As we already discussed many times in this blog, we know that web security is something very difficult to reach but we can always try to improve our security when surfing into the web.
First of all, use Firefox! Do it! In my opinion it’s slower than Chrome but very “transparent” and so you have less risks to unintentionally share information you want to keep private. In my experience, Firefox could be safer than Chrome if you use the right adds-on.
This add-on (for Firefox and Chrome) will automatically connect your browser to the https version of many websites contained in its “Rule list”. The number of https connections in the HTTPS Everywhere’s list is sufficiently wide and you can always decide to manually add new https addresses (more info) as in the following example:
<target host=”www.google.com” />
<target host=”google.com” />
<rule from=”^http://(www\.)?google\.com/” to=”https://google.com/”/>
If you prefer to save time and you don’t want to write some lines for every website you prefer to connect through https, you will install another add-on: HTTPS Finder. HTTPS Finder is perfectly interconnected with HTTPS Everywhere and it will try to reach every website you type into the address bar, using a https connection. If it finds a valid https website, it will ask you if you want to add a specific rule into HTTPS Everywhere rule list. At this point you have only to agree and the new rule will be stored in the list.
During the past weeks, we read many posts and articles about the new privacy rules that Google introduced for its web services. The goal of this specific post is not about discussing privacy agreements and the many interesting points of view about this kind of topics but we would like to focus your attention on a couple of ”tricks” which can help you to increase the privacy level.
First of all, you can decide to use an alternative search engine which doesn’t log your activity and it is not possible to define your profile about your web activities.
Privatelee has been developed to offer better privacy to people who prefer not to have their web searches automatically analyzed by google.com.
This search engine can work on https mode and its search results are the mix between external search such as Google and Bing. You can also decide to use just one web engine or both. Comparing the results obtained we can affirm that Privatelee is really very effective and offers the same main features of Google and Bing.
Startpage is based on Google and has many flexible features that can be selected using the “settings” page. This particular search engine deletes all the logs after 48 hours and you can anonymously visualize images and videos or define how to manage cookies. Moreover, Startpage allows you to save your settings without using cookies.
As for Privatelee, please be sure to type https and not a ”simple” http when you insert Startpage address in the bar.
Secondly, if you use Firefox, you can use a specific add-on TrackMeNot. TrackMeNot is a simple but useful add-on you can install on Firefox to obfuscate user search data profiler on Google, Bing, Yahoo, Baidu and others. TrackMeNot automatically issues random queries on the main search engines using a list a generic list of words. In this way, search engines are not able to create a real profile about you as web user. Your real searches will be just few between the hundreds fictionally created by TrackMeNot. TrackMeNot is completely configurable: you can choose the query frequency or define the klog of your automatic queries. By default, TrackMeNot uses the words contained in the RSS of four primary websites: The New York Times, CNN, MSNBC and The Register.
What about listening to Pandora or other USA IP-based online music services if you are not into the USA? There are many add-on for Firefox which can help you to use the right proxy for appearing in different places in the world but, in my experience, you can have some difficulties when you try to use them.
In fact the IPs of free proxies change frequently and sometimes you are obliged to spend a lot of time searching for the right IP of free proxies. Other times the free proxy addresses are so overcrowded that you have to wait many seconds before you can visualize webpages.
One exception is anonymoX, a simple add-on for Firefox which always works properly and assure a good connection speed. AnonymoX has two different service levels, the free basic service has fewer features but it really works properly and it’s fast.
With the free level you can choose your favourite IP exit country between USA, UK and NL. You can also decide if you prefer to stealth your web surfing using anonymoX features or the classic TOR servers. Moreover, you can change your fictional ID every times you want also while you are surfing the web.
During all our tests anonymoX was able to assure us a good surfing privacy, in particular we successfully tried to change browser id and we really appreciated the possibility of visiting .onion websites through the Tor option. Recommended!!!
In our last post we examined the possibility to recover deleted data from USB keys and disks. Today we want to focus your attention on the proper way to destroy sensitive data from your disks.
On Ubuntu you have the possibility to move any file to the Trash but, as we demonstrate in our last post, anyone has the possibility to recover them using a simple, basic GUI, program called PhotoRec.
If you want to be reasonably sure that none will be able to recover a file you decided to permanently delete you have to use the Shred command. Shred is native in Ubuntu Kernel and literally delete your files overwriting them repeatedly with arbitrary data. After you delete a file with Shred you can be sufficiently sure that recovering procedures will not succeed.
As usual we must warn you that technology is rapidly evolving and what could be considered sure today, tomorrow will be out of date! So, if you think you need to preserve your privacy in the best way, don’t forget to change the hard disks regularly and mechanically destroy your old ones. Sincerely we hope our readers haven’t this kind of need.
To start using Shred on Ubuntu you have to open a Terminal and type:
sudo shred –help
In this way you will visualize the grammar and all the possible options offered by this program.
The correct grammar to use Shred is:
shred [OPTIONS] FILE
or, if you want to shred a entire partition:
shred [OPTIONS] /dev/[HDA9]
The possible options are:
-f, –force change permissions to allow writing if necessary
-n, –iterations=N overwrite N times instead of the default (3)
–random-source=FILE get random bytes from FILE
-s, –size=N shred this many bytes (suffixes like K, M, G accepted)
-u, –remove truncate and remove file after overwriting
-v, –verbose show progress
-x, –exact do not round file sizes up to the next full block;
this is the default for non-regular files
-z, –zero add a final overwrite with zeros to hide shredding
–help display this help and exit
–version output version information and exit
In our experience, to operate in the fastest way, we decided to add Shred on the Nautilus Menu and have the command ready with a simple right click on the mouse.
For this reason you have to open a Terminal and type:
sudo apt-get install nautilus-actions
Then you launch the program following this path: System->Preference->Nautilus Actions Configuration.
Last, you have to configure Shred filling e.g. the following parameters:
Tooltip: Shred utility to securely erase files
Parameters: -f -u -v -z %M
Appears if selection contains: Both
Be sure to check the box “Appears if selection has multiple files or folders“
To finish your configuration, do not forget to open again a Terminal and type: