PRIVACY AND SECURITY Vol.1
After series of research on various platforms about security and privacy I realized that most of the roads and methods still lead you to a dead end because believe me there is nothing like a free secured VPN or socks4/5 online that can guarantee your security without somehow leaking some info from your computer directly or indirectly through DNS and Various leaks. So I went through the pain of my studies to see what the gurus of hacking and the dark web has to offer. If u really need your privacy and security then u really need to think like CIA to beat the CIA from going after you like the saying goes “if u want to catch a thief u need to think like a thief” likewise in computing to have your privacy you need to entrust criminals to help you out. Not forgetting that our various smartphones have been the worst snitcher around us
SECURING YOUR ANDROID
Do you know when someone is really interested, they will pinpoint your exact location right this very moment? They can even take your picture before you will gather your sense, they would have read all your messages, stolen your contact and even seen your credit score.
This isn’t fiction. You have in our various pockets a snitcher’s best friend and you take it everywhere, office to bedroom, dining room to lavatory. Its records everything you do and can be made to turn against in a matter of some few seconds. Believe it or not the modern day smartphone is the private citizen’s worst privacy nightmare. Think of what u have there: emails addresses, contacts, appointment, photos and even personal financial information. On top of it the smartphone can truck your location to build a detail profile of your where about and that is enough for anybody to truck arrest you or even steal information from your phone for fraudulent use. There multiple ways your phone can send information about their users which makes smartphones particularly troublesome not only for those who want to remain anonymous, but also the average user. In fact even I you never use the smartphone for calls and various apps for message transfer you still broadcast information just by the mere act of using it.
97% OF TESTED APPS INAPPROPRIATELY ACCESED PRIVATE INFORMATION
In recent study conducted by HP, the company discovered that 97% of tested apps inappropriately accessed private information source within a device and another 87% lacked the means of protecting themselves from common exploit. But the good news is that smartphone allows you to alter many privacy related settings with one tap or two. Let’s look at the various in which u leak private information about yourself via smartphone and how u can minimize such broadcast. We’ll also look at tools that allow you to take charge of your privacy and help you communicate without compromising the actual exchange of information
YOU AE BEING WATCHED
Many task that was exclusively to PCs have now branched out to phones. They can double up as media players, recorders, gaming device, GPS navigation devices and more. To enjoy all these conveniences you need apps. Unfortunately apps are the weakest link between your private data and the world. Many access your personal data to enhance their experience, but you must trust that these apps will use your data in a desirable way. Unfortunately not every app clearly states how they use your data and there is no assurance of your safety. Then there are the free web service like google, twitter, Facebook, and others that provide you with free service in return for information about you. This information is then used to target ads. Some consider this a fair trade but privacy campaigners are becoming increasingly concerned.
A critical component of your android is the permission system. When you install an app, it notifies you of what it will like to gain access to. You can install the app or not. Unfortunately this system puts a lots of responsibility on the user to know whether these access request are appropriate. According to a research report (source: http://bit.ly/1bRbsVr) many apps request excessive permissions. There are many ways of visualizing app permission. Bitdefender’s free clueful app helps you identify what an app is doing. Once installed will scan your apps and categorize them as high risk, moderate risk and low risk. You should uninstall any high risk app as they might be sniffing you password or reading your emails. Then there is Malwarebytes mobile app which includes a privacy manager. It scans apps and divides them into category based on access to calendar and storage. This app come in handy when you wish to view all the apps that can read personal information as you contact list, web history and your location.
Shearing images reveals lots of information thanks to the EXIF data attached
CONTROL PERMISSION
Once you have identified a privacy-intruding app you can remove it. Google recently let slip a privacy functionality in the Android 4.3 that users could unlock with the aps aps luncher tool with a feature that could selectively turn off privacy related permission. With the feature u could install WeChat or whatapp but turn off its ability to truck your location. However google removed the feature in the following update. When asked Google said this feature was experimental and was released by accident. If u have a rooted android device you can still get this feature as a module for the Xposed framework. Users of the rooted framework can use the Xprivicy module for Xposed. With XPrivicy you can controle specific permission for installed app. The best bit is that once you disable a particular feature say, access to contacts, XPrivicy will shield the real data and instead feed a list of bogus contact to any app that request them. In addition to prevent the the app for leaking information you should also minimize the personal data that you put out there even when shearing something as image.
