Image1210.Protect your data and your privacy

The news are crystal clear: is being wire-tapped. It is not to alarm or frighten you, but you have to realize that the "Internet" is not your private living room, and that each picture or text used on the web is potentially recoverable.

10.1.Protect your system

10.1.1.Physical security

This is obvious, but let's say it but once and for all: if you want to protect your data, don't leave your laptop everywhere ! don't leave your computer in self-service at your home !

Your computer hosts your passwords (bank, administration, work …) your documents (administrative forms, pictures, etc.), your browsing history (the sites you visited and when), etc. You may think that these information are seemingly harmless, but they allow - for the best - to define your consumer profile, or - for the worst - to use your computer as a gateway to crack in other persons systems 442

If you want to present your distribution, or simply share tour resources, we strongly suggest you create another user account ( see chap.7.3 ) who will not be able to access your data, nor to mess with your system administration .

443If your computer is always on the road, we suggest you use the direct encryption during the system installation like mentioned in the chapter 5.5.2. By this way, even if your computer is lost or stolen, it will be extremely difficult to extract the data from your hard disk 444.

10.1.2.Updates

The software updates bring new functionalities, fix bugs, and, above all, correct potential security flaws .

This is the big strength of the Libre- Software : the program sources are available , thus when a flaw is uncovered, it is publicized and fixed immediately.

This practice to be opposed to the proprietary systems, whose flaws are being kept secret, and continue to affect the daily life of all their users.

The security updates should not be considered as optional ones: you must install them as soon as possible.

10.1.3.Passwords

Each year, tens of thousands of email accounts, Wi-fi access codes, phone PIN … are easily cracked, because user s picked password s too easy to guess. The top worst password for the year 2013 was " 123456 ", but there are other crazy sequences like " QWERTYUIOP ", " 0000 ", animal names, birthdays …

All these password s, too easy to guess, must be avoided !

And, by the way, putting together two weak passwords, does not create a strong one ! "Independance1783" might be difficult to guess for a human being, but a "computer robot" will decipher it in the blink of an eye.

To increase the robustness of your password , in other words to increase its resistance against deciphering attacks, use as many characters as possible and mix their types (lowercase and uppercase letters, numbers, special characters).

There are simple tolls which allow you to keep and organize your passwords like KeePassX119.

445 ... T he stronger my password is, the more difficult to memorize it. Isn't it ?

You can use a "pass-phrase" . Here we are talking about a long sentence, difficult to uncover, but easy to remember: few words put together produce a meaningless string, but which has a well defined sense for youself.
For example, the sentance "grandma loves French pickles in her soup", can easily becomes a robust
password : "GrandmaLovesFrenchPicklesInHerSoup" … especially if one replaces few vowels by numbers ("i" by "1", "e" by "3" and o by "0") 446 "GrandmaL0v3sFr3nchP1ckl3sInH3rS0up".

10.2.Protect your data

10.2.1.Limit the access rights of others on your data

If you use Debian in "multi-user" mode, the data of the other users are readable by you, and yours too, by necessity. You may want to restrict the access rights to some of your data for the other users. The graphical procedure is easy (no need to open a terminal): right-click on he folder > properties > "Permissions". hereafter an example with the "Documents" folder.

447

Select the "None" option for the "Others" access rights:

448

A window will ask you if you want to apply these modifications to all the files and folders embedded within the concerned folder, and we advise you to accept, in order to protect the full set of data included inside this folder.

10.2.2.Backup your data

You certainly ran into these warning messages talking about backing up your data …
and this is not for nothing ! Please refer to the
chapter 9 and get into the habit of saving your data on an external medium and on a regular basis.

10.3.Antivirus software

Admittedly, the GNU/Linus systems are much less sensitive to virus attacks, but it is possible to find a virus on a GNU/Linux machine.

449For the time being, updates are the only efficient protections against potential viruses, and adding an antivirus software on your system does not improve its security. Viruses embedded within documents originating from proprietary systems do not target the GNU/Linux environments, and as such, are totally harmless for your data.

However, if you want to monitor and control your data, ClamAv 120 is the reference antivirus software . Note that it does not run continuously in the background, and the user should explicitely request a folder scan to verify its contents.

More information on the DebianHelp site121

10.4.Parental control

Yes, one can find everything on Internet: the best and the worst, and often inappropriate images and contents for our children. In order to let them enjoy safely the digital world, you can use different parental control systems.

450 However, keep in mind that YOU are the best parental control !

10.4.1.From your ISP

The Internet Service Providers usually propose different parental control software. This method allows you to control all the devices on your home network, but does not exempt you to activate the parental control on your Web Browser.

More information on the site https://www.internetmatters.org/parental-controls/interactive-guide/

10.4.2.From your computer

The settings of the parental control is reserved to the experienced user s, because the procedure is rather complex … and is not 100% effective. In addition, the list of "prohibited" sites must be updated on a regular basis. The Fox Web Security addon module can be effectively installed in the Firefox navigator extensions 122 in order to filter inappropriate "adult content".

An alternative solution is to use a search engine whis is going to filter the proposed results, like Qwant Junior: https://www.qwantjunior.com/?l=en

10.5.Privacy on Internet

It is difficult to remain completely anonymous on Internet. Unless you are a well equipped experienced user, you will always leave a trail behind you.

