given in these different areas increases the burden of use for the computer. Want a VPN? Ok, you need to purchase the correct one and actually fire it up each time you want to use it… and remember that it’s active (so you probably don’t want to sign into personal accounts if anonymity is your goal). Virtual machines are great but you need to be able to actually work with them. Your computer needs at least a little power as well to run them. Security, Privacy, and Anonymity are there for the taking but understand that each is based upon your personal needs and how much you are willing to do in order to achieve them.
And there you have it
Want to know more or looking to get started better controlling your data?
Training and Consultations
Security, Privacy, and Anonymity truly go far beyond what we have listed today. Some concepts can also be very difficult to understand if you do not have a technical background. But no worries! As part of our services, we offer training and setup for any area you may need. We can also act as a “virtual CEO” for consultation needs on industry trends and best paths forward. It’s great if you have an internal IT department, but remember, they only work with your specific hardware/software. We work with many different industries of all sizes and can advise on what we have seen work and what we have seen fail (and a few thing’s we’ve seen burst into flames).
Single end users to big businesses, our services are available to anyone. If you want to learn or prefer to sit back and let us get you a “ready made” setup, we are here to help.
Request a Consultation
2017 Windows Vulnerabilities
Vulnerabilites you can negate
websites secretly tracking you
years of experience protecting you
*We will never spam you or share/sell your information. We take privacy seriously and are providing these Articles 100% for you.*