JohnMcAfee, who was evading authorities was ousted in Guatemala thanks to a photo. Shearing images taken from your smartphone reveals lots of information about you thanks to the EXIF data attached to then, so if you take an image with your smartphone make sure the GPS is disabled because it can reveal your location and the time it was taken.
To strip the EXIF information from pictures before shearing you can use the instant EXIF remover app. This app doesn’t have an interface, once installed it will be available as an option in the shear action. When selected the app will intercept any image u wish to shear and delete all the EXIF data before passing then to the email Clint or any other shearing app. Also before uploading files to a cloud service like Dropbox, Google drive and Sky drive it will be better if you encrypt them and this can be done with linux box with EncFS which is available on popular distros like Fedora and Ubuntu. The too required you to create two directories one for that houses your unencrypted content and the other with the encrypted version. The way the tool works is that you interact with the files in the unencrypted folder and they are encrypted on-the-fly in the encrypted folder. To use of EnFS with a cloud shearing service like Dropbox just makes sure you keep the encrypted folder inside the Dropbox folder. This will automatically sync any change to the encrypted folder to Dropbox! After installing EncFS, create the two folders with encfs¬/Dropbox/.encrypted ¬/private. The tool will ask you questions and create the folder. Any files in the private directory will now be synced.
THREE DEGREE OF SEPERATION
You don’t need to be talking to a terror suspect to get the NSA interested in your personal communications, the agency is allowed to travel three hops from its target. So they can monitor the communication of people who talk to people who talk to people who talk to you. This three degree of separation allows NSA to virtually monitor everyone
COMMUNICATING SECURLY
The key to securing your phone any sort of surveillance is end-to-end encryption. There are increasing number of apps that allow you to encrypt your data before it is sent off and decrypted at the recipient’s device. Encryption does not prevent caching of data but rather safe guard it against any kind of snooping by making it unintelligible to anyone without the decryption keys. Begin your lockdown effort by obfuscating your web browsing activities just like any desktop web browsing activities, you can install a variety of ad-ons to your android browser. Some of the privacy-inducing add-ons are phony add-on which can be uses to customize the user agent on the browser and hide the fact that you are using a mobile device. For more comprehensive controle you can use the CleanQuit add-on which removes all information about the previous sessions including browsing and downloading history and site preference.
You can also use Orweb browser which is Tor for android (Tor will be discussed into details in subsequent blogs) which is configured to browse anonymously but unconfirmed information from Canada indicate that lunching of tor is illegal and warrant of arrest if lunched.
To sign and encrypt email messages on your android device you need an Android Privacy Guard (APG) app which is an open source implementation on OpenPGP. You will also need k-9 email app which integrates with APG
You can also encrypt SMS messages with an open source TextSecure app which can encrypt sms stoe locally on the phone. However to send encrypted messages the recipient must also have same app to decrypt the message or else the recipient will receive encrypted sms
SUPRISINGLY MANY PEOPLE STILL USE THEIR SMART PHONES FOR ACTUAL CALLS AND TEXT AS THE MAIN MEANS OF COMUNICATION .
Every year offers a vanning android operating system popularly known as AOSP for download. Many developers take this version and work on it to develop their own custormized version of android. CyanogenMod is one such android distribution and also one of the most popular with millions of of users. One reason for its popularity is that it gives complete control of your device and frees it to any ties to google, your network or phone manufacturer. It’s also worth mentioning that the Cynogen mode tea is quick to patch security holes and fix bugs that were only fixed by google in their next Android release. This third-party firmware also includes Privacy Guard which gives you better control of and their permission, the newest version as at December 2015 includes AppOps feature redacted by google in android 4.3. with the feature u can prevent individual app from accessing your data. The latest version of CynogenMod also integrates the secure SMS app TextSecure in the firmware itself.
PLS DO LEAVVE YOUR COMMENT AND SUGGESTION BEHIND
No comments:
Post a Comment