The most beautiful fingerprint you leave, on a daily basis, is your IP address. In fact, each device connected to Internet must have an IP address, which allows to know not only your ISP, but also your precise geographical location … A small test ? V isit this page to know your public IP address: http://whatismyipaddress.com/

In addition, even if you are not a great pastry chef, you are giving away a lot of "cookies" to all the sites you are visiting. Cookies are connection witnesses: they keep, for a given site, information like your preferences, your identifier, your password, your chosen language, the content of your digital shopping cart, etc. not only on your computer but also on the servers in the cloud. Thus, when you start a search request on a site, it is very capable to register this information.

Advertising companies come join the party, and automatically create your profile by looking at your browsing history.

Don't be alarmed, Numerous advices and software tools are at your disposal to become easily discreet.

10.5.1.Social networks

Remember that the social networks, in their vast majority, are not there to help you, quite the contrary: they are big advertising agencies which collect everything they find about you. Then, these personal information are resold to advertisers, in order for them to better target your "needs".
Intelligence on the social networks does not stop there: they continue to trace you on plenty of sites by using - for example - the "like" or "G+" buttons.

Furthermore, the latest scandals unveil the fact that personal data can be collected by several governmental intelligence agencies, even if you are not doing anything suspicious.

451 If you cannot resist to the temptation of opening an account on a social network (and I fully understand you: virtual encounters are very cool 452 ), you can test the Diaspora* journey and discover a decentralized network, which is respectful of your private life and data ; Diaspora* is designed on the "node network principle", which means that several connecting poits are available. here is one to start with: https://www.joindiaspora.com/

As far as the other "less social" networks are concerned, find hereafter few simple advices:

10.6.Private navigation within your browser

If you want to surf the Web without leaving traces on your computer , the latest versions of the Internet navigators include a " private browsing " feature. This mode functions very simply: once launched, the navigator does not keep the history of the visited sites, nor the cookies distributed by these sites, nor the password s entered during this "private" session.
However, the visited sites keep track of your IP address: you don't navigate in an "
anonymous " way.

For Firefox, click on the menu (the 3 band top left button) then select the "New Private Window" option.

453
Firefox: private navigation window

Note: it is very possible that some Internet sites do not function well if some cookies are disable. Thus, it is best not to use this mode all the time.

10.7.Private navigation on Internet

Warning: private does not mean anonymous !

First avoid using non-free navigators, whose source codes cannot be analyzed by the first expert that comes along. The non-free navigators (Internet Explorer, Safari, Chrome …) can potentially spy on your navigation without your knowledge.

The two main free navigators you can trust are Firefox and Chromium (sharing the base code of Chrome, without transferring information to Google, except when you use the Google tools …)

The private navigation allows the removal of all navigation traces on your computer and can add few more protections against the tracking. It cannot guarantee your anonymity when facing some advanced tracking technology like the fingerprinting 123 .

10.7.1.Search engines

Stop doing like everyone else, even if supposedly "you have nothing to hide".

10.8.Anonymous navigation on Internet

If you want to become anonymous and mask completely your IP address, the best idea is to use TOR 127 . To achieve this, we are going to desciobe two methods: installation of the Tor -Browser or the usage of the Tails anonymous distribution .

454 … What's this Tor stuff ??

TOR stands for T he O nion R outer, and is a software allowing us to become anonymous on the net by communicating with other TOR user s. The principle is to define a random and indirect route on the network, between you and the exit node, which makes impossible the tracking of your IP address.
In addition, the data circulating on the
TOR network are encrypted , which makes even more difficult to identify the flows, although they are spied on 455 .

This functionality must not prevent the common sense … If you connect to an account, whatever it might be, with your usual pseudo and password, you will be quickly identified, even if you use TOR 456.

10.8.1.Tor-Browser, an anonymous navigator

Tor offers its web browser under the form of an independent archive (no need for administrator rights ):

457
TorBrowser: the downloading page

458
TorBrowser: uncompressing the archive

459
TorBrowser: opening the TorBrowser folder

460
TorBrowser: Browser settings

461
TorBrowser: Tor connexion settings

462
TorBrowser: connecting to the Tor network

463
TorBrowser: default interface

Please note that using Tor might slow down your Internet navigation.

10.8.2.Tails: the anonymous distribution

Tails is a GNU/Linux distribution based on Debian. It allows you to be totally anonymous on the net. It is installed on a DVD or a USB key, and like with the other Debian Live (autonomous) images, nothing is saved on your DVD or USB key between two working sessions, and, in addition, you enjoy an anonymous navigation on Internet 464 .

On the main site, you can read …

465

Tails is a live (autonomous) operating system that you can start on almost any computer from a DVD, USB stick, or SD card.
It aims at preserving your privacy and anonymity, and helps you to:

For more information, you can visit the Tails download page128.

466Note that the TOR navigation is often slowed down, and that some site or functionalities will not be reachable, due to their embedded scripts or their "privacy" policies …
Is it the right time to sort out through all your bookmarks ? 467

468
the Pirate Day Wall by Péhä (CC-BY-SA)

 

119 https://www.keepassx.org/

120 http://www.clamav.net/about

121 http://www.debianhelp.co.uk/clamav.htm

122 https://addons.mozilla.org/en-US/firefox/addon/fox-web-security/

123 https://en.wikipedia.org/wiki/Canvas_fingerprinting

124 https://www.startpage.com/eng/#hmb

125 https://duckduckgo.com/

126 https://lite.qwant.com

127 https://www.torproject.org/index.html

128 https://tails.boum.org/install/download/index.en.html