Recent revelations brought forward by Mr. Snowden the NSA leaker have once again reminded us as to the fact that the Internet is not a private place and in fact anything transmitted or stored on the internet is insecure. We as individuals need to become more aware of data security and of steps that we can take to increase the security of our data. Though there is much individuals can do to increase their data security there are some ground rules that everyone needs to be aware of going forward. Later on we will take a better look at these ground rules and what you can do to minimize their effect on your privicy.
Your ISP (Internet Service Provider) has a log of where you go online.
Email is not a secure form of communication.
You are being tracked often by several different entities as you surf the web.
Closed source applications can never be considered secure.
Technologies that are considered secure now may not be secure in the future.
Your connection to the internet is provided by an ISP be it Comcast, AT&T or someone else. All ISps are required to save a history of where their customers go on the web. These histories can be accessed by law enforcement or other government entities by obtaining a subpoena. Technologies like VPNs (Virtual Private Networks) and TOR (The Onion Router) can lessen the useful or incriminating data available to your ISP, however there are additional security concerns with using methods that obfuscate your cations from your ISP. Both VPN and TOR use encryption to protect your data in transit and both use Internet bandwidth and infrastructure to form a network within the internet that carries encrypted data to an exit point where it rejoins the public Internet and returns back to you through the VPN ot TOR network. Both TOR and VPN provide encryption from your terminal to the VPN server or to the TOR endpoint. Your data then negotiates the internet normally from that point to the destination and from the destination back to the VPN server or a TOR endpoint where the data is again encrypted and sent back to you. Both TOR and VPN encrypt your data and obscure your local IP address from the internet.
Email is not a secure form of communications, in fact email is not encrypted and is sent and stored in plain text. Though some mail service providers do offer securer email the security ends when the email exit’s their system. A email sent through a secure server at Google will be relayed to Yahoo in plain text because it is a form of communication both services can support. Now time for my pet peeve the text blocks everyone attaches to their email stating that this is personal and private information. If this is the case and the user attaching this statement of guilt to their email in effect says “I do not understand email or data security so I am sending this data in an insecure way and I am telling you I have compromised your data”. Because email is insecure never send sensitive data through email.
So your ISP logs and stores everywhere you go online and your email can be read by anyone with the skills or desire to read your email, wht else? Hey dude don’t look now but someone is following you. Several different entities track you in your journeys across the web. A majority of the tracking is done by advertising networks to help serve you relative ads. Though there are several ways to track you across the internet the favorite of the ad networks is the third party cookie. Cookies are files set on your computer by a website, the cookie contains data that identifies you to the website and also saves information about what you are doing on the site. Cookies are broken into two basic types first party cookies or cookies set by the website you are visiting and third party cookies or cookies set by a site when you visit anouther site say you visit WEBEDOGS.COM and an add network sets a cookie. As you surf this cookie records where you have been and when you hit another site affiliated with the ad network they can get your surfing history and use the information to target ads to you based on where you are surfing. There are other technologies that can be used to track you across the Internet, but cookies are the most widely used.
Now it is time to stretch your mind. For a vast majority of people a number in the 90%+ bracket you have no guarantee of security regardless of what actions you take. Yes it is quite possible and we would all hope that it is not the case, but closed source software offers no means of verifying any security measures or vulnerabilities that are included in the software. Closed source software is a software development model where the source code or the actual programing used to make the application, program or operating system is considered a trade secret and is nt made public. Where as open source software is a model where the source code is made readily available to anyone wanting to see it. Though the uninformed person may feel that the closed source model is more secure because the code is not readily available this in fact is not true. Security through obfuscation is not security. With closed source code it is often the case that the bad guys have the code and many of the good guys do not because well they are good guys and play by the rules. So if you and others can not verify that the program is secure because you can not see the code and the bad guys can. Microsoft and Apple both use the closed source model, though I do not believe that they are not using bad security practices in their software it is impossible you verify that their product are secure. Open source software publishes the source code and others can review the work done on an application. Having multiple eyes on the code lessens the chance that there are mistakes that could put user’s data at risk. Where obfuscation is not a security feature having public code is.
Here today gone at some time in the future. So you are using Pre Internet Encryption and following all the best practices you are good right? Well for today. As technology changes security measures that were considered safe are being compromised. Encryption schemes that were considered secure are now crackable and as computers get bigger and faster this trend will continue. To insure you are safe you should reevaluate your security practices and procedures twice a year.