The below ‘article’ is a rant about security – except it was written while really, really intoxicated. It’s not very good. I can’t even clean it up to make it good – but it does have some good bits scattered throughout and I’m just going to publish this as a ‘BONUS ARTICLE‘.
Note: I may someday break this article down into bits and pieces, which is the only way I can think of to make it worth reading. At this point, I just don’t want the time to be wasted, so it might as well get published.
After trying to edit it, again while inebriated, I am not sure I can turn this into an article… I’m a bit inebriated. It’s perfectly legal here. I think I can… It’ll need to be pretty simple.
Let’s talk some basics about security!
You know what I get a kick out of? I get a kick out of seeing the people who move to Linux for “privacy reasons”, only to see them log back in to social media/forums to show that they have now moved to Linux.
They’ll login to accounts where they left plenty of personal information.
I’m not sure who they think they’re hiding from, but it’s not good privacy and they’re hiding from nobody important.
Real privacy is difficult, possibly next to impossible.
Seriously… Even the vaunted Tor is generally only as safe as you are smart, and then only on .onion domains. Once you hit the regular web, you’re probably not safe from a nation-state. Here are some theoretical attacks against Tor.
Realistically? How much privacy do you need or want? As you can guess, it’s a spectrum and and there are extremes on either end. There are also the law of diminishing returns on either end of the spectrum.
By the way, privacy is not security. Privacy is just one aspect of security.
So then, what is security?
Let’s start with the basics. For at least ‘good’ physical security, it should be ‘who you are’, ‘something you have’, and ‘something you know’.
For example, the security guard should check your ID to ensure who you are. The ID is something you have. The something you know is a password, a PIN, or a passphrase. That’s the least amount of security you can physically have to be any good.
Then, there are things you can do to improve it, for example. You can make it a rotating passphrase, make the guards work in pairs, require confirmation from someone proven to be in the building at the time, etc… You can do a layered approach where they may need all three of those things to enter yet another section and incorporate a man-trap between them.
Of course, on the other end of the spectrum is anyone and anything gets in and out. We tend to call those public spaces, when anyone can get in and out. As a general rule, you lose some rights to be in the public spaces – among those rights would be some degree of privacy (which will vary per jurisdiction). That’s pretty damned insecure. As far as security (and privacy goes) that’s the opposite.
So, again, there’s this giant spectrum of security. Where you want to be on that line is up to you. I find it’s a judgement call. We’re even willing to give up some privacy to be recognizable on a forum. Some of that lack of privacy is what keeps the forum secure and running smoothly. We give that privacy up because we get something in exchange.
At the same time, we might not want Google knowing everything we’re up to. We may be some dissident trying to reach a journalist to expose human rights violations and be under legitimate threat of death – or worse than death. We all make judgement calls about how much of our information we’re going to share.
And, really, unless you’re at the extremes, life is pretty good. It’s pretty easy to retain a little bit of privacy while participating in an online community. It’s less easy to do so with a typical Facebook account. where you are in some way connected to a more physical you.
Me? Oh, come on… I’ve long-since eaten the Google kool-aid. The ads here are from Google. I use their Analytics to better optimize the site, and all that – and more. Hell, I use Google Chrome and I’m logged in as the same user that does all those other things. I don’t use Gmail very often, so there’s that. I only use one of their accounts and that’s just to service my phone. But, that too is tied to all things Google.
The thing is, I know this. I know the privacy I give away. I made an informed decision to cede that privacy for those benefits. For me, the risks outweigh the benefits and I have a level of trust for Google.
That’s the right choice – for me. Y’all make your own choices. If you don’t know how to block Analytics (or ads), just go ahead and ask. Just because I use those things doesn’t mean you need to. You’re perfectly free to block anything you want. You’ll still show up and be counted in the raw server logs. I’ll still be able to see what you did on the site. (Don’t worry, I don’t much care – unless you’re harming the site. The site’s security automatically blocks hundreds of requests per day.) But, yeah, I could see your IP address.
Oh, man… Oh no!!! Your IP address?!?
And the things people think about their IP address, as though it’s some great secret. If you really care, use a VPN – but learn what a VPN actually is before buying into the hype. They tout it as some great security (and it actually can be, but not how you’re using it) but it’s not really. Especially if you’re logging into sites like the video site you’re unlocking!
By the way, it’s ‘security’ when you connect to a VPN ’cause a web access point is locked down so that it only takes inputs from one IP address. That’s not how you’re gonna be using your VPN. (Well, you might, if you keep reading these articles.)
No, your IP address isn’t important. There’s no l337 hacker out there that’s just waiting to learn your IP address before he dusts the Cheetos off his shirt and gets to work hacking you. It’s just bots scanning bots at this point and you’re behind a NAT anyhow. Keep your stuff secure, mostly by keeping it off the public internet.
Ah, yes… The MAC address people…
No, you don’t need to change your MAC. The only reason you’d want to do so would be for something local. It’s not hiding you from Google, ’cause it’s only seen at the very first hop in network traffic. Once the packet is beyond that point, it uses its own MAC address. While changing your MAC address is a useful skill (for local “Spoofing” purposes), it’s not gonna make you appear any different to the rest of the web.
Lemme see…
More security stuff to spew out onto the page?
I’ve been known to say, “Security is a process, not an application.” I’m probably not the first to express it similarly, but it doesn’t make it any less true. It is indeed a process. It starts best with a good plan and deciding where on the spectrum you’d like to be. Be sure to compare that with where on the spectrum you need to be to accomplish your computational goals. Somewhere in the middle is probably gonna be the sweet spot for you.
The thing is, you have to know where you can be on the spectrum involved. You have to know what the extremes are. You have to be aware of what techniques are available and what they really do. You need to be aware of what threats there are and what goals you want to accomplish. ‘Cause the only completely secure computer is one that doesn’t work and you might want to be extra sure by burying it in 25 feet of concrete.
Want some privacy? How about blocking third party cookies and scripting. How about you take a look at browser fingerprinting and deciding where you want to be on that spectrum? In pretty much every OS you can block DNS requests by using your hosts file. There are even curated lists that you can download and use.
Alright, I wrote this while impaired. I’ll eventually schedule it or delete it. I’ll probably proofread it, maybe trying to make it salvageable, and the likes.
Meh… After reading this sober, I’m just gonna submit it as a bonus article. It’s not very good. I just barely proofread it and it wasn’t nearly as good as it seemed while drunk!
Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.
Today we'll cover one way to enable or disable your network interface in the Linux…
Today's exercise is a nice and simple exercise where we check your NIC speed in…
Have you ever wanted to easily monitor your wireless connection? Well, now you can learn…
I think I've covered this before with the ls command but this time we'll count…
Today we'll be learning about a basic Linux command that's known as 'uname' and it…
If you've used hardinfo in the past, it may interest you to know that hardinfo…