Security Notes

Computer Security

My recommendations for computer security usually involve using software. However, software is not magic and will not protect you if you make mistakes, so I have included for each the issues that could cause problems for you.

ZuluCrypt

ZuluCrypt allows you to store files in an encrypted container for greater privacy or security. This is the new alternative to VeraCrypt, Truecrypt, Scramdisk, etc.

ZuluCrypt Issues

Thumbnails may still be stored in unencrypted files by your operating system to allow previews of files to be shown by your file browsers.

Programs that are run from inside the container could still infect, spy, wreak havoc, etc. ZuluCrypt isn't intended as a sandbox for running dangerous programs.

Videos that are played inside your container could still contact websites using DRM I think.

7-Zip

I mainly like 7-Zip for its great compression abilities, but it also provides strong encryption via AES. Over the years, bandwidth has not increased at the same rate as CPU speed if I recall correctly, so compression is useful for efficiently sharing files online, and 7-Zip's good encryption ability helps protect your privacy. (Windows zip files tend to offer less compression and the encryption was not secure in the past but might be better now.)

7-Zip Issues

7-Zip will automatically extract to a temporary folder when you open a file from within the archive, so always extract files to a secure location before opening them, i.e. never open files from inside an archive for security. Thus for storing files that you want to view regularly, I would use ZuluCrypt instead, but 7-Zip is perfect for file transfers or long-term storage.

BleachBit

BleachBit allows you to clean files that might waste your disk space, and it deletes tracks that reveal your activities.

BleachBit Issues

You need to run BleatBitch as root to use some of its features. You may also need to run it as you. You need to go to Edit->Preferences and set it to shred files instead of just deleting them if you want to hide your activities from forensics.

CCleaner

CCleaner allows you to clean files that may waste your disk space and deletes tracks that reveal your activites. I used CCleaner years ago when I used Windows.

CCleaner Issues

The registry cleaner feature in CCleaner has ruined my registry, making my computer unable to boot without restoring the registry, so I'd only use that feature with great care.

Tor

I actually used Tor sometimes many years ago before it was taken over by scams.

Tor Issues

It is full of scams, and you can't ever find any interesting onion sites. If you do find a good site, it will be down 90% of the time. No need to use Tor.

KeePass

KeePass, or KeepAss as I like to call it, is a password manager, which allows you to only need to remember one password, and it remembers the rest. One password to rule them all!

KeePass Issues

If you forget your KeePass password or lose the file, you're screwed. Years ago, the built-in password generator didn't quite look random enough to me, so I never really trusted that feature. I used my own password generator or made them up myself.

I2P

I2P is interesting software. I haven't used it lately, but I've been wanting to. It is similar to Tor but may be better in some ways.

I2P Issues

It's experimental.

Computer Repair

In some locations, computer repair technicians may be required to report you to law enforcement if they see suspected child pornography. If you remove hard drives and all removable media, and if the computer has been off for twenty minutes or so, it should be impossible to recover anything. Removing a hard drive is usually not difficult: Many laptops have a panel on the bottom for easy access to such things. With the hard drive removed, physical problems can be repaired, but the operating system cannot be repaired. If you have a problem with your operating system, you should try to recover any files you want to save, e.g. using a bootable USB, and then simply install a new operating system such as Mint Linux, and your old computer will be as good as new.

Encryption

Encryption provides a way to make it nearly impossible for someone else to access files, but you must use a strong password that cannot easily be guessed or discovered by your enemy. As CPUs and computing technologies advance, encryption that is currently strong may become weak, i.e. more easily cracked. I'm no expert in the field, but I expect quantum computing to render current forms of encryption obsolete, and I would not count on normal modern encryption to protect me from an enemy that has quantum computing resources.

In the past, there have been bugs in encryption libraries that made some types of encryption less safe.

Passwords

There are different ideologies concerning how to create a password. Some like to use a random password with uppercase, lowercase, numbers, and symbols. Some prefer to use a memorable phrase, but it needs to be much longer and hard to guess in order to compare with a string of random characters.

