Has Your Email/Phone (Personal Information) Been Involved In A Data Breach?

Today’s article isn’t all that Linux specific, but pertains to your personal information and whether or not it has been leaked or hacked. This is good information to know. While there’s not much that you can do after the fact, there are steps you can take when the inevitable happens and those steps will vary depending on the severity of the hack and how much information the bad folks got away with.

Basically, when you visit sites you leave at least some information behind. Depending on the site, you may leave more information behind than other sites. For instance, you may leave behind your email address when you signed up for their newsletter. This is relatively benign (insert plug for the Linux-Tips newsletter), but more concerning when you add more information to it – such as your password, phone number, username, answers to security questions, etc…

Sometimes, those sites aren’t all that well defended and people manage to find exploits that give them access to this data. These are known as data breaches. Your data is then, more often than not, put up somewhere online for sale or even for free. The usual goal is to sell this data, as profit is the ultimate motive these days.

There’s quite a bit that bad actors can do with this hacked and leaked data. This is especially true if you do things like re-use passwords. By the way, that’s something you should never do. Don’t use a password or a ‘password system’. Generate random passwords for every use. 

Enter “have i been pwned?”

This have i been pwned? site has been around for a long time. You can visit the site by clicking the following:

have i been pwned?

Go there and enter your email address or phone number. It will then let you know if your data has been exposed in a data breach. The site’s name is a play on the word ‘pwned’ – which means similar to ‘owned’ or, in this case, your personal information been exposed by way of a data breach.

If your personal information has been included in a data breach that was made public, it’ll be listed in the results. For example, I have one email address that was involved in a very dark time for Linux Mint. See this:

my data has been breached
My personal information was compromised in this attack. Also, yes that happened. It’s very much real.

You can be reasonably comfortable putting your email into that site. They have a long, long history of good behavior and, at the end of the day, you’d just lose your email address. So, feel free to drop your email addresses into the site.

NOTE: I take your personal information seriously. If I ask for it, I secure it. I only ask for as much information as required for the role. Signing up for the newsletter doesn’t even ask for a username! Passwords are salted and hashed (not saved in plain text). There’s a layered approach to prevent compromise, including things like requiring 2FA for administrative roles.

Again, “have i been pwned?” has no motivation to do anything with your email address and their reputation is pretty solid. You can drop your email address into the search box safely.

They Lost Your Personal Information: 

So, what can you do if you found out that your personal information has been compromised? There’s not a whole lot, actually. Once the data is out there, it’s out there. You can’t do anything to take it back.

What you can do is stop doing business with these people. You can change your passwords for the compromised sites. You can also check other accounts for signs of compromise. Depending on the data that was lost, you can lock your credit or use a credit monitoring service.

When (not ‘if’) you find your email and personal information in these lists, it can be a little jarring. It’s not entirely unlike finding out that your house has been broken into. But, you can relax. It’s not the end of the world or anything of that nature.

In many cases, passwords aren’t stored in plain text. They’re hashed and salted before they’re stored. The password you typed in is just checked against the hashed values and, so long as you match, you’re let into your account. That’s a great thing, a great start even, but rainbow table attacks still exist to attack hashed passwords.

If there are extra security steps you can take, take them! If you can enable 2FA (2 Factor Authentication), they by all means do so. A login that requires a second factor, such as a code sent to email or to text message, is much more secure. This is more useful before a hack occurs, of course.

When you give out your personal information, ask yourself if you truly need to give the information and if you trust the company with that information. Different companies may have different trust levels for you. I trust this site with all my information, ’cause I own it. I trust sneakydownload.site enough to have my email address and nothing more. There’s a pretty broad spectrum of trust and a very personal choice to make.

Closure:

This article could easily run thousands of words, as security, privacy, and personal information are broad subjects. Be careful who you trust and be sure to check in once in a while to see if your personal information has been compromised. On Linux-Tips.us, I just avoid collecting data. I find it easier to protect your data if I don’t actually have it. However, even this small site is under attack constantly:

Linux Tips attacks
That’s a week’s worth of attacks. That’s just for a small site.

