Safer Internet: Develop a Privacy Strategy

Quotes

Policy / Law

  • terms and conditions"Privacy policies" specify how your information will be used / shared -- no guarantee of protection or enforcement; if you have some time, read/scan -- rather than blindly accept
  • Most companies do not provide details about robustness of their security practices (because they're clueless, embarassed?)
  • Terms & Conditions and Privacy Policies can change without notice, usually not for the benefit of users
  • e.g., Linkedin: User Agreement (T&C), Privacy Policy; also: Ad Choices; Community Guidelines; Cookie Policy; Copyright Policy
  • Government regulations & laws lag the technology;
    if they exist, they often favor corporate donors and surveillance agencies over consumers

Behavior

  • best practicesAccept that some changes are necessary; to get the most out of this class, some homework is required. Advice & tools change over time -- security is akin to game of "whack-a-mole"
  • Invest attention and energy upfront to be proactive before problems occur.
  • Learn good habits, such as backing up regularly, updating software, choosing strong passwords, storing passwords securely, logging out when not using your computer; connecting to known, encrypted WiFi networks, etc.
  • [Refs:Tech]: "How the Experts Protect Themselves Online (compared to Everyone Else)"
  • [Refs:Behavior]: "'Security fatigue': Computer users tired of too many passwords, warnings"
  • [Refs:Behavior]: "The psychological reasons behind risky password practices"
  • Pray? Cyberinsurance?
  • type A BTV / movies often do not accurately portray security threats / practices
  • [Refs:Behavior]: "Hollywood's take on cybersecurity"
  • Before: minimize personal information that you provide / volunteer
  • After: purge info from data brokers
  • [Refs:Tech]: "Privacy Tools: Opting Out from Data Brokers"
  • Avoid installing malware inadvertently, e.g., clicking on links in suspicious emails, panicking & responding to scary popups
  • "Social Engineering" can often defeat many otherwise secure systems -- especially if request comes from harried "boss", desperate "friend", incarcerated "grandchild", irate "customer"
  • PEBKAC[Refs:Behavior]: "Majority of Americans fall for email phishing scams" (quiz)
  • "PICNIC":...
  • the "Pledge": don't do anything stupid! {TCYOP-3: 36-38; TCYOP-2: 33-34; TCYOP-1: 32-34}

Planning

  • risksConsider risks & needs by:
  • location: home, school, work, vacation
  • task: banking, searching, communicating, entertainment
  • device: phone, tablet, computer, etc.
  • type of information: required, optional, sensitive, personal
  • convenience: all mail, calendar, search, payments, passwords with one trusted provider, or different places?
  • companies you use: what is their business model? how "free" are their services? do they track you? e.g., Facebook, Google (advertising) va. Apple (hardware)

Technology

  • plan"Technology is...
  • "1) Everything that's already in the world when you're born is just normal;...
  • "1) When a distinguished but elderly scientist...
  • keep calmMake one-time changes, such as more secure passwords, system & browser settings, privacy options on social networking sites, etc.
  • [Refs:Tech]: "9 Facts About Computer Security That Experts Wish You Knew"
  • Since it would overwhelming to do everything that we'll discuss immediately, be selective and phase in gradually over months.
  • Ongoing: check vendor sites for updates; refer back here to course summaries & reference articles

Summary

References

  • sections: Behavior; Technology
  • summary{TCYOP-3: 29-38; TCYOP-2: 27-34; TCYOP-1: 28-34: Fix the Easy Things; Choosing Better Passwords; About Two-Factor Authentication; Create Privacy Rules for Yourself; Purge Your Info from Data Brokers; Cope with Special Cases; Take the Pledge}; many general articles below
  • Vendor sites for privacy and security information, e.g.,
  • Apple: Security Software Updates; Gatekeeper; FileVault 2; Privacy Controls; Password Generator; iCloud Keychain; Sandboxing; Runtime protections; Antiphishing; Find My Mac
  • Apple: Manage Your Privacy Secure your Devices: passcode; Touch ID, Find My;
    Secure your Apple ID: password, security questions, 2-step verification;
    Stay secure: phishing, passwords, notifications;
    Sharing: iCloud settings, location data, apps, ads, private browsing, children's privacy, diagnostic data
  • Apple: iOS Security iOS10 white paper: System Security; Encryption and Data Protection; App Security; Network Security; Apple Pay; Internet Services; Device Controls; Privacy Controls; Apple Security Bounty; .pdf; 3/2017
  • Apple: Privacy Built-in; Government Information Requests; Privacy Policy
  • AARP: Online Safety Technology Education and Knowledge (TEK) Center
  • Security starts with you (and us) Vanguard: Our online security protocols, Monitoring for fraudulent activity, Security inside Vanguard, When you call us; you: Secure your computer, Protect your mobile devices, Safeguard your identity online, Don't forget your U.S. postal mail
  • paranoid expertTakeControl: Are Your Bits Flipped? trust; excerpt of e-book
  • EFF: Surveillance Self-Defense TOC copied: 12/1/2016
  • Overviews: An Introduction to Threat Modeling; Choosing Your Tools; Creating Strong Passwords; Keeping Your Data Safe; Seven Steps To Digital Security; What Is Encryption? Why Metadata Matters
  • Animated Overviews: How Strong Encryption Can Help Avoid Online Surveillance; How to Make a Super-Secure Password Using Dice; Protecting Your Device From Hackers; Using Password Managers to Stay Safe Online
  • Tutorials: How to: Avoid Phishing Attacks; Circumvent Online Censorship; Delete your Data Securely on Linux, Mac OS X, Windows; Enable Two-factor Authentication; Encrypt Your iPhone, Your Windows Device; Install and Use ChatSecure; Use KeePassX; Use OTR for Mac, Windows, Linux; Use PGP for Linux, Mac OS X, Windows; Use Signal for Android, iOS; Use Tor for Windows, Mac OS X; Use WhatsApp on Android; Use WhatsApp on iOS
  • Briefings: An Introduction to Public Key Cryptography and PGP; Attending Protests (Intl., USA); Choosing the VPN That's Right for You; Communicating with Others; How Do I Protect Myself Against Malware? Key Verification; Protecting Yourself on Social Networks; The Problem with Mobile Phones; Things to Consider When Crossing the US Border
  • Playlists: Academic researcher? Activist or protester? Human rights defender? Journalism student? Journalist on the move? LGBTQ Youth? Mac user? Online security veteran? Want a security starter pack?
  • camerasPasscode: Modern field guide to security and privacy CS Monitor; cybersecurity news and analysis
  • How to Protect Your Information Online How do I know if my personal information has been taken? What if I'm certain my data has been stolen from Equifax? Should I change my passwords? How do I create stronger passwords? Are passwords enough? Won't security questions protect my data? 9/7/2017
  • Consumer Reports will begin assessing cyber security and privacy safeguards when scoring products 3/6/2017
  • Where to Donate to Protect the Internet in 2017 The American Civil Liberties Union; The Electronic Frontier Foundation; Freedom of the Press Foundation; Open Whisper Systems; The Tor Project; 12/25/2016

Behavior

Technology