(If you use only lowercase letters and spaces, that's 27 characters, so guessing a passphrase 10 characters long could take up to 2710 tries - that's 27 to the 10th power, or 205,891,132,094,649, which is almost 206 trillion. But if you included uppercase, numbers, and 10 other symbols, you'd have 72 characters, so a 10-character password could take up to 7210 tries to guess. That's 3,743,906,242,624,487,400 tries, which is over 3,743,906 trillion. That's (72/27)10 ≈ 18,184 times stronger because of using more characters.)

It is not secure to recycle passwords.

Websites

Website operators or anyone who has access to a website's server could see your activities on the website, regardless of any passwords or encrypted connection. Most web servers keep logs of every HTTP request.

VPN

I've never used any VPN. A VPN simply uses encryption between your computer and the VPN servers to hide the actual destinations of your traffic from your ISP, and it may or may not hide your real IP address from the websites you visit, but now the VPN can see where you're going. And if you engage in illegal activities, a VPN may choose to cooperate with law enforcement just as much as or more than your ISP will. In fact, VPNs located in the U.S. are required to cooperate with U.S. law enforcement. I would simply use Tor for free if I wanted to hide my traffic instead of paying for a VPN just because they claim to support my privacy. I think maybe VPNs are for people who have too much money and want to get rid of a few dollars.

If you just want to keep your ISP from seeing what you're doing on the sites that you do visit, use HTTPS. If you just want to make it a bit harder for your ISP to see or control which sites you visit, use FreeDNS.

HTTPS

Using HTTPS:// instead of http:// websites ensures encryption is used. For many static websites, HTTPS shouldn't be necessary, and it creates problems and hurdles for people like myself running their own server. But for websites where security is most important, where you're entering your credit card numbers or personal information, you might want to make sure SSL encryption is used where possible.

IP Address

Your IP address doesn't tell much about you, just your general location, i.e. city, and maybe your ISP. But when your IP address doesn't change, it could allow your identity to be guessed based on previous activities elsewhere from the same IP address. For example, if I reveal my name on a website that publicly displays my IP address, then anyone who searches for my IP address could discover my name. Going to your router settings and renewing your connection could change your IP address. Your IP address may also change sometimes when your router restarts after a power outage. Or if you run your own servers as I did, those will be associated with the IP address, and anyone who knows your IP address could find out about the servers.

Knowing your IP address makes it possible for hackers to try to target your router or your personal computer. I'm no expert in hacking ,but they could most likely perform a denial of service by slowing down your connection or restarting your router, but they could potentially find a weakness that allows them to do more harm. Of course, hackers can guess random IP addresses, but if you're controversial like I am, you're probably more of a target. But if my router or PC is so insecure that some ignorant bigots can hack me, then maybe I deserve to be hacked, though I would still hunt them down.

Delete

When you delete a file, it isn't really deleted. The references are removed from the filesystem table, but the file is still there and can be recovered by some "undelete" progras as well as forensics. The "deleted" file may be fully or partially overwritten in the near future by another file as that disk space gets reused, or it may remain there for years. To ensure secure deletion, you must overwrite the file, also called shredding or wiping or scrubbing or whatever, instead of simply deleting it. Overwriting once should be sufficient for most, but sophisticated forensics could recover a file overwritten too few times because the magnetic heads can never take the exact same path over the disk twice. Overwriting several times with random bits should be sufficient for all but the most worn out old hard drives.

Phones

I don't count on phones to be secure because I believe they have spyware and backdoors built in. I use a cheap flip-phone when I need to call or text someone, but otherwise I don't use a phone much, so I'm not an expert in the arena of phone security. I take the battery out or put the phone in another room when I want privacy.

Cameras

I'm the guy who keeps a piece of tape on the camera on his phone and laptop, though you would be bored to death if you spied on me.

The Nuclear Option

If you want to eliminate everything on a hard drive for free, I'd use DBAN to shred the entire disk 3 times. Then you can install a fresh new operating system such as Mint Linux if the computer meets the fairly modest system requirements. Then the computer will be clean and like new, and you can use better security practices to avoid having to do that again. Or you can give that computer away and get a new one.

Your Safety Matters to Me.

©2019 Ron Spain