The two spam comment selections are from people/bots who made it through the first levels of defense. Even the rest of the numbers are people who made it through the basic security checks, now that I think about it in this light. Point being that a site is constantly under attack and your personal information is a commodity, so protect it well.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

 

Smash a button!
[Total: 7 Average: 4.9]

How To: Clear The Terminal Screen

Today, we’re going to learn to clear the terminal screen. This is generally done for privacy’s sake. You don’t want people to be able to scroll up and see what you’ve been reading in the terminal. This probably isn’t as important if you’re the only user and you’re in  your house, but you may still like to keep things clean and tidy.

We’ll go ahead and cover two ways to clear the terminal in this article. They’re both rather easy commands and you’ll find this article is definitely not all that complicated, or even very long. This is pretty much one of the first things folks should have learned when they started using the terminal. We might as well cover it here.

Rather than make this long-winded, we’ll just make this into a short and easy article to read. Let’s all learn how to…

Clear The Terminal:

To be clear, this just erases the text in the terminal. It clears the scrollback content so that folks can’t scroll up and see the previous terminal contents. Again, it’s a good idea to do if you’re in a multi-user environment where people may have access to your screen and you don’t want them to know what has been written to the terminal.

Obviously, you need a terminal for this article. Just press CTRL + ALT + T and your default terminal should open.

I suppose we’ll need some content, so let’s try using this command:

That should fill your terminal up.

Now, to clear it you can use either of the two following commands:

Or you can also use:

(Though reset may leave a little text at the top, it still removes the terminal’s scrollback history.)

Both of those will do the job, with ‘clear’ being the obvious winner = but it’s nice to have options. They’ll clear the scrollback in the terminal, preventing folks from scrolling up to read what has previously been written there. Of course, they could potentially still press the arrow up button and see what commands you’ve written, so you can try to prevent that as well.

Closure:

See? I told you that it’d be a quick and easy article. It’s not all that taxing to learn how to clear your terminal and that’s all that this article is meant to cover. Both of the two commands have a man page, but they’re not very useful commands for anything else but clearing the terminal. Have an easy day, a day where you can (maybe) say you learned something and not have to read a long article. After all, it was a quick and easy day for me!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 6 Average: 4.8]

Review: It Appears That uMatrix Is Back Under Development

This article is a bit of a review of some software called ‘uMatrix’. If you’ve never heard of it, it’s an impressive piece of software – especially considering it’s a browser extension.

I was nosing around some old projects in my GitHub when I decided to look upstream. Lo and behold, Ray Hill (gorhill of uBlock Origin fame) has picked up developing uMatrix again. (Install through your browser’s extension manager. Links below.)

What is uMatrix? GitHub page here.

Well, do you remember old school firewalls where you could not just block things by application, you could be even more refined – like narrowing it down to which port, ingress or egress, and even which domains that application could connect with?

Imagine something similar to that, except it’s for your browser. For each page, you can elect to block images, CSS, cookies, scripts. Then, you can decide which scripts and which CSS to allow through. You can elect which third party assets load, from cookies to images – and you can do so on a domain name basis.

There’s a learning curve. It’s a pretty big learning curve for a browser extension. Plan on a couple of hours to really get used to it – and to get your favorite sites configured. You need only configure them once and then you can backup the settings so that you can use it on multiple devices or put it aside for safekeeping. 

It WILL break sites. You WILL get frustrated.

More About uMatrix:

If I took privacy serious and were more security focused, I would not use the internet without uMatrix. As it stands, I have an older version (now updated) configured in one browser for when I want to visit stuff I absolutely don’t trust. If you take privacy serious (and cross-domain scripting, third party cookies are a huge no-no, but so shouldn’t images and CSS files) then you really, really should take a look at this extension.

Take a look at this:

uMatrix in Opera.
Look a little daunting? You can figure it out. I have faith in you!

