SoylentNews is people
SoylentNews
I'm just informed enough about IT security to know that I really know very very little about it. That said, I probably know ten times as much as do 99% of people. I'm an expert in my field, and while I've been a jack of all trades on many fronts, today's threats to privacy and IT security require expert knowledge to combat.
I do not have time.
- For example, I hear that Microsoft added updates to Win7/8 that threaten my family's privacy...yet I have not yet gone and removed the offending updates. I moved myself to Ubuntu/xfce, but my son is still using Win8. I'll get to it eventually.
- For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.
- I installed Cyanogenmod and Fdroid on my phone. And for the most part its great..and I have very few apps with permissive permissions settings....but my wife is still using an iphone and ipad, with all sorts of apps...with ridiculous permission leaks..and that is a struggle.
The long winded point I have is that it is now just too damn much work to do it all right. I'm tired after a 10 hour workday. I've obviously taken more steps than most, but it is still leaky as hell...
I need a company/organization that I can reasonably trust to manage my information security/property, to manage my computers, manage my vpns, e.g., to isolate my web browser windows over multiple vpns, ... all of it, and it can't be GOOGLE. My data is my property, as long as I can hold it, so it needs to be a company/organization that built in privacy obligations (like lawyers and doctors supposedly do).
-Signed: A Frustrated Tired Old Nerd (with children)
[Ed's Comment: Does such a company exist? Is it even possible to provide such a service? Or have we just identified a niche in the market for some enterprising person to fill?]
(Score: 4, Informative) by q.kontinuum on Monday October 05 2015, @10:37PM
Against a targeted attack by one of the three-letter-agencies a private person is probably entirely helpless. A targeted attack by an ambitious hacker might be possible to withstand. But for Joe Average I think the grand fishing expeditions are the most realistic threat, and against those there are some helpful protections available, I guess.
General
* Use different services fro different sources (maybe DNS not from your internet-provider, maybe get a list of servers and shuffle once in a while).
* Encrypt your home- and var-folder. Leave the system-partition, it usually doesn't contain anything sensitive.
* There are filter lists available to filter dangerous domains, can be used with squid
* Consider using virtual machines for different purposes
Mail
* Don't send everything (anything) via Facebook/Whatsapp/Gmail, especially if you can afford have your own mail-server instead
* Use different mail addresses for different purposes
* If possible, use encryption
Browser
* Use browser private window, separate session for online banking; maybe even different user-accounts on your computer
* delete the ~/.macromedia folder frequently (that is, if you still want to use flash)
* Use NoScript, AdBlock, BetterPrivacy, Ghostry and Self-Destruct-Cookies
* Virus scanner: If you need one, you are doing something wrong already [xkcd.com]
* Use different search machines, preferably those who at least claim not to profile you (e.g. duckduckgo.com)
* Use Tor for sensitive topics (Not criminal, those you shouldn't do at all)
These are some ways to escape the casual fishing expedition, and maybe even some routine data-gathering by government agencies. It doesn't stand much of a chance against a targeted attack though.
Registered IRC nick on chat.soylentnews.org: qkontinuum