In each of those columns, you can click to block it everywhere or to allow it on this one specific domain. As you can see, there’s everything from cookies to CSS, from media to scripts. The refinement you can achieve is amazing. It will take some work and time for you to ‘get good’ with uMatrix.

Now, you basically want it to operate in the default configuration you have it in right after installing, only allowing CSS and images from the domain you’re visiting.

When a site refuses to work properly, you can start by allowing scripts on an individual basis – on the per-site basis you see from the domains listed on the left. You can click on two areas in each column to give fine-grained permissions. After a while, you can get pretty quick at deducing why it doesn’t work. It’s usually a script from another site that needs to be enabled.

You’ll also learn how much cruft the web has, browsing much faster and having fewer scripts chew up your CPU and RAM. If you have a low-end computer, this is also a must-have.

At one point, Hill had stopped working on the project and shuttered it. I’m not sure when he started working on it again. I’m glad they did because it’s the best privacy and security browser extension I’ve ever seen in my life. Now that he’s working on it again, I feel comfortable recommending it.

uMatrix Review:

Really, I wrote this to share my joy. If I had to review it, and I guess I have to, I’d give it a solid 9.5 out of 10. I’ve deducted a half point because there’s no effort to make it all that intuitive to new people and this makes the learning curve harder. It’s hard to explain, but once you see what it does you will understand it better.

Not even I can make it all that intuitive until you actually test it out and start browsing the web with it. If you get frustrated, settle down and relax. You can make it work. It will take some time to get used to the new paradigm. You can browse much faster (more so than from just blocking ads) when you’re not loading a bunch of 3rd party cruft.

You might as well know where to get it. It’s available for the two major browsers, plus in Opera’s own little extension store. These extensions work fine on same-family browsers, like Pale Moon or Google Chromium.

You can pick it up for Opera here.

Of course, you can pick it up for Firefox here.

And you can pick it up for Google Chrome here.

Give it a shot. Commit to browsing with it for a full day and see for yourself what the web is like when  you’re not loading tracking cookies, scripts, ad images loaded from other domain names, and so much more.

By the way…

I worried more about these things years ago, back when I was a Windows user and for the times when broadband wasn’t a realistic option. I was more concerned with my security and letting scripts load in the browser, so I’d use uMatrix. It had the added benefit of doing a great deal to protect my privacy by making it extremely difficult to track my movements across the web. These days, browsers are much more secure and run in their own containers and I care less about privacy.

Even just blocking remote scripts, media, and images will speed up your browsing noticeably. By the time you have it configured for the sites you visit, you’ll have a pretty secure and private browsing experience. You should also consider making it work in incognito mode if you make regular use of private browsing.

Closure:

There you have it, another article. This one is a review of uMatrix, one of my favorite browser extensions even though I don’t actually bother with it for most of my browsing. I used to browse with it exclusively, but I’ve given up caring. If you care, and many of my readers do, then I highly recommend trying it for a full day. Commit to a full day and then leave a comment telling us of your experiences.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 5 Average: 4.2]

How To: Sanitize Exif Data From Your Digital Images For Privacy Sake

When you take a digital picture, the resulting file contains potentially personal information. It is known as ‘Exif‘ and it contains sensitive information. This article will explain how to sanitize Exif data to avoid leaking your personal information.

If this article looks familiar, I’ve previously authored an article on this subject. It’s at the old site, which will be redirected here. I might as well write it anew, using the current style.


UPDATE: I received an email one Morgan Kinney, inviting me to review and include a link to a study they (authored by one Paul Bishoff) had done regarding Exif data and the privacy implications. If this article wasn’t clear enough about the privacy aspect of sanitizing Exif data, then please consider reading the following link:

EXIF metadata privacy: A picture is worth a thousand data points

I’d not normally do this, but their work is well done and is a worthy addition to your understanding of Exif data and the privacy risks associated with Exif data. See the “Closure:” section for more updated information.


Moving on…

Exif is the additional information included in the file your digital camera makes, among other things. It can be as benign as color correction data to orientation settings. In some cases, it can also contain such privacy-wrecking gems as when and where (the GPS coordinates) and when  the picture was taken. It is defined as thus:

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras.

The Exif data can even contain information about the camera’s brand and, as you can see, isn’t limited to just a fancy digital camera. Your other devices, from smartphone to scanner, add this extra data to the file. Anyone who is aware of this can easily look for this data. Exif data has even been used as evidence by the judicial system.

Obviously, there are huge privacy implications with this. You can probably minimize some of the data that’s created by changing your phone/camera’s settings. That does nothing for existing files, and nothing for when your device has no such configuration options.

Let’s See This Exif Data

There are any number of ways to examine the Exif data. For example, this is some of that data and it is being drawn from a program called XNViewMP.

Exif data
Exif data sample. There’s not a whole lot of data with this one.

That one tells you how old the picture is, and not a whole lot more. But, it also now contains the information about the last time it was accessed. That could be of interest, perhaps giving away things like the age of the photo’s subject.

This next picture is the Exif data from one of my cellphone pictures. I have the GPS data turned off, so that wasn’t included. You’ll see a ton of additional information.

More detailed Exif data.
See? Now you can tell I don’t bother updating my phone often.

As you can see, there’s even more data in that file. There may well be even more data in your pictures. It tells you what camera I was using (a cell phone, and an old one at that) and that I took the picture at 14:30, in a well lit room. It even tells you the software version, which may be exploitable to an attacker.

Don’t worry too much about this. It’s a solved problem. You can sanitize Exif data and maintain a bit more privacy. It’s actually remarkably easy.

Many image hosting sites will automatically strip the Exif data when you upload your image.

Let’s Sanitize Exif Data

The tool we’re going to use for this is ‘exiftool‘ and it’s pretty simple. It’s quite likely already in your default repositories, or at least the repositories you can add trivially. In Debian/Ubuntu/Mint/similar, you can install it with:

You’ll need to adjust the command for your distro, of course. Once you have it installed, you can navigate to the directory where you store your images and run something like this to sanitize png files:

Or, if you’re trying to sanitize .jpg images, you’d run this command:

Depending on the number of files in the directory, it could take a little while to run. It’s pretty speedy and it does give you confirmation when it’s done. I’ve used it on large numbers of images at once and it took care of them all in less than a minute. I probably should have paid more attention, that way I’d have some actual numbers for you.

NOTE: The exiftool can actually strip data from other files, including files like PDFs and other such types of documents. A complete list can be found here. Yes, those documents contain data beyond that of the text contained in them. They may contain such data as the computer name, username, and dates and times of file creation and editing.

Personally, I combine both the .png and .jpg commands into one command and I run that command with an alias. We haven’t covered aliasing yet, so I’ll just go ahead and show you what I use.

That, if added to .bash_aliases, would let you use ‘picclean’ to sanitize an entire directory’s worth of png and jpg files. It comes in pretty handy if you’re sharing a bunch of files and want to make sure they’re all clean before you send ’em.

Closure:

Well, there you have it. Hopefully you’ll now know a little bit more about how to sanitize your image files, removing the private data from them as much as you can. If you don’t generate the data in the first place, you don’t have to delete it. So, disable embedding GPS coordinates in your phone (or some fancy cameras) and don’t take pictures of yourself while doing illegal activities.

UPDATE: As mentioned, I’d not normally do this – but there are exceptions. I don’t mind linking to other sites if the content is worth the attention of my readers. If you have your own content and would like to have it referenced here, don’t be afraid to contact me. Just be aware that I decline about 60% of these sort of requests. While I do love guest additions and guest articles, no I won’t be including articles about mortgage rates and the benefits of CBD oil. My readers aren’t interested in articles like that. So, your content needs to be both good and topical.

Thanks, as always, for reading. I always look forward to the feedback, here and on other sites. Don’t forget that you can unblock ads, sign up for the newsletter, donate, or contribute by writing an article or two. Don’t forget to share this site with your friends. Share the love!

UPDATED: (Updated on 01/23/2022)

Smash a button!
[Total: 2 Average: 5]
Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Zoom to top!